diff --git a/resourceSchema/schema_aws.json b/resourceSchema/schema_aws.json index 2002c74..ab3860a 100644 --- a/resourceSchema/schema_aws.json +++ b/resourceSchema/schema_aws.json @@ -1156,6 +1156,10 @@ }, "aws:alb/ListenerMutualAuthentication:ListenerMutualAuthentication": { "properties": { + "advertiseTrustStoreCaNames": { + "type": "string", + "description": "Valid values are `off` and `on`.\n" + }, "ignoreClientCertificateExpiry": { "type": "boolean", "description": "Whether client certificate expiry is ignored. Default is `false`.\n" @@ -1172,7 +1176,15 @@ "type": "object", "required": [ "mode" - ] + ], + "language": { + "nodejs": { + "requiredOutputs": [ + "advertiseTrustStoreCaNames", + "mode" + ] + } + } }, "aws:alb/ListenerRuleAction:ListenerRuleAction": { "properties": { @@ -2510,11 +2522,11 @@ }, "customCertificateArn": { "type": "string", - "description": "The Amazon resource name (ARN) for the custom certificate.\n" + "description": "The Amazon resource name (ARN) for the custom certificate.\nRequired when `type` is `CUSTOM`.\n" }, "type": { "type": "string", - "description": "The certificate type. Valid values are `AMPLIFY_MANAGED` and `CUSTOM`.\n" + "description": "The certificate type.\nValid values are `AMPLIFY_MANAGED` and `CUSTOM`.\n" } }, "type": "object", @@ -15141,7 +15153,7 @@ "properties": { "action": { "type": "string", - "description": "Action that is enabled or disabled.\nValid values are `CLIPBOARD_COPY_FROM_LOCAL_DEVICE`, `CLIPBOARD_COPY_TO_LOCAL_DEVICE`, `FILE_UPLOAD`, `FILE_DOWNLOAD`, `PRINTING_TO_LOCAL_DEVICE`, `DOMAIN_PASSWORD_SIGNIN`, or `DOMAIN_SMART_CARD_SIGNIN`.\n" + "description": "Action that is enabled or disabled.\nValid values are `AUTO_TIME_ZONE_REDIRECTION`, `CLIPBOARD_COPY_FROM_LOCAL_DEVICE`, `CLIPBOARD_COPY_TO_LOCAL_DEVICE`, `DOMAIN_PASSWORD_SIGNIN`, `DOMAIN_SMART_CARD_SIGNIN`, `FILE_UPLOAD`, `FILE_DOWNLOAD`, or `PRINTING_TO_LOCAL_DEVICE`.\n" }, "permission": { "type": "string", @@ -16339,6 +16351,15 @@ } } }, + "aws:autoscaling/GroupAvailabilityZoneDistribution:GroupAvailabilityZoneDistribution": { + "properties": { + "capacityDistributionStrategy": { + "type": "string", + "description": "The strategy to use for distributing capacity across the Availability Zones. Valid values are `balanced-only` and `balanced-best-effort`. Default is `balanced-best-effort`.\n" + } + }, + "type": "object" + }, "aws:autoscaling/GroupInitialLifecycleHook:GroupInitialLifecycleHook": { "properties": { "defaultResult": { @@ -26247,6 +26268,10 @@ "s3OriginConfig": { "$ref": "#/types/aws:cloudfront/DistributionOriginS3OriginConfig:DistributionOriginS3OriginConfig", "description": "CloudFront S3 origin configuration information. If a custom origin is required, use `custom_origin_config` instead.\n" + }, + "vpcOriginConfig": { + "$ref": "#/types/aws:cloudfront/DistributionOriginVpcOriginConfig:DistributionOriginVpcOriginConfig", + "description": "The VPC origin configuration.\n" } }, "type": "object", @@ -26281,16 +26306,14 @@ "description": "HTTPS port the custom origin listens on.\n" }, "originKeepaliveTimeout": { - "type": "integer", - "description": "The Custom KeepAlive timeout, in seconds. By default, AWS enforces an upper limit of `60`. But you can request an [increase](http://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/RequestAndResponseBehaviorCustomOrigin.html#request-custom-request-timeout). Defaults to `5`.\n" + "type": "integer" }, "originProtocolPolicy": { "type": "string", "description": "Origin protocol policy to apply to your origin. One of `http-only`, `https-only`, or `match-viewer`.\n" }, "originReadTimeout": { - "type": "integer", - "description": "The Custom Read timeout, in seconds. By default, AWS enforces an upper limit of `60`. But you can request an [increase](http://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/RequestAndResponseBehaviorCustomOrigin.html#request-custom-request-timeout). Defaults to `30`.\n" + "type": "integer" }, "originSslProtocols": { "type": "array", @@ -26386,6 +26409,24 @@ "originAccessIdentity" ] }, + "aws:cloudfront/DistributionOriginVpcOriginConfig:DistributionOriginVpcOriginConfig": { + "properties": { + "originKeepaliveTimeout": { + "type": "integer" + }, + "originReadTimeout": { + "type": "integer" + }, + "vpcOriginId": { + "type": "string", + "description": "The VPC origin ID.\n" + } + }, + "type": "object", + "required": [ + "vpcOriginId" + ] + }, "aws:cloudfront/DistributionRestrictions:DistributionRestrictions": { "properties": { "geoRestriction": { @@ -27118,6 +27159,77 @@ "samplingRate" ] }, + "aws:cloudfront/VpcOriginTimeouts:VpcOriginTimeouts": { + "properties": { + "create": { + "type": "string", + "description": "A string that can be [parsed as a duration](https://pkg.go.dev/time#ParseDuration) consisting of numbers and unit suffixes, such as \"30s\" or \"2h45m\". Valid time units are \"s\" (seconds), \"m\" (minutes), \"h\" (hours).\n" + }, + "delete": { + "type": "string", + "description": "A string that can be [parsed as a duration](https://pkg.go.dev/time#ParseDuration) consisting of numbers and unit suffixes, such as \"30s\" or \"2h45m\". Valid time units are \"s\" (seconds), \"m\" (minutes), \"h\" (hours). Setting a timeout for a Delete operation is only applicable if changes are saved into state before the destroy operation occurs.\n" + }, + "update": { + "type": "string", + "description": "A string that can be [parsed as a duration](https://pkg.go.dev/time#ParseDuration) consisting of numbers and unit suffixes, such as \"30s\" or \"2h45m\". Valid time units are \"s\" (seconds), \"m\" (minutes), \"h\" (hours).\n" + } + }, + "type": "object" + }, + "aws:cloudfront/VpcOriginVpcOriginEndpointConfig:VpcOriginVpcOriginEndpointConfig": { + "properties": { + "arn": { + "type": "string", + "description": "The VPC origin ARN.\n" + }, + "httpPort": { + "type": "integer", + "description": "The HTTP port for the CloudFront VPC origin endpoint configuration.\n" + }, + "httpsPort": { + "type": "integer", + "description": "The HTTPS port for the CloudFront VPC origin endpoint configuration.\n" + }, + "name": { + "type": "string", + "description": "The name of the CloudFront VPC origin endpoint configuration.\n" + }, + "originProtocolPolicy": { + "type": "string", + "description": "The origin protocol policy for the CloudFront VPC origin endpoint configuration.\n" + }, + "originSslProtocols": { + "$ref": "#/types/aws:cloudfront/VpcOriginVpcOriginEndpointConfigOriginSslProtocols:VpcOriginVpcOriginEndpointConfigOriginSslProtocols", + "description": "A complex type that contains information about the SSL/TLS protocols that CloudFront can use when establishing an HTTPS connection with your origin.\n" + } + }, + "type": "object", + "required": [ + "arn", + "httpPort", + "httpsPort", + "name", + "originProtocolPolicy" + ] + }, + "aws:cloudfront/VpcOriginVpcOriginEndpointConfigOriginSslProtocols:VpcOriginVpcOriginEndpointConfigOriginSslProtocols": { + "properties": { + "items": { + "type": "array", + "items": { + "type": "string" + } + }, + "quantity": { + "type": "integer" + } + }, + "type": "object", + "required": [ + "items", + "quantity" + ] + }, "aws:cloudfront/getCachePolicyParametersInCacheKeyAndForwardedToOrigin:getCachePolicyParametersInCacheKeyAndForwardedToOrigin": { "properties": { "cookiesConfigs": { @@ -30433,7 +30545,6 @@ "required": [ "securityGroupIds", "subnetIds", - "tlsCertificate", "vpcId" ] }, @@ -34239,6 +34350,10 @@ "type": "string", "description": "Use this to override the default service endpoint URL\n" }, + "mgn": { + "type": "string", + "description": "Use this to override the default service endpoint URL\n" + }, "mq": { "type": "string", "description": "Use this to override the default service endpoint URL\n" @@ -34611,6 +34726,10 @@ "type": "string", "description": "Use this to override the default service endpoint URL\n" }, + "timestreamquery": { + "type": "string", + "description": "Use this to override the default service endpoint URL\n" + }, "timestreamwrite": { "type": "string", "description": "Use this to override the default service endpoint URL\n" @@ -82511,6 +82630,10 @@ "type": "string", "description": "Use this to override the default service endpoint URL\n" }, + "mgn": { + "type": "string", + "description": "Use this to override the default service endpoint URL\n" + }, "mq": { "type": "string", "description": "Use this to override the default service endpoint URL\n" @@ -82883,6 +83006,10 @@ "type": "string", "description": "Use this to override the default service endpoint URL\n" }, + "timestreamquery": { + "type": "string", + "description": "Use this to override the default service endpoint URL\n" + }, "timestreamwrite": { "type": "string", "description": "Use this to override the default service endpoint URL\n" @@ -93074,6 +93201,10 @@ }, "aws:lb/ListenerMutualAuthentication:ListenerMutualAuthentication": { "properties": { + "advertiseTrustStoreCaNames": { + "type": "string", + "description": "Valid values are `off` and `on`.\n" + }, "ignoreClientCertificateExpiry": { "type": "boolean", "description": "Whether client certificate expiry is ignored. Default is `false`.\n" @@ -93090,7 +93221,15 @@ "type": "object", "required": [ "mode" - ] + ], + "language": { + "nodejs": { + "requiredOutputs": [ + "advertiseTrustStoreCaNames", + "mode" + ] + } + } }, "aws:lb/ListenerRuleAction:ListenerRuleAction": { "properties": { @@ -113778,6 +113917,10 @@ "type": "string", "description": "The key name.\n" }, + "overage": { + "type": "boolean", + "description": "Indicates whether overages are allowed.\n" + }, "unit": { "type": "string", "description": "Entitlement unit.\n" @@ -113792,6 +113935,7 @@ "allowCheckIn", "maxCount", "name", + "overage", "unit", "value" ], @@ -119998,6 +120142,23 @@ } } }, + "aws:memorydb/MultiRegionClusterTimeouts:MultiRegionClusterTimeouts": { + "properties": { + "create": { + "type": "string", + "description": "A string that can be [parsed as a duration](https://pkg.go.dev/time#ParseDuration) consisting of numbers and unit suffixes, such as \"30s\" or \"2h45m\". Valid time units are \"s\" (seconds), \"m\" (minutes), \"h\" (hours).\n" + }, + "delete": { + "type": "string", + "description": "A string that can be [parsed as a duration](https://pkg.go.dev/time#ParseDuration) consisting of numbers and unit suffixes, such as \"30s\" or \"2h45m\". Valid time units are \"s\" (seconds), \"m\" (minutes), \"h\" (hours). Setting a timeout for a Delete operation is only applicable if changes are saved into state before the destroy operation occurs.\n" + }, + "update": { + "type": "string", + "description": "A string that can be [parsed as a duration](https://pkg.go.dev/time#ParseDuration) consisting of numbers and unit suffixes, such as \"30s\" or \"2h45m\". Valid time units are \"s\" (seconds), \"m\" (minutes), \"h\" (hours).\n" + } + }, + "type": "object" + }, "aws:memorydb/ParameterGroupParameter:ParameterGroupParameter": { "properties": { "name": { @@ -124251,6 +124412,23 @@ }, "type": "object" }, + "aws:networkmanager/DxGatewayAttachmentTimeouts:DxGatewayAttachmentTimeouts": { + "properties": { + "create": { + "type": "string", + "description": "A string that can be [parsed as a duration](https://pkg.go.dev/time#ParseDuration) consisting of numbers and unit suffixes, such as \"30s\" or \"2h45m\". Valid time units are \"s\" (seconds), \"m\" (minutes), \"h\" (hours).\n" + }, + "delete": { + "type": "string", + "description": "A string that can be [parsed as a duration](https://pkg.go.dev/time#ParseDuration) consisting of numbers and unit suffixes, such as \"30s\" or \"2h45m\". Valid time units are \"s\" (seconds), \"m\" (minutes), \"h\" (hours). Setting a timeout for a Delete operation is only applicable if changes are saved into state before the destroy operation occurs.\n" + }, + "update": { + "type": "string", + "description": "A string that can be [parsed as a duration](https://pkg.go.dev/time#ParseDuration) consisting of numbers and unit suffixes, such as \"30s\" or \"2h45m\". Valid time units are \"s\" (seconds), \"m\" (minutes), \"h\" (hours).\n" + } + }, + "type": "object" + }, "aws:networkmanager/LinkBandwidth:LinkBandwidth": { "properties": { "downloadSpeed": { @@ -134246,6 +134424,15 @@ } } }, + "aws:rds/ClusterSnapshotCopyTimeouts:ClusterSnapshotCopyTimeouts": { + "properties": { + "create": { + "type": "string", + "description": "A string that can be [parsed as a duration](https://pkg.go.dev/time#ParseDuration) consisting of numbers and unit suffixes, such as \"30s\" or \"2h45m\". Valid time units are \"s\" (seconds), \"m\" (minutes), \"h\" (hours).\n" + } + }, + "type": "object" + }, "aws:rds/EngineMode:EngineMode": { "type": "string", "enum": [ @@ -155973,7 +156160,8 @@ "aws:verifiedaccess/GroupSseConfiguration:GroupSseConfiguration": { "properties": { "customerManagedKeyEnabled": { - "type": "boolean" + "type": "boolean", + "description": "Boolean flag to indicate that the CMK should be used.\n" }, "kmsKeyArn": { "type": "string", @@ -175643,6 +175831,7 @@ "required": [ "appId", "arn", + "certificateSettings", "certificateVerificationDnsRecord", "domainName", "subDomains" @@ -177030,96 +177219,202 @@ "type": "object" } }, - "aws:apigateway/integration:Integration": { - "description": "Provides an HTTP Method Integration for an API Gateway Integration.\n\n## Example Usage\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst myDemoAPI = new aws.apigateway.RestApi(\"MyDemoAPI\", {\n name: \"MyDemoAPI\",\n description: \"This is my API for demonstration purposes\",\n});\nconst myDemoResource = new aws.apigateway.Resource(\"MyDemoResource\", {\n restApi: myDemoAPI.id,\n parentId: myDemoAPI.rootResourceId,\n pathPart: \"mydemoresource\",\n});\nconst myDemoMethod = new aws.apigateway.Method(\"MyDemoMethod\", {\n restApi: myDemoAPI.id,\n resourceId: myDemoResource.id,\n httpMethod: \"GET\",\n authorization: \"NONE\",\n});\nconst myDemoIntegration = new aws.apigateway.Integration(\"MyDemoIntegration\", {\n restApi: myDemoAPI.id,\n resourceId: myDemoResource.id,\n httpMethod: myDemoMethod.httpMethod,\n type: \"MOCK\",\n cacheKeyParameters: [\"method.request.path.param\"],\n cacheNamespace: \"foobar\",\n timeoutMilliseconds: 29000,\n requestParameters: {\n \"integration.request.header.X-Authorization\": \"'static'\",\n },\n requestTemplates: {\n \"application/xml\": `{\n \"body\" : input.json('')\n}\n`,\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nmy_demo_api = aws.apigateway.RestApi(\"MyDemoAPI\",\n name=\"MyDemoAPI\",\n description=\"This is my API for demonstration purposes\")\nmy_demo_resource = aws.apigateway.Resource(\"MyDemoResource\",\n rest_api=my_demo_api.id,\n parent_id=my_demo_api.root_resource_id,\n path_part=\"mydemoresource\")\nmy_demo_method = aws.apigateway.Method(\"MyDemoMethod\",\n rest_api=my_demo_api.id,\n resource_id=my_demo_resource.id,\n http_method=\"GET\",\n authorization=\"NONE\")\nmy_demo_integration = aws.apigateway.Integration(\"MyDemoIntegration\",\n rest_api=my_demo_api.id,\n resource_id=my_demo_resource.id,\n http_method=my_demo_method.http_method,\n type=\"MOCK\",\n cache_key_parameters=[\"method.request.path.param\"],\n cache_namespace=\"foobar\",\n timeout_milliseconds=29000,\n request_parameters={\n \"integration.request.header.X-Authorization\": \"'static'\",\n },\n request_templates={\n \"application/xml\": \"\"\"{\n \"body\" : $input.json('$')\n}\n\"\"\",\n })\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var myDemoAPI = new Aws.ApiGateway.RestApi(\"MyDemoAPI\", new()\n {\n Name = \"MyDemoAPI\",\n Description = \"This is my API for demonstration purposes\",\n });\n\n var myDemoResource = new Aws.ApiGateway.Resource(\"MyDemoResource\", new()\n {\n RestApi = myDemoAPI.Id,\n ParentId = myDemoAPI.RootResourceId,\n PathPart = \"mydemoresource\",\n });\n\n var myDemoMethod = new Aws.ApiGateway.Method(\"MyDemoMethod\", new()\n {\n RestApi = myDemoAPI.Id,\n ResourceId = myDemoResource.Id,\n HttpMethod = \"GET\",\n Authorization = \"NONE\",\n });\n\n var myDemoIntegration = new Aws.ApiGateway.Integration(\"MyDemoIntegration\", new()\n {\n RestApi = myDemoAPI.Id,\n ResourceId = myDemoResource.Id,\n HttpMethod = myDemoMethod.HttpMethod,\n Type = \"MOCK\",\n CacheKeyParameters = new[]\n {\n \"method.request.path.param\",\n },\n CacheNamespace = \"foobar\",\n TimeoutMilliseconds = 29000,\n RequestParameters = \n {\n { \"integration.request.header.X-Authorization\", \"'static'\" },\n },\n RequestTemplates = \n {\n { \"application/xml\", @\"{\n \"\"body\"\" : $input.json('$')\n}\n\" },\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/apigateway\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tmyDemoAPI, err := apigateway.NewRestApi(ctx, \"MyDemoAPI\", \u0026apigateway.RestApiArgs{\n\t\t\tName: pulumi.String(\"MyDemoAPI\"),\n\t\t\tDescription: pulumi.String(\"This is my API for demonstration purposes\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tmyDemoResource, err := apigateway.NewResource(ctx, \"MyDemoResource\", \u0026apigateway.ResourceArgs{\n\t\t\tRestApi: myDemoAPI.ID(),\n\t\t\tParentId: myDemoAPI.RootResourceId,\n\t\t\tPathPart: pulumi.String(\"mydemoresource\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tmyDemoMethod, err := apigateway.NewMethod(ctx, \"MyDemoMethod\", \u0026apigateway.MethodArgs{\n\t\t\tRestApi: myDemoAPI.ID(),\n\t\t\tResourceId: myDemoResource.ID(),\n\t\t\tHttpMethod: pulumi.String(\"GET\"),\n\t\t\tAuthorization: pulumi.String(\"NONE\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = apigateway.NewIntegration(ctx, \"MyDemoIntegration\", \u0026apigateway.IntegrationArgs{\n\t\t\tRestApi: myDemoAPI.ID(),\n\t\t\tResourceId: myDemoResource.ID(),\n\t\t\tHttpMethod: myDemoMethod.HttpMethod,\n\t\t\tType: pulumi.String(\"MOCK\"),\n\t\t\tCacheKeyParameters: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"method.request.path.param\"),\n\t\t\t},\n\t\t\tCacheNamespace: pulumi.String(\"foobar\"),\n\t\t\tTimeoutMilliseconds: pulumi.Int(29000),\n\t\t\tRequestParameters: pulumi.StringMap{\n\t\t\t\t\"integration.request.header.X-Authorization\": pulumi.String(\"'static'\"),\n\t\t\t},\n\t\t\tRequestTemplates: pulumi.StringMap{\n\t\t\t\t\"application/xml\": pulumi.String(\"{\\n \\\"body\\\" : $input.json('$')\\n}\\n\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.aws.apigateway.RestApi;\nimport com.pulumi.aws.apigateway.RestApiArgs;\nimport com.pulumi.aws.apigateway.Resource;\nimport com.pulumi.aws.apigateway.ResourceArgs;\nimport com.pulumi.aws.apigateway.Method;\nimport com.pulumi.aws.apigateway.MethodArgs;\nimport com.pulumi.aws.apigateway.Integration;\nimport com.pulumi.aws.apigateway.IntegrationArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var myDemoAPI = new RestApi(\"myDemoAPI\", RestApiArgs.builder()\n .name(\"MyDemoAPI\")\n .description(\"This is my API for demonstration purposes\")\n .build());\n\n var myDemoResource = new Resource(\"myDemoResource\", ResourceArgs.builder()\n .restApi(myDemoAPI.id())\n .parentId(myDemoAPI.rootResourceId())\n .pathPart(\"mydemoresource\")\n .build());\n\n var myDemoMethod = new Method(\"myDemoMethod\", MethodArgs.builder()\n .restApi(myDemoAPI.id())\n .resourceId(myDemoResource.id())\n .httpMethod(\"GET\")\n .authorization(\"NONE\")\n .build());\n\n var myDemoIntegration = new Integration(\"myDemoIntegration\", IntegrationArgs.builder()\n .restApi(myDemoAPI.id())\n .resourceId(myDemoResource.id())\n .httpMethod(myDemoMethod.httpMethod())\n .type(\"MOCK\")\n .cacheKeyParameters(\"method.request.path.param\")\n .cacheNamespace(\"foobar\")\n .timeoutMilliseconds(29000)\n .requestParameters(Map.of(\"integration.request.header.X-Authorization\", \"'static'\"))\n .requestTemplates(Map.of(\"application/xml\", \"\"\"\n{\n \"body\" : $input.json('$')\n}\n \"\"\"))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n myDemoAPI:\n type: aws:apigateway:RestApi\n name: MyDemoAPI\n properties:\n name: MyDemoAPI\n description: This is my API for demonstration purposes\n myDemoResource:\n type: aws:apigateway:Resource\n name: MyDemoResource\n properties:\n restApi: ${myDemoAPI.id}\n parentId: ${myDemoAPI.rootResourceId}\n pathPart: mydemoresource\n myDemoMethod:\n type: aws:apigateway:Method\n name: MyDemoMethod\n properties:\n restApi: ${myDemoAPI.id}\n resourceId: ${myDemoResource.id}\n httpMethod: GET\n authorization: NONE\n myDemoIntegration:\n type: aws:apigateway:Integration\n name: MyDemoIntegration\n properties:\n restApi: ${myDemoAPI.id}\n resourceId: ${myDemoResource.id}\n httpMethod: ${myDemoMethod.httpMethod}\n type: MOCK\n cacheKeyParameters:\n - method.request.path.param\n cacheNamespace: foobar\n timeoutMilliseconds: 29000\n requestParameters:\n integration.request.header.X-Authorization: '''static'''\n requestTemplates:\n application/xml: |\n {\n \"body\" : $input.json('$')\n }\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Lambda integration\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\nimport * as std from \"@pulumi/std\";\n\nconst config = new pulumi.Config();\nconst myregion = config.requireObject(\"myregion\");\nconst accountId = config.requireObject(\"accountId\");\n// API Gateway\nconst api = new aws.apigateway.RestApi(\"api\", {name: \"myapi\"});\nconst resource = new aws.apigateway.Resource(\"resource\", {\n pathPart: \"resource\",\n parentId: api.rootResourceId,\n restApi: api.id,\n});\nconst method = new aws.apigateway.Method(\"method\", {\n restApi: api.id,\n resourceId: resource.id,\n httpMethod: \"GET\",\n authorization: \"NONE\",\n});\n// IAM\nconst assumeRole = aws.iam.getPolicyDocument({\n statements: [{\n effect: \"Allow\",\n principals: [{\n type: \"Service\",\n identifiers: [\"lambda.amazonaws.com\"],\n }],\n actions: [\"sts:AssumeRole\"],\n }],\n});\nconst role = new aws.iam.Role(\"role\", {\n name: \"myrole\",\n assumeRolePolicy: assumeRole.then(assumeRole =\u003e assumeRole.json),\n});\nconst lambda = new aws.lambda.Function(\"lambda\", {\n code: new pulumi.asset.FileArchive(\"lambda.zip\"),\n name: \"mylambda\",\n role: role.arn,\n handler: \"lambda.lambda_handler\",\n runtime: aws.lambda.Runtime.Python3d12,\n sourceCodeHash: std.filebase64sha256({\n input: \"lambda.zip\",\n }).then(invoke =\u003e invoke.result),\n});\nconst integration = new aws.apigateway.Integration(\"integration\", {\n restApi: api.id,\n resourceId: resource.id,\n httpMethod: method.httpMethod,\n integrationHttpMethod: \"POST\",\n type: \"AWS_PROXY\",\n uri: lambda.invokeArn,\n});\n// Lambda\nconst apigwLambda = new aws.lambda.Permission(\"apigw_lambda\", {\n statementId: \"AllowExecutionFromAPIGateway\",\n action: \"lambda:InvokeFunction\",\n \"function\": lambda.name,\n principal: \"apigateway.amazonaws.com\",\n sourceArn: pulumi.interpolate`arn:aws:execute-api:${myregion}:${accountId}:${api.id}/*/${method.httpMethod}${resource.path}`,\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\nimport pulumi_std as std\n\nconfig = pulumi.Config()\nmyregion = config.require_object(\"myregion\")\naccount_id = config.require_object(\"accountId\")\n# API Gateway\napi = aws.apigateway.RestApi(\"api\", name=\"myapi\")\nresource = aws.apigateway.Resource(\"resource\",\n path_part=\"resource\",\n parent_id=api.root_resource_id,\n rest_api=api.id)\nmethod = aws.apigateway.Method(\"method\",\n rest_api=api.id,\n resource_id=resource.id,\n http_method=\"GET\",\n authorization=\"NONE\")\n# IAM\nassume_role = aws.iam.get_policy_document(statements=[{\n \"effect\": \"Allow\",\n \"principals\": [{\n \"type\": \"Service\",\n \"identifiers\": [\"lambda.amazonaws.com\"],\n }],\n \"actions\": [\"sts:AssumeRole\"],\n}])\nrole = aws.iam.Role(\"role\",\n name=\"myrole\",\n assume_role_policy=assume_role.json)\nlambda_ = aws.lambda_.Function(\"lambda\",\n code=pulumi.FileArchive(\"lambda.zip\"),\n name=\"mylambda\",\n role=role.arn,\n handler=\"lambda.lambda_handler\",\n runtime=aws.lambda_.Runtime.PYTHON3D12,\n source_code_hash=std.filebase64sha256(input=\"lambda.zip\").result)\nintegration = aws.apigateway.Integration(\"integration\",\n rest_api=api.id,\n resource_id=resource.id,\n http_method=method.http_method,\n integration_http_method=\"POST\",\n type=\"AWS_PROXY\",\n uri=lambda_.invoke_arn)\n# Lambda\napigw_lambda = aws.lambda_.Permission(\"apigw_lambda\",\n statement_id=\"AllowExecutionFromAPIGateway\",\n action=\"lambda:InvokeFunction\",\n function=lambda_.name,\n principal=\"apigateway.amazonaws.com\",\n source_arn=pulumi.Output.all(\n id=api.id,\n http_method=method.http_method,\n path=resource.path\n).apply(lambda resolved_outputs: f\"arn:aws:execute-api:{myregion}:{account_id}:{resolved_outputs['id']}/*/{resolved_outputs['http_method']}{resolved_outputs['path']}\")\n)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Aws = Pulumi.Aws;\nusing Std = Pulumi.Std;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var config = new Config();\n var myregion = config.RequireObject\u003cdynamic\u003e(\"myregion\");\n var accountId = config.RequireObject\u003cdynamic\u003e(\"accountId\");\n // API Gateway\n var api = new Aws.ApiGateway.RestApi(\"api\", new()\n {\n Name = \"myapi\",\n });\n\n var resource = new Aws.ApiGateway.Resource(\"resource\", new()\n {\n PathPart = \"resource\",\n ParentId = api.RootResourceId,\n RestApi = api.Id,\n });\n\n var method = new Aws.ApiGateway.Method(\"method\", new()\n {\n RestApi = api.Id,\n ResourceId = resource.Id,\n HttpMethod = \"GET\",\n Authorization = \"NONE\",\n });\n\n // IAM\n var assumeRole = Aws.Iam.GetPolicyDocument.Invoke(new()\n {\n Statements = new[]\n {\n new Aws.Iam.Inputs.GetPolicyDocumentStatementInputArgs\n {\n Effect = \"Allow\",\n Principals = new[]\n {\n new Aws.Iam.Inputs.GetPolicyDocumentStatementPrincipalInputArgs\n {\n Type = \"Service\",\n Identifiers = new[]\n {\n \"lambda.amazonaws.com\",\n },\n },\n },\n Actions = new[]\n {\n \"sts:AssumeRole\",\n },\n },\n },\n });\n\n var role = new Aws.Iam.Role(\"role\", new()\n {\n Name = \"myrole\",\n AssumeRolePolicy = assumeRole.Apply(getPolicyDocumentResult =\u003e getPolicyDocumentResult.Json),\n });\n\n var lambda = new Aws.Lambda.Function(\"lambda\", new()\n {\n Code = new FileArchive(\"lambda.zip\"),\n Name = \"mylambda\",\n Role = role.Arn,\n Handler = \"lambda.lambda_handler\",\n Runtime = Aws.Lambda.Runtime.Python3d12,\n SourceCodeHash = Std.Filebase64sha256.Invoke(new()\n {\n Input = \"lambda.zip\",\n }).Apply(invoke =\u003e invoke.Result),\n });\n\n var integration = new Aws.ApiGateway.Integration(\"integration\", new()\n {\n RestApi = api.Id,\n ResourceId = resource.Id,\n HttpMethod = method.HttpMethod,\n IntegrationHttpMethod = \"POST\",\n Type = \"AWS_PROXY\",\n Uri = lambda.InvokeArn,\n });\n\n // Lambda\n var apigwLambda = new Aws.Lambda.Permission(\"apigw_lambda\", new()\n {\n StatementId = \"AllowExecutionFromAPIGateway\",\n Action = \"lambda:InvokeFunction\",\n Function = lambda.Name,\n Principal = \"apigateway.amazonaws.com\",\n SourceArn = Output.Tuple(api.Id, method.HttpMethod, resource.Path).Apply(values =\u003e\n {\n var id = values.Item1;\n var httpMethod = values.Item2;\n var path = values.Item3;\n return $\"arn:aws:execute-api:{myregion}:{accountId}:{id}/*/{httpMethod}{path}\";\n }),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"fmt\"\n\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/apigateway\"\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/iam\"\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/lambda\"\n\t\"github.com/pulumi/pulumi-std/sdk/go/std\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi/config\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tcfg := config.New(ctx, \"\")\n\t\tmyregion := cfg.RequireObject(\"myregion\")\n\t\taccountId := cfg.RequireObject(\"accountId\")\n\t\t// API Gateway\n\t\tapi, err := apigateway.NewRestApi(ctx, \"api\", \u0026apigateway.RestApiArgs{\n\t\t\tName: pulumi.String(\"myapi\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tresource, err := apigateway.NewResource(ctx, \"resource\", \u0026apigateway.ResourceArgs{\n\t\t\tPathPart: pulumi.String(\"resource\"),\n\t\t\tParentId: api.RootResourceId,\n\t\t\tRestApi: api.ID(),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tmethod, err := apigateway.NewMethod(ctx, \"method\", \u0026apigateway.MethodArgs{\n\t\t\tRestApi: api.ID(),\n\t\t\tResourceId: resource.ID(),\n\t\t\tHttpMethod: pulumi.String(\"GET\"),\n\t\t\tAuthorization: pulumi.String(\"NONE\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t// IAM\n\t\tassumeRole, err := iam.GetPolicyDocument(ctx, \u0026iam.GetPolicyDocumentArgs{\n\t\t\tStatements: []iam.GetPolicyDocumentStatement{\n\t\t\t\t{\n\t\t\t\t\tEffect: pulumi.StringRef(\"Allow\"),\n\t\t\t\t\tPrincipals: []iam.GetPolicyDocumentStatementPrincipal{\n\t\t\t\t\t\t{\n\t\t\t\t\t\t\tType: \"Service\",\n\t\t\t\t\t\t\tIdentifiers: []string{\n\t\t\t\t\t\t\t\t\"lambda.amazonaws.com\",\n\t\t\t\t\t\t\t},\n\t\t\t\t\t\t},\n\t\t\t\t\t},\n\t\t\t\t\tActions: []string{\n\t\t\t\t\t\t\"sts:AssumeRole\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\trole, err := iam.NewRole(ctx, \"role\", \u0026iam.RoleArgs{\n\t\t\tName: pulumi.String(\"myrole\"),\n\t\t\tAssumeRolePolicy: pulumi.String(assumeRole.Json),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tinvokeFilebase64sha256, err := std.Filebase64sha256(ctx, \u0026std.Filebase64sha256Args{\n\t\t\tInput: \"lambda.zip\",\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tlambda, err := lambda.NewFunction(ctx, \"lambda\", \u0026lambda.FunctionArgs{\n\t\t\tCode: pulumi.NewFileArchive(\"lambda.zip\"),\n\t\t\tName: pulumi.String(\"mylambda\"),\n\t\t\tRole: role.Arn,\n\t\t\tHandler: pulumi.String(\"lambda.lambda_handler\"),\n\t\t\tRuntime: pulumi.String(lambda.RuntimePython3d12),\n\t\t\tSourceCodeHash: pulumi.String(invokeFilebase64sha256.Result),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = apigateway.NewIntegration(ctx, \"integration\", \u0026apigateway.IntegrationArgs{\n\t\t\tRestApi: api.ID(),\n\t\t\tResourceId: resource.ID(),\n\t\t\tHttpMethod: method.HttpMethod,\n\t\t\tIntegrationHttpMethod: pulumi.String(\"POST\"),\n\t\t\tType: pulumi.String(\"AWS_PROXY\"),\n\t\t\tUri: lambda.InvokeArn,\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t// Lambda\n\t\t_, err = lambda.NewPermission(ctx, \"apigw_lambda\", \u0026lambda.PermissionArgs{\n\t\t\tStatementId: pulumi.String(\"AllowExecutionFromAPIGateway\"),\n\t\t\tAction: pulumi.String(\"lambda:InvokeFunction\"),\n\t\t\tFunction: lambda.Name,\n\t\t\tPrincipal: pulumi.String(\"apigateway.amazonaws.com\"),\n\t\t\tSourceArn: pulumi.All(api.ID(), method.HttpMethod, resource.Path).ApplyT(func(_args []interface{}) (string, error) {\n\t\t\t\tid := _args[0].(string)\n\t\t\t\thttpMethod := _args[1].(string)\n\t\t\t\tpath := _args[2].(string)\n\t\t\t\treturn fmt.Sprintf(\"arn:aws:execute-api:%v:%v:%v/*/%v%v\", myregion, accountId, id, httpMethod, path), nil\n\t\t\t}).(pulumi.StringOutput),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.aws.apigateway.RestApi;\nimport com.pulumi.aws.apigateway.RestApiArgs;\nimport com.pulumi.aws.apigateway.Resource;\nimport com.pulumi.aws.apigateway.ResourceArgs;\nimport com.pulumi.aws.apigateway.Method;\nimport com.pulumi.aws.apigateway.MethodArgs;\nimport com.pulumi.aws.iam.IamFunctions;\nimport com.pulumi.aws.iam.inputs.GetPolicyDocumentArgs;\nimport com.pulumi.aws.iam.Role;\nimport com.pulumi.aws.iam.RoleArgs;\nimport com.pulumi.aws.lambda.Function;\nimport com.pulumi.aws.lambda.FunctionArgs;\nimport com.pulumi.aws.apigateway.Integration;\nimport com.pulumi.aws.apigateway.IntegrationArgs;\nimport com.pulumi.aws.lambda.Permission;\nimport com.pulumi.aws.lambda.PermissionArgs;\nimport com.pulumi.asset.FileArchive;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var config = ctx.config();\n final var myregion = config.get(\"myregion\");\n final var accountId = config.get(\"accountId\");\n // API Gateway\n var api = new RestApi(\"api\", RestApiArgs.builder()\n .name(\"myapi\")\n .build());\n\n var resource = new Resource(\"resource\", ResourceArgs.builder()\n .pathPart(\"resource\")\n .parentId(api.rootResourceId())\n .restApi(api.id())\n .build());\n\n var method = new Method(\"method\", MethodArgs.builder()\n .restApi(api.id())\n .resourceId(resource.id())\n .httpMethod(\"GET\")\n .authorization(\"NONE\")\n .build());\n\n // IAM\n final var assumeRole = IamFunctions.getPolicyDocument(GetPolicyDocumentArgs.builder()\n .statements(GetPolicyDocumentStatementArgs.builder()\n .effect(\"Allow\")\n .principals(GetPolicyDocumentStatementPrincipalArgs.builder()\n .type(\"Service\")\n .identifiers(\"lambda.amazonaws.com\")\n .build())\n .actions(\"sts:AssumeRole\")\n .build())\n .build());\n\n var role = new Role(\"role\", RoleArgs.builder()\n .name(\"myrole\")\n .assumeRolePolicy(assumeRole.applyValue(getPolicyDocumentResult -\u003e getPolicyDocumentResult.json()))\n .build());\n\n var lambda = new Function(\"lambda\", FunctionArgs.builder()\n .code(new FileArchive(\"lambda.zip\"))\n .name(\"mylambda\")\n .role(role.arn())\n .handler(\"lambda.lambda_handler\")\n .runtime(\"python3.12\")\n .sourceCodeHash(StdFunctions.filebase64sha256(Filebase64sha256Args.builder()\n .input(\"lambda.zip\")\n .build()).result())\n .build());\n\n var integration = new Integration(\"integration\", IntegrationArgs.builder()\n .restApi(api.id())\n .resourceId(resource.id())\n .httpMethod(method.httpMethod())\n .integrationHttpMethod(\"POST\")\n .type(\"AWS_PROXY\")\n .uri(lambda.invokeArn())\n .build());\n\n // Lambda\n var apigwLambda = new Permission(\"apigwLambda\", PermissionArgs.builder()\n .statementId(\"AllowExecutionFromAPIGateway\")\n .action(\"lambda:InvokeFunction\")\n .function(lambda.name())\n .principal(\"apigateway.amazonaws.com\")\n .sourceArn(Output.tuple(api.id(), method.httpMethod(), resource.path()).applyValue(values -\u003e {\n var id = values.t1;\n var httpMethod = values.t2;\n var path = values.t3;\n return String.format(\"arn:aws:execute-api:%s:%s:%s/*/%s%s\", myregion,accountId,id,httpMethod,path);\n }))\n .build());\n\n }\n}\n```\n```yaml\nconfiguration:\n # Variables\n myregion:\n type: dynamic\n accountId:\n type: dynamic\nresources:\n # API Gateway\n api:\n type: aws:apigateway:RestApi\n properties:\n name: myapi\n resource:\n type: aws:apigateway:Resource\n properties:\n pathPart: resource\n parentId: ${api.rootResourceId}\n restApi: ${api.id}\n method:\n type: aws:apigateway:Method\n properties:\n restApi: ${api.id}\n resourceId: ${resource.id}\n httpMethod: GET\n authorization: NONE\n integration:\n type: aws:apigateway:Integration\n properties:\n restApi: ${api.id}\n resourceId: ${resource.id}\n httpMethod: ${method.httpMethod}\n integrationHttpMethod: POST\n type: AWS_PROXY\n uri: ${lambda.invokeArn}\n # Lambda\n apigwLambda:\n type: aws:lambda:Permission\n name: apigw_lambda\n properties:\n statementId: AllowExecutionFromAPIGateway\n action: lambda:InvokeFunction\n function: ${lambda.name}\n principal: apigateway.amazonaws.com\n sourceArn: arn:aws:execute-api:${myregion}:${accountId}:${api.id}/*/${method.httpMethod}${resource.path}\n lambda:\n type: aws:lambda:Function\n properties:\n code:\n fn::FileArchive: lambda.zip\n name: mylambda\n role: ${role.arn}\n handler: lambda.lambda_handler\n runtime: python3.12\n sourceCodeHash:\n fn::invoke:\n function: std:filebase64sha256\n arguments:\n input: lambda.zip\n return: result\n role:\n type: aws:iam:Role\n properties:\n name: myrole\n assumeRolePolicy: ${assumeRole.json}\nvariables:\n # IAM\n assumeRole:\n fn::invoke:\n function: aws:iam:getPolicyDocument\n arguments:\n statements:\n - effect: Allow\n principals:\n - type: Service\n identifiers:\n - lambda.amazonaws.com\n actions:\n - sts:AssumeRole\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## VPC Link\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst config = new pulumi.Config();\nconst name = config.requireObject(\"name\");\nconst subnetId = config.requireObject(\"subnetId\");\nconst test = new aws.lb.LoadBalancer(\"test\", {\n name: name,\n internal: true,\n loadBalancerType: \"network\",\n subnets: [subnetId],\n});\nconst testVpcLink = new aws.apigateway.VpcLink(\"test\", {\n name: name,\n targetArn: test.arn,\n});\nconst testRestApi = new aws.apigateway.RestApi(\"test\", {name: name});\nconst testResource = new aws.apigateway.Resource(\"test\", {\n restApi: testRestApi.id,\n parentId: testRestApi.rootResourceId,\n pathPart: \"test\",\n});\nconst testMethod = new aws.apigateway.Method(\"test\", {\n restApi: testRestApi.id,\n resourceId: testResource.id,\n httpMethod: \"GET\",\n authorization: \"NONE\",\n requestModels: {\n \"application/json\": \"Error\",\n },\n});\nconst testIntegration = new aws.apigateway.Integration(\"test\", {\n restApi: testRestApi.id,\n resourceId: testResource.id,\n httpMethod: testMethod.httpMethod,\n requestTemplates: {\n \"application/json\": \"\",\n \"application/xml\": `#set(inputRoot = input.path(''))\n{ }`,\n },\n requestParameters: {\n \"integration.request.header.X-Authorization\": \"'static'\",\n \"integration.request.header.X-Foo\": \"'Bar'\",\n },\n type: \"HTTP\",\n uri: \"https://www.google.de\",\n integrationHttpMethod: \"GET\",\n passthroughBehavior: \"WHEN_NO_MATCH\",\n contentHandling: \"CONVERT_TO_TEXT\",\n connectionType: \"VPC_LINK\",\n connectionId: testVpcLink.id,\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nconfig = pulumi.Config()\nname = config.require_object(\"name\")\nsubnet_id = config.require_object(\"subnetId\")\ntest = aws.lb.LoadBalancer(\"test\",\n name=name,\n internal=True,\n load_balancer_type=\"network\",\n subnets=[subnet_id])\ntest_vpc_link = aws.apigateway.VpcLink(\"test\",\n name=name,\n target_arn=test.arn)\ntest_rest_api = aws.apigateway.RestApi(\"test\", name=name)\ntest_resource = aws.apigateway.Resource(\"test\",\n rest_api=test_rest_api.id,\n parent_id=test_rest_api.root_resource_id,\n path_part=\"test\")\ntest_method = aws.apigateway.Method(\"test\",\n rest_api=test_rest_api.id,\n resource_id=test_resource.id,\n http_method=\"GET\",\n authorization=\"NONE\",\n request_models={\n \"application/json\": \"Error\",\n })\ntest_integration = aws.apigateway.Integration(\"test\",\n rest_api=test_rest_api.id,\n resource_id=test_resource.id,\n http_method=test_method.http_method,\n request_templates={\n \"application/json\": \"\",\n \"application/xml\": \"\"\"#set($inputRoot = $input.path('$'))\n{ }\"\"\",\n },\n request_parameters={\n \"integration.request.header.X-Authorization\": \"'static'\",\n \"integration.request.header.X-Foo\": \"'Bar'\",\n },\n type=\"HTTP\",\n uri=\"https://www.google.de\",\n integration_http_method=\"GET\",\n passthrough_behavior=\"WHEN_NO_MATCH\",\n content_handling=\"CONVERT_TO_TEXT\",\n connection_type=\"VPC_LINK\",\n connection_id=test_vpc_link.id)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var config = new Config();\n var name = config.RequireObject\u003cdynamic\u003e(\"name\");\n var subnetId = config.RequireObject\u003cdynamic\u003e(\"subnetId\");\n var test = new Aws.LB.LoadBalancer(\"test\", new()\n {\n Name = name,\n Internal = true,\n LoadBalancerType = \"network\",\n Subnets = new[]\n {\n subnetId,\n },\n });\n\n var testVpcLink = new Aws.ApiGateway.VpcLink(\"test\", new()\n {\n Name = name,\n TargetArn = test.Arn,\n });\n\n var testRestApi = new Aws.ApiGateway.RestApi(\"test\", new()\n {\n Name = name,\n });\n\n var testResource = new Aws.ApiGateway.Resource(\"test\", new()\n {\n RestApi = testRestApi.Id,\n ParentId = testRestApi.RootResourceId,\n PathPart = \"test\",\n });\n\n var testMethod = new Aws.ApiGateway.Method(\"test\", new()\n {\n RestApi = testRestApi.Id,\n ResourceId = testResource.Id,\n HttpMethod = \"GET\",\n Authorization = \"NONE\",\n RequestModels = \n {\n { \"application/json\", \"Error\" },\n },\n });\n\n var testIntegration = new Aws.ApiGateway.Integration(\"test\", new()\n {\n RestApi = testRestApi.Id,\n ResourceId = testResource.Id,\n HttpMethod = testMethod.HttpMethod,\n RequestTemplates = \n {\n { \"application/json\", \"\" },\n { \"application/xml\", @\"#set($inputRoot = $input.path('$'))\n{ }\" },\n },\n RequestParameters = \n {\n { \"integration.request.header.X-Authorization\", \"'static'\" },\n { \"integration.request.header.X-Foo\", \"'Bar'\" },\n },\n Type = \"HTTP\",\n Uri = \"https://www.google.de\",\n IntegrationHttpMethod = \"GET\",\n PassthroughBehavior = \"WHEN_NO_MATCH\",\n ContentHandling = \"CONVERT_TO_TEXT\",\n ConnectionType = \"VPC_LINK\",\n ConnectionId = testVpcLink.Id,\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/apigateway\"\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/lb\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi/config\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tcfg := config.New(ctx, \"\")\n\t\tname := cfg.RequireObject(\"name\")\n\t\tsubnetId := cfg.RequireObject(\"subnetId\")\n\t\ttest, err := lb.NewLoadBalancer(ctx, \"test\", \u0026lb.LoadBalancerArgs{\n\t\t\tName: pulumi.Any(name),\n\t\t\tInternal: pulumi.Bool(true),\n\t\t\tLoadBalancerType: pulumi.String(\"network\"),\n\t\t\tSubnets: pulumi.StringArray{\n\t\t\t\tsubnetId,\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\ttestVpcLink, err := apigateway.NewVpcLink(ctx, \"test\", \u0026apigateway.VpcLinkArgs{\n\t\t\tName: pulumi.Any(name),\n\t\t\tTargetArn: test.Arn,\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\ttestRestApi, err := apigateway.NewRestApi(ctx, \"test\", \u0026apigateway.RestApiArgs{\n\t\t\tName: pulumi.Any(name),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\ttestResource, err := apigateway.NewResource(ctx, \"test\", \u0026apigateway.ResourceArgs{\n\t\t\tRestApi: testRestApi.ID(),\n\t\t\tParentId: testRestApi.RootResourceId,\n\t\t\tPathPart: pulumi.String(\"test\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\ttestMethod, err := apigateway.NewMethod(ctx, \"test\", \u0026apigateway.MethodArgs{\n\t\t\tRestApi: testRestApi.ID(),\n\t\t\tResourceId: testResource.ID(),\n\t\t\tHttpMethod: pulumi.String(\"GET\"),\n\t\t\tAuthorization: pulumi.String(\"NONE\"),\n\t\t\tRequestModels: pulumi.StringMap{\n\t\t\t\t\"application/json\": pulumi.String(\"Error\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = apigateway.NewIntegration(ctx, \"test\", \u0026apigateway.IntegrationArgs{\n\t\t\tRestApi: testRestApi.ID(),\n\t\t\tResourceId: testResource.ID(),\n\t\t\tHttpMethod: testMethod.HttpMethod,\n\t\t\tRequestTemplates: pulumi.StringMap{\n\t\t\t\t\"application/json\": pulumi.String(\"\"),\n\t\t\t\t\"application/xml\": pulumi.String(\"#set($inputRoot = $input.path('$'))\\n{ }\"),\n\t\t\t},\n\t\t\tRequestParameters: pulumi.StringMap{\n\t\t\t\t\"integration.request.header.X-Authorization\": pulumi.String(\"'static'\"),\n\t\t\t\t\"integration.request.header.X-Foo\": pulumi.String(\"'Bar'\"),\n\t\t\t},\n\t\t\tType: pulumi.String(\"HTTP\"),\n\t\t\tUri: pulumi.String(\"https://www.google.de\"),\n\t\t\tIntegrationHttpMethod: pulumi.String(\"GET\"),\n\t\t\tPassthroughBehavior: pulumi.String(\"WHEN_NO_MATCH\"),\n\t\t\tContentHandling: pulumi.String(\"CONVERT_TO_TEXT\"),\n\t\t\tConnectionType: pulumi.String(\"VPC_LINK\"),\n\t\t\tConnectionId: testVpcLink.ID(),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.aws.lb.LoadBalancer;\nimport com.pulumi.aws.lb.LoadBalancerArgs;\nimport com.pulumi.aws.apigateway.VpcLink;\nimport com.pulumi.aws.apigateway.VpcLinkArgs;\nimport com.pulumi.aws.apigateway.RestApi;\nimport com.pulumi.aws.apigateway.RestApiArgs;\nimport com.pulumi.aws.apigateway.Resource;\nimport com.pulumi.aws.apigateway.ResourceArgs;\nimport com.pulumi.aws.apigateway.Method;\nimport com.pulumi.aws.apigateway.MethodArgs;\nimport com.pulumi.aws.apigateway.Integration;\nimport com.pulumi.aws.apigateway.IntegrationArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var config = ctx.config();\n final var name = config.get(\"name\");\n final var subnetId = config.get(\"subnetId\");\n var test = new LoadBalancer(\"test\", LoadBalancerArgs.builder()\n .name(name)\n .internal(true)\n .loadBalancerType(\"network\")\n .subnets(subnetId)\n .build());\n\n var testVpcLink = new VpcLink(\"testVpcLink\", VpcLinkArgs.builder()\n .name(name)\n .targetArn(test.arn())\n .build());\n\n var testRestApi = new RestApi(\"testRestApi\", RestApiArgs.builder()\n .name(name)\n .build());\n\n var testResource = new Resource(\"testResource\", ResourceArgs.builder()\n .restApi(testRestApi.id())\n .parentId(testRestApi.rootResourceId())\n .pathPart(\"test\")\n .build());\n\n var testMethod = new Method(\"testMethod\", MethodArgs.builder()\n .restApi(testRestApi.id())\n .resourceId(testResource.id())\n .httpMethod(\"GET\")\n .authorization(\"NONE\")\n .requestModels(Map.of(\"application/json\", \"Error\"))\n .build());\n\n var testIntegration = new Integration(\"testIntegration\", IntegrationArgs.builder()\n .restApi(testRestApi.id())\n .resourceId(testResource.id())\n .httpMethod(testMethod.httpMethod())\n .requestTemplates(Map.ofEntries(\n Map.entry(\"application/json\", \"\"),\n Map.entry(\"application/xml\", \"\"\"\n#set($inputRoot = $input.path('$'))\n{ } \"\"\")\n ))\n .requestParameters(Map.ofEntries(\n Map.entry(\"integration.request.header.X-Authorization\", \"'static'\"),\n Map.entry(\"integration.request.header.X-Foo\", \"'Bar'\")\n ))\n .type(\"HTTP\")\n .uri(\"https://www.google.de\")\n .integrationHttpMethod(\"GET\")\n .passthroughBehavior(\"WHEN_NO_MATCH\")\n .contentHandling(\"CONVERT_TO_TEXT\")\n .connectionType(\"VPC_LINK\")\n .connectionId(testVpcLink.id())\n .build());\n\n }\n}\n```\n```yaml\nconfiguration:\n name:\n type: dynamic\n subnetId:\n type: dynamic\nresources:\n test:\n type: aws:lb:LoadBalancer\n properties:\n name: ${name}\n internal: true\n loadBalancerType: network\n subnets:\n - ${subnetId}\n testVpcLink:\n type: aws:apigateway:VpcLink\n name: test\n properties:\n name: ${name}\n targetArn: ${test.arn}\n testRestApi:\n type: aws:apigateway:RestApi\n name: test\n properties:\n name: ${name}\n testResource:\n type: aws:apigateway:Resource\n name: test\n properties:\n restApi: ${testRestApi.id}\n parentId: ${testRestApi.rootResourceId}\n pathPart: test\n testMethod:\n type: aws:apigateway:Method\n name: test\n properties:\n restApi: ${testRestApi.id}\n resourceId: ${testResource.id}\n httpMethod: GET\n authorization: NONE\n requestModels:\n application/json: Error\n testIntegration:\n type: aws:apigateway:Integration\n name: test\n properties:\n restApi: ${testRestApi.id}\n resourceId: ${testResource.id}\n httpMethod: ${testMethod.httpMethod}\n requestTemplates:\n application/json: \"\"\n application/xml: |-\n #set($inputRoot = $input.path('$'))\n { }\n requestParameters:\n integration.request.header.X-Authorization: '''static'''\n integration.request.header.X-Foo: '''Bar'''\n type: HTTP\n uri: https://www.google.de\n integrationHttpMethod: GET\n passthroughBehavior: WHEN_NO_MATCH\n contentHandling: CONVERT_TO_TEXT\n connectionType: VPC_LINK\n connectionId: ${testVpcLink.id}\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nUsing `pulumi import`, import `aws_api_gateway_integration` using `REST-API-ID/RESOURCE-ID/HTTP-METHOD`. For example:\n\n```sh\n$ pulumi import aws:apigateway/integration:Integration example 12345abcde/67890fghij/GET\n```\n", + "aws:apigateway/domainNameAccessAssociation:DomainNameAccessAssociation": { + "description": "Creates a domain name access association resource between an access association source and a private custom domain name.