diff --git a/provider/cmd/pulumi-resource-aws/schema.json b/provider/cmd/pulumi-resource-aws/schema.json index ca244b97654..8d97dee20e5 100644 --- a/provider/cmd/pulumi-resource-aws/schema.json +++ b/provider/cmd/pulumi-resource-aws/schema.json @@ -14,7 +14,9 @@ }, "language": { "csharp": { - "compatibility": "tfbridge20", + "packageReferences": { + "Pulumi": "3.*" + }, "namespaces": { "accessanalyzer": "AccessAnalyzer", "account": "Account", @@ -210,17 +212,16 @@ "workspaces": "Workspaces", "xray": "Xray" }, - "packageReferences": { - "Pulumi": "3.*" - } + "compatibility": "tfbridge20" }, "go": { - "generateExtraInputTypes": true, + "importBasePath": "github.com/pulumi/pulumi-aws/sdk/v6/go/aws", "generateResourceContainerTypes": true, - "importBasePath": "github.com/pulumi/pulumi-aws/sdk/v6/go/aws" + "generateExtraInputTypes": true }, "nodejs": { - "compatibility": "tfbridge20", + "packageDescription": "A Pulumi package for creating and managing Amazon Web Services (AWS) cloud resources.", + "readme": "\u003e This provider is a derived work of the [Terraform Provider](https://github.com/hashicorp/terraform-provider-aws)\n\u003e distributed under [MPL 2.0](https://www.mozilla.org/en-US/MPL/2.0/). If you encounter a bug or missing feature,\n\u003e first check the [`pulumi-aws` repo](https://github.com/pulumi/pulumi-aws/issues); however, if that doesn't turn up anything,\n\u003e please consult the source [`terraform-provider-aws` repo](https://github.com/hashicorp/terraform-provider-aws/issues).", "dependencies": { "@pulumi/pulumi": "^3.0.0", "aws-sdk": "^2.0.0", @@ -233,20 +234,16 @@ "@types/mime": "^2.0.0", "@types/node": "^10.0.0" }, - "disableUnionOutputTypes": true, - "packageDescription": "A Pulumi package for creating and managing Amazon Web Services (AWS) cloud resources.", - "packageName": "", - "pluginName": "", - "pluginVersion": "", - "readme": "\u003e This provider is a derived work of the [Terraform Provider](https://github.com/hashicorp/terraform-provider-aws)\n\u003e distributed under [MPL 2.0](https://www.mozilla.org/en-US/MPL/2.0/). If you encounter a bug or missing feature,\n\u003e first check the [`pulumi-aws` repo](https://github.com/pulumi/pulumi-aws/issues); however, if that doesn't turn up anything,\n\u003e please consult the source [`terraform-provider-aws` repo](https://github.com/hashicorp/terraform-provider-aws/issues).", - "typescriptVersion": "" + "compatibility": "tfbridge20", + "disableUnionOutputTypes": true }, "python": { - "compatibility": "tfbridge20", - "readme": "\u003e This provider is a derived work of the [Terraform Provider](https://github.com/hashicorp/terraform-provider-aws)\n\u003e distributed under [MPL 2.0](https://www.mozilla.org/en-US/MPL/2.0/). If you encounter a bug or missing feature,\n\u003e first check the [`pulumi-aws` repo](https://github.com/pulumi/pulumi-aws/issues); however, if that doesn't turn up anything,\n\u003e please consult the source [`terraform-provider-aws` repo](https://github.com/hashicorp/terraform-provider-aws/issues).", "requires": { "pulumi": "\u003e=3.0.0,\u003c4.0.0" - } + }, + "readme": "\u003e This provider is a derived work of the [Terraform Provider](https://github.com/hashicorp/terraform-provider-aws)\n\u003e distributed under [MPL 2.0](https://www.mozilla.org/en-US/MPL/2.0/). If you encounter a bug or missing feature,\n\u003e first check the [`pulumi-aws` repo](https://github.com/pulumi/pulumi-aws/issues); however, if that doesn't turn up anything,\n\u003e please consult the source [`terraform-provider-aws` repo](https://github.com/hashicorp/terraform-provider-aws/issues).", + "compatibility": "tfbridge20", + "pyproject": {} } }, "config": { @@ -124083,7 +124080,7 @@ } }, "aws:acmpca/policy:Policy": { - "description": "Attaches a resource based policy to a private CA.\n\n{{% examples %}}\n## Example Usage\n{{% example %}}\n### Basic\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst examplePolicyDocument = aws.iam.getPolicyDocument({\n statements: [\n {\n sid: \"1\",\n effect: \"Allow\",\n principals: [{\n type: \"AWS\",\n identifiers: [data.aws_caller_identity.current.account_id],\n }],\n actions: [\n \"acm-pca:DescribeCertificateAuthority\",\n \"acm-pca:GetCertificate\",\n \"acm-pca:GetCertificateAuthorityCertificate\",\n \"acm-pca:ListPermissions\",\n \"acm-pca:ListTags\",\n ],\n resources: [aws_acmpca_certificate_authority.example.arn],\n },\n {\n sid: \"2\",\n effect: Allow,\n principals: [{\n type: \"AWS\",\n identifiers: [data.aws_caller_identity.current.account_id],\n }],\n actions: [\"acm-pca:IssueCertificate\"],\n resources: [aws_acmpca_certificate_authority.example.arn],\n conditions: [{\n test: \"StringEquals\",\n variable: \"acm-pca:TemplateArn\",\n values: [\"arn:aws:acm-pca:::template/EndEntityCertificate/V1\"],\n }],\n },\n ],\n});\nconst examplePolicy = new aws.acmpca.Policy(\"examplePolicy\", {\n resourceArn: aws_acmpca_certificate_authority.example.arn,\n policy: examplePolicyDocument.then(examplePolicyDocument =\u003e examplePolicyDocument.json),\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nexample_policy_document = aws.iam.get_policy_document(statements=[\n aws.iam.GetPolicyDocumentStatementArgs(\n sid=\"1\",\n effect=\"Allow\",\n principals=[aws.iam.GetPolicyDocumentStatementPrincipalArgs(\n type=\"AWS\",\n identifiers=[data[\"aws_caller_identity\"][\"current\"][\"account_id\"]],\n )],\n actions=[\n \"acm-pca:DescribeCertificateAuthority\",\n \"acm-pca:GetCertificate\",\n \"acm-pca:GetCertificateAuthorityCertificate\",\n \"acm-pca:ListPermissions\",\n \"acm-pca:ListTags\",\n ],\n resources=[aws_acmpca_certificate_authority[\"example\"][\"arn\"]],\n ),\n aws.iam.GetPolicyDocumentStatementArgs(\n sid=\"2\",\n effect=allow,\n principals=[aws.iam.GetPolicyDocumentStatementPrincipalArgs(\n type=\"AWS\",\n identifiers=[data[\"aws_caller_identity\"][\"current\"][\"account_id\"]],\n )],\n actions=[\"acm-pca:IssueCertificate\"],\n resources=[aws_acmpca_certificate_authority[\"example\"][\"arn\"]],\n conditions=[aws.iam.GetPolicyDocumentStatementConditionArgs(\n test=\"StringEquals\",\n variable=\"acm-pca:TemplateArn\",\n values=[\"arn:aws:acm-pca:::template/EndEntityCertificate/V1\"],\n )],\n ),\n])\nexample_policy = aws.acmpca.Policy(\"examplePolicy\",\n resource_arn=aws_acmpca_certificate_authority[\"example\"][\"arn\"],\n policy=example_policy_document.json)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var examplePolicyDocument = Aws.Iam.GetPolicyDocument.Invoke(new()\n {\n Statements = new[]\n {\n new Aws.Iam.Inputs.GetPolicyDocumentStatementInputArgs\n {\n Sid = \"1\",\n Effect = \"Allow\",\n Principals = new[]\n {\n new Aws.Iam.Inputs.GetPolicyDocumentStatementPrincipalInputArgs\n {\n Type = \"AWS\",\n Identifiers = new[]\n {\n data.Aws_caller_identity.Current.Account_id,\n },\n },\n },\n Actions = new[]\n {\n \"acm-pca:DescribeCertificateAuthority\",\n \"acm-pca:GetCertificate\",\n \"acm-pca:GetCertificateAuthorityCertificate\",\n \"acm-pca:ListPermissions\",\n \"acm-pca:ListTags\",\n },\n Resources = new[]\n {\n aws_acmpca_certificate_authority.Example.Arn,\n },\n },\n new Aws.Iam.Inputs.GetPolicyDocumentStatementInputArgs\n {\n Sid = \"2\",\n Effect = Allow,\n Principals = new[]\n {\n new Aws.Iam.Inputs.GetPolicyDocumentStatementPrincipalInputArgs\n {\n Type = \"AWS\",\n Identifiers = new[]\n {\n data.Aws_caller_identity.Current.Account_id,\n },\n },\n },\n Actions = new[]\n {\n \"acm-pca:IssueCertificate\",\n },\n Resources = new[]\n {\n aws_acmpca_certificate_authority.Example.Arn,\n },\n Conditions = new[]\n {\n new Aws.Iam.Inputs.GetPolicyDocumentStatementConditionInputArgs\n {\n Test = \"StringEquals\",\n Variable = \"acm-pca:TemplateArn\",\n Values = new[]\n {\n \"arn:aws:acm-pca:::template/EndEntityCertificate/V1\",\n },\n },\n },\n },\n },\n });\n\n var examplePolicy = new Aws.Acmpca.Policy(\"examplePolicy\", new()\n {\n ResourceArn = aws_acmpca_certificate_authority.Example.Arn,\n PolicyDetails = examplePolicyDocument.Apply(getPolicyDocumentResult =\u003e getPolicyDocumentResult.Json),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\n\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/acmpca\"\n\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/iam\"\n)\nfunc main() {\npulumi.Run(func(ctx *pulumi.Context) error {\nexamplePolicyDocument, err := iam.GetPolicyDocument(ctx, \u0026iam.GetPolicyDocumentArgs{\nStatements: []iam.GetPolicyDocumentStatement{\n{\nSid: pulumi.StringRef(\"1\"),\nEffect: pulumi.StringRef(\"Allow\"),\nPrincipals: []iam.GetPolicyDocumentStatementPrincipal{\n{\nType: \"AWS\",\nIdentifiers: interface{}{\ndata.Aws_caller_identity.Current.Account_id,\n},\n},\n},\nActions: []string{\n\"acm-pca:DescribeCertificateAuthority\",\n\"acm-pca:GetCertificate\",\n\"acm-pca:GetCertificateAuthorityCertificate\",\n\"acm-pca:ListPermissions\",\n\"acm-pca:ListTags\",\n},\nResources: interface{}{\naws_acmpca_certificate_authority.Example.Arn,\n},\n},\n{\nSid: pulumi.StringRef(\"2\"),\nEffect: pulumi.StringRef(Allow),\nPrincipals: []iam.GetPolicyDocumentStatementPrincipal{\n{\nType: \"AWS\",\nIdentifiers: interface{}{\ndata.Aws_caller_identity.Current.Account_id,\n},\n},\n},\nActions: []string{\n\"acm-pca:IssueCertificate\",\n},\nResources: interface{}{\naws_acmpca_certificate_authority.Example.Arn,\n},\nConditions: []iam.GetPolicyDocumentStatementCondition{\n{\nTest: \"StringEquals\",\nVariable: \"acm-pca:TemplateArn\",\nValues: []string{\n\"arn:aws:acm-pca:::template/EndEntityCertificate/V1\",\n},\n},\n},\n},\n},\n}, nil);\nif err != nil {\nreturn err\n}\n_, err = acmpca.NewPolicy(ctx, \"examplePolicy\", \u0026acmpca.PolicyArgs{\nResourceArn: pulumi.Any(aws_acmpca_certificate_authority.Example.Arn),\nPolicy: *pulumi.String(examplePolicyDocument.Json),\n})\nif err != nil {\nreturn err\n}\nreturn nil\n})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.aws.iam.IamFunctions;\nimport com.pulumi.aws.iam.inputs.GetPolicyDocumentArgs;\nimport com.pulumi.aws.acmpca.Policy;\nimport com.pulumi.aws.acmpca.PolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var examplePolicyDocument = IamFunctions.getPolicyDocument(GetPolicyDocumentArgs.builder()\n .statements( \n GetPolicyDocumentStatementArgs.builder()\n .sid(\"1\")\n .effect(\"Allow\")\n .principals(GetPolicyDocumentStatementPrincipalArgs.builder()\n .type(\"AWS\")\n .identifiers(data.aws_caller_identity().current().account_id())\n .build())\n .actions( \n \"acm-pca:DescribeCertificateAuthority\",\n \"acm-pca:GetCertificate\",\n \"acm-pca:GetCertificateAuthorityCertificate\",\n \"acm-pca:ListPermissions\",\n \"acm-pca:ListTags\")\n .resources(aws_acmpca_certificate_authority.example().arn())\n .build(),\n GetPolicyDocumentStatementArgs.builder()\n .sid(\"2\")\n .effect(Allow)\n .principals(GetPolicyDocumentStatementPrincipalArgs.builder()\n .type(\"AWS\")\n .identifiers(data.aws_caller_identity().current().account_id())\n .build())\n .actions(\"acm-pca:IssueCertificate\")\n .resources(aws_acmpca_certificate_authority.example().arn())\n .conditions(GetPolicyDocumentStatementConditionArgs.builder()\n .test(\"StringEquals\")\n .variable(\"acm-pca:TemplateArn\")\n .values(\"arn:aws:acm-pca:::template/EndEntityCertificate/V1\")\n .build())\n .build())\n .build());\n\n var examplePolicy = new Policy(\"examplePolicy\", PolicyArgs.builder() \n .resourceArn(aws_acmpca_certificate_authority.example().arn())\n .policy(examplePolicyDocument.applyValue(getPolicyDocumentResult -\u003e getPolicyDocumentResult.json()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n examplePolicy:\n type: aws:acmpca:Policy\n properties:\n resourceArn: ${aws_acmpca_certificate_authority.example.arn}\n policy: ${examplePolicyDocument.json}\nvariables:\n examplePolicyDocument:\n fn::invoke:\n Function: aws:iam:getPolicyDocument\n Arguments:\n statements:\n - sid: '1'\n effect: Allow\n principals:\n - type: AWS\n identifiers:\n - ${data.aws_caller_identity.current.account_id}\n actions:\n - acm-pca:DescribeCertificateAuthority\n - acm-pca:GetCertificate\n - acm-pca:GetCertificateAuthorityCertificate\n - acm-pca:ListPermissions\n - acm-pca:ListTags\n resources:\n - ${aws_acmpca_certificate_authority.example.arn}\n - sid: '2'\n effect: ${Allow}\n principals:\n - type: AWS\n identifiers:\n - ${data.aws_caller_identity.current.account_id}\n actions:\n - acm-pca:IssueCertificate\n resources:\n - ${aws_acmpca_certificate_authority.example.arn}\n conditions:\n - test: StringEquals\n variable: acm-pca:TemplateArn\n values:\n - arn:aws:acm-pca:::template/EndEntityCertificate/V1\n```\n{{% /example %}}\n{{% /examples %}}\n\n## Import\n\nterraform import {\n\n to = aws_acmpca_policy.example\n\n id = \"arn:aws:acm-pca:us-east-1:123456789012:certificate-authority/12345678-1234-1234-1234-123456789012\" } Using `pulumi import`, import `aws_acmpca_policy` using the `resource_arn` value. For exampleconsole % pulumi import aws_acmpca_policy.example arn:aws:acm-pca:us-east-1:123456789012:certificate-authority/12345678-1234-1234-1234-123456789012 ", + "description": "Attaches a resource based policy to a private CA.\n\n{{% examples %}}\n## Example Usage\n{{% example %}}\n### Basic\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst examplePolicyDocument = aws.iam.getPolicyDocument({\n statements: [\n {\n sid: \"1\",\n effect: \"Allow\",\n principals: [{\n type: \"AWS\",\n identifiers: [data.aws_caller_identity.current.account_id],\n }],\n actions: [\n \"acm-pca:DescribeCertificateAuthority\",\n \"acm-pca:GetCertificate\",\n \"acm-pca:GetCertificateAuthorityCertificate\",\n \"acm-pca:ListPermissions\",\n \"acm-pca:ListTags\",\n ],\n resources: [aws_acmpca_certificate_authority.example.arn],\n },\n {\n sid: \"2\",\n effect: Allow,\n principals: [{\n type: \"AWS\",\n identifiers: [data.aws_caller_identity.current.account_id],\n }],\n actions: [\"acm-pca:IssueCertificate\"],\n resources: [aws_acmpca_certificate_authority.example.arn],\n conditions: [{\n test: \"StringEquals\",\n variable: \"acm-pca:TemplateArn\",\n values: [\"arn:aws:acm-pca:::template/EndEntityCertificate/V1\"],\n }],\n },\n ],\n});\nconst examplePolicy = new aws.acmpca.Policy(\"examplePolicy\", {\n resourceArn: aws_acmpca_certificate_authority.example.arn,\n policy: examplePolicyDocument.then(examplePolicyDocument =\u003e examplePolicyDocument.json),\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nexample_policy_document = aws.iam.get_policy_document(statements=[\n aws.iam.GetPolicyDocumentStatementArgs(\n sid=\"1\",\n effect=\"Allow\",\n principals=[aws.iam.GetPolicyDocumentStatementPrincipalArgs(\n type=\"AWS\",\n identifiers=[data[\"aws_caller_identity\"][\"current\"][\"account_id\"]],\n )],\n actions=[\n \"acm-pca:DescribeCertificateAuthority\",\n \"acm-pca:GetCertificate\",\n \"acm-pca:GetCertificateAuthorityCertificate\",\n \"acm-pca:ListPermissions\",\n \"acm-pca:ListTags\",\n ],\n resources=[aws_acmpca_certificate_authority[\"example\"][\"arn\"]],\n ),\n aws.iam.GetPolicyDocumentStatementArgs(\n sid=\"2\",\n effect=allow,\n principals=[aws.iam.GetPolicyDocumentStatementPrincipalArgs(\n type=\"AWS\",\n identifiers=[data[\"aws_caller_identity\"][\"current\"][\"account_id\"]],\n )],\n actions=[\"acm-pca:IssueCertificate\"],\n resources=[aws_acmpca_certificate_authority[\"example\"][\"arn\"]],\n conditions=[aws.iam.GetPolicyDocumentStatementConditionArgs(\n test=\"StringEquals\",\n variable=\"acm-pca:TemplateArn\",\n values=[\"arn:aws:acm-pca:::template/EndEntityCertificate/V1\"],\n )],\n ),\n])\nexample_policy = aws.acmpca.Policy(\"examplePolicy\",\n resource_arn=aws_acmpca_certificate_authority[\"example\"][\"arn\"],\n policy=example_policy_document.json)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var examplePolicyDocument = Aws.Iam.GetPolicyDocument.Invoke(new()\n {\n Statements = new[]\n {\n new Aws.Iam.Inputs.GetPolicyDocumentStatementInputArgs\n {\n Sid = \"1\",\n Effect = \"Allow\",\n Principals = new[]\n {\n new Aws.Iam.Inputs.GetPolicyDocumentStatementPrincipalInputArgs\n {\n Type = \"AWS\",\n Identifiers = new[]\n {\n data.Aws_caller_identity.Current.Account_id,\n },\n },\n },\n Actions = new[]\n {\n \"acm-pca:DescribeCertificateAuthority\",\n \"acm-pca:GetCertificate\",\n \"acm-pca:GetCertificateAuthorityCertificate\",\n \"acm-pca:ListPermissions\",\n \"acm-pca:ListTags\",\n },\n Resources = new[]\n {\n aws_acmpca_certificate_authority.Example.Arn,\n },\n },\n new Aws.Iam.Inputs.GetPolicyDocumentStatementInputArgs\n {\n Sid = \"2\",\n Effect = Allow,\n Principals = new[]\n {\n new Aws.Iam.Inputs.GetPolicyDocumentStatementPrincipalInputArgs\n {\n Type = \"AWS\",\n Identifiers = new[]\n {\n data.Aws_caller_identity.Current.Account_id,\n },\n },\n },\n Actions = new[]\n {\n \"acm-pca:IssueCertificate\",\n },\n Resources = new[]\n {\n aws_acmpca_certificate_authority.Example.Arn,\n },\n Conditions = new[]\n {\n new Aws.Iam.Inputs.GetPolicyDocumentStatementConditionInputArgs\n {\n Test = \"StringEquals\",\n Variable = \"acm-pca:TemplateArn\",\n Values = new[]\n {\n \"arn:aws:acm-pca:::template/EndEntityCertificate/V1\",\n },\n },\n },\n },\n },\n });\n\n var examplePolicy = new Aws.Acmpca.Policy(\"examplePolicy\", new()\n {\n ResourceArn = aws_acmpca_certificate_authority.Example.Arn,\n PolicyDetails = examplePolicyDocument.Apply(getPolicyDocumentResult =\u003e getPolicyDocumentResult.Json),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/acmpca\"\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/iam\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\nfunc main() {\npulumi.Run(func(ctx *pulumi.Context) error {\nexamplePolicyDocument, err := iam.GetPolicyDocument(ctx, \u0026iam.GetPolicyDocumentArgs{\nStatements: []iam.GetPolicyDocumentStatement{\n{\nSid: pulumi.StringRef(\"1\"),\nEffect: pulumi.StringRef(\"Allow\"),\nPrincipals: []iam.GetPolicyDocumentStatementPrincipal{\n{\nType: \"AWS\",\nIdentifiers: interface{}{\ndata.Aws_caller_identity.Current.Account_id,\n},\n},\n},\nActions: []string{\n\"acm-pca:DescribeCertificateAuthority\",\n\"acm-pca:GetCertificate\",\n\"acm-pca:GetCertificateAuthorityCertificate\",\n\"acm-pca:ListPermissions\",\n\"acm-pca:ListTags\",\n},\nResources: interface{}{\naws_acmpca_certificate_authority.Example.Arn,\n},\n},\n{\nSid: pulumi.StringRef(\"2\"),\nEffect: pulumi.StringRef(Allow),\nPrincipals: []iam.GetPolicyDocumentStatementPrincipal{\n{\nType: \"AWS\",\nIdentifiers: interface{}{\ndata.Aws_caller_identity.Current.Account_id,\n},\n},\n},\nActions: []string{\n\"acm-pca:IssueCertificate\",\n},\nResources: interface{}{\naws_acmpca_certificate_authority.Example.Arn,\n},\nConditions: []iam.GetPolicyDocumentStatementCondition{\n{\nTest: \"StringEquals\",\nVariable: \"acm-pca:TemplateArn\",\nValues: []string{\n\"arn:aws:acm-pca:::template/EndEntityCertificate/V1\",\n},\n},\n},\n},\n},\n}, nil);\nif err != nil {\nreturn err\n}\n_, err = acmpca.NewPolicy(ctx, \"examplePolicy\", \u0026acmpca.PolicyArgs{\nResourceArn: pulumi.Any(aws_acmpca_certificate_authority.Example.Arn),\nPolicy: *pulumi.String(examplePolicyDocument.Json),\n})\nif err != nil {\nreturn err\n}\nreturn nil\n})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.aws.iam.IamFunctions;\nimport com.pulumi.aws.iam.inputs.GetPolicyDocumentArgs;\nimport com.pulumi.aws.acmpca.Policy;\nimport com.pulumi.aws.acmpca.PolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var examplePolicyDocument = IamFunctions.getPolicyDocument(GetPolicyDocumentArgs.builder()\n .statements( \n GetPolicyDocumentStatementArgs.builder()\n .sid(\"1\")\n .effect(\"Allow\")\n .principals(GetPolicyDocumentStatementPrincipalArgs.builder()\n .type(\"AWS\")\n .identifiers(data.aws_caller_identity().current().account_id())\n .build())\n .actions( \n \"acm-pca:DescribeCertificateAuthority\",\n \"acm-pca:GetCertificate\",\n \"acm-pca:GetCertificateAuthorityCertificate\",\n \"acm-pca:ListPermissions\",\n \"acm-pca:ListTags\")\n .resources(aws_acmpca_certificate_authority.example().arn())\n .build(),\n GetPolicyDocumentStatementArgs.builder()\n .sid(\"2\")\n .effect(Allow)\n .principals(GetPolicyDocumentStatementPrincipalArgs.builder()\n .type(\"AWS\")\n .identifiers(data.aws_caller_identity().current().account_id())\n .build())\n .actions(\"acm-pca:IssueCertificate\")\n .resources(aws_acmpca_certificate_authority.example().arn())\n .conditions(GetPolicyDocumentStatementConditionArgs.builder()\n .test(\"StringEquals\")\n .variable(\"acm-pca:TemplateArn\")\n .values(\"arn:aws:acm-pca:::template/EndEntityCertificate/V1\")\n .build())\n .build())\n .build());\n\n var examplePolicy = new Policy(\"examplePolicy\", PolicyArgs.builder() \n .resourceArn(aws_acmpca_certificate_authority.example().arn())\n .policy(examplePolicyDocument.applyValue(getPolicyDocumentResult -\u003e getPolicyDocumentResult.json()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n examplePolicy:\n type: aws:acmpca:Policy\n properties:\n resourceArn: ${aws_acmpca_certificate_authority.example.arn}\n policy: ${examplePolicyDocument.json}\nvariables:\n examplePolicyDocument:\n fn::invoke:\n Function: aws:iam:getPolicyDocument\n Arguments:\n statements:\n - sid: '1'\n effect: Allow\n principals:\n - type: AWS\n identifiers:\n - ${data.aws_caller_identity.current.account_id}\n actions:\n - acm-pca:DescribeCertificateAuthority\n - acm-pca:GetCertificate\n - acm-pca:GetCertificateAuthorityCertificate\n - acm-pca:ListPermissions\n - acm-pca:ListTags\n resources:\n - ${aws_acmpca_certificate_authority.example.arn}\n - sid: '2'\n effect: ${Allow}\n principals:\n - type: AWS\n identifiers:\n - ${data.aws_caller_identity.current.account_id}\n actions:\n - acm-pca:IssueCertificate\n resources:\n - ${aws_acmpca_certificate_authority.example.arn}\n conditions:\n - test: StringEquals\n variable: acm-pca:TemplateArn\n values:\n - arn:aws:acm-pca:::template/EndEntityCertificate/V1\n```\n{{% /example %}}\n{{% /examples %}}\n\n## Import\n\nterraform import {\n\n to = aws_acmpca_policy.example\n\n id = \"arn:aws:acm-pca:us-east-1:123456789012:certificate-authority/12345678-1234-1234-1234-123456789012\" } Using `pulumi import`, import `aws_acmpca_policy` using the `resource_arn` value. For exampleconsole % pulumi import aws_acmpca_policy.example arn:aws:acm-pca:us-east-1:123456789012:certificate-authority/12345678-1234-1234-1234-123456789012 ", "properties": { "policy": { "type": "string", @@ -125946,7 +125943,7 @@ } }, "aws:amplify/branch:Branch": { - "description": "Provides an Amplify Branch resource.\n\n{{% examples %}}\n## Example Usage\n{{% example %}}\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst example = new aws.amplify.App(\"example\", {});\nconst master = new aws.amplify.Branch(\"master\", {\n appId: example.id,\n branchName: \"master\",\n framework: \"React\",\n stage: \"PRODUCTION\",\n environmentVariables: {\n REACT_APP_API_SERVER: \"https://api.example.com\",\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nexample = aws.amplify.App(\"example\")\nmaster = aws.amplify.Branch(\"master\",\n app_id=example.id,\n branch_name=\"master\",\n framework=\"React\",\n stage=\"PRODUCTION\",\n environment_variables={\n \"REACT_APP_API_SERVER\": \"https://api.example.com\",\n })\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var example = new Aws.Amplify.App(\"example\");\n\n var master = new Aws.Amplify.Branch(\"master\", new()\n {\n AppId = example.Id,\n BranchName = \"master\",\n Framework = \"React\",\n Stage = \"PRODUCTION\",\n EnvironmentVariables = \n {\n { \"REACT_APP_API_SERVER\", \"https://api.example.com\" },\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/amplify\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\texample, err := amplify.NewApp(ctx, \"example\", nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = amplify.NewBranch(ctx, \"master\", \u0026amplify.BranchArgs{\n\t\t\tAppId: example.ID(),\n\t\t\tBranchName: pulumi.String(\"master\"),\n\t\t\tFramework: pulumi.String(\"React\"),\n\t\t\tStage: pulumi.String(\"PRODUCTION\"),\n\t\t\tEnvironmentVariables: pulumi.StringMap{\n\t\t\t\t\"REACT_APP_API_SERVER\": pulumi.String(\"https://api.example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.aws.amplify.App;\nimport com.pulumi.aws.amplify.Branch;\nimport com.pulumi.aws.amplify.BranchArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var example = new App(\"example\");\n\n var master = new Branch(\"master\", BranchArgs.builder() \n .appId(example.id())\n .branchName(\"master\")\n .framework(\"React\")\n .stage(\"PRODUCTION\")\n .environmentVariables(Map.of(\"REACT_APP_API_SERVER\", \"https://api.example.com\"))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n example:\n type: aws:amplify:App\n master:\n type: aws:amplify:Branch\n properties:\n appId: ${example.id}\n branchName: master\n framework: React\n stage: PRODUCTION\n environmentVariables:\n REACT_APP_API_SERVER: https://api.example.com\n```\n{{% /example %}}\n{{% example %}}\n### Notifications\n\nAmplify Console uses EventBridge (formerly known as CloudWatch Events) and SNS for email notifications. To implement the same functionality, you need to set `enable_notification` in a `aws.amplify.Branch` resource, as well as creating an EventBridge Rule, an SNS topic, and SNS subscriptions.