\n\n## Example Usage\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst example = new aws.apigateway.DomainNameAccessAssociation(\"example\", {\n accessAssociationSource: exampleAwsVpcEndpoint.id,\n accessAssociationSourceType: \"VPCE\",\n domainNameArn: exampleAwsApiGatewayDomainName.domainNameArn,\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nexample = aws.apigateway.DomainNameAccessAssociation(\"example\",\n access_association_source=example_aws_vpc_endpoint[\"id\"],\n access_association_source_type=\"VPCE\",\n domain_name_arn=example_aws_api_gateway_domain_name[\"domainNameArn\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var example = new Aws.ApiGateway.DomainNameAccessAssociation(\"example\", new()\n {\n AccessAssociationSource = exampleAwsVpcEndpoint.Id,\n AccessAssociationSourceType = \"VPCE\",\n DomainNameArn = exampleAwsApiGatewayDomainName.DomainNameArn,\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/apigateway\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := apigateway.NewDomainNameAccessAssociation(ctx, \"example\", \u0026apigateway.DomainNameAccessAssociationArgs{\n\t\t\tAccessAssociationSource: pulumi.Any(exampleAwsVpcEndpoint.Id),\n\t\t\tAccessAssociationSourceType: pulumi.String(\"VPCE\"),\n\t\t\tDomainNameArn: pulumi.Any(exampleAwsApiGatewayDomainName.DomainNameArn),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.aws.apigateway.DomainNameAccessAssociation;\nimport com.pulumi.aws.apigateway.DomainNameAccessAssociationArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var example = new DomainNameAccessAssociation(\"example\", DomainNameAccessAssociationArgs.builder()\n .accessAssociationSource(exampleAwsVpcEndpoint.id())\n .accessAssociationSourceType(\"VPCE\")\n .domainNameArn(exampleAwsApiGatewayDomainName.domainNameArn())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n example:\n type: aws:apigateway:DomainNameAccessAssociation\n properties:\n accessAssociationSource: ${exampleAwsVpcEndpoint.id}\n accessAssociationSourceType: VPCE\n domainNameArn: ${exampleAwsApiGatewayDomainName.domainNameArn}\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nUsing `pulumi import`, import API Gateway domain name acces associations as using their `arn`. For example:\n\n```sh\n$ pulumi import aws:apigateway/domainNameAccessAssociation:DomainNameAccessAssociation example arn:aws:apigateway:us-west-2:123456789012:/domainnameaccessassociations/domainname/12qmzgp2.9m7ilski.test+hykg7a12e7/vpcesource/vpce-05de3f8f82740a748\n```\n", "properties": { - "cacheKeyParameters": { - "type": "array", - "items": { - "type": "string" - }, - "description": "List of cache key parameters for the integration.\n" - }, - "cacheNamespace": { - "type": "string", - "description": "Integration's cache namespace.\n" - }, - "connectionId": { - "type": "string", - "description": "ID of the VpcLink used for the integration. **Required** if `connection_type` is `VPC_LINK`\n" - }, - "connectionType": { - "type": "string", - "description": "Integration input's [connectionType](https://docs.aws.amazon.com/apigateway/api-reference/resource/integration/#connectionType). Valid values are `INTERNET` (default for connections through the public routable internet), and `VPC_LINK` (for private connections between API Gateway and a network load balancer in a VPC).\n" - }, - "contentHandling": { + "accessAssociationSource": { "type": "string", - "description": "How to handle request payload content type conversions. Supported values are `CONVERT_TO_BINARY` and `CONVERT_TO_TEXT`. If this property is not defined, the request payload will be passed through from the method request to integration request without modification, provided that the passthroughBehaviors is configured to support payload pass-through.\n" + "description": "The identifier of the domain name access association source. For a `VPCE`, the value is the VPC endpoint ID.\n" }, - "credentials": { + "accessAssociationSourceType": { "type": "string", - "description": "Credentials required for the integration. For `AWS` integrations, 2 options are available. To specify an IAM Role for Amazon API Gateway to assume, use the role's ARN. To require that the caller's identity be passed through from the request, specify the string `arn:aws:iam::\\*:user/\\*`.\n" + "description": "The type of the domain name access association source. Valid values are `VPCE`.\n" }, - "httpMethod": { - "type": "string", - "description": "HTTP method (`GET`, `POST`, `PUT`, `DELETE`, `HEAD`, `OPTION`, `ANY`)\nwhen calling the associated resource.\n" - }, - "integrationHttpMethod": { + "arn": { "type": "string", - "description": "Integration HTTP method\n(`GET`, `POST`, `PUT`, `DELETE`, `HEAD`, `OPTIONs`, `ANY`, `PATCH`) specifying how API Gateway will interact with the back end.\n**Required** if `type` is `AWS`, `AWS_PROXY`, `HTTP` or `HTTP_PROXY`.\nNot all methods are compatible with all `AWS` integrations.\ne.g., Lambda function [can only be invoked](https://github.com/awslabs/aws-apigateway-importer/issues/9#issuecomment-129651005) via `POST`.\n" + "description": "ARN of the domain name access association.\n" }, - "passthroughBehavior": { + "domainNameArn": { "type": "string", - "description": "Integration passthrough behavior (`WHEN_NO_MATCH`, `WHEN_NO_TEMPLATES`, `NEVER`). **Required** if `request_templates` is used.\n" + "description": "The ARN of the domain name.\n" }, - "requestParameters": { + "tags": { "type": "object", "additionalProperties": { "type": "string" }, - "description": "Map of request query string parameters and headers that should be passed to the backend responder.\nFor example: `request_parameters = { \"integration.request.header.X-Some-Other-Header\" = \"method.request.header.X-Some-Header\" }`\n" + "description": "Key-value map of resource tags. If configured with a provider `default_tags` configuration block present, tags with matching keys will overwrite those defined at the provider-level.\n" }, - "requestTemplates": { + "tagsAll": { "type": "object", "additionalProperties": { "type": "string" }, - "description": "Map of the integration's request templates.\n" - }, - "resourceId": { + "description": "Map of tags assigned to the resource, including those inherited from the provider `default_tags` configuration block.\n", + "deprecationMessage": "Please use `tags` instead." + } + }, + "required": [ + "accessAssociationSource", + "accessAssociationSourceType", + "arn", + "domainNameArn", + "tagsAll" + ], + "inputProperties": { + "accessAssociationSource": { "type": "string", - "description": "API resource ID.\n" + "description": "The identifier of the domain name access association source. For a `VPCE`, the value is the VPC endpoint ID.\n" }, - "restApi": { + "accessAssociationSourceType": { "type": "string", - "description": "ID of the associated REST API.\n" - }, - "timeoutMilliseconds": { - "type": "integer", - "description": "Custom timeout between 50 and 300,000 milliseconds. The default value is 29,000 milliseconds. You need to raise a [Service Quota Ticket](https://docs.aws.amazon.com/general/latest/gr/aws_service_limits.html) to increase time beyond 29,000 milliseconds.\n" + "description": "The type of the domain name access association source. Valid values are `VPCE`.\n" }, - "tlsConfig": { - "$ref": "#/types/aws:apigateway/IntegrationTlsConfig:IntegrationTlsConfig", - "description": "TLS configuration. See below.\n" - }, - "type": { + "domainNameArn": { "type": "string", - "description": "Integration input's [type](https://docs.aws.amazon.com/apigateway/api-reference/resource/integration/). Valid values are `HTTP` (for HTTP backends), `MOCK` (not calling any real backend), `AWS` (for AWS services), `AWS_PROXY` (for Lambda proxy integration) and `HTTP_PROXY` (for HTTP proxy integration). An `HTTP` or `HTTP_PROXY` integration with a `connection_type` of `VPC_LINK` is referred to as a private integration and uses a VpcLink to connect API Gateway to a network load balancer of a VPC.\n" + "description": "The ARN of the domain name.\n" }, - "uri": { - "type": "string", - "description": "Input's URI. **Required** if `type` is `AWS`, `AWS_PROXY`, `HTTP` or `HTTP_PROXY`.\nFor HTTP integrations, the URI must be a fully formed, encoded HTTP(S) URL according to the RFC-3986 specification . For AWS integrations, the URI should be of the form `arn:aws:apigateway:{region}:{subdomain.service|service}:{path|action}/{service_api}`. `region`, `subdomain` and `service` are used to determine the right endpoint.\ne.g., `arn:aws:apigateway:eu-west-1:lambda:path/2015-03-31/functions/arn:aws:lambda:eu-west-1:123456789012:function:my-func/invocations`. For private integrations, the URI parameter is not used for routing requests to your endpoint, but is used for setting the Host header and for certificate validation.\n" + "tags": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "Key-value map of resource tags. If configured with a provider `default_tags` configuration block present, tags with matching keys will overwrite those defined at the provider-level.\n" } }, - "required": [ - "cacheNamespace", - "httpMethod", - "passthroughBehavior", - "resourceId", - "restApi", - "type" + "requiredInputs": [ + "accessAssociationSource", + "accessAssociationSourceType", + "domainNameArn" ], - "inputProperties": { + "stateInputs": { + "description": "Input properties used for looking up and filtering DomainNameAccessAssociation resources.\n", + "properties": { + "accessAssociationSource": { + "type": "string", + "description": "The identifier of the domain name access association source. For a `VPCE`, the value is the VPC endpoint ID.\n" + }, + "accessAssociationSourceType": { + "type": "string", + "description": "The type of the domain name access association source. Valid values are `VPCE`.\n" + }, + "arn": { + "type": "string", + "description": "ARN of the domain name access association.\n" + }, + "domainNameArn": { + "type": "string", + "description": "The ARN of the domain name.\n" + }, + "tags": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "Key-value map of resource tags. If configured with a provider `default_tags` configuration block present, tags with matching keys will overwrite those defined at the provider-level.\n" + }, + "tagsAll": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "Map of tags assigned to the resource, including those inherited from the provider `default_tags` configuration block.\n", + "deprecationMessage": "Please use `tags` instead." + } + }, + "type": "object" + } + }, + "aws:apigateway/integration:Integration": { + "description": "Provides an HTTP Method Integration for an API Gateway Integration.\n\n## Example Usage\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst myDemoAPI = new aws.apigateway.RestApi(\"MyDemoAPI\", {\n name: \"MyDemoAPI\",\n description: \"This is my API for demonstration purposes\",\n});\nconst myDemoResource = new aws.apigateway.Resource(\"MyDemoResource\", {\n restApi: myDemoAPI.id,\n parentId: myDemoAPI.rootResourceId,\n pathPart: \"mydemoresource\",\n});\nconst myDemoMethod = new aws.apigateway.Method(\"MyDemoMethod\", {\n restApi: myDemoAPI.id,\n resourceId: myDemoResource.id,\n httpMethod: \"GET\",\n authorization: \"NONE\",\n});\nconst myDemoIntegration = new aws.apigateway.Integration(\"MyDemoIntegration\", {\n restApi: myDemoAPI.id,\n resourceId: myDemoResource.id,\n httpMethod: myDemoMethod.httpMethod,\n type: \"MOCK\",\n cacheKeyParameters: [\"method.request.path.param\"],\n cacheNamespace: \"foobar\",\n timeoutMilliseconds: 29000,\n requestParameters: {\n \"integration.request.header.X-Authorization\": \"'static'\",\n },\n requestTemplates: {\n \"application/xml\": `{\n \"body\" : input.json('')\n}\n`,\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nmy_demo_api = aws.apigateway.RestApi(\"MyDemoAPI\",\n name=\"MyDemoAPI\",\n description=\"This is my API for demonstration purposes\")\nmy_demo_resource = aws.apigateway.Resource(\"MyDemoResource\",\n rest_api=my_demo_api.id,\n parent_id=my_demo_api.root_resource_id,\n path_part=\"mydemoresource\")\nmy_demo_method = aws.apigateway.Method(\"MyDemoMethod\",\n rest_api=my_demo_api.id,\n resource_id=my_demo_resource.id,\n http_method=\"GET\",\n authorization=\"NONE\")\nmy_demo_integration = aws.apigateway.Integration(\"MyDemoIntegration\",\n rest_api=my_demo_api.id,\n resource_id=my_demo_resource.id,\n http_method=my_demo_method.http_method,\n type=\"MOCK\",\n cache_key_parameters=[\"method.request.path.param\"],\n cache_namespace=\"foobar\",\n timeout_milliseconds=29000,\n request_parameters={\n \"integration.request.header.X-Authorization\": \"'static'\",\n },\n request_templates={\n \"application/xml\": \"\"\"{\n \"body\" : $input.json('$')\n}\n\"\"\",\n })\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var myDemoAPI = new Aws.ApiGateway.RestApi(\"MyDemoAPI\", new()\n {\n Name = \"MyDemoAPI\",\n Description = \"This is my API for demonstration purposes\",\n });\n\n var myDemoResource = new Aws.ApiGateway.Resource(\"MyDemoResource\", new()\n {\n RestApi = myDemoAPI.Id,\n ParentId = myDemoAPI.RootResourceId,\n PathPart = \"mydemoresource\",\n });\n\n var myDemoMethod = new Aws.ApiGateway.Method(\"MyDemoMethod\", new()\n {\n RestApi = myDemoAPI.Id,\n ResourceId = myDemoResource.Id,\n HttpMethod = \"GET\",\n Authorization = \"NONE\",\n });\n\n var myDemoIntegration = new Aws.ApiGateway.Integration(\"MyDemoIntegration\", new()\n {\n RestApi = myDemoAPI.Id,\n ResourceId = myDemoResource.Id,\n HttpMethod = myDemoMethod.HttpMethod,\n Type = \"MOCK\",\n CacheKeyParameters = new[]\n {\n \"method.request.path.param\",\n },\n CacheNamespace = \"foobar\",\n TimeoutMilliseconds = 29000,\n RequestParameters = \n {\n { \"integration.request.header.X-Authorization\", \"'static'\" },\n },\n RequestTemplates = \n {\n { \"application/xml\", @\"{\n \"\"body\"\" : $input.json('$')\n}\n\" },\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/apigateway\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tmyDemoAPI, err := apigateway.NewRestApi(ctx, \"MyDemoAPI\", \u0026apigateway.RestApiArgs{\n\t\t\tName: pulumi.String(\"MyDemoAPI\"),\n\t\t\tDescription: pulumi.String(\"This is my API for demonstration purposes\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tmyDemoResource, err := apigateway.NewResource(ctx, \"MyDemoResource\", \u0026apigateway.ResourceArgs{\n\t\t\tRestApi: myDemoAPI.ID(),\n\t\t\tParentId: myDemoAPI.RootResourceId,\n\t\t\tPathPart: pulumi.String(\"mydemoresource\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tmyDemoMethod, err := apigateway.NewMethod(ctx, \"MyDemoMethod\", \u0026apigateway.MethodArgs{\n\t\t\tRestApi: myDemoAPI.ID(),\n\t\t\tResourceId: myDemoResource.ID(),\n\t\t\tHttpMethod: pulumi.String(\"GET\"),\n\t\t\tAuthorization: pulumi.String(\"NONE\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = apigateway.NewIntegration(ctx, \"MyDemoIntegration\", \u0026apigateway.IntegrationArgs{\n\t\t\tRestApi: myDemoAPI.ID(),\n\t\t\tResourceId: myDemoResource.ID(),\n\t\t\tHttpMethod: myDemoMethod.HttpMethod,\n\t\t\tType: pulumi.String(\"MOCK\"),\n\t\t\tCacheKeyParameters: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"method.request.path.param\"),\n\t\t\t},\n\t\t\tCacheNamespace: pulumi.String(\"foobar\"),\n\t\t\tTimeoutMilliseconds: pulumi.Int(29000),\n\t\t\tRequestParameters: pulumi.StringMap{\n\t\t\t\t\"integration.request.header.X-Authorization\": pulumi.String(\"'static'\"),\n\t\t\t},\n\t\t\tRequestTemplates: pulumi.StringMap{\n\t\t\t\t\"application/xml\": pulumi.String(\"{\\n \\\"body\\\" : $input.json('$')\\n}\\n\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.aws.apigateway.RestApi;\nimport com.pulumi.aws.apigateway.RestApiArgs;\nimport com.pulumi.aws.apigateway.Resource;\nimport com.pulumi.aws.apigateway.ResourceArgs;\nimport com.pulumi.aws.apigateway.Method;\nimport com.pulumi.aws.apigateway.MethodArgs;\nimport com.pulumi.aws.apigateway.Integration;\nimport com.pulumi.aws.apigateway.IntegrationArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var myDemoAPI = new RestApi(\"myDemoAPI\", RestApiArgs.builder()\n .name(\"MyDemoAPI\")\n .description(\"This is my API for demonstration purposes\")\n .build());\n\n var myDemoResource = new Resource(\"myDemoResource\", ResourceArgs.builder()\n .restApi(myDemoAPI.id())\n .parentId(myDemoAPI.rootResourceId())\n .pathPart(\"mydemoresource\")\n .build());\n\n var myDemoMethod = new Method(\"myDemoMethod\", MethodArgs.builder()\n .restApi(myDemoAPI.id())\n .resourceId(myDemoResource.id())\n .httpMethod(\"GET\")\n .authorization(\"NONE\")\n .build());\n\n var myDemoIntegration = new Integration(\"myDemoIntegration\", IntegrationArgs.builder()\n .restApi(myDemoAPI.id())\n .resourceId(myDemoResource.id())\n .httpMethod(myDemoMethod.httpMethod())\n .type(\"MOCK\")\n .cacheKeyParameters(\"method.request.path.param\")\n .cacheNamespace(\"foobar\")\n .timeoutMilliseconds(29000)\n .requestParameters(Map.of(\"integration.request.header.X-Authorization\", \"'static'\"))\n .requestTemplates(Map.of(\"application/xml\", \"\"\"\n{\n \"body\" : $input.json('$')\n}\n \"\"\"))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n myDemoAPI:\n type: aws:apigateway:RestApi\n name: MyDemoAPI\n properties:\n name: MyDemoAPI\n description: This is my API for demonstration purposes\n myDemoResource:\n type: aws:apigateway:Resource\n name: MyDemoResource\n properties:\n restApi: ${myDemoAPI.id}\n parentId: ${myDemoAPI.rootResourceId}\n pathPart: mydemoresource\n myDemoMethod:\n type: aws:apigateway:Method\n name: MyDemoMethod\n properties:\n restApi: ${myDemoAPI.id}\n resourceId: ${myDemoResource.id}\n httpMethod: GET\n authorization: NONE\n myDemoIntegration:\n type: aws:apigateway:Integration\n name: MyDemoIntegration\n properties:\n restApi: ${myDemoAPI.id}\n resourceId: ${myDemoResource.id}\n httpMethod: ${myDemoMethod.httpMethod}\n type: MOCK\n cacheKeyParameters:\n - method.request.path.param\n cacheNamespace: foobar\n timeoutMilliseconds: 29000\n requestParameters:\n integration.request.header.X-Authorization: '''static'''\n requestTemplates:\n application/xml: |\n {\n \"body\" : $input.json('$')\n }\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Lambda integration\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\nimport * as std from \"@pulumi/std\";\n\nconst config = new pulumi.Config();\nconst myregion = config.requireObject(\"myregion\");\nconst accountId = config.requireObject(\"accountId\");\n// API Gateway\nconst api = new aws.apigateway.RestApi(\"api\", {name: \"myapi\"});\nconst resource = new aws.apigateway.Resource(\"resource\", {\n pathPart: \"resource\",\n parentId: api.rootResourceId,\n restApi: api.id,\n});\nconst method = new aws.apigateway.Method(\"method\", {\n restApi: api.id,\n resourceId: resource.id,\n httpMethod: \"GET\",\n authorization: \"NONE\",\n});\n// IAM\nconst assumeRole = aws.iam.getPolicyDocument({\n statements: [{\n effect: \"Allow\",\n principals: [{\n type: \"Service\",\n identifiers: [\"lambda.amazonaws.com\"],\n }],\n actions: [\"sts:AssumeRole\"],\n }],\n});\nconst role = new aws.iam.Role(\"role\", {\n name: \"myrole\",\n assumeRolePolicy: assumeRole.then(assumeRole =\u003e assumeRole.json),\n});\nconst lambda = new aws.lambda.Function(\"lambda\", {\n code: new pulumi.asset.FileArchive(\"lambda.zip\"),\n name: \"mylambda\",\n role: role.arn,\n handler: \"lambda.lambda_handler\",\n runtime: aws.lambda.Runtime.Python3d12,\n sourceCodeHash: std.filebase64sha256({\n input: \"lambda.zip\",\n }).then(invoke =\u003e invoke.result),\n});\nconst integration = new aws.apigateway.Integration(\"integration\", {\n restApi: api.id,\n resourceId: resource.id,\n httpMethod: method.httpMethod,\n integrationHttpMethod: \"POST\",\n type: \"AWS_PROXY\",\n uri: lambda.invokeArn,\n});\n// Lambda\nconst apigwLambda = new aws.lambda.Permission(\"apigw_lambda\", {\n statementId: \"AllowExecutionFromAPIGateway\",\n action: \"lambda:InvokeFunction\",\n \"function\": lambda.name,\n principal: \"apigateway.amazonaws.com\",\n sourceArn: pulumi.interpolate`arn:aws:execute-api:${myregion}:${accountId}:${api.id}/*/${method.httpMethod}${resource.path}`,\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\nimport pulumi_std as std\n\nconfig = pulumi.Config()\nmyregion = config.require_object(\"myregion\")\naccount_id = config.require_object(\"accountId\")\n# API Gateway\napi = aws.apigateway.RestApi(\"api\", name=\"myapi\")\nresource = aws.apigateway.Resource(\"resource\",\n path_part=\"resource\",\n parent_id=api.root_resource_id,\n rest_api=api.id)\nmethod = aws.apigateway.Method(\"method\",\n rest_api=api.id,\n resource_id=resource.id,\n http_method=\"GET\",\n authorization=\"NONE\")\n# IAM\nassume_role = aws.iam.get_policy_document(statements=[{\n \"effect\": \"Allow\",\n \"principals\": [{\n \"type\": \"Service\",\n \"identifiers\": [\"lambda.amazonaws.com\"],\n }],\n \"actions\": [\"sts:AssumeRole\"],\n}])\nrole = aws.iam.Role(\"role\",\n name=\"myrole\",\n assume_role_policy=assume_role.json)\nlambda_ = aws.lambda_.Function(\"lambda\",\n code=pulumi.FileArchive(\"lambda.zip\"),\n name=\"mylambda\",\n role=role.arn,\n handler=\"lambda.lambda_handler\",\n runtime=aws.lambda_.Runtime.PYTHON3D12,\n source_code_hash=std.filebase64sha256(input=\"lambda.zip\").result)\nintegration = aws.apigateway.Integration(\"integration\",\n rest_api=api.id,\n resource_id=resource.id,\n http_method=method.http_method,\n integration_http_method=\"POST\",\n type=\"AWS_PROXY\",\n uri=lambda_.invoke_arn)\n# Lambda\napigw_lambda = aws.lambda_.Permission(\"apigw_lambda\",\n statement_id=\"AllowExecutionFromAPIGateway\",\n action=\"lambda:InvokeFunction\",\n function=lambda_.name,\n principal=\"apigateway.amazonaws.com\",\n source_arn=pulumi.Output.all(\n id=api.id,\n http_method=method.http_method,\n path=resource.path\n).apply(lambda resolved_outputs: f\"arn:aws:execute-api:{myregion}:{account_id}:{resolved_outputs['id']}/*/{resolved_outputs['http_method']}{resolved_outputs['path']}\")\n)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Aws = Pulumi.Aws;\nusing Std = Pulumi.Std;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var config = new Config();\n var myregion = config.RequireObject\u003cdynamic\u003e(\"myregion\");\n var accountId = config.RequireObject\u003cdynamic\u003e(\"accountId\");\n // API Gateway\n var api = new Aws.ApiGateway.RestApi(\"api\", new()\n {\n Name = \"myapi\",\n });\n\n var resource = new Aws.ApiGateway.Resource(\"resource\", new()\n {\n PathPart = \"resource\",\n ParentId = api.RootResourceId,\n RestApi = api.Id,\n });\n\n var method = new Aws.ApiGateway.Method(\"method\", new()\n {\n RestApi = api.Id,\n ResourceId = resource.Id,\n HttpMethod = \"GET\",\n Authorization = \"NONE\",\n });\n\n // IAM\n var assumeRole = Aws.Iam.GetPolicyDocument.Invoke(new()\n {\n Statements = new[]\n {\n new Aws.Iam.Inputs.GetPolicyDocumentStatementInputArgs\n {\n Effect = \"Allow\",\n Principals = new[]\n {\n new Aws.Iam.Inputs.GetPolicyDocumentStatementPrincipalInputArgs\n {\n Type = \"Service\",\n Identifiers = new[]\n {\n \"lambda.amazonaws.com\",\n },\n },\n },\n Actions = new[]\n {\n \"sts:AssumeRole\",\n },\n },\n },\n });\n\n var role = new Aws.Iam.Role(\"role\", new()\n {\n Name = \"myrole\",\n AssumeRolePolicy = assumeRole.Apply(getPolicyDocumentResult =\u003e getPolicyDocumentResult.Json),\n });\n\n var lambda = new Aws.Lambda.Function(\"lambda\", new()\n {\n Code = new FileArchive(\"lambda.zip\"),\n Name = \"mylambda\",\n Role = role.Arn,\n Handler = \"lambda.lambda_handler\",\n Runtime = Aws.Lambda.Runtime.Python3d12,\n SourceCodeHash = Std.Filebase64sha256.Invoke(new()\n {\n Input = \"lambda.zip\",\n }).Apply(invoke =\u003e invoke.Result),\n });\n\n var integration = new Aws.ApiGateway.Integration(\"integration\", new()\n {\n RestApi = api.Id,\n ResourceId = resource.Id,\n HttpMethod = method.HttpMethod,\n IntegrationHttpMethod = \"POST\",\n Type = \"AWS_PROXY\",\n Uri = lambda.InvokeArn,\n });\n\n // Lambda\n var apigwLambda = new Aws.Lambda.Permission(\"apigw_lambda\", new()\n {\n StatementId = \"AllowExecutionFromAPIGateway\",\n Action = \"lambda:InvokeFunction\",\n Function = lambda.Name,\n Principal = \"apigateway.amazonaws.com\",\n SourceArn = Output.Tuple(api.Id, method.HttpMethod, resource.Path).Apply(values =\u003e\n {\n var id = values.Item1;\n var httpMethod = values.Item2;\n var path = values.Item3;\n return $\"arn:aws:execute-api:{myregion}:{accountId}:{id}/*/{httpMethod}{path}\";\n }),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"fmt\"\n\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/apigateway\"\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/iam\"\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/lambda\"\n\t\"github.com/pulumi/pulumi-std/sdk/go/std\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi/config\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tcfg := config.New(ctx, \"\")\n\t\tmyregion := cfg.RequireObject(\"myregion\")\n\t\taccountId := cfg.RequireObject(\"accountId\")\n\t\t// API Gateway\n\t\tapi, err := apigateway.NewRestApi(ctx, \"api\", \u0026apigateway.RestApiArgs{\n\t\t\tName: pulumi.String(\"myapi\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tresource, err := apigateway.NewResource(ctx, \"resource\", \u0026apigateway.ResourceArgs{\n\t\t\tPathPart: pulumi.String(\"resource\"),\n\t\t\tParentId: api.RootResourceId,\n\t\t\tRestApi: api.ID(),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tmethod, err := apigateway.NewMethod(ctx, \"method\", \u0026apigateway.MethodArgs{\n\t\t\tRestApi: api.ID(),\n\t\t\tResourceId: resource.ID(),\n\t\t\tHttpMethod: pulumi.String(\"GET\"),\n\t\t\tAuthorization: pulumi.String(\"NONE\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t// IAM\n\t\tassumeRole, err := iam.GetPolicyDocument(ctx, \u0026iam.GetPolicyDocumentArgs{\n\t\t\tStatements: []iam.GetPolicyDocumentStatement{\n\t\t\t\t{\n\t\t\t\t\tEffect: pulumi.StringRef(\"Allow\"),\n\t\t\t\t\tPrincipals: []iam.GetPolicyDocumentStatementPrincipal{\n\t\t\t\t\t\t{\n\t\t\t\t\t\t\tType: \"Service\",\n\t\t\t\t\t\t\tIdentifiers: []string{\n\t\t\t\t\t\t\t\t\"lambda.amazonaws.com\",\n\t\t\t\t\t\t\t},\n\t\t\t\t\t\t},\n\t\t\t\t\t},\n\t\t\t\t\tActions: []string{\n\t\t\t\t\t\t\"sts:AssumeRole\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\trole, err := iam.NewRole(ctx, \"role\", \u0026iam.RoleArgs{\n\t\t\tName: pulumi.String(\"myrole\"),\n\t\t\tAssumeRolePolicy: pulumi.String(assumeRole.Json),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tinvokeFilebase64sha256, err := std.Filebase64sha256(ctx, \u0026std.Filebase64sha256Args{\n\t\t\tInput: \"lambda.zip\",\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tlambda, err := lambda.NewFunction(ctx, \"lambda\", \u0026lambda.FunctionArgs{\n\t\t\tCode: pulumi.NewFileArchive(\"lambda.zip\"),\n\t\t\tName: pulumi.String(\"mylambda\"),\n\t\t\tRole: role.Arn,\n\t\t\tHandler: pulumi.String(\"lambda.lambda_handler\"),\n\t\t\tRuntime: pulumi.String(lambda.RuntimePython3d12),\n\t\t\tSourceCodeHash: pulumi.String(invokeFilebase64sha256.Result),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = apigateway.NewIntegration(ctx, \"integration\", \u0026apigateway.IntegrationArgs{\n\t\t\tRestApi: api.ID(),\n\t\t\tResourceId: resource.ID(),\n\t\t\tHttpMethod: method.HttpMethod,\n\t\t\tIntegrationHttpMethod: pulumi.String(\"POST\"),\n\t\t\tType: pulumi.String(\"AWS_PROXY\"),\n\t\t\tUri: lambda.InvokeArn,\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t// Lambda\n\t\t_, err = lambda.NewPermission(ctx, \"apigw_lambda\", \u0026lambda.PermissionArgs{\n\t\t\tStatementId: pulumi.String(\"AllowExecutionFromAPIGateway\"),\n\t\t\tAction: pulumi.String(\"lambda:InvokeFunction\"),\n\t\t\tFunction: lambda.Name,\n\t\t\tPrincipal: pulumi.String(\"apigateway.amazonaws.com\"),\n\t\t\tSourceArn: pulumi.All(api.ID(), method.HttpMethod, resource.Path).ApplyT(func(_args []interface{}) (string, error) {\n\t\t\t\tid := _args[0].(string)\n\t\t\t\thttpMethod := _args[1].(string)\n\t\t\t\tpath := _args[2].(string)\n\t\t\t\treturn fmt.Sprintf(\"arn:aws:execute-api:%v:%v:%v/*/%v%v\", myregion, accountId, id, httpMethod, path), nil\n\t\t\t}).(pulumi.StringOutput),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.aws.apigateway.RestApi;\nimport com.pulumi.aws.apigateway.RestApiArgs;\nimport com.pulumi.aws.apigateway.Resource;\nimport com.pulumi.aws.apigateway.ResourceArgs;\nimport com.pulumi.aws.apigateway.Method;\nimport com.pulumi.aws.apigateway.MethodArgs;\nimport com.pulumi.aws.iam.IamFunctions;\nimport com.pulumi.aws.iam.inputs.GetPolicyDocumentArgs;\nimport com.pulumi.aws.iam.Role;\nimport com.pulumi.aws.iam.RoleArgs;\nimport com.pulumi.aws.lambda.Function;\nimport com.pulumi.aws.lambda.FunctionArgs;\nimport com.pulumi.aws.apigateway.Integration;\nimport com.pulumi.aws.apigateway.IntegrationArgs;\nimport com.pulumi.aws.lambda.Permission;\nimport com.pulumi.aws.lambda.PermissionArgs;\nimport com.pulumi.asset.FileArchive;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var config = ctx.config();\n final var myregion = config.get(\"myregion\");\n final var accountId = config.get(\"accountId\");\n // API Gateway\n var api = new RestApi(\"api\", RestApiArgs.builder()\n .name(\"myapi\")\n .build());\n\n var resource = new Resource(\"resource\", ResourceArgs.builder()\n .pathPart(\"resource\")\n .parentId(api.rootResourceId())\n .restApi(api.id())\n .build());\n\n var method = new Method(\"method\", MethodArgs.builder()\n .restApi(api.id())\n .resourceId(resource.id())\n .httpMethod(\"GET\")\n .authorization(\"NONE\")\n .build());\n\n // IAM\n final var assumeRole = IamFunctions.getPolicyDocument(GetPolicyDocumentArgs.builder()\n .statements(GetPolicyDocumentStatementArgs.builder()\n .effect(\"Allow\")\n .principals(GetPolicyDocumentStatementPrincipalArgs.builder()\n .type(\"Service\")\n .identifiers(\"lambda.amazonaws.com\")\n .build())\n .actions(\"sts:AssumeRole\")\n .build())\n .build());\n\n var role = new Role(\"role\", RoleArgs.builder()\n .name(\"myrole\")\n .assumeRolePolicy(assumeRole.applyValue(getPolicyDocumentResult -\u003e getPolicyDocumentResult.json()))\n .build());\n\n var lambda = new Function(\"lambda\", FunctionArgs.builder()\n .code(new FileArchive(\"lambda.zip\"))\n .name(\"mylambda\")\n .role(role.arn())\n .handler(\"lambda.lambda_handler\")\n .runtime(\"python3.12\")\n .sourceCodeHash(StdFunctions.filebase64sha256(Filebase64sha256Args.builder()\n .input(\"lambda.zip\")\n .build()).result())\n .build());\n\n var integration = new Integration(\"integration\", IntegrationArgs.builder()\n .restApi(api.id())\n .resourceId(resource.id())\n .httpMethod(method.httpMethod())\n .integrationHttpMethod(\"POST\")\n .type(\"AWS_PROXY\")\n .uri(lambda.invokeArn())\n .build());\n\n // Lambda\n var apigwLambda = new Permission(\"apigwLambda\", PermissionArgs.builder()\n .statementId(\"AllowExecutionFromAPIGateway\")\n .action(\"lambda:InvokeFunction\")\n .function(lambda.name())\n .principal(\"apigateway.amazonaws.com\")\n .sourceArn(Output.tuple(api.id(), method.httpMethod(), resource.path()).applyValue(values -\u003e {\n var id = values.t1;\n var httpMethod = values.t2;\n var path = values.t3;\n return String.format(\"arn:aws:execute-api:%s:%s:%s/*/%s%s\", myregion,accountId,id,httpMethod,path);\n }))\n .build());\n\n }\n}\n```\n```yaml\nconfiguration:\n # Variables\n myregion:\n type: dynamic\n accountId:\n type: dynamic\nresources:\n # API Gateway\n api:\n type: aws:apigateway:RestApi\n properties:\n name: myapi\n resource:\n type: aws:apigateway:Resource\n properties:\n pathPart: resource\n parentId: ${api.rootResourceId}\n restApi: ${api.id}\n method:\n type: aws:apigateway:Method\n properties:\n restApi: ${api.id}\n resourceId: ${resource.id}\n httpMethod: GET\n authorization: NONE\n integration:\n type: aws:apigateway:Integration\n properties:\n restApi: ${api.id}\n resourceId: ${resource.id}\n httpMethod: ${method.httpMethod}\n integrationHttpMethod: POST\n type: AWS_PROXY\n uri: ${lambda.invokeArn}\n # Lambda\n apigwLambda:\n type: aws:lambda:Permission\n name: apigw_lambda\n properties:\n statementId: AllowExecutionFromAPIGateway\n action: lambda:InvokeFunction\n function: ${lambda.name}\n principal: apigateway.amazonaws.com\n sourceArn: arn:aws:execute-api:${myregion}:${accountId}:${api.id}/*/${method.httpMethod}${resource.path}\n lambda:\n type: aws:lambda:Function\n properties:\n code:\n fn::FileArchive: lambda.zip\n name: mylambda\n role: ${role.arn}\n handler: lambda.lambda_handler\n runtime: python3.12\n sourceCodeHash:\n fn::invoke:\n function: std:filebase64sha256\n arguments:\n input: lambda.zip\n return: result\n role:\n type: aws:iam:Role\n properties:\n name: myrole\n assumeRolePolicy: ${assumeRole.json}\nvariables:\n # IAM\n assumeRole:\n fn::invoke:\n function: aws:iam:getPolicyDocument\n arguments:\n statements:\n - effect: Allow\n principals:\n - type: Service\n identifiers:\n - lambda.amazonaws.com\n actions:\n - sts:AssumeRole\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## VPC Link\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst config = new pulumi.Config();\nconst name = config.requireObject(\"name\");\nconst subnetId = config.requireObject(\"subnetId\");\nconst test = new aws.lb.LoadBalancer(\"test\", {\n name: name,\n internal: true,\n loadBalancerType: \"network\",\n subnets: [subnetId],\n});\nconst testVpcLink = new aws.apigateway.VpcLink(\"test\", {\n name: name,\n targetArn: test.arn,\n});\nconst testRestApi = new aws.apigateway.RestApi(\"test\", {name: name});\nconst testResource = new aws.apigateway.Resource(\"test\", {\n restApi: testRestApi.id,\n parentId: testRestApi.rootResourceId,\n pathPart: \"test\",\n});\nconst testMethod = new aws.apigateway.Method(\"test\", {\n restApi: testRestApi.id,\n resourceId: testResource.id,\n httpMethod: \"GET\",\n authorization: \"NONE\",\n requestModels: {\n \"application/json\": \"Error\",\n },\n});\nconst testIntegration = new aws.apigateway.Integration(\"test\", {\n restApi: testRestApi.id,\n resourceId: testResource.id,\n httpMethod: testMethod.httpMethod,\n requestTemplates: {\n \"application/json\": \"\",\n \"application/xml\": `#set(inputRoot = input.path(''))\n{ }`,\n },\n requestParameters: {\n \"integration.request.header.X-Authorization\": \"'static'\",\n \"integration.request.header.X-Foo\": \"'Bar'\",\n },\n type: \"HTTP\",\n uri: \"https://www.google.de\",\n integrationHttpMethod: \"GET\",\n passthroughBehavior: \"WHEN_NO_MATCH\",\n contentHandling: \"CONVERT_TO_TEXT\",\n connectionType: \"VPC_LINK\",\n connectionId: testVpcLink.id,\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nconfig = pulumi.Config()\nname = config.require_object(\"name\")\nsubnet_id = config.require_object(\"subnetId\")\ntest = aws.lb.LoadBalancer(\"test\",\n name=name,\n internal=True,\n load_balancer_type=\"network\",\n subnets=[subnet_id])\ntest_vpc_link = aws.apigateway.VpcLink(\"test\",\n name=name,\n target_arn=test.arn)\ntest_rest_api = aws.apigateway.RestApi(\"test\", name=name)\ntest_resource = aws.apigateway.Resource(\"test\",\n rest_api=test_rest_api.id,\n parent_id=test_rest_api.root_resource_id,\n path_part=\"test\")\ntest_method = aws.apigateway.Method(\"test\",\n rest_api=test_rest_api.id,\n resource_id=test_resource.id,\n http_method=\"GET\",\n authorization=\"NONE\",\n request_models={\n \"application/json\": \"Error\",\n })\ntest_integration = aws.apigateway.Integration(\"test\",\n rest_api=test_rest_api.id,\n resource_id=test_resource.id,\n http_method=test_method.http_method,\n request_templates={\n \"application/json\": \"\",\n \"application/xml\": \"\"\"#set($inputRoot = $input.path('$'))\n{ }\"\"\",\n },\n request_parameters={\n \"integration.request.header.X-Authorization\": \"'static'\",\n \"integration.request.header.X-Foo\": \"'Bar'\",\n },\n type=\"HTTP\",\n uri=\"https://www.google.de\",\n integration_http_method=\"GET\",\n passthrough_behavior=\"WHEN_NO_MATCH\",\n content_handling=\"CONVERT_TO_TEXT\",\n connection_type=\"VPC_LINK\",\n connection_id=test_vpc_link.id)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var config = new Config();\n var name = config.RequireObject\u003cdynamic\u003e(\"name\");\n var subnetId = config.RequireObject\u003cdynamic\u003e(\"subnetId\");\n var test = new Aws.LB.LoadBalancer(\"test\", new()\n {\n Name = name,\n Internal = true,\n LoadBalancerType = \"network\",\n Subnets = new[]\n {\n subnetId,\n },\n });\n\n var testVpcLink = new Aws.ApiGateway.VpcLink(\"test\", new()\n {\n Name = name,\n TargetArn = test.Arn,\n });\n\n var testRestApi = new Aws.ApiGateway.RestApi(\"test\", new()\n {\n Name = name,\n });\n\n var testResource = new Aws.ApiGateway.Resource(\"test\", new()\n {\n RestApi = testRestApi.Id,\n ParentId = testRestApi.RootResourceId,\n PathPart = \"test\",\n });\n\n var testMethod = new Aws.ApiGateway.Method(\"test\", new()\n {\n RestApi = testRestApi.Id,\n ResourceId = testResource.Id,\n HttpMethod = \"GET\",\n Authorization = \"NONE\",\n RequestModels = \n {\n { \"application/json\", \"Error\" },\n },\n });\n\n var testIntegration = new Aws.ApiGateway.Integration(\"test\", new()\n {\n RestApi = testRestApi.Id,\n ResourceId = testResource.Id,\n HttpMethod = testMethod.HttpMethod,\n RequestTemplates = \n {\n { \"application/json\", \"\" },\n { \"application/xml\", @\"#set($inputRoot = $input.path('$'))\n{ }\" },\n },\n RequestParameters = \n {\n { \"integration.request.header.X-Authorization\", \"'static'\" },\n { \"integration.request.header.X-Foo\", \"'Bar'\" },\n },\n Type = \"HTTP\",\n Uri = \"https://www.google.de\",\n IntegrationHttpMethod = \"GET\",\n PassthroughBehavior = \"WHEN_NO_MATCH\",\n ContentHandling = \"CONVERT_TO_TEXT\",\n ConnectionType = \"VPC_LINK\",\n ConnectionId = testVpcLink.Id,\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/apigateway\"\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/lb\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi/config\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tcfg := config.New(ctx, \"\")\n\t\tname := cfg.RequireObject(\"name\")\n\t\tsubnetId := cfg.RequireObject(\"subnetId\")\n\t\ttest, err := lb.NewLoadBalancer(ctx, \"test\", \u0026lb.LoadBalancerArgs{\n\t\t\tName: pulumi.Any(name),\n\t\t\tInternal: pulumi.Bool(true),\n\t\t\tLoadBalancerType: pulumi.String(\"network\"),\n\t\t\tSubnets: pulumi.StringArray{\n\t\t\t\tsubnetId,\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\ttestVpcLink, err := apigateway.NewVpcLink(ctx, \"test\", \u0026apigateway.VpcLinkArgs{\n\t\t\tName: pulumi.Any(name),\n\t\t\tTargetArn: test.Arn,\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\ttestRestApi, err := apigateway.NewRestApi(ctx, \"test\", \u0026apigateway.RestApiArgs{\n\t\t\tName: pulumi.Any(name),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\ttestResource, err := apigateway.NewResource(ctx, \"test\", \u0026apigateway.ResourceArgs{\n\t\t\tRestApi: testRestApi.ID(),\n\t\t\tParentId: testRestApi.RootResourceId,\n\t\t\tPathPart: pulumi.String(\"test\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\ttestMethod, err := apigateway.NewMethod(ctx, \"test\", \u0026apigateway.MethodArgs{\n\t\t\tRestApi: testRestApi.ID(),\n\t\t\tResourceId: testResource.ID(),\n\t\t\tHttpMethod: pulumi.String(\"GET\"),\n\t\t\tAuthorization: pulumi.String(\"NONE\"),\n\t\t\tRequestModels: pulumi.StringMap{\n\t\t\t\t\"application/json\": pulumi.String(\"Error\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = apigateway.NewIntegration(ctx, \"test\", \u0026apigateway.IntegrationArgs{\n\t\t\tRestApi: testRestApi.ID(),\n\t\t\tResourceId: testResource.ID(),\n\t\t\tHttpMethod: testMethod.HttpMethod,\n\t\t\tRequestTemplates: pulumi.StringMap{\n\t\t\t\t\"application/json\": pulumi.String(\"\"),\n\t\t\t\t\"application/xml\": pulumi.String(\"#set($inputRoot = $input.path('$'))\\n{ }\"),\n\t\t\t},\n\t\t\tRequestParameters: pulumi.StringMap{\n\t\t\t\t\"integration.request.header.X-Authorization\": pulumi.String(\"'static'\"),\n\t\t\t\t\"integration.request.header.X-Foo\": pulumi.String(\"'Bar'\"),\n\t\t\t},\n\t\t\tType: pulumi.String(\"HTTP\"),\n\t\t\tUri: pulumi.String(\"https://www.google.de\"),\n\t\t\tIntegrationHttpMethod: pulumi.String(\"GET\"),\n\t\t\tPassthroughBehavior: pulumi.String(\"WHEN_NO_MATCH\"),\n\t\t\tContentHandling: pulumi.String(\"CONVERT_TO_TEXT\"),\n\t\t\tConnectionType: pulumi.String(\"VPC_LINK\"),\n\t\t\tConnectionId: testVpcLink.ID(),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.aws.lb.LoadBalancer;\nimport com.pulumi.aws.lb.LoadBalancerArgs;\nimport com.pulumi.aws.apigateway.VpcLink;\nimport com.pulumi.aws.apigateway.VpcLinkArgs;\nimport com.pulumi.aws.apigateway.RestApi;\nimport com.pulumi.aws.apigateway.RestApiArgs;\nimport com.pulumi.aws.apigateway.Resource;\nimport com.pulumi.aws.apigateway.ResourceArgs;\nimport com.pulumi.aws.apigateway.Method;\nimport com.pulumi.aws.apigateway.MethodArgs;\nimport com.pulumi.aws.apigateway.Integration;\nimport com.pulumi.aws.apigateway.IntegrationArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var config = ctx.config();\n final var name = config.get(\"name\");\n final var subnetId = config.get(\"subnetId\");\n var test = new LoadBalancer(\"test\", LoadBalancerArgs.builder()\n .name(name)\n .internal(true)\n .loadBalancerType(\"network\")\n .subnets(subnetId)\n .build());\n\n var testVpcLink = new VpcLink(\"testVpcLink\", VpcLinkArgs.builder()\n .name(name)\n .targetArn(test.arn())\n .build());\n\n var testRestApi = new RestApi(\"testRestApi\", RestApiArgs.builder()\n .name(name)\n .build());\n\n var testResource = new Resource(\"testResource\", ResourceArgs.builder()\n .restApi(testRestApi.id())\n .parentId(testRestApi.rootResourceId())\n .pathPart(\"test\")\n .build());\n\n var testMethod = new Method(\"testMethod\", MethodArgs.builder()\n .restApi(testRestApi.id())\n .resourceId(testResource.id())\n .httpMethod(\"GET\")\n .authorization(\"NONE\")\n .requestModels(Map.of(\"application/json\", \"Error\"))\n .build());\n\n var testIntegration = new Integration(\"testIntegration\", IntegrationArgs.builder()\n .restApi(testRestApi.id())\n .resourceId(testResource.id())\n .httpMethod(testMethod.httpMethod())\n .requestTemplates(Map.ofEntries(\n Map.entry(\"application/json\", \"\"),\n Map.entry(\"application/xml\", \"\"\"\n#set($inputRoot = $input.path('$'))\n{ } \"\"\")\n ))\n .requestParameters(Map.ofEntries(\n Map.entry(\"integration.request.header.X-Authorization\", \"'static'\"),\n Map.entry(\"integration.request.header.X-Foo\", \"'Bar'\")\n ))\n .type(\"HTTP\")\n .uri(\"https://www.google.de\")\n .integrationHttpMethod(\"GET\")\n .passthroughBehavior(\"WHEN_NO_MATCH\")\n .contentHandling(\"CONVERT_TO_TEXT\")\n .connectionType(\"VPC_LINK\")\n .connectionId(testVpcLink.id())\n .build());\n\n }\n}\n```\n```yaml\nconfiguration:\n name:\n type: dynamic\n subnetId:\n type: dynamic\nresources:\n test:\n type: aws:lb:LoadBalancer\n properties:\n name: ${name}\n internal: true\n loadBalancerType: network\n subnets:\n - ${subnetId}\n testVpcLink:\n type: aws:apigateway:VpcLink\n name: test\n properties:\n name: ${name}\n targetArn: ${test.arn}\n testRestApi:\n type: aws:apigateway:RestApi\n name: test\n properties:\n name: ${name}\n testResource:\n type: aws:apigateway:Resource\n name: test\n properties:\n restApi: ${testRestApi.id}\n parentId: ${testRestApi.rootResourceId}\n pathPart: test\n testMethod:\n type: aws:apigateway:Method\n name: test\n properties:\n restApi: ${testRestApi.id}\n resourceId: ${testResource.id}\n httpMethod: GET\n authorization: NONE\n requestModels:\n application/json: Error\n testIntegration:\n type: aws:apigateway:Integration\n name: test\n properties:\n restApi: ${testRestApi.id}\n resourceId: ${testResource.id}\n httpMethod: ${testMethod.httpMethod}\n requestTemplates:\n application/json: \"\"\n application/xml: |-\n #set($inputRoot = $input.path('$'))\n { }\n requestParameters:\n integration.request.header.X-Authorization: '''static'''\n integration.request.header.X-Foo: '''Bar'''\n type: HTTP\n uri: https://www.google.de\n integrationHttpMethod: GET\n passthroughBehavior: WHEN_NO_MATCH\n contentHandling: CONVERT_TO_TEXT\n connectionType: VPC_LINK\n connectionId: ${testVpcLink.id}\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nUsing `pulumi import`, import `aws_api_gateway_integration` using `REST-API-ID/RESOURCE-ID/HTTP-METHOD`. For example:\n\n```sh\n$ pulumi import aws:apigateway/integration:Integration example 12345abcde/67890fghij/GET\n```\n", + "properties": { + "cacheKeyParameters": { + "type": "array", + "items": { + "type": "string" + }, + "description": "List of cache key parameters for the integration.\n" + }, + "cacheNamespace": { + "type": "string", + "description": "Integration's cache namespace.\n" + }, + "connectionId": { + "type": "string", + "description": "ID of the VpcLink used for the integration. **Required** if `connection_type` is `VPC_LINK`\n" + }, + "connectionType": { + "type": "string", + "description": "Integration input's [connectionType](https://docs.aws.amazon.com/apigateway/api-reference/resource/integration/#connectionType). Valid values are `INTERNET` (default for connections through the public routable internet), and `VPC_LINK` (for private connections between API Gateway and a network load balancer in a VPC).\n" + }, + "contentHandling": { + "type": "string", + "description": "How to handle request payload content type conversions. Supported values are `CONVERT_TO_BINARY` and `CONVERT_TO_TEXT`. If this property is not defined, the request payload will be passed through from the method request to integration request without modification, provided that the passthroughBehaviors is configured to support payload pass-through.\n" + }, + "credentials": { + "type": "string", + "description": "Credentials required for the integration. For `AWS` integrations, 2 options are available. To specify an IAM Role for Amazon API Gateway to assume, use the role's ARN. To require that the caller's identity be passed through from the request, specify the string `arn:aws:iam::\\*:user/\\*`.\n" + }, + "httpMethod": { + "type": "string", + "description": "HTTP method (`GET`, `POST`, `PUT`, `DELETE`, `HEAD`, `OPTION`, `ANY`)\nwhen calling the associated resource.\n" + }, + "integrationHttpMethod": { + "type": "string", + "description": "Integration HTTP method\n(`GET`, `POST`, `PUT`, `DELETE`, `HEAD`, `OPTIONs`, `ANY`, `PATCH`) specifying how API Gateway will interact with the back end.\n**Required** if `type` is `AWS`, `AWS_PROXY`, `HTTP` or `HTTP_PROXY`.\nNot all methods are compatible with all `AWS` integrations.\ne.g., Lambda function [can only be invoked](https://github.com/awslabs/aws-apigateway-importer/issues/9#issuecomment-129651005) via `POST`.\n" + }, + "passthroughBehavior": { + "type": "string", + "description": "Integration passthrough behavior (`WHEN_NO_MATCH`, `WHEN_NO_TEMPLATES`, `NEVER`). **Required** if `request_templates` is used.\n" + }, + "requestParameters": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "Map of request query string parameters and headers that should be passed to the backend responder.\nFor example: `request_parameters = { \"integration.request.header.X-Some-Other-Header\" = \"method.request.header.X-Some-Header\" }`\n" + }, + "requestTemplates": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "Map of the integration's request templates.\n" + }, + "resourceId": { + "type": "string", + "description": "API resource ID.\n" + }, + "restApi": { + "type": "string", + "description": "ID of the associated REST API.\n" + }, + "timeoutMilliseconds": { + "type": "integer", + "description": "Custom timeout between 50 and 300,000 milliseconds. The default value is 29,000 milliseconds. You need to raise a [Service Quota Ticket](https://docs.aws.amazon.com/general/latest/gr/aws_service_limits.html) to increase time beyond 29,000 milliseconds.\n" + }, + "tlsConfig": { + "$ref": "#/types/aws:apigateway/IntegrationTlsConfig:IntegrationTlsConfig", + "description": "TLS configuration. See below.\n" + }, + "type": { + "type": "string", + "description": "Integration input's [type](https://docs.aws.amazon.com/apigateway/api-reference/resource/integration/). Valid values are `HTTP` (for HTTP backends), `MOCK` (not calling any real backend), `AWS` (for AWS services), `AWS_PROXY` (for Lambda proxy integration) and `HTTP_PROXY` (for HTTP proxy integration). An `HTTP` or `HTTP_PROXY` integration with a `connection_type` of `VPC_LINK` is referred to as a private integration and uses a VpcLink to connect API Gateway to a network load balancer of a VPC.\n" + }, + "uri": { + "type": "string", + "description": "Input's URI. **Required** if `type` is `AWS`, `AWS_PROXY`, `HTTP` or `HTTP_PROXY`.