\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst example = new aws.amplify.App(\"example\", {});\nconst master = new aws.amplify.Branch(\"master\", {\n appId: example.id,\n branchName: \"master\",\n enableNotification: true,\n});\n// EventBridge Rule for Amplify notifications\nconst amplifyAppMasterEventRule = new aws.cloudwatch.EventRule(\"amplifyAppMasterEventRule\", {\n description: pulumi.interpolate`AWS Amplify build notifications for : App: ${aws_amplify_app.app.id} Branch: ${master.branchName}`,\n eventPattern: pulumi.all([example.id, master.branchName]).apply(([id, branchName]) =\u003e JSON.stringify({\n detail: {\n appId: [id],\n branchName: [branchName],\n jobStatus: [\n \"SUCCEED\",\n \"FAILED\",\n \"STARTED\",\n ],\n },\n \"detail-type\": [\"Amplify Deployment Status Change\"],\n source: [\"aws.amplify\"],\n })),\n});\nconst amplifyAppMasterTopic = new aws.sns.Topic(\"amplifyAppMasterTopic\", {});\nconst amplifyAppMasterEventTarget = new aws.cloudwatch.EventTarget(\"amplifyAppMasterEventTarget\", {\n rule: amplifyAppMasterEventRule.name,\n arn: amplifyAppMasterTopic.arn,\n inputTransformer: {\n inputPaths: {\n jobId: \"$.detail.jobId\",\n appId: \"$.detail.appId\",\n region: \"$.region\",\n branch: \"$.detail.branchName\",\n status: \"$.detail.jobStatus\",\n },\n inputTemplate: \"\\\"Build notification from the AWS Amplify Console for app: https://\u003cbranch\u003e.\u003cappId\u003e.amplifyapp.com/. Your build status is \u003cstatus\u003e. Go to https://console.aws.amazon.com/amplify/home?region=\u003cregion\u003e#\u003cappId\u003e/\u003cbranch\u003e/\u003cjobId\u003e to view details on your build. \\\"\",\n },\n});\n// SNS Topic for Amplify notifications\nconst amplifyAppMasterPolicyDocument = pulumi.all([master.arn, amplifyAppMasterTopic.arn]).apply(([masterArn, amplifyAppMasterTopicArn]) =\u003e aws.iam.getPolicyDocumentOutput({\n statements: [{\n sid: `Allow_Publish_Events ${masterArn}`,\n effect: \"Allow\",\n actions: [\"SNS:Publish\"],\n principals: [{\n type: \"Service\",\n identifiers: [\"events.amazonaws.com\"],\n }],\n resources: [amplifyAppMasterTopicArn],\n }],\n}));\nconst amplifyAppMasterTopicPolicy = new aws.sns.TopicPolicy(\"amplifyAppMasterTopicPolicy\", {\n arn: amplifyAppMasterTopic.arn,\n policy: amplifyAppMasterPolicyDocument.apply(amplifyAppMasterPolicyDocument =\u003e amplifyAppMasterPolicyDocument.json),\n});\nconst _this = new aws.sns.TopicSubscription(\"this\", {\n topic: amplifyAppMasterTopic.arn,\n protocol: \"email\",\n endpoint: \"user@acme.com\",\n});\n```\n```python\nimport pulumi\nimport json\nimport pulumi_aws as aws\n\nexample = aws.amplify.App(\"example\")\nmaster = aws.amplify.Branch(\"master\",\n app_id=example.id,\n branch_name=\"master\",\n enable_notification=True)\n# EventBridge Rule for Amplify notifications\namplify_app_master_event_rule = aws.cloudwatch.EventRule(\"amplifyAppMasterEventRule\",\n description=master.branch_name.apply(lambda branch_name: f\"AWS Amplify build notifications for : App: {aws_amplify_app['app']['id']} Branch: {branch_name}\"),\n event_pattern=pulumi.Output.all(example.id, master.branch_name).apply(lambda id, branch_name: json.dumps({\n \"detail\": {\n \"appId\": [id],\n \"branchName\": [branch_name],\n \"jobStatus\": [\n \"SUCCEED\",\n \"FAILED\",\n \"STARTED\",\n ],\n },\n \"detail-type\": [\"Amplify Deployment Status Change\"],\n \"source\": [\"aws.amplify\"],\n })))\namplify_app_master_topic = aws.sns.Topic(\"amplifyAppMasterTopic\")\namplify_app_master_event_target = aws.cloudwatch.EventTarget(\"amplifyAppMasterEventTarget\",\n rule=amplify_app_master_event_rule.name,\n arn=amplify_app_master_topic.arn,\n input_transformer=aws.cloudwatch.EventTargetInputTransformerArgs(\n input_paths={\n \"jobId\": \"$.detail.jobId\",\n \"appId\": \"$.detail.appId\",\n \"region\": \"$.region\",\n \"branch\": \"$.detail.branchName\",\n \"status\": \"$.detail.jobStatus\",\n },\n input_template=\"\\\"Build notification from the AWS Amplify Console for app: https://\u003cbranch\u003e.\u003cappId\u003e.amplifyapp.com/. Your build status is \u003cstatus\u003e. Go to https://console.aws.amazon.com/amplify/home?region=\u003cregion\u003e#\u003cappId\u003e/\u003cbranch\u003e/\u003cjobId\u003e to view details on your build. \\\"\",\n ))\n# SNS Topic for Amplify notifications\namplify_app_master_policy_document = pulumi.Output.all(master.arn, amplify_app_master_topic.arn).apply(lambda masterArn, amplifyAppMasterTopicArn: aws.iam.get_policy_document_output(statements=[aws.iam.GetPolicyDocumentStatementArgs(\n sid=f\"Allow_Publish_Events {master_arn}\",\n effect=\"Allow\",\n actions=[\"SNS:Publish\"],\n principals=[aws.iam.GetPolicyDocumentStatementPrincipalArgs(\n type=\"Service\",\n identifiers=[\"events.amazonaws.com\"],\n )],\n resources=[amplify_app_master_topic_arn],\n)]))\namplify_app_master_topic_policy = aws.sns.TopicPolicy(\"amplifyAppMasterTopicPolicy\",\n arn=amplify_app_master_topic.arn,\n policy=amplify_app_master_policy_document.json)\nthis = aws.sns.TopicSubscription(\"this\",\n topic=amplify_app_master_topic.arn,\n protocol=\"email\",\n endpoint=\"user@acme.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing System.Text.Json;\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var example = new Aws.Amplify.App(\"example\");\n\n var master = new Aws.Amplify.Branch(\"master\", new()\n {\n AppId = example.Id,\n BranchName = \"master\",\n EnableNotification = true,\n });\n\n // EventBridge Rule for Amplify notifications\n var amplifyAppMasterEventRule = new Aws.CloudWatch.EventRule(\"amplifyAppMasterEventRule\", new()\n {\n Description = master.BranchName.Apply(branchName =\u003e $\"AWS Amplify build notifications for : App: {aws_amplify_app.App.Id} Branch: {branchName}\"),\n EventPattern = Output.Tuple(example.Id, master.BranchName).Apply(values =\u003e\n {\n var id = values.Item1;\n var branchName = values.Item2;\n return JsonSerializer.Serialize(new Dictionary\u003cstring, object?\u003e\n {\n [\"detail\"] = new Dictionary\u003cstring, object?\u003e\n {\n [\"appId\"] = new[]\n {\n id,\n },\n [\"branchName\"] = new[]\n {\n branchName,\n },\n [\"jobStatus\"] = new[]\n {\n \"SUCCEED\",\n \"FAILED\",\n \"STARTED\",\n },\n },\n [\"detail-type\"] = new[]\n {\n \"Amplify Deployment Status Change\",\n },\n [\"source\"] = new[]\n {\n \"aws.amplify\",\n },\n });\n }),\n });\n\n var amplifyAppMasterTopic = new Aws.Sns.Topic(\"amplifyAppMasterTopic\");\n\n var amplifyAppMasterEventTarget = new Aws.CloudWatch.EventTarget(\"amplifyAppMasterEventTarget\", new()\n {\n Rule = amplifyAppMasterEventRule.Name,\n Arn = amplifyAppMasterTopic.Arn,\n InputTransformer = new Aws.CloudWatch.Inputs.EventTargetInputTransformerArgs\n {\n InputPaths = \n {\n { \"jobId\", \"$.detail.jobId\" },\n { \"appId\", \"$.detail.appId\" },\n { \"region\", \"$.region\" },\n { \"branch\", \"$.detail.branchName\" },\n { \"status\", \"$.detail.jobStatus\" },\n },\n InputTemplate = \"\\\"Build notification from the AWS Amplify Console for app: https://\u003cbranch\u003e.\u003cappId\u003e.amplifyapp.com/. Your build status is \u003cstatus\u003e. Go to https://console.aws.amazon.com/amplify/home?region=\u003cregion\u003e#\u003cappId\u003e/\u003cbranch\u003e/\u003cjobId\u003e to view details on your build. \\\"\",\n },\n });\n\n // SNS Topic for Amplify notifications\n var amplifyAppMasterPolicyDocument = Aws.Iam.GetPolicyDocument.Invoke(new()\n {\n Statements = new[]\n {\n new Aws.Iam.Inputs.GetPolicyDocumentStatementInputArgs\n {\n Sid = $\"Allow_Publish_Events {master.Arn}\",\n Effect = \"Allow\",\n Actions = new[]\n {\n \"SNS:Publish\",\n },\n Principals = new[]\n {\n new Aws.Iam.Inputs.GetPolicyDocumentStatementPrincipalInputArgs\n {\n Type = \"Service\",\n Identifiers = new[]\n {\n \"events.amazonaws.com\",\n },\n },\n },\n Resources = new[]\n {\n amplifyAppMasterTopic.Arn,\n },\n },\n },\n });\n\n var amplifyAppMasterTopicPolicy = new Aws.Sns.TopicPolicy(\"amplifyAppMasterTopicPolicy\", new()\n {\n Arn = amplifyAppMasterTopic.Arn,\n Policy = amplifyAppMasterPolicyDocument.Apply(getPolicyDocumentResult =\u003e getPolicyDocumentResult.Json),\n });\n\n var @this = new Aws.Sns.TopicSubscription(\"this\", new()\n {\n Topic = amplifyAppMasterTopic.Arn,\n Protocol = \"email\",\n Endpoint = \"user@acme.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\"encoding/json\"\n\"fmt\"\n\n\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/amplify\"\n\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/cloudwatch\"\n\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/iam\"\n\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/sns\"\n)\nfunc main() {\npulumi.Run(func(ctx *pulumi.Context) error {\nexample, err := amplify.NewApp(ctx, \"example\", nil)\nif err != nil {\nreturn err\n}\nmaster, err := amplify.NewBranch(ctx, \"master\", \u0026amplify.BranchArgs{\nAppId: example.ID(),\nBranchName: pulumi.String(\"master\"),\nEnableNotification: pulumi.Bool(true),\n})\nif err != nil {\nreturn err\n}\namplifyAppMasterEventRule, err := cloudwatch.NewEventRule(ctx, \"amplifyAppMasterEventRule\", \u0026cloudwatch.EventRuleArgs{\nDescription: master.BranchName.ApplyT(func(branchName string) (string, error) {\nreturn fmt.Sprintf(\"AWS Amplify build notifications for : App: %v Branch: %v\", aws_amplify_app.App.Id, branchName), nil\n}).(pulumi.StringOutput),\nEventPattern: pulumi.All(example.ID(),master.BranchName).ApplyT(func(_args []interface{}) (string, error) {\nid := _args[0].(string)\nbranchName := _args[1].(string)\nvar _zero string\ntmpJSON0, err := json.Marshal(map[string]interface{}{\n\"detail\": map[string]interface{}{\n\"appId\": []string{\nid,\n},\n\"branchName\": []string{\nbranchName,\n},\n\"jobStatus\": []string{\n\"SUCCEED\",\n\"FAILED\",\n\"STARTED\",\n},\n},\n\"detail-type\": []string{\n\"Amplify Deployment Status Change\",\n},\n\"source\": []string{\n\"aws.amplify\",\n},\n})\nif err != nil {\nreturn _zero, err\n}\njson0 := string(tmpJSON0)\nreturn json0, nil\n}).(pulumi.StringOutput),\n})\nif err != nil {\nreturn err\n}\namplifyAppMasterTopic, err := sns.NewTopic(ctx, \"amplifyAppMasterTopic\", nil)\nif err != nil {\nreturn err\n}\n_, err = cloudwatch.NewEventTarget(ctx, \"amplifyAppMasterEventTarget\", \u0026cloudwatch.EventTargetArgs{\nRule: amplifyAppMasterEventRule.Name,\nArn: amplifyAppMasterTopic.Arn,\nInputTransformer: \u0026cloudwatch.EventTargetInputTransformerArgs{\nInputPaths: pulumi.StringMap{\n\"jobId\": pulumi.String(\"$.detail.jobId\"),\n\"appId\": pulumi.String(\"$.detail.appId\"),\n\"region\": pulumi.String(\"$.region\"),\n\"branch\": pulumi.String(\"$.detail.branchName\"),\n\"status\": pulumi.String(\"$.detail.jobStatus\"),\n},\nInputTemplate: pulumi.String(\"\\\"Build notification from the AWS Amplify Console for app: https://\u003cbranch\u003e.\u003cappId\u003e.amplifyapp.com/. Your build status is \u003cstatus\u003e. Go to https://console.aws.amazon.com/amplify/home?region=\u003cregion\u003e#\u003cappId\u003e/\u003cbranch\u003e/\u003cjobId\u003e to view details on your build. \\\"\"),\n},\n})\nif err != nil {\nreturn err\n}\namplifyAppMasterPolicyDocument := pulumi.All(master.Arn,amplifyAppMasterTopic.Arn).ApplyT(func(_args []interface{}) (iam.GetPolicyDocumentResult, error) {\nmasterArn := _args[0].(string)\namplifyAppMasterTopicArn := _args[1].(string)\nreturn iam.GetPolicyDocumentOutput(ctx, iam.GetPolicyDocumentOutputArgs{\nStatements: []iam.GetPolicyDocumentStatement{\n{\nSid: fmt.Sprintf(\"Allow_Publish_Events %v\", masterArn),\nEffect: \"Allow\",\nActions: []string{\n\"SNS:Publish\",\n},\nPrincipals: []iam.GetPolicyDocumentStatementPrincipal{\n{\nType: \"Service\",\nIdentifiers: []string{\n\"events.amazonaws.com\",\n},\n},\n},\nResources: interface{}{\namplifyAppMasterTopicArn,\n},\n},\n},\n}, nil), nil\n}).(iam.GetPolicyDocumentResultOutput)\n_, err = sns.NewTopicPolicy(ctx, \"amplifyAppMasterTopicPolicy\", \u0026sns.TopicPolicyArgs{\nArn: amplifyAppMasterTopic.Arn,\nPolicy: amplifyAppMasterPolicyDocument.ApplyT(func(amplifyAppMasterPolicyDocument iam.GetPolicyDocumentResult) (*string, error) {\nreturn \u0026amplifyAppMasterPolicyDocument.Json, nil\n}).(pulumi.StringPtrOutput),\n})\nif err != nil {\nreturn err\n}\n_, err = sns.NewTopicSubscription(ctx, \"this\", \u0026sns.TopicSubscriptionArgs{\nTopic: amplifyAppMasterTopic.Arn,\nProtocol: pulumi.String(\"email\"),\nEndpoint: pulumi.String(\"user@acme.com\"),\n})\nif err != nil {\nreturn err\n}\nreturn nil\n})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.aws.amplify.App;\nimport com.pulumi.aws.amplify.Branch;\nimport com.pulumi.aws.amplify.BranchArgs;\nimport com.pulumi.aws.cloudwatch.EventRule;\nimport com.pulumi.aws.cloudwatch.EventRuleArgs;\nimport com.pulumi.aws.sns.Topic;\nimport com.pulumi.aws.cloudwatch.EventTarget;\nimport com.pulumi.aws.cloudwatch.EventTargetArgs;\nimport com.pulumi.aws.cloudwatch.inputs.EventTargetInputTransformerArgs;\nimport com.pulumi.aws.iam.IamFunctions;\nimport com.pulumi.aws.iam.inputs.GetPolicyDocumentArgs;\nimport com.pulumi.aws.sns.TopicPolicy;\nimport com.pulumi.aws.sns.TopicPolicyArgs;\nimport com.pulumi.aws.sns.TopicSubscription;\nimport com.pulumi.aws.sns.TopicSubscriptionArgs;\nimport static com.pulumi.codegen.internal.Serialization.*;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var example = new App(\"example\");\n\n var master = new Branch(\"master\", BranchArgs.builder() \n .appId(example.id())\n .branchName(\"master\")\n .enableNotification(true)\n .build());\n\n var amplifyAppMasterEventRule = new EventRule(\"amplifyAppMasterEventRule\", EventRuleArgs.builder() \n .description(master.branchName().applyValue(branchName -\u003e String.format(\"AWS Amplify build notifications for : App: %s Branch: %s\", aws_amplify_app.app().id(),branchName)))\n .eventPattern(Output.tuple(example.id(), master.branchName()).applyValue(values -\u003e {\n var id = values.t1;\n var branchName = values.t2;\n return serializeJson(\n jsonObject(\n jsonProperty(\"detail\", jsonObject(\n jsonProperty(\"appId\", jsonArray(id)),\n jsonProperty(\"branchName\", jsonArray(branchName)),\n jsonProperty(\"jobStatus\", jsonArray(\n \"SUCCEED\", \n \"FAILED\", \n \"STARTED\"\n ))\n )),\n jsonProperty(\"detail-type\", jsonArray(\"Amplify Deployment Status Change\")),\n jsonProperty(\"source\", jsonArray(\"aws.amplify\"))\n ));\n }))\n .build());\n\n var amplifyAppMasterTopic = new Topic(\"amplifyAppMasterTopic\");\n\n var amplifyAppMasterEventTarget = new EventTarget(\"amplifyAppMasterEventTarget\", EventTargetArgs.builder() \n .rule(amplifyAppMasterEventRule.name())\n .arn(amplifyAppMasterTopic.arn())\n .inputTransformer(EventTargetInputTransformerArgs.builder()\n .inputPaths(Map.ofEntries(\n Map.entry(\"jobId\", \"$.detail.jobId\"),\n Map.entry(\"appId\", \"$.detail.appId\"),\n Map.entry(\"region\", \"$.region\"),\n Map.entry(\"branch\", \"$.detail.branchName\"),\n Map.entry(\"status\", \"$.detail.jobStatus\")\n ))\n .inputTemplate(\"\\\"Build notification from the AWS Amplify Console for app: https://\u003cbranch\u003e.\u003cappId\u003e.amplifyapp.com/. Your build status is \u003cstatus\u003e. Go to https://console.aws.amazon.com/amplify/home?region=\u003cregion\u003e#\u003cappId\u003e/\u003cbranch\u003e/\u003cjobId\u003e to view details on your build. \\\"\")\n .build())\n .build());\n\n final var amplifyAppMasterPolicyDocument = IamFunctions.getPolicyDocument(GetPolicyDocumentArgs.builder()\n .statements(GetPolicyDocumentStatementArgs.builder()\n .sid(master.arn().applyValue(arn -\u003e String.format(\"Allow_Publish_Events %s\", arn)))\n .effect(\"Allow\")\n .actions(\"SNS:Publish\")\n .principals(GetPolicyDocumentStatementPrincipalArgs.builder()\n .type(\"Service\")\n .identifiers(\"events.amazonaws.com\")\n .build())\n .resources(amplifyAppMasterTopic.arn())\n .build())\n .build());\n\n var amplifyAppMasterTopicPolicy = new TopicPolicy(\"amplifyAppMasterTopicPolicy\", TopicPolicyArgs.builder() \n .arn(amplifyAppMasterTopic.arn())\n .policy(amplifyAppMasterPolicyDocument.applyValue(getPolicyDocumentResult -\u003e getPolicyDocumentResult).applyValue(amplifyAppMasterPolicyDocument -\u003e amplifyAppMasterPolicyDocument.applyValue(getPolicyDocumentResult -\u003e getPolicyDocumentResult.json())))\n .build());\n\n var this_ = new TopicSubscription(\"this\", TopicSubscriptionArgs.builder() \n .topic(amplifyAppMasterTopic.arn())\n .protocol(\"email\")\n .endpoint(\"user@acme.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n example:\n type: aws:amplify:App\n master: # EventBridge Rule for Amplify notifications\n type: aws:amplify:Branch\n properties:\n appId: ${example.id}\n branchName: master\n # Enable SNS notifications.\n enableNotification: true\n amplifyAppMasterEventRule:\n type: aws:cloudwatch:EventRule\n properties:\n description: 'AWS Amplify build notifications for : App: ${aws_amplify_app.app.id} Branch: ${master.branchName}'\n eventPattern:\n fn::toJSON:\n detail:\n appId:\n - ${example.id}\n branchName:\n - ${master.branchName}\n jobStatus:\n - SUCCEED\n - FAILED\n - STARTED\n detail-type:\n - Amplify Deployment Status Change\n source:\n - aws.amplify\n amplifyAppMasterEventTarget: # SNS Topic for Amplify notifications\n type: aws:cloudwatch:EventTarget\n properties:\n rule: ${amplifyAppMasterEventRule.name}\n arn: ${amplifyAppMasterTopic.arn}\n inputTransformer:\n inputPaths:\n jobId: $.detail.jobId\n appId: $.detail.appId\n region: $.region\n branch: $.detail.branchName\n status: $.detail.jobStatus\n inputTemplate: '\"Build notification from the AWS Amplify Console for app: https://\u003cbranch\u003e.\u003cappId\u003e.amplifyapp.com/. Your build status is \u003cstatus\u003e. Go to https://console.aws.amazon.com/amplify/home?region=\u003cregion\u003e#\u003cappId\u003e/\u003cbranch\u003e/\u003cjobId\u003e to view details on your build. \"'\n amplifyAppMasterTopic:\n type: aws:sns:Topic\n amplifyAppMasterTopicPolicy:\n type: aws:sns:TopicPolicy\n properties:\n arn: ${amplifyAppMasterTopic.arn}\n policy: ${amplifyAppMasterPolicyDocument.json}\n this:\n type: aws:sns:TopicSubscription\n properties:\n topic: ${amplifyAppMasterTopic.arn}\n protocol: email\n endpoint: user@acme.com\nvariables:\n amplifyAppMasterPolicyDocument:\n fn::invoke:\n Function: aws:iam:getPolicyDocument\n Arguments:\n statements:\n - sid: Allow_Publish_Events ${master.arn}\n effect: Allow\n actions:\n - SNS:Publish\n principals:\n - type: Service\n identifiers:\n - events.amazonaws.com\n resources:\n - ${amplifyAppMasterTopic.arn}\n```\n{{% /example %}}\n{{% /examples %}}\n\n## Import\n\nterraform import {\n\n to = aws_amplify_branch.master\n\n id = \"d2ypk4k47z8u6/master\" } Using `pulumi import`, import Amplify branch using `app_id` and `branch_name`. For exampleconsole % pulumi import aws_amplify_branch.master d2ypk4k47z8u6/master ", + "description": "Provides an Amplify Branch resource.\n\n{{% examples %}}\n## Example Usage\n{{% example %}}\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst example = new aws.amplify.App(\"example\", {});\nconst master = new aws.amplify.Branch(\"master\", {\n appId: example.id,\n branchName: \"master\",\n framework: \"React\",\n stage: \"PRODUCTION\",\n environmentVariables: {\n REACT_APP_API_SERVER: \"https://api.example.com\",\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nexample = aws.amplify.App(\"example\")\nmaster = aws.amplify.Branch(\"master\",\n app_id=example.id,\n branch_name=\"master\",\n framework=\"React\",\n stage=\"PRODUCTION\",\n environment_variables={\n \"REACT_APP_API_SERVER\": \"https://api.example.com\",\n })\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var example = new Aws.Amplify.App(\"example\");\n\n var master = new Aws.Amplify.Branch(\"master\", new()\n {\n AppId = example.Id,\n BranchName = \"master\",\n Framework = \"React\",\n Stage = \"PRODUCTION\",\n EnvironmentVariables = \n {\n { \"REACT_APP_API_SERVER\", \"https://api.example.com\" },\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/amplify\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\texample, err := amplify.NewApp(ctx, \"example\", nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = amplify.NewBranch(ctx, \"master\", \u0026amplify.BranchArgs{\n\t\t\tAppId: example.ID(),\n\t\t\tBranchName: pulumi.String(\"master\"),\n\t\t\tFramework: pulumi.String(\"React\"),\n\t\t\tStage: pulumi.String(\"PRODUCTION\"),\n\t\t\tEnvironmentVariables: pulumi.StringMap{\n\t\t\t\t\"REACT_APP_API_SERVER\": pulumi.String(\"https://api.example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.aws.amplify.App;\nimport com.pulumi.aws.amplify.Branch;\nimport com.pulumi.aws.amplify.BranchArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var example = new App(\"example\");\n\n var master = new Branch(\"master\", BranchArgs.builder() \n .appId(example.id())\n .branchName(\"master\")\n .framework(\"React\")\n .stage(\"PRODUCTION\")\n .environmentVariables(Map.of(\"REACT_APP_API_SERVER\", \"https://api.example.com\"))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n example:\n type: aws:amplify:App\n master:\n type: aws:amplify:Branch\n properties:\n appId: ${example.id}\n branchName: master\n framework: React\n stage: PRODUCTION\n environmentVariables:\n REACT_APP_API_SERVER: https://api.example.com\n```\n{{% /example %}}\n{{% example %}}\n### Notifications\n\nAmplify Console uses EventBridge (formerly known as CloudWatch Events) and SNS for email notifications. To implement the same functionality, you need to set `enable_notification` in a `aws.amplify.Branch` resource, as well as creating an EventBridge Rule, an SNS topic, and SNS subscriptions.\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst example = new aws.amplify.App(\"example\", {});\nconst master = new aws.amplify.Branch(\"master\", {\n appId: example.id,\n branchName: \"master\",\n enableNotification: true,\n});\n// EventBridge Rule for Amplify notifications\nconst amplifyAppMasterEventRule = new aws.cloudwatch.EventRule(\"amplifyAppMasterEventRule\", {\n description: pulumi.interpolate`AWS Amplify build notifications for : App: ${aws_amplify_app.app.id} Branch: ${master.branchName}`,\n eventPattern: pulumi.all([example.id, master.branchName]).apply(([id, branchName]) =\u003e JSON.stringify({\n detail: {\n appId: [id],\n branchName: [branchName],\n jobStatus: [\n \"SUCCEED\",\n \"FAILED\",\n \"STARTED\",\n ],\n },\n \"detail-type\": [\"Amplify Deployment Status Change\"],\n source: [\"aws.amplify\"],\n })),\n});\nconst amplifyAppMasterTopic = new aws.sns.Topic(\"amplifyAppMasterTopic\", {});\nconst amplifyAppMasterEventTarget = new aws.cloudwatch.EventTarget(\"amplifyAppMasterEventTarget\", {\n rule: amplifyAppMasterEventRule.name,\n arn: amplifyAppMasterTopic.arn,\n inputTransformer: {\n inputPaths: {\n jobId: \"$.detail.jobId\",\n appId: \"$.detail.appId\",\n region: \"$.region\",\n branch: \"$.detail.branchName\",\n status: \"$.detail.jobStatus\",\n },\n inputTemplate: \"\\\"Build notification from the AWS Amplify Console for app: https://\u003cbranch\u003e.\u003cappId\u003e.amplifyapp.com/. Your build status is \u003cstatus\u003e. Go to https://console.aws.amazon.com/amplify/home?region=\u003cregion\u003e#\u003cappId\u003e/\u003cbranch\u003e/\u003cjobId\u003e to view details on your build. \\\"\",\n },\n});\n// SNS Topic for Amplify notifications\nconst amplifyAppMasterPolicyDocument = pulumi.all([master.arn, amplifyAppMasterTopic.arn]).apply(([masterArn, amplifyAppMasterTopicArn]) =\u003e aws.iam.getPolicyDocumentOutput({\n statements: [{\n sid: `Allow_Publish_Events ${masterArn}`,\n effect: \"Allow\",\n actions: [\"SNS:Publish\"],\n principals: [{\n type: \"Service\",\n identifiers: [\"events.amazonaws.com\"],\n }],\n resources: [amplifyAppMasterTopicArn],\n }],\n}));\nconst amplifyAppMasterTopicPolicy = new aws.sns.TopicPolicy(\"amplifyAppMasterTopicPolicy\", {\n arn: amplifyAppMasterTopic.arn,\n policy: amplifyAppMasterPolicyDocument.apply(amplifyAppMasterPolicyDocument =\u003e amplifyAppMasterPolicyDocument.json),\n});\nconst _this = new aws.sns.TopicSubscription(\"this\", {\n topic: amplifyAppMasterTopic.arn,\n protocol: \"email\",\n endpoint: \"user@acme.com\",\n});\n```\n```python\nimport pulumi\nimport json\nimport pulumi_aws as aws\n\nexample = aws.amplify.App(\"example\")\nmaster = aws.amplify.Branch(\"master\",\n app_id=example.id,\n branch_name=\"master\",\n enable_notification=True)\n# EventBridge Rule for Amplify notifications\namplify_app_master_event_rule = aws.cloudwatch.EventRule(\"amplifyAppMasterEventRule\",\n description=master.branch_name.apply(lambda branch_name: f\"AWS Amplify build notifications for : App: {aws_amplify_app['app']['id']} Branch: {branch_name}\"),\n event_pattern=pulumi.Output.all(example.id, master.branch_name).apply(lambda id, branch_name: json.dumps({\n \"detail\": {\n \"appId\": [id],\n \"branchName\": [branch_name],\n \"jobStatus\": [\n \"SUCCEED\",\n \"FAILED\",\n \"STARTED\",\n ],\n },\n \"detail-type\": [\"Amplify Deployment Status Change\"],\n \"source\": [\"aws.amplify\"],\n })))\namplify_app_master_topic = aws.sns.Topic(\"amplifyAppMasterTopic\")\namplify_app_master_event_target = aws.cloudwatch.EventTarget(\"amplifyAppMasterEventTarget\",\n rule=amplify_app_master_event_rule.name,\n arn=amplify_app_master_topic.arn,\n input_transformer=aws.cloudwatch.EventTargetInputTransformerArgs(\n input_paths={\n \"jobId\": \"$.detail.jobId\",\n \"appId\": \"$.detail.appId\",\n \"region\": \"$.region\",\n \"branch\": \"$.detail.branchName\",\n \"status\": \"$.detail.jobStatus\",\n },\n input_template=\"\\\"Build notification from the AWS Amplify Console for app: https://\u003cbranch\u003e.\u003cappId\u003e.amplifyapp.com/. Your build status is \u003cstatus\u003e. Go to https://console.aws.amazon.com/amplify/home?region=\u003cregion\u003e#\u003cappId\u003e/\u003cbranch\u003e/\u003cjobId\u003e to view details on your build. \\\"\",\n ))\n# SNS Topic for Amplify notifications\namplify_app_master_policy_document = pulumi.Output.all(master.arn, amplify_app_master_topic.arn).apply(lambda masterArn, amplifyAppMasterTopicArn: aws.iam.get_policy_document_output(statements=[aws.iam.GetPolicyDocumentStatementArgs(\n sid=f\"Allow_Publish_Events {master_arn}\",\n effect=\"Allow\",\n actions=[\"SNS:Publish\"],\n principals=[aws.iam.GetPolicyDocumentStatementPrincipalArgs(\n type=\"Service\",\n identifiers=[\"events.amazonaws.com\"],\n )],\n resources=[amplify_app_master_topic_arn],\n)]))\namplify_app_master_topic_policy = aws.sns.TopicPolicy(\"amplifyAppMasterTopicPolicy\",\n arn=amplify_app_master_topic.arn,\n policy=amplify_app_master_policy_document.json)\nthis = aws.sns.TopicSubscription(\"this\",\n topic=amplify_app_master_topic.arn,\n protocol=\"email\",\n endpoint=\"user@acme.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing System.Text.Json;\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var example = new Aws.Amplify.App(\"example\");\n\n var master = new Aws.Amplify.Branch(\"master\", new()\n {\n AppId = example.Id,\n BranchName = \"master\",\n EnableNotification = true,\n });\n\n // EventBridge Rule for Amplify notifications\n var amplifyAppMasterEventRule = new Aws.CloudWatch.EventRule(\"amplifyAppMasterEventRule\", new()\n {\n Description = master.BranchName.Apply(branchName =\u003e $\"AWS Amplify build notifications for : App: {aws_amplify_app.App.Id} Branch: {branchName}\"),\n EventPattern = Output.Tuple(example.Id, master.BranchName).Apply(values =\u003e\n {\n var id = values.Item1;\n var branchName = values.Item2;\n return JsonSerializer.Serialize(new Dictionary\u003cstring, object?\u003e\n {\n [\"detail\"] = new Dictionary\u003cstring, object?\u003e\n {\n [\"appId\"] = new[]\n {\n id,\n },\n [\"branchName\"] = new[]\n {\n branchName,\n },\n [\"jobStatus\"] = new[]\n {\n \"SUCCEED\",\n \"FAILED\",\n \"STARTED\",\n },\n },\n [\"detail-type\"] = new[]\n {\n \"Amplify Deployment Status Change\",\n },\n [\"source\"] = new[]\n {\n \"aws.amplify\",\n },\n });\n }),\n });\n\n var amplifyAppMasterTopic = new Aws.Sns.Topic(\"amplifyAppMasterTopic\");\n\n var amplifyAppMasterEventTarget = new Aws.CloudWatch.EventTarget(\"amplifyAppMasterEventTarget\", new()\n {\n Rule = amplifyAppMasterEventRule.Name,\n Arn = amplifyAppMasterTopic.Arn,\n InputTransformer = new Aws.CloudWatch.Inputs.EventTargetInputTransformerArgs\n {\n InputPaths = \n {\n { \"jobId\", \"$.detail.jobId\" },\n { \"appId\", \"$.detail.appId\" },\n { \"region\", \"$.region\" },\n { \"branch\", \"$.detail.branchName\" },\n { \"status\", \"$.detail.jobStatus\" },\n },\n InputTemplate = \"\\\"Build notification from the AWS Amplify Console for app: https://\u003cbranch\u003e.\u003cappId\u003e.amplifyapp.com/. Your build status is \u003cstatus\u003e. Go to https://console.aws.amazon.com/amplify/home?region=\u003cregion\u003e#\u003cappId\u003e/\u003cbranch\u003e/\u003cjobId\u003e to view details on your build. \\\"\",\n },\n });\n\n // SNS Topic for Amplify notifications\n var amplifyAppMasterPolicyDocument = Aws.Iam.GetPolicyDocument.Invoke(new()\n {\n Statements = new[]\n {\n new Aws.Iam.Inputs.GetPolicyDocumentStatementInputArgs\n {\n Sid = $\"Allow_Publish_Events {master.Arn}\",\n Effect = \"Allow\",\n Actions = new[]\n {\n \"SNS:Publish\",\n },\n Principals = new[]\n {\n new Aws.Iam.Inputs.GetPolicyDocumentStatementPrincipalInputArgs\n {\n Type = \"Service\",\n Identifiers = new[]\n {\n \"events.amazonaws.com\",\n },\n },\n },\n Resources = new[]\n {\n amplifyAppMasterTopic.Arn,\n },\n },\n },\n });\n\n var amplifyAppMasterTopicPolicy = new Aws.Sns.TopicPolicy(\"amplifyAppMasterTopicPolicy\", new()\n {\n Arn = amplifyAppMasterTopic.Arn,\n Policy = amplifyAppMasterPolicyDocument.Apply(getPolicyDocumentResult =\u003e getPolicyDocumentResult.Json),\n });\n\n var @this = new Aws.Sns.TopicSubscription(\"this\", new()\n {\n Topic = amplifyAppMasterTopic.Arn,\n Protocol = \"email\",\n Endpoint = \"user@acme.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"encoding/json\"\n\t\"fmt\"\n\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/amplify\"\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/cloudwatch\"\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/iam\"\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/sns\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\nfunc main() {\npulumi.Run(func(ctx *pulumi.Context) error {\nexample, err := amplify.NewApp(ctx, \"example\", nil)\nif err != nil {\nreturn err\n}\nmaster, err := amplify.NewBranch(ctx, \"master\", \u0026amplify.BranchArgs{\nAppId: example.ID(),\nBranchName: pulumi.String(\"master\"),\nEnableNotification: pulumi.Bool(true),\n})\nif err != nil {\nreturn err\n}\namplifyAppMasterEventRule, err := cloudwatch.NewEventRule(ctx, \"amplifyAppMasterEventRule\", \u0026cloudwatch.EventRuleArgs{\nDescription: master.BranchName.ApplyT(func(branchName string) (string, error) {\nreturn fmt.Sprintf(\"AWS Amplify build notifications for : App: %v Branch: %v\", aws_amplify_app.App.Id, branchName), nil\n}).(pulumi.StringOutput),\nEventPattern: pulumi.All(example.ID(),master.BranchName).ApplyT(func(_args []interface{}) (string, error) {\nid := _args[0].(string)\nbranchName := _args[1].(string)\nvar _zero string\ntmpJSON0, err := json.Marshal(map[string]interface{}{\n\"detail\": map[string]interface{}{\n\"appId\": []string{\nid,\n},\n\"branchName\": []string{\nbranchName,\n},\n\"jobStatus\": []string{\n\"SUCCEED\",\n\"FAILED\",\n\"STARTED\",\n},\n},\n\"detail-type\": []string{\n\"Amplify Deployment Status Change\",\n},\n\"source\": []string{\n\"aws.amplify\",\n},\n})\nif err != nil {\nreturn _zero, err\n}\njson0 := string(tmpJSON0)\nreturn json0, nil\n}).(pulumi.StringOutput),\n})\nif err != nil {\nreturn err\n}\namplifyAppMasterTopic, err := sns.NewTopic(ctx, \"amplifyAppMasterTopic\", nil)\nif err != nil {\nreturn err\n}\n_, err = cloudwatch.NewEventTarget(ctx, \"amplifyAppMasterEventTarget\", \u0026cloudwatch.EventTargetArgs{\nRule: amplifyAppMasterEventRule.Name,\nArn: amplifyAppMasterTopic.Arn,\nInputTransformer: \u0026cloudwatch.EventTargetInputTransformerArgs{\nInputPaths: pulumi.StringMap{\n\"jobId\": pulumi.String(\"$.detail.jobId\"),\n\"appId\": pulumi.String(\"$.detail.appId\"),\n\"region\": pulumi.String(\"$.region\"),\n\"branch\": pulumi.String(\"$.detail.branchName\"),\n\"status\": pulumi.String(\"$.detail.jobStatus\"),\n},\nInputTemplate: pulumi.String(\"\\\"Build notification from the AWS Amplify Console for app: https://\u003cbranch\u003e.\u003cappId\u003e.amplifyapp.com/. Your build status is \u003cstatus\u003e. Go to https://console.aws.amazon.com/amplify/home?region=\u003cregion\u003e#\u003cappId\u003e/\u003cbranch\u003e/\u003cjobId\u003e to view details on your build. \\\"\"),\n},\n})\nif err != nil {\nreturn err\n}\namplifyAppMasterPolicyDocument := pulumi.All(master.Arn,amplifyAppMasterTopic.Arn).ApplyT(func(_args []interface{}) (iam.GetPolicyDocumentResult, error) {\nmasterArn := _args[0].(string)\namplifyAppMasterTopicArn := _args[1].(string)\nreturn iam.GetPolicyDocumentOutput(ctx, iam.GetPolicyDocumentOutputArgs{\nStatements: []iam.GetPolicyDocumentStatement{\n{\nSid: fmt.Sprintf(\"Allow_Publish_Events %v\", masterArn),\nEffect: \"Allow\",\nActions: []string{\n\"SNS:Publish\",\n},\nPrincipals: []iam.GetPolicyDocumentStatementPrincipal{\n{\nType: \"Service\",\nIdentifiers: []string{\n\"events.amazonaws.com\",\n},\n},\n},\nResources: interface{}{\namplifyAppMasterTopicArn,\n},\n},\n},\n}, nil), nil\n}).(iam.GetPolicyDocumentResultOutput)\n_, err = sns.NewTopicPolicy(ctx, \"amplifyAppMasterTopicPolicy\", \u0026sns.TopicPolicyArgs{\nArn: amplifyAppMasterTopic.Arn,\nPolicy: amplifyAppMasterPolicyDocument.ApplyT(func(amplifyAppMasterPolicyDocument iam.GetPolicyDocumentResult) (*string, error) {\nreturn \u0026amplifyAppMasterPolicyDocument.Json, nil\n}).(pulumi.StringPtrOutput),\n})\nif err != nil {\nreturn err\n}\n_, err = sns.NewTopicSubscription(ctx, \"this\", \u0026sns.TopicSubscriptionArgs{\nTopic: amplifyAppMasterTopic.Arn,\nProtocol: pulumi.String(\"email\"),\nEndpoint: pulumi.String(\"user@acme.com\"),\n})\nif err != nil {\nreturn err\n}\nreturn nil\n})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.aws.amplify.App;\nimport com.pulumi.aws.amplify.Branch;\nimport com.pulumi.aws.amplify.BranchArgs;\nimport com.pulumi.aws.cloudwatch.EventRule;\nimport com.pulumi.aws.cloudwatch.EventRuleArgs;\nimport com.pulumi.aws.sns.Topic;\nimport com.pulumi.aws.cloudwatch.EventTarget;\nimport com.pulumi.aws.cloudwatch.EventTargetArgs;\nimport com.pulumi.aws.cloudwatch.inputs.EventTargetInputTransformerArgs;\nimport com.pulumi.aws.iam.IamFunctions;\nimport com.pulumi.aws.iam.inputs.GetPolicyDocumentArgs;\nimport com.pulumi.aws.sns.TopicPolicy;\nimport com.pulumi.aws.sns.TopicPolicyArgs;\nimport com.pulumi.aws.sns.TopicSubscription;\nimport com.pulumi.aws.sns.TopicSubscriptionArgs;\nimport static com.pulumi.codegen.internal.Serialization.*;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var example = new App(\"example\");\n\n var master = new Branch(\"master\", BranchArgs.builder() \n .appId(example.id())\n .branchName(\"master\")\n .enableNotification(true)\n .build());\n\n var amplifyAppMasterEventRule = new EventRule(\"amplifyAppMasterEventRule\", EventRuleArgs.builder() \n .description(master.branchName().applyValue(branchName -\u003e String.format(\"AWS Amplify build notifications for : App: %s Branch: %s\", aws_amplify_app.app().id(),branchName)))\n .eventPattern(Output.tuple(example.id(), master.branchName()).applyValue(values -\u003e {\n var id = values.t1;\n var branchName = values.t2;\n return serializeJson(\n jsonObject(\n jsonProperty(\"detail\", jsonObject(\n jsonProperty(\"appId\", jsonArray(id)),\n jsonProperty(\"branchName\", jsonArray(branchName)),\n jsonProperty(\"jobStatus\", jsonArray(\n \"SUCCEED\", \n \"FAILED\", \n \"STARTED\"\n ))\n )),\n jsonProperty(\"detail-type\", jsonArray(\"Amplify Deployment Status Change\")),\n jsonProperty(\"source\", jsonArray(\"aws.amplify\"))\n ));\n }))\n .build());\n\n var amplifyAppMasterTopic = new Topic(\"amplifyAppMasterTopic\");\n\n var amplifyAppMasterEventTarget = new EventTarget(\"amplifyAppMasterEventTarget\", EventTargetArgs.builder() \n .rule(amplifyAppMasterEventRule.name())\n .arn(amplifyAppMasterTopic.arn())\n .inputTransformer(EventTargetInputTransformerArgs.builder()\n .inputPaths(Map.ofEntries(\n Map.entry(\"jobId\", \"$.detail.jobId\"),\n Map.entry(\"appId\", \"$.detail.appId\"),\n Map.entry(\"region\", \"$.region\"),\n Map.entry(\"branch\", \"$.detail.branchName\"),\n Map.entry(\"status\", \"$.detail.jobStatus\")\n ))\n .inputTemplate(\"\\\"Build notification from the AWS Amplify Console for app: https://\u003cbranch\u003e.\u003cappId\u003e.amplifyapp.com/. Your build status is \u003cstatus\u003e. Go to https://console.aws.amazon.com/amplify/home?region=\u003cregion\u003e#\u003cappId\u003e/\u003cbranch\u003e/\u003cjobId\u003e to view details on your build. \\\"\")\n .build())\n .build());\n\n final var amplifyAppMasterPolicyDocument = IamFunctions.getPolicyDocument(GetPolicyDocumentArgs.builder()\n .statements(GetPolicyDocumentStatementArgs.builder()\n .sid(master.arn().applyValue(arn -\u003e String.format(\"Allow_Publish_Events %s\", arn)))\n .effect(\"Allow\")\n .actions(\"SNS:Publish\")\n .principals(GetPolicyDocumentStatementPrincipalArgs.builder()\n .type(\"Service\")\n .identifiers(\"events.amazonaws.com\")\n .build())\n .resources(amplifyAppMasterTopic.arn())\n .build())\n .build());\n\n var amplifyAppMasterTopicPolicy = new TopicPolicy(\"amplifyAppMasterTopicPolicy\", TopicPolicyArgs.builder() \n .arn(amplifyAppMasterTopic.arn())\n .policy(amplifyAppMasterPolicyDocument.applyValue(getPolicyDocumentResult -\u003e getPolicyDocumentResult).applyValue(amplifyAppMasterPolicyDocument -\u003e amplifyAppMasterPolicyDocument.applyValue(getPolicyDocumentResult -\u003e getPolicyDocumentResult.json())))\n .build());\n\n var this_ = new TopicSubscription(\"this\", TopicSubscriptionArgs.builder() \n .topic(amplifyAppMasterTopic.arn())\n .protocol(\"email\")\n .endpoint(\"user@acme.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n example:\n type: aws:amplify:App\n master: # EventBridge Rule for Amplify notifications\n type: aws:amplify:Branch\n properties:\n appId: ${example.id}\n branchName: master\n # Enable SNS notifications.\n enableNotification: true\n amplifyAppMasterEventRule:\n type: aws:cloudwatch:EventRule\n properties:\n description: 'AWS Amplify build notifications for : App: ${aws_amplify_app.app.id} Branch: ${master.branchName}'\n eventPattern:\n fn::toJSON:\n detail:\n appId:\n - ${example.id}\n branchName:\n - ${master.branchName}\n jobStatus:\n - SUCCEED\n - FAILED\n - STARTED\n detail-type:\n - Amplify Deployment Status Change\n source:\n - aws.amplify\n amplifyAppMasterEventTarget: # SNS Topic for Amplify notifications\n type: aws:cloudwatch:EventTarget\n properties:\n rule: ${amplifyAppMasterEventRule.name}\n arn: ${amplifyAppMasterTopic.arn}\n inputTransformer:\n inputPaths:\n jobId: $.detail.jobId\n appId: $.detail.appId\n region: $.region\n branch: $.detail.branchName\n status: $.detail.jobStatus\n inputTemplate: '\"Build notification from the AWS Amplify Console for app: https://\u003cbranch\u003e.\u003cappId\u003e.amplifyapp.com/. Your build status is \u003cstatus\u003e. Go to https://console.aws.amazon.com/amplify/home?region=\u003cregion\u003e#\u003cappId\u003e/\u003cbranch\u003e/\u003cjobId\u003e to view details on your build. \"'\n amplifyAppMasterTopic:\n type: aws:sns:Topic\n amplifyAppMasterTopicPolicy:\n type: aws:sns:TopicPolicy\n properties:\n arn: ${amplifyAppMasterTopic.arn}\n policy: ${amplifyAppMasterPolicyDocument.json}\n this:\n type: aws:sns:TopicSubscription\n properties:\n topic: ${amplifyAppMasterTopic.arn}\n protocol: email\n endpoint: user@acme.com\nvariables:\n amplifyAppMasterPolicyDocument:\n fn::invoke:\n Function: aws:iam:getPolicyDocument\n Arguments:\n statements:\n - sid: Allow_Publish_Events ${master.arn}\n effect: Allow\n actions:\n - SNS:Publish\n principals:\n - type: Service\n identifiers:\n - events.amazonaws.com\n resources:\n - ${amplifyAppMasterTopic.arn}\n```\n{{% /example %}}\n{{% /examples %}}\n\n## Import\n\nterraform import {\n\n to = aws_amplify_branch.master\n\n id = \"d2ypk4k47z8u6/master\" } Using `pulumi import`, import Amplify branch using `app_id` and `branch_name`. For exampleconsole % pulumi import aws_amplify_branch.master d2ypk4k47z8u6/master ", "properties": { "appId": { "type": "string", @@ -141665,7 +141662,7 @@ } }, "aws:backup/vaultNotifications:VaultNotifications": { - "description": "Provides an AWS Backup vault notifications resource.\n\n{{% examples %}}\n## Example Usage\n{{% example %}}\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst testTopic = new aws.sns.Topic(\"testTopic\", {});\nconst testPolicyDocument = testTopic.arn.apply(arn =\u003e aws.iam.getPolicyDocumentOutput({\n policyId: \"__default_policy_ID\",\n statements: [{\n actions: [\"SNS:Publish\"],\n effect: \"Allow\",\n principals: [{\n type: \"Service\",\n identifiers: [\"backup.amazonaws.com\"],\n }],\n resources: [arn],\n sid: \"__default_statement_ID\",\n }],\n}));\nconst testTopicPolicy = new aws.sns.TopicPolicy(\"testTopicPolicy\", {\n arn: testTopic.arn,\n policy: testPolicyDocument.apply(testPolicyDocument =\u003e testPolicyDocument.json),\n});\nconst testVaultNotifications = new aws.backup.VaultNotifications(\"testVaultNotifications\", {\n backupVaultName: \"example_backup_vault\",\n snsTopicArn: testTopic.arn,\n backupVaultEvents: [\n \"BACKUP_JOB_STARTED\",\n \"RESTORE_JOB_COMPLETED\",\n ],\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\ntest_topic = aws.sns.Topic(\"testTopic\")\ntest_policy_document = test_topic.arn.apply(lambda arn: aws.iam.get_policy_document_output(policy_id=\"__default_policy_ID\",\n statements=[aws.iam.GetPolicyDocumentStatementArgs(\n actions=[\"SNS:Publish\"],\n effect=\"Allow\",\n principals=[aws.iam.GetPolicyDocumentStatementPrincipalArgs(\n type=\"Service\",\n identifiers=[\"backup.amazonaws.com\"],\n )],\n resources=[arn],\n sid=\"__default_statement_ID\",\n )]))\ntest_topic_policy = aws.sns.TopicPolicy(\"testTopicPolicy\",\n arn=test_topic.arn,\n policy=test_policy_document.json)\ntest_vault_notifications = aws.backup.VaultNotifications(\"testVaultNotifications\",\n backup_vault_name=\"example_backup_vault\",\n sns_topic_arn=test_topic.arn,\n backup_vault_events=[\n \"BACKUP_JOB_STARTED\",\n \"RESTORE_JOB_COMPLETED\",\n ])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var testTopic = new Aws.Sns.Topic(\"testTopic\");\n\n var testPolicyDocument = Aws.Iam.GetPolicyDocument.Invoke(new()\n {\n PolicyId = \"__default_policy_ID\",\n Statements = new[]\n {\n new Aws.Iam.Inputs.GetPolicyDocumentStatementInputArgs\n {\n Actions = new[]\n {\n \"SNS:Publish\",\n },\n Effect = \"Allow\",\n Principals = new[]\n {\n new Aws.Iam.Inputs.GetPolicyDocumentStatementPrincipalInputArgs\n {\n Type = \"Service\",\n Identifiers = new[]\n {\n \"backup.amazonaws.com\",\n },\n },\n },\n Resources = new[]\n {\n testTopic.Arn,\n },\n Sid = \"__default_statement_ID\",\n },\n },\n });\n\n var testTopicPolicy = new Aws.Sns.TopicPolicy(\"testTopicPolicy\", new()\n {\n Arn = testTopic.Arn,\n Policy = testPolicyDocument.Apply(getPolicyDocumentResult =\u003e getPolicyDocumentResult.Json),\n });\n\n var testVaultNotifications = new Aws.Backup.VaultNotifications(\"testVaultNotifications\", new()\n {\n BackupVaultName = \"example_backup_vault\",\n SnsTopicArn = testTopic.Arn,\n BackupVaultEvents = new[]\n {\n \"BACKUP_JOB_STARTED\",\n \"RESTORE_JOB_COMPLETED\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\n\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/backup\"\n\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/iam\"\n\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/sns\"\n)\nfunc main() {\npulumi.Run(func(ctx *pulumi.Context) error {\ntestTopic, err := sns.NewTopic(ctx, \"testTopic\", nil)\nif err != nil {\nreturn err\n}\ntestPolicyDocument := testTopic.Arn.ApplyT(func(arn string) (iam.GetPolicyDocumentResult, error) {\nreturn iam.GetPolicyDocumentOutput(ctx, iam.GetPolicyDocumentOutputArgs{\nPolicyId: \"__default_policy_ID\",\nStatements: []iam.GetPolicyDocumentStatement{\n{\nActions: []string{\n\"SNS:Publish\",\n},\nEffect: \"Allow\",\nPrincipals: []iam.GetPolicyDocumentStatementPrincipal{\n{\nType: \"Service\",\nIdentifiers: []string{\n\"backup.amazonaws.com\",\n},\n},\n},\nResources: interface{}{\narn,\n},\nSid: \"__default_statement_ID\",\n},\n},\n}, nil), nil\n}).(iam.GetPolicyDocumentResultOutput)\n_, err = sns.NewTopicPolicy(ctx, \"testTopicPolicy\", \u0026sns.TopicPolicyArgs{\nArn: testTopic.Arn,\nPolicy: testPolicyDocument.ApplyT(func(testPolicyDocument iam.GetPolicyDocumentResult) (*string, error) {\nreturn \u0026testPolicyDocument.Json, nil\n}).(pulumi.StringPtrOutput),\n})\nif err != nil {\nreturn err\n}\n_, err = backup.NewVaultNotifications(ctx, \"testVaultNotifications\", \u0026backup.VaultNotificationsArgs{\nBackupVaultName: pulumi.String(\"example_backup_vault\"),\nSnsTopicArn: testTopic.Arn,\nBackupVaultEvents: pulumi.StringArray{\npulumi.String(\"BACKUP_JOB_STARTED\"),\npulumi.String(\"RESTORE_JOB_COMPLETED\"),\n},\n})\nif err != nil {\nreturn err\n}\nreturn nil\n})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.aws.sns.Topic;\nimport com.pulumi.aws.iam.IamFunctions;\nimport com.pulumi.aws.iam.inputs.GetPolicyDocumentArgs;\nimport com.pulumi.aws.sns.TopicPolicy;\nimport com.pulumi.aws.sns.TopicPolicyArgs;\nimport com.pulumi.aws.backup.VaultNotifications;\nimport com.pulumi.aws.backup.VaultNotificationsArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var testTopic = new Topic(\"testTopic\");\n\n final var testPolicyDocument = IamFunctions.getPolicyDocument(GetPolicyDocumentArgs.builder()\n .policyId(\"__default_policy_ID\")\n .statements(GetPolicyDocumentStatementArgs.builder()\n .actions(\"SNS:Publish\")\n .effect(\"Allow\")\n .principals(GetPolicyDocumentStatementPrincipalArgs.builder()\n .type(\"Service\")\n .identifiers(\"backup.amazonaws.com\")\n .build())\n .resources(testTopic.arn())\n .sid(\"__default_statement_ID\")\n .build())\n .build());\n\n var testTopicPolicy = new TopicPolicy(\"testTopicPolicy\", TopicPolicyArgs.builder() \n .arn(testTopic.arn())\n .policy(testPolicyDocument.applyValue(getPolicyDocumentResult -\u003e getPolicyDocumentResult).applyValue(testPolicyDocument -\u003e testPolicyDocument.applyValue(getPolicyDocumentResult -\u003e getPolicyDocumentResult.json())))\n .build());\n\n var testVaultNotifications = new VaultNotifications(\"testVaultNotifications\", VaultNotificationsArgs.builder() \n .backupVaultName(\"example_backup_vault\")\n .snsTopicArn(testTopic.arn())\n .backupVaultEvents( \n \"BACKUP_JOB_STARTED\",\n \"RESTORE_JOB_COMPLETED\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n testTopic:\n type: aws:sns:Topic\n testTopicPolicy:\n type: aws:sns:TopicPolicy\n properties:\n arn: ${testTopic.arn}\n policy: ${testPolicyDocument.json}\n testVaultNotifications:\n type: aws:backup:VaultNotifications\n properties:\n backupVaultName: example_backup_vault\n snsTopicArn: ${testTopic.arn}\n backupVaultEvents:\n - BACKUP_JOB_STARTED\n - RESTORE_JOB_COMPLETED\nvariables:\n testPolicyDocument:\n fn::invoke:\n Function: aws:iam:getPolicyDocument\n Arguments:\n policyId: __default_policy_ID\n statements:\n - actions:\n - SNS:Publish\n effect: Allow\n principals:\n - type: Service\n identifiers:\n - backup.amazonaws.com\n resources:\n - ${testTopic.arn}\n sid: __default_statement_ID\n```\n{{% /example %}}\n{{% /examples %}}\n\n## Import\n\nterraform import {\n\n to = aws_backup_vault_notifications.test\n\n id = \"TestVault\" } Using `pulumi import`, import Backup vault notifications using the `name`. For exampleconsole % pulumi import aws_backup_vault_notifications.test TestVault ", + "description": "Provides an AWS Backup vault notifications resource.