\nFor HTTP integrations, the URI must be a fully formed, encoded HTTP(S) URL according to the RFC-3986 specification . For AWS integrations, the URI should be of the form `arn:aws:apigateway:{region}:{subdomain.service|service}:{path|action}/{service_api}`. `region`, `subdomain` and `service` are used to determine the right endpoint.\ne.g., `arn:aws:apigateway:eu-west-1:lambda:path/2015-03-31/functions/arn:aws:lambda:eu-west-1:123456789012:function:my-func/invocations`. For private integrations, the URI parameter is not used for routing requests to your endpoint, but is used for setting the Host header and for certificate validation.\n" + } + }, + "required": [ + "cacheNamespace", + "httpMethod", + "passthroughBehavior", + "resourceId", + "restApi", + "type" + ], + "inputProperties": { "cacheKeyParameters": { "type": "array", "items": { @@ -186755,7 +187050,7 @@ } }, "aws:appstream/stack:Stack": { - "description": "Provides an AppStream stack.\n\n## Example Usage\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst example = new aws.appstream.Stack(\"example\", {\n name: \"stack name\",\n description: \"stack description\",\n displayName: \"stack display name\",\n feedbackUrl: \"http://your-domain/feedback\",\n redirectUrl: \"http://your-domain/redirect\",\n storageConnectors: [{\n connectorType: \"HOMEFOLDERS\",\n }],\n userSettings: [\n {\n action: \"CLIPBOARD_COPY_FROM_LOCAL_DEVICE\",\n permission: \"ENABLED\",\n },\n {\n action: \"CLIPBOARD_COPY_TO_LOCAL_DEVICE\",\n permission: \"ENABLED\",\n },\n {\n action: \"DOMAIN_PASSWORD_SIGNIN\",\n permission: \"ENABLED\",\n },\n {\n action: \"DOMAIN_SMART_CARD_SIGNIN\",\n permission: \"DISABLED\",\n },\n {\n action: \"FILE_DOWNLOAD\",\n permission: \"ENABLED\",\n },\n {\n action: \"FILE_UPLOAD\",\n permission: \"ENABLED\",\n },\n {\n action: \"PRINTING_TO_LOCAL_DEVICE\",\n permission: \"ENABLED\",\n },\n ],\n applicationSettings: {\n enabled: true,\n settingsGroup: \"SettingsGroup\",\n },\n tags: {\n TagName: \"TagValue\",\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nexample = aws.appstream.Stack(\"example\",\n name=\"stack name\",\n description=\"stack description\",\n display_name=\"stack display name\",\n feedback_url=\"http://your-domain/feedback\",\n redirect_url=\"http://your-domain/redirect\",\n storage_connectors=[{\n \"connector_type\": \"HOMEFOLDERS\",\n }],\n user_settings=[\n {\n \"action\": \"CLIPBOARD_COPY_FROM_LOCAL_DEVICE\",\n \"permission\": \"ENABLED\",\n },\n {\n \"action\": \"CLIPBOARD_COPY_TO_LOCAL_DEVICE\",\n \"permission\": \"ENABLED\",\n },\n {\n \"action\": \"DOMAIN_PASSWORD_SIGNIN\",\n \"permission\": \"ENABLED\",\n },\n {\n \"action\": \"DOMAIN_SMART_CARD_SIGNIN\",\n \"permission\": \"DISABLED\",\n },\n {\n \"action\": \"FILE_DOWNLOAD\",\n \"permission\": \"ENABLED\",\n },\n {\n \"action\": \"FILE_UPLOAD\",\n \"permission\": \"ENABLED\",\n },\n {\n \"action\": \"PRINTING_TO_LOCAL_DEVICE\",\n \"permission\": \"ENABLED\",\n },\n ],\n application_settings={\n \"enabled\": True,\n \"settings_group\": \"SettingsGroup\",\n },\n tags={\n \"TagName\": \"TagValue\",\n })\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var example = new Aws.AppStream.Stack(\"example\", new()\n {\n Name = \"stack name\",\n Description = \"stack description\",\n DisplayName = \"stack display name\",\n FeedbackUrl = \"http://your-domain/feedback\",\n RedirectUrl = \"http://your-domain/redirect\",\n StorageConnectors = new[]\n {\n new Aws.AppStream.Inputs.StackStorageConnectorArgs\n {\n ConnectorType = \"HOMEFOLDERS\",\n },\n },\n UserSettings = new[]\n {\n new Aws.AppStream.Inputs.StackUserSettingArgs\n {\n Action = \"CLIPBOARD_COPY_FROM_LOCAL_DEVICE\",\n Permission = \"ENABLED\",\n },\n new Aws.AppStream.Inputs.StackUserSettingArgs\n {\n Action = \"CLIPBOARD_COPY_TO_LOCAL_DEVICE\",\n Permission = \"ENABLED\",\n },\n new Aws.AppStream.Inputs.StackUserSettingArgs\n {\n Action = \"DOMAIN_PASSWORD_SIGNIN\",\n Permission = \"ENABLED\",\n },\n new Aws.AppStream.Inputs.StackUserSettingArgs\n {\n Action = \"DOMAIN_SMART_CARD_SIGNIN\",\n Permission = \"DISABLED\",\n },\n new Aws.AppStream.Inputs.StackUserSettingArgs\n {\n Action = \"FILE_DOWNLOAD\",\n Permission = \"ENABLED\",\n },\n new Aws.AppStream.Inputs.StackUserSettingArgs\n {\n Action = \"FILE_UPLOAD\",\n Permission = \"ENABLED\",\n },\n new Aws.AppStream.Inputs.StackUserSettingArgs\n {\n Action = \"PRINTING_TO_LOCAL_DEVICE\",\n Permission = \"ENABLED\",\n },\n },\n ApplicationSettings = new Aws.AppStream.Inputs.StackApplicationSettingsArgs\n {\n Enabled = true,\n SettingsGroup = \"SettingsGroup\",\n },\n Tags = \n {\n { \"TagName\", \"TagValue\" },\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/appstream\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := appstream.NewStack(ctx, \"example\", \u0026appstream.StackArgs{\n\t\t\tName: pulumi.String(\"stack name\"),\n\t\t\tDescription: pulumi.String(\"stack description\"),\n\t\t\tDisplayName: pulumi.String(\"stack display name\"),\n\t\t\tFeedbackUrl: pulumi.String(\"http://your-domain/feedback\"),\n\t\t\tRedirectUrl: pulumi.String(\"http://your-domain/redirect\"),\n\t\t\tStorageConnectors: appstream.StackStorageConnectorArray{\n\t\t\t\t\u0026appstream.StackStorageConnectorArgs{\n\t\t\t\t\tConnectorType: pulumi.String(\"HOMEFOLDERS\"),\n\t\t\t\t},\n\t\t\t},\n\t\t\tUserSettings: appstream.StackUserSettingArray{\n\t\t\t\t\u0026appstream.StackUserSettingArgs{\n\t\t\t\t\tAction: pulumi.String(\"CLIPBOARD_COPY_FROM_LOCAL_DEVICE\"),\n\t\t\t\t\tPermission: pulumi.String(\"ENABLED\"),\n\t\t\t\t},\n\t\t\t\t\u0026appstream.StackUserSettingArgs{\n\t\t\t\t\tAction: pulumi.String(\"CLIPBOARD_COPY_TO_LOCAL_DEVICE\"),\n\t\t\t\t\tPermission: pulumi.String(\"ENABLED\"),\n\t\t\t\t},\n\t\t\t\t\u0026appstream.StackUserSettingArgs{\n\t\t\t\t\tAction: pulumi.String(\"DOMAIN_PASSWORD_SIGNIN\"),\n\t\t\t\t\tPermission: pulumi.String(\"ENABLED\"),\n\t\t\t\t},\n\t\t\t\t\u0026appstream.StackUserSettingArgs{\n\t\t\t\t\tAction: pulumi.String(\"DOMAIN_SMART_CARD_SIGNIN\"),\n\t\t\t\t\tPermission: pulumi.String(\"DISABLED\"),\n\t\t\t\t},\n\t\t\t\t\u0026appstream.StackUserSettingArgs{\n\t\t\t\t\tAction: pulumi.String(\"FILE_DOWNLOAD\"),\n\t\t\t\t\tPermission: pulumi.String(\"ENABLED\"),\n\t\t\t\t},\n\t\t\t\t\u0026appstream.StackUserSettingArgs{\n\t\t\t\t\tAction: pulumi.String(\"FILE_UPLOAD\"),\n\t\t\t\t\tPermission: pulumi.String(\"ENABLED\"),\n\t\t\t\t},\n\t\t\t\t\u0026appstream.StackUserSettingArgs{\n\t\t\t\t\tAction: pulumi.String(\"PRINTING_TO_LOCAL_DEVICE\"),\n\t\t\t\t\tPermission: pulumi.String(\"ENABLED\"),\n\t\t\t\t},\n\t\t\t},\n\t\t\tApplicationSettings: \u0026appstream.StackApplicationSettingsArgs{\n\t\t\t\tEnabled: pulumi.Bool(true),\n\t\t\t\tSettingsGroup: pulumi.String(\"SettingsGroup\"),\n\t\t\t},\n\t\t\tTags: pulumi.StringMap{\n\t\t\t\t\"TagName\": pulumi.String(\"TagValue\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.aws.appstream.Stack;\nimport com.pulumi.aws.appstream.StackArgs;\nimport com.pulumi.aws.appstream.inputs.StackStorageConnectorArgs;\nimport com.pulumi.aws.appstream.inputs.StackUserSettingArgs;\nimport com.pulumi.aws.appstream.inputs.StackApplicationSettingsArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var example = new Stack(\"example\", StackArgs.builder()\n .name(\"stack name\")\n .description(\"stack description\")\n .displayName(\"stack display name\")\n .feedbackUrl(\"http://your-domain/feedback\")\n .redirectUrl(\"http://your-domain/redirect\")\n .storageConnectors(StackStorageConnectorArgs.builder()\n .connectorType(\"HOMEFOLDERS\")\n .build())\n .userSettings( \n StackUserSettingArgs.builder()\n .action(\"CLIPBOARD_COPY_FROM_LOCAL_DEVICE\")\n .permission(\"ENABLED\")\n .build(),\n StackUserSettingArgs.builder()\n .action(\"CLIPBOARD_COPY_TO_LOCAL_DEVICE\")\n .permission(\"ENABLED\")\n .build(),\n StackUserSettingArgs.builder()\n .action(\"DOMAIN_PASSWORD_SIGNIN\")\n .permission(\"ENABLED\")\n .build(),\n StackUserSettingArgs.builder()\n .action(\"DOMAIN_SMART_CARD_SIGNIN\")\n .permission(\"DISABLED\")\n .build(),\n StackUserSettingArgs.builder()\n .action(\"FILE_DOWNLOAD\")\n .permission(\"ENABLED\")\n .build(),\n StackUserSettingArgs.builder()\n .action(\"FILE_UPLOAD\")\n .permission(\"ENABLED\")\n .build(),\n StackUserSettingArgs.builder()\n .action(\"PRINTING_TO_LOCAL_DEVICE\")\n .permission(\"ENABLED\")\n .build())\n .applicationSettings(StackApplicationSettingsArgs.builder()\n .enabled(true)\n .settingsGroup(\"SettingsGroup\")\n .build())\n .tags(Map.of(\"TagName\", \"TagValue\"))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n example:\n type: aws:appstream:Stack\n properties:\n name: stack name\n description: stack description\n displayName: stack display name\n feedbackUrl: http://your-domain/feedback\n redirectUrl: http://your-domain/redirect\n storageConnectors:\n - connectorType: HOMEFOLDERS\n userSettings:\n - action: CLIPBOARD_COPY_FROM_LOCAL_DEVICE\n permission: ENABLED\n - action: CLIPBOARD_COPY_TO_LOCAL_DEVICE\n permission: ENABLED\n - action: DOMAIN_PASSWORD_SIGNIN\n permission: ENABLED\n - action: DOMAIN_SMART_CARD_SIGNIN\n permission: DISABLED\n - action: FILE_DOWNLOAD\n permission: ENABLED\n - action: FILE_UPLOAD\n permission: ENABLED\n - action: PRINTING_TO_LOCAL_DEVICE\n permission: ENABLED\n applicationSettings:\n enabled: true\n settingsGroup: SettingsGroup\n tags:\n TagName: TagValue\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nUsing `pulumi import`, import `aws_appstream_stack` using the id. For example:\n\n```sh\n$ pulumi import aws:appstream/stack:Stack example stackID\n```\n", + "description": "Provides an AppStream stack.\n\n## Example Usage\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst example = new aws.appstream.Stack(\"example\", {\n name: \"stack name\",\n description: \"stack description\",\n displayName: \"stack display name\",\n feedbackUrl: \"http://your-domain/feedback\",\n redirectUrl: \"http://your-domain/redirect\",\n storageConnectors: [{\n connectorType: \"HOMEFOLDERS\",\n }],\n userSettings: [\n {\n action: \"AUTO_TIME_ZONE_REDIRECTION\",\n permission: \"DISABLED\",\n },\n {\n action: \"CLIPBOARD_COPY_FROM_LOCAL_DEVICE\",\n permission: \"ENABLED\",\n },\n {\n action: \"CLIPBOARD_COPY_TO_LOCAL_DEVICE\",\n permission: \"ENABLED\",\n },\n {\n action: \"DOMAIN_PASSWORD_SIGNIN\",\n permission: \"ENABLED\",\n },\n {\n action: \"DOMAIN_SMART_CARD_SIGNIN\",\n permission: \"DISABLED\",\n },\n {\n action: \"FILE_DOWNLOAD\",\n permission: \"ENABLED\",\n },\n {\n action: \"FILE_UPLOAD\",\n permission: \"ENABLED\",\n },\n {\n action: \"PRINTING_TO_LOCAL_DEVICE\",\n permission: \"ENABLED\",\n },\n ],\n applicationSettings: {\n enabled: true,\n settingsGroup: \"SettingsGroup\",\n },\n tags: {\n TagName: \"TagValue\",\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nexample = aws.appstream.Stack(\"example\",\n name=\"stack name\",\n description=\"stack description\",\n display_name=\"stack display name\",\n feedback_url=\"http://your-domain/feedback\",\n redirect_url=\"http://your-domain/redirect\",\n storage_connectors=[{\n \"connector_type\": \"HOMEFOLDERS\",\n }],\n user_settings=[\n {\n \"action\": \"AUTO_TIME_ZONE_REDIRECTION\",\n \"permission\": \"DISABLED\",\n },\n {\n \"action\": \"CLIPBOARD_COPY_FROM_LOCAL_DEVICE\",\n \"permission\": \"ENABLED\",\n },\n {\n \"action\": \"CLIPBOARD_COPY_TO_LOCAL_DEVICE\",\n \"permission\": \"ENABLED\",\n },\n {\n \"action\": \"DOMAIN_PASSWORD_SIGNIN\",\n \"permission\": \"ENABLED\",\n },\n {\n \"action\": \"DOMAIN_SMART_CARD_SIGNIN\",\n \"permission\": \"DISABLED\",\n },\n {\n \"action\": \"FILE_DOWNLOAD\",\n \"permission\": \"ENABLED\",\n },\n {\n \"action\": \"FILE_UPLOAD\",\n \"permission\": \"ENABLED\",\n },\n {\n \"action\": \"PRINTING_TO_LOCAL_DEVICE\",\n \"permission\": \"ENABLED\",\n },\n ],\n application_settings={\n \"enabled\": True,\n \"settings_group\": \"SettingsGroup\",\n },\n tags={\n \"TagName\": \"TagValue\",\n })\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var example = new Aws.AppStream.Stack(\"example\", new()\n {\n Name = \"stack name\",\n Description = \"stack description\",\n DisplayName = \"stack display name\",\n FeedbackUrl = \"http://your-domain/feedback\",\n RedirectUrl = \"http://your-domain/redirect\",\n StorageConnectors = new[]\n {\n new Aws.AppStream.Inputs.StackStorageConnectorArgs\n {\n ConnectorType = \"HOMEFOLDERS\",\n },\n },\n UserSettings = new[]\n {\n new Aws.AppStream.Inputs.StackUserSettingArgs\n {\n Action = \"AUTO_TIME_ZONE_REDIRECTION\",\n Permission = \"DISABLED\",\n },\n new Aws.AppStream.Inputs.StackUserSettingArgs\n {\n Action = \"CLIPBOARD_COPY_FROM_LOCAL_DEVICE\",\n Permission = \"ENABLED\",\n },\n new Aws.AppStream.Inputs.StackUserSettingArgs\n {\n Action = \"CLIPBOARD_COPY_TO_LOCAL_DEVICE\",\n Permission = \"ENABLED\",\n },\n new Aws.AppStream.Inputs.StackUserSettingArgs\n {\n Action = \"DOMAIN_PASSWORD_SIGNIN\",\n Permission = \"ENABLED\",\n },\n new Aws.AppStream.Inputs.StackUserSettingArgs\n {\n Action = \"DOMAIN_SMART_CARD_SIGNIN\",\n Permission = \"DISABLED\",\n },\n new Aws.AppStream.Inputs.StackUserSettingArgs\n {\n Action = \"FILE_DOWNLOAD\",\n Permission = \"ENABLED\",\n },\n new Aws.AppStream.Inputs.StackUserSettingArgs\n {\n Action = \"FILE_UPLOAD\",\n Permission = \"ENABLED\",\n },\n new Aws.AppStream.Inputs.StackUserSettingArgs\n {\n Action = \"PRINTING_TO_LOCAL_DEVICE\",\n Permission = \"ENABLED\",\n },\n },\n ApplicationSettings = new Aws.AppStream.Inputs.StackApplicationSettingsArgs\n {\n Enabled = true,\n SettingsGroup = \"SettingsGroup\",\n },\n Tags = \n {\n { \"TagName\", \"TagValue\" },\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/appstream\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := appstream.NewStack(ctx, \"example\", \u0026appstream.StackArgs{\n\t\t\tName: pulumi.String(\"stack name\"),\n\t\t\tDescription: pulumi.String(\"stack description\"),\n\t\t\tDisplayName: pulumi.String(\"stack display name\"),\n\t\t\tFeedbackUrl: pulumi.String(\"http://your-domain/feedback\"),\n\t\t\tRedirectUrl: pulumi.String(\"http://your-domain/redirect\"),\n\t\t\tStorageConnectors: appstream.StackStorageConnectorArray{\n\t\t\t\t\u0026appstream.StackStorageConnectorArgs{\n\t\t\t\t\tConnectorType: pulumi.String(\"HOMEFOLDERS\"),\n\t\t\t\t},\n\t\t\t},\n\t\t\tUserSettings: appstream.StackUserSettingArray{\n\t\t\t\t\u0026appstream.StackUserSettingArgs{\n\t\t\t\t\tAction: pulumi.String(\"AUTO_TIME_ZONE_REDIRECTION\"),\n\t\t\t\t\tPermission: pulumi.String(\"DISABLED\"),\n\t\t\t\t},\n\t\t\t\t\u0026appstream.StackUserSettingArgs{\n\t\t\t\t\tAction: pulumi.String(\"CLIPBOARD_COPY_FROM_LOCAL_DEVICE\"),\n\t\t\t\t\tPermission: pulumi.String(\"ENABLED\"),\n\t\t\t\t},\n\t\t\t\t\u0026appstream.StackUserSettingArgs{\n\t\t\t\t\tAction: pulumi.String(\"CLIPBOARD_COPY_TO_LOCAL_DEVICE\"),\n\t\t\t\t\tPermission: pulumi.String(\"ENABLED\"),\n\t\t\t\t},\n\t\t\t\t\u0026appstream.StackUserSettingArgs{\n\t\t\t\t\tAction: pulumi.String(\"DOMAIN_PASSWORD_SIGNIN\"),\n\t\t\t\t\tPermission: pulumi.String(\"ENABLED\"),\n\t\t\t\t},\n\t\t\t\t\u0026appstream.StackUserSettingArgs{\n\t\t\t\t\tAction: pulumi.String(\"DOMAIN_SMART_CARD_SIGNIN\"),\n\t\t\t\t\tPermission: pulumi.String(\"DISABLED\"),\n\t\t\t\t},\n\t\t\t\t\u0026appstream.StackUserSettingArgs{\n\t\t\t\t\tAction: pulumi.String(\"FILE_DOWNLOAD\"),\n\t\t\t\t\tPermission: pulumi.String(\"ENABLED\"),\n\t\t\t\t},\n\t\t\t\t\u0026appstream.StackUserSettingArgs{\n\t\t\t\t\tAction: pulumi.String(\"FILE_UPLOAD\"),\n\t\t\t\t\tPermission: pulumi.String(\"ENABLED\"),\n\t\t\t\t},\n\t\t\t\t\u0026appstream.StackUserSettingArgs{\n\t\t\t\t\tAction: pulumi.String(\"PRINTING_TO_LOCAL_DEVICE\"),\n\t\t\t\t\tPermission: pulumi.String(\"ENABLED\"),\n\t\t\t\t},\n\t\t\t},\n\t\t\tApplicationSettings: \u0026appstream.StackApplicationSettingsArgs{\n\t\t\t\tEnabled: pulumi.Bool(true),\n\t\t\t\tSettingsGroup: pulumi.String(\"SettingsGroup\"),\n\t\t\t},\n\t\t\tTags: pulumi.StringMap{\n\t\t\t\t\"TagName\": pulumi.String(\"TagValue\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.aws.appstream.Stack;\nimport com.pulumi.aws.appstream.StackArgs;\nimport com.pulumi.aws.appstream.inputs.StackStorageConnectorArgs;\nimport com.pulumi.aws.appstream.inputs.StackUserSettingArgs;\nimport com.pulumi.aws.appstream.inputs.StackApplicationSettingsArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var example = new Stack(\"example\", StackArgs.builder()\n .name(\"stack name\")\n .description(\"stack description\")\n .displayName(\"stack display name\")\n .feedbackUrl(\"http://your-domain/feedback\")\n .redirectUrl(\"http://your-domain/redirect\")\n .storageConnectors(StackStorageConnectorArgs.builder()\n .connectorType(\"HOMEFOLDERS\")\n .build())\n .userSettings( \n StackUserSettingArgs.builder()\n .action(\"AUTO_TIME_ZONE_REDIRECTION\")\n .permission(\"DISABLED\")\n .build(),\n StackUserSettingArgs.builder()\n .action(\"CLIPBOARD_COPY_FROM_LOCAL_DEVICE\")\n .permission(\"ENABLED\")\n .build(),\n StackUserSettingArgs.builder()\n .action(\"CLIPBOARD_COPY_TO_LOCAL_DEVICE\")\n .permission(\"ENABLED\")\n .build(),\n StackUserSettingArgs.builder()\n .action(\"DOMAIN_PASSWORD_SIGNIN\")\n .permission(\"ENABLED\")\n .build(),\n StackUserSettingArgs.builder()\n .action(\"DOMAIN_SMART_CARD_SIGNIN\")\n .permission(\"DISABLED\")\n .build(),\n StackUserSettingArgs.builder()\n .action(\"FILE_DOWNLOAD\")\n .permission(\"ENABLED\")\n .build(),\n StackUserSettingArgs.builder()\n .action(\"FILE_UPLOAD\")\n .permission(\"ENABLED\")\n .build(),\n StackUserSettingArgs.builder()\n .action(\"PRINTING_TO_LOCAL_DEVICE\")\n .permission(\"ENABLED\")\n .build())\n .applicationSettings(StackApplicationSettingsArgs.builder()\n .enabled(true)\n .settingsGroup(\"SettingsGroup\")\n .build())\n .tags(Map.of(\"TagName\", \"TagValue\"))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n example:\n type: aws:appstream:Stack\n properties:\n name: stack name\n description: stack description\n displayName: stack display name\n feedbackUrl: http://your-domain/feedback\n redirectUrl: http://your-domain/redirect\n storageConnectors:\n - connectorType: HOMEFOLDERS\n userSettings:\n - action: AUTO_TIME_ZONE_REDIRECTION\n permission: DISABLED\n - action: CLIPBOARD_COPY_FROM_LOCAL_DEVICE\n permission: ENABLED\n - action: CLIPBOARD_COPY_TO_LOCAL_DEVICE\n permission: ENABLED\n - action: DOMAIN_PASSWORD_SIGNIN\n permission: ENABLED\n - action: DOMAIN_SMART_CARD_SIGNIN\n permission: DISABLED\n - action: FILE_DOWNLOAD\n permission: ENABLED\n - action: FILE_UPLOAD\n permission: ENABLED\n - action: PRINTING_TO_LOCAL_DEVICE\n permission: ENABLED\n applicationSettings:\n enabled: true\n settingsGroup: SettingsGroup\n tags:\n TagName: TagValue\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nUsing `pulumi import`, import `aws_appstream_stack` using the id. For example:\n\n```sh\n$ pulumi import aws:appstream/stack:Stack example stackID\n```\n", "properties": { "accessEndpoints": { "type": "array", @@ -189989,223 +190284,232 @@ "type": "string", "description": "ARN for this Auto Scaling Group\n" }, - "availabilityZones": { - "type": "array", - "items": { - "type": "string" - }, - "description": "A list of Availability Zones where instances in the Auto Scaling group can be created. Used for launching into the default VPC subnet in each Availability Zone when not using the `vpc_zone_identifier` attribute, or for attaching a network interface when an existing network interface ID is specified in a launch template. Conflicts with `vpc_zone_identifier`.\n" - }, - "capacityRebalance": { - "type": "boolean", - "description": "Whether capacity rebalance is enabled. Otherwise, capacity rebalance is disabled.\n" - }, - "context": { - "type": "string", - "description": "Reserved.\n" - }, - "defaultCooldown": { - "type": "integer", - "description": "Amount of time, in seconds, after a scaling activity completes before another scaling activity can start.\n" - }, - "defaultInstanceWarmup": { - "type": "integer", - "description": "Amount of time, in seconds, until a newly launched instance can contribute to the Amazon CloudWatch metrics. This delay lets an instance finish initializing before Amazon EC2 Auto Scaling aggregates instance metrics, resulting in more reliable usage data. Set this value equal to the amount of time that it takes for resource consumption to become stable after an instance reaches the InService state. (See [Set the default instance warmup for an Auto Scaling group](https://docs.aws.amazon.com/autoscaling/ec2/userguide/ec2-auto-scaling-default-instance-warmup.html))\n" - }, - "desiredCapacity": { - "type": "integer", - "description": "Number of Amazon EC2 instances that\nshould be running in the group. (See also Waiting for\nCapacity below.)\n" - }, - "desiredCapacityType": { - "type": "string", - "description": "The unit of measurement for the value specified for `desired_capacity`. Supported for attribute-based instance type selection only. Valid values: `\"units\"`, `\"vcpu\"`, `\"memory-mib\"`.\n" - }, - "enabledMetrics": { - "type": "array", - "items": { - "type": "string", - "$ref": "#/types/aws:autoscaling/metrics:Metric" - }, - "description": "List of metrics to collect. The allowed values are defined by the [underlying AWS API](https://docs.aws.amazon.com/autoscaling/ec2/APIReference/API_EnableMetricsCollection.html).\n" - }, - "forceDelete": { - "type": "boolean", - "description": "Allows deleting the Auto Scaling Group without waiting\nfor all instances in the pool to terminate. You can force an Auto Scaling Group to delete\neven if it's in the process of scaling a resource. Normally, this provider\ndrains all the instances before deleting the group. This bypasses that\nbehavior and potentially leaves resources dangling.\n" - }, - "forceDeleteWarmPool": { - "type": "boolean", - "description": "Allows deleting the Auto Scaling Group without waiting for all instances in the warm pool to terminate.\n" - }, - "healthCheckGracePeriod": { - "type": "integer", - "description": "Time (in seconds) after instance comes into service before checking health.\n" - }, - "healthCheckType": { - "type": "string", - "description": "\"EC2\" or \"ELB\". Controls how health checking is done.\n" - }, - "ignoreFailedScalingActivities": { - "type": "boolean", - "description": "Whether to ignore failed [Auto Scaling scaling activities](https://docs.aws.amazon.com/autoscaling/ec2/userguide/as-verify-scaling-activity.html) while waiting for capacity. The default is `false` -- failed scaling activities cause errors to be returned.\n" - }, - "initialLifecycleHooks": { - "type": "array", - "items": { - "$ref": "#/types/aws:autoscaling/GroupInitialLifecycleHook:GroupInitialLifecycleHook" - }, - "description": "One or more\n[Lifecycle Hooks](http://docs.aws.amazon.com/autoscaling/latest/userguide/lifecycle-hooks.html)\nto attach to the Auto Scaling Group **before** instances are launched. The\nsyntax is exactly the same as the separate\n`aws.autoscaling.LifecycleHook`\nresource, without the `autoscaling_group_name` attribute. Please note that this will only work when creating\na new Auto Scaling Group. For all other use-cases, please use `aws.autoscaling.LifecycleHook` resource.\n" + "availabilityZoneDistribution": { + "$ref": "#/types/aws:autoscaling/GroupAvailabilityZoneDistribution:GroupAvailabilityZoneDistribution", + "description": "The instance capacity distribution across Availability Zones. See Availability Zone Distribution below for more details.\n" + }, + "availabilityZones": { + "type": "array", + "items": { + "type": "string" + }, + "description": "A list of Availability Zones where instances in the Auto Scaling group can be created. Used for launching into the default VPC subnet in each Availability Zone when not using the `vpc_zone_identifier` attribute, or for attaching a network interface when an existing network interface ID is specified in a launch template. Conflicts with `vpc_zone_identifier`.\n" + }, + "capacityRebalance": { + "type": "boolean", + "description": "Whether capacity rebalance is enabled. Otherwise, capacity rebalance is disabled.\n" + }, + "context": { + "type": "string", + "description": "Reserved.\n" + }, + "defaultCooldown": { + "type": "integer", + "description": "Amount of time, in seconds, after a scaling activity completes before another scaling activity can start.\n" + }, + "defaultInstanceWarmup": { + "type": "integer", + "description": "Amount of time, in seconds, until a newly launched instance can contribute to the Amazon CloudWatch metrics. This delay lets an instance finish initializing before Amazon EC2 Auto Scaling aggregates instance metrics, resulting in more reliable usage data. Set this value equal to the amount of time that it takes for resource consumption to become stable after an instance reaches the InService state. (See [Set the default instance warmup for an Auto Scaling group](https://docs.aws.amazon.com/autoscaling/ec2/userguide/ec2-auto-scaling-default-instance-warmup.html))\n" + }, + "desiredCapacity": { + "type": "integer", + "description": "Number of Amazon EC2 instances that\nshould be running in the group. (See also Waiting for\nCapacity below.)\n" + }, + "desiredCapacityType": { + "type": "string", + "description": "The unit of measurement for the value specified for `desired_capacity`. Supported for attribute-based instance type selection only. Valid values: `\"units\"`, `\"vcpu\"`, `\"memory-mib\"`.\n" + }, + "enabledMetrics": { + "type": "array", + "items": { + "type": "string", + "$ref": "#/types/aws:autoscaling/metrics:Metric" + }, + "description": "List of metrics to collect. The allowed values are defined by the [underlying AWS API](https://docs.aws.amazon.com/autoscaling/ec2/APIReference/API_EnableMetricsCollection.html).\n" + }, + "forceDelete": { + "type": "boolean", + "description": "Allows deleting the Auto Scaling Group without waiting\nfor all instances in the pool to terminate. You can force an Auto Scaling Group to delete\neven if it's in the process of scaling a resource. Normally, this provider\ndrains all the instances before deleting the group. This bypasses that\nbehavior and potentially leaves resources dangling.\n" + }, + "forceDeleteWarmPool": { + "type": "boolean", + "description": "Allows deleting the Auto Scaling Group without waiting for all instances in the warm pool to terminate.\n" + }, + "healthCheckGracePeriod": { + "type": "integer", + "description": "Time (in seconds) after instance comes into service before checking health.\n" + }, + "healthCheckType": { + "type": "string", + "description": "\"EC2\" or \"ELB\". Controls how health checking is done.\n" + }, + "ignoreFailedScalingActivities": { + "type": "boolean", + "description": "Whether to ignore failed [Auto Scaling scaling activities](https://docs.aws.amazon.com/autoscaling/ec2/userguide/as-verify-scaling-activity.html) while waiting for capacity. The default is `false` -- failed scaling activities cause errors to be returned.\n" + }, + "initialLifecycleHooks": { + "type": "array", + "items": { + "$ref": "#/types/aws:autoscaling/GroupInitialLifecycleHook:GroupInitialLifecycleHook" + }, + "description": "One or more\n[Lifecycle Hooks](http://docs.aws.amazon.com/autoscaling/latest/userguide/lifecycle-hooks.html)\nto attach to the Auto Scaling Group **before** instances are launched. The\nsyntax is exactly the same as the separate\n`aws.autoscaling.LifecycleHook`\nresource, without the `autoscaling_group_name` attribute. Please note that this will only work when creating\na new Auto Scaling Group. For all other use-cases, please use `aws.autoscaling.LifecycleHook` resource.\n" + }, + "instanceMaintenancePolicy": { + "$ref": "#/types/aws:autoscaling/GroupInstanceMaintenancePolicy:GroupInstanceMaintenancePolicy", + "description": "If this block is configured, add a instance maintenance policy to the specified Auto Scaling group. Defined below.\n" + }, + "instanceRefresh": { + "$ref": "#/types/aws:autoscaling/GroupInstanceRefresh:GroupInstanceRefresh", + "description": "If this block is configured, start an\n[Instance Refresh](https://docs.aws.amazon.com/autoscaling/ec2/userguide/asg-instance-refresh.html)\nwhen this Auto Scaling Group is updated. Defined below.\n" + }, + "launchConfiguration": { + "type": "string", + "description": "Name of the launch configuration to use.\n" + }, + "launchTemplate": { + "$ref": "#/types/aws:autoscaling/GroupLaunchTemplate:GroupLaunchTemplate", + "description": "Nested argument with Launch template specification to use to launch instances. See Launch Template below for more details.\n" + }, + "loadBalancers": { + "type": "array", + "items": { + "type": "string" + }, + "description": "List of elastic load balancer names to add to the autoscaling\ngroup names. Only valid for classic load balancers. For ALBs, use `target_group_arns` instead. To remove all load balancer attachments an empty list should be specified.\n" + }, + "maxInstanceLifetime": { + "type": "integer", + "description": "Maximum amount of time, in seconds, that an instance can be in service, values must be either equal to 0 or between 86400 and 31536000 seconds.\n" + }, + "maxSize": { + "type": "integer", + "description": "Maximum size of the Auto Scaling Group.\n" + }, + "metricsGranularity": { + "type": "string", + "description": "Granularity to associate with the metrics to collect. The only valid value is `1Minute`. Default is `1Minute`.\n" + }, + "minElbCapacity": { + "type": "integer", + "description": "Setting this causes Pulumi to wait for\nthis number of instances from this Auto Scaling Group to show up healthy in the\nELB only on creation. Updates will not wait on ELB instance number changes.\n(See also Waiting for Capacity below.)\n" + }, + "minSize": { + "type": "integer", + "description": "Minimum size of the Auto Scaling Group.\n(See also Waiting for Capacity below.)\n" + }, + "mixedInstancesPolicy": { + "$ref": "#/types/aws:autoscaling/GroupMixedInstancesPolicy:GroupMixedInstancesPolicy", + "description": "Configuration block containing settings to define launch targets for Auto Scaling groups. See Mixed Instances Policy below for more details.\n" + }, + "name": { + "type": "string", + "description": "Name of the Auto Scaling Group. By default generated by Pulumi. Conflicts with `name_prefix`.\n" + }, + "namePrefix": { + "type": "string", + "description": "Creates a unique name beginning with the specified\nprefix. Conflicts with `name`.\n" + }, + "placementGroup": { + "type": "string", + "description": "Name of the placement group into which you'll launch your instances, if any.\n" + }, + "predictedCapacity": { + "type": "integer", + "description": "Predicted capacity of the group.\n" + }, + "protectFromScaleIn": { + "type": "boolean", + "description": "Whether newly launched instances\nare automatically protected from termination by Amazon EC2 Auto Scaling when\nscaling in. For more information about preventing instances from terminating\non scale in, see [Using instance scale-in protection](https://docs.aws.amazon.com/autoscaling/ec2/userguide/ec2-auto-scaling-instance-protection.html)\nin the Amazon EC2 Auto Scaling User Guide.\n" + }, + "serviceLinkedRoleArn": { + "type": "string", + "description": "ARN of the service-linked role that the ASG will use to call other AWS services\n" + }, + "suspendedProcesses": { + "type": "array", + "items": { + "type": "string" + }, + "description": "List of processes to suspend for the Auto Scaling Group. The allowed values are `Launch`, `Terminate`, `HealthCheck`, `ReplaceUnhealthy`, `AZRebalance`, `AlarmNotification`, `ScheduledActions`, `AddToLoadBalancer`, `InstanceRefresh`.\nNote that if you suspend either the `Launch` or `Terminate` process types, it can prevent your Auto Scaling Group from functioning properly.\n" + }, + "tags": { + "type": "array", + "items": { + "$ref": "#/types/aws:autoscaling/GroupTag:GroupTag" + }, + "description": "Configuration block(s) containing resource tags. See Tag below for more details.\n" + }, + "targetGroupArns": { + "type": "array", + "items": { + "type": "string" + }, + "description": "Set of `aws.alb.TargetGroup` ARNs, for use with Application or Network Load Balancing. To remove all target group attachments an empty list should be specified.\n" + }, + "terminationPolicies": { + "type": "array", + "items": { + "type": "string" + }, + "description": "List of policies to decide how the instances in the Auto Scaling Group should be terminated. The allowed values are `OldestInstance`, `NewestInstance`, `OldestLaunchConfiguration`, `ClosestToNextInstanceHour`, `OldestLaunchTemplate`, `AllocationStrategy`, `Default`. Additionally, the ARN of a Lambda function can be specified for custom termination policies.\n" + }, + "trafficSources": { + "type": "array", + "items": { + "$ref": "#/types/aws:autoscaling/GroupTrafficSource:GroupTrafficSource" + }, + "description": "Attaches one or more traffic sources to the specified Auto Scaling group.\n" + }, + "vpcZoneIdentifiers": { + "type": "array", + "items": { + "type": "string" + }, + "description": "List of subnet IDs to launch resources in. Subnets automatically determine which availability zones the group will reside. Conflicts with `availability_zones`.\n" + }, + "waitForCapacityTimeout": { + "type": "string", + "description": "Maximum\n[duration](https://golang.org/pkg/time/#ParseDuration) that the provider should\nwait for ASG instances to be healthy before timing out. (See also Waiting\nfor Capacity below.) Setting this to \"0\" causes\nthe provider to skip all Capacity Waiting behavior.\n" + }, + "waitForElbCapacity": { + "type": "integer", + "description": "Setting this will cause Pulumi to wait\nfor exactly this number of healthy instances from this Auto Scaling Group in\nall attached load balancers on both create and update operations. (Takes\nprecedence over `min_elb_capacity` behavior.)\n(See also Waiting for Capacity below.)\n" + }, + "warmPool": { + "$ref": "#/types/aws:autoscaling/GroupWarmPool:GroupWarmPool", + "description": "If this block is configured, add a [Warm Pool](https://docs.aws.amazon.com/autoscaling/ec2/userguide/ec2-auto-scaling-warm-pools.html)\nto the specified Auto Scaling group. Defined below\n" + }, + "warmPoolSize": { + "type": "integer", + "description": "Current size of the warm pool.\n" + } + }, + "required": [ + "arn", + "availabilityZoneDistribution", + "availabilityZones", + "defaultCooldown", + "desiredCapacity", + "healthCheckType", + "launchTemplate", + "loadBalancers", + "maxSize", + "minSize", + "mixedInstancesPolicy", + "name", + "namePrefix", + "predictedCapacity", + "serviceLinkedRoleArn", + "targetGroupArns", + "trafficSources", + "vpcZoneIdentifiers", + "warmPoolSize" + ], + "inputProperties": { + "availabilityZoneDistribution": { + "$ref": "#/types/aws:autoscaling/GroupAvailabilityZoneDistribution:GroupAvailabilityZoneDistribution", + "description": "The instance capacity distribution across Availability Zones. See Availability Zone Distribution below for more details.\n" }, - "instanceMaintenancePolicy": { - "$ref": "#/types/aws:autoscaling/GroupInstanceMaintenancePolicy:GroupInstanceMaintenancePolicy", - "description": "If this block is configured, add a instance maintenance policy to the specified Auto Scaling group. Defined below.\n" - }, - "instanceRefresh": { - "$ref": "#/types/aws:autoscaling/GroupInstanceRefresh:GroupInstanceRefresh", - "description": "If this block is configured, start an\n[Instance Refresh](https://docs.aws.amazon.com/autoscaling/ec2/userguide/asg-instance-refresh.html)\nwhen this Auto Scaling Group is updated. Defined below.\n" - }, - "launchConfiguration": { - "type": "string", - "description": "Name of the launch configuration to use.\n" - }, - "launchTemplate": { - "$ref": "#/types/aws:autoscaling/GroupLaunchTemplate:GroupLaunchTemplate", - "description": "Nested argument with Launch template specification to use to launch instances. See Launch Template below for more details.\n" - }, - "loadBalancers": { - "type": "array", - "items": { - "type": "string" - }, - "description": "List of elastic load balancer names to add to the autoscaling\ngroup names. Only valid for classic load balancers. For ALBs, use `target_group_arns` instead. To remove all load balancer attachments an empty list should be specified.\n" - }, - "maxInstanceLifetime": { - "type": "integer", - "description": "Maximum amount of time, in seconds, that an instance can be in service, values must be either equal to 0 or between 86400 and 31536000 seconds.\n" - }, - "maxSize": { - "type": "integer", - "description": "Maximum size of the Auto Scaling Group.\n" - }, - "metricsGranularity": { - "type": "string", - "description": "Granularity to associate with the metrics to collect. The only valid value is `1Minute`. Default is `1Minute`.\n" - }, - "minElbCapacity": { - "type": "integer", - "description": "Setting this causes Pulumi to wait for\nthis number of instances from this Auto Scaling Group to show up healthy in the\nELB only on creation. Updates will not wait on ELB instance number changes.\n(See also Waiting for Capacity below.)\n" - }, - "minSize": { - "type": "integer", - "description": "Minimum size of the Auto Scaling Group.\n(See also Waiting for Capacity below.)\n" - }, - "mixedInstancesPolicy": { - "$ref": "#/types/aws:autoscaling/GroupMixedInstancesPolicy:GroupMixedInstancesPolicy", - "description": "Configuration block containing settings to define launch targets for Auto Scaling groups. See Mixed Instances Policy below for more details.\n" - }, - "name": { - "type": "string", - "description": "Name of the Auto Scaling Group. By default generated by Pulumi. Conflicts with `name_prefix`.\n" - }, - "namePrefix": { - "type": "string", - "description": "Creates a unique name beginning with the specified\nprefix. Conflicts with `name`.\n" - }, - "placementGroup": { - "type": "string", - "description": "Name of the placement group into which you'll launch your instances, if any.\n" - }, - "predictedCapacity": { - "type": "integer", - "description": "Predicted capacity of the group.\n" - }, - "protectFromScaleIn": { - "type": "boolean", - "description": "Whether newly launched instances\nare automatically protected from termination by Amazon EC2 Auto Scaling when\nscaling in. For more information about preventing instances from terminating\non scale in, see [Using instance scale-in protection](https://docs.aws.amazon.com/autoscaling/ec2/userguide/ec2-auto-scaling-instance-protection.html)\nin the Amazon EC2 Auto Scaling User Guide.\n" - }, - "serviceLinkedRoleArn": { - "type": "string", - "description": "ARN of the service-linked role that the ASG will use to call other AWS services\n" - }, - "suspendedProcesses": { - "type": "array", - "items": { - "type": "string" - }, - "description": "List of processes to suspend for the Auto Scaling Group. The allowed values are `Launch`, `Terminate`, `HealthCheck`, `ReplaceUnhealthy`, `AZRebalance`, `AlarmNotification`, `ScheduledActions`, `AddToLoadBalancer`, `InstanceRefresh`.\nNote that if you suspend either the `Launch` or `Terminate` process types, it can prevent your Auto Scaling Group from functioning properly.\n" - }, - "tags": { - "type": "array", - "items": { - "$ref": "#/types/aws:autoscaling/GroupTag:GroupTag" - }, - "description": "Configuration block(s) containing resource tags. See Tag below for more details.\n" - }, - "targetGroupArns": { - "type": "array", - "items": { - "type": "string" - }, - "description": "Set of `aws.alb.TargetGroup` ARNs, for use with Application or Network Load Balancing. To remove all target group attachments an empty list should be specified.\n" - }, - "terminationPolicies": { - "type": "array", - "items": { - "type": "string" - }, - "description": "List of policies to decide how the instances in the Auto Scaling Group should be terminated. The allowed values are `OldestInstance`, `NewestInstance`, `OldestLaunchConfiguration`, `ClosestToNextInstanceHour`, `OldestLaunchTemplate`, `AllocationStrategy`, `Default`. Additionally, the ARN of a Lambda function can be specified for custom termination policies.\n" - }, - "trafficSources": { - "type": "array", - "items": { - "$ref": "#/types/aws:autoscaling/GroupTrafficSource:GroupTrafficSource" - }, - "description": "Attaches one or more traffic sources to the specified Auto Scaling group.\n" - }, - "vpcZoneIdentifiers": { - "type": "array", - "items": { - "type": "string" - }, - "description": "List of subnet IDs to launch resources in. Subnets automatically determine which availability zones the group will reside. Conflicts with `availability_zones`.\n" - }, - "waitForCapacityTimeout": { - "type": "string", - "description": "Maximum\n[duration](https://golang.org/pkg/time/#ParseDuration) that the provider should\nwait for ASG instances to be healthy before timing out. (See also Waiting\nfor Capacity below.) Setting this to \"0\" causes\nthe provider to skip all Capacity Waiting behavior.\n" - }, - "waitForElbCapacity": { - "type": "integer", - "description": "Setting this will cause Pulumi to wait\nfor exactly this number of healthy instances from this Auto Scaling Group in\nall attached load balancers on both create and update operations. (Takes\nprecedence over `min_elb_capacity` behavior.)\n(See also Waiting for Capacity below.)\n" - }, - "warmPool": { - "$ref": "#/types/aws:autoscaling/GroupWarmPool:GroupWarmPool", - "description": "If this block is configured, add a [Warm Pool](https://docs.aws.amazon.com/autoscaling/ec2/userguide/ec2-auto-scaling-warm-pools.html)\nto the specified Auto Scaling group. Defined below\n" - }, - "warmPoolSize": { - "type": "integer", - "description": "Current size of the warm pool.\n" - } - }, - "required": [ - "arn", - "availabilityZones", - "defaultCooldown", - "desiredCapacity", - "healthCheckType", - "launchTemplate", - "loadBalancers", - "maxSize", - "minSize", - "mixedInstancesPolicy", - "name", - "namePrefix", - "predictedCapacity", - "serviceLinkedRoleArn", - "targetGroupArns", - "trafficSources", - "vpcZoneIdentifiers", - "warmPoolSize" - ], - "inputProperties": { "availabilityZones": { "type": "array", "items": { @@ -190435,6 +190739,10 @@ "type": "string", "description": "ARN for this Auto Scaling Group\n" }, + "availabilityZoneDistribution": { + "$ref": "#/types/aws:autoscaling/GroupAvailabilityZoneDistribution:GroupAvailabilityZoneDistribution", + "description": "The instance capacity distribution across Availability Zones. See Availability Zone Distribution below for more details.\n" + }, "availabilityZones": { "type": "array", "items": { @@ -193636,6 +193944,10 @@ "type": "string", "description": "ARN of the agent.\n" }, + "agentCollaboration": { + "type": "string", + "description": "Agents collaboration role. Valid values: `SUPERVISOR`, `SUPERVISOR_ROUTER`, `DISABLED`.\n" + }, "agentId": { "type": "string", "description": "Unique identifier of the agent.\n" @@ -193715,6 +194027,7 @@ }, "required": [ "agentArn", + "agentCollaboration", "agentId", "agentName", "agentResourceRoleArn", @@ -193728,6 +194041,10 @@ "tagsAll" ], "inputProperties": { + "agentCollaboration": { + "type": "string", + "description": "Agents collaboration role. Valid values: `SUPERVISOR`, `SUPERVISOR_ROUTER`, `DISABLED`.\n" + }, "agentName": { "type": "string", "description": "Name of the agent.\n" @@ -193801,6 +194118,10 @@ "type": "string", "description": "ARN of the agent.\n" }, + "agentCollaboration": { + "type": "string", + "description": "Agents collaboration role. Valid values: `SUPERVISOR`, `SUPERVISOR_ROUTER`, `DISABLED`.\n" + }, "agentId": { "type": "string", "description": "Unique identifier of the agent.\n" @@ -202488,6 +202809,92 @@ "type": "object" } }, + "aws:cloudfront/vpcOrigin:VpcOrigin": { + "description": "Creates an Amazon CloudFront VPC origin.\n\nFor information about CloudFront VPC origins, see\n[Amazon CloudFront Developer Guide - Restrict access with VPC origins][1].\n\n## Example Usage\n\n### Application Load Balancer\n\nThe following example below creates a CloudFront VPC origin for a Application Load Balancer.\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst alb = new aws.cloudfront.VpcOrigin(\"alb\", {vpcOriginEndpointConfig: {\n name: \"Example VPC Origin\",\n arn: _this.arn,\n httpPort: 8080,\n httpsPort: 8443,\n originProtocolPolicy: \"https-only\",\n originSslProtocols: {\n items: [\"TLSv1.2\"],\n quantity: 1,\n },\n}});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nalb = aws.cloudfront.VpcOrigin(\"alb\", vpc_origin_endpoint_config={\n \"name\": \"Example VPC Origin\",\n \"arn\": this[\"arn\"],\n \"http_port\": 8080,\n \"https_port\": 8443,\n \"origin_protocol_policy\": \"https-only\",\n \"origin_ssl_protocols\": {\n \"items\": [\"TLSv1.2\"],\n \"quantity\": 1,\n },\n})\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var alb = new Aws.CloudFront.VpcOrigin(\"alb\", new()\n {\n VpcOriginEndpointConfig = new Aws.CloudFront.Inputs.VpcOriginVpcOriginEndpointConfigArgs\n {\n Name = \"Example VPC Origin\",\n Arn = @this.Arn,\n HttpPort = 8080,\n HttpsPort = 8443,\n OriginProtocolPolicy = \"https-only\",\n OriginSslProtocols = new Aws.CloudFront.Inputs.VpcOriginVpcOriginEndpointConfigOriginSslProtocolsArgs\n {\n Items = new[]\n {\n \"TLSv1.2\",\n },\n Quantity = 1,\n },\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/cloudfront\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := cloudfront.NewVpcOrigin(ctx, \"alb\", \u0026cloudfront.VpcOriginArgs{\n\t\t\tVpcOriginEndpointConfig: \u0026cloudfront.VpcOriginVpcOriginEndpointConfigArgs{\n\t\t\t\tName: pulumi.String(\"Example VPC Origin\"),\n\t\t\t\tArn: pulumi.Any(this.Arn),\n\t\t\t\tHttpPort: pulumi.Int(8080),\n\t\t\t\tHttpsPort: pulumi.Int(8443),\n\t\t\t\tOriginProtocolPolicy: pulumi.String(\"https-only\"),\n\t\t\t\tOriginSslProtocols: \u0026cloudfront.VpcOriginVpcOriginEndpointConfigOriginSslProtocolsArgs{\n\t\t\t\t\tItems: pulumi.StringArray{\n\t\t\t\t\t\tpulumi.String(\"TLSv1.2\"),\n\t\t\t\t\t},\n\t\t\t\t\tQuantity: pulumi.Int(1),\n\t\t\t\t},\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.aws.cloudfront.VpcOrigin;\nimport com.pulumi.aws.cloudfront.VpcOriginArgs;\nimport com.pulumi.aws.cloudfront.inputs.VpcOriginVpcOriginEndpointConfigArgs;\nimport com.pulumi.aws.cloudfront.inputs.VpcOriginVpcOriginEndpointConfigOriginSslProtocolsArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var alb = new VpcOrigin(\"alb\", VpcOriginArgs.builder()\n .vpcOriginEndpointConfig(VpcOriginVpcOriginEndpointConfigArgs.builder()\n .name(\"Example VPC Origin\")\n .arn(this_.arn())\n .httpPort(8080)\n .httpsPort(8443)\n .originProtocolPolicy(\"https-only\")\n .originSslProtocols(VpcOriginVpcOriginEndpointConfigOriginSslProtocolsArgs.builder()\n .items(\"TLSv1.2\")\n .quantity(1)\n .build())\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n alb:\n type: aws:cloudfront:VpcOrigin\n properties:\n vpcOriginEndpointConfig:\n name: Example VPC Origin\n arn: ${this.arn}\n httpPort: 8080\n httpsPort: 8443\n originProtocolPolicy: https-only\n originSslProtocols:\n items:\n - TLSv1.2\n quantity: 1\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nterraform\n\nimport {\n\n to = aws_cloudfront_vpc_origin.origin\n\n id = vo_JQEa410sssUFoY6wMkx69j\n\n}\n\nUsing `pulumi import`, import Cloudfront VPC origins using the `id`. For example:\n\nconsole\n\n% pulumi import aws_cloudfront_vpc_origin vo_JQEa410sssUFoY6wMkx69j\n\n", + "properties": { + "arn": { + "type": "string", + "description": "The VPC origin ARN.\n" + }, + "etag": { + "type": "string", + "description": "The current version of the origin.\n" + }, + "tags": { + "type": "object", + "additionalProperties": { + "type": "string" + } + }, + "tagsAll": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "A map of tags assigned to the resource, including those inherited from the provider `default_tags` configuration block.