\n\n{{% examples %}}\n## Example Usage\n{{% example %}}\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst testTopic = new aws.sns.Topic(\"testTopic\", {});\nconst testPolicyDocument = testTopic.arn.apply(arn =\u003e aws.iam.getPolicyDocumentOutput({\n policyId: \"__default_policy_ID\",\n statements: [{\n actions: [\"SNS:Publish\"],\n effect: \"Allow\",\n principals: [{\n type: \"Service\",\n identifiers: [\"backup.amazonaws.com\"],\n }],\n resources: [arn],\n sid: \"__default_statement_ID\",\n }],\n}));\nconst testTopicPolicy = new aws.sns.TopicPolicy(\"testTopicPolicy\", {\n arn: testTopic.arn,\n policy: testPolicyDocument.apply(testPolicyDocument =\u003e testPolicyDocument.json),\n});\nconst testVaultNotifications = new aws.backup.VaultNotifications(\"testVaultNotifications\", {\n backupVaultName: \"example_backup_vault\",\n snsTopicArn: testTopic.arn,\n backupVaultEvents: [\n \"BACKUP_JOB_STARTED\",\n \"RESTORE_JOB_COMPLETED\",\n ],\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\ntest_topic = aws.sns.Topic(\"testTopic\")\ntest_policy_document = test_topic.arn.apply(lambda arn: aws.iam.get_policy_document_output(policy_id=\"__default_policy_ID\",\n statements=[aws.iam.GetPolicyDocumentStatementArgs(\n actions=[\"SNS:Publish\"],\n effect=\"Allow\",\n principals=[aws.iam.GetPolicyDocumentStatementPrincipalArgs(\n type=\"Service\",\n identifiers=[\"backup.amazonaws.com\"],\n )],\n resources=[arn],\n sid=\"__default_statement_ID\",\n )]))\ntest_topic_policy = aws.sns.TopicPolicy(\"testTopicPolicy\",\n arn=test_topic.arn,\n policy=test_policy_document.json)\ntest_vault_notifications = aws.backup.VaultNotifications(\"testVaultNotifications\",\n backup_vault_name=\"example_backup_vault\",\n sns_topic_arn=test_topic.arn,\n backup_vault_events=[\n \"BACKUP_JOB_STARTED\",\n \"RESTORE_JOB_COMPLETED\",\n ])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var testTopic = new Aws.Sns.Topic(\"testTopic\");\n\n var testPolicyDocument = Aws.Iam.GetPolicyDocument.Invoke(new()\n {\n PolicyId = \"__default_policy_ID\",\n Statements = new[]\n {\n new Aws.Iam.Inputs.GetPolicyDocumentStatementInputArgs\n {\n Actions = new[]\n {\n \"SNS:Publish\",\n },\n Effect = \"Allow\",\n Principals = new[]\n {\n new Aws.Iam.Inputs.GetPolicyDocumentStatementPrincipalInputArgs\n {\n Type = \"Service\",\n Identifiers = new[]\n {\n \"backup.amazonaws.com\",\n },\n },\n },\n Resources = new[]\n {\n testTopic.Arn,\n },\n Sid = \"__default_statement_ID\",\n },\n },\n });\n\n var testTopicPolicy = new Aws.Sns.TopicPolicy(\"testTopicPolicy\", new()\n {\n Arn = testTopic.Arn,\n Policy = testPolicyDocument.Apply(getPolicyDocumentResult =\u003e getPolicyDocumentResult.Json),\n });\n\n var testVaultNotifications = new Aws.Backup.VaultNotifications(\"testVaultNotifications\", new()\n {\n BackupVaultName = \"example_backup_vault\",\n SnsTopicArn = testTopic.Arn,\n BackupVaultEvents = new[]\n {\n \"BACKUP_JOB_STARTED\",\n \"RESTORE_JOB_COMPLETED\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/backup\"\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/iam\"\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/sns\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\nfunc main() {\npulumi.Run(func(ctx *pulumi.Context) error {\ntestTopic, err := sns.NewTopic(ctx, \"testTopic\", nil)\nif err != nil {\nreturn err\n}\ntestPolicyDocument := testTopic.Arn.ApplyT(func(arn string) (iam.GetPolicyDocumentResult, error) {\nreturn iam.GetPolicyDocumentOutput(ctx, iam.GetPolicyDocumentOutputArgs{\nPolicyId: \"__default_policy_ID\",\nStatements: []iam.GetPolicyDocumentStatement{\n{\nActions: []string{\n\"SNS:Publish\",\n},\nEffect: \"Allow\",\nPrincipals: []iam.GetPolicyDocumentStatementPrincipal{\n{\nType: \"Service\",\nIdentifiers: []string{\n\"backup.amazonaws.com\",\n},\n},\n},\nResources: interface{}{\narn,\n},\nSid: \"__default_statement_ID\",\n},\n},\n}, nil), nil\n}).(iam.GetPolicyDocumentResultOutput)\n_, err = sns.NewTopicPolicy(ctx, \"testTopicPolicy\", \u0026sns.TopicPolicyArgs{\nArn: testTopic.Arn,\nPolicy: testPolicyDocument.ApplyT(func(testPolicyDocument iam.GetPolicyDocumentResult) (*string, error) {\nreturn \u0026testPolicyDocument.Json, nil\n}).(pulumi.StringPtrOutput),\n})\nif err != nil {\nreturn err\n}\n_, err = backup.NewVaultNotifications(ctx, \"testVaultNotifications\", \u0026backup.VaultNotificationsArgs{\nBackupVaultName: pulumi.String(\"example_backup_vault\"),\nSnsTopicArn: testTopic.Arn,\nBackupVaultEvents: pulumi.StringArray{\npulumi.String(\"BACKUP_JOB_STARTED\"),\npulumi.String(\"RESTORE_JOB_COMPLETED\"),\n},\n})\nif err != nil {\nreturn err\n}\nreturn nil\n})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.aws.sns.Topic;\nimport com.pulumi.aws.iam.IamFunctions;\nimport com.pulumi.aws.iam.inputs.GetPolicyDocumentArgs;\nimport com.pulumi.aws.sns.TopicPolicy;\nimport com.pulumi.aws.sns.TopicPolicyArgs;\nimport com.pulumi.aws.backup.VaultNotifications;\nimport com.pulumi.aws.backup.VaultNotificationsArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var testTopic = new Topic(\"testTopic\");\n\n final var testPolicyDocument = IamFunctions.getPolicyDocument(GetPolicyDocumentArgs.builder()\n .policyId(\"__default_policy_ID\")\n .statements(GetPolicyDocumentStatementArgs.builder()\n .actions(\"SNS:Publish\")\n .effect(\"Allow\")\n .principals(GetPolicyDocumentStatementPrincipalArgs.builder()\n .type(\"Service\")\n .identifiers(\"backup.amazonaws.com\")\n .build())\n .resources(testTopic.arn())\n .sid(\"__default_statement_ID\")\n .build())\n .build());\n\n var testTopicPolicy = new TopicPolicy(\"testTopicPolicy\", TopicPolicyArgs.builder() \n .arn(testTopic.arn())\n .policy(testPolicyDocument.applyValue(getPolicyDocumentResult -\u003e getPolicyDocumentResult).applyValue(testPolicyDocument -\u003e testPolicyDocument.applyValue(getPolicyDocumentResult -\u003e getPolicyDocumentResult.json())))\n .build());\n\n var testVaultNotifications = new VaultNotifications(\"testVaultNotifications\", VaultNotificationsArgs.builder() \n .backupVaultName(\"example_backup_vault\")\n .snsTopicArn(testTopic.arn())\n .backupVaultEvents( \n \"BACKUP_JOB_STARTED\",\n \"RESTORE_JOB_COMPLETED\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n testTopic:\n type: aws:sns:Topic\n testTopicPolicy:\n type: aws:sns:TopicPolicy\n properties:\n arn: ${testTopic.arn}\n policy: ${testPolicyDocument.json}\n testVaultNotifications:\n type: aws:backup:VaultNotifications\n properties:\n backupVaultName: example_backup_vault\n snsTopicArn: ${testTopic.arn}\n backupVaultEvents:\n - BACKUP_JOB_STARTED\n - RESTORE_JOB_COMPLETED\nvariables:\n testPolicyDocument:\n fn::invoke:\n Function: aws:iam:getPolicyDocument\n Arguments:\n policyId: __default_policy_ID\n statements:\n - actions:\n - SNS:Publish\n effect: Allow\n principals:\n - type: Service\n identifiers:\n - backup.amazonaws.com\n resources:\n - ${testTopic.arn}\n sid: __default_statement_ID\n```\n{{% /example %}}\n{{% /examples %}}\n\n## Import\n\nterraform import {\n\n to = aws_backup_vault_notifications.test\n\n id = \"TestVault\" } Using `pulumi import`, import Backup vault notifications using the `name`. For exampleconsole % pulumi import aws_backup_vault_notifications.test TestVault ", "properties": { "backupVaultArn": { "type": "string", @@ -146614,7 +146611,7 @@ } }, "aws:cloudformation/stackSetInstance:StackSetInstance": { - "description": "Manages a CloudFormation StackSet Instance. Instances are managed in the account and region of the StackSet after the target account permissions have been configured. Additional information about StackSets can be found in the [AWS CloudFormation User Guide](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/what-is-cfnstacksets.html).\n\n\u003e **NOTE:** All target accounts must have an IAM Role created that matches the name of the execution role configured in the StackSet (the `execution_role_name` argument in the `aws.cloudformation.StackSet` resource) in a trust relationship with the administrative account or administration IAM Role. The execution role must have appropriate permissions to manage resources defined in the template along with those required for StackSets to operate. See the [AWS CloudFormation User Guide](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/stacksets-prereqs.html) for more details.\n\n\u003e **NOTE:** To retain the Stack during resource destroy, ensure `retain_stack` has been set to `true` in the state first. This must be completed _before_ a deployment that would destroy the resource.\n\n{{% examples %}}\n## Example Usage\n{{% example %}}\n### Basic Usage\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst example = new aws.cloudformation.StackSetInstance(\"example\", {\n accountId: \"123456789012\",\n region: \"us-east-1\",\n stackSetName: aws_cloudformation_stack_set.example.name,\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nexample = aws.cloudformation.StackSetInstance(\"example\",\n account_id=\"123456789012\",\n region=\"us-east-1\",\n stack_set_name=aws_cloudformation_stack_set[\"example\"][\"name\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var example = new Aws.CloudFormation.StackSetInstance(\"example\", new()\n {\n AccountId = \"123456789012\",\n Region = \"us-east-1\",\n StackSetName = aws_cloudformation_stack_set.Example.Name,\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/cloudformation\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := cloudformation.NewStackSetInstance(ctx, \"example\", \u0026cloudformation.StackSetInstanceArgs{\n\t\t\tAccountId: pulumi.String(\"123456789012\"),\n\t\t\tRegion: pulumi.String(\"us-east-1\"),\n\t\t\tStackSetName: pulumi.Any(aws_cloudformation_stack_set.Example.Name),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.aws.cloudformation.StackSetInstance;\nimport com.pulumi.aws.cloudformation.StackSetInstanceArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var example = new StackSetInstance(\"example\", StackSetInstanceArgs.builder() \n .accountId(\"123456789012\")\n .region(\"us-east-1\")\n .stackSetName(aws_cloudformation_stack_set.example().name())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n example:\n type: aws:cloudformation:StackSetInstance\n properties:\n accountId: '123456789012'\n region: us-east-1\n stackSetName: ${aws_cloudformation_stack_set.example.name}\n```\n{{% /example %}}\n{{% example %}}\n### Example IAM Setup in Target Account\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst aWSCloudFormationStackSetExecutionRoleAssumeRolePolicy = aws.iam.getPolicyDocument({\n statements: [{\n actions: [\"sts:AssumeRole\"],\n effect: \"Allow\",\n principals: [{\n identifiers: [aws_iam_role.AWSCloudFormationStackSetAdministrationRole.arn],\n type: \"AWS\",\n }],\n }],\n});\nconst aWSCloudFormationStackSetExecutionRole = new aws.iam.Role(\"aWSCloudFormationStackSetExecutionRole\", {assumeRolePolicy: aWSCloudFormationStackSetExecutionRoleAssumeRolePolicy.then(aWSCloudFormationStackSetExecutionRoleAssumeRolePolicy =\u003e aWSCloudFormationStackSetExecutionRoleAssumeRolePolicy.json)});\nconst aWSCloudFormationStackSetExecutionRoleMinimumExecutionPolicyPolicyDocument = aws.iam.getPolicyDocument({\n statements: [{\n actions: [\n \"cloudformation:*\",\n \"s3:*\",\n \"sns:*\",\n ],\n effect: \"Allow\",\n resources: [\"*\"],\n }],\n});\nconst aWSCloudFormationStackSetExecutionRoleMinimumExecutionPolicyRolePolicy = new aws.iam.RolePolicy(\"aWSCloudFormationStackSetExecutionRoleMinimumExecutionPolicyRolePolicy\", {\n policy: aWSCloudFormationStackSetExecutionRoleMinimumExecutionPolicyPolicyDocument.then(aWSCloudFormationStackSetExecutionRoleMinimumExecutionPolicyPolicyDocument =\u003e aWSCloudFormationStackSetExecutionRoleMinimumExecutionPolicyPolicyDocument.json),\n role: aWSCloudFormationStackSetExecutionRole.name,\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\na_ws_cloud_formation_stack_set_execution_role_assume_role_policy = aws.iam.get_policy_document(statements=[aws.iam.GetPolicyDocumentStatementArgs(\n actions=[\"sts:AssumeRole\"],\n effect=\"Allow\",\n principals=[aws.iam.GetPolicyDocumentStatementPrincipalArgs(\n identifiers=[aws_iam_role[\"AWSCloudFormationStackSetAdministrationRole\"][\"arn\"]],\n type=\"AWS\",\n )],\n)])\na_ws_cloud_formation_stack_set_execution_role = aws.iam.Role(\"aWSCloudFormationStackSetExecutionRole\", assume_role_policy=a_ws_cloud_formation_stack_set_execution_role_assume_role_policy.json)\na_ws_cloud_formation_stack_set_execution_role_minimum_execution_policy_policy_document = aws.iam.get_policy_document(statements=[aws.iam.GetPolicyDocumentStatementArgs(\n actions=[\n \"cloudformation:*\",\n \"s3:*\",\n \"sns:*\",\n ],\n effect=\"Allow\",\n resources=[\"*\"],\n)])\na_ws_cloud_formation_stack_set_execution_role_minimum_execution_policy_role_policy = aws.iam.RolePolicy(\"aWSCloudFormationStackSetExecutionRoleMinimumExecutionPolicyRolePolicy\",\n policy=a_ws_cloud_formation_stack_set_execution_role_minimum_execution_policy_policy_document.json,\n role=a_ws_cloud_formation_stack_set_execution_role.name)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var aWSCloudFormationStackSetExecutionRoleAssumeRolePolicy = Aws.Iam.GetPolicyDocument.Invoke(new()\n {\n Statements = new[]\n {\n new Aws.Iam.Inputs.GetPolicyDocumentStatementInputArgs\n {\n Actions = new[]\n {\n \"sts:AssumeRole\",\n },\n Effect = \"Allow\",\n Principals = new[]\n {\n new Aws.Iam.Inputs.GetPolicyDocumentStatementPrincipalInputArgs\n {\n Identifiers = new[]\n {\n aws_iam_role.AWSCloudFormationStackSetAdministrationRole.Arn,\n },\n Type = \"AWS\",\n },\n },\n },\n },\n });\n\n var aWSCloudFormationStackSetExecutionRole = new Aws.Iam.Role(\"aWSCloudFormationStackSetExecutionRole\", new()\n {\n AssumeRolePolicy = aWSCloudFormationStackSetExecutionRoleAssumeRolePolicy.Apply(getPolicyDocumentResult =\u003e getPolicyDocumentResult.Json),\n });\n\n var aWSCloudFormationStackSetExecutionRoleMinimumExecutionPolicyPolicyDocument = Aws.Iam.GetPolicyDocument.Invoke(new()\n {\n Statements = new[]\n {\n new Aws.Iam.Inputs.GetPolicyDocumentStatementInputArgs\n {\n Actions = new[]\n {\n \"cloudformation:*\",\n \"s3:*\",\n \"sns:*\",\n },\n Effect = \"Allow\",\n Resources = new[]\n {\n \"*\",\n },\n },\n },\n });\n\n var aWSCloudFormationStackSetExecutionRoleMinimumExecutionPolicyRolePolicy = new Aws.Iam.RolePolicy(\"aWSCloudFormationStackSetExecutionRoleMinimumExecutionPolicyRolePolicy\", new()\n {\n Policy = aWSCloudFormationStackSetExecutionRoleMinimumExecutionPolicyPolicyDocument.Apply(getPolicyDocumentResult =\u003e getPolicyDocumentResult.Json),\n Role = aWSCloudFormationStackSetExecutionRole.Name,\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\n\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/iam\"\n)\nfunc main() {\npulumi.Run(func(ctx *pulumi.Context) error {\naWSCloudFormationStackSetExecutionRoleAssumeRolePolicy, err := iam.GetPolicyDocument(ctx, \u0026iam.GetPolicyDocumentArgs{\nStatements: []iam.GetPolicyDocumentStatement{\n{\nActions: []string{\n\"sts:AssumeRole\",\n},\nEffect: pulumi.StringRef(\"Allow\"),\nPrincipals: []iam.GetPolicyDocumentStatementPrincipal{\n{\nIdentifiers: interface{}{\naws_iam_role.AWSCloudFormationStackSetAdministrationRole.Arn,\n},\nType: \"AWS\",\n},\n},\n},\n},\n}, nil);\nif err != nil {\nreturn err\n}\naWSCloudFormationStackSetExecutionRole, err := iam.NewRole(ctx, \"aWSCloudFormationStackSetExecutionRole\", \u0026iam.RoleArgs{\nAssumeRolePolicy: *pulumi.String(aWSCloudFormationStackSetExecutionRoleAssumeRolePolicy.Json),\n})\nif err != nil {\nreturn err\n}\naWSCloudFormationStackSetExecutionRoleMinimumExecutionPolicyPolicyDocument, err := iam.GetPolicyDocument(ctx, \u0026iam.GetPolicyDocumentArgs{\nStatements: []iam.GetPolicyDocumentStatement{\n{\nActions: []string{\n\"cloudformation:*\",\n\"s3:*\",\n\"sns:*\",\n},\nEffect: pulumi.StringRef(\"Allow\"),\nResources: []string{\n\"*\",\n},\n},\n},\n}, nil);\nif err != nil {\nreturn err\n}\n_, err = iam.NewRolePolicy(ctx, \"aWSCloudFormationStackSetExecutionRoleMinimumExecutionPolicyRolePolicy\", \u0026iam.RolePolicyArgs{\nPolicy: *pulumi.String(aWSCloudFormationStackSetExecutionRoleMinimumExecutionPolicyPolicyDocument.Json),\nRole: aWSCloudFormationStackSetExecutionRole.Name,\n})\nif err != nil {\nreturn err\n}\nreturn nil\n})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.aws.iam.IamFunctions;\nimport com.pulumi.aws.iam.inputs.GetPolicyDocumentArgs;\nimport com.pulumi.aws.iam.Role;\nimport com.pulumi.aws.iam.RoleArgs;\nimport com.pulumi.aws.iam.RolePolicy;\nimport com.pulumi.aws.iam.RolePolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var aWSCloudFormationStackSetExecutionRoleAssumeRolePolicy = IamFunctions.getPolicyDocument(GetPolicyDocumentArgs.builder()\n .statements(GetPolicyDocumentStatementArgs.builder()\n .actions(\"sts:AssumeRole\")\n .effect(\"Allow\")\n .principals(GetPolicyDocumentStatementPrincipalArgs.builder()\n .identifiers(aws_iam_role.AWSCloudFormationStackSetAdministrationRole().arn())\n .type(\"AWS\")\n .build())\n .build())\n .build());\n\n var aWSCloudFormationStackSetExecutionRole = new Role(\"aWSCloudFormationStackSetExecutionRole\", RoleArgs.builder() \n .assumeRolePolicy(aWSCloudFormationStackSetExecutionRoleAssumeRolePolicy.applyValue(getPolicyDocumentResult -\u003e getPolicyDocumentResult.json()))\n .build());\n\n final var aWSCloudFormationStackSetExecutionRoleMinimumExecutionPolicyPolicyDocument = IamFunctions.getPolicyDocument(GetPolicyDocumentArgs.builder()\n .statements(GetPolicyDocumentStatementArgs.builder()\n .actions( \n \"cloudformation:*\",\n \"s3:*\",\n \"sns:*\")\n .effect(\"Allow\")\n .resources(\"*\")\n .build())\n .build());\n\n var aWSCloudFormationStackSetExecutionRoleMinimumExecutionPolicyRolePolicy = new RolePolicy(\"aWSCloudFormationStackSetExecutionRoleMinimumExecutionPolicyRolePolicy\", RolePolicyArgs.builder() \n .policy(aWSCloudFormationStackSetExecutionRoleMinimumExecutionPolicyPolicyDocument.applyValue(getPolicyDocumentResult -\u003e getPolicyDocumentResult.json()))\n .role(aWSCloudFormationStackSetExecutionRole.name())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n aWSCloudFormationStackSetExecutionRole:\n type: aws:iam:Role\n properties:\n assumeRolePolicy: ${aWSCloudFormationStackSetExecutionRoleAssumeRolePolicy.json}\n aWSCloudFormationStackSetExecutionRoleMinimumExecutionPolicyRolePolicy:\n type: aws:iam:RolePolicy\n properties:\n policy: ${aWSCloudFormationStackSetExecutionRoleMinimumExecutionPolicyPolicyDocument.json}\n role: ${aWSCloudFormationStackSetExecutionRole.name}\nvariables:\n aWSCloudFormationStackSetExecutionRoleAssumeRolePolicy:\n fn::invoke:\n Function: aws:iam:getPolicyDocument\n Arguments:\n statements:\n - actions:\n - sts:AssumeRole\n effect: Allow\n principals:\n - identifiers:\n - ${aws_iam_role.AWSCloudFormationStackSetAdministrationRole.arn}\n type: AWS\n aWSCloudFormationStackSetExecutionRoleMinimumExecutionPolicyPolicyDocument:\n fn::invoke:\n Function: aws:iam:getPolicyDocument\n Arguments:\n statements:\n - actions:\n - cloudformation:*\n - s3:*\n - sns:*\n effect: Allow\n resources:\n - '*'\n```\n{{% /example %}}\n{{% example %}}\n### Example Deployment across Organizations account\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst example = new aws.cloudformation.StackSetInstance(\"example\", {\n deploymentTargets: {\n organizationalUnitIds: [aws_organizations_organization.example.roots[0].id],\n },\n region: \"us-east-1\",\n stackSetName: aws_cloudformation_stack_set.example.name,\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nexample = aws.cloudformation.StackSetInstance(\"example\",\n deployment_targets=aws.cloudformation.StackSetInstanceDeploymentTargetsArgs(\n organizational_unit_ids=[aws_organizations_organization[\"example\"][\"roots\"][0][\"id\"]],\n ),\n region=\"us-east-1\",\n stack_set_name=aws_cloudformation_stack_set[\"example\"][\"name\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var example = new Aws.CloudFormation.StackSetInstance(\"example\", new()\n {\n DeploymentTargets = new Aws.CloudFormation.Inputs.StackSetInstanceDeploymentTargetsArgs\n {\n OrganizationalUnitIds = new[]\n {\n aws_organizations_organization.Example.Roots[0].Id,\n },\n },\n Region = \"us-east-1\",\n StackSetName = aws_cloudformation_stack_set.Example.Name,\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/cloudformation\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := cloudformation.NewStackSetInstance(ctx, \"example\", \u0026cloudformation.StackSetInstanceArgs{\n\t\t\tDeploymentTargets: \u0026cloudformation.StackSetInstanceDeploymentTargetsArgs{\n\t\t\t\tOrganizationalUnitIds: pulumi.StringArray{\n\t\t\t\t\taws_organizations_organization.Example.Roots[0].Id,\n\t\t\t\t},\n\t\t\t},\n\t\t\tRegion: pulumi.String(\"us-east-1\"),\n\t\t\tStackSetName: pulumi.Any(aws_cloudformation_stack_set.Example.Name),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.aws.cloudformation.StackSetInstance;\nimport com.pulumi.aws.cloudformation.StackSetInstanceArgs;\nimport com.pulumi.aws.cloudformation.inputs.StackSetInstanceDeploymentTargetsArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var example = new StackSetInstance(\"example\", StackSetInstanceArgs.builder() \n .deploymentTargets(StackSetInstanceDeploymentTargetsArgs.builder()\n .organizationalUnitIds(aws_organizations_organization.example().roots()[0].id())\n .build())\n .region(\"us-east-1\")\n .stackSetName(aws_cloudformation_stack_set.example().name())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n example:\n type: aws:cloudformation:StackSetInstance\n properties:\n deploymentTargets:\n organizationalUnitIds:\n - ${aws_organizations_organization.example.roots[0].id}\n region: us-east-1\n stackSetName: ${aws_cloudformation_stack_set.example.name}\n```\n{{% /example %}}\n{{% /examples %}}\n\n## Import\n\nterraform import {\n\n to = aws_cloudformation_stack_set_instance.example\n\n id = \"example,123456789012,us-east-1\" } Import CloudFormation StackSet Instances that target AWS Organizational Units using the StackSet name, a slash (`/`) separated list of organizational unit IDs, and target AWS region separated by commas (`,`)terraform import {\n\n to = aws_cloudformation_stack_set_instance.example\n\n id = \"example,ou-sdas-123123123/ou-sdas-789789789,us-east-1\" } **Using `pulumi import` to import** CloudFormation StackSet Instances that target an AWS Account ID using the StackSet name, target AWS account ID, and target AWS region separated by commas (`,`). For exampleconsole % pulumi import aws_cloudformation_stack_set_instance.example example,123456789012,us-east-1 Import CloudFormation StackSet Instances that target AWS Organizational Units using the StackSet name, a slash (`/`) separated list of organizational unit IDs, and target AWS region separated by commas (`,`)console % pulumi import aws_cloudformation_stack_set_instance.example example,ou-sdas-123123123/ou-sdas-789789789,us-east-1 ", + "description": "Manages a CloudFormation StackSet Instance. Instances are managed in the account and region of the StackSet after the target account permissions have been configured. Additional information about StackSets can be found in the [AWS CloudFormation User Guide](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/what-is-cfnstacksets.html).\n\n\u003e **NOTE:** All target accounts must have an IAM Role created that matches the name of the execution role configured in the StackSet (the `execution_role_name` argument in the `aws.cloudformation.StackSet` resource) in a trust relationship with the administrative account or administration IAM Role. The execution role must have appropriate permissions to manage resources defined in the template along with those required for StackSets to operate. See the [AWS CloudFormation User Guide](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/stacksets-prereqs.html) for more details.\n\n\u003e **NOTE:** To retain the Stack during resource destroy, ensure `retain_stack` has been set to `true` in the state first. This must be completed _before_ a deployment that would destroy the resource.\n\n{{% examples %}}\n## Example Usage\n{{% example %}}\n### Basic Usage\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst example = new aws.cloudformation.StackSetInstance(\"example\", {\n accountId: \"123456789012\",\n region: \"us-east-1\",\n stackSetName: aws_cloudformation_stack_set.example.name,\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nexample = aws.cloudformation.StackSetInstance(\"example\",\n account_id=\"123456789012\",\n region=\"us-east-1\",\n stack_set_name=aws_cloudformation_stack_set[\"example\"][\"name\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var example = new Aws.CloudFormation.StackSetInstance(\"example\", new()\n {\n AccountId = \"123456789012\",\n Region = \"us-east-1\",\n StackSetName = aws_cloudformation_stack_set.Example.Name,\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/cloudformation\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := cloudformation.NewStackSetInstance(ctx, \"example\", \u0026cloudformation.StackSetInstanceArgs{\n\t\t\tAccountId: pulumi.String(\"123456789012\"),\n\t\t\tRegion: pulumi.String(\"us-east-1\"),\n\t\t\tStackSetName: pulumi.Any(aws_cloudformation_stack_set.Example.Name),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.aws.cloudformation.StackSetInstance;\nimport com.pulumi.aws.cloudformation.StackSetInstanceArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var example = new StackSetInstance(\"example\", StackSetInstanceArgs.builder() \n .accountId(\"123456789012\")\n .region(\"us-east-1\")\n .stackSetName(aws_cloudformation_stack_set.example().name())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n example:\n type: aws:cloudformation:StackSetInstance\n properties:\n accountId: '123456789012'\n region: us-east-1\n stackSetName: ${aws_cloudformation_stack_set.example.name}\n```\n{{% /example %}}\n{{% example %}}\n### Example IAM Setup in Target Account\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst aWSCloudFormationStackSetExecutionRoleAssumeRolePolicy = aws.iam.getPolicyDocument({\n statements: [{\n actions: [\"sts:AssumeRole\"],\n effect: \"Allow\",\n principals: [{\n identifiers: [aws_iam_role.AWSCloudFormationStackSetAdministrationRole.arn],\n type: \"AWS\",\n }],\n }],\n});\nconst aWSCloudFormationStackSetExecutionRole = new aws.iam.Role(\"aWSCloudFormationStackSetExecutionRole\", {assumeRolePolicy: aWSCloudFormationStackSetExecutionRoleAssumeRolePolicy.then(aWSCloudFormationStackSetExecutionRoleAssumeRolePolicy =\u003e aWSCloudFormationStackSetExecutionRoleAssumeRolePolicy.json)});\nconst aWSCloudFormationStackSetExecutionRoleMinimumExecutionPolicyPolicyDocument = aws.iam.getPolicyDocument({\n statements: [{\n actions: [\n \"cloudformation:*\",\n \"s3:*\",\n \"sns:*\",\n ],\n effect: \"Allow\",\n resources: [\"*\"],\n }],\n});\nconst aWSCloudFormationStackSetExecutionRoleMinimumExecutionPolicyRolePolicy = new aws.iam.RolePolicy(\"aWSCloudFormationStackSetExecutionRoleMinimumExecutionPolicyRolePolicy\", {\n policy: aWSCloudFormationStackSetExecutionRoleMinimumExecutionPolicyPolicyDocument.then(aWSCloudFormationStackSetExecutionRoleMinimumExecutionPolicyPolicyDocument =\u003e aWSCloudFormationStackSetExecutionRoleMinimumExecutionPolicyPolicyDocument.json),\n role: aWSCloudFormationStackSetExecutionRole.name,\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\na_ws_cloud_formation_stack_set_execution_role_assume_role_policy = aws.iam.get_policy_document(statements=[aws.iam.GetPolicyDocumentStatementArgs(\n actions=[\"sts:AssumeRole\"],\n effect=\"Allow\",\n principals=[aws.iam.GetPolicyDocumentStatementPrincipalArgs(\n identifiers=[aws_iam_role[\"AWSCloudFormationStackSetAdministrationRole\"][\"arn\"]],\n type=\"AWS\",\n )],\n)])\na_ws_cloud_formation_stack_set_execution_role = aws.iam.Role(\"aWSCloudFormationStackSetExecutionRole\", assume_role_policy=a_ws_cloud_formation_stack_set_execution_role_assume_role_policy.json)\na_ws_cloud_formation_stack_set_execution_role_minimum_execution_policy_policy_document = aws.iam.get_policy_document(statements=[aws.iam.GetPolicyDocumentStatementArgs(\n actions=[\n \"cloudformation:*\",\n \"s3:*\",\n \"sns:*\",\n ],\n effect=\"Allow\",\n resources=[\"*\"],\n)])\na_ws_cloud_formation_stack_set_execution_role_minimum_execution_policy_role_policy = aws.iam.RolePolicy(\"aWSCloudFormationStackSetExecutionRoleMinimumExecutionPolicyRolePolicy\",\n policy=a_ws_cloud_formation_stack_set_execution_role_minimum_execution_policy_policy_document.json,\n role=a_ws_cloud_formation_stack_set_execution_role.name)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var aWSCloudFormationStackSetExecutionRoleAssumeRolePolicy = Aws.Iam.GetPolicyDocument.Invoke(new()\n {\n Statements = new[]\n {\n new Aws.Iam.Inputs.GetPolicyDocumentStatementInputArgs\n {\n Actions = new[]\n {\n \"sts:AssumeRole\",\n },\n Effect = \"Allow\",\n Principals = new[]\n {\n new Aws.Iam.Inputs.GetPolicyDocumentStatementPrincipalInputArgs\n {\n Identifiers = new[]\n {\n aws_iam_role.AWSCloudFormationStackSetAdministrationRole.Arn,\n },\n Type = \"AWS\",\n },\n },\n },\n },\n });\n\n var aWSCloudFormationStackSetExecutionRole = new Aws.Iam.Role(\"aWSCloudFormationStackSetExecutionRole\", new()\n {\n AssumeRolePolicy = aWSCloudFormationStackSetExecutionRoleAssumeRolePolicy.Apply(getPolicyDocumentResult =\u003e getPolicyDocumentResult.Json),\n });\n\n var aWSCloudFormationStackSetExecutionRoleMinimumExecutionPolicyPolicyDocument = Aws.Iam.GetPolicyDocument.Invoke(new()\n {\n Statements = new[]\n {\n new Aws.Iam.Inputs.GetPolicyDocumentStatementInputArgs\n {\n Actions = new[]\n {\n \"cloudformation:*\",\n \"s3:*\",\n \"sns:*\",\n },\n Effect = \"Allow\",\n Resources = new[]\n {\n \"*\",\n },\n },\n },\n });\n\n var aWSCloudFormationStackSetExecutionRoleMinimumExecutionPolicyRolePolicy = new Aws.Iam.RolePolicy(\"aWSCloudFormationStackSetExecutionRoleMinimumExecutionPolicyRolePolicy\", new()\n {\n Policy = aWSCloudFormationStackSetExecutionRoleMinimumExecutionPolicyPolicyDocument.Apply(getPolicyDocumentResult =\u003e getPolicyDocumentResult.Json),\n Role = aWSCloudFormationStackSetExecutionRole.Name,\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/iam\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\nfunc main() {\npulumi.Run(func(ctx *pulumi.Context) error {\naWSCloudFormationStackSetExecutionRoleAssumeRolePolicy, err := iam.GetPolicyDocument(ctx, \u0026iam.GetPolicyDocumentArgs{\nStatements: []iam.GetPolicyDocumentStatement{\n{\nActions: []string{\n\"sts:AssumeRole\",\n},\nEffect: pulumi.StringRef(\"Allow\"),\nPrincipals: []iam.GetPolicyDocumentStatementPrincipal{\n{\nIdentifiers: interface{}{\naws_iam_role.AWSCloudFormationStackSetAdministrationRole.Arn,\n},\nType: \"AWS\",\n},\n},\n},\n},\n}, nil);\nif err != nil {\nreturn err\n}\naWSCloudFormationStackSetExecutionRole, err := iam.NewRole(ctx, \"aWSCloudFormationStackSetExecutionRole\", \u0026iam.RoleArgs{\nAssumeRolePolicy: *pulumi.String(aWSCloudFormationStackSetExecutionRoleAssumeRolePolicy.Json),\n})\nif err != nil {\nreturn err\n}\naWSCloudFormationStackSetExecutionRoleMinimumExecutionPolicyPolicyDocument, err := iam.GetPolicyDocument(ctx, \u0026iam.GetPolicyDocumentArgs{\nStatements: []iam.GetPolicyDocumentStatement{\n{\nActions: []string{\n\"cloudformation:*\",\n\"s3:*\",\n\"sns:*\",\n},\nEffect: pulumi.StringRef(\"Allow\"),\nResources: []string{\n\"*\",\n},\n},\n},\n}, nil);\nif err != nil {\nreturn err\n}\n_, err = iam.NewRolePolicy(ctx, \"aWSCloudFormationStackSetExecutionRoleMinimumExecutionPolicyRolePolicy\", \u0026iam.RolePolicyArgs{\nPolicy: *pulumi.String(aWSCloudFormationStackSetExecutionRoleMinimumExecutionPolicyPolicyDocument.Json),\nRole: aWSCloudFormationStackSetExecutionRole.Name,\n})\nif err != nil {\nreturn err\n}\nreturn nil\n})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.aws.iam.IamFunctions;\nimport com.pulumi.aws.iam.inputs.GetPolicyDocumentArgs;\nimport com.pulumi.aws.iam.Role;\nimport com.pulumi.aws.iam.RoleArgs;\nimport com.pulumi.aws.iam.RolePolicy;\nimport com.pulumi.aws.iam.RolePolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var aWSCloudFormationStackSetExecutionRoleAssumeRolePolicy = IamFunctions.getPolicyDocument(GetPolicyDocumentArgs.builder()\n .statements(GetPolicyDocumentStatementArgs.builder()\n .actions(\"sts:AssumeRole\")\n .effect(\"Allow\")\n .principals(GetPolicyDocumentStatementPrincipalArgs.builder()\n .identifiers(aws_iam_role.AWSCloudFormationStackSetAdministrationRole().arn())\n .type(\"AWS\")\n .build())\n .build())\n .build());\n\n var aWSCloudFormationStackSetExecutionRole = new Role(\"aWSCloudFormationStackSetExecutionRole\", RoleArgs.builder() \n .assumeRolePolicy(aWSCloudFormationStackSetExecutionRoleAssumeRolePolicy.applyValue(getPolicyDocumentResult -\u003e getPolicyDocumentResult.json()))\n .build());\n\n final var aWSCloudFormationStackSetExecutionRoleMinimumExecutionPolicyPolicyDocument = IamFunctions.getPolicyDocument(GetPolicyDocumentArgs.builder()\n .statements(GetPolicyDocumentStatementArgs.builder()\n .actions( \n \"cloudformation:*\",\n \"s3:*\",\n \"sns:*\")\n .effect(\"Allow\")\n .resources(\"*\")\n .build())\n .build());\n\n var aWSCloudFormationStackSetExecutionRoleMinimumExecutionPolicyRolePolicy = new RolePolicy(\"aWSCloudFormationStackSetExecutionRoleMinimumExecutionPolicyRolePolicy\", RolePolicyArgs.builder() \n .policy(aWSCloudFormationStackSetExecutionRoleMinimumExecutionPolicyPolicyDocument.applyValue(getPolicyDocumentResult -\u003e getPolicyDocumentResult.json()))\n .role(aWSCloudFormationStackSetExecutionRole.name())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n aWSCloudFormationStackSetExecutionRole:\n type: aws:iam:Role\n properties:\n assumeRolePolicy: ${aWSCloudFormationStackSetExecutionRoleAssumeRolePolicy.json}\n aWSCloudFormationStackSetExecutionRoleMinimumExecutionPolicyRolePolicy:\n type: aws:iam:RolePolicy\n properties:\n policy: ${aWSCloudFormationStackSetExecutionRoleMinimumExecutionPolicyPolicyDocument.json}\n role: ${aWSCloudFormationStackSetExecutionRole.name}\nvariables:\n aWSCloudFormationStackSetExecutionRoleAssumeRolePolicy:\n fn::invoke:\n Function: aws:iam:getPolicyDocument\n Arguments:\n statements:\n - actions:\n - sts:AssumeRole\n effect: Allow\n principals:\n - identifiers:\n - ${aws_iam_role.AWSCloudFormationStackSetAdministrationRole.arn}\n type: AWS\n aWSCloudFormationStackSetExecutionRoleMinimumExecutionPolicyPolicyDocument:\n fn::invoke:\n Function: aws:iam:getPolicyDocument\n Arguments:\n statements:\n - actions:\n - cloudformation:*\n - s3:*\n - sns:*\n effect: Allow\n resources:\n - '*'\n```\n{{% /example %}}\n{{% example %}}\n### Example Deployment across Organizations account\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst example = new aws.cloudformation.StackSetInstance(\"example\", {\n deploymentTargets: {\n organizationalUnitIds: [aws_organizations_organization.example.roots[0].id],\n },\n region: \"us-east-1\",\n stackSetName: aws_cloudformation_stack_set.example.name,\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nexample = aws.cloudformation.StackSetInstance(\"example\",\n deployment_targets=aws.cloudformation.StackSetInstanceDeploymentTargetsArgs(\n organizational_unit_ids=[aws_organizations_organization[\"example\"][\"roots\"][0][\"id\"]],\n ),\n region=\"us-east-1\",\n stack_set_name=aws_cloudformation_stack_set[\"example\"][\"name\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var example = new Aws.CloudFormation.StackSetInstance(\"example\", new()\n {\n DeploymentTargets = new Aws.CloudFormation.Inputs.StackSetInstanceDeploymentTargetsArgs\n {\n OrganizationalUnitIds = new[]\n {\n aws_organizations_organization.Example.Roots[0].Id,\n },\n },\n Region = \"us-east-1\",\n StackSetName = aws_cloudformation_stack_set.Example.Name,\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/cloudformation\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := cloudformation.NewStackSetInstance(ctx, \"example\", \u0026cloudformation.StackSetInstanceArgs{\n\t\t\tDeploymentTargets: \u0026cloudformation.StackSetInstanceDeploymentTargetsArgs{\n\t\t\t\tOrganizationalUnitIds: pulumi.StringArray{\n\t\t\t\t\taws_organizations_organization.Example.Roots[0].Id,\n\t\t\t\t},\n\t\t\t},\n\t\t\tRegion: pulumi.String(\"us-east-1\"),\n\t\t\tStackSetName: pulumi.Any(aws_cloudformation_stack_set.Example.Name),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.aws.cloudformation.StackSetInstance;\nimport com.pulumi.aws.cloudformation.StackSetInstanceArgs;\nimport com.pulumi.aws.cloudformation.inputs.StackSetInstanceDeploymentTargetsArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var example = new StackSetInstance(\"example\", StackSetInstanceArgs.builder() \n .deploymentTargets(StackSetInstanceDeploymentTargetsArgs.builder()\n .organizationalUnitIds(aws_organizations_organization.example().roots()[0].id())\n .build())\n .region(\"us-east-1\")\n .stackSetName(aws_cloudformation_stack_set.example().name())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n example:\n type: aws:cloudformation:StackSetInstance\n properties:\n deploymentTargets:\n organizationalUnitIds:\n - ${aws_organizations_organization.example.roots[0].id}\n region: us-east-1\n stackSetName: ${aws_cloudformation_stack_set.example.name}\n```\n{{% /example %}}\n{{% /examples %}}\n\n## Import\n\nterraform import {\n\n to = aws_cloudformation_stack_set_instance.example\n\n id = \"example,123456789012,us-east-1\" } Import CloudFormation StackSet Instances that target AWS Organizational Units using the StackSet name, a slash (`/`) separated list of organizational unit IDs, and target AWS region separated by commas (`,`)terraform import {\n\n to = aws_cloudformation_stack_set_instance.example\n\n id = \"example,ou-sdas-123123123/ou-sdas-789789789,us-east-1\" } **Using `pulumi import` to import** CloudFormation StackSet Instances that target an AWS Account ID using the StackSet name, target AWS account ID, and target AWS region separated by commas (`,`). For exampleconsole % pulumi import aws_cloudformation_stack_set_instance.example example,123456789012,us-east-1 Import CloudFormation StackSet Instances that target AWS Organizational Units using the StackSet name, a slash (`/`) separated list of organizational unit IDs, and target AWS region separated by commas (`,`)console % pulumi import aws_cloudformation_stack_set_instance.example example,ou-sdas-123123123/ou-sdas-789789789,us-east-1 ", "properties": { "accountId": { "type": "string", @@ -147806,7 +147803,7 @@ } }, "aws:cloudfront/originAccessIdentity:OriginAccessIdentity": { - "description": "Creates an Amazon CloudFront origin access identity.\n\nFor information about CloudFront distributions, see the\n[Amazon CloudFront Developer Guide](http://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/Introduction.html). For more information on generating\norigin access identities, see\n[Using an Origin Access Identity to Restrict Access to Your Amazon S3 Content][2].\n\n{{% examples %}}\n## Example Usage\n{{% example %}}\n\nThe following example below creates a CloudFront origin access identity.\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst example = new aws.cloudfront.OriginAccessIdentity(\"example\", {comment: \"Some comment\"});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nexample = aws.cloudfront.OriginAccessIdentity(\"example\", comment=\"Some comment\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var example = new Aws.CloudFront.OriginAccessIdentity(\"example\", new()\n {\n Comment = \"Some comment\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/cloudfront\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := cloudfront.NewOriginAccessIdentity(ctx, \"example\", \u0026cloudfront.OriginAccessIdentityArgs{\n\t\t\tComment: pulumi.String(\"Some comment\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.aws.cloudfront.OriginAccessIdentity;\nimport com.pulumi.aws.cloudfront.OriginAccessIdentityArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var example = new OriginAccessIdentity(\"example\", OriginAccessIdentityArgs.builder() \n .comment(\"Some comment\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n example:\n type: aws:cloudfront:OriginAccessIdentity\n properties:\n comment: Some comment\n```\n{{% /example %}}\n{{% /examples %}}\n## Using With CloudFront\n\nNormally, when referencing an origin access identity in CloudFront, you need to\nprefix the ID with the `origin-access-identity/cloudfront/` special path.\nThe `cloudfront_access_identity_path` allows this to be circumvented.\nThe below snippet demonstrates use with the `s3_origin_config` structure for the\n`aws.cloudfront.Distribution` resource:\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\n// ... other configuration ...\nconst example = new aws.cloudfront.Distribution(\"example\", {origins: [{\n s3OriginConfig: {\n originAccessIdentity: aws_cloudfront_origin_access_identity.example.cloudfront_access_identity_path,\n },\n}]});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\n# ... other configuration ...\nexample = aws.cloudfront.Distribution(\"example\", origins=[aws.cloudfront.DistributionOriginArgs(\n s3_origin_config=aws.cloudfront.DistributionOriginS3OriginConfigArgs(\n origin_access_identity=aws_cloudfront_origin_access_identity[\"example\"][\"cloudfront_access_identity_path\"],\n ),\n)])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n // ... other configuration ...\n var example = new Aws.CloudFront.Distribution(\"example\", new()\n {\n Origins = new[]\n {\n new Aws.CloudFront.Inputs.DistributionOriginArgs\n {\n S3OriginConfig = new Aws.CloudFront.Inputs.DistributionOriginS3OriginConfigArgs\n {\n OriginAccessIdentity = aws_cloudfront_origin_access_identity.Example.Cloudfront_access_identity_path,\n },\n },\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/cloudfront\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := cloudfront.NewDistribution(ctx, \"example\", \u0026cloudfront.DistributionArgs{\n\t\t\tOrigins: cloudfront.DistributionOriginArray{\n\t\t\t\t\u0026cloudfront.DistributionOriginArgs{\n\t\t\t\t\tS3OriginConfig: \u0026cloudfront.DistributionOriginS3OriginConfigArgs{\n\t\t\t\t\t\tOriginAccessIdentity: pulumi.Any(aws_cloudfront_origin_access_identity.Example.Cloudfront_access_identity_path),\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.aws.cloudfront.Distribution;\nimport com.pulumi.aws.cloudfront.DistributionArgs;\nimport com.pulumi.aws.cloudfront.inputs.DistributionOriginArgs;\nimport com.pulumi.aws.cloudfront.inputs.DistributionOriginS3OriginConfigArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var example = new Distribution(\"example\", DistributionArgs.builder() \n .origins(DistributionOriginArgs.builder()\n .s3OriginConfig(DistributionOriginS3OriginConfigArgs.builder()\n .originAccessIdentity(aws_cloudfront_origin_access_identity.example().cloudfront_access_identity_path())\n .build())\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n example:\n type: aws:cloudfront:Distribution\n properties:\n origins:\n - s3OriginConfig:\n originAccessIdentity: ${aws_cloudfront_origin_access_identity.example.cloudfront_access_identity_path}\n```\n\n### Updating your bucket policy\n\nNote that the AWS API may translate the `s3_canonical_user_id` `CanonicalUser`\nprincipal into an `AWS` IAM ARN principal when supplied in an\n`aws.s3.BucketV2` bucket policy, causing spurious diffs. If\nyou see this behaviour, use the `iam_arn` instead:\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst s3Policy = aws.iam.getPolicyDocument({\n statements: [{\n actions: [\"s3:GetObject\"],\n resources: [`${aws_s3_bucket.example.arn}/*`],\n principals: [{\n type: \"AWS\",\n identifiers: [aws_cloudfront_origin_access_identity.example.iam_arn],\n }],\n }],\n});\nconst example = new aws.s3.BucketPolicy(\"example\", {\n bucket: aws_s3_bucket.example.id,\n policy: s3Policy.then(s3Policy =\u003e s3Policy.json),\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\ns3_policy = aws.iam.get_policy_document(statements=[aws.iam.GetPolicyDocumentStatementArgs(\n actions=[\"s3:GetObject\"],\n resources=[f\"{aws_s3_bucket['example']['arn']}/*\"],\n principals=[aws.iam.GetPolicyDocumentStatementPrincipalArgs(\n type=\"AWS\",\n identifiers=[aws_cloudfront_origin_access_identity[\"example\"][\"iam_arn\"]],\n )],\n)])\nexample = aws.s3.BucketPolicy(\"example\",\n bucket=aws_s3_bucket[\"example\"][\"id\"],\n policy=s3_policy.json)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var s3Policy = Aws.Iam.GetPolicyDocument.Invoke(new()\n {\n Statements = new[]\n {\n new Aws.Iam.Inputs.GetPolicyDocumentStatementInputArgs\n {\n Actions = new[]\n {\n \"s3:GetObject\",\n },\n Resources = new[]\n {\n $\"{aws_s3_bucket.Example.Arn}/*\",\n },\n Principals = new[]\n {\n new Aws.Iam.Inputs.GetPolicyDocumentStatementPrincipalInputArgs\n {\n Type = \"AWS\",\n Identifiers = new[]\n {\n aws_cloudfront_origin_access_identity.Example.Iam_arn,\n },\n },\n },\n },\n },\n });\n\n var example = new Aws.S3.BucketPolicy(\"example\", new()\n {\n Bucket = aws_s3_bucket.Example.Id,\n Policy = s3Policy.Apply(getPolicyDocumentResult =\u003e getPolicyDocumentResult.Json),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\"fmt\"\n\n\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/iam\"\n\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/s3\"\n)\nfunc main() {\npulumi.Run(func(ctx *pulumi.Context) error {\ns3Policy, err := iam.GetPolicyDocument(ctx, \u0026iam.GetPolicyDocumentArgs{\nStatements: []iam.GetPolicyDocumentStatement{\n{\nActions: []string{\n\"s3:GetObject\",\n},\nResources: []string{\nfmt.Sprintf(\"%v/*\", aws_s3_bucket.Example.Arn),\n},\nPrincipals: []iam.GetPolicyDocumentStatementPrincipal{\n{\nType: \"AWS\",\nIdentifiers: interface{}{\naws_cloudfront_origin_access_identity.Example.Iam_arn,\n},\n},\n},\n},\n},\n}, nil);\nif err != nil {\nreturn err\n}\n_, err = s3.NewBucketPolicy(ctx, \"example\", \u0026s3.BucketPolicyArgs{\nBucket: pulumi.Any(aws_s3_bucket.Example.Id),\nPolicy: *pulumi.String(s3Policy.Json),\n})\nif err != nil {\nreturn err\n}\nreturn nil\n})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.aws.iam.IamFunctions;\nimport com.pulumi.aws.iam.inputs.GetPolicyDocumentArgs;\nimport com.pulumi.aws.s3.BucketPolicy;\nimport com.pulumi.aws.s3.BucketPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var s3Policy = IamFunctions.getPolicyDocument(GetPolicyDocumentArgs.builder()\n .statements(GetPolicyDocumentStatementArgs.builder()\n .actions(\"s3:GetObject\")\n .resources(String.format(\"%s/*\", aws_s3_bucket.example().arn()))\n .principals(GetPolicyDocumentStatementPrincipalArgs.builder()\n .type(\"AWS\")\n .identifiers(aws_cloudfront_origin_access_identity.example().iam_arn())\n .build())\n .build())\n .build());\n\n var example = new BucketPolicy(\"example\", BucketPolicyArgs.builder() \n .bucket(aws_s3_bucket.example().id())\n .policy(s3Policy.applyValue(getPolicyDocumentResult -\u003e getPolicyDocumentResult.json()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n example:\n type: aws:s3:BucketPolicy\n properties:\n bucket: ${aws_s3_bucket.example.id}\n policy: ${s3Policy.json}\nvariables:\n s3Policy:\n fn::invoke:\n Function: aws:iam:getPolicyDocument\n Arguments:\n statements:\n - actions:\n - s3:GetObject\n resources:\n - ${aws_s3_bucket.example.arn}/*\n principals:\n - type: AWS\n identifiers:\n - ${aws_cloudfront_origin_access_identity.example.iam_arn}\n```\n\n[1]: http://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/Introduction.html\n[2]: http://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/private-content-restricting-access-to-s3.html\n\n\n## Import\n\nterraform import {\n\n to = aws_cloudfront_origin_access_identity.origin_access\n\n id = \"E74FTE3AEXAMPLE\" } Using `pulumi import`, import Cloudfront Origin Access Identities using the `id`. For exampleconsole % pulumi import aws_cloudfront_origin_access_identity.origin_access E74FTE3AEXAMPLE ", + "description": "Creates an Amazon CloudFront origin access identity.\n\nFor information about CloudFront distributions, see the\n[Amazon CloudFront Developer Guide](http://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/Introduction.html). For more information on generating\norigin access identities, see\n[Using an Origin Access Identity to Restrict Access to Your Amazon S3 Content][2].\n\n{{% examples %}}\n## Example Usage\n{{% example %}}\n\nThe following example below creates a CloudFront origin access identity.\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst example = new aws.cloudfront.OriginAccessIdentity(\"example\", {comment: \"Some comment\"});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nexample = aws.cloudfront.OriginAccessIdentity(\"example\", comment=\"Some comment\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var example = new Aws.CloudFront.OriginAccessIdentity(\"example\", new()\n {\n Comment = \"Some comment\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/cloudfront\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := cloudfront.NewOriginAccessIdentity(ctx, \"example\", \u0026cloudfront.OriginAccessIdentityArgs{\n\t\t\tComment: pulumi.String(\"Some comment\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.aws.cloudfront.OriginAccessIdentity;\nimport com.pulumi.aws.cloudfront.OriginAccessIdentityArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var example = new OriginAccessIdentity(\"example\", OriginAccessIdentityArgs.builder() \n .comment(\"Some comment\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n example:\n type: aws:cloudfront:OriginAccessIdentity\n properties:\n comment: Some comment\n```\n{{% /example %}}\n{{% /examples %}}\n## Using With CloudFront\n\nNormally, when referencing an origin access identity in CloudFront, you need to\nprefix the ID with the `origin-access-identity/cloudfront/` special path.