\n", + "deprecationMessage": "Please use `tags` instead." + }, + "timeouts": { + "$ref": "#/types/aws:cloudfront/VpcOriginTimeouts:VpcOriginTimeouts" + }, + "vpcOriginEndpointConfig": { + "$ref": "#/types/aws:cloudfront/VpcOriginVpcOriginEndpointConfig:VpcOriginVpcOriginEndpointConfig" + } + }, + "required": [ + "arn", + "etag", + "tagsAll" + ], + "inputProperties": { + "tags": { + "type": "object", + "additionalProperties": { + "type": "string" + } + }, + "timeouts": { + "$ref": "#/types/aws:cloudfront/VpcOriginTimeouts:VpcOriginTimeouts" + }, + "vpcOriginEndpointConfig": { + "$ref": "#/types/aws:cloudfront/VpcOriginVpcOriginEndpointConfig:VpcOriginVpcOriginEndpointConfig" + } + }, + "stateInputs": { + "description": "Input properties used for looking up and filtering VpcOrigin resources.\n", + "properties": { + "arn": { + "type": "string", + "description": "The VPC origin ARN.\n" + }, + "etag": { + "type": "string", + "description": "The current version of the origin.\n" + }, + "tags": { + "type": "object", + "additionalProperties": { + "type": "string" + } + }, + "tagsAll": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "A map of tags assigned to the resource, including those inherited from the provider `default_tags` configuration block.\n", + "deprecationMessage": "Please use `tags` instead." + }, + "timeouts": { + "$ref": "#/types/aws:cloudfront/VpcOriginTimeouts:VpcOriginTimeouts" + }, + "vpcOriginEndpointConfig": { + "$ref": "#/types/aws:cloudfront/VpcOriginVpcOriginEndpointConfig:VpcOriginVpcOriginEndpointConfig" + } + }, + "type": "object" + } + }, "aws:cloudhsmv2/cluster:Cluster": { "description": "Creates an Amazon CloudHSM v2 cluster.\n\nFor information about CloudHSM v2, see the\n[AWS CloudHSM User Guide](https://docs.aws.amazon.com/cloudhsm/latest/userguide/introduction.html) and the [Amazon\nCloudHSM API Reference][2].\n\n\u003e **NOTE:** A CloudHSM Cluster can take several minutes to set up.\nPractically no single attribute can be updated, except for `tags`.\nIf you need to delete a cluster, you have to remove its HSM modules first.\nTo initialize cluster, you have to add an HSM instance to the cluster, then sign CSR and upload it.\n\n## Import\n\nUsing `pulumi import`, import CloudHSM v2 Clusters using the cluster `id`. For example:\n\n```sh\n$ pulumi import aws:cloudhsmv2/cluster:Cluster test_cluster cluster-aeb282a201\n```\n", "properties": { @@ -205026,7 +205433,7 @@ } }, "aws:cloudwatch/logAccountPolicy:LogAccountPolicy": { - "description": "Provides a CloudWatch Log Account Policy resource.\n\n## Example Usage\n\n### Account Data Protection Policy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst dataProtection = new aws.cloudwatch.LogAccountPolicy(\"data_protection\", {\n policyName: \"data-protection\",\n policyType: \"DATA_PROTECTION_POLICY\",\n policyDocument: JSON.stringify({\n Name: \"DataProtection\",\n Version: \"2021-06-01\",\n Statement: [\n {\n Sid: \"Audit\",\n DataIdentifier: [\"arn:aws:dataprotection::aws:data-identifier/EmailAddress\"],\n Operation: {\n Audit: {\n FindingsDestination: {},\n },\n },\n },\n {\n Sid: \"Redact\",\n DataIdentifier: [\"arn:aws:dataprotection::aws:data-identifier/EmailAddress\"],\n Operation: {\n Deidentify: {\n MaskConfig: {},\n },\n },\n },\n ],\n }),\n});\n```\n```python\nimport pulumi\nimport json\nimport pulumi_aws as aws\n\ndata_protection = aws.cloudwatch.LogAccountPolicy(\"data_protection\",\n policy_name=\"data-protection\",\n policy_type=\"DATA_PROTECTION_POLICY\",\n policy_document=json.dumps({\n \"Name\": \"DataProtection\",\n \"Version\": \"2021-06-01\",\n \"Statement\": [\n {\n \"Sid\": \"Audit\",\n \"DataIdentifier\": [\"arn:aws:dataprotection::aws:data-identifier/EmailAddress\"],\n \"Operation\": {\n \"Audit\": {\n \"FindingsDestination\": {},\n },\n },\n },\n {\n \"Sid\": \"Redact\",\n \"DataIdentifier\": [\"arn:aws:dataprotection::aws:data-identifier/EmailAddress\"],\n \"Operation\": {\n \"Deidentify\": {\n \"MaskConfig\": {},\n },\n },\n },\n ],\n }))\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing System.Text.Json;\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var dataProtection = new Aws.CloudWatch.LogAccountPolicy(\"data_protection\", new()\n {\n PolicyName = \"data-protection\",\n PolicyType = \"DATA_PROTECTION_POLICY\",\n PolicyDocument = JsonSerializer.Serialize(new Dictionary\u003cstring, object?\u003e\n {\n [\"Name\"] = \"DataProtection\",\n [\"Version\"] = \"2021-06-01\",\n [\"Statement\"] = new[]\n {\n new Dictionary\u003cstring, object?\u003e\n {\n [\"Sid\"] = \"Audit\",\n [\"DataIdentifier\"] = new[]\n {\n \"arn:aws:dataprotection::aws:data-identifier/EmailAddress\",\n },\n [\"Operation\"] = new Dictionary\u003cstring, object?\u003e\n {\n [\"Audit\"] = new Dictionary\u003cstring, object?\u003e\n {\n [\"FindingsDestination\"] = new Dictionary\u003cstring, object?\u003e\n {\n },\n },\n },\n },\n new Dictionary\u003cstring, object?\u003e\n {\n [\"Sid\"] = \"Redact\",\n [\"DataIdentifier\"] = new[]\n {\n \"arn:aws:dataprotection::aws:data-identifier/EmailAddress\",\n },\n [\"Operation\"] = new Dictionary\u003cstring, object?\u003e\n {\n [\"Deidentify\"] = new Dictionary\u003cstring, object?\u003e\n {\n [\"MaskConfig\"] = new Dictionary\u003cstring, object?\u003e\n {\n },\n },\n },\n },\n },\n }),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"encoding/json\"\n\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/cloudwatch\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\ttmpJSON0, err := json.Marshal(map[string]interface{}{\n\t\t\t\"Name\": \"DataProtection\",\n\t\t\t\"Version\": \"2021-06-01\",\n\t\t\t\"Statement\": []interface{}{\n\t\t\t\tmap[string]interface{}{\n\t\t\t\t\t\"Sid\": \"Audit\",\n\t\t\t\t\t\"DataIdentifier\": []string{\n\t\t\t\t\t\t\"arn:aws:dataprotection::aws:data-identifier/EmailAddress\",\n\t\t\t\t\t},\n\t\t\t\t\t\"Operation\": map[string]interface{}{\n\t\t\t\t\t\t\"Audit\": map[string]interface{}{\n\t\t\t\t\t\t\t\"FindingsDestination\": map[string]interface{}{},\n\t\t\t\t\t\t},\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t\tmap[string]interface{}{\n\t\t\t\t\t\"Sid\": \"Redact\",\n\t\t\t\t\t\"DataIdentifier\": []string{\n\t\t\t\t\t\t\"arn:aws:dataprotection::aws:data-identifier/EmailAddress\",\n\t\t\t\t\t},\n\t\t\t\t\t\"Operation\": map[string]interface{}{\n\t\t\t\t\t\t\"Deidentify\": map[string]interface{}{\n\t\t\t\t\t\t\t\"MaskConfig\": map[string]interface{}{},\n\t\t\t\t\t\t},\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tjson0 := string(tmpJSON0)\n\t\t_, err = cloudwatch.NewLogAccountPolicy(ctx, \"data_protection\", \u0026cloudwatch.LogAccountPolicyArgs{\n\t\t\tPolicyName: pulumi.String(\"data-protection\"),\n\t\t\tPolicyType: pulumi.String(\"DATA_PROTECTION_POLICY\"),\n\t\t\tPolicyDocument: pulumi.String(json0),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.aws.cloudwatch.LogAccountPolicy;\nimport com.pulumi.aws.cloudwatch.LogAccountPolicyArgs;\nimport static com.pulumi.codegen.internal.Serialization.*;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var dataProtection = new LogAccountPolicy(\"dataProtection\", LogAccountPolicyArgs.builder()\n .policyName(\"data-protection\")\n .policyType(\"DATA_PROTECTION_POLICY\")\n .policyDocument(serializeJson(\n jsonObject(\n jsonProperty(\"Name\", \"DataProtection\"),\n jsonProperty(\"Version\", \"2021-06-01\"),\n jsonProperty(\"Statement\", jsonArray(\n jsonObject(\n jsonProperty(\"Sid\", \"Audit\"),\n jsonProperty(\"DataIdentifier\", jsonArray(\"arn:aws:dataprotection::aws:data-identifier/EmailAddress\")),\n jsonProperty(\"Operation\", jsonObject(\n jsonProperty(\"Audit\", jsonObject(\n jsonProperty(\"FindingsDestination\", jsonObject(\n\n ))\n ))\n ))\n ), \n jsonObject(\n jsonProperty(\"Sid\", \"Redact\"),\n jsonProperty(\"DataIdentifier\", jsonArray(\"arn:aws:dataprotection::aws:data-identifier/EmailAddress\")),\n jsonProperty(\"Operation\", jsonObject(\n jsonProperty(\"Deidentify\", jsonObject(\n jsonProperty(\"MaskConfig\", jsonObject(\n\n ))\n ))\n ))\n )\n ))\n )))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n dataProtection:\n type: aws:cloudwatch:LogAccountPolicy\n name: data_protection\n properties:\n policyName: data-protection\n policyType: DATA_PROTECTION_POLICY\n policyDocument:\n fn::toJSON:\n Name: DataProtection\n Version: 2021-06-01\n Statement:\n - Sid: Audit\n DataIdentifier:\n - arn:aws:dataprotection::aws:data-identifier/EmailAddress\n Operation:\n Audit:\n FindingsDestination: {}\n - Sid: Redact\n DataIdentifier:\n - arn:aws:dataprotection::aws:data-identifier/EmailAddress\n Operation:\n Deidentify:\n MaskConfig: {}\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n### Subscription Filter Policy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst subscriptionFilter = new aws.cloudwatch.LogAccountPolicy(\"subscription_filter\", {\n policyName: \"subscription-filter\",\n policyType: \"SUBSCRIPTION_FILTER_POLICY\",\n policyDocument: JSON.stringify({\n DestinationArn: test.arn,\n FilterPattern: \"test\",\n }),\n selectionCriteria: \"LogGroupName NOT IN [\\\"excluded_log_group_name\\\"]\",\n});\n```\n```python\nimport pulumi\nimport json\nimport pulumi_aws as aws\n\nsubscription_filter = aws.cloudwatch.LogAccountPolicy(\"subscription_filter\",\n policy_name=\"subscription-filter\",\n policy_type=\"SUBSCRIPTION_FILTER_POLICY\",\n policy_document=json.dumps({\n \"DestinationArn\": test[\"arn\"],\n \"FilterPattern\": \"test\",\n }),\n selection_criteria=\"LogGroupName NOT IN [\\\"excluded_log_group_name\\\"]\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing System.Text.Json;\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var subscriptionFilter = new Aws.CloudWatch.LogAccountPolicy(\"subscription_filter\", new()\n {\n PolicyName = \"subscription-filter\",\n PolicyType = \"SUBSCRIPTION_FILTER_POLICY\",\n PolicyDocument = JsonSerializer.Serialize(new Dictionary\u003cstring, object?\u003e\n {\n [\"DestinationArn\"] = test.Arn,\n [\"FilterPattern\"] = \"test\",\n }),\n SelectionCriteria = \"LogGroupName NOT IN [\\\"excluded_log_group_name\\\"]\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"encoding/json\"\n\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/cloudwatch\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\ttmpJSON0, err := json.Marshal(map[string]interface{}{\n\t\t\t\"DestinationArn\": test.Arn,\n\t\t\t\"FilterPattern\": \"test\",\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tjson0 := string(tmpJSON0)\n\t\t_, err = cloudwatch.NewLogAccountPolicy(ctx, \"subscription_filter\", \u0026cloudwatch.LogAccountPolicyArgs{\n\t\t\tPolicyName: pulumi.String(\"subscription-filter\"),\n\t\t\tPolicyType: pulumi.String(\"SUBSCRIPTION_FILTER_POLICY\"),\n\t\t\tPolicyDocument: pulumi.String(json0),\n\t\t\tSelectionCriteria: pulumi.String(\"LogGroupName NOT IN [\\\"excluded_log_group_name\\\"]\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.aws.cloudwatch.LogAccountPolicy;\nimport com.pulumi.aws.cloudwatch.LogAccountPolicyArgs;\nimport static com.pulumi.codegen.internal.Serialization.*;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var subscriptionFilter = new LogAccountPolicy(\"subscriptionFilter\", LogAccountPolicyArgs.builder()\n .policyName(\"subscription-filter\")\n .policyType(\"SUBSCRIPTION_FILTER_POLICY\")\n .policyDocument(serializeJson(\n jsonObject(\n jsonProperty(\"DestinationArn\", test.arn()),\n jsonProperty(\"FilterPattern\", \"test\")\n )))\n .selectionCriteria(\"LogGroupName NOT IN [\\\"excluded_log_group_name\\\"]\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n subscriptionFilter:\n type: aws:cloudwatch:LogAccountPolicy\n name: subscription_filter\n properties:\n policyName: subscription-filter\n policyType: SUBSCRIPTION_FILTER_POLICY\n policyDocument:\n fn::toJSON:\n DestinationArn: ${test.arn}\n FilterPattern: test\n selectionCriteria: LogGroupName NOT IN [\"excluded_log_group_name\"]\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nUsing `pulumi import`, import this resource using the `policy_name` and `policy_type` separated by `:`. For example:\n\n```sh\n$ pulumi import aws:cloudwatch/logAccountPolicy:LogAccountPolicy example \"my-account-policy:SUBSCRIPTION_FILTER_POLICY\"\n```\n", + "description": "Provides a CloudWatch Log Account Policy resource.\n\n## Example Usage\n\n### Account Data Protection Policy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst dataProtection = new aws.cloudwatch.LogAccountPolicy(\"data_protection\", {\n policyName: \"data-protection\",\n policyType: \"DATA_PROTECTION_POLICY\",\n policyDocument: JSON.stringify({\n Name: \"DataProtection\",\n Version: \"2021-06-01\",\n Statement: [\n {\n Sid: \"Audit\",\n DataIdentifier: [\"arn:aws:dataprotection::aws:data-identifier/EmailAddress\"],\n Operation: {\n Audit: {\n FindingsDestination: {},\n },\n },\n },\n {\n Sid: \"Redact\",\n DataIdentifier: [\"arn:aws:dataprotection::aws:data-identifier/EmailAddress\"],\n Operation: {\n Deidentify: {\n MaskConfig: {},\n },\n },\n },\n ],\n }),\n});\n```\n```python\nimport pulumi\nimport json\nimport pulumi_aws as aws\n\ndata_protection = aws.cloudwatch.LogAccountPolicy(\"data_protection\",\n policy_name=\"data-protection\",\n policy_type=\"DATA_PROTECTION_POLICY\",\n policy_document=json.dumps({\n \"Name\": \"DataProtection\",\n \"Version\": \"2021-06-01\",\n \"Statement\": [\n {\n \"Sid\": \"Audit\",\n \"DataIdentifier\": [\"arn:aws:dataprotection::aws:data-identifier/EmailAddress\"],\n \"Operation\": {\n \"Audit\": {\n \"FindingsDestination\": {},\n },\n },\n },\n {\n \"Sid\": \"Redact\",\n \"DataIdentifier\": [\"arn:aws:dataprotection::aws:data-identifier/EmailAddress\"],\n \"Operation\": {\n \"Deidentify\": {\n \"MaskConfig\": {},\n },\n },\n },\n ],\n }))\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing System.Text.Json;\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var dataProtection = new Aws.CloudWatch.LogAccountPolicy(\"data_protection\", new()\n {\n PolicyName = \"data-protection\",\n PolicyType = \"DATA_PROTECTION_POLICY\",\n PolicyDocument = JsonSerializer.Serialize(new Dictionary\u003cstring, object?\u003e\n {\n [\"Name\"] = \"DataProtection\",\n [\"Version\"] = \"2021-06-01\",\n [\"Statement\"] = new[]\n {\n new Dictionary\u003cstring, object?\u003e\n {\n [\"Sid\"] = \"Audit\",\n [\"DataIdentifier\"] = new[]\n {\n \"arn:aws:dataprotection::aws:data-identifier/EmailAddress\",\n },\n [\"Operation\"] = new Dictionary\u003cstring, object?\u003e\n {\n [\"Audit\"] = new Dictionary\u003cstring, object?\u003e\n {\n [\"FindingsDestination\"] = new Dictionary\u003cstring, object?\u003e\n {\n },\n },\n },\n },\n new Dictionary\u003cstring, object?\u003e\n {\n [\"Sid\"] = \"Redact\",\n [\"DataIdentifier\"] = new[]\n {\n \"arn:aws:dataprotection::aws:data-identifier/EmailAddress\",\n },\n [\"Operation\"] = new Dictionary\u003cstring, object?\u003e\n {\n [\"Deidentify\"] = new Dictionary\u003cstring, object?\u003e\n {\n [\"MaskConfig\"] = new Dictionary\u003cstring, object?\u003e\n {\n },\n },\n },\n },\n },\n }),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"encoding/json\"\n\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/cloudwatch\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\ttmpJSON0, err := json.Marshal(map[string]interface{}{\n\t\t\t\"Name\": \"DataProtection\",\n\t\t\t\"Version\": \"2021-06-01\",\n\t\t\t\"Statement\": []interface{}{\n\t\t\t\tmap[string]interface{}{\n\t\t\t\t\t\"Sid\": \"Audit\",\n\t\t\t\t\t\"DataIdentifier\": []string{\n\t\t\t\t\t\t\"arn:aws:dataprotection::aws:data-identifier/EmailAddress\",\n\t\t\t\t\t},\n\t\t\t\t\t\"Operation\": map[string]interface{}{\n\t\t\t\t\t\t\"Audit\": map[string]interface{}{\n\t\t\t\t\t\t\t\"FindingsDestination\": map[string]interface{}{},\n\t\t\t\t\t\t},\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t\tmap[string]interface{}{\n\t\t\t\t\t\"Sid\": \"Redact\",\n\t\t\t\t\t\"DataIdentifier\": []string{\n\t\t\t\t\t\t\"arn:aws:dataprotection::aws:data-identifier/EmailAddress\",\n\t\t\t\t\t},\n\t\t\t\t\t\"Operation\": map[string]interface{}{\n\t\t\t\t\t\t\"Deidentify\": map[string]interface{}{\n\t\t\t\t\t\t\t\"MaskConfig\": map[string]interface{}{},\n\t\t\t\t\t\t},\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tjson0 := string(tmpJSON0)\n\t\t_, err = cloudwatch.NewLogAccountPolicy(ctx, \"data_protection\", \u0026cloudwatch.LogAccountPolicyArgs{\n\t\t\tPolicyName: pulumi.String(\"data-protection\"),\n\t\t\tPolicyType: pulumi.String(\"DATA_PROTECTION_POLICY\"),\n\t\t\tPolicyDocument: pulumi.String(json0),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.aws.cloudwatch.LogAccountPolicy;\nimport com.pulumi.aws.cloudwatch.LogAccountPolicyArgs;\nimport static com.pulumi.codegen.internal.Serialization.*;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var dataProtection = new LogAccountPolicy(\"dataProtection\", LogAccountPolicyArgs.builder()\n .policyName(\"data-protection\")\n .policyType(\"DATA_PROTECTION_POLICY\")\n .policyDocument(serializeJson(\n jsonObject(\n jsonProperty(\"Name\", \"DataProtection\"),\n jsonProperty(\"Version\", \"2021-06-01\"),\n jsonProperty(\"Statement\", jsonArray(\n jsonObject(\n jsonProperty(\"Sid\", \"Audit\"),\n jsonProperty(\"DataIdentifier\", jsonArray(\"arn:aws:dataprotection::aws:data-identifier/EmailAddress\")),\n jsonProperty(\"Operation\", jsonObject(\n jsonProperty(\"Audit\", jsonObject(\n jsonProperty(\"FindingsDestination\", jsonObject(\n\n ))\n ))\n ))\n ), \n jsonObject(\n jsonProperty(\"Sid\", \"Redact\"),\n jsonProperty(\"DataIdentifier\", jsonArray(\"arn:aws:dataprotection::aws:data-identifier/EmailAddress\")),\n jsonProperty(\"Operation\", jsonObject(\n jsonProperty(\"Deidentify\", jsonObject(\n jsonProperty(\"MaskConfig\", jsonObject(\n\n ))\n ))\n ))\n )\n ))\n )))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n dataProtection:\n type: aws:cloudwatch:LogAccountPolicy\n name: data_protection\n properties:\n policyName: data-protection\n policyType: DATA_PROTECTION_POLICY\n policyDocument:\n fn::toJSON:\n Name: DataProtection\n Version: 2021-06-01\n Statement:\n - Sid: Audit\n DataIdentifier:\n - arn:aws:dataprotection::aws:data-identifier/EmailAddress\n Operation:\n Audit:\n FindingsDestination: {}\n - Sid: Redact\n DataIdentifier:\n - arn:aws:dataprotection::aws:data-identifier/EmailAddress\n Operation:\n Deidentify:\n MaskConfig: {}\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n### Subscription Filter Policy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst subscriptionFilter = new aws.cloudwatch.LogAccountPolicy(\"subscription_filter\", {\n policyName: \"subscription-filter\",\n policyType: \"SUBSCRIPTION_FILTER_POLICY\",\n policyDocument: JSON.stringify({\n DestinationArn: test.arn,\n FilterPattern: \"test\",\n }),\n selectionCriteria: \"LogGroupName NOT IN [\\\"excluded_log_group_name\\\"]\",\n});\n```\n```python\nimport pulumi\nimport json\nimport pulumi_aws as aws\n\nsubscription_filter = aws.cloudwatch.LogAccountPolicy(\"subscription_filter\",\n policy_name=\"subscription-filter\",\n policy_type=\"SUBSCRIPTION_FILTER_POLICY\",\n policy_document=json.dumps({\n \"DestinationArn\": test[\"arn\"],\n \"FilterPattern\": \"test\",\n }),\n selection_criteria=\"LogGroupName NOT IN [\\\"excluded_log_group_name\\\"]\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing System.Text.Json;\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var subscriptionFilter = new Aws.CloudWatch.LogAccountPolicy(\"subscription_filter\", new()\n {\n PolicyName = \"subscription-filter\",\n PolicyType = \"SUBSCRIPTION_FILTER_POLICY\",\n PolicyDocument = JsonSerializer.Serialize(new Dictionary\u003cstring, object?\u003e\n {\n [\"DestinationArn\"] = test.Arn,\n [\"FilterPattern\"] = \"test\",\n }),\n SelectionCriteria = \"LogGroupName NOT IN [\\\"excluded_log_group_name\\\"]\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"encoding/json\"\n\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/cloudwatch\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\ttmpJSON0, err := json.Marshal(map[string]interface{}{\n\t\t\t\"DestinationArn\": test.Arn,\n\t\t\t\"FilterPattern\": \"test\",\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tjson0 := string(tmpJSON0)\n\t\t_, err = cloudwatch.NewLogAccountPolicy(ctx, \"subscription_filter\", \u0026cloudwatch.LogAccountPolicyArgs{\n\t\t\tPolicyName: pulumi.String(\"subscription-filter\"),\n\t\t\tPolicyType: pulumi.String(\"SUBSCRIPTION_FILTER_POLICY\"),\n\t\t\tPolicyDocument: pulumi.String(json0),\n\t\t\tSelectionCriteria: pulumi.String(\"LogGroupName NOT IN [\\\"excluded_log_group_name\\\"]\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.aws.cloudwatch.LogAccountPolicy;\nimport com.pulumi.aws.cloudwatch.LogAccountPolicyArgs;\nimport static com.pulumi.codegen.internal.Serialization.*;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var subscriptionFilter = new LogAccountPolicy(\"subscriptionFilter\", LogAccountPolicyArgs.builder()\n .policyName(\"subscription-filter\")\n .policyType(\"SUBSCRIPTION_FILTER_POLICY\")\n .policyDocument(serializeJson(\n jsonObject(\n jsonProperty(\"DestinationArn\", test.arn()),\n jsonProperty(\"FilterPattern\", \"test\")\n )))\n .selectionCriteria(\"LogGroupName NOT IN [\\\"excluded_log_group_name\\\"]\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n subscriptionFilter:\n type: aws:cloudwatch:LogAccountPolicy\n name: subscription_filter\n properties:\n policyName: subscription-filter\n policyType: SUBSCRIPTION_FILTER_POLICY\n policyDocument:\n fn::toJSON:\n DestinationArn: ${test.arn}\n FilterPattern: test\n selectionCriteria: LogGroupName NOT IN [\"excluded_log_group_name\"]\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n### Field Index Policy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst fieldIndex = new aws.cloudwatch.LogAccountPolicy(\"field_index\", {\n policyName: \"field-index\",\n policyType: \"FIELD_INDEX_POLICY\",\n policyDocument: JSON.stringify({\n Fields: [\n \"field1\",\n \"field2\",\n ],\n }),\n});\n```\n```python\nimport pulumi\nimport json\nimport pulumi_aws as aws\n\nfield_index = aws.cloudwatch.LogAccountPolicy(\"field_index\",\n policy_name=\"field-index\",\n policy_type=\"FIELD_INDEX_POLICY\",\n policy_document=json.dumps({\n \"Fields\": [\n \"field1\",\n \"field2\",\n ],\n }))\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing System.Text.Json;\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var fieldIndex = new Aws.CloudWatch.LogAccountPolicy(\"field_index\", new()\n {\n PolicyName = \"field-index\",\n PolicyType = \"FIELD_INDEX_POLICY\",\n PolicyDocument = JsonSerializer.Serialize(new Dictionary\u003cstring, object?\u003e\n {\n [\"Fields\"] = new[]\n {\n \"field1\",\n \"field2\",\n },\n }),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"encoding/json\"\n\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/cloudwatch\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\ttmpJSON0, err := json.Marshal(map[string]interface{}{\n\t\t\t\"Fields\": []string{\n\t\t\t\t\"field1\",\n\t\t\t\t\"field2\",\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tjson0 := string(tmpJSON0)\n\t\t_, err = cloudwatch.NewLogAccountPolicy(ctx, \"field_index\", \u0026cloudwatch.LogAccountPolicyArgs{\n\t\t\tPolicyName: pulumi.String(\"field-index\"),\n\t\t\tPolicyType: pulumi.String(\"FIELD_INDEX_POLICY\"),\n\t\t\tPolicyDocument: pulumi.String(json0),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.aws.cloudwatch.LogAccountPolicy;\nimport com.pulumi.aws.cloudwatch.LogAccountPolicyArgs;\nimport static com.pulumi.codegen.internal.Serialization.*;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var fieldIndex = new LogAccountPolicy(\"fieldIndex\", LogAccountPolicyArgs.builder()\n .policyName(\"field-index\")\n .policyType(\"FIELD_INDEX_POLICY\")\n .policyDocument(serializeJson(\n jsonObject(\n jsonProperty(\"Fields\", jsonArray(\n \"field1\", \n \"field2\"\n ))\n )))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n fieldIndex:\n type: aws:cloudwatch:LogAccountPolicy\n name: field_index\n properties:\n policyName: field-index\n policyType: FIELD_INDEX_POLICY\n policyDocument:\n fn::toJSON:\n Fields:\n - field1\n - field2\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nUsing `pulumi import`, import this resource using the `policy_name` and `policy_type` separated by `:`. For example:\n\n```sh\n$ pulumi import aws:cloudwatch/logAccountPolicy:LogAccountPolicy example \"my-account-policy:SUBSCRIPTION_FILTER_POLICY\"\n```\n", "properties": { "policyDocument": { "type": "string", @@ -205038,7 +205445,7 @@ }, "policyType": { "type": "string", - "description": "Type of account policy. Either `DATA_PROTECTION_POLICY` or `SUBSCRIPTION_FILTER_POLICY`. You can have one account policy per type in an account.\n" + "description": "Type of account policy. One of `DATA_PROTECTION_POLICY`, `SUBSCRIPTION_FILTER_POLICY`, `FIELD_INDEX_POLICY` or `TRANSFORMER_POLICY`. You can have one account policy per type in an account.\n" }, "scope": { "type": "string", @@ -205066,7 +205473,7 @@ }, "policyType": { "type": "string", - "description": "Type of account policy. Either `DATA_PROTECTION_POLICY` or `SUBSCRIPTION_FILTER_POLICY`. You can have one account policy per type in an account.\n", + "description": "Type of account policy. One of `DATA_PROTECTION_POLICY`, `SUBSCRIPTION_FILTER_POLICY`, `FIELD_INDEX_POLICY` or `TRANSFORMER_POLICY`. You can have one account policy per type in an account.\n", "willReplaceOnChanges": true }, "scope": { @@ -205098,7 +205505,7 @@ }, "policyType": { "type": "string", - "description": "Type of account policy. Either `DATA_PROTECTION_POLICY` or `SUBSCRIPTION_FILTER_POLICY`. You can have one account policy per type in an account.\n", + "description": "Type of account policy. One of `DATA_PROTECTION_POLICY`, `SUBSCRIPTION_FILTER_POLICY`, `FIELD_INDEX_POLICY` or `TRANSFORMER_POLICY`. You can have one account policy per type in an account.\n", "willReplaceOnChanges": true }, "scope": { @@ -223854,6 +224261,10 @@ "type": "string", "description": "The ASN to be configured on the Amazon side of the connection. The ASN must be in the private range of 64,512 to 65,534 or 4,200,000,000 to 4,294,967,294.\n" }, + "arn": { + "type": "string", + "description": "The ARN of the gateway.\n" + }, "name": { "type": "string", "description": "The name of the connection.\n" @@ -223865,6 +224276,7 @@ }, "required": [ "amazonSideAsn", + "arn", "name", "ownerAccountId" ], @@ -223890,6 +224302,10 @@ "description": "The ASN to be configured on the Amazon side of the connection. The ASN must be in the private range of 64,512 to 65,534 or 4,200,000,000 to 4,294,967,294.\n", "willReplaceOnChanges": true }, + "arn": { + "type": "string", + "description": "The ARN of the gateway.\n" + }, "name": { "type": "string", "description": "The name of the connection.\n" @@ -246899,6 +247315,10 @@ "type": "string", "description": "The service name. For AWS services the service name is usually in the form `com.amazonaws.\u003cregion\u003e.\u003cservice\u003e` (the SageMaker Notebook service is an exception to this rule, the service name is in the form `aws.sagemaker.\u003cregion\u003e.notebook`).\n" }, + "serviceRegion": { + "type": "string", + "description": "The AWS region of the VPC Endpoint Service. If specified, the VPC endpoint will connect to the service in the provided region. Applicable for endpoints of type `Interface`.\n" + }, "state": { "type": "string", "description": "The state of the VPC endpoint.\n" @@ -246956,6 +247376,7 @@ "routeTableIds", "securityGroupIds", "serviceName", + "serviceRegion", "state", "subnetConfigurations", "subnetIds", @@ -247002,6 +247423,11 @@ "description": "The service name. For AWS services the service name is usually in the form `com.amazonaws.\u003cregion\u003e.\u003cservice\u003e` (the SageMaker Notebook service is an exception to this rule, the service name is in the form `aws.sagemaker.\u003cregion\u003e.notebook`).\n", "willReplaceOnChanges": true }, + "serviceRegion": { + "type": "string", + "description": "The AWS region of the VPC Endpoint Service. If specified, the VPC endpoint will connect to the service in the provided region. Applicable for endpoints of type `Interface`.\n", + "willReplaceOnChanges": true + }, "subnetConfigurations": { "type": "array", "items": { @@ -247117,6 +247543,11 @@ "description": "The service name. For AWS services the service name is usually in the form `com.amazonaws.\u003cregion\u003e.\u003cservice\u003e` (the SageMaker Notebook service is an exception to this rule, the service name is in the form `aws.sagemaker.\u003cregion\u003e.notebook`).\n", "willReplaceOnChanges": true }, + "serviceRegion": { + "type": "string", + "description": "The AWS region of the VPC Endpoint Service. If specified, the VPC endpoint will connect to the service in the provided region. Applicable for endpoints of type `Interface`.\n", + "willReplaceOnChanges": true + }, "state": { "type": "string", "description": "The state of the VPC endpoint.\n" @@ -257564,7 +257995,7 @@ } }, "aws:eks/cluster:Cluster": { - "description": "Manages an EKS Cluster.\n\n## Example Usage\n\n### EKS Cluster\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst cluster = new aws.iam.Role(\"cluster\", {\n name: \"eks-cluster-example\",\n assumeRolePolicy: JSON.stringify({\n Version: \"2012-10-17\",\n Statement: [{\n Action: [\n \"sts:AssumeRole\",\n \"sts:TagSession\",\n ],\n Effect: \"Allow\",\n Principal: {\n Service: \"eks.amazonaws.com\",\n },\n }],\n }),\n});\nconst clusterAmazonEKSClusterPolicy = new aws.iam.RolePolicyAttachment(\"cluster_AmazonEKSClusterPolicy\", {\n policyArn: \"arn:aws:iam::aws:policy/AmazonEKSClusterPolicy\",\n role: cluster.name,\n});\nconst example = new aws.eks.Cluster(\"example\", {\n name: \"example\",\n accessConfig: {\n authenticationMode: \"API\",\n },\n roleArn: exampleAwsIamRole.arn,\n version: \"1.31\",\n vpcConfig: {\n subnetIds: [\n az1.id,\n az2.id,\n az3.id,\n ],\n },\n}, {\n dependsOn: [clusterAmazonEKSClusterPolicy],\n});\n```\n```python\nimport pulumi\nimport json\nimport pulumi_aws as aws\n\ncluster = aws.iam.Role(\"cluster\",\n name=\"eks-cluster-example\",\n assume_role_policy=json.dumps({\n \"Version\": \"2012-10-17\",\n \"Statement\": [{\n \"Action\": [\n \"sts:AssumeRole\",\n \"sts:TagSession\",\n ],\n \"Effect\": \"Allow\",\n \"Principal\": {\n \"Service\": \"eks.amazonaws.com\",\n },\n }],\n }))\ncluster_amazon_eks_cluster_policy = aws.iam.RolePolicyAttachment(\"cluster_AmazonEKSClusterPolicy\",\n policy_arn=\"arn:aws:iam::aws:policy/AmazonEKSClusterPolicy\",\n role=cluster.name)\nexample = aws.eks.Cluster(\"example\",\n name=\"example\",\n access_config={\n \"authentication_mode\": \"API\",\n },\n role_arn=example_aws_iam_role[\"arn\"],\n version=\"1.31\",\n vpc_config={\n \"subnet_ids\": [\n az1[\"id\"],\n az2[\"id\"],\n az3[\"id\"],\n ],\n },\n opts = pulumi.ResourceOptions(depends_on=[cluster_amazon_eks_cluster_policy]))\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing System.Text.Json;\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var cluster = new Aws.Iam.Role(\"cluster\", new()\n {\n Name = \"eks-cluster-example\",\n AssumeRolePolicy = JsonSerializer.Serialize(new Dictionary\u003cstring, object?\u003e\n {\n [\"Version\"] = \"2012-10-17\",\n [\"Statement\"] = new[]\n {\n new Dictionary\u003cstring, object?\u003e\n {\n [\"Action\"] = new[]\n {\n \"sts:AssumeRole\",\n \"sts:TagSession\",\n },\n [\"Effect\"] = \"Allow\",\n [\"Principal\"] = new Dictionary\u003cstring, object?\u003e\n {\n [\"Service\"] = \"eks.amazonaws.com\",\n },\n },\n },\n }),\n });\n\n var clusterAmazonEKSClusterPolicy = new Aws.Iam.RolePolicyAttachment(\"cluster_AmazonEKSClusterPolicy\", new()\n {\n PolicyArn = \"arn:aws:iam::aws:policy/AmazonEKSClusterPolicy\",\n Role = cluster.Name,\n });\n\n var example = new Aws.Eks.Cluster(\"example\", new()\n {\n Name = \"example\",\n AccessConfig = new Aws.Eks.Inputs.ClusterAccessConfigArgs\n {\n AuthenticationMode = \"API\",\n },\n RoleArn = exampleAwsIamRole.Arn,\n Version = \"1.31\",\n VpcConfig = new Aws.Eks.Inputs.ClusterVpcConfigArgs\n {\n SubnetIds = new[]\n {\n az1.Id,\n az2.Id,\n az3.Id,\n },\n },\n }, new CustomResourceOptions\n {\n DependsOn =\n {\n clusterAmazonEKSClusterPolicy,\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"encoding/json\"\n\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/eks\"\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/iam\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\ttmpJSON0, err := json.Marshal(map[string]interface{}{\n\t\t\t\"Version\": \"2012-10-17\",\n\t\t\t\"Statement\": []map[string]interface{}{\n\t\t\t\tmap[string]interface{}{\n\t\t\t\t\t\"Action\": []string{\n\t\t\t\t\t\t\"sts:AssumeRole\",\n\t\t\t\t\t\t\"sts:TagSession\",\n\t\t\t\t\t},\n\t\t\t\t\t\"Effect\": \"Allow\",\n\t\t\t\t\t\"Principal\": map[string]interface{}{\n\t\t\t\t\t\t\"Service\": \"eks.amazonaws.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tjson0 := string(tmpJSON0)\n\t\tcluster, err := iam.NewRole(ctx, \"cluster\", \u0026iam.RoleArgs{\n\t\t\tName: pulumi.String(\"eks-cluster-example\"),\n\t\t\tAssumeRolePolicy: pulumi.String(json0),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tclusterAmazonEKSClusterPolicy, err := iam.NewRolePolicyAttachment(ctx, \"cluster_AmazonEKSClusterPolicy\", \u0026iam.RolePolicyAttachmentArgs{\n\t\t\tPolicyArn: pulumi.String(\"arn:aws:iam::aws:policy/AmazonEKSClusterPolicy\"),\n\t\t\tRole: cluster.Name,\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = eks.NewCluster(ctx, \"example\", \u0026eks.ClusterArgs{\n\t\t\tName: pulumi.String(\"example\"),\n\t\t\tAccessConfig: \u0026eks.ClusterAccessConfigArgs{\n\t\t\t\tAuthenticationMode: pulumi.String(\"API\"),\n\t\t\t},\n\t\t\tRoleArn: pulumi.Any(exampleAwsIamRole.Arn),\n\t\t\tVersion: pulumi.String(\"1.31\"),\n\t\t\tVpcConfig: \u0026eks.ClusterVpcConfigArgs{\n\t\t\t\tSubnetIds: pulumi.StringArray{\n\t\t\t\t\taz1.Id,\n\t\t\t\t\taz2.Id,\n\t\t\t\t\taz3.Id,\n\t\t\t\t},\n\t\t\t},\n\t\t}, pulumi.DependsOn([]pulumi.Resource{\n\t\t\tclusterAmazonEKSClusterPolicy,\n\t\t}))\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.aws.iam.Role;\nimport com.pulumi.aws.iam.RoleArgs;\nimport com.pulumi.aws.iam.RolePolicyAttachment;\nimport com.pulumi.aws.iam.RolePolicyAttachmentArgs;\nimport com.pulumi.aws.eks.Cluster;\nimport com.pulumi.aws.eks.ClusterArgs;\nimport com.pulumi.aws.eks.inputs.ClusterAccessConfigArgs;\nimport com.pulumi.aws.eks.inputs.ClusterVpcConfigArgs;\nimport static com.pulumi.codegen.internal.Serialization.*;\nimport com.pulumi.resources.CustomResourceOptions;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var cluster = new Role(\"cluster\", RoleArgs.builder()\n .name(\"eks-cluster-example\")\n .assumeRolePolicy(serializeJson(\n jsonObject(\n jsonProperty(\"Version\", \"2012-10-17\"),\n jsonProperty(\"Statement\", jsonArray(jsonObject(\n jsonProperty(\"Action\", jsonArray(\n \"sts:AssumeRole\", \n \"sts:TagSession\"\n )),\n jsonProperty(\"Effect\", \"Allow\"),\n jsonProperty(\"Principal\", jsonObject(\n jsonProperty(\"Service\", \"eks.amazonaws.com\")\n ))\n )))\n )))\n .build());\n\n var clusterAmazonEKSClusterPolicy = new RolePolicyAttachment(\"clusterAmazonEKSClusterPolicy\", RolePolicyAttachmentArgs.builder()\n .policyArn(\"arn:aws:iam::aws:policy/AmazonEKSClusterPolicy\")\n .role(cluster.name())\n .build());\n\n var example = new Cluster(\"example\", ClusterArgs.builder()\n .name(\"example\")\n .accessConfig(ClusterAccessConfigArgs.builder()\n .authenticationMode(\"API\")\n .build())\n .roleArn(exampleAwsIamRole.arn())\n .version(\"1.31\")\n .vpcConfig(ClusterVpcConfigArgs.builder()\n .subnetIds( \n az1.id(),\n az2.id(),\n az3.id())\n .build())\n .build(), CustomResourceOptions.builder()\n .dependsOn(clusterAmazonEKSClusterPolicy)\n .build());\n\n }\n}\n```\n```yaml\nresources:\n example:\n type: aws:eks:Cluster\n properties:\n name: example\n accessConfig:\n authenticationMode: API\n roleArn: ${exampleAwsIamRole.arn}\n version: '1.31'\n vpcConfig:\n subnetIds:\n - ${az1.id}\n - ${az2.id}\n - ${az3.id}\n options:\n dependsOn:\n - ${clusterAmazonEKSClusterPolicy}\n cluster:\n type: aws:iam:Role\n properties:\n name: eks-cluster-example\n assumeRolePolicy:\n fn::toJSON:\n Version: 2012-10-17\n Statement:\n - Action:\n - sts:AssumeRole\n - sts:TagSession\n Effect: Allow\n Principal:\n Service: eks.amazonaws.com\n clusterAmazonEKSClusterPolicy:\n type: aws:iam:RolePolicyAttachment\n name: cluster_AmazonEKSClusterPolicy\n properties:\n policyArn: arn:aws:iam::aws:policy/AmazonEKSClusterPolicy\n role: ${cluster.name}\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n### EKS Cluster with EKS Auto Mode\n\n\u003e **NOTE:** When using EKS Auto Mode `compute_config.enabled`, `kubernetes_network_config.elastic_load_balancing.enabled`, and `storage_config.block_storage.enabled` must *ALL be set to `true`. Likewise for disabling EKS Auto Mode, all three arguments must be set to `false`.\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst node = new aws.iam.Role(\"node\", {\n name: \"eks-auto-node-example\",\n assumeRolePolicy: JSON.stringify({\n Version: \"2012-10-17\",\n Statement: [{\n Action: [\"sts:AssumeRole\"],\n Effect: \"Allow\",\n Principal: {\n Service: \"ec2.amazonaws.com\",\n },\n }],\n }),\n});\nconst cluster = new aws.iam.Role(\"cluster\", {\n name: \"eks-cluster-example\",\n assumeRolePolicy: JSON.stringify({\n Version: \"2012-10-17\",\n Statement: [{\n Action: [\n \"sts:AssumeRole\",\n \"sts:TagSession\",\n ],\n Effect: \"Allow\",\n Principal: {\n Service: \"eks.amazonaws.com\",\n },\n }],\n }),\n});\nconst clusterAmazonEKSClusterPolicy = new aws.iam.RolePolicyAttachment(\"cluster_AmazonEKSClusterPolicy\", {\n policyArn: \"arn:aws:iam::aws:policy/AmazonEKSClusterPolicy\",\n role: cluster.name,\n});\nconst clusterAmazonEKSComputePolicy = new aws.iam.RolePolicyAttachment(\"cluster_AmazonEKSComputePolicy\", {\n policyArn: \"arn:aws:iam::aws:policy/AmazonEKSComputePolicy\",\n role: cluster.name,\n});\nconst clusterAmazonEKSBlockStoragePolicy = new aws.iam.RolePolicyAttachment(\"cluster_AmazonEKSBlockStoragePolicy\", {\n policyArn: \"arn:aws:iam::aws:policy/AmazonEKSBlockStoragePolicy\",\n role: cluster.name,\n});\nconst clusterAmazonEKSLoadBalancingPolicy = new aws.iam.RolePolicyAttachment(\"cluster_AmazonEKSLoadBalancingPolicy\", {\n policyArn: \"arn:aws:iam::aws:policy/AmazonEKSLoadBalancingPolicy\",\n role: cluster.name,\n});\nconst clusterAmazonEKSNetworkingPolicy = new aws.iam.RolePolicyAttachment(\"cluster_AmazonEKSNetworkingPolicy\", {\n policyArn: \"arn:aws:iam::aws:policy/AmazonEKSNetworkingPolicy\",\n role: cluster.name,\n});\nconst example = new aws.eks.Cluster(\"example\", {\n name: \"example\",\n accessConfig: {\n authenticationMode: \"API\",\n },\n roleArn: cluster.arn,\n version: \"1.31\",\n computeConfig: {\n enabled: true,\n nodePools: [\"general-purpose\"],\n nodeRoleArn: node.arn,\n },\n kubernetesNetworkConfig: {\n elasticLoadBalancing: {\n enabled: true,\n },\n },\n storageConfig: {\n blockStorage: {\n enabled: true,\n },\n },\n vpcConfig: {\n endpointPrivateAccess: true,\n endpointPublicAccess: true,\n subnetIds: [\n az1.id,\n az2.id,\n az3.id,\n ],\n },\n}, {\n dependsOn: [\n clusterAmazonEKSClusterPolicy,\n clusterAmazonEKSComputePolicy,\n clusterAmazonEKSBlockStoragePolicy,\n clusterAmazonEKSLoadBalancingPolicy,\n clusterAmazonEKSNetworkingPolicy,\n ],\n});\nconst nodeAmazonEKSWorkerNodeMinimalPolicy = new aws.iam.RolePolicyAttachment(\"node_AmazonEKSWorkerNodeMinimalPolicy\", {\n policyArn: \"arn:aws:iam::aws:policy/AmazonEKSWorkerNodeMinimalPolicy\",\n role: node.name,\n});\nconst nodeAmazonEC2ContainerRegistryPullOnly = new aws.iam.RolePolicyAttachment(\"node_AmazonEC2ContainerRegistryPullOnly\", {\n policyArn: \"arn:aws:iam::aws:policy/AmazonEC2ContainerRegistryPullOnly\",\n role: node.name,\n});\n```\n```python\nimport pulumi\nimport json\nimport pulumi_aws as aws\n\nnode = aws.iam.Role(\"node\",\n name=\"eks-auto-node-example\",\n assume_role_policy=json.dumps({\n \"Version\": \"2012-10-17\",\n \"Statement\": [{\n \"Action\": [\"sts:AssumeRole\"],\n \"Effect\": \"Allow\",\n \"Principal\": {\n \"Service\": \"ec2.amazonaws.com\",\n },\n }],\n }))\ncluster = aws.iam.Role(\"cluster\",\n name=\"eks-cluster-example\",\n assume_role_policy=json.dumps({\n \"Version\": \"2012-10-17\",\n \"Statement\": [{\n \"Action\": [\n \"sts:AssumeRole\",\n \"sts:TagSession\",\n ],\n \"Effect\": \"Allow\",\n \"Principal\": {\n \"Service\": \"eks.amazonaws.com\",\n },\n }],\n }))\ncluster_amazon_eks_cluster_policy = aws.iam.RolePolicyAttachment(\"cluster_AmazonEKSClusterPolicy\",\n policy_arn=\"arn:aws:iam::aws:policy/AmazonEKSClusterPolicy\",\n role=cluster.name)\ncluster_amazon_eks_compute_policy = aws.iam.RolePolicyAttachment(\"cluster_AmazonEKSComputePolicy\",\n policy_arn=\"arn:aws:iam::aws:policy/AmazonEKSComputePolicy\",\n role=cluster.name)\ncluster_amazon_eks_block_storage_policy = aws.iam.RolePolicyAttachment(\"cluster_AmazonEKSBlockStoragePolicy\",\n policy_arn=\"arn:aws:iam::aws:policy/AmazonEKSBlockStoragePolicy\",\n role=cluster.name)\ncluster_amazon_eks_load_balancing_policy = aws.iam.RolePolicyAttachment(\"cluster_AmazonEKSLoadBalancingPolicy\",\n policy_arn=\"arn:aws:iam::aws:policy/AmazonEKSLoadBalancingPolicy\",\n role=cluster.name)\ncluster_amazon_eks_networking_policy = aws.iam.RolePolicyAttachment(\"cluster_AmazonEKSNetworkingPolicy\",\n policy_arn=\"arn:aws:iam::aws:policy/AmazonEKSNetworkingPolicy\",\n role=cluster.name)\nexample = aws.eks.Cluster(\"example\",\n name=\"example\",\n access_config={\n \"authentication_mode\": \"API\",\n },\n role_arn=cluster.arn,\n version=\"1.31\",\n compute_config={\n \"enabled\": True,\n \"node_pools\": [\"general-purpose\"],\n \"node_role_arn\": node.arn,\n },\n kubernetes_network_config={\n \"elastic_load_balancing\": {\n \"enabled\": True,\n },\n },\n storage_config={\n \"block_storage\": {\n \"enabled\": True,\n },\n },\n vpc_config={\n \"endpoint_private_access\": True,\n \"endpoint_public_access\": True,\n \"subnet_ids\": [\n az1[\"id\"],\n az2[\"id\"],\n az3[\"id\"],\n ],\n },\n opts = pulumi.ResourceOptions(depends_on=[\n cluster_amazon_eks_cluster_policy,\n cluster_amazon_eks_compute_policy,\n cluster_amazon_eks_block_storage_policy,\n cluster_amazon_eks_load_balancing_policy,\n cluster_amazon_eks_networking_policy,\n ]))\nnode_amazon_eks_worker_node_minimal_policy = aws.iam.RolePolicyAttachment(\"node_AmazonEKSWorkerNodeMinimalPolicy\",\n policy_arn=\"arn:aws:iam::aws:policy/AmazonEKSWorkerNodeMinimalPolicy\",\n role=node.name)\nnode_amazon_ec2_container_registry_pull_only = aws.iam.RolePolicyAttachment(\"node_AmazonEC2ContainerRegistryPullOnly\",\n policy_arn=\"arn:aws:iam::aws:policy/AmazonEC2ContainerRegistryPullOnly\",\n role=node.name)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing System.Text.Json;\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var node = new Aws.Iam.Role(\"node\", new()\n {\n Name = \"eks-auto-node-example\",\n AssumeRolePolicy = JsonSerializer.Serialize(new Dictionary\u003cstring, object?\u003e\n {\n [\"Version\"] = \"2012-10-17\",\n [\"Statement\"] = new[]\n {\n new Dictionary\u003cstring, object?\u003e\n {\n [\"Action\"] = new[]\n {\n \"sts:AssumeRole\",\n },\n [\"Effect\"] = \"Allow\",\n [\"Principal\"] = new Dictionary\u003cstring, object?\u003e\n {\n [\"Service\"] = \"ec2.amazonaws.com\",\n },\n },\n },\n }),\n });\n\n var cluster = new Aws.Iam.Role(\"cluster\", new()\n {\n Name = \"eks-cluster-example\",\n AssumeRolePolicy = JsonSerializer.Serialize(new Dictionary\u003cstring, object?\u003e\n {\n [\"Version\"] = \"2012-10-17\",\n [\"Statement\"] = new[]\n {\n new Dictionary\u003cstring, object?\u003e\n {\n [\"Action\"] = new[]\n {\n \"sts:AssumeRole\",\n \"sts:TagSession\",\n },\n [\"Effect\"] = \"Allow\",\n [\"Principal\"] = new Dictionary\u003cstring, object?\u003e\n {\n [\"Service\"] = \"eks.amazonaws.com\",\n },\n },\n },\n }),\n });\n\n var clusterAmazonEKSClusterPolicy = new Aws.Iam.RolePolicyAttachment(\"cluster_AmazonEKSClusterPolicy\", new()\n {\n PolicyArn = \"arn:aws:iam::aws:policy/AmazonEKSClusterPolicy\",\n Role = cluster.Name,\n });\n\n var clusterAmazonEKSComputePolicy = new Aws.Iam.RolePolicyAttachment(\"cluster_AmazonEKSComputePolicy\", new()\n {\n PolicyArn = \"arn:aws:iam::aws:policy/AmazonEKSComputePolicy\",\n Role = cluster.Name,\n });\n\n var clusterAmazonEKSBlockStoragePolicy = new Aws.Iam.RolePolicyAttachment(\"cluster_AmazonEKSBlockStoragePolicy\", new()\n {\n PolicyArn = \"arn:aws:iam::aws:policy/AmazonEKSBlockStoragePolicy\",\n Role = cluster.Name,\n });\n\n var clusterAmazonEKSLoadBalancingPolicy = new Aws.Iam.RolePolicyAttachment(\"cluster_AmazonEKSLoadBalancingPolicy\", new()\n {\n PolicyArn = \"arn:aws:iam::aws:policy/AmazonEKSLoadBalancingPolicy\",\n Role = cluster.Name,\n });\n\n var clusterAmazonEKSNetworkingPolicy = new Aws.Iam.RolePolicyAttachment(\"cluster_AmazonEKSNetworkingPolicy\", new()\n {\n PolicyArn = \"arn:aws:iam::aws:policy/AmazonEKSNetworkingPolicy\",\n Role = cluster.Name,\n });\n\n var example = new Aws.Eks.Cluster(\"example\", new()\n {\n Name = \"example\",\n AccessConfig = new Aws.Eks.Inputs.ClusterAccessConfigArgs\n {\n AuthenticationMode = \"API\",\n },\n RoleArn = cluster.Arn,\n Version = \"1.31\",\n ComputeConfig = new Aws.Eks.Inputs.ClusterComputeConfigArgs\n {\n Enabled = true,\n NodePools = new[]\n {\n \"general-purpose\",\n },\n NodeRoleArn = node.Arn,\n },\n KubernetesNetworkConfig = new Aws.Eks.Inputs.ClusterKubernetesNetworkConfigArgs\n {\n ElasticLoadBalancing = new Aws.Eks.Inputs.ClusterKubernetesNetworkConfigElasticLoadBalancingArgs\n {\n Enabled = true,\n },\n },\n StorageConfig = new Aws.Eks.Inputs.ClusterStorageConfigArgs\n {\n BlockStorage = new Aws.Eks.Inputs.ClusterStorageConfigBlockStorageArgs\n {\n Enabled = true,\n },\n },\n VpcConfig = new Aws.Eks.Inputs.ClusterVpcConfigArgs\n {\n EndpointPrivateAccess = true,\n EndpointPublicAccess = true,\n SubnetIds = new[]\n {\n az1.Id,\n az2.Id,\n az3.Id,\n },\n },\n }, new CustomResourceOptions\n {\n DependsOn =\n {\n clusterAmazonEKSClusterPolicy,\n clusterAmazonEKSComputePolicy,\n clusterAmazonEKSBlockStoragePolicy,\n clusterAmazonEKSLoadBalancingPolicy,\n clusterAmazonEKSNetworkingPolicy,\n },\n });\n\n var nodeAmazonEKSWorkerNodeMinimalPolicy = new Aws.Iam.RolePolicyAttachment(\"node_AmazonEKSWorkerNodeMinimalPolicy\", new()\n {\n PolicyArn = \"arn:aws:iam::aws:policy/AmazonEKSWorkerNodeMinimalPolicy\",\n Role = node.Name,\n });\n\n var nodeAmazonEC2ContainerRegistryPullOnly = new Aws.Iam.RolePolicyAttachment(\"node_AmazonEC2ContainerRegistryPullOnly\", new()\n {\n PolicyArn = \"arn:aws:iam::aws:policy/AmazonEC2ContainerRegistryPullOnly\",\n Role = node.Name,\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"encoding/json\"\n\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/eks\"\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/iam\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\ttmpJSON0, err := json.Marshal(map[string]interface{}{\n\t\t\t\"Version\": \"2012-10-17\",\n\t\t\t\"Statement\": []map[string]interface{}{\n\t\t\t\tmap[string]interface{}{\n\t\t\t\t\t\"Action\": []string{\n\t\t\t\t\t\t\"sts:AssumeRole\",\n\t\t\t\t\t},\n\t\t\t\t\t\"Effect\": \"Allow\",\n\t\t\t\t\t\"Principal\": map[string]interface{}{\n\t\t\t\t\t\t\"Service\": \"ec2.amazonaws.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tjson0 := string(tmpJSON0)\n\t\tnode, err := iam.NewRole(ctx, \"node\", \u0026iam.RoleArgs{\n\t\t\tName: pulumi.String(\"eks-auto-node-example\"),\n\t\t\tAssumeRolePolicy: pulumi.String(json0),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\ttmpJSON1, err := json.Marshal(map[string]interface{}{\n\t\t\t\"Version\": \"2012-10-17\",\n\t\t\t\"Statement\": []map[string]interface{}{\n\t\t\t\tmap[string]interface{}{\n\t\t\t\t\t\"Action\": []string{\n\t\t\t\t\t\t\"sts:AssumeRole\",\n\t\t\t\t\t\t\"sts:TagSession\",\n\t\t\t\t\t},\n\t\t\t\t\t\"Effect\": \"Allow\",\n\t\t\t\t\t\"Principal\": map[string]interface{}{\n\t\t\t\t\t\t\"Service\": \"eks.amazonaws.