\nThe `cloudfront_access_identity_path` allows this to be circumvented.\nThe below snippet demonstrates use with the `s3_origin_config` structure for the\n`aws.cloudfront.Distribution` resource:\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\n// ... other configuration ...\nconst example = new aws.cloudfront.Distribution(\"example\", {origins: [{\n s3OriginConfig: {\n originAccessIdentity: aws_cloudfront_origin_access_identity.example.cloudfront_access_identity_path,\n },\n}]});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\n# ... other configuration ...\nexample = aws.cloudfront.Distribution(\"example\", origins=[aws.cloudfront.DistributionOriginArgs(\n s3_origin_config=aws.cloudfront.DistributionOriginS3OriginConfigArgs(\n origin_access_identity=aws_cloudfront_origin_access_identity[\"example\"][\"cloudfront_access_identity_path\"],\n ),\n)])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n // ... other configuration ...\n var example = new Aws.CloudFront.Distribution(\"example\", new()\n {\n Origins = new[]\n {\n new Aws.CloudFront.Inputs.DistributionOriginArgs\n {\n S3OriginConfig = new Aws.CloudFront.Inputs.DistributionOriginS3OriginConfigArgs\n {\n OriginAccessIdentity = aws_cloudfront_origin_access_identity.Example.Cloudfront_access_identity_path,\n },\n },\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/cloudfront\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := cloudfront.NewDistribution(ctx, \"example\", \u0026cloudfront.DistributionArgs{\n\t\t\tOrigins: cloudfront.DistributionOriginArray{\n\t\t\t\t\u0026cloudfront.DistributionOriginArgs{\n\t\t\t\t\tS3OriginConfig: \u0026cloudfront.DistributionOriginS3OriginConfigArgs{\n\t\t\t\t\t\tOriginAccessIdentity: pulumi.Any(aws_cloudfront_origin_access_identity.Example.Cloudfront_access_identity_path),\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.aws.cloudfront.Distribution;\nimport com.pulumi.aws.cloudfront.DistributionArgs;\nimport com.pulumi.aws.cloudfront.inputs.DistributionOriginArgs;\nimport com.pulumi.aws.cloudfront.inputs.DistributionOriginS3OriginConfigArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var example = new Distribution(\"example\", DistributionArgs.builder() \n .origins(DistributionOriginArgs.builder()\n .s3OriginConfig(DistributionOriginS3OriginConfigArgs.builder()\n .originAccessIdentity(aws_cloudfront_origin_access_identity.example().cloudfront_access_identity_path())\n .build())\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n example:\n type: aws:cloudfront:Distribution\n properties:\n origins:\n - s3OriginConfig:\n originAccessIdentity: ${aws_cloudfront_origin_access_identity.example.cloudfront_access_identity_path}\n```\n\n### Updating your bucket policy\n\nNote that the AWS API may translate the `s3_canonical_user_id` `CanonicalUser`\nprincipal into an `AWS` IAM ARN principal when supplied in an\n`aws.s3.BucketV2` bucket policy, causing spurious diffs. If\nyou see this behaviour, use the `iam_arn` instead:\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst s3Policy = aws.iam.getPolicyDocument({\n statements: [{\n actions: [\"s3:GetObject\"],\n resources: [`${aws_s3_bucket.example.arn}/*`],\n principals: [{\n type: \"AWS\",\n identifiers: [aws_cloudfront_origin_access_identity.example.iam_arn],\n }],\n }],\n});\nconst example = new aws.s3.BucketPolicy(\"example\", {\n bucket: aws_s3_bucket.example.id,\n policy: s3Policy.then(s3Policy =\u003e s3Policy.json),\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\ns3_policy = aws.iam.get_policy_document(statements=[aws.iam.GetPolicyDocumentStatementArgs(\n actions=[\"s3:GetObject\"],\n resources=[f\"{aws_s3_bucket['example']['arn']}/*\"],\n principals=[aws.iam.GetPolicyDocumentStatementPrincipalArgs(\n type=\"AWS\",\n identifiers=[aws_cloudfront_origin_access_identity[\"example\"][\"iam_arn\"]],\n )],\n)])\nexample = aws.s3.BucketPolicy(\"example\",\n bucket=aws_s3_bucket[\"example\"][\"id\"],\n policy=s3_policy.json)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var s3Policy = Aws.Iam.GetPolicyDocument.Invoke(new()\n {\n Statements = new[]\n {\n new Aws.Iam.Inputs.GetPolicyDocumentStatementInputArgs\n {\n Actions = new[]\n {\n \"s3:GetObject\",\n },\n Resources = new[]\n {\n $\"{aws_s3_bucket.Example.Arn}/*\",\n },\n Principals = new[]\n {\n new Aws.Iam.Inputs.GetPolicyDocumentStatementPrincipalInputArgs\n {\n Type = \"AWS\",\n Identifiers = new[]\n {\n aws_cloudfront_origin_access_identity.Example.Iam_arn,\n },\n },\n },\n },\n },\n });\n\n var example = new Aws.S3.BucketPolicy(\"example\", new()\n {\n Bucket = aws_s3_bucket.Example.Id,\n Policy = s3Policy.Apply(getPolicyDocumentResult =\u003e getPolicyDocumentResult.Json),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"fmt\"\n\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/iam\"\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/s3\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\nfunc main() {\npulumi.Run(func(ctx *pulumi.Context) error {\ns3Policy, err := iam.GetPolicyDocument(ctx, \u0026iam.GetPolicyDocumentArgs{\nStatements: []iam.GetPolicyDocumentStatement{\n{\nActions: []string{\n\"s3:GetObject\",\n},\nResources: []string{\nfmt.Sprintf(\"%v/*\", aws_s3_bucket.Example.Arn),\n},\nPrincipals: []iam.GetPolicyDocumentStatementPrincipal{\n{\nType: \"AWS\",\nIdentifiers: interface{}{\naws_cloudfront_origin_access_identity.Example.Iam_arn,\n},\n},\n},\n},\n},\n}, nil);\nif err != nil {\nreturn err\n}\n_, err = s3.NewBucketPolicy(ctx, \"example\", \u0026s3.BucketPolicyArgs{\nBucket: pulumi.Any(aws_s3_bucket.Example.Id),\nPolicy: *pulumi.String(s3Policy.Json),\n})\nif err != nil {\nreturn err\n}\nreturn nil\n})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.aws.iam.IamFunctions;\nimport com.pulumi.aws.iam.inputs.GetPolicyDocumentArgs;\nimport com.pulumi.aws.s3.BucketPolicy;\nimport com.pulumi.aws.s3.BucketPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var s3Policy = IamFunctions.getPolicyDocument(GetPolicyDocumentArgs.builder()\n .statements(GetPolicyDocumentStatementArgs.builder()\n .actions(\"s3:GetObject\")\n .resources(String.format(\"%s/*\", aws_s3_bucket.example().arn()))\n .principals(GetPolicyDocumentStatementPrincipalArgs.builder()\n .type(\"AWS\")\n .identifiers(aws_cloudfront_origin_access_identity.example().iam_arn())\n .build())\n .build())\n .build());\n\n var example = new BucketPolicy(\"example\", BucketPolicyArgs.builder() \n .bucket(aws_s3_bucket.example().id())\n .policy(s3Policy.applyValue(getPolicyDocumentResult -\u003e getPolicyDocumentResult.json()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n example:\n type: aws:s3:BucketPolicy\n properties:\n bucket: ${aws_s3_bucket.example.id}\n policy: ${s3Policy.json}\nvariables:\n s3Policy:\n fn::invoke:\n Function: aws:iam:getPolicyDocument\n Arguments:\n statements:\n - actions:\n - s3:GetObject\n resources:\n - ${aws_s3_bucket.example.arn}/*\n principals:\n - type: AWS\n identifiers:\n - ${aws_cloudfront_origin_access_identity.example.iam_arn}\n```\n\n[1]: http://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/Introduction.html\n[2]: http://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/private-content-restricting-access-to-s3.html\n\n\n## Import\n\nterraform import {\n\n to = aws_cloudfront_origin_access_identity.origin_access\n\n id = \"E74FTE3AEXAMPLE\" } Using `pulumi import`, import Cloudfront Origin Access Identities using the `id`. For exampleconsole % pulumi import aws_cloudfront_origin_access_identity.origin_access E74FTE3AEXAMPLE ", "properties": { "callerReference": { "type": "string", @@ -148064,7 +148061,7 @@ } }, "aws:cloudfront/realtimeLogConfig:RealtimeLogConfig": { - "description": "Provides a CloudFront real-time log configuration resource.\n\n{{% examples %}}\n## Example Usage\n{{% example %}}\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst assumeRole = aws.iam.getPolicyDocument({\n statements: [{\n effect: \"Allow\",\n principals: [{\n type: \"Service\",\n identifiers: [\"cloudfront.amazonaws.com\"],\n }],\n actions: [\"sts:AssumeRole\"],\n }],\n});\nconst exampleRole = new aws.iam.Role(\"exampleRole\", {assumeRolePolicy: assumeRole.then(assumeRole =\u003e assumeRole.json)});\nconst examplePolicyDocument = aws.iam.getPolicyDocument({\n statements: [{\n effect: \"Allow\",\n actions: [\n \"kinesis:DescribeStreamSummary\",\n \"kinesis:DescribeStream\",\n \"kinesis:PutRecord\",\n \"kinesis:PutRecords\",\n ],\n resources: [aws_kinesis_stream.example.arn],\n }],\n});\nconst exampleRolePolicy = new aws.iam.RolePolicy(\"exampleRolePolicy\", {\n role: exampleRole.id,\n policy: examplePolicyDocument.then(examplePolicyDocument =\u003e examplePolicyDocument.json),\n});\nconst exampleRealtimeLogConfig = new aws.cloudfront.RealtimeLogConfig(\"exampleRealtimeLogConfig\", {\n samplingRate: 75,\n fields: [\n \"timestamp\",\n \"c-ip\",\n ],\n endpoint: {\n streamType: \"Kinesis\",\n kinesisStreamConfig: {\n roleArn: exampleRole.arn,\n streamArn: aws_kinesis_stream.example.arn,\n },\n },\n}, {\n dependsOn: [exampleRolePolicy],\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nassume_role = aws.iam.get_policy_document(statements=[aws.iam.GetPolicyDocumentStatementArgs(\n effect=\"Allow\",\n principals=[aws.iam.GetPolicyDocumentStatementPrincipalArgs(\n type=\"Service\",\n identifiers=[\"cloudfront.amazonaws.com\"],\n )],\n actions=[\"sts:AssumeRole\"],\n)])\nexample_role = aws.iam.Role(\"exampleRole\", assume_role_policy=assume_role.json)\nexample_policy_document = aws.iam.get_policy_document(statements=[aws.iam.GetPolicyDocumentStatementArgs(\n effect=\"Allow\",\n actions=[\n \"kinesis:DescribeStreamSummary\",\n \"kinesis:DescribeStream\",\n \"kinesis:PutRecord\",\n \"kinesis:PutRecords\",\n ],\n resources=[aws_kinesis_stream[\"example\"][\"arn\"]],\n)])\nexample_role_policy = aws.iam.RolePolicy(\"exampleRolePolicy\",\n role=example_role.id,\n policy=example_policy_document.json)\nexample_realtime_log_config = aws.cloudfront.RealtimeLogConfig(\"exampleRealtimeLogConfig\",\n sampling_rate=75,\n fields=[\n \"timestamp\",\n \"c-ip\",\n ],\n endpoint=aws.cloudfront.RealtimeLogConfigEndpointArgs(\n stream_type=\"Kinesis\",\n kinesis_stream_config=aws.cloudfront.RealtimeLogConfigEndpointKinesisStreamConfigArgs(\n role_arn=example_role.arn,\n stream_arn=aws_kinesis_stream[\"example\"][\"arn\"],\n ),\n ),\n opts=pulumi.ResourceOptions(depends_on=[example_role_policy]))\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var assumeRole = Aws.Iam.GetPolicyDocument.Invoke(new()\n {\n Statements = new[]\n {\n new Aws.Iam.Inputs.GetPolicyDocumentStatementInputArgs\n {\n Effect = \"Allow\",\n Principals = new[]\n {\n new Aws.Iam.Inputs.GetPolicyDocumentStatementPrincipalInputArgs\n {\n Type = \"Service\",\n Identifiers = new[]\n {\n \"cloudfront.amazonaws.com\",\n },\n },\n },\n Actions = new[]\n {\n \"sts:AssumeRole\",\n },\n },\n },\n });\n\n var exampleRole = new Aws.Iam.Role(\"exampleRole\", new()\n {\n AssumeRolePolicy = assumeRole.Apply(getPolicyDocumentResult =\u003e getPolicyDocumentResult.Json),\n });\n\n var examplePolicyDocument = Aws.Iam.GetPolicyDocument.Invoke(new()\n {\n Statements = new[]\n {\n new Aws.Iam.Inputs.GetPolicyDocumentStatementInputArgs\n {\n Effect = \"Allow\",\n Actions = new[]\n {\n \"kinesis:DescribeStreamSummary\",\n \"kinesis:DescribeStream\",\n \"kinesis:PutRecord\",\n \"kinesis:PutRecords\",\n },\n Resources = new[]\n {\n aws_kinesis_stream.Example.Arn,\n },\n },\n },\n });\n\n var exampleRolePolicy = new Aws.Iam.RolePolicy(\"exampleRolePolicy\", new()\n {\n Role = exampleRole.Id,\n Policy = examplePolicyDocument.Apply(getPolicyDocumentResult =\u003e getPolicyDocumentResult.Json),\n });\n\n var exampleRealtimeLogConfig = new Aws.CloudFront.RealtimeLogConfig(\"exampleRealtimeLogConfig\", new()\n {\n SamplingRate = 75,\n Fields = new[]\n {\n \"timestamp\",\n \"c-ip\",\n },\n Endpoint = new Aws.CloudFront.Inputs.RealtimeLogConfigEndpointArgs\n {\n StreamType = \"Kinesis\",\n KinesisStreamConfig = new Aws.CloudFront.Inputs.RealtimeLogConfigEndpointKinesisStreamConfigArgs\n {\n RoleArn = exampleRole.Arn,\n StreamArn = aws_kinesis_stream.Example.Arn,\n },\n },\n }, new CustomResourceOptions\n {\n DependsOn = new[]\n {\n exampleRolePolicy,\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\n\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/cloudfront\"\n\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/iam\"\n)\nfunc main() {\npulumi.Run(func(ctx *pulumi.Context) error {\nassumeRole, err := iam.GetPolicyDocument(ctx, \u0026iam.GetPolicyDocumentArgs{\nStatements: []iam.GetPolicyDocumentStatement{\n{\nEffect: pulumi.StringRef(\"Allow\"),\nPrincipals: []iam.GetPolicyDocumentStatementPrincipal{\n{\nType: \"Service\",\nIdentifiers: []string{\n\"cloudfront.amazonaws.com\",\n},\n},\n},\nActions: []string{\n\"sts:AssumeRole\",\n},\n},\n},\n}, nil);\nif err != nil {\nreturn err\n}\nexampleRole, err := iam.NewRole(ctx, \"exampleRole\", \u0026iam.RoleArgs{\nAssumeRolePolicy: *pulumi.String(assumeRole.Json),\n})\nif err != nil {\nreturn err\n}\nexamplePolicyDocument, err := iam.GetPolicyDocument(ctx, \u0026iam.GetPolicyDocumentArgs{\nStatements: []iam.GetPolicyDocumentStatement{\n{\nEffect: pulumi.StringRef(\"Allow\"),\nActions: []string{\n\"kinesis:DescribeStreamSummary\",\n\"kinesis:DescribeStream\",\n\"kinesis:PutRecord\",\n\"kinesis:PutRecords\",\n},\nResources: interface{}{\naws_kinesis_stream.Example.Arn,\n},\n},\n},\n}, nil);\nif err != nil {\nreturn err\n}\nexampleRolePolicy, err := iam.NewRolePolicy(ctx, \"exampleRolePolicy\", \u0026iam.RolePolicyArgs{\nRole: exampleRole.ID(),\nPolicy: *pulumi.String(examplePolicyDocument.Json),\n})\nif err != nil {\nreturn err\n}\n_, err = cloudfront.NewRealtimeLogConfig(ctx, \"exampleRealtimeLogConfig\", \u0026cloudfront.RealtimeLogConfigArgs{\nSamplingRate: pulumi.Int(75),\nFields: pulumi.StringArray{\npulumi.String(\"timestamp\"),\npulumi.String(\"c-ip\"),\n},\nEndpoint: \u0026cloudfront.RealtimeLogConfigEndpointArgs{\nStreamType: pulumi.String(\"Kinesis\"),\nKinesisStreamConfig: \u0026cloudfront.RealtimeLogConfigEndpointKinesisStreamConfigArgs{\nRoleArn: exampleRole.Arn,\nStreamArn: pulumi.Any(aws_kinesis_stream.Example.Arn),\n},\n},\n}, pulumi.DependsOn([]pulumi.Resource{\nexampleRolePolicy,\n}))\nif err != nil {\nreturn err\n}\nreturn nil\n})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.aws.iam.IamFunctions;\nimport com.pulumi.aws.iam.inputs.GetPolicyDocumentArgs;\nimport com.pulumi.aws.iam.Role;\nimport com.pulumi.aws.iam.RoleArgs;\nimport com.pulumi.aws.iam.RolePolicy;\nimport com.pulumi.aws.iam.RolePolicyArgs;\nimport com.pulumi.aws.cloudfront.RealtimeLogConfig;\nimport com.pulumi.aws.cloudfront.RealtimeLogConfigArgs;\nimport com.pulumi.aws.cloudfront.inputs.RealtimeLogConfigEndpointArgs;\nimport com.pulumi.aws.cloudfront.inputs.RealtimeLogConfigEndpointKinesisStreamConfigArgs;\nimport com.pulumi.resources.CustomResourceOptions;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var assumeRole = IamFunctions.getPolicyDocument(GetPolicyDocumentArgs.builder()\n .statements(GetPolicyDocumentStatementArgs.builder()\n .effect(\"Allow\")\n .principals(GetPolicyDocumentStatementPrincipalArgs.builder()\n .type(\"Service\")\n .identifiers(\"cloudfront.amazonaws.com\")\n .build())\n .actions(\"sts:AssumeRole\")\n .build())\n .build());\n\n var exampleRole = new Role(\"exampleRole\", RoleArgs.builder() \n .assumeRolePolicy(assumeRole.applyValue(getPolicyDocumentResult -\u003e getPolicyDocumentResult.json()))\n .build());\n\n final var examplePolicyDocument = IamFunctions.getPolicyDocument(GetPolicyDocumentArgs.builder()\n .statements(GetPolicyDocumentStatementArgs.builder()\n .effect(\"Allow\")\n .actions( \n \"kinesis:DescribeStreamSummary\",\n \"kinesis:DescribeStream\",\n \"kinesis:PutRecord\",\n \"kinesis:PutRecords\")\n .resources(aws_kinesis_stream.example().arn())\n .build())\n .build());\n\n var exampleRolePolicy = new RolePolicy(\"exampleRolePolicy\", RolePolicyArgs.builder() \n .role(exampleRole.id())\n .policy(examplePolicyDocument.applyValue(getPolicyDocumentResult -\u003e getPolicyDocumentResult.json()))\n .build());\n\n var exampleRealtimeLogConfig = new RealtimeLogConfig(\"exampleRealtimeLogConfig\", RealtimeLogConfigArgs.builder() \n .samplingRate(75)\n .fields( \n \"timestamp\",\n \"c-ip\")\n .endpoint(RealtimeLogConfigEndpointArgs.builder()\n .streamType(\"Kinesis\")\n .kinesisStreamConfig(RealtimeLogConfigEndpointKinesisStreamConfigArgs.builder()\n .roleArn(exampleRole.arn())\n .streamArn(aws_kinesis_stream.example().arn())\n .build())\n .build())\n .build(), CustomResourceOptions.builder()\n .dependsOn(exampleRolePolicy)\n .build());\n\n }\n}\n```\n```yaml\nresources:\n exampleRole:\n type: aws:iam:Role\n properties:\n assumeRolePolicy: ${assumeRole.json}\n exampleRolePolicy:\n type: aws:iam:RolePolicy\n properties:\n role: ${exampleRole.id}\n policy: ${examplePolicyDocument.json}\n exampleRealtimeLogConfig:\n type: aws:cloudfront:RealtimeLogConfig\n properties:\n samplingRate: 75\n fields:\n - timestamp\n - c-ip\n endpoint:\n streamType: Kinesis\n kinesisStreamConfig:\n roleArn: ${exampleRole.arn}\n streamArn: ${aws_kinesis_stream.example.arn}\n options:\n dependson:\n - ${exampleRolePolicy}\nvariables:\n assumeRole:\n fn::invoke:\n Function: aws:iam:getPolicyDocument\n Arguments:\n statements:\n - effect: Allow\n principals:\n - type: Service\n identifiers:\n - cloudfront.amazonaws.com\n actions:\n - sts:AssumeRole\n examplePolicyDocument:\n fn::invoke:\n Function: aws:iam:getPolicyDocument\n Arguments:\n statements:\n - effect: Allow\n actions:\n - kinesis:DescribeStreamSummary\n - kinesis:DescribeStream\n - kinesis:PutRecord\n - kinesis:PutRecords\n resources:\n - ${aws_kinesis_stream.example.arn}\n```\n{{% /example %}}\n{{% /examples %}}\n\n## Import\n\nterraform import {\n\n to = aws_cloudfront_realtime_log_config.example\n\n id = \"arn:aws:cloudfront::111122223333:realtime-log-config/ExampleNameForRealtimeLogConfig\" } Using `pulumi import`, import CloudFront real-time log configurations using the ARN. For exampleconsole % pulumi import aws_cloudfront_realtime_log_config.example arn:aws:cloudfront::111122223333:realtime-log-config/ExampleNameForRealtimeLogConfig ", + "description": "Provides a CloudFront real-time log configuration resource.\n\n{{% examples %}}\n## Example Usage\n{{% example %}}\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst assumeRole = aws.iam.getPolicyDocument({\n statements: [{\n effect: \"Allow\",\n principals: [{\n type: \"Service\",\n identifiers: [\"cloudfront.amazonaws.com\"],\n }],\n actions: [\"sts:AssumeRole\"],\n }],\n});\nconst exampleRole = new aws.iam.Role(\"exampleRole\", {assumeRolePolicy: assumeRole.then(assumeRole =\u003e assumeRole.json)});\nconst examplePolicyDocument = aws.iam.getPolicyDocument({\n statements: [{\n effect: \"Allow\",\n actions: [\n \"kinesis:DescribeStreamSummary\",\n \"kinesis:DescribeStream\",\n \"kinesis:PutRecord\",\n \"kinesis:PutRecords\",\n ],\n resources: [aws_kinesis_stream.example.arn],\n }],\n});\nconst exampleRolePolicy = new aws.iam.RolePolicy(\"exampleRolePolicy\", {\n role: exampleRole.id,\n policy: examplePolicyDocument.then(examplePolicyDocument =\u003e examplePolicyDocument.json),\n});\nconst exampleRealtimeLogConfig = new aws.cloudfront.RealtimeLogConfig(\"exampleRealtimeLogConfig\", {\n samplingRate: 75,\n fields: [\n \"timestamp\",\n \"c-ip\",\n ],\n endpoint: {\n streamType: \"Kinesis\",\n kinesisStreamConfig: {\n roleArn: exampleRole.arn,\n streamArn: aws_kinesis_stream.example.arn,\n },\n },\n}, {\n dependsOn: [exampleRolePolicy],\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nassume_role = aws.iam.get_policy_document(statements=[aws.iam.GetPolicyDocumentStatementArgs(\n effect=\"Allow\",\n principals=[aws.iam.GetPolicyDocumentStatementPrincipalArgs(\n type=\"Service\",\n identifiers=[\"cloudfront.amazonaws.com\"],\n )],\n actions=[\"sts:AssumeRole\"],\n)])\nexample_role = aws.iam.Role(\"exampleRole\", assume_role_policy=assume_role.json)\nexample_policy_document = aws.iam.get_policy_document(statements=[aws.iam.GetPolicyDocumentStatementArgs(\n effect=\"Allow\",\n actions=[\n \"kinesis:DescribeStreamSummary\",\n \"kinesis:DescribeStream\",\n \"kinesis:PutRecord\",\n \"kinesis:PutRecords\",\n ],\n resources=[aws_kinesis_stream[\"example\"][\"arn\"]],\n)])\nexample_role_policy = aws.iam.RolePolicy(\"exampleRolePolicy\",\n role=example_role.id,\n policy=example_policy_document.json)\nexample_realtime_log_config = aws.cloudfront.RealtimeLogConfig(\"exampleRealtimeLogConfig\",\n sampling_rate=75,\n fields=[\n \"timestamp\",\n \"c-ip\",\n ],\n endpoint=aws.cloudfront.RealtimeLogConfigEndpointArgs(\n stream_type=\"Kinesis\",\n kinesis_stream_config=aws.cloudfront.RealtimeLogConfigEndpointKinesisStreamConfigArgs(\n role_arn=example_role.arn,\n stream_arn=aws_kinesis_stream[\"example\"][\"arn\"],\n ),\n ),\n opts=pulumi.ResourceOptions(depends_on=[example_role_policy]))\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var assumeRole = Aws.Iam.GetPolicyDocument.Invoke(new()\n {\n Statements = new[]\n {\n new Aws.Iam.Inputs.GetPolicyDocumentStatementInputArgs\n {\n Effect = \"Allow\",\n Principals = new[]\n {\n new Aws.Iam.Inputs.GetPolicyDocumentStatementPrincipalInputArgs\n {\n Type = \"Service\",\n Identifiers = new[]\n {\n \"cloudfront.amazonaws.com\",\n },\n },\n },\n Actions = new[]\n {\n \"sts:AssumeRole\",\n },\n },\n },\n });\n\n var exampleRole = new Aws.Iam.Role(\"exampleRole\", new()\n {\n AssumeRolePolicy = assumeRole.Apply(getPolicyDocumentResult =\u003e getPolicyDocumentResult.Json),\n });\n\n var examplePolicyDocument = Aws.Iam.GetPolicyDocument.Invoke(new()\n {\n Statements = new[]\n {\n new Aws.Iam.Inputs.GetPolicyDocumentStatementInputArgs\n {\n Effect = \"Allow\",\n Actions = new[]\n {\n \"kinesis:DescribeStreamSummary\",\n \"kinesis:DescribeStream\",\n \"kinesis:PutRecord\",\n \"kinesis:PutRecords\",\n },\n Resources = new[]\n {\n aws_kinesis_stream.Example.Arn,\n },\n },\n },\n });\n\n var exampleRolePolicy = new Aws.Iam.RolePolicy(\"exampleRolePolicy\", new()\n {\n Role = exampleRole.Id,\n Policy = examplePolicyDocument.Apply(getPolicyDocumentResult =\u003e getPolicyDocumentResult.Json),\n });\n\n var exampleRealtimeLogConfig = new Aws.CloudFront.RealtimeLogConfig(\"exampleRealtimeLogConfig\", new()\n {\n SamplingRate = 75,\n Fields = new[]\n {\n \"timestamp\",\n \"c-ip\",\n },\n Endpoint = new Aws.CloudFront.Inputs.RealtimeLogConfigEndpointArgs\n {\n StreamType = \"Kinesis\",\n KinesisStreamConfig = new Aws.CloudFront.Inputs.RealtimeLogConfigEndpointKinesisStreamConfigArgs\n {\n RoleArn = exampleRole.Arn,\n StreamArn = aws_kinesis_stream.Example.Arn,\n },\n },\n }, new CustomResourceOptions\n {\n DependsOn = new[]\n {\n exampleRolePolicy,\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/cloudfront\"\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/iam\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\nfunc main() {\npulumi.Run(func(ctx *pulumi.Context) error {\nassumeRole, err := iam.GetPolicyDocument(ctx, \u0026iam.GetPolicyDocumentArgs{\nStatements: []iam.GetPolicyDocumentStatement{\n{\nEffect: pulumi.StringRef(\"Allow\"),\nPrincipals: []iam.GetPolicyDocumentStatementPrincipal{\n{\nType: \"Service\",\nIdentifiers: []string{\n\"cloudfront.amazonaws.com\",\n},\n},\n},\nActions: []string{\n\"sts:AssumeRole\",\n},\n},\n},\n}, nil);\nif err != nil {\nreturn err\n}\nexampleRole, err := iam.NewRole(ctx, \"exampleRole\", \u0026iam.RoleArgs{\nAssumeRolePolicy: *pulumi.String(assumeRole.Json),\n})\nif err != nil {\nreturn err\n}\nexamplePolicyDocument, err := iam.GetPolicyDocument(ctx, \u0026iam.GetPolicyDocumentArgs{\nStatements: []iam.GetPolicyDocumentStatement{\n{\nEffect: pulumi.StringRef(\"Allow\"),\nActions: []string{\n\"kinesis:DescribeStreamSummary\",\n\"kinesis:DescribeStream\",\n\"kinesis:PutRecord\",\n\"kinesis:PutRecords\",\n},\nResources: interface{}{\naws_kinesis_stream.Example.Arn,\n},\n},\n},\n}, nil);\nif err != nil {\nreturn err\n}\nexampleRolePolicy, err := iam.NewRolePolicy(ctx, \"exampleRolePolicy\", \u0026iam.RolePolicyArgs{\nRole: exampleRole.ID(),\nPolicy: *pulumi.String(examplePolicyDocument.Json),\n})\nif err != nil {\nreturn err\n}\n_, err = cloudfront.NewRealtimeLogConfig(ctx, \"exampleRealtimeLogConfig\", \u0026cloudfront.RealtimeLogConfigArgs{\nSamplingRate: pulumi.Int(75),\nFields: pulumi.StringArray{\npulumi.String(\"timestamp\"),\npulumi.String(\"c-ip\"),\n},\nEndpoint: \u0026cloudfront.RealtimeLogConfigEndpointArgs{\nStreamType: pulumi.String(\"Kinesis\"),\nKinesisStreamConfig: \u0026cloudfront.RealtimeLogConfigEndpointKinesisStreamConfigArgs{\nRoleArn: exampleRole.Arn,\nStreamArn: pulumi.Any(aws_kinesis_stream.Example.Arn),\n},\n},\n}, pulumi.DependsOn([]pulumi.Resource{\nexampleRolePolicy,\n}))\nif err != nil {\nreturn err\n}\nreturn nil\n})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.aws.iam.IamFunctions;\nimport com.pulumi.aws.iam.inputs.GetPolicyDocumentArgs;\nimport com.pulumi.aws.iam.Role;\nimport com.pulumi.aws.iam.RoleArgs;\nimport com.pulumi.aws.iam.RolePolicy;\nimport com.pulumi.aws.iam.RolePolicyArgs;\nimport com.pulumi.aws.cloudfront.RealtimeLogConfig;\nimport com.pulumi.aws.cloudfront.RealtimeLogConfigArgs;\nimport com.pulumi.aws.cloudfront.inputs.RealtimeLogConfigEndpointArgs;\nimport com.pulumi.aws.cloudfront.inputs.RealtimeLogConfigEndpointKinesisStreamConfigArgs;\nimport com.pulumi.resources.CustomResourceOptions;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var assumeRole = IamFunctions.getPolicyDocument(GetPolicyDocumentArgs.builder()\n .statements(GetPolicyDocumentStatementArgs.builder()\n .effect(\"Allow\")\n .principals(GetPolicyDocumentStatementPrincipalArgs.builder()\n .type(\"Service\")\n .identifiers(\"cloudfront.amazonaws.com\")\n .build())\n .actions(\"sts:AssumeRole\")\n .build())\n .build());\n\n var exampleRole = new Role(\"exampleRole\", RoleArgs.builder() \n .assumeRolePolicy(assumeRole.applyValue(getPolicyDocumentResult -\u003e getPolicyDocumentResult.json()))\n .build());\n\n final var examplePolicyDocument = IamFunctions.getPolicyDocument(GetPolicyDocumentArgs.builder()\n .statements(GetPolicyDocumentStatementArgs.builder()\n .effect(\"Allow\")\n .actions( \n \"kinesis:DescribeStreamSummary\",\n \"kinesis:DescribeStream\",\n \"kinesis:PutRecord\",\n \"kinesis:PutRecords\")\n .resources(aws_kinesis_stream.example().arn())\n .build())\n .build());\n\n var exampleRolePolicy = new RolePolicy(\"exampleRolePolicy\", RolePolicyArgs.builder() \n .role(exampleRole.id())\n .policy(examplePolicyDocument.applyValue(getPolicyDocumentResult -\u003e getPolicyDocumentResult.json()))\n .build());\n\n var exampleRealtimeLogConfig = new RealtimeLogConfig(\"exampleRealtimeLogConfig\", RealtimeLogConfigArgs.builder() \n .samplingRate(75)\n .fields( \n \"timestamp\",\n \"c-ip\")\n .endpoint(RealtimeLogConfigEndpointArgs.builder()\n .streamType(\"Kinesis\")\n .kinesisStreamConfig(RealtimeLogConfigEndpointKinesisStreamConfigArgs.builder()\n .roleArn(exampleRole.arn())\n .streamArn(aws_kinesis_stream.example().arn())\n .build())\n .build())\n .build(), CustomResourceOptions.builder()\n .dependsOn(exampleRolePolicy)\n .build());\n\n }\n}\n```\n```yaml\nresources:\n exampleRole:\n type: aws:iam:Role\n properties:\n assumeRolePolicy: ${assumeRole.json}\n exampleRolePolicy:\n type: aws:iam:RolePolicy\n properties:\n role: ${exampleRole.id}\n policy: ${examplePolicyDocument.json}\n exampleRealtimeLogConfig:\n type: aws:cloudfront:RealtimeLogConfig\n properties:\n samplingRate: 75\n fields:\n - timestamp\n - c-ip\n endpoint:\n streamType: Kinesis\n kinesisStreamConfig:\n roleArn: ${exampleRole.arn}\n streamArn: ${aws_kinesis_stream.example.arn}\n options:\n dependson:\n - ${exampleRolePolicy}\nvariables:\n assumeRole:\n fn::invoke:\n Function: aws:iam:getPolicyDocument\n Arguments:\n statements:\n - effect: Allow\n principals:\n - type: Service\n identifiers:\n - cloudfront.amazonaws.com\n actions:\n - sts:AssumeRole\n examplePolicyDocument:\n fn::invoke:\n Function: aws:iam:getPolicyDocument\n Arguments:\n statements:\n - effect: Allow\n actions:\n - kinesis:DescribeStreamSummary\n - kinesis:DescribeStream\n - kinesis:PutRecord\n - kinesis:PutRecords\n resources:\n - ${aws_kinesis_stream.example.arn}\n```\n{{% /example %}}\n{{% /examples %}}\n\n## Import\n\nterraform import {\n\n to = aws_cloudfront_realtime_log_config.example\n\n id = \"arn:aws:cloudfront::111122223333:realtime-log-config/ExampleNameForRealtimeLogConfig\" } Using `pulumi import`, import CloudFront real-time log configurations using the ARN. For exampleconsole % pulumi import aws_cloudfront_realtime_log_config.example arn:aws:cloudfront::111122223333:realtime-log-config/ExampleNameForRealtimeLogConfig ", "properties": { "arn": { "type": "string", @@ -149692,7 +149689,7 @@ } }, "aws:cloudwatch/eventBusPolicy:EventBusPolicy": { - "description": "Provides a resource to create an EventBridge resource policy to support cross-account events.\n\n\u003e **Note:** EventBridge was formerly known as CloudWatch Events. The functionality is identical.\n\n\u003e **Note:** The EventBridge bus policy resource (`aws.cloudwatch.EventBusPolicy`) is incompatible with the EventBridge permission resource (`aws.cloudwatch.EventPermission`) and will overwrite permissions.\n\n{{% examples %}}\n## Example Usage\n{{% example %}}\n### Account Access\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst testPolicyDocument = aws.iam.getPolicyDocument({\n statements: [{\n sid: \"DevAccountAccess\",\n effect: \"Allow\",\n actions: [\"events:PutEvents\"],\n resources: [\"arn:aws:events:eu-west-1:123456789012:event-bus/default\"],\n principals: [{\n type: \"AWS\",\n identifiers: [\"123456789012\"],\n }],\n }],\n});\nconst testEventBusPolicy = new aws.cloudwatch.EventBusPolicy(\"testEventBusPolicy\", {\n policy: testPolicyDocument.then(testPolicyDocument =\u003e testPolicyDocument.json),\n eventBusName: aws_cloudwatch_event_bus.test.name,\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\ntest_policy_document = aws.iam.get_policy_document(statements=[aws.iam.GetPolicyDocumentStatementArgs(\n sid=\"DevAccountAccess\",\n effect=\"Allow\",\n actions=[\"events:PutEvents\"],\n resources=[\"arn:aws:events:eu-west-1:123456789012:event-bus/default\"],\n principals=[aws.iam.GetPolicyDocumentStatementPrincipalArgs(\n type=\"AWS\",\n identifiers=[\"123456789012\"],\n )],\n)])\ntest_event_bus_policy = aws.cloudwatch.EventBusPolicy(\"testEventBusPolicy\",\n policy=test_policy_document.json,\n event_bus_name=aws_cloudwatch_event_bus[\"test\"][\"name\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var testPolicyDocument = Aws.Iam.GetPolicyDocument.Invoke(new()\n {\n Statements = new[]\n {\n new Aws.Iam.Inputs.GetPolicyDocumentStatementInputArgs\n {\n Sid = \"DevAccountAccess\",\n Effect = \"Allow\",\n Actions = new[]\n {\n \"events:PutEvents\",\n },\n Resources = new[]\n {\n \"arn:aws:events:eu-west-1:123456789012:event-bus/default\",\n },\n Principals = new[]\n {\n new Aws.Iam.Inputs.GetPolicyDocumentStatementPrincipalInputArgs\n {\n Type = \"AWS\",\n Identifiers = new[]\n {\n \"123456789012\",\n },\n },\n },\n },\n },\n });\n\n var testEventBusPolicy = new Aws.CloudWatch.EventBusPolicy(\"testEventBusPolicy\", new()\n {\n Policy = testPolicyDocument.Apply(getPolicyDocumentResult =\u003e getPolicyDocumentResult.Json),\n EventBusName = aws_cloudwatch_event_bus.Test.Name,\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/cloudwatch\"\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/iam\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\ttestPolicyDocument, err := iam.GetPolicyDocument(ctx, \u0026iam.GetPolicyDocumentArgs{\n\t\t\tStatements: []iam.GetPolicyDocumentStatement{\n\t\t\t\t{\n\t\t\t\t\tSid: pulumi.StringRef(\"DevAccountAccess\"),\n\t\t\t\t\tEffect: pulumi.StringRef(\"Allow\"),\n\t\t\t\t\tActions: []string{\n\t\t\t\t\t\t\"events:PutEvents\",\n\t\t\t\t\t},\n\t\t\t\t\tResources: []string{\n\t\t\t\t\t\t\"arn:aws:events:eu-west-1:123456789012:event-bus/default\",\n\t\t\t\t\t},\n\t\t\t\t\tPrincipals: []iam.GetPolicyDocumentStatementPrincipal{\n\t\t\t\t\t\t{\n\t\t\t\t\t\t\tType: \"AWS\",\n\t\t\t\t\t\t\tIdentifiers: []string{\n\t\t\t\t\t\t\t\t\"123456789012\",\n\t\t\t\t\t\t\t},\n\t\t\t\t\t\t},\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = cloudwatch.NewEventBusPolicy(ctx, \"testEventBusPolicy\", \u0026cloudwatch.EventBusPolicyArgs{\n\t\t\tPolicy: *pulumi.String(testPolicyDocument.Json),\n\t\t\tEventBusName: pulumi.Any(aws_cloudwatch_event_bus.Test.Name),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.aws.iam.IamFunctions;\nimport com.pulumi.aws.iam.inputs.GetPolicyDocumentArgs;\nimport com.pulumi.aws.cloudwatch.EventBusPolicy;\nimport com.pulumi.aws.cloudwatch.EventBusPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var testPolicyDocument = IamFunctions.getPolicyDocument(GetPolicyDocumentArgs.builder()\n .statements(GetPolicyDocumentStatementArgs.builder()\n .sid(\"DevAccountAccess\")\n .effect(\"Allow\")\n .actions(\"events:PutEvents\")\n .resources(\"arn:aws:events:eu-west-1:123456789012:event-bus/default\")\n .principals(GetPolicyDocumentStatementPrincipalArgs.builder()\n .type(\"AWS\")\n .identifiers(\"123456789012\")\n .build())\n .build())\n .build());\n\n var testEventBusPolicy = new EventBusPolicy(\"testEventBusPolicy\", EventBusPolicyArgs.builder() \n .policy(testPolicyDocument.applyValue(getPolicyDocumentResult -\u003e getPolicyDocumentResult.json()))\n .eventBusName(aws_cloudwatch_event_bus.test().name())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n testEventBusPolicy:\n type: aws:cloudwatch:EventBusPolicy\n properties:\n policy: ${testPolicyDocument.json}\n eventBusName: ${aws_cloudwatch_event_bus.test.name}\nvariables:\n testPolicyDocument:\n fn::invoke:\n Function: aws:iam:getPolicyDocument\n Arguments:\n statements:\n - sid: DevAccountAccess\n effect: Allow\n actions:\n - events:PutEvents\n resources:\n - arn:aws:events:eu-west-1:123456789012:event-bus/default\n principals:\n - type: AWS\n identifiers:\n - '123456789012'\n```\n{{% /example %}}\n{{% example %}}\n### Organization Access\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst testPolicyDocument = aws.iam.getPolicyDocument({\n statements: [{\n sid: \"OrganizationAccess\",\n effect: \"Allow\",\n actions: [\n \"events:DescribeRule\",\n \"events:ListRules\",\n \"events:ListTargetsByRule\",\n \"events:ListTagsForResource\",\n ],\n resources: [\n \"arn:aws:events:eu-west-1:123456789012:rule/*\",\n \"arn:aws:events:eu-west-1:123456789012:event-bus/default\",\n ],\n principals: [{\n type: \"AWS\",\n identifiers: [\"*\"],\n }],\n conditions: [{\n test: \"StringEquals\",\n variable: \"aws:PrincipalOrgID\",\n values: [aws_organizations_organization.example.id],\n }],\n }],\n});\nconst testEventBusPolicy = new aws.cloudwatch.EventBusPolicy(\"testEventBusPolicy\", {\n policy: testPolicyDocument.then(testPolicyDocument =\u003e testPolicyDocument.json),\n eventBusName: aws_cloudwatch_event_bus.test.name,\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\ntest_policy_document = aws.iam.get_policy_document(statements=[aws.iam.GetPolicyDocumentStatementArgs(\n sid=\"OrganizationAccess\",\n effect=\"Allow\",\n actions=[\n \"events:DescribeRule\",\n \"events:ListRules\",\n \"events:ListTargetsByRule\",\n \"events:ListTagsForResource\",\n ],\n resources=[\n \"arn:aws:events:eu-west-1:123456789012:rule/*\",\n \"arn:aws:events:eu-west-1:123456789012:event-bus/default\",\n ],\n principals=[aws.iam.GetPolicyDocumentStatementPrincipalArgs(\n type=\"AWS\",\n identifiers=[\"*\"],\n )],\n conditions=[aws.iam.GetPolicyDocumentStatementConditionArgs(\n test=\"StringEquals\",\n variable=\"aws:PrincipalOrgID\",\n values=[aws_organizations_organization[\"example\"][\"id\"]],\n )],\n)])\ntest_event_bus_policy = aws.cloudwatch.EventBusPolicy(\"testEventBusPolicy\",\n policy=test_policy_document.json,\n event_bus_name=aws_cloudwatch_event_bus[\"test\"][\"name\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var testPolicyDocument = Aws.Iam.GetPolicyDocument.Invoke(new()\n {\n Statements = new[]\n {\n new Aws.Iam.Inputs.GetPolicyDocumentStatementInputArgs\n {\n Sid = \"OrganizationAccess\",\n Effect = \"Allow\",\n Actions = new[]\n {\n \"events:DescribeRule\",\n \"events:ListRules\",\n \"events:ListTargetsByRule\",\n \"events:ListTagsForResource\",\n },\n Resources = new[]\n {\n \"arn:aws:events:eu-west-1:123456789012:rule/*\",\n \"arn:aws:events:eu-west-1:123456789012:event-bus/default\",\n },\n Principals = new[]\n {\n new Aws.Iam.Inputs.GetPolicyDocumentStatementPrincipalInputArgs\n {\n Type = \"AWS\",\n Identifiers = new[]\n {\n \"*\",\n },\n },\n },\n Conditions = new[]\n {\n new Aws.Iam.Inputs.GetPolicyDocumentStatementConditionInputArgs\n {\n Test = \"StringEquals\",\n Variable = \"aws:PrincipalOrgID\",\n Values = new[]\n {\n aws_organizations_organization.Example.Id,\n },\n },\n },\n },\n },\n });\n\n var testEventBusPolicy = new Aws.CloudWatch.EventBusPolicy(\"testEventBusPolicy\", new()\n {\n Policy = testPolicyDocument.Apply(getPolicyDocumentResult =\u003e getPolicyDocumentResult.Json),\n EventBusName = aws_cloudwatch_event_bus.Test.Name,\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\n\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/cloudwatch\"\n\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/iam\"\n)\nfunc main() {\npulumi.Run(func(ctx *pulumi.Context) error {\ntestPolicyDocument, err := iam.GetPolicyDocument(ctx, \u0026iam.GetPolicyDocumentArgs{\nStatements: []iam.GetPolicyDocumentStatement{\n{\nSid: pulumi.StringRef(\"OrganizationAccess\"),\nEffect: pulumi.StringRef(\"Allow\"),\nActions: []string{\n\"events:DescribeRule\",\n\"events:ListRules\",\n\"events:ListTargetsByRule\",\n\"events:ListTagsForResource\",\n},\nResources: []string{\n\"arn:aws:events:eu-west-1:123456789012:rule/*\",\n\"arn:aws:events:eu-west-1:123456789012:event-bus/default\",\n},\nPrincipals: []iam.GetPolicyDocumentStatementPrincipal{\n{\nType: \"AWS\",\nIdentifiers: []string{\n\"*\",\n},\n},\n},\nConditions: []iam.GetPolicyDocumentStatementCondition{\n{\nTest: \"StringEquals\",\nVariable: \"aws:PrincipalOrgID\",\nValues: interface{}{\naws_organizations_organization.Example.Id,\n},\n},\n},\n},\n},\n}, nil);\nif err != nil {\nreturn err\n}\n_, err = cloudwatch.NewEventBusPolicy(ctx, \"testEventBusPolicy\", \u0026cloudwatch.EventBusPolicyArgs{\nPolicy: *pulumi.String(testPolicyDocument.Json),\nEventBusName: pulumi.Any(aws_cloudwatch_event_bus.Test.Name),\n})\nif err != nil {\nreturn err\n}\nreturn nil\n})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.aws.iam.IamFunctions;\nimport com.pulumi.aws.iam.inputs.GetPolicyDocumentArgs;\nimport com.pulumi.aws.cloudwatch.EventBusPolicy;\nimport com.pulumi.aws.cloudwatch.EventBusPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var testPolicyDocument = IamFunctions.getPolicyDocument(GetPolicyDocumentArgs.builder()\n .statements(GetPolicyDocumentStatementArgs.builder()\n .sid(\"OrganizationAccess\")\n .effect(\"Allow\")\n .actions( \n \"events:DescribeRule\",\n \"events:ListRules\",\n \"events:ListTargetsByRule\",\n \"events:ListTagsForResource\")\n .resources( \n \"arn:aws:events:eu-west-1:123456789012:rule/*\",\n \"arn:aws:events:eu-west-1:123456789012:event-bus/default\")\n .principals(GetPolicyDocumentStatementPrincipalArgs.builder()\n .type(\"AWS\")\n .identifiers(\"*\")\n .build())\n .conditions(GetPolicyDocumentStatementConditionArgs.builder()\n .test(\"StringEquals\")\n .variable(\"aws:PrincipalOrgID\")\n .values(aws_organizations_organization.example().id())\n .build())\n .build())\n .build());\n\n var testEventBusPolicy = new EventBusPolicy(\"testEventBusPolicy\", EventBusPolicyArgs.builder() \n .policy(testPolicyDocument.applyValue(getPolicyDocumentResult -\u003e getPolicyDocumentResult.json()))\n .eventBusName(aws_cloudwatch_event_bus.test().name())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n testEventBusPolicy:\n type: aws:cloudwatch:EventBusPolicy\n properties:\n policy: ${testPolicyDocument.json}\n eventBusName: ${aws_cloudwatch_event_bus.test.name}\nvariables:\n testPolicyDocument:\n fn::invoke:\n Function: aws:iam:getPolicyDocument\n Arguments:\n statements:\n - sid: OrganizationAccess\n effect: Allow\n actions:\n - events:DescribeRule\n - events:ListRules\n - events:ListTargetsByRule\n - events:ListTagsForResource\n resources:\n - arn:aws:events:eu-west-1:123456789012:rule/*\n - arn:aws:events:eu-west-1:123456789012:event-bus/default\n principals:\n - type: AWS\n identifiers:\n - '*'\n conditions:\n - test: StringEquals\n variable: aws:PrincipalOrgID\n values:\n - ${aws_organizations_organization.example.id}\n```\n{{% /example %}}\n{{% example %}}\n### Multiple Statements\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst testPolicyDocument = aws.iam.getPolicyDocument({\n statements: [\n {\n sid: \"DevAccountAccess\",\n effect: \"Allow\",\n actions: [\"events:PutEvents\"],\n resources: [\"arn:aws:events:eu-west-1:123456789012:event-bus/default\"],\n principals: [{\n type: \"AWS\",\n identifiers: [\"123456789012\"],\n }],\n },\n {\n sid: \"OrganizationAccess\",\n effect: \"Allow\",\n actions: [\n \"events:DescribeRule\",\n \"events:ListRules\",\n \"events:ListTargetsByRule\",\n \"events:ListTagsForResource\",\n ],\n resources: [\n \"arn:aws:events:eu-west-1:123456789012:rule/*\",\n \"arn:aws:events:eu-west-1:123456789012:event-bus/default\",\n ],\n principals: [{\n type: \"AWS\",\n identifiers: [\"*\"],\n }],\n conditions: [{\n test: \"StringEquals\",\n variable: \"aws:PrincipalOrgID\",\n values: [aws_organizations_organization.example.id],\n }],\n },\n ],\n});\nconst testEventBusPolicy = new aws.cloudwatch.EventBusPolicy(\"testEventBusPolicy\", {\n policy: testPolicyDocument.then(testPolicyDocument =\u003e testPolicyDocument.json),\n eventBusName: aws_cloudwatch_event_bus.test.name,\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\ntest_policy_document = aws.iam.get_policy_document(statements=[\n aws.iam.GetPolicyDocumentStatementArgs(\n sid=\"DevAccountAccess\",\n effect=\"Allow\",\n actions=[\"events:PutEvents\"],\n resources=[\"arn:aws:events:eu-west-1:123456789012:event-bus/default\"],\n principals=[aws.iam.GetPolicyDocumentStatementPrincipalArgs(\n type=\"AWS\",\n identifiers=[\"123456789012\"],\n )],\n ),\n aws.iam.GetPolicyDocumentStatementArgs(\n sid=\"OrganizationAccess\",\n effect=\"Allow\",\n actions=[\n \"events:DescribeRule\",\n \"events:ListRules\",\n \"events:ListTargetsByRule\",\n \"events:ListTagsForResource\",\n ],\n resources=[\n \"arn:aws:events:eu-west-1:123456789012:rule/*\",\n \"arn:aws:events:eu-west-1:123456789012:event-bus/default\",\n ],\n principals=[aws.iam.GetPolicyDocumentStatementPrincipalArgs(\n type=\"AWS\",\n identifiers=[\"*\"],\n )],\n conditions=[aws.iam.GetPolicyDocumentStatementConditionArgs(\n test=\"StringEquals\",\n variable=\"aws:PrincipalOrgID\",\n values=[aws_organizations_organization[\"example\"][\"id\"]],\n )],\n ),\n])\ntest_event_bus_policy = aws.cloudwatch.EventBusPolicy(\"testEventBusPolicy\",\n policy=test_policy_document.json,\n event_bus_name=aws_cloudwatch_event_bus[\"test\"][\"name\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var testPolicyDocument = Aws.Iam.GetPolicyDocument.Invoke(new()\n {\n Statements = new[]\n {\n new Aws.Iam.Inputs.GetPolicyDocumentStatementInputArgs\n {\n Sid = \"DevAccountAccess\",\n Effect = \"Allow\",\n Actions = new[]\n {\n \"events:PutEvents\",\n },\n Resources = new[]\n {\n \"arn:aws:events:eu-west-1:123456789012:event-bus/default\",\n },\n Principals = new[]\n {\n new Aws.Iam.Inputs.GetPolicyDocumentStatementPrincipalInputArgs\n {\n Type = \"AWS\",\n Identifiers = new[]\n {\n \"123456789012\",\n },\n },\n },\n },\n new Aws.Iam.Inputs.GetPolicyDocumentStatementInputArgs\n {\n Sid = \"OrganizationAccess\",\n Effect = \"Allow\",\n Actions = new[]\n {\n \"events:DescribeRule\",\n \"events:ListRules\",\n \"events:ListTargetsByRule\",\n \"events:ListTagsForResource\",\n },\n Resources = new[]\n {\n \"arn:aws:events:eu-west-1:123456789012:rule/*\",\n \"arn:aws:events:eu-west-1:123456789012:event-bus/default\",\n },\n Principals = new[]\n {\n new Aws.Iam.Inputs.GetPolicyDocumentStatementPrincipalInputArgs\n {\n Type = \"AWS\",\n Identifiers = new[]\n {\n \"*\",\n },\n },\n },\n Conditions = new[]\n {\n new Aws.Iam.Inputs.GetPolicyDocumentStatementConditionInputArgs\n {\n Test = \"StringEquals\",\n Variable = \"aws:PrincipalOrgID\",\n Values = new[]\n {\n aws_organizations_organization.Example.Id,\n },\n },\n },\n },\n },\n });\n\n var testEventBusPolicy = new Aws.CloudWatch.EventBusPolicy(\"testEventBusPolicy\", new()\n {\n Policy = testPolicyDocument.Apply(getPolicyDocumentResult =\u003e getPolicyDocumentResult.Json),\n EventBusName = aws_cloudwatch_event_bus.Test.Name,\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\n\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/cloudwatch\"\n\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/iam\"\n)\nfunc main() {\npulumi.Run(func(ctx *pulumi.Context) error {\ntestPolicyDocument, err := iam.GetPolicyDocument(ctx, \u0026iam.GetPolicyDocumentArgs{\nStatements: []iam.GetPolicyDocumentStatement{\n{\nSid: pulumi.StringRef(\"DevAccountAccess\"),\nEffect: pulumi.StringRef(\"Allow\"),\nActions: []string{\n\"events:PutEvents\",\n},\nResources: []string{\n\"arn:aws:events:eu-west-1:123456789012:event-bus/default\",\n},\nPrincipals: []iam.GetPolicyDocumentStatementPrincipal{\n{\nType: \"AWS\",\nIdentifiers: []string{\n\"123456789012\",\n},\n},\n},\n},\n{\nSid: pulumi.StringRef(\"OrganizationAccess\"),\nEffect: pulumi.StringRef(\"Allow\"),\nActions: []string{\n\"events:DescribeRule\",\n\"events:ListRules\",\n\"events:ListTargetsByRule\",\n\"events:ListTagsForResource\",\n},\nResources: []string{\n\"arn:aws:events:eu-west-1:123456789012:rule/*\",\n\"arn:aws:events:eu-west-1:123456789012:event-bus/default\",\n},\nPrincipals: []iam.GetPolicyDocumentStatementPrincipal{\n{\nType: \"AWS\",\nIdentifiers: []string{\n\"*\",\n},\n},\n},\nConditions: []iam.GetPolicyDocumentStatementCondition{\n{\nTest: \"StringEquals\",\nVariable: \"aws:PrincipalOrgID\",\nValues: interface{}{\naws_organizations_organization.Example.Id,\n},\n},\n},\n},\n},\n}, nil);\nif err != nil {\nreturn err\n}\n_, err = cloudwatch.NewEventBusPolicy(ctx, \"testEventBusPolicy\", \u0026cloudwatch.EventBusPolicyArgs{\nPolicy: *pulumi.String(testPolicyDocument.Json),\nEventBusName: pulumi.Any(aws_cloudwatch_event_bus.Test.Name),\n})\nif err != nil {\nreturn err\n}\nreturn nil\n})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.aws.iam.IamFunctions;\nimport com.pulumi.aws.iam.inputs.GetPolicyDocumentArgs;\nimport com.pulumi.aws.cloudwatch.EventBusPolicy;\nimport com.pulumi.aws.cloudwatch.EventBusPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var testPolicyDocument = IamFunctions.getPolicyDocument(GetPolicyDocumentArgs.builder()\n .statements( \n GetPolicyDocumentStatementArgs.builder()\n .sid(\"DevAccountAccess\")\n .effect(\"Allow\")\n .actions(\"events:PutEvents\")\n .resources(\"arn:aws:events:eu-west-1:123456789012:event-bus/default\")\n .principals(GetPolicyDocumentStatementPrincipalArgs.builder()\n .type(\"AWS\")\n .identifiers(\"123456789012\")\n .build())\n .build(),\n GetPolicyDocumentStatementArgs.builder()\n .sid(\"OrganizationAccess\")\n .effect(\"Allow\")\n .actions( \n \"events:DescribeRule\",\n \"events:ListRules\",\n \"events:ListTargetsByRule\",\n \"events:ListTagsForResource\")\n .resources( \n \"arn:aws:events:eu-west-1:123456789012:rule/*\",\n \"arn:aws:events:eu-west-1:123456789012:event-bus/default\")\n .principals(GetPolicyDocumentStatementPrincipalArgs.builder()\n .type(\"AWS\")\n .identifiers(\"*\")\n .build())\n .conditions(GetPolicyDocumentStatementConditionArgs.builder()\n .test(\"StringEquals\")\n .variable(\"aws:PrincipalOrgID\")\n .values(aws_organizations_organization.example().id())\n .build())\n .build())\n .build());\n\n var testEventBusPolicy = new EventBusPolicy(\"testEventBusPolicy\", EventBusPolicyArgs.builder() \n .policy(testPolicyDocument.applyValue(getPolicyDocumentResult -\u003e getPolicyDocumentResult.json()))\n .eventBusName(aws_cloudwatch_event_bus.test().name())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n testEventBusPolicy:\n type: aws:cloudwatch:EventBusPolicy\n properties:\n policy: ${testPolicyDocument.json}\n eventBusName: ${aws_cloudwatch_event_bus.test.name}\nvariables:\n testPolicyDocument:\n fn::invoke:\n Function: aws:iam:getPolicyDocument\n Arguments:\n statements:\n - sid: DevAccountAccess\n effect: Allow\n actions:\n - events:PutEvents\n resources:\n - arn:aws:events:eu-west-1:123456789012:event-bus/default\n principals:\n - type: AWS\n identifiers:\n - '123456789012'\n - sid: OrganizationAccess\n effect: Allow\n actions:\n - events:DescribeRule\n - events:ListRules\n - events:ListTargetsByRule\n - events:ListTagsForResource\n resources:\n - arn:aws:events:eu-west-1:123456789012:rule/*\n - arn:aws:events:eu-west-1:123456789012:event-bus/default\n principals:\n - type: AWS\n identifiers:\n - '*'\n conditions:\n - test: StringEquals\n variable: aws:PrincipalOrgID\n values:\n - ${aws_organizations_organization.example.id}\n```\n{{% /example %}}\n{{% /examples %}}\n\n## Import\n\nterraform import {\n\n to = aws_cloudwatch_event_bus_policy.DevAccountAccess\n\n id = \"example-event-bus\" } Using `pulumi import`, import an EventBridge policy using the `event_bus_name`. For exampleconsole % pulumi import aws_cloudwatch_event_bus_policy.DevAccountAccess example-event-bus ", + "description": "Provides a resource to create an EventBridge resource policy to support cross-account events.