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tjson1 := string(tmpJSON1)\n\t\tcluster, err := iam.NewRole(ctx, \"cluster\", \u0026iam.RoleArgs{\n\t\t\tName: pulumi.String(\"eks-cluster-example\"),\n\t\t\tAssumeRolePolicy: pulumi.String(json1),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tclusterAmazonEKSClusterPolicy, err := iam.NewRolePolicyAttachment(ctx, \"cluster_AmazonEKSClusterPolicy\", \u0026iam.RolePolicyAttachmentArgs{\n\t\t\tPolicyArn: pulumi.String(\"arn:aws:iam::aws:policy/AmazonEKSClusterPolicy\"),\n\t\t\tRole: cluster.Name,\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tclusterAmazonEKSComputePolicy, err := iam.NewRolePolicyAttachment(ctx, \"cluster_AmazonEKSComputePolicy\", \u0026iam.RolePolicyAttachmentArgs{\n\t\t\tPolicyArn: pulumi.String(\"arn:aws:iam::aws:policy/AmazonEKSComputePolicy\"),\n\t\t\tRole: cluster.Name,\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tclusterAmazonEKSBlockStoragePolicy, err := iam.NewRolePolicyAttachment(ctx, \"cluster_AmazonEKSBlockStoragePolicy\", \u0026iam.RolePolicyAttachmentArgs{\n\t\t\tPolicyArn: pulumi.String(\"arn:aws:iam::aws:policy/AmazonEKSBlockStoragePolicy\"),\n\t\t\tRole: cluster.Name,\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tclusterAmazonEKSLoadBalancingPolicy, err := iam.NewRolePolicyAttachment(ctx, \"cluster_AmazonEKSLoadBalancingPolicy\", \u0026iam.RolePolicyAttachmentArgs{\n\t\t\tPolicyArn: pulumi.String(\"arn:aws:iam::aws:policy/AmazonEKSLoadBalancingPolicy\"),\n\t\t\tRole: cluster.Name,\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tclusterAmazonEKSNetworkingPolicy, err := iam.NewRolePolicyAttachment(ctx, \"cluster_AmazonEKSNetworkingPolicy\", \u0026iam.RolePolicyAttachmentArgs{\n\t\t\tPolicyArn: pulumi.String(\"arn:aws:iam::aws:policy/AmazonEKSNetworkingPolicy\"),\n\t\t\tRole: cluster.Name,\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = eks.NewCluster(ctx, \"example\", \u0026eks.ClusterArgs{\n\t\t\tName: pulumi.String(\"example\"),\n\t\t\tAccessConfig: \u0026eks.ClusterAccessConfigArgs{\n\t\t\t\tAuthenticationMode: pulumi.String(\"API\"),\n\t\t\t},\n\t\t\tRoleArn: cluster.Arn,\n\t\t\tVersion: pulumi.String(\"1.31\"),\n\t\t\tComputeConfig: \u0026eks.ClusterComputeConfigArgs{\n\t\t\t\tEnabled: pulumi.Bool(true),\n\t\t\t\tNodePools: pulumi.StringArray{\n\t\t\t\t\tpulumi.String(\"general-purpose\"),\n\t\t\t\t},\n\t\t\t\tNodeRoleArn: node.Arn,\n\t\t\t},\n\t\t\tKubernetesNetworkConfig: \u0026eks.ClusterKubernetesNetworkConfigArgs{\n\t\t\t\tElasticLoadBalancing: \u0026eks.ClusterKubernetesNetworkConfigElasticLoadBalancingArgs{\n\t\t\t\t\tEnabled: pulumi.Bool(true),\n\t\t\t\t},\n\t\t\t},\n\t\t\tStorageConfig: \u0026eks.ClusterStorageConfigArgs{\n\t\t\t\tBlockStorage: \u0026eks.ClusterStorageConfigBlockStorageArgs{\n\t\t\t\t\tEnabled: pulumi.Bool(true),\n\t\t\t\t},\n\t\t\t},\n\t\t\tVpcConfig: \u0026eks.ClusterVpcConfigArgs{\n\t\t\t\tEndpointPrivateAccess: pulumi.Bool(true),\n\t\t\t\tEndpointPublicAccess: pulumi.Bool(true),\n\t\t\t\tSubnetIds: pulumi.StringArray{\n\t\t\t\t\taz1.Id,\n\t\t\t\t\taz2.Id,\n\t\t\t\t\taz3.Id,\n\t\t\t\t},\n\t\t\t},\n\t\t}, pulumi.DependsOn([]pulumi.Resource{\n\t\t\tclusterAmazonEKSClusterPolicy,\n\t\t\tclusterAmazonEKSComputePolicy,\n\t\t\tclusterAmazonEKSBlockStoragePolicy,\n\t\t\tclusterAmazonEKSLoadBalancingPolicy,\n\t\t\tclusterAmazonEKSNetworkingPolicy,\n\t\t}))\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = iam.NewRolePolicyAttachment(ctx, \"node_AmazonEKSWorkerNodeMinimalPolicy\", \u0026iam.RolePolicyAttachmentArgs{\n\t\t\tPolicyArn: pulumi.String(\"arn:aws:iam::aws:policy/AmazonEKSWorkerNodeMinimalPolicy\"),\n\t\t\tRole: node.Name,\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = iam.NewRolePolicyAttachment(ctx, \"node_AmazonEC2ContainerRegistryPullOnly\", \u0026iam.RolePolicyAttachmentArgs{\n\t\t\tPolicyArn: pulumi.String(\"arn:aws:iam::aws:policy/AmazonEC2ContainerRegistryPullOnly\"),\n\t\t\tRole: node.Name,\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.aws.iam.Role;\nimport com.pulumi.aws.iam.RoleArgs;\nimport com.pulumi.aws.iam.RolePolicyAttachment;\nimport com.pulumi.aws.iam.RolePolicyAttachmentArgs;\nimport com.pulumi.aws.eks.Cluster;\nimport com.pulumi.aws.eks.ClusterArgs;\nimport com.pulumi.aws.eks.inputs.ClusterAccessConfigArgs;\nimport com.pulumi.aws.eks.inputs.ClusterComputeConfigArgs;\nimport com.pulumi.aws.eks.inputs.ClusterKubernetesNetworkConfigArgs;\nimport com.pulumi.aws.eks.inputs.ClusterKubernetesNetworkConfigElasticLoadBalancingArgs;\nimport com.pulumi.aws.eks.inputs.ClusterStorageConfigArgs;\nimport com.pulumi.aws.eks.inputs.ClusterStorageConfigBlockStorageArgs;\nimport com.pulumi.aws.eks.inputs.ClusterVpcConfigArgs;\nimport static com.pulumi.codegen.internal.Serialization.*;\nimport com.pulumi.resources.CustomResourceOptions;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var node = new Role(\"node\", RoleArgs.builder()\n .name(\"eks-auto-node-example\")\n .assumeRolePolicy(serializeJson(\n jsonObject(\n jsonProperty(\"Version\", \"2012-10-17\"),\n jsonProperty(\"Statement\", jsonArray(jsonObject(\n jsonProperty(\"Action\", jsonArray(\"sts:AssumeRole\")),\n jsonProperty(\"Effect\", \"Allow\"),\n jsonProperty(\"Principal\", jsonObject(\n jsonProperty(\"Service\", \"ec2.amazonaws.com\")\n ))\n )))\n )))\n .build());\n\n var cluster = new Role(\"cluster\", RoleArgs.builder()\n .name(\"eks-cluster-example\")\n .assumeRolePolicy(serializeJson(\n jsonObject(\n jsonProperty(\"Version\", \"2012-10-17\"),\n jsonProperty(\"Statement\", jsonArray(jsonObject(\n jsonProperty(\"Action\", jsonArray(\n \"sts:AssumeRole\", \n \"sts:TagSession\"\n )),\n jsonProperty(\"Effect\", \"Allow\"),\n jsonProperty(\"Principal\", jsonObject(\n jsonProperty(\"Service\", \"eks.amazonaws.com\")\n ))\n )))\n )))\n .build());\n\n var clusterAmazonEKSClusterPolicy = new RolePolicyAttachment(\"clusterAmazonEKSClusterPolicy\", RolePolicyAttachmentArgs.builder()\n .policyArn(\"arn:aws:iam::aws:policy/AmazonEKSClusterPolicy\")\n .role(cluster.name())\n .build());\n\n var clusterAmazonEKSComputePolicy = new RolePolicyAttachment(\"clusterAmazonEKSComputePolicy\", RolePolicyAttachmentArgs.builder()\n .policyArn(\"arn:aws:iam::aws:policy/AmazonEKSComputePolicy\")\n .role(cluster.name())\n .build());\n\n var clusterAmazonEKSBlockStoragePolicy = new RolePolicyAttachment(\"clusterAmazonEKSBlockStoragePolicy\", RolePolicyAttachmentArgs.builder()\n .policyArn(\"arn:aws:iam::aws:policy/AmazonEKSBlockStoragePolicy\")\n .role(cluster.name())\n .build());\n\n var clusterAmazonEKSLoadBalancingPolicy = new RolePolicyAttachment(\"clusterAmazonEKSLoadBalancingPolicy\", RolePolicyAttachmentArgs.builder()\n .policyArn(\"arn:aws:iam::aws:policy/AmazonEKSLoadBalancingPolicy\")\n .role(cluster.name())\n .build());\n\n var clusterAmazonEKSNetworkingPolicy = new RolePolicyAttachment(\"clusterAmazonEKSNetworkingPolicy\", RolePolicyAttachmentArgs.builder()\n .policyArn(\"arn:aws:iam::aws:policy/AmazonEKSNetworkingPolicy\")\n .role(cluster.name())\n .build());\n\n var example = new Cluster(\"example\", ClusterArgs.builder()\n .name(\"example\")\n .accessConfig(ClusterAccessConfigArgs.builder()\n .authenticationMode(\"API\")\n .build())\n .roleArn(cluster.arn())\n .version(\"1.31\")\n .computeConfig(ClusterComputeConfigArgs.builder()\n .enabled(true)\n .nodePools(\"general-purpose\")\n .nodeRoleArn(node.arn())\n .build())\n .kubernetesNetworkConfig(ClusterKubernetesNetworkConfigArgs.builder()\n .elasticLoadBalancing(ClusterKubernetesNetworkConfigElasticLoadBalancingArgs.builder()\n .enabled(true)\n .build())\n .build())\n .storageConfig(ClusterStorageConfigArgs.builder()\n .blockStorage(ClusterStorageConfigBlockStorageArgs.builder()\n .enabled(true)\n .build())\n .build())\n .vpcConfig(ClusterVpcConfigArgs.builder()\n .endpointPrivateAccess(true)\n .endpointPublicAccess(true)\n .subnetIds( \n az1.id(),\n az2.id(),\n az3.id())\n .build())\n .build(), CustomResourceOptions.builder()\n .dependsOn( \n clusterAmazonEKSClusterPolicy,\n clusterAmazonEKSComputePolicy,\n clusterAmazonEKSBlockStoragePolicy,\n clusterAmazonEKSLoadBalancingPolicy,\n clusterAmazonEKSNetworkingPolicy)\n .build());\n\n var nodeAmazonEKSWorkerNodeMinimalPolicy = new RolePolicyAttachment(\"nodeAmazonEKSWorkerNodeMinimalPolicy\", RolePolicyAttachmentArgs.builder()\n .policyArn(\"arn:aws:iam::aws:policy/AmazonEKSWorkerNodeMinimalPolicy\")\n .role(node.name())\n .build());\n\n var nodeAmazonEC2ContainerRegistryPullOnly = new RolePolicyAttachment(\"nodeAmazonEC2ContainerRegistryPullOnly\", RolePolicyAttachmentArgs.builder()\n .policyArn(\"arn:aws:iam::aws:policy/AmazonEC2ContainerRegistryPullOnly\")\n .role(node.name())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n example:\n type: aws:eks:Cluster\n properties:\n name: example\n accessConfig:\n authenticationMode: API\n roleArn: ${cluster.arn}\n version: '1.31'\n computeConfig:\n enabled: true\n nodePools:\n - general-purpose\n nodeRoleArn: ${node.arn}\n kubernetesNetworkConfig:\n elasticLoadBalancing:\n enabled: true\n storageConfig:\n blockStorage:\n enabled: true\n vpcConfig:\n endpointPrivateAccess: true\n endpointPublicAccess: true\n subnetIds:\n - ${az1.id}\n - ${az2.id}\n - ${az3.id}\n options:\n dependsOn:\n - ${clusterAmazonEKSClusterPolicy}\n - ${clusterAmazonEKSComputePolicy}\n - ${clusterAmazonEKSBlockStoragePolicy}\n - ${clusterAmazonEKSLoadBalancingPolicy}\n - ${clusterAmazonEKSNetworkingPolicy}\n node:\n type: aws:iam:Role\n properties:\n name: eks-auto-node-example\n assumeRolePolicy:\n fn::toJSON:\n Version: 2012-10-17\n Statement:\n - Action:\n - sts:AssumeRole\n Effect: Allow\n Principal:\n Service: ec2.amazonaws.com\n nodeAmazonEKSWorkerNodeMinimalPolicy:\n type: aws:iam:RolePolicyAttachment\n name: node_AmazonEKSWorkerNodeMinimalPolicy\n properties:\n policyArn: arn:aws:iam::aws:policy/AmazonEKSWorkerNodeMinimalPolicy\n role: ${node.name}\n nodeAmazonEC2ContainerRegistryPullOnly:\n type: aws:iam:RolePolicyAttachment\n name: node_AmazonEC2ContainerRegistryPullOnly\n properties:\n policyArn: arn:aws:iam::aws:policy/AmazonEC2ContainerRegistryPullOnly\n role: ${node.name}\n cluster:\n type: aws:iam:Role\n properties:\n name: eks-cluster-example\n assumeRolePolicy:\n fn::toJSON:\n Version: 2012-10-17\n Statement:\n - Action:\n - sts:AssumeRole\n - sts:TagSession\n Effect: Allow\n Principal:\n Service: eks.amazonaws.com\n clusterAmazonEKSClusterPolicy:\n type: aws:iam:RolePolicyAttachment\n name: cluster_AmazonEKSClusterPolicy\n properties:\n policyArn: arn:aws:iam::aws:policy/AmazonEKSClusterPolicy\n role: ${cluster.name}\n clusterAmazonEKSComputePolicy:\n type: aws:iam:RolePolicyAttachment\n name: cluster_AmazonEKSComputePolicy\n properties:\n policyArn: arn:aws:iam::aws:policy/AmazonEKSComputePolicy\n role: ${cluster.name}\n clusterAmazonEKSBlockStoragePolicy:\n type: aws:iam:RolePolicyAttachment\n name: cluster_AmazonEKSBlockStoragePolicy\n properties:\n policyArn: arn:aws:iam::aws:policy/AmazonEKSBlockStoragePolicy\n role: ${cluster.name}\n clusterAmazonEKSLoadBalancingPolicy:\n type: aws:iam:RolePolicyAttachment\n name: cluster_AmazonEKSLoadBalancingPolicy\n properties:\n policyArn: arn:aws:iam::aws:policy/AmazonEKSLoadBalancingPolicy\n role: ${cluster.name}\n clusterAmazonEKSNetworkingPolicy:\n type: aws:iam:RolePolicyAttachment\n name: cluster_AmazonEKSNetworkingPolicy\n properties:\n policyArn: arn:aws:iam::aws:policy/AmazonEKSNetworkingPolicy\n role: ${cluster.name}\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n### EKS Cluster with EKS Hybrid Nodes\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```yaml\nresources:\n example:\n type: aws:eks:Cluster\n properties:\n name: example\n accessConfig:\n authenticationMode: API\n roleArn: ${cluster.arn}\n version: '1.31'\n clusterRemoteNetworkConfig:\n remoteNodeNetworks:\n cidrs:\n - 172.16.0.0/18\n remotePodNetworks:\n cidrs:\n - 172.16.64.0/18\n vpcConfig:\n endpointPrivateAccess: true\n endpointPublicAccess: true\n subnetIds:\n - ${az1.id}\n - ${az2.id}\n - ${az3.id}\n options:\n dependsOn:\n - ${clusterAmazonEKSClusterPolicy}\n cluster:\n type: aws:iam:Role\n properties:\n name: eks-cluster-example\n assumeRolePolicy:\n fn::toJSON:\n Version: 2012-10-17\n Statement:\n - Action:\n - sts:AssumeRole\n - sts:TagSession\n Effect: Allow\n Principal:\n Service: eks.amazonaws.com\n clusterAmazonEKSClusterPolicy:\n type: aws:iam:RolePolicyAttachment\n name: cluster_AmazonEKSClusterPolicy\n properties:\n policyArn: arn:aws:iam::aws:policy/AmazonEKSClusterPolicy\n role: ${cluster.name}\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n### Local EKS Cluster on AWS Outpost\n\n[Creating a local Amazon EKS cluster on an AWS Outpost](https://docs.aws.amazon.com/eks/latest/userguide/create-cluster-outpost.html)\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst example = aws.outposts.getOutpost({\n name: \"example\",\n});\nconst cluster = new aws.iam.Role(\"cluster\", {\n name: \"eks-cluster-example\",\n assumeRolePolicy: JSON.stringify({\n Version: \"2012-10-17\",\n Statement: [{\n Action: [\n \"sts:AssumeRole\",\n \"sts:TagSession\",\n ],\n Effect: \"Allow\",\n Principal: {\n Service: [\n \"eks.amazonaws.com\",\n \"ec2.amazonaws.com\",\n ],\n },\n }],\n }),\n});\nconst clusterAmazonEKSLocalOutpostClusterPolicy = new aws.iam.RolePolicyAttachment(\"cluster_AmazonEKSLocalOutpostClusterPolicy\", {\n policyArn: \"arn:aws:iam::aws:policy/AmazonEKSLocalOutpostClusterPolicy\",\n role: cluster.name,\n});\nconst exampleCluster = new aws.eks.Cluster(\"example\", {\n name: \"example\",\n accessConfig: {\n authenticationMode: \"CONFIG_MAP\",\n },\n roleArn: exampleAwsIamRole.arn,\n version: \"1.31\",\n vpcConfig: {\n endpointPrivateAccess: true,\n endpointPublicAccess: false,\n subnetIds: [\n az1.id,\n az2.id,\n az3.id,\n ],\n },\n outpostConfig: {\n controlPlaneInstanceType: \"m5.large\",\n outpostArns: [example.then(example =\u003e example.arn)],\n },\n}, {\n dependsOn: [clusterAmazonEKSLocalOutpostClusterPolicy],\n});\n```\n```python\nimport pulumi\nimport json\nimport pulumi_aws as aws\n\nexample = aws.outposts.get_outpost(name=\"example\")\ncluster = aws.iam.Role(\"cluster\",\n name=\"eks-cluster-example\",\n assume_role_policy=json.dumps({\n \"Version\": \"2012-10-17\",\n \"Statement\": [{\n \"Action\": [\n \"sts:AssumeRole\",\n \"sts:TagSession\",\n ],\n \"Effect\": \"Allow\",\n \"Principal\": {\n \"Service\": [\n \"eks.amazonaws.com\",\n \"ec2.amazonaws.com\",\n ],\n },\n }],\n }))\ncluster_amazon_eks_local_outpost_cluster_policy = aws.iam.RolePolicyAttachment(\"cluster_AmazonEKSLocalOutpostClusterPolicy\",\n policy_arn=\"arn:aws:iam::aws:policy/AmazonEKSLocalOutpostClusterPolicy\",\n role=cluster.name)\nexample_cluster = aws.eks.Cluster(\"example\",\n name=\"example\",\n access_config={\n \"authentication_mode\": \"CONFIG_MAP\",\n },\n role_arn=example_aws_iam_role[\"arn\"],\n version=\"1.31\",\n vpc_config={\n \"endpoint_private_access\": True,\n \"endpoint_public_access\": False,\n \"subnet_ids\": [\n az1[\"id\"],\n az2[\"id\"],\n az3[\"id\"],\n ],\n },\n outpost_config={\n \"control_plane_instance_type\": \"m5.large\",\n \"outpost_arns\": [example.arn],\n },\n opts = pulumi.ResourceOptions(depends_on=[cluster_amazon_eks_local_outpost_cluster_policy]))\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing System.Text.Json;\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var example = Aws.Outposts.GetOutpost.Invoke(new()\n {\n Name = \"example\",\n });\n\n var cluster = new Aws.Iam.Role(\"cluster\", new()\n {\n Name = \"eks-cluster-example\",\n AssumeRolePolicy = JsonSerializer.Serialize(new Dictionary\u003cstring, object?\u003e\n {\n [\"Version\"] = \"2012-10-17\",\n [\"Statement\"] = new[]\n {\n new Dictionary\u003cstring, object?\u003e\n {\n [\"Action\"] = new[]\n {\n \"sts:AssumeRole\",\n \"sts:TagSession\",\n },\n [\"Effect\"] = \"Allow\",\n [\"Principal\"] = new Dictionary\u003cstring, object?\u003e\n {\n [\"Service\"] = new[]\n {\n \"eks.amazonaws.com\",\n \"ec2.amazonaws.com\",\n },\n },\n },\n },\n }),\n });\n\n var clusterAmazonEKSLocalOutpostClusterPolicy = new Aws.Iam.RolePolicyAttachment(\"cluster_AmazonEKSLocalOutpostClusterPolicy\", new()\n {\n PolicyArn = \"arn:aws:iam::aws:policy/AmazonEKSLocalOutpostClusterPolicy\",\n Role = cluster.Name,\n });\n\n var exampleCluster = new Aws.Eks.Cluster(\"example\", new()\n {\n Name = \"example\",\n AccessConfig = new Aws.Eks.Inputs.ClusterAccessConfigArgs\n {\n AuthenticationMode = \"CONFIG_MAP\",\n },\n RoleArn = exampleAwsIamRole.Arn,\n Version = \"1.31\",\n VpcConfig = new Aws.Eks.Inputs.ClusterVpcConfigArgs\n {\n EndpointPrivateAccess = true,\n EndpointPublicAccess = false,\n SubnetIds = new[]\n {\n az1.Id,\n az2.Id,\n az3.Id,\n },\n },\n OutpostConfig = new Aws.Eks.Inputs.ClusterOutpostConfigArgs\n {\n ControlPlaneInstanceType = \"m5.large\",\n OutpostArns = new[]\n {\n example.Apply(getOutpostResult =\u003e getOutpostResult.Arn),\n },\n },\n }, new CustomResourceOptions\n {\n DependsOn =\n {\n clusterAmazonEKSLocalOutpostClusterPolicy,\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"encoding/json\"\n\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/eks\"\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/iam\"\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/outposts\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\texample, err := outposts.GetOutpost(ctx, \u0026outposts.GetOutpostArgs{\n\t\t\tName: pulumi.StringRef(\"example\"),\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\ttmpJSON0, err := json.Marshal(map[string]interface{}{\n\t\t\t\"Version\": \"2012-10-17\",\n\t\t\t\"Statement\": []map[string]interface{}{\n\t\t\t\tmap[string]interface{}{\n\t\t\t\t\t\"Action\": []string{\n\t\t\t\t\t\t\"sts:AssumeRole\",\n\t\t\t\t\t\t\"sts:TagSession\",\n\t\t\t\t\t},\n\t\t\t\t\t\"Effect\": \"Allow\",\n\t\t\t\t\t\"Principal\": map[string]interface{}{\n\t\t\t\t\t\t\"Service\": []string{\n\t\t\t\t\t\t\t\"eks.amazonaws.com\",\n\t\t\t\t\t\t\t\"ec2.amazonaws.com\",\n\t\t\t\t\t\t},\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tjson0 := string(tmpJSON0)\n\t\tcluster, err := iam.NewRole(ctx, \"cluster\", \u0026iam.RoleArgs{\n\t\t\tName: pulumi.String(\"eks-cluster-example\"),\n\t\t\tAssumeRolePolicy: pulumi.String(json0),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tclusterAmazonEKSLocalOutpostClusterPolicy, err := iam.NewRolePolicyAttachment(ctx, \"cluster_AmazonEKSLocalOutpostClusterPolicy\", \u0026iam.RolePolicyAttachmentArgs{\n\t\t\tPolicyArn: pulumi.String(\"arn:aws:iam::aws:policy/AmazonEKSLocalOutpostClusterPolicy\"),\n\t\t\tRole: cluster.Name,\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = eks.NewCluster(ctx, \"example\", \u0026eks.ClusterArgs{\n\t\t\tName: pulumi.String(\"example\"),\n\t\t\tAccessConfig: \u0026eks.ClusterAccessConfigArgs{\n\t\t\t\tAuthenticationMode: pulumi.String(\"CONFIG_MAP\"),\n\t\t\t},\n\t\t\tRoleArn: pulumi.Any(exampleAwsIamRole.Arn),\n\t\t\tVersion: pulumi.String(\"1.31\"),\n\t\t\tVpcConfig: \u0026eks.ClusterVpcConfigArgs{\n\t\t\t\tEndpointPrivateAccess: pulumi.Bool(true),\n\t\t\t\tEndpointPublicAccess: pulumi.Bool(false),\n\t\t\t\tSubnetIds: pulumi.StringArray{\n\t\t\t\t\taz1.Id,\n\t\t\t\t\taz2.Id,\n\t\t\t\t\taz3.Id,\n\t\t\t\t},\n\t\t\t},\n\t\t\tOutpostConfig: \u0026eks.ClusterOutpostConfigArgs{\n\t\t\t\tControlPlaneInstanceType: pulumi.String(\"m5.large\"),\n\t\t\t\tOutpostArns: pulumi.StringArray{\n\t\t\t\t\tpulumi.String(example.Arn),\n\t\t\t\t},\n\t\t\t},\n\t\t}, pulumi.DependsOn([]pulumi.Resource{\n\t\t\tclusterAmazonEKSLocalOutpostClusterPolicy,\n\t\t}))\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.aws.outposts.OutpostsFunctions;\nimport com.pulumi.aws.outposts.inputs.GetOutpostArgs;\nimport com.pulumi.aws.iam.Role;\nimport com.pulumi.aws.iam.RoleArgs;\nimport com.pulumi.aws.iam.RolePolicyAttachment;\nimport com.pulumi.aws.iam.RolePolicyAttachmentArgs;\nimport com.pulumi.aws.eks.Cluster;\nimport com.pulumi.aws.eks.ClusterArgs;\nimport com.pulumi.aws.eks.inputs.ClusterAccessConfigArgs;\nimport com.pulumi.aws.eks.inputs.ClusterVpcConfigArgs;\nimport com.pulumi.aws.eks.inputs.ClusterOutpostConfigArgs;\nimport static com.pulumi.codegen.internal.Serialization.*;\nimport com.pulumi.resources.CustomResourceOptions;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var example = OutpostsFunctions.getOutpost(GetOutpostArgs.builder()\n .name(\"example\")\n .build());\n\n var cluster = new Role(\"cluster\", RoleArgs.builder()\n .name(\"eks-cluster-example\")\n .assumeRolePolicy(serializeJson(\n jsonObject(\n jsonProperty(\"Version\", \"2012-10-17\"),\n jsonProperty(\"Statement\", jsonArray(jsonObject(\n jsonProperty(\"Action\", jsonArray(\n \"sts:AssumeRole\", \n \"sts:TagSession\"\n )),\n jsonProperty(\"Effect\", \"Allow\"),\n jsonProperty(\"Principal\", jsonObject(\n jsonProperty(\"Service\", jsonArray(\n \"eks.amazonaws.com\", \n \"ec2.amazonaws.com\"\n ))\n ))\n )))\n )))\n .build());\n\n var clusterAmazonEKSLocalOutpostClusterPolicy = new RolePolicyAttachment(\"clusterAmazonEKSLocalOutpostClusterPolicy\", RolePolicyAttachmentArgs.builder()\n .policyArn(\"arn:aws:iam::aws:policy/AmazonEKSLocalOutpostClusterPolicy\")\n .role(cluster.name())\n .build());\n\n var exampleCluster = new Cluster(\"exampleCluster\", ClusterArgs.builder()\n .name(\"example\")\n .accessConfig(ClusterAccessConfigArgs.builder()\n .authenticationMode(\"CONFIG_MAP\")\n .build())\n .roleArn(exampleAwsIamRole.arn())\n .version(\"1.31\")\n .vpcConfig(ClusterVpcConfigArgs.builder()\n .endpointPrivateAccess(true)\n .endpointPublicAccess(false)\n .subnetIds( \n az1.id(),\n az2.id(),\n az3.id())\n .build())\n .outpostConfig(ClusterOutpostConfigArgs.builder()\n .controlPlaneInstanceType(\"m5.large\")\n .outpostArns(example.applyValue(getOutpostResult -\u003e getOutpostResult.arn()))\n .build())\n .build(), CustomResourceOptions.builder()\n .dependsOn(clusterAmazonEKSLocalOutpostClusterPolicy)\n .build());\n\n }\n}\n```\n```yaml\nresources:\n exampleCluster:\n type: aws:eks:Cluster\n name: example\n properties:\n name: example\n accessConfig:\n authenticationMode: CONFIG_MAP\n roleArn: ${exampleAwsIamRole.arn}\n version: '1.31'\n vpcConfig:\n endpointPrivateAccess: true\n endpointPublicAccess: false\n subnetIds:\n - ${az1.id}\n - ${az2.id}\n - ${az3.id}\n outpostConfig:\n controlPlaneInstanceType: m5.large\n outpostArns:\n - ${example.arn}\n options:\n dependsOn:\n - ${clusterAmazonEKSLocalOutpostClusterPolicy}\n cluster:\n type: aws:iam:Role\n properties:\n name: eks-cluster-example\n assumeRolePolicy:\n fn::toJSON:\n Version: 2012-10-17\n Statement:\n - Action:\n - sts:AssumeRole\n - sts:TagSession\n Effect: Allow\n Principal:\n Service:\n - eks.amazonaws.com\n - ec2.amazonaws.com\n clusterAmazonEKSLocalOutpostClusterPolicy:\n type: aws:iam:RolePolicyAttachment\n name: cluster_AmazonEKSLocalOutpostClusterPolicy\n properties:\n policyArn: arn:aws:iam::aws:policy/AmazonEKSLocalOutpostClusterPolicy\n role: ${cluster.name}\nvariables:\n example:\n fn::invoke:\n function: aws:outposts:getOutpost\n arguments:\n name: example\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nUsing `pulumi import`, import EKS Clusters using the `name`. For example:\n\n```sh\n$ pulumi import aws:eks/cluster:Cluster my_cluster my_cluster\n```\n", + "description": "Manages an EKS Cluster.\n\n## Example Usage\n\n### EKS Cluster\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst cluster = new aws.iam.Role(\"cluster\", {\n name: \"eks-cluster-example\",\n assumeRolePolicy: JSON.stringify({\n Version: \"2012-10-17\",\n Statement: [{\n Action: [\n \"sts:AssumeRole\",\n \"sts:TagSession\",\n ],\n Effect: \"Allow\",\n Principal: {\n Service: \"eks.amazonaws.com\",\n },\n }],\n }),\n});\nconst clusterAmazonEKSClusterPolicy = new aws.iam.RolePolicyAttachment(\"cluster_AmazonEKSClusterPolicy\", {\n policyArn: \"arn:aws:iam::aws:policy/AmazonEKSClusterPolicy\",\n role: cluster.name,\n});\nconst example = new aws.eks.Cluster(\"example\", {\n name: \"example\",\n accessConfig: {\n authenticationMode: \"API\",\n },\n roleArn: exampleAwsIamRole.arn,\n version: \"1.31\",\n vpcConfig: {\n subnetIds: [\n az1.id,\n az2.id,\n az3.id,\n ],\n },\n}, {\n dependsOn: [clusterAmazonEKSClusterPolicy],\n});\n```\n```python\nimport pulumi\nimport json\nimport pulumi_aws as aws\n\ncluster = aws.iam.Role(\"cluster\",\n name=\"eks-cluster-example\",\n assume_role_policy=json.dumps({\n \"Version\": \"2012-10-17\",\n \"Statement\": [{\n \"Action\": [\n \"sts:AssumeRole\",\n \"sts:TagSession\",\n ],\n \"Effect\": \"Allow\",\n \"Principal\": {\n \"Service\": \"eks.amazonaws.com\",\n },\n }],\n }))\ncluster_amazon_eks_cluster_policy = aws.iam.RolePolicyAttachment(\"cluster_AmazonEKSClusterPolicy\",\n policy_arn=\"arn:aws:iam::aws:policy/AmazonEKSClusterPolicy\",\n role=cluster.name)\nexample = aws.eks.Cluster(\"example\",\n name=\"example\",\n access_config={\n \"authentication_mode\": \"API\",\n },\n role_arn=example_aws_iam_role[\"arn\"],\n version=\"1.31\",\n vpc_config={\n \"subnet_ids\": [\n az1[\"id\"],\n az2[\"id\"],\n az3[\"id\"],\n ],\n },\n opts = pulumi.ResourceOptions(depends_on=[cluster_amazon_eks_cluster_policy]))\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing System.Text.Json;\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var cluster = new Aws.Iam.Role(\"cluster\", new()\n {\n Name = \"eks-cluster-example\",\n AssumeRolePolicy = JsonSerializer.Serialize(new Dictionary\u003cstring, object?\u003e\n {\n [\"Version\"] = \"2012-10-17\",\n [\"Statement\"] = new[]\n {\n new Dictionary\u003cstring, object?\u003e\n {\n [\"Action\"] = new[]\n {\n \"sts:AssumeRole\",\n \"sts:TagSession\",\n },\n [\"Effect\"] = \"Allow\",\n [\"Principal\"] = new Dictionary\u003cstring, object?\u003e\n {\n [\"Service\"] = \"eks.amazonaws.com\",\n },\n },\n },\n }),\n });\n\n var clusterAmazonEKSClusterPolicy = new Aws.Iam.RolePolicyAttachment(\"cluster_AmazonEKSClusterPolicy\", new()\n {\n PolicyArn = \"arn:aws:iam::aws:policy/AmazonEKSClusterPolicy\",\n Role = cluster.Name,\n });\n\n var example = new Aws.Eks.Cluster(\"example\", new()\n {\n Name = \"example\",\n AccessConfig = new Aws.Eks.Inputs.ClusterAccessConfigArgs\n {\n AuthenticationMode = \"API\",\n },\n RoleArn = exampleAwsIamRole.Arn,\n Version = \"1.31\",\n VpcConfig = new Aws.Eks.Inputs.ClusterVpcConfigArgs\n {\n SubnetIds = new[]\n {\n az1.Id,\n az2.Id,\n az3.Id,\n },\n },\n }, new CustomResourceOptions\n {\n DependsOn =\n {\n clusterAmazonEKSClusterPolicy,\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"encoding/json\"\n\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/eks\"\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/iam\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\ttmpJSON0, err := json.Marshal(map[string]interface{}{\n\t\t\t\"Version\": \"2012-10-17\",\n\t\t\t\"Statement\": []map[string]interface{}{\n\t\t\t\tmap[string]interface{}{\n\t\t\t\t\t\"Action\": []string{\n\t\t\t\t\t\t\"sts:AssumeRole\",\n\t\t\t\t\t\t\"sts:TagSession\",\n\t\t\t\t\t},\n\t\t\t\t\t\"Effect\": \"Allow\",\n\t\t\t\t\t\"Principal\": map[string]interface{}{\n\t\t\t\t\t\t\"Service\": \"eks.amazonaws.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tjson0 := string(tmpJSON0)\n\t\tcluster, err := iam.NewRole(ctx, \"cluster\", \u0026iam.RoleArgs{\n\t\t\tName: pulumi.String(\"eks-cluster-example\"),\n\t\t\tAssumeRolePolicy: pulumi.String(json0),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tclusterAmazonEKSClusterPolicy, err := iam.NewRolePolicyAttachment(ctx, \"cluster_AmazonEKSClusterPolicy\", \u0026iam.RolePolicyAttachmentArgs{\n\t\t\tPolicyArn: pulumi.String(\"arn:aws:iam::aws:policy/AmazonEKSClusterPolicy\"),\n\t\t\tRole: cluster.Name,\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = eks.NewCluster(ctx, \"example\", \u0026eks.ClusterArgs{\n\t\t\tName: pulumi.String(\"example\"),\n\t\t\tAccessConfig: \u0026eks.ClusterAccessConfigArgs{\n\t\t\t\tAuthenticationMode: pulumi.String(\"API\"),\n\t\t\t},\n\t\t\tRoleArn: pulumi.Any(exampleAwsIamRole.Arn),\n\t\t\tVersion: pulumi.String(\"1.31\"),\n\t\t\tVpcConfig: \u0026eks.ClusterVpcConfigArgs{\n\t\t\t\tSubnetIds: pulumi.StringArray{\n\t\t\t\t\taz1.Id,\n\t\t\t\t\taz2.Id,\n\t\t\t\t\taz3.Id,\n\t\t\t\t},\n\t\t\t},\n\t\t}, pulumi.DependsOn([]pulumi.Resource{\n\t\t\tclusterAmazonEKSClusterPolicy,\n\t\t}))\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.aws.iam.Role;\nimport com.pulumi.aws.iam.RoleArgs;\nimport com.pulumi.aws.iam.RolePolicyAttachment;\nimport com.pulumi.aws.iam.RolePolicyAttachmentArgs;\nimport com.pulumi.aws.eks.Cluster;\nimport com.pulumi.aws.eks.ClusterArgs;\nimport com.pulumi.aws.eks.inputs.ClusterAccessConfigArgs;\nimport com.pulumi.aws.eks.inputs.ClusterVpcConfigArgs;\nimport static com.pulumi.codegen.internal.Serialization.*;\nimport com.pulumi.resources.CustomResourceOptions;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var cluster = new Role(\"cluster\", RoleArgs.builder()\n .name(\"eks-cluster-example\")\n .assumeRolePolicy(serializeJson(\n jsonObject(\n jsonProperty(\"Version\", \"2012-10-17\"),\n jsonProperty(\"Statement\", jsonArray(jsonObject(\n jsonProperty(\"Action\", jsonArray(\n \"sts:AssumeRole\", \n \"sts:TagSession\"\n )),\n jsonProperty(\"Effect\", \"Allow\"),\n jsonProperty(\"Principal\", jsonObject(\n jsonProperty(\"Service\", \"eks.amazonaws.com\")\n ))\n )))\n )))\n .build());\n\n var clusterAmazonEKSClusterPolicy = new RolePolicyAttachment(\"clusterAmazonEKSClusterPolicy\", RolePolicyAttachmentArgs.builder()\n .policyArn(\"arn:aws:iam::aws:policy/AmazonEKSClusterPolicy\")\n .role(cluster.name())\n .build());\n\n var example = new Cluster(\"example\", ClusterArgs.builder()\n .name(\"example\")\n .accessConfig(ClusterAccessConfigArgs.builder()\n .authenticationMode(\"API\")\n .build())\n .roleArn(exampleAwsIamRole.arn())\n .version(\"1.31\")\n .vpcConfig(ClusterVpcConfigArgs.builder()\n .subnetIds( \n az1.id(),\n az2.id(),\n az3.id())\n .build())\n .build(), CustomResourceOptions.builder()\n .dependsOn(clusterAmazonEKSClusterPolicy)\n .build());\n\n }\n}\n```\n```yaml\nresources:\n example:\n type: aws:eks:Cluster\n properties:\n name: example\n accessConfig:\n authenticationMode: API\n roleArn: ${exampleAwsIamRole.arn}\n version: '1.31'\n vpcConfig:\n subnetIds:\n - ${az1.id}\n - ${az2.id}\n - ${az3.id}\n options:\n dependsOn:\n - ${clusterAmazonEKSClusterPolicy}\n cluster:\n type: aws:iam:Role\n properties:\n name: eks-cluster-example\n assumeRolePolicy:\n fn::toJSON:\n Version: 2012-10-17\n Statement:\n - Action:\n - sts:AssumeRole\n - sts:TagSession\n Effect: Allow\n Principal:\n Service: eks.amazonaws.com\n clusterAmazonEKSClusterPolicy:\n type: aws:iam:RolePolicyAttachment\n name: cluster_AmazonEKSClusterPolicy\n properties:\n policyArn: arn:aws:iam::aws:policy/AmazonEKSClusterPolicy\n role: ${cluster.name}\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n### EKS Cluster with EKS Auto Mode\n\n\u003e **NOTE:** When using EKS Auto Mode `compute_config.enabled`, `kubernetes_network_config.elastic_load_balancing.enabled`, and `storage_config.block_storage.enabled` must *ALL be set to `true`. Likewise for disabling EKS Auto Mode, all three arguments must be set to `false`. Enabling EKS Auto Mode also requires that `bootstrap_self_managed_addons` is set to `false`.\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst node = new aws.iam.Role(\"node\", {\n name: \"eks-auto-node-example\",\n assumeRolePolicy: JSON.stringify({\n Version: \"2012-10-17\",\n Statement: [{\n Action: [\"sts:AssumeRole\"],\n Effect: \"Allow\",\n Principal: {\n Service: \"ec2.amazonaws.com\",\n },\n }],\n }),\n});\nconst cluster = new aws.iam.Role(\"cluster\", {\n name: \"eks-cluster-example\",\n assumeRolePolicy: JSON.stringify({\n Version: \"2012-10-17\",\n Statement: [{\n Action: [\n \"sts:AssumeRole\",\n \"sts:TagSession\",\n ],\n Effect: \"Allow\",\n Principal: {\n Service: \"eks.amazonaws.com\",\n },\n }],\n }),\n});\nconst clusterAmazonEKSClusterPolicy = new aws.iam.RolePolicyAttachment(\"cluster_AmazonEKSClusterPolicy\", {\n policyArn: \"arn:aws:iam::aws:policy/AmazonEKSClusterPolicy\",\n role: cluster.name,\n});\nconst clusterAmazonEKSComputePolicy = new aws.iam.RolePolicyAttachment(\"cluster_AmazonEKSComputePolicy\", {\n policyArn: \"arn:aws:iam::aws:policy/AmazonEKSComputePolicy\",\n role: cluster.name,\n});\nconst clusterAmazonEKSBlockStoragePolicy = new aws.iam.RolePolicyAttachment(\"cluster_AmazonEKSBlockStoragePolicy\", {\n policyArn: \"arn:aws:iam::aws:policy/AmazonEKSBlockStoragePolicy\",\n role: cluster.name,\n});\nconst clusterAmazonEKSLoadBalancingPolicy = new aws.iam.RolePolicyAttachment(\"cluster_AmazonEKSLoadBalancingPolicy\", {\n policyArn: \"arn:aws:iam::aws:policy/AmazonEKSLoadBalancingPolicy\",\n role: cluster.name,\n});\nconst clusterAmazonEKSNetworkingPolicy = new aws.iam.RolePolicyAttachment(\"cluster_AmazonEKSNetworkingPolicy\", {\n policyArn: \"arn:aws:iam::aws:policy/AmazonEKSNetworkingPolicy\",\n role: cluster.name,\n});\nconst example = new aws.eks.Cluster(\"example\", {\n name: \"example\",\n accessConfig: {\n authenticationMode: \"API\",\n },\n roleArn: cluster.arn,\n version: \"1.31\",\n bootstrapSelfManagedAddons: false,\n computeConfig: {\n enabled: true,\n nodePools: [\"general-purpose\"],\n nodeRoleArn: node.arn,\n },\n kubernetesNetworkConfig: {\n elasticLoadBalancing: {\n enabled: true,\n },\n },\n storageConfig: {\n blockStorage: {\n enabled: true,\n },\n },\n vpcConfig: {\n endpointPrivateAccess: true,\n endpointPublicAccess: true,\n subnetIds: [\n az1.id,\n az2.id,\n az3.id,\n ],\n },\n}, {\n dependsOn: [\n clusterAmazonEKSClusterPolicy,\n clusterAmazonEKSComputePolicy,\n clusterAmazonEKSBlockStoragePolicy,\n clusterAmazonEKSLoadBalancingPolicy,\n clusterAmazonEKSNetworkingPolicy,\n ],\n});\nconst nodeAmazonEKSWorkerNodeMinimalPolicy = new aws.iam.RolePolicyAttachment(\"node_AmazonEKSWorkerNodeMinimalPolicy\", {\n policyArn: \"arn:aws:iam::aws:policy/AmazonEKSWorkerNodeMinimalPolicy\",\n role: node.name,\n});\nconst nodeAmazonEC2ContainerRegistryPullOnly = new aws.iam.RolePolicyAttachment(\"node_AmazonEC2ContainerRegistryPullOnly\", {\n policyArn: \"arn:aws:iam::aws:policy/AmazonEC2ContainerRegistryPullOnly\",\n role: node.name,\n});\n```\n```python\nimport pulumi\nimport json\nimport pulumi_aws as aws\n\nnode = aws.iam.Role(\"node\",\n name=\"eks-auto-node-example\",\n assume_role_policy=json.dumps({\n \"Version\": \"2012-10-17\",\n \"Statement\": [{\n \"Action\": [\"sts:AssumeRole\"],\n \"Effect\": \"Allow\",\n \"Principal\": {\n \"Service\": \"ec2.amazonaws.com\",\n },\n }],\n }))\ncluster = aws.iam.Role(\"cluster\",\n name=\"eks-cluster-example\",\n assume_role_policy=json.dumps({\n \"Version\": \"2012-10-17\",\n \"Statement\": [{\n \"Action\": [\n \"sts:AssumeRole\",\n \"sts:TagSession\",\n ],\n \"Effect\": \"Allow\",\n \"Principal\": {\n \"Service\": \"eks.amazonaws.com\",\n },\n }],\n }))\ncluster_amazon_eks_cluster_policy = aws.iam.RolePolicyAttachment(\"cluster_AmazonEKSClusterPolicy\",\n policy_arn=\"arn:aws:iam::aws:policy/AmazonEKSClusterPolicy\",\n role=cluster.name)\ncluster_amazon_eks_compute_policy = aws.iam.RolePolicyAttachment(\"cluster_AmazonEKSComputePolicy\",\n policy_arn=\"arn:aws:iam::aws:policy/AmazonEKSComputePolicy\",\n role=cluster.name)\ncluster_amazon_eks_block_storage_policy = aws.iam.RolePolicyAttachment(\"cluster_AmazonEKSBlockStoragePolicy\",\n policy_arn=\"arn:aws:iam::aws:policy/AmazonEKSBlockStoragePolicy\",\n role=cluster.name)\ncluster_amazon_eks_load_balancing_policy = aws.iam.RolePolicyAttachment(\"cluster_AmazonEKSLoadBalancingPolicy\",\n policy_arn=\"arn:aws:iam::aws:policy/AmazonEKSLoadBalancingPolicy\",\n role=cluster.name)\ncluster_amazon_eks_networking_policy = aws.iam.RolePolicyAttachment(\"cluster_AmazonEKSNetworkingPolicy\",\n policy_arn=\"arn:aws:iam::aws:policy/AmazonEKSNetworkingPolicy\",\n role=cluster.name)\nexample = aws.eks.Cluster(\"example\",\n name=\"example\",\n access_config={\n \"authentication_mode\": \"API\",\n },\n role_arn=cluster.arn,\n version=\"1.31\",\n bootstrap_self_managed_addons=False,\n compute_config={\n \"enabled\": True,\n \"node_pools\": [\"general-purpose\"],\n \"node_role_arn\": node.arn,\n },\n kubernetes_network_config={\n \"elastic_load_balancing\": {\n \"enabled\": True,\n },\n },\n storage_config={\n \"block_storage\": {\n \"enabled\": True,\n },\n },\n vpc_config={\n \"endpoint_private_access\": True,\n \"endpoint_public_access\": True,\n \"subnet_ids\": [\n az1[\"id\"],\n az2[\"id\"],\n az3[\"id\"],\n ],\n },\n opts = pulumi.ResourceOptions(depends_on=[\n cluster_amazon_eks_cluster_policy,\n cluster_amazon_eks_compute_policy,\n cluster_amazon_eks_block_storage_policy,\n cluster_amazon_eks_load_balancing_policy,\n cluster_amazon_eks_networking_policy,\n ]))\nnode_amazon_eks_worker_node_minimal_policy = aws.iam.RolePolicyAttachment(\"node_AmazonEKSWorkerNodeMinimalPolicy\",\n policy_arn=\"arn:aws:iam::aws:policy/AmazonEKSWorkerNodeMinimalPolicy\",\n role=node.name)\nnode_amazon_ec2_container_registry_pull_only = aws.iam.RolePolicyAttachment(\"node_AmazonEC2ContainerRegistryPullOnly\",\n policy_arn=\"arn:aws:iam::aws:policy/AmazonEC2ContainerRegistryPullOnly\",\n role=node.name)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing System.Text.Json;\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var node = new Aws.Iam.Role(\"node\", new()\n {\n Name = \"eks-auto-node-example\",\n AssumeRolePolicy = JsonSerializer.Serialize(new Dictionary\u003cstring, object?\u003e\n {\n [\"Version\"] = \"2012-10-17\",\n [\"Statement\"] = new[]\n {\n new Dictionary\u003cstring, object?\u003e\n {\n [\"Action\"] = new[]\n {\n \"sts:AssumeRole\",\n },\n [\"Effect\"] = \"Allow\",\n [\"Principal\"] = new Dictionary\u003cstring, object?\u003e\n {\n [\"Service\"] = \"ec2.amazonaws.com\",\n },\n },\n },\n }),\n });\n\n var cluster = new Aws.Iam.Role(\"cluster\", new()\n {\n Name = \"eks-cluster-example\",\n AssumeRolePolicy = JsonSerializer.Serialize(new Dictionary\u003cstring, object?\u003e\n {\n [\"Version\"] = \"2012-10-17\",\n [\"Statement\"] = new[]\n {\n new Dictionary\u003cstring, object?\u003e\n {\n [\"Action\"] = new[]\n {\n \"sts:AssumeRole\",\n \"sts:TagSession\",\n },\n [\"Effect\"] = \"Allow\",\n [\"Principal\"] = new Dictionary\u003cstring, object?\u003e\n {\n [\"Service\"] = \"eks.amazonaws.com\",\n },\n },\n },\n }),\n });\n\n var clusterAmazonEKSClusterPolicy = new Aws.Iam.RolePolicyAttachment(\"cluster_AmazonEKSClusterPolicy\", new()\n {\n PolicyArn = \"arn:aws:iam::aws:policy/AmazonEKSClusterPolicy\",\n Role = cluster.Name,\n });\n\n var clusterAmazonEKSComputePolicy = new Aws.Iam.RolePolicyAttachment(\"cluster_AmazonEKSComputePolicy\", new()\n {\n PolicyArn = \"arn:aws:iam::aws:policy/AmazonEKSComputePolicy\",\n Role = cluster.Name,\n });\n\n var clusterAmazonEKSBlockStoragePolicy = new Aws.Iam.RolePolicyAttachment(\"cluster_AmazonEKSBlockStoragePolicy\", new()\n {\n PolicyArn = \"arn:aws:iam::aws:policy/AmazonEKSBlockStoragePolicy\",\n Role = cluster.Name,\n });\n\n var clusterAmazonEKSLoadBalancingPolicy = new Aws.Iam.RolePolicyAttachment(\"cluster_AmazonEKSLoadBalancingPolicy\", new()\n {\n PolicyArn = \"arn:aws:iam::aws:policy/AmazonEKSLoadBalancingPolicy\",\n Role = cluster.Name,\n });\n\n var clusterAmazonEKSNetworkingPolicy = new Aws.Iam.RolePolicyAttachment(\"cluster_AmazonEKSNetworkingPolicy\", new()\n {\n PolicyArn = \"arn:aws:iam::aws:policy/AmazonEKSNetworkingPolicy\",\n Role = cluster.Name,\n });\n\n var example = new Aws.Eks.Cluster(\"example\", new()\n {\n Name = \"example\",\n AccessConfig = new Aws.Eks.Inputs.ClusterAccessConfigArgs\n {\n AuthenticationMode = \"API\",\n },\n RoleArn = cluster.Arn,\n Version = \"1.31\",\n BootstrapSelfManagedAddons = false,\n ComputeConfig = new Aws.Eks.Inputs.ClusterComputeConfigArgs\n {\n Enabled = true,\n NodePools = new[]\n {\n \"general-purpose\",\n },\n NodeRoleArn = node.Arn,\n },\n KubernetesNetworkConfig = new Aws.Eks.Inputs.ClusterKubernetesNetworkConfigArgs\n {\n ElasticLoadBalancing = new Aws.Eks.Inputs.ClusterKubernetesNetworkConfigElasticLoadBalancingArgs\n {\n Enabled = true,\n },\n },\n StorageConfig = new Aws.Eks.Inputs.ClusterStorageConfigArgs\n {\n BlockStorage = new Aws.Eks.Inputs.ClusterStorageConfigBlockStorageArgs\n {\n Enabled = true,\n },\n },\n VpcConfig = new Aws.Eks.Inputs.ClusterVpcConfigArgs\n {\n EndpointPrivateAccess = true,\n EndpointPublicAccess = true,\n SubnetIds = new[]\n {\n az1.Id,\n az2.Id,\n az3.Id,\n },\n },\n }, new CustomResourceOptions\n {\n DependsOn =\n {\n clusterAmazonEKSClusterPolicy,\n clusterAmazonEKSComputePolicy,\n clusterAmazonEKSBlockStoragePolicy,\n clusterAmazonEKSLoadBalancingPolicy,\n clusterAmazonEKSNetworkingPolicy,\n },\n });\n\n var nodeAmazonEKSWorkerNodeMinimalPolicy = new Aws.Iam.RolePolicyAttachment(\"node_AmazonEKSWorkerNodeMinimalPolicy\", new()\n {\n PolicyArn = \"arn:aws:iam::aws:policy/AmazonEKSWorkerNodeMinimalPolicy\",\n Role = node.Name,\n });\n\n var nodeAmazonEC2ContainerRegistryPullOnly = new Aws.Iam.RolePolicyAttachment(\"node_AmazonEC2ContainerRegistryPullOnly\", new()\n {\n PolicyArn = \"arn:aws:iam::aws:policy/AmazonEC2ContainerRegistryPullOnly\",\n Role = node.Name,\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"encoding/json\"\n\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/eks\"\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/iam\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\ttmpJSON0, err := json.Marshal(map[string]interface{}{\n\t\t\t\"Version\": \"2012-10-17\",\n\t\t\t\"Statement\": []map[string]interface{}{\n\t\t\t\tmap[string]interface{}{\n\t\t\t\t\t\"Action\": []string{\n\t\t\t\t\t\t\"sts:AssumeRole\",\n\t\t\t\t\t},\n\t\t\t\t\t\"Effect\": \"Allow\",\n\t\t\t\t\t\"Principal\": map[string]interface{}{\n\t\t\t\t\t\t\"Service\": \"ec2.amazonaws.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tjson0 := string(tmpJSON0)\n\t\tnode, err := iam.NewRole(ctx, \"node\", \u0026iam.RoleArgs{\n\t\t\tName: pulumi.String(\"eks-auto-node-example\"),\n\t\t\tAssumeRolePolicy: pulumi.String(json0),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\ttmpJSON1, err := json.Marshal(map[string]interface{}{\n\t\t\t\"Version\": \"2012-10-17\",\n\t\t\t\"Statement\": []map[string]interface{}{\n\t\t\t\tmap[string]interface{}{\n\t\t\t\t\t\"Action\": []string{\n\t\t\t\t\t\t\"sts:AssumeRole\",\n\t\t\t\t\t\t\"sts:TagSession\",\n\t\t\t\t\t},\n\t\t\t\t\t\"Effect\": \"Allow\",\n\t\t\t\t\t\"Principal\": map[string]interface{}{\n\t\t\t\t\t\t\"Service\": \"eks.amazonaws.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tjson1 := string(tmpJSON1)\n\t\tcluster, err := iam.NewRole(ctx, \"cluster\", \u0026iam.RoleArgs{\n\t\t\tName: pulumi.String(\"eks-cluster-example\"),\n\t\t\tAssumeRolePolicy: pulumi.String(json1),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tclusterAmazonEKSClusterPolicy, err := iam.NewRolePolicyAttachment(ctx, \"cluster_AmazonEKSClusterPolicy\", \u0026iam.RolePolicyAttachmentArgs{\n\t\t\tPolicyArn: pulumi.String(\"arn:aws:iam::aws:policy/AmazonEKSClusterPolicy\"),\n\t\t\tRole: cluster.Name,\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tclusterAmazonEKSComputePolicy, err := iam.NewRolePolicyAttachment(ctx, \"cluster_AmazonEKSComputePolicy\", \u0026iam.RolePolicyAttachmentArgs{\n\t\t\tPolicyArn: pulumi.String(\"arn:aws:iam::aws:policy/AmazonEKSComputePolicy\"),\n\t\t\tRole: cluster.Name,\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tclusterAmazonEKSBlockStoragePolicy, err := iam.NewRolePolicyAttachment(ctx, \"cluster_AmazonEKSBlockStoragePolicy\", \u0026iam.RolePolicyAttachmentArgs{\n\t\t\tPolicyArn: pulumi.String(\"arn:aws:iam::aws:policy/AmazonEKSBlockStoragePolicy\"),\n\t\t\tRole: cluster.Name,\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tclusterAmazonEKSLoadBalancingPolicy, err := iam.NewRolePolicyAttachment(ctx, \"cluster_AmazonEKSLoadBalancingPolicy\", \u0026iam.RolePolicyAttachmentArgs{\n\t\t\tPolicyArn: pulumi.String(\"arn:aws:iam::aws:policy/AmazonEKSLoadBalancingPolicy\"),\n\t\t\tRole: cluster.Name,\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tclusterAmazonEKSNetworkingPolicy, err := iam.NewRolePolicyAttachment(ctx, \"cluster_AmazonEKSNetworkingPolicy\", \u0026iam.RolePolicyAttachmentArgs{\n\t\t\tPolicyArn: pulumi.String(\"arn:aws:iam::aws:policy/AmazonEKSNetworkingPolicy\"),\n\t\t\tRole: cluster.Name,\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = eks.NewCluster(ctx, \"example\", \u0026eks.ClusterArgs{\n\t\t\tName: pulumi.String(\"example\"),\n\t\t\tAccessConfig: \u0026eks.ClusterAccessConfigArgs{\n\t\t\t\tAuthenticationMode: pulumi.String(\"API\"),\n\t\t\t},\n\t\t\tRoleArn: cluster.Arn,\n\t\t\tVersion: pulumi.String(\"1.31\"),\n\t\t\tBootstrapSelfManagedAddons: pulumi.Bool(false),\n\t\t\tComputeConfig: \u0026eks.ClusterComputeConfigArgs{\n\t\t\t\tEnabled: pulumi.Bool(true),\n\t\t\t\tNodePools: pulumi.StringArray{\n\t\t\t\t\tpulumi.String(\"general-purpose\"),\n\t\t\t\t},\n\t\t\t\tNodeRoleArn: node.Arn,\n\t\t\t},\n\t\t\tKubernetesNetworkConfig: \u0026eks.ClusterKubernetesNetworkConfigArgs{\n\t\t\t\tElasticLoadBalancing: \u0026eks.ClusterKubernetesNetworkConfigElasticLoadBalancingArgs{\n\t\t\t\t\tEnabled: pulumi.Bool(true),\n\t\t\t\t},\n\t\t\t},\n\t\t\tStorageConfig: \u0026eks.ClusterStorageConfigArgs{\n\t\t\t\tBlockStorage: \u0026eks.ClusterStorageConfigBlockStorageArgs{\n\t\t\t\t\tEnabled: pulumi.Bool(true),\n\t\t\t\t},\n\t\t\t},\n\t\t\tVpcConfig: \u0026eks.ClusterVpcConfigArgs{\n\t\t\t\tEndpointPrivateAccess: pulumi.Bool(true),\n\t\t\t\tEndpointPublicAccess: pulumi.Bool(true),\n\t\t\t\tSubnetIds: pulumi.StringArray{\n\t\t\t\t\taz1.Id,\n\t\t\t\t\taz2.Id,\n\t\t\t\t\taz3.Id,\n\t\t\t\t},\n\t\t\t},\n\t\t}, pulumi.DependsOn([]pulumi.Resource{\n\t\t\tclusterAmazonEKSClusterPolicy,\n\t\t\tclusterAmazonEKSComputePolicy,\n\t\t\tclusterAmazonEKSBlockStoragePolicy,\n\t\t\tclusterAmazonEKSLoadBalancingPolicy,\n\t\t\tclusterAmazonEKSNetworkingPolicy,\n\t\t}))\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = iam.NewRolePolicyAttachment(ctx, \"node_AmazonEKSWorkerNodeMinimalPolicy\", \u0026iam.RolePolicyAttachmentArgs{\n\t\t\tPolicyArn: pulumi.String(\"arn:aws:iam::aws:policy/AmazonEKSWorkerNodeMinimalPolicy\"),\n\t\t\tRole: node.Name,\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = iam.NewRolePolicyAttachment(ctx, \"node_AmazonEC2ContainerRegistryPullOnly\", \u0026iam.RolePolicyAttachmentArgs{\n\t\t\tPolicyArn: pulumi.String(\"arn:aws:iam::aws:policy/AmazonEC2ContainerRegistryPullOnly\"),\n\t\t\tRole: node.Name,\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.aws.iam.Role;\nimport com.pulumi.aws.iam.RoleArgs;\nimport com.pulumi.aws.iam.RolePolicyAttachment;\nimport com.pulumi.aws.iam.RolePolicyAttachmentArgs;\nimport com.pulumi.aws.eks.Cluster;\nimport com.pulumi.aws.eks.ClusterArgs;\nimport com.pulumi.aws.eks.inputs.ClusterAccessConfigArgs;\nimport com.pulumi.aws.eks.inputs.ClusterComputeConfigArgs;\nimport com.pulumi.aws.eks.inputs.ClusterKubernetesNetworkConfigArgs;\nimport com.pulumi.aws.eks.inputs.ClusterKubernetesNetworkConfigElasticLoadBalancingArgs;\nimport com.pulumi.aws.eks.inputs.ClusterStorageConfigArgs;\nimport com.pulumi.aws.eks.inputs.ClusterStorageConfigBlockStorageArgs;\nimport com.pulumi.aws.eks.inputs.ClusterVpcConfigArgs;\nimport static com.pulumi.codegen.internal.Serialization.*;\nimport com.pulumi.resources.CustomResourceOptions;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var node = new Role(\"node\", RoleArgs.builder()\n .name(\"eks-auto-node-example\")\n .assumeRolePolicy(serializeJson(\n jsonObject(\n jsonProperty(\"Version\", \"2012-10-17\"),\n jsonProperty(\"Statement\", jsonArray(jsonObject(\n jsonProperty(\"Action\", jsonArray(\"sts:AssumeRole\")),\n jsonProperty(\"Effect\", \"Allow\"),\n jsonProperty(\"Principal\", jsonObject(\n jsonProperty(\"Service\", \"ec2.amazonaws.com\")\n ))\n )))\n )))\n .build());\n\n var cluster = new Role(\"cluster\", RoleArgs.builder()\n .name(\"eks-cluster-example\")\n .assumeRolePolicy(serializeJson(\n jsonObject(\n jsonProperty(\"Version\", \"2012-10-17\"),\n jsonProperty(\"Statement\", jsonArray(jsonObject(\n jsonProperty(\"Action\", jsonArray(\n \"sts:AssumeRole\", \n \"sts:TagSession\"\n )),\n jsonProperty(\"Effect\", \"Allow\"),\n jsonProperty(\"Principal\", jsonObject(\n jsonProperty(\"Service\", \"eks.amazonaws.com\")\n ))\n )))\n )))\n .build());\n\n var clusterAmazonEKSClusterPolicy = new RolePolicyAttachment(\"clusterAmazonEKSClusterPolicy\", RolePolicyAttachmentArgs.builder()\n .policyArn(\"arn:aws:iam::aws:policy/AmazonEKSClusterPolicy\")\n .role(cluster.name())\n .build());\n\n var clusterAmazonEKSComputePolicy = new RolePolicyAttachment(\"clusterAmazonEKSComputePolicy\", RolePolicyAttachmentArgs.builder()\n .policyArn(\"arn:aws:iam::aws:policy/AmazonEKSComputePolicy\")\n .role(cluster.name())\n .build());\n\n var clusterAmazonEKSBlockStoragePolicy = new RolePolicyAttachment(\"clusterAmazonEKSBlockStoragePolicy\", RolePolicyAttachmentArgs.builder()\n .policyArn(\"arn:aws:iam::aws:policy/AmazonEKSBlockStoragePolicy\")\n .role(cluster.name())\n .build());\n\n var clusterAmazonEKSLoadBalancingPolicy = new RolePolicyAttachment(\"clusterAmazonEKSLoadBalancingPolicy\", RolePolicyAttachmentArgs.builder()\n .policyArn(\"arn:aws:iam::aws:policy/AmazonEKSLoadBalancingPolicy\")\n .role(cluster.name())\n .build());\n\n var clusterAmazonEKSNetworkingPolicy = new RolePolicyAttachment(\"clusterAmazonEKSNetworkingPolicy\", RolePolicyAttachmentArgs.builder()\n .policyArn(\"arn:aws:iam::aws:policy/AmazonEKSNetworkingPolicy\")\n .role(cluster.name())\n .build());\n\n var example = new Cluster(\"example\", ClusterArgs.builder()\n .name(\"example\")\n .accessConfig(ClusterAccessConfigArgs.builder()\n .authenticationMode(\"API\")\n .build())\n .roleArn(cluster.arn())\n .version(\"1.31\")\n .bootstrapSelfManagedAddons(false)\n .computeConfig(ClusterComputeConfigArgs.builder()\n .enabled(true)\n .nodePools(\"general-purpose\")\n .nodeRoleArn(node.arn())\n .build())\n .kubernetesNetworkConfig(ClusterKubernetesNetworkConfigArgs.builder()\n .elasticLoadBalancing(ClusterKubernetesNetworkConfigElasticLoadBalancingArgs.builder()\n .enabled(true)\n .build())\n .build())\n .storageConfig(ClusterStorageConfigArgs.builder()\n .blockStorage(ClusterStorageConfigBlockStorageArgs.builder()\n .enabled(true)\n .build())\n .build())\n .vpcConfig(ClusterVpcConfigArgs.builder()\n .endpointPrivateAccess(true)\n .endpointPublicAccess(true)\n .subnetIds( \n az1.id(),\n az2.id(),\n az3.id())\n .build())\n .build(), CustomResourceOptions.builder()\n .dependsOn( \n clusterAmazonEKSClusterPolicy,\n clusterAmazonEKSComputePolicy,\n clusterAmazonEKSBlockStoragePolicy,\n clusterAmazonEKSLoadBalancingPolicy,\n clusterAmazonEKSNetworkingPolicy)\n .build());\n\n var nodeAmazonEKSWorkerNodeMinimalPolicy = new RolePolicyAttachment(\"nodeAmazonEKSWorkerNodeMinimalPolicy\", RolePolicyAttachmentArgs.builder()\n .policyArn(\"arn:aws:iam::aws:policy/AmazonEKSWorkerNodeMinimalPolicy\")\n .role(node.name())\n .build());\n\n var nodeAmazonEC2ContainerRegistryPullOnly = new RolePolicyAttachment(\"nodeAmazonEC2ContainerRegistryPullOnly\", RolePolicyAttachmentArgs.builder()\n .policyArn(\"arn:aws:iam::aws:policy/AmazonEC2ContainerRegistryPullOnly\")\n .role(node.name())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n example:\n type: aws:eks:Cluster\n properties:\n name: example\n accessConfig:\n authenticationMode: API\n roleArn: ${cluster.arn}\n version: '1.31'\n bootstrapSelfManagedAddons: false\n computeConfig:\n enabled: true\n nodePools:\n - general-purpose\n nodeRoleArn: ${node.arn}\n kubernetesNetworkConfig:\n elasticLoadBalancing:\n enabled: true\n storageConfig:\n blockStorage:\n enabled: true\n vpcConfig:\n endpointPrivateAccess: true\n endpointPublicAccess: true\n subnetIds:\n - ${az1.id}\n - ${az2.id}\n - ${az3.id}\n options:\n dependsOn:\n - ${clusterAmazonEKSClusterPolicy}\n - ${clusterAmazonEKSComputePolicy}\n - ${clusterAmazonEKSBlockStoragePolicy}\n - ${clusterAmazonEKSLoadBalancingPolicy}\n - ${clusterAmazonEKSNetworkingPolicy}\n node:\n type: aws:iam:Role\n properties:\n name: eks-auto-node-example\n assumeRolePolicy:\n fn::toJSON:\n Version: 2012-10-17\n Statement:\n - Action:\n - sts:AssumeRole\n Effect: Allow\n Principal:\n Service: ec2.amazonaws.com\n nodeAmazonEKSWorkerNodeMinimalPolicy:\n type: aws:iam:RolePolicyAttachment\n name: node_AmazonEKSWorkerNodeMinimalPolicy\n properties:\n policyArn: arn:aws:iam::aws:policy/AmazonEKSWorkerNodeMinimalPolicy\n role: ${node.name}\n nodeAmazonEC2ContainerRegistryPullOnly:\n type: aws:iam:RolePolicyAttachment\n name: node_AmazonEC2ContainerRegistryPullOnly\n properties:\n policyArn: arn:aws:iam::aws:policy/AmazonEC2ContainerRegistryPullOnly\n role: ${node.name}\n cluster:\n type: aws:iam:Role\n properties:\n name: eks-cluster-example\n assumeRolePolicy:\n fn::toJSON:\n Version: 2012-10-17\n Statement:\n - Action:\n - sts:AssumeRole\n - sts:TagSession\n Effect: Allow\n Principal:\n Service: eks.amazonaws.com\n clusterAmazonEKSClusterPolicy:\n type: aws:iam:RolePolicyAttachment\n name: cluster_AmazonEKSClusterPolicy\n properties:\n policyArn: arn:aws:iam::aws:policy/AmazonEKSClusterPolicy\n role: ${cluster.name}\n clusterAmazonEKSComputePolicy:\n type: aws:iam:RolePolicyAttachment\n name: cluster_AmazonEKSComputePolicy\n properties:\n policyArn: arn:aws:iam::aws:policy/AmazonEKSComputePolicy\n role: ${cluster.name}\n clusterAmazonEKSBlockStoragePolicy:\n type: aws:iam:RolePolicyAttachment\n name: cluster_AmazonEKSBlockStoragePolicy\n properties:\n policyArn: arn:aws:iam::aws:policy/AmazonEKSBlockStoragePolicy\n role: ${cluster.name}\n clusterAmazonEKSLoadBalancingPolicy:\n type: aws:iam:RolePolicyAttachment\n name: cluster_AmazonEKSLoadBalancingPolicy\n properties:\n policyArn: arn:aws:iam::aws:policy/AmazonEKSLoadBalancingPolicy\n role: ${cluster.name}\n clusterAmazonEKSNetworkingPolicy:\n type: aws:iam:RolePolicyAttachment\n name: cluster_AmazonEKSNetworkingPolicy\n properties:\n policyArn: arn:aws:iam::aws:policy/AmazonEKSNetworkingPolicy\n role: ${cluster.name}\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n### EKS Cluster with EKS Hybrid Nodes\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```yaml\nresources:\n example:\n type: aws:eks:Cluster\n properties:\n name: example\n accessConfig:\n authenticationMode: API\n roleArn: ${cluster.arn}\n version: '1.31'\n clusterRemoteNetworkConfig:\n remoteNodeNetworks:\n cidrs:\n - 172.16.0.0/18\n remotePodNetworks:\n cidrs:\n - 172.16.64.0/18\n vpcConfig:\n endpointPrivateAccess: true\n endpointPublicAccess: true\n subnetIds:\n - ${az1.id}\n - ${az2.id}\n - ${az3.id}\n options:\n dependsOn:\n - ${clusterAmazonEKSClusterPolicy}\n cluster:\n type: aws:iam:Role\n properties:\n name: eks-cluster-example\n assumeRolePolicy:\n fn::toJSON:\n Version: 2012-10-17\n Statement:\n - Action:\n - sts:AssumeRole\n - sts:TagSession\n Effect: Allow\n Principal:\n Service: eks.amazonaws.com\n clusterAmazonEKSClusterPolicy:\n type: aws:iam:RolePolicyAttachment\n name: cluster_AmazonEKSClusterPolicy\n properties:\n policyArn: arn:aws:iam::aws:policy/AmazonEKSClusterPolicy\n role: ${cluster.name}\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n### Local EKS Cluster on AWS Outpost\n\n[Creating a local Amazon EKS cluster on an AWS Outpost](https://docs.aws.amazon.com/eks/latest/userguide/create-cluster-outpost.html)\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst example = aws.outposts.getOutpost({\n name: \"example\",\n});\nconst cluster = new aws.iam.Role(\"cluster\", {\n name: \"eks-cluster-example\",\n assumeRolePolicy: JSON.stringify({\n Version: \"2012-10-17\",\n Statement: [{\n Action: [\n \"sts:AssumeRole\",\n \"sts:TagSession\",\n ],\n Effect: \"Allow\",\n Principal: {\n Service: [\n \"eks.amazonaws.com\",\n \"ec2.amazonaws.com\",\n ],\n },\n }],\n }),\n});\nconst clusterAmazonEKSLocalOutpostClusterPolicy = new aws.iam.RolePolicyAttachment(\"cluster_AmazonEKSLocalOutpostClusterPolicy\", {\n policyArn: \"arn:aws:iam::aws:policy/AmazonEKSLocalOutpostClusterPolicy\",\n role: cluster.name,\n});\nconst exampleCluster = new aws.eks.Cluster(\"example\", {\n name: \"example\",\n accessConfig: {\n authenticationMode: \"CONFIG_MAP\",\n },\n roleArn: exampleAwsIamRole.arn,\n version: \"1.31\",\n vpcConfig: {\n endpointPrivateAccess: true,\n endpointPublicAccess: false,\n subnetIds: [\n az1.id,\n az2.id,\n az3.id,\n ],\n },\n outpostConfig: {\n controlPlaneInstanceType: \"m5.large\",\n outpostArns: [example.then(example =\u003e example.arn)],\n },\n}, {\n dependsOn: [clusterAmazonEKSLocalOutpostClusterPolicy],\n});\n```\n```python\nimport pulumi\nimport json\nimport pulumi_aws as aws\n\nexample = aws.outposts.get_outpost(name=\"example\")\ncluster = aws.iam.Role(\"cluster\",\n name=\"eks-cluster-example\",\n assume_role_policy=json.dumps({\n \"Version\": \"2012-10-17\",\n \"Statement\": [{\n \"Action\": [\n \"sts:AssumeRole\",\n \"sts:TagSession\",\n ],\n \"Effect\": \"Allow\",\n \"Principal\": {\n \"Service\": [\n \"eks.amazonaws.com\",\n \"ec2.amazonaws.com\",\n ],\n },\n }],\n }))\ncluster_amazon_eks_local_outpost_cluster_policy = aws.iam.RolePolicyAttachment(\"cluster_AmazonEKSLocalOutpostClusterPolicy\",\n policy_arn=\"arn:aws:iam::aws:policy/AmazonEKSLocalOutpostClusterPolicy\",\n role=cluster.name)\nexample_cluster = aws.eks.Cluster(\"example\",\n name=\"example\",\n access_config={\n \"authentication_mode\": \"CONFIG_MAP\",\n },\n role_arn=example_aws_iam_role[\"arn\"],\n version=\"1.31\",\n vpc_config={\n \"endpoint_private_access\": True,\n \"endpoint_public_access\": False,\n \"subnet_ids\": [\n az1[\"id\"],\n az2[\"id\"],\n az3[\"id\"],\n ],\n },\n outpost_config={\n \"control_plane_instance_type\": \"m5.large\",\n \"outpost_arns\": [example.arn],\n },\n opts = pulumi.ResourceOptions(depends_on=[cluster_amazon_eks_local_outpost_cluster_policy]))\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing System.Text.Json;\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var example = Aws.Outposts.GetOutpost.Invoke(new()\n {\n Name = \"example\",\n });\n\n var cluster = new Aws.Iam.Role(\"cluster\", new()\n {\n Name = \"eks-cluster-example\",\n AssumeRolePolicy = JsonSerializer.Serialize(new Dictionary\u003cstring, object?\u003e\n {\n [\"Version\"] = \"2012-10-17\",\n [\"Statement\"] = new[]\n {\n new Dictionary\u003cstring, object?\u003e\n {\n [\"Action\"] = new[]\n {\n \"sts:AssumeRole\",\n \"sts:TagSession\",\n },\n [\"Effect\"] = \"Allow\",\n [\"Principal\"] = new Dictionary\u003cstring, object?\u003e\n {\n [\"Service\"] = new[]\n {\n \"eks.amazonaws.com\",\n \"ec2.amazonaws.com\",\n },\n },\n },\n },\n }),\n });\n\n var clusterAmazonEKSLocalOutpostClusterPolicy = new Aws.Iam.RolePolicyAttachment(\"cluster_AmazonEKSLocalOutpostClusterPolicy\", new()\n {\n PolicyArn = \"arn:aws:iam::aws:policy/AmazonEKSLocalOutpostClusterPolicy\",\n Role = cluster.Name,\n });\n\n var exampleCluster = new Aws.Eks.Cluster(\"example\", new()\n {\n Name = \"example\",\n AccessConfig = new Aws.Eks.Inputs.ClusterAccessConfigArgs\n {\n AuthenticationMode = \"CONFIG_MAP\",\n },\n RoleArn = exampleAwsIamRole.Arn,\n Version = \"1.31\",\n VpcConfig = new Aws.Eks.Inputs.ClusterVpcConfigArgs\n {\n EndpointPrivateAccess = true,\n EndpointPublicAccess = false,\n SubnetIds = new[]\n {\n az1.Id,\n az2.Id,\n az3.Id,\n },\n },\n OutpostConfig = new Aws.Eks.Inputs.ClusterOutpostConfigArgs\n {\n ControlPlaneInstanceType = \"m5.large\",\n OutpostArns = new[]\n {\n example.Apply(getOutpostResult =\u003e getOutpostResult.Arn),\n },\n },\n }, new CustomResourceOptions\n {\n DependsOn =\n {\n clusterAmazonEKSLocalOutpostClusterPolicy,\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"encoding/json\"\n\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/eks\"\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/iam\"\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/outposts\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\texample, err := outposts.GetOutpost(ctx, \u0026outposts.GetOutpostArgs{\n\t\t\tName: pulumi.StringRef(\"example\"),\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\ttmpJSON0, err := json.Marshal(map[string]interface{}{\n\t\t\t\"Version\": \"2012-10-17\",\n\t\t\t\"Statement\": []map[string]interface{}{\n\t\t\t\tmap[string]interface{}{\n\t\t\t\t\t\"Action\": []string{\n\t\t\t\t\t\t\"sts:AssumeRole\",\n\t\t\t\t\t\t\"sts:TagSession\",\n\t\t\t\t\t},\n\t\t\t\t\t\"Effect\": \"Allow\",\n\t\t\t\t\t\"Principal\": map[string]interface{}{\n\t\t\t\t\t\t\"Service\": []string{\n\t\t\t\t\t\t\t\"eks.amazonaws.com\",\n\t\t\t\t\t\t\t\"ec2.amazonaws.com\",\n\t\t\t\t\t\t},\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tjson0 := string(tmpJSON0)\n\t\tcluster, err := iam.NewRole(ctx, \"cluster\", \u0026iam.RoleArgs{\n\t\t\tName: pulumi.String(\"eks-cluster-example\"),\n\t\t\tAssumeRolePolicy: pulumi.String(json0),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tclusterAmazonEKSLocalOutpostClusterPolicy, err := iam.NewRolePolicyAttachment(ctx, \"cluster_AmazonEKSLocalOutpostClusterPolicy\", \u0026iam.RolePolicyAttachmentArgs{\n\t\t\tPolicyArn: pulumi.String(\"arn:aws:iam::aws:policy/AmazonEKSLocalOutpostClusterPolicy\"),\n\t\t\tRole: cluster.Name,\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = eks.NewCluster(ctx, \"example\", \u0026eks.ClusterArgs{\n\t\t\tName: pulumi.String(\"example\"),\n\t\t\tAccessConfig: \u0026eks.ClusterAccessConfigArgs{\n\t\t\t\tAuthenticationMode: pulumi.String(\"CONFIG_MAP\"),\n\t\t\t},\n\t\t\tRoleArn: pulumi.Any(exampleAwsIamRole.Arn),\n\t\t\tVersion: pulumi.String(\"1.31\"),\n\t\t\tVpcConfig: \u0026eks.ClusterVpcConfigArgs{\n\t\t\t\tEndpointPrivateAccess: pulumi.Bool(true),\n\t\t\t\tEndpointPublicAccess: pulumi.Bool(false),\n\t\t\t\tSubnetIds: pulumi.StringArray{\n\t\t\t\t\taz1.Id,\n\t\t\t\t\taz2.Id,\n\t\t\t\t\taz3.Id,\n\t\t\t\t},\n\t\t\t},\n\t\t\tOutpostConfig: \u0026eks.ClusterOutpostConfigArgs{\n\t\t\t\tControlPlaneInstanceType: pulumi.String(\"m5.large\"),\n\t\t\t\tOutpostArns: pulumi.StringArray{\n\t\t\t\t\tpulumi.String(example.Arn),\n\t\t\t\t},\n\t\t\t},\n\t\t}, pulumi.DependsOn([]pulumi.Resource{\n\t\t\tclusterAmazonEKSLocalOutpostClusterPolicy,\n\t\t}))\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.aws.outposts.OutpostsFunctions;\nimport com.pulumi.aws.outposts.inputs.GetOutpostArgs;\nimport com.pulumi.aws.iam.Role;\nimport com.pulumi.aws.iam.RoleArgs;\nimport com.pulumi.aws.iam.RolePolicyAttachment;\nimport com.pulumi.aws.iam.RolePolicyAttachmentArgs;\nimport com.pulumi.aws.eks.Cluster;\nimport com.pulumi.aws.eks.ClusterArgs;\nimport com.pulumi.aws.eks.inputs.ClusterAccessConfigArgs;\nimport com.pulumi.aws.eks.inputs.ClusterVpcConfigArgs;\nimport com.pulumi.aws.eks.inputs.ClusterOutpostConfigArgs;\nimport static com.pulumi.codegen.internal.Serialization.*;\nimport com.pulumi.resources.CustomResourceOptions;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var example = OutpostsFunctions.getOutpost(GetOutpostArgs.builder()\n .name(\"example\")\n .build());\n\n var cluster = new Role(\"cluster\", RoleArgs.builder()\n .name(\"eks-cluster-example\")\n .assumeRolePolicy(serializeJson(\n jsonObject(\n jsonProperty(\"Version\", \"2012-10-17\"),\n jsonProperty(\"Statement\", jsonArray(jsonObject(\n jsonProperty(\"Action\", jsonArray(\n \"sts:AssumeRole\", \n \"sts:TagSession\"\n )),\n jsonProperty(\"Effect\", \"Allow\"),\n jsonProperty(\"Principal\", jsonObject(\n jsonProperty(\"Service\", jsonArray(\n \"eks.amazonaws.com\", \n \"ec2.amazonaws.com\"\n ))\n ))\n )))\n )))\n .build());\n\n var clusterAmazonEKSLocalOutpostClusterPolicy = new RolePolicyAttachment(\"clusterAmazonEKSLocalOutpostClusterPolicy\", RolePolicyAttachmentArgs.builder()\n .policyArn(\"arn:aws:iam::aws:policy/AmazonEKSLocalOutpostClusterPolicy\")\n .role(cluster.name())\n .build());\n\n var exampleCluster = new Cluster(\"exampleCluster\", ClusterArgs.builder()\n .name(\"example\")\n .accessConfig(ClusterAccessConfigArgs.builder()\n .authenticationMode(\"CONFIG_MAP\")\n .build())\n .roleArn(exampleAwsIamRole.arn())\n .version(\"1.31\")\n .vpcConfig(ClusterVpcConfigArgs.builder()\n .endpointPrivateAccess(true)\n .endpointPublicAccess(false)\n .subnetIds( \n az1.id(),\n az2.id(),\n az3.id())\n .build())\n .outpostConfig(ClusterOutpostConfigArgs.builder()\n .controlPlaneInstanceType(\"m5.large\")\n .outpostArns(example.applyValue(getOutpostResult -\u003e getOutpostResult.arn()))\n .build())\n .build(), CustomResourceOptions.builder()\n .dependsOn(clusterAmazonEKSLocalOutpostClusterPolicy)\n .build());\n\n }\n}\n```\n```yaml\nresources:\n exampleCluster:\n type: aws:eks:Cluster\n name: example\n properties:\n name: example\n accessConfig:\n authenticationMode: CONFIG_MAP\n roleArn: ${exampleAwsIamRole.arn}\n version: '1.31'\n vpcConfig:\n endpointPrivateAccess: true\n endpointPublicAccess: false\n subnetIds:\n - ${az1.id}\n - ${az2.id}\n - ${az3.id}\n outpostConfig:\n controlPlaneInstanceType: m5.large\n outpostArns:\n - ${example.arn}\n options:\n dependsOn:\n - ${clusterAmazonEKSLocalOutpostClusterPolicy}\n cluster:\n type: aws:iam:Role\n properties:\n name: eks-cluster-example\n assumeRolePolicy:\n fn::toJSON:\n Version: 2012-10-17\n Statement:\n - Action:\n - sts:AssumeRole\n - sts:TagSession\n Effect: Allow\n Principal:\n Service:\n - eks.amazonaws.com\n - ec2.amazonaws.com\n clusterAmazonEKSLocalOutpostClusterPolicy:\n type: aws:iam:RolePolicyAttachment\n name: cluster_AmazonEKSLocalOutpostClusterPolicy\n properties:\n policyArn: arn:aws:iam::aws:policy/AmazonEKSLocalOutpostClusterPolicy\n role: ${cluster.name}\nvariables:\n example:\n fn::invoke:\n function: aws:outposts:getOutpost\n arguments:\n name: example\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nUsing `pulumi import`, import EKS Clusters using the `name`. For example:\n\n```sh\n$ pulumi import aws:eks/cluster:Cluster my_cluster my_cluster\n```\n", "properties": { "accessConfig": { "$ref": "#/types/aws:eks/ClusterAccessConfig:ClusterAccessConfig", @@ -259581,7 +260012,7 @@ }, "atRestEncryptionEnabled": { "type": "boolean", - "description": "Whether to enable encryption at rest.\n" + "description": "Whether to enable encryption at rest.\nWhen `engine` is `redis`, default is `false`.\nWhen `engine` is `valkey`, default is `true`.\n" }, "authToken": { "type": "string", @@ -259622,7 +260053,7 @@ }, "engine": { "type": "string", - "description": "Name of the cache engine to be used for the clusters in this replication group. Valid values are `redis` or `valkey`.\n" + "description": "Name of the cache engine to be used for the clusters in this replication group.\nValid values are `redis` or `valkey`.\nDefault is `redis`.\n" }, "engineVersion": { "type": "string", @@ -259829,7 +260260,7 @@ }, "atRestEncryptionEnabled": { "type": "boolean", - "description": "Whether to enable encryption at rest.\n", + "description": "Whether to enable encryption at rest.\nWhen `engine` is `redis`, default is `false`.\nWhen `engine` is `valkey`, default is `true`.\n", "willReplaceOnChanges": true }, "authToken": { @@ -259864,7 +260295,7 @@ }, "engine": { "type": "string", - "description": "Name of the cache engine to be used for the clusters in this replication group. Valid values are `redis` or `valkey`.\n" + "description": "Name of the cache engine to be used for the clusters in this replication group.\nValid values are `redis` or `valkey`.\nDefault is `redis`.\n" }, "engineVersion": { "type": "string", @@ -260029,7 +260460,7 @@ }, "atRestEncryptionEnabled": { "type": "boolean", - "description": "Whether to enable encryption at rest.\n", + "description": "Whether to enable encryption at rest.\nWhen `engine` is `redis`, default is `false`.\nWhen `engine` is `valkey`, default is `true`.\n", "willReplaceOnChanges": true }, "authToken": { @@ -260072,7 +260503,7 @@ }, "engine": { "type": "string", - "description": "Name of the cache engine to be used for the clusters in this replication group. Valid values are `redis` or `valkey`.\n" + "description": "Name of the cache engine to be used for the clusters in this replication group.\nValid values are `redis` or `valkey`.\nDefault is `redis`.\n" }, "engineVersion": { "type": "string", @@ -269020,6 +269451,10 @@ "type": "string", "description": "The type of drive cache used by `PERSISTENT_1` filesystems that are provisioned with `HDD` storage_type. Required for `HDD` storage_type, set to either `READ` or `NONE`.\n" }, + "efaEnabled": { + "type": "boolean", + "description": "Adds support for Elastic Fabric Adapter (EFA) and GPUDirect Storage (GDS) to Lustre. This must be set at creation. If set this cannot be changed and this prevents changes to `per_unit_storage_throughput`. This is only supported when deployment_type is set to `PERSISTENT_2`, `metadata_configuration` is used, and an EFA-enabled security group is attached.\n" + }, "exportPath": { "type": "string", "description": "S3 URI (with optional prefix) where the root of your Amazon FSx file system is exported. Can only be specified with `import_path` argument and the path must use the same Amazon S3 bucket as specified in `import_path`. Set equal to `import_path` to overwrite files on export. Defaults to `s3://{IMPORT BUCKET}/FSxLustre{CREATION TIMESTAMP}`. Only supported on `PERSISTENT_1` deployment types.\n" @@ -269131,6 +269566,7 @@ "automaticBackupRetentionDays", "dailyAutomaticBackupStartTime", "dnsName", + "efaEnabled", "exportPath", "fileSystemTypeVersion", "importedFileChunkSize", @@ -269182,6 +269618,11 @@ "description": "The type of drive cache used by `PERSISTENT_1` filesystems that are provisioned with `HDD` storage_type. Required for `HDD` storage_type, set to either `READ` or `NONE`.\n", "willReplaceOnChanges": true }, + "efaEnabled": { + "type": "boolean", + "description": "Adds support for Elastic Fabric Adapter (EFA) and GPUDirect Storage (GDS) to Lustre. This must be set at creation. If set this cannot be changed and this prevents changes to `per_unit_storage_throughput`. This is only supported when deployment_type is set to `PERSISTENT_2`, `metadata_configuration` is used, and an EFA-enabled security group is attached.\n", + "willReplaceOnChanges": true + }, "exportPath": { "type": "string", "description": "S3 URI (with optional prefix) where the root of your Amazon FSx file system is exported. Can only be specified with `import_path` argument and the path must use the same Amazon S3 bucket as specified in `import_path`. Set equal to `import_path` to overwrite files on export. Defaults to `s3://{IMPORT BUCKET}/FSxLustre{CREATION TIMESTAMP}`. Only supported on `PERSISTENT_1` deployment types.\n", @@ -269318,6 +269759,11 @@ "description": "The type of drive cache used by `PERSISTENT_1` filesystems that are provisioned with `HDD` storage_type. Required for `HDD` storage_type, set to either `READ` or `NONE`.\n", "willReplaceOnChanges": true }, + "efaEnabled": { + "type": "boolean", + "description": "Adds support for Elastic Fabric Adapter (EFA) and GPUDirect Storage (GDS) to Lustre. This must be set at creation. If set this cannot be changed and this prevents changes to `per_unit_storage_throughput`. This is only supported when deployment_type is set to `PERSISTENT_2`, `metadata_configuration` is used, and an EFA-enabled security group is attached.\n", + "willReplaceOnChanges": true + }, "exportPath": { "type": "string", "description": "S3 URI (with optional prefix) where the root of your Amazon FSx file system is exported. Can only be specified with `import_path` argument and the path must use the same Amazon S3 bucket as specified in `import_path`. Set equal to `import_path` to overwrite files on export. Defaults to `s3://{IMPORT BUCKET}/FSxLustre{CREATION TIMESTAMP}`. Only supported on `PERSISTENT_1` deployment types.\n", @@ -292947,7 +293393,7 @@ } }, "aws:lakeformation/permissions:Permissions": { - "description": "Grants permissions to the principal to access metadata in the Data Catalog and data organized in underlying data storage such as Amazon S3. Permissions are granted to a principal, in a Data Catalog, relative to a Lake Formation resource, which includes the Data Catalog, databases, tables, LF-tags, and LF-tag policies. For more information, see [Security and Access Control to Metadata and Data in Lake Formation](https://docs.aws.amazon.com/lake-formation/latest/dg/security-data-access.html).\n\n!\u003e **WARNING:** Lake Formation permissions are not in effect by default within AWS. Using this resource will not secure your data and will result in errors if you do not change the security settings for existing resources and the default security settings for new resources. See Default Behavior and `IAMAllowedPrincipals` for additional details.\n\n\u003e **NOTE:** In general, the `principal` should _NOT_ be a Lake Formation administrator or the entity (e.g., IAM role) that is running the deployment. Administrators have implicit permissions. These should be managed by granting or not granting administrator rights using `aws.lakeformation.DataLakeSettings`, _not_ with this resource.\n\n## Default Behavior and `IAMAllowedPrincipals`\n\n**_Lake Formation permissions are not in effect by default within AWS._** `IAMAllowedPrincipals` (i.e., `IAM_ALLOWED_PRINCIPALS`) conflicts with individual Lake Formation permissions (i.e., non-`IAMAllowedPrincipals` permissions), will cause unexpected behavior, and may result in errors.\n\nWhen using Lake Formation, choose ONE of the following options as they are mutually exclusive:\n\n1. Use this resource (`aws.lakeformation.Permissions`), change the default security settings using `aws.lakeformation.DataLakeSettings`, and remove existing `IAMAllowedPrincipals` permissions\n2. Use `IAMAllowedPrincipals` without `aws.lakeformation.Permissions`\n\nThis example shows removing the `IAMAllowedPrincipals` default security settings and making the caller a Lake Formation admin. Since `create_database_default_permissions` and `create_table_default_permissions` are not set in the `aws.lakeformation.DataLakeSettings` resource, they are cleared.\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst current = aws.getCallerIdentity({});\nconst currentGetSessionContext = current.then(current =\u003e aws.iam.getSessionContext({\n arn: current.arn,\n}));\nconst test = new aws.lakeformation.DataLakeSettings(\"test\", {admins: [currentGetSessionContext.then(currentGetSessionContext =\u003e currentGetSessionContext.issuerArn)]});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\ncurrent = aws.get_caller_identity()\ncurrent_get_session_context = aws.iam.get_session_context(arn=current.arn)\ntest = aws.lakeformation.DataLakeSettings(\"test\", admins=[current_get_session_context.issuer_arn])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var current = Aws.GetCallerIdentity.Invoke();\n\n var currentGetSessionContext = Aws.Iam.GetSessionContext.Invoke(new()\n {\n Arn = current.Apply(getCallerIdentityResult =\u003e getCallerIdentityResult.Arn),\n });\n\n var test = new Aws.LakeFormation.DataLakeSettings(\"test\", new()\n {\n Admins = new[]\n {\n currentGetSessionContext.Apply(getSessionContextResult =\u003e getSessionContextResult.IssuerArn),\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws\"\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/iam\"\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/lakeformation\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tcurrent, err := aws.GetCallerIdentity(ctx, \u0026aws.GetCallerIdentityArgs{}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tcurrentGetSessionContext, err := iam.GetSessionContext(ctx, \u0026iam.GetSessionContextArgs{\n\t\t\tArn: current.Arn,\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = lakeformation.NewDataLakeSettings(ctx, \"test\", \u0026lakeformation.DataLakeSettingsArgs{\n\t\t\tAdmins: pulumi.StringArray{\n\t\t\t\tpulumi.String(currentGetSessionContext.IssuerArn),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.aws.AwsFunctions;\nimport com.pulumi.aws.inputs.GetCallerIdentityArgs;\nimport com.pulumi.aws.iam.IamFunctions;\nimport com.pulumi.aws.iam.inputs.GetSessionContextArgs;\nimport com.pulumi.aws.lakeformation.DataLakeSettings;\nimport com.pulumi.aws.lakeformation.DataLakeSettingsArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var current = AwsFunctions.getCallerIdentity();\n\n final var currentGetSessionContext = IamFunctions.getSessionContext(GetSessionContextArgs.builder()\n .arn(current.applyValue(getCallerIdentityResult -\u003e getCallerIdentityResult.arn()))\n .build());\n\n var test = new DataLakeSettings(\"test\", DataLakeSettingsArgs.builder()\n .admins(currentGetSessionContext.applyValue(getSessionContextResult -\u003e getSessionContextResult.issuerArn()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n test:\n type: aws:lakeformation:DataLakeSettings\n properties:\n admins:\n - ${currentGetSessionContext.issuerArn}\nvariables:\n current:\n fn::invoke:\n function: aws:getCallerIdentity\n arguments: {}\n currentGetSessionContext:\n fn::invoke:\n function: aws:iam:getSessionContext\n arguments:\n arn: ${current.arn}\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\nTo remove existing `IAMAllowedPrincipals` permissions, use the [AWS Lake Formation Console](https://console.aws.amazon.com/lakeformation/) or [AWS CLI](https://awscli.amazonaws.com/v2/documentation/api/latest/reference/lakeformation/batch-revoke-permissions.html).\n\n`IAMAllowedPrincipals` is a hook to maintain backwards compatibility with AWS Glue. `IAMAllowedPrincipals` is a pseudo-entity group that acts like a Lake Formation principal. The group includes any IAM users and roles that are allowed access to your Data Catalog resources by your IAM policies.\n\nThis is Lake Formation's default behavior:\n\n* Lake Formation grants `Super` permission to `IAMAllowedPrincipals` on all existing AWS Glue Data Catalog resources.\n* Lake Formation enables \"Use only IAM access control\" for new Data Catalog resources.\n\nFor more details, see [Changing the Default Security Settings for Your Data Lake](https://docs.aws.amazon.com/lake-formation/latest/dg/change-settings.html).\n\n### Problem Using `IAMAllowedPrincipals`\n\nAWS does not support combining `IAMAllowedPrincipals` permissions and non-`IAMAllowedPrincipals` permissions. Doing so results in unexpected permissions and behaviors. For example, this configuration grants a user `SELECT` on a column in a table.\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst example = new aws.glue.CatalogDatabase(\"example\", {name: \"sadabate\"});\nconst exampleCatalogTable = new aws.glue.CatalogTable(\"example\", {\n name: \"abelt\",\n databaseName: test.name,\n storageDescriptor: {\n columns: [{\n name: \"event\",\n type: \"string\",\n }],\n },\n});\nconst examplePermissions = new aws.lakeformation.Permissions(\"example\", {\n permissions: [\"SELECT\"],\n principal: \"arn:aws:iam:us-east-1:123456789012:user/SanHolo\",\n tableWithColumns: {\n databaseName: exampleCatalogTable.databaseName,\n name: exampleCatalogTable.name,\n columnNames: [\"event\"],\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nexample = aws.glue.CatalogDatabase(\"example\", name=\"sadabate\")\nexample_catalog_table = aws.glue.CatalogTable(\"example\",\n name=\"abelt\",\n database_name=test[\"name\"],\n storage_descriptor={\n \"columns\": [{\n \"name\": \"event\",\n \"type\": \"string\",\n }],\n })\nexample_permissions = aws.lakeformation.Permissions(\"example\",\n permissions=[\"SELECT\"],\n principal=\"arn:aws:iam:us-east-1:123456789012:user/SanHolo\",\n table_with_columns={\n \"database_name\": example_catalog_table.database_name,\n \"name\": example_catalog_table.name,\n \"column_names\": [\"event\"],\n })\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var example = new Aws.Glue.CatalogDatabase(\"example\", new()\n {\n Name = \"sadabate\",\n });\n\n var exampleCatalogTable = new Aws.Glue.CatalogTable(\"example\", new()\n {\n Name = \"abelt\",\n DatabaseName = test.Name,\n StorageDescriptor = new Aws.Glue.Inputs.CatalogTableStorageDescriptorArgs\n {\n Columns = new[]\n {\n new Aws.Glue.Inputs.CatalogTableStorageDescriptorColumnArgs\n {\n Name = \"event\",\n Type = \"string\",\n },\n },\n },\n });\n\n var examplePermissions = new Aws.LakeFormation.Permissions(\"example\", new()\n {\n PermissionDetails = new[]\n {\n \"SELECT\",\n },\n Principal = \"arn:aws:iam:us-east-1:123456789012:user/SanHolo\",\n TableWithColumns = new Aws.LakeFormation.Inputs.PermissionsTableWithColumnsArgs\n {\n DatabaseName = exampleCatalogTable.DatabaseName,\n Name = exampleCatalogTable.Name,\n ColumnNames = new[]\n {\n \"event\",\n },\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/glue\"\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/lakeformation\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := glue.NewCatalogDatabase(ctx, \"example\", \u0026glue.CatalogDatabaseArgs{\n\t\t\tName: pulumi.String(\"sadabate\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\texampleCatalogTable, err := glue.NewCatalogTable(ctx, \"example\", \u0026glue.CatalogTableArgs{\n\t\t\tName: pulumi.String(\"abelt\"),\n\t\t\tDatabaseName: pulumi.Any(test.Name),\n\t\t\tStorageDescriptor: \u0026glue.CatalogTableStorageDescriptorArgs{\n\t\t\t\tColumns: glue.CatalogTableStorageDescriptorColumnArray{\n\t\t\t\t\t\u0026glue.CatalogTableStorageDescriptorColumnArgs{\n\t\t\t\t\t\tName: pulumi.String(\"event\"),\n\t\t\t\t\t\tType: pulumi.String(\"string\"),\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = lakeformation.NewPermissions(ctx, \"example\", \u0026lakeformation.PermissionsArgs{\n\t\t\tPermissions: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"SELECT\"),\n\t\t\t},\n\t\t\tPrincipal: pulumi.String(\"arn:aws:iam:us-east-1:123456789012:user/SanHolo\"),\n\t\t\tTableWithColumns: \u0026lakeformation.PermissionsTableWithColumnsArgs{\n\t\t\t\tDatabaseName: exampleCatalogTable.DatabaseName,\n\t\t\t\tName: exampleCatalogTable.Name,\n\t\t\t\tColumnNames: pulumi.StringArray{\n\t\t\t\t\tpulumi.String(\"event\"),\n\t\t\t\t},\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.aws.glue.CatalogDatabase;\nimport com.pulumi.aws.glue.CatalogDatabaseArgs;\nimport com.pulumi.aws.glue.CatalogTable;\nimport com.pulumi.aws.glue.CatalogTableArgs;\nimport com.pulumi.aws.glue.inputs.CatalogTableStorageDescriptorArgs;\nimport com.pulumi.aws.lakeformation.Permissions;\nimport com.pulumi.aws.lakeformation.PermissionsArgs;\nimport com.pulumi.aws.lakeformation.inputs.PermissionsTableWithColumnsArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var example = new CatalogDatabase(\"example\", CatalogDatabaseArgs.builder()\n .name(\"sadabate\")\n .build());\n\n var exampleCatalogTable = new CatalogTable(\"exampleCatalogTable\", CatalogTableArgs.builder()\n .name(\"abelt\")\n .databaseName(test.name())\n .storageDescriptor(CatalogTableStorageDescriptorArgs.builder()\n .columns(CatalogTableStorageDescriptorColumnArgs.builder()\n .name(\"event\")\n .type(\"string\")\n .build())\n .build())\n .build());\n\n var examplePermissions = new Permissions(\"examplePermissions\", PermissionsArgs.builder()\n .permissions(\"SELECT\")\n .principal(\"arn:aws:iam:us-east-1:123456789012:user/SanHolo\")\n .tableWithColumns(PermissionsTableWithColumnsArgs.builder()\n .databaseName(exampleCatalogTable.databaseName())\n .name(exampleCatalogTable.name())\n .columnNames(\"event\")\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n example:\n type: aws:glue:CatalogDatabase\n properties:\n name: sadabate\n exampleCatalogTable:\n type: aws:glue:CatalogTable\n name: example\n properties:\n name: abelt\n databaseName: ${test.name}\n storageDescriptor:\n columns:\n - name: event\n type: string\n examplePermissions:\n type: aws:lakeformation:Permissions\n name: example\n properties:\n permissions:\n - SELECT\n principal: arn:aws:iam:us-east-1:123456789012:user/SanHolo\n tableWithColumns:\n databaseName: ${exampleCatalogTable.databaseName}\n name: ${exampleCatalogTable.name}\n columnNames:\n - event\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\nThe resulting permissions depend on whether the table had `IAMAllowedPrincipals` (IAP) permissions or not.\n\n| Result With IAP | Result Without IAP |\n| ---- | ---- |\n| `SELECT` column wildcard (i.e., all columns) | `SELECT` on `\"event\"` (as expected) |\n\n## Using Lake Formation Permissions\n\nLake Formation grants implicit permissions to data lake administrators, database creators, and table creators. These implicit permissions cannot be revoked _per se_. If this resource reads implicit permissions, it will attempt to revoke them, which causes an error when the resource is destroyed.\n\nThere are two ways to avoid these errors. First, and the way we recommend, is to avoid using this resource with principals that have implicit permissions. A second, error-prone option, is to grant explicit permissions (and `permissions_with_grant_option`) to \"overwrite\" a principal's implicit permissions, which you can then revoke with this resource. For more information, see [Implicit Lake Formation Permissions](https://docs.aws.amazon.com/lake-formation/latest/dg/implicit-permissions.html).\n\nIf the `principal` is also a data lake administrator, AWS grants implicit permissions that can cause errors using this resource. For example, AWS implicitly grants a `principal`/administrator `permissions` and `permissions_with_grant_option` of `ALL`, `ALTER`, `DELETE`, `DESCRIBE`, `DROP`, `INSERT`, and `SELECT` on a table. If you use this resource to explicitly grant the `principal`/administrator `permissions` but _not_ `permissions_with_grant_option` of `ALL`, `ALTER`, `DELETE`, `DESCRIBE`, `DROP`, `INSERT`, and `SELECT` on the table, this resource will read the implicit `permissions_with_grant_option` and attempt to revoke them when the resource is destroyed. Doing so will cause an `InvalidInputException: No permissions revoked` error because you cannot revoke implicit permissions _per se_. To workaround this problem, explicitly grant the `principal`/administrator `permissions` _and_ `permissions_with_grant_option`, which can then be revoked. Similarly, granting a `principal`/administrator permissions on a table with columns and providing `column_names`, will result in a `InvalidInputException: Permissions modification is invalid` error because you are narrowing the implicit permissions. Instead, set `wildcard` to `true` and remove the `column_names`.\n\n## Example Usage\n\n### Grant Permissions For A Lake Formation S3 Resource\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst example = new aws.lakeformation.Permissions(\"example\", {\n principal: workflowRole.arn,\n permissions: [\"DATA_LOCATION_ACCESS\"],\n dataLocation: {\n arn: exampleAwsLakeformationResource.arn,\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nexample = aws.lakeformation.Permissions(\"example\",\n principal=workflow_role[\"arn\"],\n permissions=[\"DATA_LOCATION_ACCESS\"],\n data_location={\n \"arn\": example_aws_lakeformation_resource[\"arn\"],\n })\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var example = new Aws.LakeFormation.Permissions(\"example\", new()\n {\n Principal = workflowRole.Arn,\n PermissionDetails = new[]\n {\n \"DATA_LOCATION_ACCESS\",\n },\n DataLocation = new Aws.LakeFormation.Inputs.PermissionsDataLocationArgs\n {\n Arn = exampleAwsLakeformationResource.Arn,\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/lakeformation\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := lakeformation.NewPermissions(ctx, \"example\", \u0026lakeformation.PermissionsArgs{\n\t\t\tPrincipal: pulumi.Any(workflowRole.Arn),\n\t\t\tPermissions: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"DATA_LOCATION_ACCESS\"),\n\t\t\t},\n\t\t\tDataLocation: \u0026lakeformation.PermissionsDataLocationArgs{\n\t\t\t\tArn: pulumi.Any(exampleAwsLakeformationResource.Arn),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.aws.lakeformation.Permissions;\nimport com.pulumi.aws.lakeformation.PermissionsArgs;\nimport com.pulumi.aws.lakeformation.inputs.PermissionsDataLocationArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var example = new Permissions(\"example\", PermissionsArgs.builder()\n .principal(workflowRole.arn())\n .permissions(\"DATA_LOCATION_ACCESS\")\n .dataLocation(PermissionsDataLocationArgs.builder()\n .arn(exampleAwsLakeformationResource.arn())\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n example:\n type: aws:lakeformation:Permissions\n properties:\n principal: ${workflowRole.arn}\n permissions:\n - DATA_LOCATION_ACCESS\n dataLocation:\n arn: ${exampleAwsLakeformationResource.arn}\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n### Grant Permissions For A Glue Catalog Database\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst example = new aws.lakeformation.Permissions(\"example\", {\n principal: workflowRole.arn,\n permissions: [\n \"CREATE_TABLE\",\n \"ALTER\",\n \"DROP\",\n ],\n database: {\n name: exampleAwsGlueCatalogDatabase.name,\n catalogId: \"110376042874\",\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nexample = aws.lakeformation.Permissions(\"example\",\n principal=workflow_role[\"arn\"],\n permissions=[\n \"CREATE_TABLE\",\n \"ALTER\",\n \"DROP\",\n ],\n database={\n \"name\": example_aws_glue_catalog_database[\"name\"],\n \"catalog_id\": \"110376042874\",\n })\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var example = new Aws.LakeFormation.Permissions(\"example\", new()\n {\n Principal = workflowRole.Arn,\n PermissionDetails = new[]\n {\n \"CREATE_TABLE\",\n \"ALTER\",\n \"DROP\",\n },\n Database = new Aws.LakeFormation.Inputs.PermissionsDatabaseArgs\n {\n Name = exampleAwsGlueCatalogDatabase.Name,\n CatalogId = \"110376042874\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/lakeformation\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := lakeformation.NewPermissions(ctx, \"example\", \u0026lakeformation.PermissionsArgs{\n\t\t\tPrincipal: pulumi.Any(workflowRole.Arn),\n\t\t\tPermissions: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"CREATE_TABLE\"),\n\t\t\t\tpulumi.String(\"ALTER\"),\n\t\t\t\tpulumi.String(\"DROP\"),\n\t\t\t},\n\t\t\tDatabase: \u0026lakeformation.PermissionsDatabaseArgs{\n\t\t\t\tName: pulumi.Any(exampleAwsGlueCatalogDatabase.Name),\n\t\t\t\tCatalogId: pulumi.String(\"110376042874\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.aws.lakeformation.Permissions;\nimport com.pulumi.aws.lakeformation.PermissionsArgs;\nimport com.pulumi.aws.lakeformation.inputs.PermissionsDatabaseArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var example = new Permissions(\"example\", PermissionsArgs.builder()\n .principal(workflowRole.arn())\n .permissions( \n \"CREATE_TABLE\",\n \"ALTER\",\n \"DROP\")\n .database(PermissionsDatabaseArgs.builder()\n .name(exampleAwsGlueCatalogDatabase.name())\n .catalogId(\"110376042874\")\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n example:\n type: aws:lakeformation:Permissions\n properties:\n principal: ${workflowRole.arn}\n permissions:\n - CREATE_TABLE\n - ALTER\n - DROP\n database:\n name: ${exampleAwsGlueCatalogDatabase.name}\n catalogId: '110376042874'\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n### Grant Permissions Using Tag-Based Access Control\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst test = new aws.lakeformation.Permissions(\"test\", {\n principal: salesRole.arn,\n permissions: [\n \"CREATE_TABLE\",\n \"ALTER\",\n \"DROP\",\n ],\n lfTagPolicy: {\n resourceType: \"DATABASE\",\n expressions: [\n {\n key: \"Team\",\n values: [\"Sales\"],\n },\n {\n key: \"Environment\",\n values: [\n \"Dev\",\n \"Production\",\n ],\n },\n ],\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\ntest = aws.lakeformation.Permissions(\"test\",\n principal=sales_role[\"arn\"],\n permissions=[\n \"CREATE_TABLE\",\n \"ALTER\",\n \"DROP\",\n ],\n lf_tag_policy={\n \"resource_type\": \"DATABASE\",\n \"expressions\": [\n {\n \"key\": \"Team\",\n \"values\": [\"Sales\"],\n },\n {\n \"key\": \"Environment\",\n \"values\": [\n \"Dev\",\n \"Production\",\n ],\n },\n ],\n })\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var test = new Aws.LakeFormation.Permissions(\"test\", new()\n {\n Principal = salesRole.Arn,\n PermissionDetails = new[]\n {\n \"CREATE_TABLE\",\n \"ALTER\",\n \"DROP\",\n },\n LfTagPolicy = new Aws.LakeFormation.Inputs.PermissionsLfTagPolicyArgs\n {\n ResourceType = \"DATABASE\",\n Expressions = new[]\n {\n new Aws.LakeFormation.Inputs.PermissionsLfTagPolicyExpressionArgs\n {\n Key = \"Team\",\n Values = new[]\n {\n \"Sales\",\n },\n },\n new Aws.LakeFormation.Inputs.PermissionsLfTagPolicyExpressionArgs\n {\n Key = \"Environment\",\n Values = new[]\n {\n \"Dev\",\n \"Production\",\n },\n },\n },\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/lakeformation\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := lakeformation.NewPermissions(ctx, \"test\", \u0026lakeformation.PermissionsArgs{\n\t\t\tPrincipal: pulumi.Any(salesRole.Arn),\n\t\t\tPermissions: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"CREATE_TABLE\"),\n\t\t\t\tpulumi.String(\"ALTER\"),\n\t\t\t\tpulumi.String(\"DROP\"),\n\t\t\t},\n\t\t\tLfTagPolicy: \u0026lakeformation.PermissionsLfTagPolicyArgs{\n\t\t\t\tResourceType: pulumi.String(\"DATABASE\"),\n\t\t\t\tExpressions: lakeformation.PermissionsLfTagPolicyExpressionArray{\n\t\t\t\t\t\u0026lakeformation.PermissionsLfTagPolicyExpressionArgs{\n\t\t\t\t\t\tKey: pulumi.String(\"Team\"),\n\t\t\t\t\t\tValues: pulumi.StringArray{\n\t\t\t\t\t\t\tpulumi.String(\"Sales\"),\n\t\t\t\t\t\t},\n\t\t\t\t\t},\n\t\t\t\t\t\u0026lakeformation.PermissionsLfTagPolicyExpressionArgs{\n\t\t\t\t\t\tKey: pulumi.String(\"Environment\"),\n\t\t\t\t\t\tValues: pulumi.StringArray{\n\t\t\t\t\t\t\tpulumi.String(\"Dev\"),\n\t\t\t\t\t\t\tpulumi.String(\"Production\"),\n\t\t\t\t\t\t},\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.aws.lakeformation.Permissions;\nimport com.pulumi.aws.lakeformation.PermissionsArgs;\nimport com.pulumi.aws.lakeformation.inputs.PermissionsLfTagPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var test = new Permissions(\"test\", PermissionsArgs.builder()\n .principal(salesRole.arn())\n .permissions( \n \"CREATE_TABLE\",\n \"ALTER\",\n \"DROP\")\n .lfTagPolicy(PermissionsLfTagPolicyArgs.builder()\n .resourceType(\"DATABASE\")\n .expressions( \n PermissionsLfTagPolicyExpressionArgs.builder()\n .key(\"Team\")\n .values(\"Sales\")\n .build(),\n PermissionsLfTagPolicyExpressionArgs.builder()\n .key(\"Environment\")\n .values( \n \"Dev\",\n \"Production\")\n .build())\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n test:\n type: aws:lakeformation:Permissions\n properties:\n principal: ${salesRole.arn}\n permissions:\n - CREATE_TABLE\n - ALTER\n - DROP\n lfTagPolicy:\n resourceType: DATABASE\n expressions:\n - key: Team\n values:\n - Sales\n - key: Environment\n values:\n - Dev\n - Production\n```\n\u003c!--End PulumiCodeChooser --\u003e\n", + "description": "Grants permissions to the principal to access metadata in the Data Catalog and data organized in underlying data storage such as Amazon S3. Permissions are granted to a principal, in a Data Catalog, relative to a Lake Formation resource, which includes the Data Catalog, databases, tables, LF-tags, and LF-tag policies. For more information, see [Security and Access Control to Metadata and Data in Lake Formation](https://docs.aws.amazon.com/lake-formation/latest/dg/security-data-access.html).\n\n!\u003e **WARNING:** Lake Formation permissions are not in effect by default within AWS. Using this resource will not secure your data and will result in errors if you do not change the security settings for existing resources and the default security settings for new resources. See Default Behavior and `IAMAllowedPrincipals` for additional details.\n\n\u003e **NOTE:** In general, the `principal` should _NOT_ be a Lake Formation administrator or the entity (e.g., IAM role) that is running the deployment. Administrators have implicit permissions. These should be managed by granting or not granting administrator rights using `aws.lakeformation.DataLakeSettings`, _not_ with this resource.\n\n## Default Behavior and `IAMAllowedPrincipals`\n\n**_Lake Formation permissions are not in effect by default within AWS._** `IAMAllowedPrincipals` (i.e., `IAM_ALLOWED_PRINCIPALS`) conflicts with individual Lake Formation permissions (i.e., non-`IAMAllowedPrincipals` permissions), will cause unexpected behavior, and may result in errors.\n\nWhen using Lake Formation, choose ONE of the following options as they are mutually exclusive:\n\n1. Use this resource (`aws.lakeformation.Permissions`), change the default security settings using `aws.lakeformation.DataLakeSettings`, and remove existing `IAMAllowedPrincipals` permissions\n2. Use `IAMAllowedPrincipals` without `aws.lakeformation.Permissions`\n\nThis example shows removing the `IAMAllowedPrincipals` default security settings and making the caller a Lake Formation admin. Since `create_database_default_permissions` and `create_table_default_permissions` are not set in the `aws.lakeformation.DataLakeSettings` resource, they are cleared.\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst current = aws.getCallerIdentity({});\nconst currentGetSessionContext = current.then(current =\u003e aws.iam.getSessionContext({\n arn: current.arn,\n}));\nconst test = new aws.lakeformation.DataLakeSettings(\"test\", {admins: [currentGetSessionContext.then(currentGetSessionContext =\u003e currentGetSessionContext.issuerArn)]});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\ncurrent = aws.get_caller_identity()\ncurrent_get_session_context = aws.iam.get_session_context(arn=current.arn)\ntest = aws.lakeformation.DataLakeSettings(\"test\", admins=[current_get_session_context.issuer_arn])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var current = Aws.GetCallerIdentity.Invoke();\n\n var currentGetSessionContext = Aws.Iam.GetSessionContext.Invoke(new()\n {\n Arn = current.Apply(getCallerIdentityResult =\u003e getCallerIdentityResult.Arn),\n });\n\n var test = new Aws.LakeFormation.DataLakeSettings(\"test\", new()\n {\n Admins = new[]\n {\n currentGetSessionContext.Apply(getSessionContextResult =\u003e getSessionContextResult.IssuerArn),\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws\"\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/iam\"\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/lakeformation\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tcurrent, err := aws.GetCallerIdentity(ctx, \u0026aws.GetCallerIdentityArgs{}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tcurrentGetSessionContext, err := iam.GetSessionContext(ctx, \u0026iam.GetSessionContextArgs{\n\t\t\tArn: current.Arn,\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = lakeformation.NewDataLakeSettings(ctx, \"test\", \u0026lakeformation.DataLakeSettingsArgs{\n\t\t\tAdmins: pulumi.StringArray{\n\t\t\t\tpulumi.String(currentGetSessionContext.IssuerArn),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.aws.AwsFunctions;\nimport com.pulumi.aws.inputs.GetCallerIdentityArgs;\nimport com.pulumi.aws.iam.IamFunctions;\nimport com.pulumi.aws.iam.inputs.GetSessionContextArgs;\nimport com.pulumi.aws.lakeformation.DataLakeSettings;\nimport com.pulumi.aws.lakeformation.DataLakeSettingsArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var current = AwsFunctions.getCallerIdentity();\n\n final var currentGetSessionContext = IamFunctions.getSessionContext(GetSessionContextArgs.builder()\n .arn(current.applyValue(getCallerIdentityResult -\u003e getCallerIdentityResult.arn()))\n .build());\n\n var test = new DataLakeSettings(\"test\", DataLakeSettingsArgs.builder()\n .admins(currentGetSessionContext.applyValue(getSessionContextResult -\u003e getSessionContextResult.issuerArn()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n test:\n type: aws:lakeformation:DataLakeSettings\n properties:\n admins:\n - ${currentGetSessionContext.issuerArn}\nvariables:\n current:\n fn::invoke:\n function: aws:getCallerIdentity\n arguments: {}\n currentGetSessionContext:\n fn::invoke:\n function: aws:iam:getSessionContext\n arguments:\n arn: ${current.arn}\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\nTo remove existing `IAMAllowedPrincipals` permissions, use the [AWS Lake Formation Console](https://console.aws.amazon.com/lakeformation/) or [AWS CLI](https://awscli.amazonaws.com/v2/documentation/api/latest/reference/lakeformation/batch-revoke-permissions.html).\n\n`IAMAllowedPrincipals` is a hook to maintain backwards compatibility with AWS Glue. `IAMAllowedPrincipals` is a pseudo-entity group that acts like a Lake Formation principal. The group includes any IAM users and roles that are allowed access to your Data Catalog resources by your IAM policies.\n\nThis is Lake Formation's default behavior:\n\n* Lake Formation grants `Super` permission to `IAMAllowedPrincipals` on all existing AWS Glue Data Catalog resources.\n* Lake Formation enables \"Use only IAM access control\" for new Data Catalog resources.\n\nFor more details, see [Changing the Default Security Settings for Your Data Lake](https://docs.aws.amazon.com/lake-formation/latest/dg/change-settings.html).\n\n### Problem Using `IAMAllowedPrincipals`\n\nAWS does not support combining `IAMAllowedPrincipals` permissions and non-`IAMAllowedPrincipals` permissions. Doing so results in unexpected permissions and behaviors. For example, this configuration grants a user `SELECT` on a column in a table.\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst example = new aws.glue.CatalogDatabase(\"example\", {name: \"sadabate\"});\nconst exampleCatalogTable = new aws.glue.CatalogTable(\"example\", {\n name: \"abelt\",\n databaseName: test.name,\n storageDescriptor: {\n columns: [{\n name: \"event\",\n type: \"string\",\n }],\n },\n});\nconst examplePermissions = new aws.lakeformation.Permissions(\"example\", {\n permissions: [\"SELECT\"],\n principal: \"arn:aws:iam:us-east-1:123456789012:user/SanHolo\",\n tableWithColumns: {\n databaseName: exampleCatalogTable.databaseName,\n name: exampleCatalogTable.name,\n columnNames: [\"event\"],\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nexample = aws.glue.CatalogDatabase(\"example\", name=\"sadabate\")\nexample_catalog_table = aws.glue.CatalogTable(\"example\",\n name=\"abelt\",\n database_name=test[\"name\"],\n storage_descriptor={\n \"columns\": [{\n \"name\": \"event\",\n \"type\": \"string\",\n }],\n })\nexample_permissions = aws.lakeformation.Permissions(\"example\",\n permissions=[\"SELECT\"],\n principal=\"arn:aws:iam:us-east-1:123456789012:user/SanHolo\",\n table_with_columns={\n \"database_name\": example_catalog_table.database_name,\n \"name\": example_catalog_table.name,\n \"column_names\": [\"event\"],\n })\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var example = new Aws.Glue.CatalogDatabase(\"example\", new()\n {\n Name = \"sadabate\",\n });\n\n var exampleCatalogTable = new Aws.Glue.CatalogTable(\"example\", new()\n {\n Name = \"abelt\",\n DatabaseName = test.Name,\n StorageDescriptor = new Aws.Glue.Inputs.CatalogTableStorageDescriptorArgs\n {\n Columns = new[]\n {\n new Aws.Glue.Inputs.CatalogTableStorageDescriptorColumnArgs\n {\n Name = \"event\",\n Type = \"string\",\n },\n },\n },\n });\n\n var examplePermissions = new Aws.LakeFormation.Permissions(\"example\", new()\n {\n PermissionDetails = new[]\n {\n \"SELECT\",\n },\n Principal = \"arn:aws:iam:us-east-1:123456789012:user/SanHolo\",\n TableWithColumns = new Aws.LakeFormation.Inputs.PermissionsTableWithColumnsArgs\n {\n DatabaseName = exampleCatalogTable.DatabaseName,\n Name = exampleCatalogTable.Name,\n ColumnNames = new[]\n {\n \"event\",\n },\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/glue\"\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/lakeformation\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := glue.NewCatalogDatabase(ctx, \"example\", \u0026glue.CatalogDatabaseArgs{\n\t\t\tName: pulumi.String(\"sadabate\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\texampleCatalogTable, err := glue.NewCatalogTable(ctx, \"example\", \u0026glue.CatalogTableArgs{\n\t\t\tName: pulumi.String(\"abelt\"),\n\t\t\tDatabaseName: pulumi.Any(test.Name),\n\t\t\tStorageDescriptor: \u0026glue.CatalogTableStorageDescriptorArgs{\n\t\t\t\tColumns: glue.CatalogTableStorageDescriptorColumnArray{\n\t\t\t\t\t\u0026glue.CatalogTableStorageDescriptorColumnArgs{\n\t\t\t\t\t\tName: pulumi.String(\"event\"),\n\t\t\t\t\t\tType: pulumi.String(\"string\"),\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = lakeformation.NewPermissions(ctx, \"example\", \u0026lakeformation.PermissionsArgs{\n\t\t\tPermissions: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"SELECT\"),\n\t\t\t},\n\t\t\tPrincipal: pulumi.String(\"arn:aws:iam:us-east-1:123456789012:user/SanHolo\"),\n\t\t\tTableWithColumns: \u0026lakeformation.PermissionsTableWithColumnsArgs{\n\t\t\t\tDatabaseName: exampleCatalogTable.DatabaseName,\n\t\t\t\tName: exampleCatalogTable.Name,\n\t\t\t\tColumnNames: pulumi.StringArray{\n\t\t\t\t\tpulumi.String(\"event\"),\n\t\t\t\t},\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.aws.glue.CatalogDatabase;\nimport com.pulumi.aws.glue.CatalogDatabaseArgs;\nimport com.pulumi.aws.glue.CatalogTable;\nimport com.pulumi.aws.glue.CatalogTableArgs;\nimport com.pulumi.aws.glue.inputs.CatalogTableStorageDescriptorArgs;\nimport com.pulumi.aws.lakeformation.Permissions;\nimport com.pulumi.aws.lakeformation.PermissionsArgs;\nimport com.pulumi.aws.lakeformation.inputs.PermissionsTableWithColumnsArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var example = new CatalogDatabase(\"example\", CatalogDatabaseArgs.builder()\n .name(\"sadabate\")\n .build());\n\n var exampleCatalogTable = new CatalogTable(\"exampleCatalogTable\", CatalogTableArgs.builder()\n .name(\"abelt\")\n .databaseName(test.name())\n .storageDescriptor(CatalogTableStorageDescriptorArgs.builder()\n .columns(CatalogTableStorageDescriptorColumnArgs.builder()\n .name(\"event\")\n .type(\"string\")\n .build())\n .build())\n .build());\n\n var examplePermissions = new Permissions(\"examplePermissions\", PermissionsArgs.builder()\n .permissions(\"SELECT\")\n .principal(\"arn:aws:iam:us-east-1:123456789012:user/SanHolo\")\n .tableWithColumns(PermissionsTableWithColumnsArgs.builder()\n .databaseName(exampleCatalogTable.databaseName())\n .name(exampleCatalogTable.name())\n .columnNames(\"event\")\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n example:\n type: aws:glue:CatalogDatabase\n properties:\n name: sadabate\n exampleCatalogTable:\n type: aws:glue:CatalogTable\n name: example\n properties:\n name: abelt\n databaseName: ${test.name}\n storageDescriptor:\n columns:\n - name: event\n type: string\n examplePermissions:\n type: aws:lakeformation:Permissions\n name: example\n properties:\n permissions:\n - SELECT\n principal: arn:aws:iam:us-east-1:123456789012:user/SanHolo\n tableWithColumns:\n databaseName: ${exampleCatalogTable.databaseName}\n name: ${exampleCatalogTable.name}\n columnNames:\n - event\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\nThe resulting permissions depend on whether the table had `IAMAllowedPrincipals` (IAP) permissions or not.\n\n| Result With IAP | Result Without IAP |\n| ---- | ---- |\n| `SELECT` column wildcard (i.e., all columns) | `SELECT` on `\"event\"` (as expected) |\n\n## `ALLIAMPrincipals` group\n\nAllIAMPrincipals is a pseudo-entity group that acts like a Lake Formation principal. The group includes all IAMs in the account that is defined.\n\nresource \"aws.lakeformation.Permissions\" \"example\" {\n permissions = [\"SELECT\"]\n principal = \"123456789012:IAMPrincipals\"\n\n table_with_columns {\n database_name = aws_glue_catalog_table.example.database_name\n name = aws_glue_catalog_table.example.name\n column_names = [\"event\"]\n }\n}\n\n## Using Lake Formation Permissions\n\nLake Formation grants implicit permissions to data lake administrators, database creators, and table creators. These implicit permissions cannot be revoked _per se_. If this resource reads implicit permissions, it will attempt to revoke them, which causes an error when the resource is destroyed.\n\nThere are two ways to avoid these errors. First, and the way we recommend, is to avoid using this resource with principals that have implicit permissions. A second, error-prone option, is to grant explicit permissions (and `permissions_with_grant_option`) to \"overwrite\" a principal's implicit permissions, which you can then revoke with this resource. For more information, see [Implicit Lake Formation Permissions](https://docs.aws.amazon.com/lake-formation/latest/dg/implicit-permissions.html).\n\nIf the `principal` is also a data lake administrator, AWS grants implicit permissions that can cause errors using this resource. For example, AWS implicitly grants a `principal`/administrator `permissions` and `permissions_with_grant_option` of `ALL`, `ALTER`, `DELETE`, `DESCRIBE`, `DROP`, `INSERT`, and `SELECT` on a table. If you use this resource to explicitly grant the `principal`/administrator `permissions` but _not_ `permissions_with_grant_option` of `ALL`, `ALTER`, `DELETE`, `DESCRIBE`, `DROP`, `INSERT`, and `SELECT` on the table, this resource will read the implicit `permissions_with_grant_option` and attempt to revoke them when the resource is destroyed. Doing so will cause an `InvalidInputException: No permissions revoked` error because you cannot revoke implicit permissions _per se_. To workaround this problem, explicitly grant the `principal`/administrator `permissions` _and_ `permissions_with_grant_option`, which can then be revoked. Similarly, granting a `principal`/administrator permissions on a table with columns and providing `column_names`, will result in a `InvalidInputException: Permissions modification is invalid` error because you are narrowing the implicit permissions. Instead, set `wildcard` to `true` and remove the `column_names`.\n\n## Example Usage\n\n### Grant Permissions For A Lake Formation S3 Resource\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst example = new aws.lakeformation.Permissions(\"example\", {\n principal: workflowRole.arn,\n permissions: [\"DATA_LOCATION_ACCESS\"],\n dataLocation: {\n arn: exampleAwsLakeformationResource.arn,\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nexample = aws.lakeformation.Permissions(\"example\",\n principal=workflow_role[\"arn\"],\n permissions=[\"DATA_LOCATION_ACCESS\"],\n data_location={\n \"arn\": example_aws_lakeformation_resource[\"arn\"],\n })\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var example = new Aws.LakeFormation.Permissions(\"example\", new()\n {\n Principal = workflowRole.Arn,\n PermissionDetails = new[]\n {\n \"DATA_LOCATION_ACCESS\",\n },\n DataLocation = new Aws.LakeFormation.Inputs.PermissionsDataLocationArgs\n {\n Arn = exampleAwsLakeformationResource.Arn,\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/lakeformation\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := lakeformation.NewPermissions(ctx, \"example\", \u0026lakeformation.PermissionsArgs{\n\t\t\tPrincipal: pulumi.Any(workflowRole.Arn),\n\t\t\tPermissions: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"DATA_LOCATION_ACCESS\"),\n\t\t\t},\n\t\t\tDataLocation: \u0026lakeformation.PermissionsDataLocationArgs{\n\t\t\t\tArn: pulumi.Any(exampleAwsLakeformationResource.Arn),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.aws.lakeformation.Permissions;\nimport com.pulumi.aws.lakeformation.PermissionsArgs;\nimport com.pulumi.aws.lakeformation.inputs.PermissionsDataLocationArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var example = new Permissions(\"example\", PermissionsArgs.builder()\n .principal(workflowRole.arn())\n .permissions(\"DATA_LOCATION_ACCESS\")\n .dataLocation(PermissionsDataLocationArgs.builder()\n .arn(exampleAwsLakeformationResource.arn())\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n example:\n type: aws:lakeformation:Permissions\n properties:\n principal: ${workflowRole.arn}\n permissions:\n - DATA_LOCATION_ACCESS\n dataLocation:\n arn: ${exampleAwsLakeformationResource.arn}\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n### Grant Permissions For A Glue Catalog Database\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst example = new aws.lakeformation.Permissions(\"example\", {\n principal: workflowRole.arn,\n permissions: [\n \"CREATE_TABLE\",\n \"ALTER\",\n \"DROP\",\n ],\n database: {\n name: exampleAwsGlueCatalogDatabase.name,\n catalogId: \"110376042874\",\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nexample = aws.lakeformation.Permissions(\"example\",\n principal=workflow_role[\"arn\"],\n permissions=[\n \"CREATE_TABLE\",\n \"ALTER\",\n \"DROP\",\n ],\n database={\n \"name\": example_aws_glue_catalog_database[\"name\"],\n \"catalog_id\": \"110376042874\",\n })\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var example = new Aws.LakeFormation.Permissions(\"example\", new()\n {\n Principal = workflowRole.Arn,\n PermissionDetails = new[]\n {\n \"CREATE_TABLE\",\n \"ALTER\",\n \"DROP\",\n },\n Database = new Aws.LakeFormation.Inputs.PermissionsDatabaseArgs\n {\n Name = exampleAwsGlueCatalogDatabase.Name,\n CatalogId = \"110376042874\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/lakeformation\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := lakeformation.NewPermissions(ctx, \"example\", \u0026lakeformation.PermissionsArgs{\n\t\t\tPrincipal: pulumi.Any(workflowRole.Arn),\n\t\t\tPermissions: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"CREATE_TABLE\"),\n\t\t\t\tpulumi.String(\"ALTER\"),\n\t\t\t\tpulumi.String(\"DROP\"),\n\t\t\t},\n\t\t\tDatabase: \u0026lakeformation.PermissionsDatabaseArgs{\n\t\t\t\tName: pulumi.Any(exampleAwsGlueCatalogDatabase.Name),\n\t\t\t\tCatalogId: pulumi.String(\"110376042874\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.aws.lakeformation.Permissions;\nimport com.pulumi.aws.lakeformation.PermissionsArgs;\nimport com.pulumi.aws.lakeformation.inputs.PermissionsDatabaseArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var example = new Permissions(\"example\", PermissionsArgs.builder()\n .principal(workflowRole.arn())\n .permissions( \n \"CREATE_TABLE\",\n \"ALTER\",\n \"DROP\")\n .database(PermissionsDatabaseArgs.builder()\n .name(exampleAwsGlueCatalogDatabase.name())\n .catalogId(\"110376042874\")\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n example:\n type: aws:lakeformation:Permissions\n properties:\n principal: ${workflowRole.arn}\n permissions:\n - CREATE_TABLE\n - ALTER\n - DROP\n database:\n name: ${exampleAwsGlueCatalogDatabase.name}\n catalogId: '110376042874'\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n### Grant Permissions Using Tag-Based Access Control\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst test = new aws.lakeformation.Permissions(\"test\", {\n principal: salesRole.arn,\n permissions: [\n \"CREATE_TABLE\",\n \"ALTER\",\n \"DROP\",\n ],\n lfTagPolicy: {\n resourceType: \"DATABASE\",\n expressions: [\n {\n key: \"Team\",\n values: [\"Sales\"],\n },\n {\n key: \"Environment\",\n values: [\n \"Dev\",\n \"Production\",\n ],\n },\n ],\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\ntest = aws.lakeformation.Permissions(\"test\",\n principal=sales_role[\"arn\"],\n permissions=[\n \"CREATE_TABLE\",\n \"ALTER\",\n \"DROP\",\n ],\n lf_tag_policy={\n \"resource_type\": \"DATABASE\",\n \"expressions\": [\n {\n \"key\": \"Team\",\n \"values\": [\"Sales\"],\n },\n {\n \"key\": \"Environment\",\n \"values\": [\n \"Dev\",\n \"Production\",\n ],\n },\n ],\n })\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var test = new Aws.LakeFormation.Permissions(\"test\", new()\n {\n Principal = salesRole.Arn,\n PermissionDetails = new[]\n {\n \"CREATE_TABLE\",\n \"ALTER\",\n \"DROP\",\n },\n LfTagPolicy = new Aws.LakeFormation.Inputs.PermissionsLfTagPolicyArgs\n {\n ResourceType = \"DATABASE\",\n Expressions = new[]\n {\n new Aws.LakeFormation.Inputs.PermissionsLfTagPolicyExpressionArgs\n {\n Key = \"Team\",\n Values = new[]\n {\n \"Sales\",\n },\n },\n new Aws.LakeFormation.Inputs.PermissionsLfTagPolicyExpressionArgs\n {\n Key = \"Environment\",\n Values = new[]\n {\n \"Dev\",\n \"Production\",\n },\n },\n },\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/lakeformation\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := lakeformation.NewPermissions(ctx, \"test\", \u0026lakeformation.PermissionsArgs{\n\t\t\tPrincipal: pulumi.Any(salesRole.Arn),\n\t\t\tPermissions: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"CREATE_TABLE\"),\n\t\t\t\tpulumi.String(\"ALTER\"),\n\t\t\t\tpulumi.String(\"DROP\"),\n\t\t\t},\n\t\t\tLfTagPolicy: \u0026lakeformation.PermissionsLfTagPolicyArgs{\n\t\t\t\tResourceType: pulumi.String(\"DATABASE\"),\n\t\t\t\tExpressions: lakeformation.PermissionsLfTagPolicyExpressionArray{\n\t\t\t\t\t\u0026lakeformation.PermissionsLfTagPolicyExpressionArgs{\n\t\t\t\t\t\tKey: pulumi.String(\"Team\"),\n\t\t\t\t\t\tValues: pulumi.StringArray{\n\t\t\t\t\t\t\tpulumi.String(\"Sales\"),\n\t\t\t\t\t\t},\n\t\t\t\t\t},\n\t\t\t\t\t\u0026lakeformation.PermissionsLfTagPolicyExpressionArgs{\n\t\t\t\t\t\tKey: pulumi.String(\"Environment\"),\n\t\t\t\t\t\tValues: pulumi.StringArray{\n\t\t\t\t\t\t\tpulumi.String(\"Dev\"),\n\t\t\t\t\t\t\tpulumi.String(\"Production\"),\n\t\t\t\t\t\t},\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.aws.lakeformation.Permissions;\nimport com.pulumi.aws.lakeformation.PermissionsArgs;\nimport com.pulumi.aws.lakeformation.inputs.PermissionsLfTagPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var test = new Permissions(\"test\", PermissionsArgs.builder()\n .principal(salesRole.arn())\n .permissions( \n \"CREATE_TABLE\",\n \"ALTER\",\n \"DROP\")\n .lfTagPolicy(PermissionsLfTagPolicyArgs.builder()\n .resourceType(\"DATABASE\")\n .expressions( \n PermissionsLfTagPolicyExpressionArgs.builder()\n .key(\"Team\")\n .values(\"Sales\")\n .build(),\n PermissionsLfTagPolicyExpressionArgs.builder()\n .key(\"Environment\")\n .values( \n \"Dev\",\n \"Production\")\n .build())\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n test:\n type: aws:lakeformation:Permissions\n properties:\n principal: ${salesRole.arn}\n permissions:\n - CREATE_TABLE\n - ALTER\n - DROP\n lfTagPolicy:\n resourceType: DATABASE\n expressions:\n - key: Team\n values:\n - Sales\n - key: Environment\n values:\n - Dev\n - Production\n```\n\u003c!--End PulumiCodeChooser --\u003e\n", "properties": { "catalogId": { "type": "string", @@ -306364,6 +306810,10 @@ "type": "string", "description": "Specifies the weekly time range during which maintenance on the cluster is performed. Specify as a range in the format `ddd:hh24:mi-ddd:hh24:mi` (24H Clock UTC). The minimum maintenance window is a 60 minute period. Example: `sun:23:00-mon:01:30`.\n" }, + "multiRegionClusterName": { + "type": "string", + "description": "The multi region cluster identifier specified on `aws.memorydb.MultiRegionCluster`.\n" + }, "name": { "type": "string", "description": "Name of the cluster. If omitted, the provider will assign a random, unique name. Conflicts with `name_prefix`.\n" @@ -306512,6 +306962,11 @@ "type": "string", "description": "Specifies the weekly time range during which maintenance on the cluster is performed. Specify as a range in the format `ddd:hh24:mi-ddd:hh24:mi` (24H Clock UTC). The minimum maintenance window is a 60 minute period. Example: `sun:23:00-mon:01:30`.\n" }, + "multiRegionClusterName": { + "type": "string", + "description": "The multi region cluster identifier specified on `aws.memorydb.MultiRegionCluster`.\n", + "willReplaceOnChanges": true + }, "name": { "type": "string", "description": "Name of the cluster. If omitted, the provider will assign a random, unique name. Conflicts with `name_prefix`.\n", @@ -306653,6 +307108,11 @@ "type": "string", "description": "Specifies the weekly time range during which maintenance on the cluster is performed. Specify as a range in the format `ddd:hh24:mi-ddd:hh24:mi` (24H Clock UTC). The minimum maintenance window is a 60 minute period. Example: `sun:23:00-mon:01:30`.\n" }, + "multiRegionClusterName": { + "type": "string", + "description": "The multi region cluster identifier specified on `aws.memorydb.MultiRegionCluster`.\n", + "willReplaceOnChanges": true + }, "name": { "type": "string", "description": "Name of the cluster. If omitted, the provider will assign a random, unique name. Conflicts with `name_prefix`.\n", @@ -306752,6 +307212,209 @@ "type": "object" } }, + "aws:memorydb/multiRegionCluster:MultiRegionCluster": { + "description": "Provides a MemoryDB Multi Region Cluster.\n\nMore information about MemoryDB can be found in the [Developer Guide](https://docs.aws.amazon.com/memorydb/latest/devguide/what-is-memorydb-for-redis.html).\n\n## Example Usage\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst example = new aws.memorydb.MultiRegionCluster(\"example\", {\n multiRegionClusterNameSuffix: \"example\",\n nodeType: \"db.r7g.xlarge\",\n});\nconst exampleCluster = new aws.memorydb.Cluster(\"example\", {\n aclName: exampleAwsMemorydbAcl.id,\n autoMinorVersionUpgrade: false,\n name: \"example\",\n nodeType: \"db.t4g.small\",\n numShards: 2,\n securityGroupIds: [exampleAwsSecurityGroup.id],\n snapshotRetentionLimit: 7,\n subnetGroupName: exampleAwsMemorydbSubnetGroup.id,\n multiRegionClusterName: example.multiRegionClusterName,\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nexample = aws.memorydb.MultiRegionCluster(\"example\",\n multi_region_cluster_name_suffix=\"example\",\n node_type=\"db.r7g.xlarge\")\nexample_cluster = aws.memorydb.Cluster(\"example\",\n acl_name=example_aws_memorydb_acl[\"id\"],\n auto_minor_version_upgrade=False,\n name=\"example\",\n node_type=\"db.t4g.small\",\n num_shards=2,\n security_group_ids=[example_aws_security_group[\"id\"]],\n snapshot_retention_limit=7,\n subnet_group_name=example_aws_memorydb_subnet_group[\"id\"],\n multi_region_cluster_name=example.multi_region_cluster_name)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var example = new Aws.MemoryDb.MultiRegionCluster(\"example\", new()\n {\n MultiRegionClusterNameSuffix = \"example\",\n NodeType = \"db.r7g.xlarge\",\n });\n\n var exampleCluster = new Aws.MemoryDb.Cluster(\"example\", new()\n {\n AclName = exampleAwsMemorydbAcl.Id,\n AutoMinorVersionUpgrade = false,\n Name = \"example\",\n NodeType = \"db.t4g.small\",\n NumShards = 2,\n SecurityGroupIds = new[]\n {\n exampleAwsSecurityGroup.Id,\n },\n SnapshotRetentionLimit = 7,\n SubnetGroupName = exampleAwsMemorydbSubnetGroup.Id,\n MultiRegionClusterName = example.MultiRegionClusterName,\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/memorydb\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\texample, err := memorydb.NewMultiRegionCluster(ctx, \"example\", \u0026memorydb.MultiRegionClusterArgs{\n\t\t\tMultiRegionClusterNameSuffix: pulumi.String(\"example\"),\n\t\t\tNodeType: pulumi.String(\"db.r7g.xlarge\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = memorydb.NewCluster(ctx, \"example\", \u0026memorydb.ClusterArgs{\n\t\t\tAclName: pulumi.Any(exampleAwsMemorydbAcl.Id),\n\t\t\tAutoMinorVersionUpgrade: pulumi.Bool(false),\n\t\t\tName: pulumi.String(\"example\"),\n\t\t\tNodeType: pulumi.String(\"db.t4g.small\"),\n\t\t\tNumShards: pulumi.Int(2),\n\t\t\tSecurityGroupIds: pulumi.StringArray{\n\t\t\t\texampleAwsSecurityGroup.Id,\n\t\t\t},\n\t\t\tSnapshotRetentionLimit: pulumi.Int(7),\n\t\t\tSubnetGroupName: pulumi.Any(exampleAwsMemorydbSubnetGroup.Id),\n\t\t\tMultiRegionClusterName: example.MultiRegionClusterName,\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.aws.memorydb.MultiRegionCluster;\nimport com.pulumi.aws.memorydb.MultiRegionClusterArgs;\nimport com.pulumi.aws.memorydb.Cluster;\nimport com.pulumi.aws.memorydb.ClusterArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var example = new MultiRegionCluster(\"example\", MultiRegionClusterArgs.builder()\n .multiRegionClusterNameSuffix(\"example\")\n .nodeType(\"db.r7g.xlarge\")\n .build());\n\n var exampleCluster = new Cluster(\"exampleCluster\", ClusterArgs.builder()\n .aclName(exampleAwsMemorydbAcl.id())\n .autoMinorVersionUpgrade(false)\n .name(\"example\")\n .nodeType(\"db.t4g.small\")\n .numShards(2)\n .securityGroupIds(exampleAwsSecurityGroup.id())\n .snapshotRetentionLimit(7)\n .subnetGroupName(exampleAwsMemorydbSubnetGroup.id())\n .multiRegionClusterName(example.multiRegionClusterName())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n example:\n type: aws:memorydb:MultiRegionCluster\n properties:\n multiRegionClusterNameSuffix: example\n nodeType: db.r7g.xlarge\n exampleCluster:\n type: aws:memorydb:Cluster\n name: example\n properties:\n aclName: ${exampleAwsMemorydbAcl.id}\n autoMinorVersionUpgrade: false\n name: example\n nodeType: db.t4g.small\n numShards: 2\n securityGroupIds:\n - ${exampleAwsSecurityGroup.id}\n snapshotRetentionLimit: 7\n subnetGroupName: ${exampleAwsMemorydbSubnetGroup.id}\n multiRegionClusterName: ${example.multiRegionClusterName}\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nUsing `pulumi import`, import a cluster using the `multi_region_cluster_name`. For example:\n\n```sh\n$ pulumi import aws:memorydb/multiRegionCluster:MultiRegionCluster example virxk-example\n```\n", + "properties": { + "arn": { + "type": "string", + "description": "The ARN of the multi-region cluster.\n" + }, + "description": { + "type": "string", + "description": "description for the multi-region cluster.\n" + }, + "engine": { + "type": "string", + "description": "The name of the engine to be used for the multi-region cluster. Valid values are `redis` and `valkey`.\n" + }, + "engineVersion": { + "type": "string", + "description": "The version of the engine to be used for the multi-region cluster. Downgrades are not supported.\n" + }, + "multiRegionClusterName": { + "type": "string", + "description": "The name of the multi-region cluster.\n" + }, + "multiRegionClusterNameSuffix": { + "type": "string", + "description": "A suffix to be added to the multi-region cluster name. An AWS generated prefix is automatically applied to the multi-region cluster name when it is created.\n" + }, + "multiRegionParameterGroupName": { + "type": "string", + "description": "The name of the multi-region parameter group to be associated with the cluster.\n" + }, + "nodeType": { + "type": "string", + "description": "The node type to be used for the multi-region cluster.\n\nThe following arguments are optional:\n" + }, + "numShards": { + "type": "integer", + "description": "The number of shards for the multi-region cluster.\n" + }, + "status": { + "type": "string" + }, + "tags": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "A map of tags to assign to the resource. If configured with a provider `default_tags` configuration block present, tags with matching keys will overwrite those defined at the provider-level.\n" + }, + "tagsAll": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "A map of tags assigned to the resource, including those inherited from the provider `default_tags` configuration block.\n", + "deprecationMessage": "Please use `tags` instead." + }, + "timeouts": { + "$ref": "#/types/aws:memorydb/MultiRegionClusterTimeouts:MultiRegionClusterTimeouts" + }, + "tlsEnabled": { + "type": "boolean", + "description": "A flag to enable in-transit encryption on the cluster.\n" + }, + "updateStrategy": { + "type": "string" + } + }, + "required": [ + "arn", + "engine", + "engineVersion", + "multiRegionClusterName", + "multiRegionClusterNameSuffix", + "multiRegionParameterGroupName", + "nodeType", + "numShards", + "status", + "tagsAll", + "tlsEnabled" + ], + "inputProperties": { + "description": { + "type": "string", + "description": "description for the multi-region cluster.\n" + }, + "engine": { + "type": "string", + "description": "The name of the engine to be used for the multi-region cluster. Valid values are `redis` and `valkey`.\n" + }, + "engineVersion": { + "type": "string", + "description": "The version of the engine to be used for the multi-region cluster. Downgrades are not supported.\n" + }, + "multiRegionClusterNameSuffix": { + "type": "string", + "description": "A suffix to be added to the multi-region cluster name. An AWS generated prefix is automatically applied to the multi-region cluster name when it is created.\n" + }, + "multiRegionParameterGroupName": { + "type": "string", + "description": "The name of the multi-region parameter group to be associated with the cluster.\n" + }, + "nodeType": { + "type": "string", + "description": "The node type to be used for the multi-region cluster.\n\nThe following arguments are optional:\n" + }, + "numShards": { + "type": "integer", + "description": "The number of shards for the multi-region cluster.\n" + }, + "tags": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "A map of tags to assign to the resource. If configured with a provider `default_tags` configuration block present, tags with matching keys will overwrite those defined at the provider-level.\n" + }, + "timeouts": { + "$ref": "#/types/aws:memorydb/MultiRegionClusterTimeouts:MultiRegionClusterTimeouts" + }, + "tlsEnabled": { + "type": "boolean", + "description": "A flag to enable in-transit encryption on the cluster.\n" + }, + "updateStrategy": { + "type": "string" + } + }, + "requiredInputs": [ + "multiRegionClusterNameSuffix", + "nodeType" + ], + "stateInputs": { + "description": "Input properties used for looking up and filtering MultiRegionCluster resources.\n", + "properties": { + "arn": { + "type": "string", + "description": "The ARN of the multi-region cluster.\n" + }, + "description": { + "type": "string", + "description": "description for the multi-region cluster.\n" + }, + "engine": { + "type": "string", + "description": "The name of the engine to be used for the multi-region cluster. Valid values are `redis` and `valkey`.\n" + }, + "engineVersion": { + "type": "string", + "description": "The version of the engine to be used for the multi-region cluster. Downgrades are not supported.\n" + }, + "multiRegionClusterName": { + "type": "string", + "description": "The name of the multi-region cluster.\n" + }, + "multiRegionClusterNameSuffix": { + "type": "string", + "description": "A suffix to be added to the multi-region cluster name. An AWS generated prefix is automatically applied to the multi-region cluster name when it is created.\n" + }, + "multiRegionParameterGroupName": { + "type": "string", + "description": "The name of the multi-region parameter group to be associated with the cluster.\n" + }, + "nodeType": { + "type": "string", + "description": "The node type to be used for the multi-region cluster.\n\nThe following arguments are optional:\n" + }, + "numShards": { + "type": "integer", + "description": "The number of shards for the multi-region cluster.\n" + }, + "status": { + "type": "string" + }, + "tags": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "A map of tags to assign to the resource. If configured with a provider `default_tags` configuration block present, tags with matching keys will overwrite those defined at the provider-level.\n" + }, + "tagsAll": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "A map of tags assigned to the resource, including those inherited from the provider `default_tags` configuration block.\n", + "deprecationMessage": "Please use `tags` instead." + }, + "timeouts": { + "$ref": "#/types/aws:memorydb/MultiRegionClusterTimeouts:MultiRegionClusterTimeouts" + }, + "tlsEnabled": { + "type": "boolean", + "description": "A flag to enable in-transit encryption on the cluster.\n" + }, + "updateStrategy": { + "type": "string" + } + }, + "type": "object" + } + }, "aws:memorydb/parameterGroup:ParameterGroup": { "description": "Provides a MemoryDB Parameter Group.\n\nMore information about parameter groups can be found in the [MemoryDB User Guide](https://docs.aws.amazon.com/memorydb/latest/devguide/parametergroups.html).\n\n## Example Usage\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst example = new aws.memorydb.ParameterGroup(\"example\", {\n name: \"my-parameter-group\",\n family: \"memorydb_redis6\",\n parameters: [{\n name: \"activedefrag\",\n value: \"yes\",\n }],\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nexample = aws.memorydb.ParameterGroup(\"example\",\n name=\"my-parameter-group\",\n family=\"memorydb_redis6\",\n parameters=[{\n \"name\": \"activedefrag\",\n \"value\": \"yes\",\n }])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var example = new Aws.MemoryDb.ParameterGroup(\"example\", new()\n {\n Name = \"my-parameter-group\",\n Family = \"memorydb_redis6\",\n Parameters = new[]\n {\n new Aws.MemoryDb.Inputs.ParameterGroupParameterArgs\n {\n Name = \"activedefrag\",\n Value = \"yes\",\n },\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/memorydb\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := memorydb.NewParameterGroup(ctx, \"example\", \u0026memorydb.ParameterGroupArgs{\n\t\t\tName: pulumi.String(\"my-parameter-group\"),\n\t\t\tFamily: pulumi.String(\"memorydb_redis6\"),\n\t\t\tParameters: memorydb.ParameterGroupParameterArray{\n\t\t\t\t\u0026memorydb.ParameterGroupParameterArgs{\n\t\t\t\t\tName: pulumi.String(\"activedefrag\"),\n\t\t\t\t\tValue: pulumi.String(\"yes\"),\n\t\t\t\t},\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.aws.memorydb.ParameterGroup;\nimport com.pulumi.aws.memorydb.ParameterGroupArgs;\nimport com.pulumi.aws.memorydb.inputs.ParameterGroupParameterArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var example = new ParameterGroup(\"example\", ParameterGroupArgs.builder()\n .name(\"my-parameter-group\")\n .family(\"memorydb_redis6\")\n .parameters(ParameterGroupParameterArgs.builder()\n .name(\"activedefrag\")\n .value(\"yes\")\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n example:\n type: aws:memorydb:ParameterGroup\n properties:\n name: my-parameter-group\n family: memorydb_redis6\n parameters:\n - name: activedefrag\n value: yes\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nUsing `pulumi import`, import a parameter group using the `name`. For example:\n\n```sh\n$ pulumi import aws:memorydb/parameterGroup:ParameterGroup example my-parameter-group\n```\n", "properties": { @@ -312704,7 +313367,14 @@ }, "edgeLocation": { "type": "string", - "description": "The Region where the edge is located.\n" + "description": "The Region where the edge is located. This is returned for all attachment types except a Direct Connect gateway attachment, which instead returns `edge_locations`.\n" + }, + "edgeLocations": { + "type": "array", + "items": { + "type": "string" + }, + "description": "The edge locations that the Direct Connect gateway is associated with. This is returned only for Direct Connect gateway attachments. All other attachment types return `edge_location`\n" }, "ownerAccountId": { "type": "string", @@ -312730,6 +313400,7 @@ "coreNetworkArn", "coreNetworkId", "edgeLocation", + "edgeLocations", "ownerAccountId", "resourceArn", "segmentName", @@ -312778,7 +313449,14 @@ }, "edgeLocation": { "type": "string", - "description": "The Region where the edge is located.\n" + "description": "The Region where the edge is located. This is returned for all attachment types except a Direct Connect gateway attachment, which instead returns `edge_locations`.\n" + }, + "edgeLocations": { + "type": "array", + "items": { + "type": "string" + }, + "description": "The edge locations that the Direct Connect gateway is associated with. This is returned only for Direct Connect gateway attachments. All other attachment types return `edge_location`\n" }, "ownerAccountId": { "type": "string", @@ -313870,6 +314548,182 @@ "type": "object" } }, + "aws:networkmanager/dxGatewayAttachment:DxGatewayAttachment": { + "description": "Resource for managing an AWS Network Manager Direct Connect (DX) Gateway Attachment.\n\n## Example Usage\n\n### Basic Usage\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst test = new aws.networkmanager.DxGatewayAttachment(\"test\", {\n coreNetworkId: testAwsNetworkmanagerCoreNetworkPolicyAttachment.coreNetworkId,\n directConnectGatewayArn: `arn:aws:directconnect::${current.accountId}:dx-gateway/${testAwsDxGateway.id}`,\n edgeLocations: [currentAwsRegion.name],\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\ntest = aws.networkmanager.DxGatewayAttachment(\"test\",\n core_network_id=test_aws_networkmanager_core_network_policy_attachment[\"coreNetworkId\"],\n direct_connect_gateway_arn=f\"arn:aws:directconnect::{current['accountId']}:dx-gateway/{test_aws_dx_gateway['id']}\",\n edge_locations=[current_aws_region[\"name\"]])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var test = new Aws.NetworkManager.DxGatewayAttachment(\"test\", new()\n {\n CoreNetworkId = testAwsNetworkmanagerCoreNetworkPolicyAttachment.CoreNetworkId,\n DirectConnectGatewayArn = $\"arn:aws:directconnect::{current.AccountId}:dx-gateway/{testAwsDxGateway.Id}\",\n EdgeLocations = new[]\n {\n currentAwsRegion.Name,\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"fmt\"\n\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/networkmanager\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := networkmanager.NewDxGatewayAttachment(ctx, \"test\", \u0026networkmanager.DxGatewayAttachmentArgs{\n\t\t\tCoreNetworkId: pulumi.Any(testAwsNetworkmanagerCoreNetworkPolicyAttachment.CoreNetworkId),\n\t\t\tDirectConnectGatewayArn: pulumi.Sprintf(\"arn:aws:directconnect::%v:dx-gateway/%v\", current.AccountId, testAwsDxGateway.Id),\n\t\t\tEdgeLocations: pulumi.StringArray{\n\t\t\t\tcurrentAwsRegion.Name,\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.aws.networkmanager.DxGatewayAttachment;\nimport com.pulumi.aws.networkmanager.DxGatewayAttachmentArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var test = new DxGatewayAttachment(\"test\", DxGatewayAttachmentArgs.builder()\n .coreNetworkId(testAwsNetworkmanagerCoreNetworkPolicyAttachment.coreNetworkId())\n .directConnectGatewayArn(String.format(\"arn:aws:directconnect::%s:dx-gateway/%s\", current.accountId(),testAwsDxGateway.id()))\n .edgeLocations(currentAwsRegion.name())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n test:\n type: aws:networkmanager:DxGatewayAttachment\n properties:\n coreNetworkId: ${testAwsNetworkmanagerCoreNetworkPolicyAttachment.coreNetworkId}\n directConnectGatewayArn: arn:aws:directconnect::${current.accountId}:dx-gateway/${testAwsDxGateway.id}\n edgeLocations:\n - ${currentAwsRegion.name}\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nUsing `pulumi import`, import Network Manager DX Gateway Attachment using the `id`. For example:\n\n```sh\n$ pulumi import aws:networkmanager/dxGatewayAttachment:DxGatewayAttachment example attachment-1a2b3c4d5e6f7g\n```\n", + "properties": { + "arn": { + "type": "string" + }, + "attachmentPolicyRuleNumber": { + "type": "integer", + "description": "Policy rule number associated with the attachment.\n" + }, + "attachmentType": { + "type": "string", + "description": "Type of attachment.\n" + }, + "coreNetworkArn": { + "type": "string", + "description": "ARN of the core network for the attachment.\n" + }, + "coreNetworkId": { + "type": "string", + "description": "ID of the Cloud WAN core network to which the Direct Connect gateway attachment should be attached.\n" + }, + "directConnectGatewayArn": { + "type": "string", + "description": "ARN of the Direct Connect gateway attachment.\n" + }, + "edgeLocations": { + "type": "array", + "items": { + "type": "string" + }, + "description": "One or more core network edge locations to associate with the Direct Connect gateway attachment.\n\nThe following arguments are optional:\n" + }, + "ownerAccountId": { + "type": "string", + "description": "ID of the attachment account owner.\n" + }, + "segmentName": { + "type": "string", + "description": "Name of the segment attachment.\n" + }, + "state": { + "type": "string", + "description": "State of the attachment.\n" + }, + "tags": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "Key-value tags for the attachment. If configured with a provider `default_tags` configuration block present, tags with matching keys will overwrite those defined at the provider-level.\n" + }, + "tagsAll": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "A map of tags assigned to the resource, including those inherited from the provider `default_tags` configuration block.\n", + "deprecationMessage": "Please use `tags` instead." + }, + "timeouts": { + "$ref": "#/types/aws:networkmanager/DxGatewayAttachmentTimeouts:DxGatewayAttachmentTimeouts" + } + }, + "required": [ + "arn", + "attachmentPolicyRuleNumber", + "attachmentType", + "coreNetworkArn", + "coreNetworkId", + "directConnectGatewayArn", + "edgeLocations", + "ownerAccountId", + "segmentName", + "state", + "tagsAll" + ], + "inputProperties": { + "coreNetworkId": { + "type": "string", + "description": "ID of the Cloud WAN core network to which the Direct Connect gateway attachment should be attached.\n" + }, + "directConnectGatewayArn": { + "type": "string", + "description": "ARN of the Direct Connect gateway attachment.\n" + }, + "edgeLocations": { + "type": "array", + "items": { + "type": "string" + }, + "description": "One or more core network edge locations to associate with the Direct Connect gateway attachment.\n\nThe following arguments are optional:\n" + }, + "tags": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "Key-value tags for the attachment. If configured with a provider `default_tags` configuration block present, tags with matching keys will overwrite those defined at the provider-level.\n" + }, + "timeouts": { + "$ref": "#/types/aws:networkmanager/DxGatewayAttachmentTimeouts:DxGatewayAttachmentTimeouts" + } + }, + "requiredInputs": [ + "coreNetworkId", + "directConnectGatewayArn", + "edgeLocations" + ], + "stateInputs": { + "description": "Input properties used for looking up and filtering DxGatewayAttachment resources.\n", + "properties": { + "arn": { + "type": "string" + }, + "attachmentPolicyRuleNumber": { + "type": "integer", + "description": "Policy rule number associated with the attachment.\n" + }, + "attachmentType": { + "type": "string", + "description": "Type of attachment.\n" + }, + "coreNetworkArn": { + "type": "string", + "description": "ARN of the core network for the attachment.\n" + }, + "coreNetworkId": { + "type": "string", + "description": "ID of the Cloud WAN core network to which the Direct Connect gateway attachment should be attached.\n" + }, + "directConnectGatewayArn": { + "type": "string", + "description": "ARN of the Direct Connect gateway attachment.\n" + }, + "edgeLocations": { + "type": "array", + "items": { + "type": "string" + }, + "description": "One or more core network edge locations to associate with the Direct Connect gateway attachment.\n\nThe following arguments are optional:\n" + }, + "ownerAccountId": { + "type": "string", + "description": "ID of the attachment account owner.\n" + }, + "segmentName": { + "type": "string", + "description": "Name of the segment attachment.\n" + }, + "state": { + "type": "string", + "description": "State of the attachment.\n" + }, + "tags": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "Key-value tags for the attachment. If configured with a provider `default_tags` configuration block present, tags with matching keys will overwrite those defined at the provider-level.\n" + }, + "tagsAll": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "A map of tags assigned to the resource, including those inherited from the provider `default_tags` configuration block.\n", + "deprecationMessage": "Please use `tags` instead." + }, + "timeouts": { + "$ref": "#/types/aws:networkmanager/DxGatewayAttachmentTimeouts:DxGatewayAttachmentTimeouts" + } + }, + "type": "object" + } + }, "aws:networkmanager/globalNetwork:GlobalNetwork": { "description": "Provides a global network resource.\n\n## Example Usage\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst example = new aws.networkmanager.GlobalNetwork(\"example\", {description: \"example\"});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nexample = aws.networkmanager.GlobalNetwork(\"example\", description=\"example\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var example = new Aws.NetworkManager.GlobalNetwork(\"example\", new()\n {\n Description = \"example\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/networkmanager\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := networkmanager.NewGlobalNetwork(ctx, \"example\", \u0026networkmanager.GlobalNetworkArgs{\n\t\t\tDescription: pulumi.String(\"example\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.aws.networkmanager.GlobalNetwork;\nimport com.pulumi.aws.networkmanager.GlobalNetworkArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var example = new GlobalNetwork(\"example\", GlobalNetworkArgs.builder()\n .description(\"example\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n example:\n type: aws:networkmanager:GlobalNetwork\n properties:\n description: example\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nUsing `pulumi import`, import `aws_networkmanager_global_network` using the global network ID. For example:\n\n```sh\n$ pulumi import aws:networkmanager/globalNetwork:GlobalNetwork example global-network-0d47f6t230mz46dy4\n```\n", "properties": { @@ -330230,15 +331084,15 @@ }, "performanceInsightsEnabled": { "type": "boolean", - "description": "Valid only for Non-Aurora Multi-AZ DB Clusters. Enables Performance Insights for the RDS Cluster\n" + "description": "Enables Performance Insights for the RDS Cluster\n" }, "performanceInsightsKmsKeyId": { "type": "string", - "description": "Valid only for Non-Aurora Multi-AZ DB Clusters. Specifies the KMS Key ID to encrypt Performance Insights data. If not specified, the default RDS KMS key will be used (`aws/rds`).\n" + "description": "Specifies the KMS Key ID to encrypt Performance Insights data. If not specified, the default RDS KMS key will be used (`aws/rds`).\n" }, "performanceInsightsRetentionPeriod": { "type": "integer", - "description": "Valid only for Non-Aurora Multi-AZ DB Clusters. Specifies the amount of time to retain performance insights data for. Defaults to 7 days if Performance Insights are enabled. Valid values are `7`, `month * 31` (where month is a number of months from 1-23), and `731`. See [here](https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/USER_PerfInsights.Overview.cost.html) for more information on retention periods.\n" + "description": "Specifies the amount of time to retain performance insights data for. Defaults to 7 days if Performance Insights are enabled. Valid values are `7`, `month * 31` (where month is a number of months from 1-23), and `731`. See [here](https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/USER_PerfInsights.Overview.cost.html) for more information on retention periods.\n" }, "port": { "type": "integer", @@ -330561,15 +331415,15 @@ }, "performanceInsightsEnabled": { "type": "boolean", - "description": "Valid only for Non-Aurora Multi-AZ DB Clusters. Enables Performance Insights for the RDS Cluster\n" + "description": "Enables Performance Insights for the RDS Cluster\n" }, "performanceInsightsKmsKeyId": { "type": "string", - "description": "Valid only for Non-Aurora Multi-AZ DB Clusters. Specifies the KMS Key ID to encrypt Performance Insights data. If not specified, the default RDS KMS key will be used (`aws/rds`).\n" + "description": "Specifies the KMS Key ID to encrypt Performance Insights data. If not specified, the default RDS KMS key will be used (`aws/rds`).\n" }, "performanceInsightsRetentionPeriod": { "type": "integer", - "description": "Valid only for Non-Aurora Multi-AZ DB Clusters. Specifies the amount of time to retain performance insights data for. Defaults to 7 days if Performance Insights are enabled. Valid values are `7`, `month * 31` (where month is a number of months from 1-23), and `731`. See [here](https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/USER_PerfInsights.Overview.cost.html) for more information on retention periods.\n" + "description": "Specifies the amount of time to retain performance insights data for. Defaults to 7 days if Performance Insights are enabled. Valid values are `7`, `month * 31` (where month is a number of months from 1-23), and `731`. See [here](https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/USER_PerfInsights.Overview.cost.html) for more information on retention periods.\n" }, "port": { "type": "integer", @@ -330881,15 +331735,15 @@ }, "performanceInsightsEnabled": { "type": "boolean", - "description": "Valid only for Non-Aurora Multi-AZ DB Clusters. Enables Performance Insights for the RDS Cluster\n" + "description": "Enables Performance Insights for the RDS Cluster\n" }, "performanceInsightsKmsKeyId": { "type": "string", - "description": "Valid only for Non-Aurora Multi-AZ DB Clusters. Specifies the KMS Key ID to encrypt Performance Insights data. If not specified, the default RDS KMS key will be used (`aws/rds`).\n" + "description": "Specifies the KMS Key ID to encrypt Performance Insights data. If not specified, the default RDS KMS key will be used (`aws/rds`).\n" }, "performanceInsightsRetentionPeriod": { "type": "integer", - "description": "Valid only for Non-Aurora Multi-AZ DB Clusters. Specifies the amount of time to retain performance insights data for. Defaults to 7 days if Performance Insights are enabled. Valid values are `7`, `month * 31` (where month is a number of months from 1-23), and `731`. See [here](https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/USER_PerfInsights.Overview.cost.html) for more information on retention periods.\n" + "description": "Specifies the amount of time to retain performance insights data for. Defaults to 7 days if Performance Insights are enabled. Valid values are `7`, `month * 31` (where month is a number of months from 1-23), and `731`. See [here](https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/USER_PerfInsights.Overview.cost.html) for more information on retention periods.\n" }, "port": { "type": "integer", @@ -332146,6 +333000,246 @@ "type": "object" } }, + "aws:rds/clusterSnapshotCopy:ClusterSnapshotCopy": { + "description": "Manages an RDS database cluster snapshot copy. For managing RDS database instance snapshot copies, see the `aws.rds.SnapshotCopy` resource.\n\n## Example Usage\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst example = new aws.rds.Cluster(\"example\", {\n clusterIdentifier: \"aurora-cluster-demo\",\n databaseName: \"test\",\n engine: aws.rds.EngineType.AuroraMysql,\n masterUsername: \"tfacctest\",\n masterPassword: \"avoid-plaintext-passwords\",\n skipFinalSnapshot: true,\n});\nconst exampleClusterSnapshot = new aws.rds.ClusterSnapshot(\"example\", {\n dbClusterIdentifier: example.clusterIdentifier,\n dbClusterSnapshotIdentifier: \"example\",\n});\nconst exampleClusterSnapshotCopy = new aws.rds.ClusterSnapshotCopy(\"example\", {\n sourceDbClusterSnapshotIdentifier: exampleClusterSnapshot.dbClusterSnapshotArn,\n targetDbClusterSnapshotIdentifier: \"example-copy\",\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nexample = aws.rds.Cluster(\"example\",\n cluster_identifier=\"aurora-cluster-demo\",\n database_name=\"test\",\n engine=aws.rds.EngineType.AURORA_MYSQL,\n master_username=\"tfacctest\",\n master_password=\"avoid-plaintext-passwords\",\n skip_final_snapshot=True)\nexample_cluster_snapshot = aws.rds.ClusterSnapshot(\"example\",\n db_cluster_identifier=example.cluster_identifier,\n db_cluster_snapshot_identifier=\"example\")\nexample_cluster_snapshot_copy = aws.rds.ClusterSnapshotCopy(\"example\",\n source_db_cluster_snapshot_identifier=example_cluster_snapshot.db_cluster_snapshot_arn,\n target_db_cluster_snapshot_identifier=\"example-copy\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var example = new Aws.Rds.Cluster(\"example\", new()\n {\n ClusterIdentifier = \"aurora-cluster-demo\",\n DatabaseName = \"test\",\n Engine = Aws.Rds.EngineType.AuroraMysql,\n MasterUsername = \"tfacctest\",\n MasterPassword = \"avoid-plaintext-passwords\",\n SkipFinalSnapshot = true,\n });\n\n var exampleClusterSnapshot = new Aws.Rds.ClusterSnapshot(\"example\", new()\n {\n DbClusterIdentifier = example.ClusterIdentifier,\n DbClusterSnapshotIdentifier = \"example\",\n });\n\n var exampleClusterSnapshotCopy = new Aws.Rds.ClusterSnapshotCopy(\"example\", new()\n {\n SourceDbClusterSnapshotIdentifier = exampleClusterSnapshot.DbClusterSnapshotArn,\n TargetDbClusterSnapshotIdentifier = \"example-copy\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/rds\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\texample, err := rds.NewCluster(ctx, \"example\", \u0026rds.ClusterArgs{\n\t\t\tClusterIdentifier: pulumi.String(\"aurora-cluster-demo\"),\n\t\t\tDatabaseName: pulumi.String(\"test\"),\n\t\t\tEngine: pulumi.String(rds.EngineTypeAuroraMysql),\n\t\t\tMasterUsername: pulumi.String(\"tfacctest\"),\n\t\t\tMasterPassword: pulumi.String(\"avoid-plaintext-passwords\"),\n\t\t\tSkipFinalSnapshot: pulumi.Bool(true),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\texampleClusterSnapshot, err := rds.NewClusterSnapshot(ctx, \"example\", \u0026rds.ClusterSnapshotArgs{\n\t\t\tDbClusterIdentifier: example.ClusterIdentifier,\n\t\t\tDbClusterSnapshotIdentifier: pulumi.String(\"example\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = rds.NewClusterSnapshotCopy(ctx, \"example\", \u0026rds.ClusterSnapshotCopyArgs{\n\t\t\tSourceDbClusterSnapshotIdentifier: exampleClusterSnapshot.DbClusterSnapshotArn,\n\t\t\tTargetDbClusterSnapshotIdentifier: pulumi.String(\"example-copy\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.aws.rds.Cluster;\nimport com.pulumi.aws.rds.ClusterArgs;\nimport com.pulumi.aws.rds.ClusterSnapshot;\nimport com.pulumi.aws.rds.ClusterSnapshotArgs;\nimport com.pulumi.aws.rds.ClusterSnapshotCopy;\nimport com.pulumi.aws.rds.ClusterSnapshotCopyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var example = new Cluster(\"example\", ClusterArgs.builder()\n .clusterIdentifier(\"aurora-cluster-demo\")\n .databaseName(\"test\")\n .engine(\"aurora-mysql\")\n .masterUsername(\"tfacctest\")\n .masterPassword(\"avoid-plaintext-passwords\")\n .skipFinalSnapshot(true)\n .build());\n\n var exampleClusterSnapshot = new ClusterSnapshot(\"exampleClusterSnapshot\", ClusterSnapshotArgs.builder()\n .dbClusterIdentifier(example.clusterIdentifier())\n .dbClusterSnapshotIdentifier(\"example\")\n .build());\n\n var exampleClusterSnapshotCopy = new ClusterSnapshotCopy(\"exampleClusterSnapshotCopy\", ClusterSnapshotCopyArgs.builder()\n .sourceDbClusterSnapshotIdentifier(exampleClusterSnapshot.dbClusterSnapshotArn())\n .targetDbClusterSnapshotIdentifier(\"example-copy\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n example:\n type: aws:rds:Cluster\n properties:\n clusterIdentifier: aurora-cluster-demo\n databaseName: test\n engine: aurora-mysql\n masterUsername: tfacctest\n masterPassword: avoid-plaintext-passwords\n skipFinalSnapshot: true\n exampleClusterSnapshot:\n type: aws:rds:ClusterSnapshot\n name: example\n properties:\n dbClusterIdentifier: ${example.clusterIdentifier}\n dbClusterSnapshotIdentifier: example\n exampleClusterSnapshotCopy:\n type: aws:rds:ClusterSnapshotCopy\n name: example\n properties:\n sourceDbClusterSnapshotIdentifier: ${exampleClusterSnapshot.dbClusterSnapshotArn}\n targetDbClusterSnapshotIdentifier: example-copy\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nUsing `pulumi import`, import `aws_rds_cluster_snapshot_copy` using the `id`. For example:\n\n```sh\n$ pulumi import aws:rds/clusterSnapshotCopy:ClusterSnapshotCopy example my-snapshot\n```\n", + "properties": { + "allocatedStorage": { + "type": "integer", + "description": "Specifies the allocated storage size in gigabytes (GB).\n" + }, + "copyTags": { + "type": "boolean", + "description": "Whether to copy existing tags. Defaults to `false`.\n" + }, + "dbClusterSnapshotArn": { + "type": "string", + "description": "The Amazon Resource Name (ARN) for the DB cluster snapshot.\n" + }, + "destinationRegion": { + "type": "string", + "description": "The Destination region to place snapshot copy.\n" + }, + "engine": { + "type": "string", + "description": "Specifies the name of the database engine.\n" + }, + "engineVersion": { + "type": "string", + "description": "Specifies the version of the database engine.\n" + }, + "kmsKeyId": { + "type": "string", + "description": "KMS key ID.\n" + }, + "licenseModel": { + "type": "string", + "description": "License model information for the restored DB instance.\n" + }, + "presignedUrl": { + "type": "string", + "description": "URL that contains a Signature Version 4 signed request.\n" + }, + "sharedAccounts": { + "type": "array", + "items": { + "type": "string" + }, + "description": "List of AWS Account IDs to share the snapshot with. Use `all` to make the snapshot public.\n" + }, + "snapshotType": { + "type": "string" + }, + "sourceDbClusterSnapshotIdentifier": { + "type": "string", + "description": "Identifier of the source snapshot.\n" + }, + "storageEncrypted": { + "type": "boolean", + "description": "Specifies whether the DB cluster snapshot is encrypted.\n" + }, + "storageType": { + "type": "string", + "description": "Specifies the storage type associated with DB cluster snapshot.\n" + }, + "tags": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "Key-value map of resource tags. If configured with a provider `default_tags` configuration block present, tags with matching keys will overwrite those defined at the provider-level.\n" + }, + "tagsAll": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "A map of tags assigned to the resource, including those inherited from the provider `default_tags` configuration block.\n", + "deprecationMessage": "Please use `tags` instead." + }, + "targetDbClusterSnapshotIdentifier": { + "type": "string", + "description": "Identifier for the snapshot.\n\nThe following arguments are optional:\n" + }, + "timeouts": { + "$ref": "#/types/aws:rds/ClusterSnapshotCopyTimeouts:ClusterSnapshotCopyTimeouts" + }, + "vpcId": { + "type": "string", + "description": "Provides the VPC ID associated with the DB cluster snapshot.\n" + } + }, + "required": [ + "allocatedStorage", + "dbClusterSnapshotArn", + "engine", + "engineVersion", + "licenseModel", + "snapshotType", + "sourceDbClusterSnapshotIdentifier", + "storageEncrypted", + "storageType", + "tagsAll", + "targetDbClusterSnapshotIdentifier", + "vpcId" + ], + "inputProperties": { + "copyTags": { + "type": "boolean", + "description": "Whether to copy existing tags. Defaults to `false`.\n" + }, + "destinationRegion": { + "type": "string", + "description": "The Destination region to place snapshot copy.\n" + }, + "kmsKeyId": { + "type": "string", + "description": "KMS key ID.\n" + }, + "presignedUrl": { + "type": "string", + "description": "URL that contains a Signature Version 4 signed request.\n" + }, + "sharedAccounts": { + "type": "array", + "items": { + "type": "string" + }, + "description": "List of AWS Account IDs to share the snapshot with. Use `all` to make the snapshot public.\n" + }, + "sourceDbClusterSnapshotIdentifier": { + "type": "string", + "description": "Identifier of the source snapshot.\n" + }, + "tags": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "Key-value map of resource tags. If configured with a provider `default_tags` configuration block present, tags with matching keys will overwrite those defined at the provider-level.\n" + }, + "targetDbClusterSnapshotIdentifier": { + "type": "string", + "description": "Identifier for the snapshot.\n\nThe following arguments are optional:\n" + }, + "timeouts": { + "$ref": "#/types/aws:rds/ClusterSnapshotCopyTimeouts:ClusterSnapshotCopyTimeouts" + } + }, + "requiredInputs": [ + "sourceDbClusterSnapshotIdentifier", + "targetDbClusterSnapshotIdentifier" + ], + "stateInputs": { + "description": "Input properties used for looking up and filtering ClusterSnapshotCopy resources.\n", + "properties": { + "allocatedStorage": { + "type": "integer", + "description": "Specifies the allocated storage size in gigabytes (GB).\n" + }, + "copyTags": { + "type": "boolean", + "description": "Whether to copy existing tags. Defaults to `false`.\n" + }, + "dbClusterSnapshotArn": { + "type": "string", + "description": "The Amazon Resource Name (ARN) for the DB cluster snapshot.\n" + }, + "destinationRegion": { + "type": "string", + "description": "The Destination region to place snapshot copy.\n" + }, + "engine": { + "type": "string", + "description": "Specifies the name of the database engine.\n" + }, + "engineVersion": { + "type": "string", + "description": "Specifies the version of the database engine.\n" + }, + "kmsKeyId": { + "type": "string", + "description": "KMS key ID.\n" + }, + "licenseModel": { + "type": "string", + "description": "License model information for the restored DB instance.\n" + }, + "presignedUrl": { + "type": "string", + "description": "URL that contains a Signature Version 4 signed request.\n" + }, + "sharedAccounts": { + "type": "array", + "items": { + "type": "string" + }, + "description": "List of AWS Account IDs to share the snapshot with. Use `all` to make the snapshot public.\n" + }, + "snapshotType": { + "type": "string" + }, + "sourceDbClusterSnapshotIdentifier": { + "type": "string", + "description": "Identifier of the source snapshot.\n" + }, + "storageEncrypted": { + "type": "boolean", + "description": "Specifies whether the DB cluster snapshot is encrypted.\n" + }, + "storageType": { + "type": "string", + "description": "Specifies the storage type associated with DB cluster snapshot.\n" + }, + "tags": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "Key-value map of resource tags. If configured with a provider `default_tags` configuration block present, tags with matching keys will overwrite those defined at the provider-level.\n" + }, + "tagsAll": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "A map of tags assigned to the resource, including those inherited from the provider `default_tags` configuration block.\n", + "deprecationMessage": "Please use `tags` instead." + }, + "targetDbClusterSnapshotIdentifier": { + "type": "string", + "description": "Identifier for the snapshot.\n\nThe following arguments are optional:\n" + }, + "timeouts": { + "$ref": "#/types/aws:rds/ClusterSnapshotCopyTimeouts:ClusterSnapshotCopyTimeouts" + }, + "vpcId": { + "type": "string", + "description": "Provides the VPC ID associated with the DB cluster snapshot.\n" + } + }, + "type": "object" + } + }, "aws:rds/customDbEngineVersion:CustomDbEngineVersion": { "description": "Provides an custom engine version (CEV) resource for Amazon RDS Custom. For additional information, see [Working with CEVs for RDS Custom for Oracle](https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/custom-cev.html) and [Working with CEVs for RDS Custom for SQL Server](https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/custom-cev-sqlserver.html) in the the [RDS User Guide](https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/Welcome.html).\n\n## Example Usage\n\n### RDS Custom for Oracle Usage\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst example = new aws.kms.Key(\"example\", {description: \"KMS symmetric key for RDS Custom for Oracle\"});\nconst exampleCustomDbEngineVersion = new aws.rds.CustomDbEngineVersion(\"example\", {\n databaseInstallationFilesS3BucketName: \"DOC-EXAMPLE-BUCKET\",\n databaseInstallationFilesS3Prefix: \"1915_GI/\",\n engine: \"custom-oracle-ee-cdb\",\n engineVersion: \"19.cdb_cev1\",\n kmsKeyId: example.arn,\n manifest: ` {\n\\x09\"databaseInstallationFileNames\":[\"V982063-01.zip\"]\n }\n`,\n tags: {\n Name: \"example\",\n Key: \"value\",\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nexample = aws.kms.Key(\"example\", description=\"KMS symmetric key for RDS Custom for Oracle\")\nexample_custom_db_engine_version = aws.rds.CustomDbEngineVersion(\"example\",\n database_installation_files_s3_bucket_name=\"DOC-EXAMPLE-BUCKET\",\n database_installation_files_s3_prefix=\"1915_GI/\",\n engine=\"custom-oracle-ee-cdb\",\n engine_version=\"19.cdb_cev1\",\n kms_key_id=example.arn,\n manifest=\"\"\" {\n\\x09\"databaseInstallationFileNames\":[\"V982063-01.zip\"]\n }\n\"\"\",\n tags={\n \"Name\": \"example\",\n \"Key\": \"value\",\n })\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var example = new Aws.Kms.Key(\"example\", new()\n {\n Description = \"KMS symmetric key for RDS Custom for Oracle\",\n });\n\n var exampleCustomDbEngineVersion = new Aws.Rds.CustomDbEngineVersion(\"example\", new()\n {\n DatabaseInstallationFilesS3BucketName = \"DOC-EXAMPLE-BUCKET\",\n DatabaseInstallationFilesS3Prefix = \"1915_GI/\",\n Engine = \"custom-oracle-ee-cdb\",\n EngineVersion = \"19.cdb_cev1\",\n KmsKeyId = example.Arn,\n Manifest = @\" {\n\t\"\"databaseInstallationFileNames\"\":[\"\"V982063-01.zip\"\"]\n }\n\",\n Tags = \n {\n { \"Name\", \"example\" },\n { \"Key\", \"value\" },\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/kms\"\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/rds\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\texample, err := kms.NewKey(ctx, \"example\", \u0026kms.KeyArgs{\n\t\t\tDescription: pulumi.String(\"KMS symmetric key for RDS Custom for Oracle\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = rds.NewCustomDbEngineVersion(ctx, \"example\", \u0026rds.CustomDbEngineVersionArgs{\n\t\t\tDatabaseInstallationFilesS3BucketName: pulumi.String(\"DOC-EXAMPLE-BUCKET\"),\n\t\t\tDatabaseInstallationFilesS3Prefix: pulumi.String(\"1915_GI/\"),\n\t\t\tEngine: pulumi.String(\"custom-oracle-ee-cdb\"),\n\t\t\tEngineVersion: pulumi.String(\"19.cdb_cev1\"),\n\t\t\tKmsKeyId: example.Arn,\n\t\t\tManifest: pulumi.String(\" {\\n\t\\\"databaseInstallationFileNames\\\":[\\\"V982063-01.zip\\\"]\\n }\\n\"),\n\t\t\tTags: pulumi.StringMap{\n\t\t\t\t\"Name\": pulumi.String(\"example\"),\n\t\t\t\t\"Key\": pulumi.String(\"value\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.aws.kms.Key;\nimport com.pulumi.aws.kms.KeyArgs;\nimport com.pulumi.aws.rds.CustomDbEngineVersion;\nimport com.pulumi.aws.rds.CustomDbEngineVersionArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var example = new Key(\"example\", KeyArgs.builder()\n .description(\"KMS symmetric key for RDS Custom for Oracle\")\n .build());\n\n var exampleCustomDbEngineVersion = new CustomDbEngineVersion(\"exampleCustomDbEngineVersion\", CustomDbEngineVersionArgs.builder()\n .databaseInstallationFilesS3BucketName(\"DOC-EXAMPLE-BUCKET\")\n .databaseInstallationFilesS3Prefix(\"1915_GI/\")\n .engine(\"custom-oracle-ee-cdb\")\n .engineVersion(\"19.cdb_cev1\")\n .kmsKeyId(example.arn())\n .manifest(\"\"\"\n {\n\t\"databaseInstallationFileNames\":[\"V982063-01.zip\"]\n }\n \"\"\")\n .tags(Map.ofEntries(\n Map.entry(\"Name\", \"example\"),\n Map.entry(\"Key\", \"value\")\n ))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n example:\n type: aws:kms:Key\n properties:\n description: KMS symmetric key for RDS Custom for Oracle\n exampleCustomDbEngineVersion:\n type: aws:rds:CustomDbEngineVersion\n name: example\n properties:\n databaseInstallationFilesS3BucketName: DOC-EXAMPLE-BUCKET\n databaseInstallationFilesS3Prefix: 1915_GI/\n engine: custom-oracle-ee-cdb\n engineVersion: 19.cdb_cev1\n kmsKeyId: ${example.arn}\n manifest: |2\n {\n \t\"databaseInstallationFileNames\":[\"V982063-01.zip\"]\n }\n tags:\n Name: example\n Key: value\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n### RDS Custom for Oracle External Manifest Usage\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\nimport * as std from \"@pulumi/std\";\n\nconst example = new aws.kms.Key(\"example\", {description: \"KMS symmetric key for RDS Custom for Oracle\"});\nconst exampleCustomDbEngineVersion = new aws.rds.CustomDbEngineVersion(\"example\", {\n databaseInstallationFilesS3BucketName: \"DOC-EXAMPLE-BUCKET\",\n databaseInstallationFilesS3Prefix: \"1915_GI/\",\n engine: \"custom-oracle-ee-cdb\",\n engineVersion: \"19.cdb_cev1\",\n kmsKeyId: example.arn,\n filename: \"manifest_1915_GI.json\",\n manifestHash: std.filebase64sha256({\n input: json,\n }).then(invoke =\u003e invoke.result),\n tags: {\n Name: \"example\",\n Key: \"value\",\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\nimport pulumi_std as std\n\nexample = aws.kms.Key(\"example\", description=\"KMS symmetric key for RDS Custom for Oracle\")\nexample_custom_db_engine_version = aws.rds.CustomDbEngineVersion(\"example\",\n database_installation_files_s3_bucket_name=\"DOC-EXAMPLE-BUCKET\",\n database_installation_files_s3_prefix=\"1915_GI/\",\n engine=\"custom-oracle-ee-cdb\",\n engine_version=\"19.cdb_cev1\",\n kms_key_id=example.arn,\n filename=\"manifest_1915_GI.json\",\n manifest_hash=std.filebase64sha256(input=json).result,\n tags={\n \"Name\": \"example\",\n \"Key\": \"value\",\n })\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Aws = Pulumi.Aws;\nusing Std = Pulumi.Std;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var example = new Aws.Kms.Key(\"example\", new()\n {\n Description = \"KMS symmetric key for RDS Custom for Oracle\",\n });\n\n var exampleCustomDbEngineVersion = new Aws.Rds.CustomDbEngineVersion(\"example\", new()\n {\n DatabaseInstallationFilesS3BucketName = \"DOC-EXAMPLE-BUCKET\",\n DatabaseInstallationFilesS3Prefix = \"1915_GI/\",\n Engine = \"custom-oracle-ee-cdb\",\n EngineVersion = \"19.cdb_cev1\",\n KmsKeyId = example.Arn,\n Filename = \"manifest_1915_GI.json\",\n ManifestHash = Std.Filebase64sha256.Invoke(new()\n {\n Input = json,\n }).Apply(invoke =\u003e invoke.Result),\n Tags = \n {\n { \"Name\", \"example\" },\n { \"Key\", \"value\" },\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/kms\"\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/rds\"\n\t\"github.com/pulumi/pulumi-std/sdk/go/std\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\texample, err := kms.NewKey(ctx, \"example\", \u0026kms.KeyArgs{\n\t\t\tDescription: pulumi.String(\"KMS symmetric key for RDS Custom for Oracle\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tinvokeFilebase64sha256, err := std.Filebase64sha256(ctx, \u0026std.Filebase64sha256Args{\n\t\t\tInput: json,\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = rds.NewCustomDbEngineVersion(ctx, \"example\", \u0026rds.CustomDbEngineVersionArgs{\n\t\t\tDatabaseInstallationFilesS3BucketName: pulumi.String(\"DOC-EXAMPLE-BUCKET\"),\n\t\t\tDatabaseInstallationFilesS3Prefix: pulumi.String(\"1915_GI/\"),\n\t\t\tEngine: pulumi.String(\"custom-oracle-ee-cdb\"),\n\t\t\tEngineVersion: pulumi.String(\"19.cdb_cev1\"),\n\t\t\tKmsKeyId: example.Arn,\n\t\t\tFilename: pulumi.String(\"manifest_1915_GI.json\"),\n\t\t\tManifestHash: pulumi.String(invokeFilebase64sha256.Result),\n\t\t\tTags: pulumi.StringMap{\n\t\t\t\t\"Name\": pulumi.String(\"example\"),\n\t\t\t\t\"Key\": pulumi.String(\"value\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.aws.kms.Key;\nimport com.pulumi.aws.kms.KeyArgs;\nimport com.pulumi.aws.rds.CustomDbEngineVersion;\nimport com.pulumi.aws.rds.CustomDbEngineVersionArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var example = new Key(\"example\", KeyArgs.builder()\n .description(\"KMS symmetric key for RDS Custom for Oracle\")\n .build());\n\n var exampleCustomDbEngineVersion = new CustomDbEngineVersion(\"exampleCustomDbEngineVersion\", CustomDbEngineVersionArgs.builder()\n .databaseInstallationFilesS3BucketName(\"DOC-EXAMPLE-BUCKET\")\n .databaseInstallationFilesS3Prefix(\"1915_GI/\")\n .engine(\"custom-oracle-ee-cdb\")\n .engineVersion(\"19.cdb_cev1\")\n .kmsKeyId(example.arn())\n .filename(\"manifest_1915_GI.json\")\n .manifestHash(StdFunctions.filebase64sha256(Filebase64sha256Args.builder()\n .input(json)\n .build()).result())\n .tags(Map.ofEntries(\n Map.entry(\"Name\", \"example\"),\n Map.entry(\"Key\", \"value\")\n ))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n example:\n type: aws:kms:Key\n properties:\n description: KMS symmetric key for RDS Custom for Oracle\n exampleCustomDbEngineVersion:\n type: aws:rds:CustomDbEngineVersion\n name: example\n properties:\n databaseInstallationFilesS3BucketName: DOC-EXAMPLE-BUCKET\n databaseInstallationFilesS3Prefix: 1915_GI/\n engine: custom-oracle-ee-cdb\n engineVersion: 19.cdb_cev1\n kmsKeyId: ${example.arn}\n filename: manifest_1915_GI.json\n manifestHash:\n fn::invoke:\n function: std:filebase64sha256\n arguments:\n input: ${json}\n return: result\n tags:\n Name: example\n Key: value\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n### RDS Custom for SQL Server Usage\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\n// CEV creation requires an AMI owned by the operator\nconst test = new aws.rds.CustomDbEngineVersion(\"test\", {\n engine: \"custom-sqlserver-se\",\n engineVersion: \"15.00.4249.2.cev-1\",\n sourceImageId: \"ami-0aa12345678a12ab1\",\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\n# CEV creation requires an AMI owned by the operator\ntest = aws.rds.CustomDbEngineVersion(\"test\",\n engine=\"custom-sqlserver-se\",\n engine_version=\"15.00.4249.2.cev-1\",\n source_image_id=\"ami-0aa12345678a12ab1\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n // CEV creation requires an AMI owned by the operator\n var test = new Aws.Rds.CustomDbEngineVersion(\"test\", new()\n {\n Engine = \"custom-sqlserver-se\",\n EngineVersion = \"15.00.4249.2.cev-1\",\n SourceImageId = \"ami-0aa12345678a12ab1\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/rds\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t// CEV creation requires an AMI owned by the operator\n\t\t_, err := rds.NewCustomDbEngineVersion(ctx, \"test\", \u0026rds.CustomDbEngineVersionArgs{\n\t\t\tEngine: pulumi.String(\"custom-sqlserver-se\"),\n\t\t\tEngineVersion: pulumi.String(\"15.00.4249.2.cev-1\"),\n\t\t\tSourceImageId: pulumi.String(\"ami-0aa12345678a12ab1\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.aws.rds.CustomDbEngineVersion;\nimport com.pulumi.aws.rds.CustomDbEngineVersionArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n // CEV creation requires an AMI owned by the operator\n var test = new CustomDbEngineVersion(\"test\", CustomDbEngineVersionArgs.builder()\n .engine(\"custom-sqlserver-se\")\n .engineVersion(\"15.00.4249.2.cev-1\")\n .sourceImageId(\"ami-0aa12345678a12ab1\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n # CEV creation requires an AMI owned by the operator\n test:\n type: aws:rds:CustomDbEngineVersion\n properties:\n engine: custom-sqlserver-se\n engineVersion: 15.00.4249.2.cev-1\n sourceImageId: ami-0aa12345678a12ab1\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n### RDS Custom for SQL Server Usage with AMI from another region\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst example = new aws.ec2.AmiCopy(\"example\", {\n name: \"sqlserver-se-2019-15.00.4249.2\",\n description: \"A copy of ami-xxxxxxxx\",\n sourceAmiId: \"ami-xxxxxxxx\",\n sourceAmiRegion: \"us-east-1\",\n});\n// CEV creation requires an AMI owned by the operator\nconst test = new aws.rds.CustomDbEngineVersion(\"test\", {\n engine: \"custom-sqlserver-se\",\n engineVersion: \"15.00.4249.2.cev-1\",\n sourceImageId: example.id,\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nexample = aws.ec2.AmiCopy(\"example\",\n name=\"sqlserver-se-2019-15.00.4249.2\",\n description=\"A copy of ami-xxxxxxxx\",\n source_ami_id=\"ami-xxxxxxxx\",\n source_ami_region=\"us-east-1\")\n# CEV creation requires an AMI owned by the operator\ntest = aws.rds.CustomDbEngineVersion(\"test\",\n engine=\"custom-sqlserver-se\",\n engine_version=\"15.00.4249.2.cev-1\",\n source_image_id=example.id)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var example = new Aws.Ec2.AmiCopy(\"example\", new()\n {\n Name = \"sqlserver-se-2019-15.00.4249.2\",\n Description = \"A copy of ami-xxxxxxxx\",\n SourceAmiId = \"ami-xxxxxxxx\",\n SourceAmiRegion = \"us-east-1\",\n });\n\n // CEV creation requires an AMI owned by the operator\n var test = new Aws.Rds.CustomDbEngineVersion(\"test\", new()\n {\n Engine = \"custom-sqlserver-se\",\n EngineVersion = \"15.00.4249.2.cev-1\",\n SourceImageId = example.Id,\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/ec2\"\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/rds\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\texample, err := ec2.NewAmiCopy(ctx, \"example\", \u0026ec2.AmiCopyArgs{\n\t\t\tName: pulumi.String(\"sqlserver-se-2019-15.00.4249.2\"),\n\t\t\tDescription: pulumi.String(\"A copy of ami-xxxxxxxx\"),\n\t\t\tSourceAmiId: pulumi.String(\"ami-xxxxxxxx\"),\n\t\t\tSourceAmiRegion: pulumi.String(\"us-east-1\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t// CEV creation requires an AMI owned by the operator\n\t\t_, err = rds.NewCustomDbEngineVersion(ctx, \"test\", \u0026rds.CustomDbEngineVersionArgs{\n\t\t\tEngine: pulumi.String(\"custom-sqlserver-se\"),\n\t\t\tEngineVersion: pulumi.String(\"15.00.4249.2.cev-1\"),\n\t\t\tSourceImageId: example.ID(),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.aws.ec2.AmiCopy;\nimport com.pulumi.aws.ec2.AmiCopyArgs;\nimport com.pulumi.aws.rds.CustomDbEngineVersion;\nimport com.pulumi.aws.rds.CustomDbEngineVersionArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var example = new AmiCopy(\"example\", AmiCopyArgs.builder()\n .name(\"sqlserver-se-2019-15.00.4249.2\")\n .description(\"A copy of ami-xxxxxxxx\")\n .sourceAmiId(\"ami-xxxxxxxx\")\n .sourceAmiRegion(\"us-east-1\")\n .build());\n\n // CEV creation requires an AMI owned by the operator\n var test = new CustomDbEngineVersion(\"test\", CustomDbEngineVersionArgs.builder()\n .engine(\"custom-sqlserver-se\")\n .engineVersion(\"15.00.4249.2.cev-1\")\n .sourceImageId(example.id())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n example:\n type: aws:ec2:AmiCopy\n properties:\n name: sqlserver-se-2019-15.00.4249.2\n description: A copy of ami-xxxxxxxx\n sourceAmiId: ami-xxxxxxxx\n sourceAmiRegion: us-east-1\n # CEV creation requires an AMI owned by the operator\n test:\n type: aws:rds:CustomDbEngineVersion\n properties:\n engine: custom-sqlserver-se\n engineVersion: 15.00.4249.2.cev-1\n sourceImageId: ${example.id}\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nUsing `pulumi import`, import custom engine versions for Amazon RDS custom using the `engine` and `engine_version` separated by a colon (`:`). For example:\n\n```sh\n$ pulumi import aws:rds/customDbEngineVersion:CustomDbEngineVersion example custom-oracle-ee-cdb:19.cdb_cev1\n```\n", "properties": { @@ -341257,15 +342351,15 @@ } }, "aws:resourcegroups/resource:Resource": { - "description": "Resource for managing an AWS Resource Groups Resource.\n\n## Example Usage\n\n### Basic Usage\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst example = new aws.ec2.DedicatedHost(\"example\", {\n instanceFamily: \"t3\",\n availabilityZone: \"us-east-1a\",\n hostRecovery: \"off\",\n autoPlacement: \"on\",\n});\nconst exampleGroup = new aws.resourcegroups.Group(\"example\", {name: \"example\"});\nconst exampleResource = new aws.resourcegroups.Resource(\"example\", {\n groupArn: exampleGroup.arn,\n resourceArn: example.arn,\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nexample = aws.ec2.DedicatedHost(\"example\",\n instance_family=\"t3\",\n availability_zone=\"us-east-1a\",\n host_recovery=\"off\",\n auto_placement=\"on\")\nexample_group = aws.resourcegroups.Group(\"example\", name=\"example\")\nexample_resource = aws.resourcegroups.Resource(\"example\",\n group_arn=example_group.arn,\n resource_arn=example.arn)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var example = new Aws.Ec2.DedicatedHost(\"example\", new()\n {\n InstanceFamily = \"t3\",\n AvailabilityZone = \"us-east-1a\",\n HostRecovery = \"off\",\n AutoPlacement = \"on\",\n });\n\n var exampleGroup = new Aws.ResourceGroups.Group(\"example\", new()\n {\n Name = \"example\",\n });\n\n var exampleResource = new Aws.ResourceGroups.Resource(\"example\", new()\n {\n GroupArn = exampleGroup.Arn,\n ResourceArn = example.Arn,\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/ec2\"\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/resourcegroups\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\texample, err := ec2.NewDedicatedHost(ctx, \"example\", \u0026ec2.DedicatedHostArgs{\n\t\t\tInstanceFamily: pulumi.String(\"t3\"),\n\t\t\tAvailabilityZone: pulumi.String(\"us-east-1a\"),\n\t\t\tHostRecovery: pulumi.String(\"off\"),\n\t\t\tAutoPlacement: pulumi.String(\"on\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\texampleGroup, err := resourcegroups.NewGroup(ctx, \"example\", \u0026resourcegroups.GroupArgs{\n\t\t\tName: pulumi.String(\"example\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = resourcegroups.NewResource(ctx, \"example\", \u0026resourcegroups.ResourceArgs{\n\t\t\tGroupArn: exampleGroup.Arn,\n\t\t\tResourceArn: example.Arn,\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.aws.ec2.DedicatedHost;\nimport com.pulumi.aws.ec2.DedicatedHostArgs;\nimport com.pulumi.aws.resourcegroups.Group;\nimport com.pulumi.aws.resourcegroups.GroupArgs;\nimport com.pulumi.aws.resourcegroups.Resource;\nimport com.pulumi.aws.resourcegroups.ResourceArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var example = new DedicatedHost(\"example\", DedicatedHostArgs.builder()\n .instanceFamily(\"t3\")\n .availabilityZone(\"us-east-1a\")\n .hostRecovery(\"off\")\n .autoPlacement(\"on\")\n .build());\n\n var exampleGroup = new Group(\"exampleGroup\", GroupArgs.builder()\n .name(\"example\")\n .build());\n\n var exampleResource = new Resource(\"exampleResource\", ResourceArgs.builder()\n .groupArn(exampleGroup.arn())\n .resourceArn(example.arn())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n example:\n type: aws:ec2:DedicatedHost\n properties:\n instanceFamily: t3\n availabilityZone: us-east-1a\n hostRecovery: off\n autoPlacement: on\n exampleGroup:\n type: aws:resourcegroups:Group\n name: example\n properties:\n name: example\n exampleResource:\n type: aws:resourcegroups:Resource\n name: example\n properties:\n groupArn: ${exampleGroup.arn}\n resourceArn: ${example.arn}\n```\n\u003c!--End PulumiCodeChooser --\u003e\n", + "description": "Resource for managing an AWS Resource Groups Resource.\n\n## Example Usage\n\n### Basic Usage\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst example = new aws.ec2.DedicatedHost(\"example\", {\n instanceFamily: \"t3\",\n availabilityZone: \"us-east-1a\",\n hostRecovery: \"off\",\n autoPlacement: \"on\",\n});\nconst exampleGroup = new aws.resourcegroups.Group(\"example\", {name: \"example\"});\nconst exampleResource = new aws.resourcegroups.Resource(\"example\", {\n groupArn: exampleGroup.arn,\n resourceArn: example.arn,\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nexample = aws.ec2.DedicatedHost(\"example\",\n instance_family=\"t3\",\n availability_zone=\"us-east-1a\",\n host_recovery=\"off\",\n auto_placement=\"on\")\nexample_group = aws.resourcegroups.Group(\"example\", name=\"example\")\nexample_resource = aws.resourcegroups.Resource(\"example\",\n group_arn=example_group.arn,\n resource_arn=example.arn)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var example = new Aws.Ec2.DedicatedHost(\"example\", new()\n {\n InstanceFamily = \"t3\",\n AvailabilityZone = \"us-east-1a\",\n HostRecovery = \"off\",\n AutoPlacement = \"on\",\n });\n\n var exampleGroup = new Aws.ResourceGroups.Group(\"example\", new()\n {\n Name = \"example\",\n });\n\n var exampleResource = new Aws.ResourceGroups.Resource(\"example\", new()\n {\n GroupArn = exampleGroup.Arn,\n ResourceArn = example.Arn,\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/ec2\"\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/resourcegroups\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\texample, err := ec2.NewDedicatedHost(ctx, \"example\", \u0026ec2.DedicatedHostArgs{\n\t\t\tInstanceFamily: pulumi.String(\"t3\"),\n\t\t\tAvailabilityZone: pulumi.String(\"us-east-1a\"),\n\t\t\tHostRecovery: pulumi.String(\"off\"),\n\t\t\tAutoPlacement: pulumi.String(\"on\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\texampleGroup, err := resourcegroups.NewGroup(ctx, \"example\", \u0026resourcegroups.GroupArgs{\n\t\t\tName: pulumi.String(\"example\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = resourcegroups.NewResource(ctx, \"example\", \u0026resourcegroups.ResourceArgs{\n\t\t\tGroupArn: exampleGroup.Arn,\n\t\t\tResourceArn: example.Arn,\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.aws.ec2.DedicatedHost;\nimport com.pulumi.aws.ec2.DedicatedHostArgs;\nimport com.pulumi.aws.resourcegroups.Group;\nimport com.pulumi.aws.resourcegroups.GroupArgs;\nimport com.pulumi.aws.resourcegroups.Resource;\nimport com.pulumi.aws.resourcegroups.ResourceArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var example = new DedicatedHost(\"example\", DedicatedHostArgs.builder()\n .instanceFamily(\"t3\")\n .availabilityZone(\"us-east-1a\")\n .hostRecovery(\"off\")\n .autoPlacement(\"on\")\n .build());\n\n var exampleGroup = new Group(\"exampleGroup\", GroupArgs.builder()\n .name(\"example\")\n .build());\n\n var exampleResource = new Resource(\"exampleResource\", ResourceArgs.builder()\n .groupArn(exampleGroup.arn())\n .resourceArn(example.arn())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n example:\n type: aws:ec2:DedicatedHost\n properties:\n instanceFamily: t3\n availabilityZone: us-east-1a\n hostRecovery: off\n autoPlacement: on\n exampleGroup:\n type: aws:resourcegroups:Group\n name: example\n properties:\n name: example\n exampleResource:\n type: aws:resourcegroups:Resource\n name: example\n properties:\n groupArn: ${exampleGroup.arn}\n resourceArn: ${example.arn}\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nUsing `pulumi import`, import an AWS Resource Groups Resource using `group_arn` and `resource_arn`, separated by a comma (`,`). For example:\n\n```sh\n$ pulumi import aws:resourcegroups/resource:Resource example arn:aws:resource-groups:us-west-2:012345678901:group/example,arn:aws:lambda:us-west-2:012345678901:function:example\n```\n", "properties": { "groupArn": { "type": "string", - "description": "The name or the ARN of the resource group to add resources to.\n\nThe following arguments are optional:\n" + "description": "Name or ARN of the resource group to add resources to.\n" }, "resourceArn": { "type": "string", - "description": "The ARN of the resource to be added to the group.\n" + "description": "ARN of the resource to be added to the group.\n" }, "resourceType": { "type": "string", @@ -341280,12 +342374,12 @@ "inputProperties": { "groupArn": { "type": "string", - "description": "The name or the ARN of the resource group to add resources to.\n\nThe following arguments are optional:\n", + "description": "Name or ARN of the resource group to add resources to.\n", "willReplaceOnChanges": true }, "resourceArn": { "type": "string", - "description": "The ARN of the resource to be added to the group.\n", + "description": "ARN of the resource to be added to the group.\n", "willReplaceOnChanges": true } }, @@ -341298,12 +342392,12 @@ "properties": { "groupArn": { "type": "string", - "description": "The name or the ARN of the resource group to add resources to.\n\nThe following arguments are optional:\n", + "description": "Name or ARN of the resource group to add resources to.\n", "willReplaceOnChanges": true }, "resourceArn": { "type": "string", - "description": "The ARN of the resource to be added to the group.\n", + "description": "ARN of the resource to be added to the group.\n", "willReplaceOnChanges": true }, "resourceType": { @@ -392191,6 +393285,10 @@ "description": "ASN on the Amazon side of the connection.\n", "type": "string" }, + "arn": { + "description": "ARN of the gateway.\n", + "type": "string" + }, "id": { "description": "The provider-assigned unique ID for this managed resource.\n", "type": "string" @@ -392205,6 +393303,7 @@ }, "required": [ "amazonSideAsn", + "arn", "name", "ownerAccountId", "id" @@ -424457,6 +425556,45 @@ "type": "object" } }, + "aws:servicecatalog/getAppregistryAttributeGroupAssociations:getAppregistryAttributeGroupAssociations": { + "description": "Data source for managing AWS Service Catalog AppRegistry Attribute Group Associations.\n\n## Example Usage\n\n### Basic Usage\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst example = aws.servicecatalog.getAppregistryAttributeGroupAssociations({\n id: \"12456778723424sdffsdfsdq34,12234t3564dsfsdf34asff4ww3\",\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nexample = aws.servicecatalog.get_appregistry_attribute_group_associations(id=\"12456778723424sdffsdfsdq34,12234t3564dsfsdf34asff4ww3\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var example = Aws.ServiceCatalog.GetAppregistryAttributeGroupAssociations.Invoke(new()\n {\n Id = \"12456778723424sdffsdfsdq34,12234t3564dsfsdf34asff4ww3\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/servicecatalog\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := servicecatalog.GetAppregistryAttributeGroupAssociations(ctx, \u0026servicecatalog.GetAppregistryAttributeGroupAssociationsArgs{\n\t\t\tId: pulumi.StringRef(\"12456778723424sdffsdfsdq34,12234t3564dsfsdf34asff4ww3\"),\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.aws.servicecatalog.ServicecatalogFunctions;\nimport com.pulumi.aws.servicecatalog.inputs.GetAppregistryAttributeGroupAssociationsArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var example = ServicecatalogFunctions.getAppregistryAttributeGroupAssociations(GetAppregistryAttributeGroupAssociationsArgs.builder()\n .id(\"12456778723424sdffsdfsdq34,12234t3564dsfsdf34asff4ww3\")\n .build());\n\n }\n}\n```\n```yaml\nvariables:\n example:\n fn::invoke:\n function: aws:servicecatalog:getAppregistryAttributeGroupAssociations\n arguments:\n id: 12456778723424sdffsdfsdq34,12234t3564dsfsdf34asff4ww3\n```\n\u003c!--End PulumiCodeChooser --\u003e\n", + "inputs": { + "description": "A collection of arguments for invoking getAppregistryAttributeGroupAssociations.\n", + "properties": { + "id": { + "type": "string", + "description": "ID of the application to which attribute groups are associated.\n" + }, + "name": { + "type": "string", + "description": "Name of the application to which attribute groups are associated.\n\nThe following arguments are optional:\n" + } + }, + "type": "object" + }, + "outputs": { + "description": "A collection of values returned by getAppregistryAttributeGroupAssociations.\n", + "properties": { + "attributeGroupIds": { + "description": "Set of attribute group IDs this application is associated with.\n", + "items": { + "type": "string" + }, + "type": "array" + }, + "id": { + "type": "string" + }, + "name": { + "type": "string" + } + }, + "required": [ + "attributeGroupIds" + ], + "type": "object" + } + }, "aws:servicecatalog/getConstraint:getConstraint": { "description": "Provides information on a Service Catalog Constraint.\n\n## Example Usage\n\n### Basic Usage\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst example = aws.servicecatalog.getConstraint({\n acceptLanguage: \"en\",\n id: \"cons-hrvy0335\",\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nexample = aws.servicecatalog.get_constraint(accept_language=\"en\",\n id=\"cons-hrvy0335\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var example = Aws.ServiceCatalog.GetConstraint.Invoke(new()\n {\n AcceptLanguage = \"en\",\n Id = \"cons-hrvy0335\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/servicecatalog\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := servicecatalog.LookupConstraint(ctx, \u0026servicecatalog.LookupConstraintArgs{\n\t\t\tAcceptLanguage: pulumi.StringRef(\"en\"),\n\t\t\tId: \"cons-hrvy0335\",\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.aws.servicecatalog.ServicecatalogFunctions;\nimport com.pulumi.aws.servicecatalog.inputs.GetConstraintArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var example = ServicecatalogFunctions.getConstraint(GetConstraintArgs.builder()\n .acceptLanguage(\"en\")\n .id(\"cons-hrvy0335\")\n .build());\n\n }\n}\n```\n```yaml\nvariables:\n example:\n fn::invoke:\n function: aws:servicecatalog:getConstraint\n arguments:\n acceptLanguage: en\n id: cons-hrvy0335\n```\n\u003c!--End PulumiCodeChooser --\u003e\n", "inputs": {