\n\n\u003e **Note:** EventBridge was formerly known as CloudWatch Events. The functionality is identical.\n\n\u003e **Note:** The EventBridge bus policy resource (`aws.cloudwatch.EventBusPolicy`) is incompatible with the EventBridge permission resource (`aws.cloudwatch.EventPermission`) and will overwrite permissions.\n\n{{% examples %}}\n## Example Usage\n{{% example %}}\n### Account Access\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst testPolicyDocument = aws.iam.getPolicyDocument({\n statements: [{\n sid: \"DevAccountAccess\",\n effect: \"Allow\",\n actions: [\"events:PutEvents\"],\n resources: [\"arn:aws:events:eu-west-1:123456789012:event-bus/default\"],\n principals: [{\n type: \"AWS\",\n identifiers: [\"123456789012\"],\n }],\n }],\n});\nconst testEventBusPolicy = new aws.cloudwatch.EventBusPolicy(\"testEventBusPolicy\", {\n policy: testPolicyDocument.then(testPolicyDocument =\u003e testPolicyDocument.json),\n eventBusName: aws_cloudwatch_event_bus.test.name,\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\ntest_policy_document = aws.iam.get_policy_document(statements=[aws.iam.GetPolicyDocumentStatementArgs(\n sid=\"DevAccountAccess\",\n effect=\"Allow\",\n actions=[\"events:PutEvents\"],\n resources=[\"arn:aws:events:eu-west-1:123456789012:event-bus/default\"],\n principals=[aws.iam.GetPolicyDocumentStatementPrincipalArgs(\n type=\"AWS\",\n identifiers=[\"123456789012\"],\n )],\n)])\ntest_event_bus_policy = aws.cloudwatch.EventBusPolicy(\"testEventBusPolicy\",\n policy=test_policy_document.json,\n event_bus_name=aws_cloudwatch_event_bus[\"test\"][\"name\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var testPolicyDocument = Aws.Iam.GetPolicyDocument.Invoke(new()\n {\n Statements = new[]\n {\n new Aws.Iam.Inputs.GetPolicyDocumentStatementInputArgs\n {\n Sid = \"DevAccountAccess\",\n Effect = \"Allow\",\n Actions = new[]\n {\n \"events:PutEvents\",\n },\n Resources = new[]\n {\n \"arn:aws:events:eu-west-1:123456789012:event-bus/default\",\n },\n Principals = new[]\n {\n new Aws.Iam.Inputs.GetPolicyDocumentStatementPrincipalInputArgs\n {\n Type = \"AWS\",\n Identifiers = new[]\n {\n \"123456789012\",\n },\n },\n },\n },\n },\n });\n\n var testEventBusPolicy = new Aws.CloudWatch.EventBusPolicy(\"testEventBusPolicy\", new()\n {\n Policy = testPolicyDocument.Apply(getPolicyDocumentResult =\u003e getPolicyDocumentResult.Json),\n EventBusName = aws_cloudwatch_event_bus.Test.Name,\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/cloudwatch\"\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/iam\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\ttestPolicyDocument, err := iam.GetPolicyDocument(ctx, \u0026iam.GetPolicyDocumentArgs{\n\t\t\tStatements: []iam.GetPolicyDocumentStatement{\n\t\t\t\t{\n\t\t\t\t\tSid: pulumi.StringRef(\"DevAccountAccess\"),\n\t\t\t\t\tEffect: pulumi.StringRef(\"Allow\"),\n\t\t\t\t\tActions: []string{\n\t\t\t\t\t\t\"events:PutEvents\",\n\t\t\t\t\t},\n\t\t\t\t\tResources: []string{\n\t\t\t\t\t\t\"arn:aws:events:eu-west-1:123456789012:event-bus/default\",\n\t\t\t\t\t},\n\t\t\t\t\tPrincipals: []iam.GetPolicyDocumentStatementPrincipal{\n\t\t\t\t\t\t{\n\t\t\t\t\t\t\tType: \"AWS\",\n\t\t\t\t\t\t\tIdentifiers: []string{\n\t\t\t\t\t\t\t\t\"123456789012\",\n\t\t\t\t\t\t\t},\n\t\t\t\t\t\t},\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = cloudwatch.NewEventBusPolicy(ctx, \"testEventBusPolicy\", \u0026cloudwatch.EventBusPolicyArgs{\n\t\t\tPolicy: *pulumi.String(testPolicyDocument.Json),\n\t\t\tEventBusName: pulumi.Any(aws_cloudwatch_event_bus.Test.Name),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.aws.iam.IamFunctions;\nimport com.pulumi.aws.iam.inputs.GetPolicyDocumentArgs;\nimport com.pulumi.aws.cloudwatch.EventBusPolicy;\nimport com.pulumi.aws.cloudwatch.EventBusPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var testPolicyDocument = IamFunctions.getPolicyDocument(GetPolicyDocumentArgs.builder()\n .statements(GetPolicyDocumentStatementArgs.builder()\n .sid(\"DevAccountAccess\")\n .effect(\"Allow\")\n .actions(\"events:PutEvents\")\n .resources(\"arn:aws:events:eu-west-1:123456789012:event-bus/default\")\n .principals(GetPolicyDocumentStatementPrincipalArgs.builder()\n .type(\"AWS\")\n .identifiers(\"123456789012\")\n .build())\n .build())\n .build());\n\n var testEventBusPolicy = new EventBusPolicy(\"testEventBusPolicy\", EventBusPolicyArgs.builder() \n .policy(testPolicyDocument.applyValue(getPolicyDocumentResult -\u003e getPolicyDocumentResult.json()))\n .eventBusName(aws_cloudwatch_event_bus.test().name())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n testEventBusPolicy:\n type: aws:cloudwatch:EventBusPolicy\n properties:\n policy: ${testPolicyDocument.json}\n eventBusName: ${aws_cloudwatch_event_bus.test.name}\nvariables:\n testPolicyDocument:\n fn::invoke:\n Function: aws:iam:getPolicyDocument\n Arguments:\n statements:\n - sid: DevAccountAccess\n effect: Allow\n actions:\n - events:PutEvents\n resources:\n - arn:aws:events:eu-west-1:123456789012:event-bus/default\n principals:\n - type: AWS\n identifiers:\n - '123456789012'\n```\n{{% /example %}}\n{{% example %}}\n### Organization Access\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst testPolicyDocument = aws.iam.getPolicyDocument({\n statements: [{\n sid: \"OrganizationAccess\",\n effect: \"Allow\",\n actions: [\n \"events:DescribeRule\",\n \"events:ListRules\",\n \"events:ListTargetsByRule\",\n \"events:ListTagsForResource\",\n ],\n resources: [\n \"arn:aws:events:eu-west-1:123456789012:rule/*\",\n \"arn:aws:events:eu-west-1:123456789012:event-bus/default\",\n ],\n principals: [{\n type: \"AWS\",\n identifiers: [\"*\"],\n }],\n conditions: [{\n test: \"StringEquals\",\n variable: \"aws:PrincipalOrgID\",\n values: [aws_organizations_organization.example.id],\n }],\n }],\n});\nconst testEventBusPolicy = new aws.cloudwatch.EventBusPolicy(\"testEventBusPolicy\", {\n policy: testPolicyDocument.then(testPolicyDocument =\u003e testPolicyDocument.json),\n eventBusName: aws_cloudwatch_event_bus.test.name,\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\ntest_policy_document = aws.iam.get_policy_document(statements=[aws.iam.GetPolicyDocumentStatementArgs(\n sid=\"OrganizationAccess\",\n effect=\"Allow\",\n actions=[\n \"events:DescribeRule\",\n \"events:ListRules\",\n \"events:ListTargetsByRule\",\n \"events:ListTagsForResource\",\n ],\n resources=[\n \"arn:aws:events:eu-west-1:123456789012:rule/*\",\n \"arn:aws:events:eu-west-1:123456789012:event-bus/default\",\n ],\n principals=[aws.iam.GetPolicyDocumentStatementPrincipalArgs(\n type=\"AWS\",\n identifiers=[\"*\"],\n )],\n conditions=[aws.iam.GetPolicyDocumentStatementConditionArgs(\n test=\"StringEquals\",\n variable=\"aws:PrincipalOrgID\",\n values=[aws_organizations_organization[\"example\"][\"id\"]],\n )],\n)])\ntest_event_bus_policy = aws.cloudwatch.EventBusPolicy(\"testEventBusPolicy\",\n policy=test_policy_document.json,\n event_bus_name=aws_cloudwatch_event_bus[\"test\"][\"name\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var testPolicyDocument = Aws.Iam.GetPolicyDocument.Invoke(new()\n {\n Statements = new[]\n {\n new Aws.Iam.Inputs.GetPolicyDocumentStatementInputArgs\n {\n Sid = \"OrganizationAccess\",\n Effect = \"Allow\",\n Actions = new[]\n {\n \"events:DescribeRule\",\n \"events:ListRules\",\n \"events:ListTargetsByRule\",\n \"events:ListTagsForResource\",\n },\n Resources = new[]\n {\n \"arn:aws:events:eu-west-1:123456789012:rule/*\",\n \"arn:aws:events:eu-west-1:123456789012:event-bus/default\",\n },\n Principals = new[]\n {\n new Aws.Iam.Inputs.GetPolicyDocumentStatementPrincipalInputArgs\n {\n Type = \"AWS\",\n Identifiers = new[]\n {\n \"*\",\n },\n },\n },\n Conditions = new[]\n {\n new Aws.Iam.Inputs.GetPolicyDocumentStatementConditionInputArgs\n {\n Test = \"StringEquals\",\n Variable = \"aws:PrincipalOrgID\",\n Values = new[]\n {\n aws_organizations_organization.Example.Id,\n },\n },\n },\n },\n },\n });\n\n var testEventBusPolicy = new Aws.CloudWatch.EventBusPolicy(\"testEventBusPolicy\", new()\n {\n Policy = testPolicyDocument.Apply(getPolicyDocumentResult =\u003e getPolicyDocumentResult.Json),\n EventBusName = aws_cloudwatch_event_bus.Test.Name,\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/cloudwatch\"\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/iam\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\nfunc main() {\npulumi.Run(func(ctx *pulumi.Context) error {\ntestPolicyDocument, err := iam.GetPolicyDocument(ctx, \u0026iam.GetPolicyDocumentArgs{\nStatements: []iam.GetPolicyDocumentStatement{\n{\nSid: pulumi.StringRef(\"OrganizationAccess\"),\nEffect: pulumi.StringRef(\"Allow\"),\nActions: []string{\n\"events:DescribeRule\",\n\"events:ListRules\",\n\"events:ListTargetsByRule\",\n\"events:ListTagsForResource\",\n},\nResources: []string{\n\"arn:aws:events:eu-west-1:123456789012:rule/*\",\n\"arn:aws:events:eu-west-1:123456789012:event-bus/default\",\n},\nPrincipals: []iam.GetPolicyDocumentStatementPrincipal{\n{\nType: \"AWS\",\nIdentifiers: []string{\n\"*\",\n},\n},\n},\nConditions: []iam.GetPolicyDocumentStatementCondition{\n{\nTest: \"StringEquals\",\nVariable: \"aws:PrincipalOrgID\",\nValues: interface{}{\naws_organizations_organization.Example.Id,\n},\n},\n},\n},\n},\n}, nil);\nif err != nil {\nreturn err\n}\n_, err = cloudwatch.NewEventBusPolicy(ctx, \"testEventBusPolicy\", \u0026cloudwatch.EventBusPolicyArgs{\nPolicy: *pulumi.String(testPolicyDocument.Json),\nEventBusName: pulumi.Any(aws_cloudwatch_event_bus.Test.Name),\n})\nif err != nil {\nreturn err\n}\nreturn nil\n})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.aws.iam.IamFunctions;\nimport com.pulumi.aws.iam.inputs.GetPolicyDocumentArgs;\nimport com.pulumi.aws.cloudwatch.EventBusPolicy;\nimport com.pulumi.aws.cloudwatch.EventBusPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var testPolicyDocument = IamFunctions.getPolicyDocument(GetPolicyDocumentArgs.builder()\n .statements(GetPolicyDocumentStatementArgs.builder()\n .sid(\"OrganizationAccess\")\n .effect(\"Allow\")\n .actions( \n \"events:DescribeRule\",\n \"events:ListRules\",\n \"events:ListTargetsByRule\",\n \"events:ListTagsForResource\")\n .resources( \n \"arn:aws:events:eu-west-1:123456789012:rule/*\",\n \"arn:aws:events:eu-west-1:123456789012:event-bus/default\")\n .principals(GetPolicyDocumentStatementPrincipalArgs.builder()\n .type(\"AWS\")\n .identifiers(\"*\")\n .build())\n .conditions(GetPolicyDocumentStatementConditionArgs.builder()\n .test(\"StringEquals\")\n .variable(\"aws:PrincipalOrgID\")\n .values(aws_organizations_organization.example().id())\n .build())\n .build())\n .build());\n\n var testEventBusPolicy = new EventBusPolicy(\"testEventBusPolicy\", EventBusPolicyArgs.builder() \n .policy(testPolicyDocument.applyValue(getPolicyDocumentResult -\u003e getPolicyDocumentResult.json()))\n .eventBusName(aws_cloudwatch_event_bus.test().name())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n testEventBusPolicy:\n type: aws:cloudwatch:EventBusPolicy\n properties:\n policy: ${testPolicyDocument.json}\n eventBusName: ${aws_cloudwatch_event_bus.test.name}\nvariables:\n testPolicyDocument:\n fn::invoke:\n Function: aws:iam:getPolicyDocument\n Arguments:\n statements:\n - sid: OrganizationAccess\n effect: Allow\n actions:\n - events:DescribeRule\n - events:ListRules\n - events:ListTargetsByRule\n - events:ListTagsForResource\n resources:\n - arn:aws:events:eu-west-1:123456789012:rule/*\n - arn:aws:events:eu-west-1:123456789012:event-bus/default\n principals:\n - type: AWS\n identifiers:\n - '*'\n conditions:\n - test: StringEquals\n variable: aws:PrincipalOrgID\n values:\n - ${aws_organizations_organization.example.id}\n```\n{{% /example %}}\n{{% example %}}\n### Multiple Statements\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst testPolicyDocument = aws.iam.getPolicyDocument({\n statements: [\n {\n sid: \"DevAccountAccess\",\n effect: \"Allow\",\n actions: [\"events:PutEvents\"],\n resources: [\"arn:aws:events:eu-west-1:123456789012:event-bus/default\"],\n principals: [{\n type: \"AWS\",\n identifiers: [\"123456789012\"],\n }],\n },\n {\n sid: \"OrganizationAccess\",\n effect: \"Allow\",\n actions: [\n \"events:DescribeRule\",\n \"events:ListRules\",\n \"events:ListTargetsByRule\",\n \"events:ListTagsForResource\",\n ],\n resources: [\n \"arn:aws:events:eu-west-1:123456789012:rule/*\",\n \"arn:aws:events:eu-west-1:123456789012:event-bus/default\",\n ],\n principals: [{\n type: \"AWS\",\n identifiers: [\"*\"],\n }],\n conditions: [{\n test: \"StringEquals\",\n variable: \"aws:PrincipalOrgID\",\n values: [aws_organizations_organization.example.id],\n }],\n },\n ],\n});\nconst testEventBusPolicy = new aws.cloudwatch.EventBusPolicy(\"testEventBusPolicy\", {\n policy: testPolicyDocument.then(testPolicyDocument =\u003e testPolicyDocument.json),\n eventBusName: aws_cloudwatch_event_bus.test.name,\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\ntest_policy_document = aws.iam.get_policy_document(statements=[\n aws.iam.GetPolicyDocumentStatementArgs(\n sid=\"DevAccountAccess\",\n effect=\"Allow\",\n actions=[\"events:PutEvents\"],\n resources=[\"arn:aws:events:eu-west-1:123456789012:event-bus/default\"],\n principals=[aws.iam.GetPolicyDocumentStatementPrincipalArgs(\n type=\"AWS\",\n identifiers=[\"123456789012\"],\n )],\n ),\n aws.iam.GetPolicyDocumentStatementArgs(\n sid=\"OrganizationAccess\",\n effect=\"Allow\",\n actions=[\n \"events:DescribeRule\",\n \"events:ListRules\",\n \"events:ListTargetsByRule\",\n \"events:ListTagsForResource\",\n ],\n resources=[\n \"arn:aws:events:eu-west-1:123456789012:rule/*\",\n \"arn:aws:events:eu-west-1:123456789012:event-bus/default\",\n ],\n principals=[aws.iam.GetPolicyDocumentStatementPrincipalArgs(\n type=\"AWS\",\n identifiers=[\"*\"],\n )],\n conditions=[aws.iam.GetPolicyDocumentStatementConditionArgs(\n test=\"StringEquals\",\n variable=\"aws:PrincipalOrgID\",\n values=[aws_organizations_organization[\"example\"][\"id\"]],\n )],\n ),\n])\ntest_event_bus_policy = aws.cloudwatch.EventBusPolicy(\"testEventBusPolicy\",\n policy=test_policy_document.json,\n event_bus_name=aws_cloudwatch_event_bus[\"test\"][\"name\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var testPolicyDocument = Aws.Iam.GetPolicyDocument.Invoke(new()\n {\n Statements = new[]\n {\n new Aws.Iam.Inputs.GetPolicyDocumentStatementInputArgs\n {\n Sid = \"DevAccountAccess\",\n Effect = \"Allow\",\n Actions = new[]\n {\n \"events:PutEvents\",\n },\n Resources = new[]\n {\n \"arn:aws:events:eu-west-1:123456789012:event-bus/default\",\n },\n Principals = new[]\n {\n new Aws.Iam.Inputs.GetPolicyDocumentStatementPrincipalInputArgs\n {\n Type = \"AWS\",\n Identifiers = new[]\n {\n \"123456789012\",\n },\n },\n },\n },\n new Aws.Iam.Inputs.GetPolicyDocumentStatementInputArgs\n {\n Sid = \"OrganizationAccess\",\n Effect = \"Allow\",\n Actions = new[]\n {\n \"events:DescribeRule\",\n \"events:ListRules\",\n \"events:ListTargetsByRule\",\n \"events:ListTagsForResource\",\n },\n Resources = new[]\n {\n \"arn:aws:events:eu-west-1:123456789012:rule/*\",\n \"arn:aws:events:eu-west-1:123456789012:event-bus/default\",\n },\n Principals = new[]\n {\n new Aws.Iam.Inputs.GetPolicyDocumentStatementPrincipalInputArgs\n {\n Type = \"AWS\",\n Identifiers = new[]\n {\n \"*\",\n },\n },\n },\n Conditions = new[]\n {\n new Aws.Iam.Inputs.GetPolicyDocumentStatementConditionInputArgs\n {\n Test = \"StringEquals\",\n Variable = \"aws:PrincipalOrgID\",\n Values = new[]\n {\n aws_organizations_organization.Example.Id,\n },\n },\n },\n },\n },\n });\n\n var testEventBusPolicy = new Aws.CloudWatch.EventBusPolicy(\"testEventBusPolicy\", new()\n {\n Policy = testPolicyDocument.Apply(getPolicyDocumentResult =\u003e getPolicyDocumentResult.Json),\n EventBusName = aws_cloudwatch_event_bus.Test.Name,\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/cloudwatch\"\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/iam\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\nfunc main() {\npulumi.Run(func(ctx *pulumi.Context) error {\ntestPolicyDocument, err := iam.GetPolicyDocument(ctx, \u0026iam.GetPolicyDocumentArgs{\nStatements: []iam.GetPolicyDocumentStatement{\n{\nSid: pulumi.StringRef(\"DevAccountAccess\"),\nEffect: pulumi.StringRef(\"Allow\"),\nActions: []string{\n\"events:PutEvents\",\n},\nResources: []string{\n\"arn:aws:events:eu-west-1:123456789012:event-bus/default\",\n},\nPrincipals: []iam.GetPolicyDocumentStatementPrincipal{\n{\nType: \"AWS\",\nIdentifiers: []string{\n\"123456789012\",\n},\n},\n},\n},\n{\nSid: pulumi.StringRef(\"OrganizationAccess\"),\nEffect: pulumi.StringRef(\"Allow\"),\nActions: []string{\n\"events:DescribeRule\",\n\"events:ListRules\",\n\"events:ListTargetsByRule\",\n\"events:ListTagsForResource\",\n},\nResources: []string{\n\"arn:aws:events:eu-west-1:123456789012:rule/*\",\n\"arn:aws:events:eu-west-1:123456789012:event-bus/default\",\n},\nPrincipals: []iam.GetPolicyDocumentStatementPrincipal{\n{\nType: \"AWS\",\nIdentifiers: []string{\n\"*\",\n},\n},\n},\nConditions: []iam.GetPolicyDocumentStatementCondition{\n{\nTest: \"StringEquals\",\nVariable: \"aws:PrincipalOrgID\",\nValues: interface{}{\naws_organizations_organization.Example.Id,\n},\n},\n},\n},\n},\n}, nil);\nif err != nil {\nreturn err\n}\n_, err = cloudwatch.NewEventBusPolicy(ctx, \"testEventBusPolicy\", \u0026cloudwatch.EventBusPolicyArgs{\nPolicy: *pulumi.String(testPolicyDocument.Json),\nEventBusName: pulumi.Any(aws_cloudwatch_event_bus.Test.Name),\n})\nif err != nil {\nreturn err\n}\nreturn nil\n})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.aws.iam.IamFunctions;\nimport com.pulumi.aws.iam.inputs.GetPolicyDocumentArgs;\nimport com.pulumi.aws.cloudwatch.EventBusPolicy;\nimport com.pulumi.aws.cloudwatch.EventBusPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var testPolicyDocument = IamFunctions.getPolicyDocument(GetPolicyDocumentArgs.builder()\n .statements( \n GetPolicyDocumentStatementArgs.builder()\n .sid(\"DevAccountAccess\")\n .effect(\"Allow\")\n .actions(\"events:PutEvents\")\n .resources(\"arn:aws:events:eu-west-1:123456789012:event-bus/default\")\n .principals(GetPolicyDocumentStatementPrincipalArgs.builder()\n .type(\"AWS\")\n .identifiers(\"123456789012\")\n .build())\n .build(),\n GetPolicyDocumentStatementArgs.builder()\n .sid(\"OrganizationAccess\")\n .effect(\"Allow\")\n .actions( \n \"events:DescribeRule\",\n \"events:ListRules\",\n \"events:ListTargetsByRule\",\n \"events:ListTagsForResource\")\n .resources( \n \"arn:aws:events:eu-west-1:123456789012:rule/*\",\n \"arn:aws:events:eu-west-1:123456789012:event-bus/default\")\n .principals(GetPolicyDocumentStatementPrincipalArgs.builder()\n .type(\"AWS\")\n .identifiers(\"*\")\n .build())\n .conditions(GetPolicyDocumentStatementConditionArgs.builder()\n .test(\"StringEquals\")\n .variable(\"aws:PrincipalOrgID\")\n .values(aws_organizations_organization.example().id())\n .build())\n .build())\n .build());\n\n var testEventBusPolicy = new EventBusPolicy(\"testEventBusPolicy\", EventBusPolicyArgs.builder() \n .policy(testPolicyDocument.applyValue(getPolicyDocumentResult -\u003e getPolicyDocumentResult.json()))\n .eventBusName(aws_cloudwatch_event_bus.test().name())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n testEventBusPolicy:\n type: aws:cloudwatch:EventBusPolicy\n properties:\n policy: ${testPolicyDocument.json}\n eventBusName: ${aws_cloudwatch_event_bus.test.name}\nvariables:\n testPolicyDocument:\n fn::invoke:\n Function: aws:iam:getPolicyDocument\n Arguments:\n statements:\n - sid: DevAccountAccess\n effect: Allow\n actions:\n - events:PutEvents\n resources:\n - arn:aws:events:eu-west-1:123456789012:event-bus/default\n principals:\n - type: AWS\n identifiers:\n - '123456789012'\n - sid: OrganizationAccess\n effect: Allow\n actions:\n - events:DescribeRule\n - events:ListRules\n - events:ListTargetsByRule\n - events:ListTagsForResource\n resources:\n - arn:aws:events:eu-west-1:123456789012:rule/*\n - arn:aws:events:eu-west-1:123456789012:event-bus/default\n principals:\n - type: AWS\n identifiers:\n - '*'\n conditions:\n - test: StringEquals\n variable: aws:PrincipalOrgID\n values:\n - ${aws_organizations_organization.example.id}\n```\n{{% /example %}}\n{{% /examples %}}\n\n## Import\n\nterraform import {\n\n to = aws_cloudwatch_event_bus_policy.DevAccountAccess\n\n id = \"example-event-bus\" } Using `pulumi import`, import an EventBridge policy using the `event_bus_name`. For exampleconsole % pulumi import aws_cloudwatch_event_bus_policy.DevAccountAccess example-event-bus ", "properties": { "eventBusName": { "type": "string", @@ -150035,7 +150032,7 @@ } }, "aws:cloudwatch/eventRule:EventRule": { - "description": "Provides an EventBridge Rule resource.\n\n\u003e **Note:** EventBridge was formerly known as CloudWatch Events. The functionality is identical.\n\n{{% examples %}}\n## Example Usage\n{{% example %}}\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst console = new aws.cloudwatch.EventRule(\"console\", {\n description: \"Capture each AWS Console Sign In\",\n eventPattern: JSON.stringify({\n \"detail-type\": [\"AWS Console Sign In via CloudTrail\"],\n }),\n});\nconst awsLogins = new aws.sns.Topic(\"awsLogins\", {});\nconst sns = new aws.cloudwatch.EventTarget(\"sns\", {\n rule: console.name,\n arn: awsLogins.arn,\n});\nconst snsTopicPolicy = awsLogins.arn.apply(arn =\u003e aws.iam.getPolicyDocumentOutput({\n statements: [{\n effect: \"Allow\",\n actions: [\"SNS:Publish\"],\n principals: [{\n type: \"Service\",\n identifiers: [\"events.amazonaws.com\"],\n }],\n resources: [arn],\n }],\n}));\nconst _default = new aws.sns.TopicPolicy(\"default\", {\n arn: awsLogins.arn,\n policy: snsTopicPolicy.apply(snsTopicPolicy =\u003e snsTopicPolicy.json),\n});\n```\n```python\nimport pulumi\nimport json\nimport pulumi_aws as aws\n\nconsole = aws.cloudwatch.EventRule(\"console\",\n description=\"Capture each AWS Console Sign In\",\n event_pattern=json.dumps({\n \"detail-type\": [\"AWS Console Sign In via CloudTrail\"],\n }))\naws_logins = aws.sns.Topic(\"awsLogins\")\nsns = aws.cloudwatch.EventTarget(\"sns\",\n rule=console.name,\n arn=aws_logins.arn)\nsns_topic_policy = aws_logins.arn.apply(lambda arn: aws.iam.get_policy_document_output(statements=[aws.iam.GetPolicyDocumentStatementArgs(\n effect=\"Allow\",\n actions=[\"SNS:Publish\"],\n principals=[aws.iam.GetPolicyDocumentStatementPrincipalArgs(\n type=\"Service\",\n identifiers=[\"events.amazonaws.com\"],\n )],\n resources=[arn],\n)]))\ndefault = aws.sns.TopicPolicy(\"default\",\n arn=aws_logins.arn,\n policy=sns_topic_policy.json)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing System.Text.Json;\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var console = new Aws.CloudWatch.EventRule(\"console\", new()\n {\n Description = \"Capture each AWS Console Sign In\",\n EventPattern = JsonSerializer.Serialize(new Dictionary\u003cstring, object?\u003e\n {\n [\"detail-type\"] = new[]\n {\n \"AWS Console Sign In via CloudTrail\",\n },\n }),\n });\n\n var awsLogins = new Aws.Sns.Topic(\"awsLogins\");\n\n var sns = new Aws.CloudWatch.EventTarget(\"sns\", new()\n {\n Rule = console.Name,\n Arn = awsLogins.Arn,\n });\n\n var snsTopicPolicy = Aws.Iam.GetPolicyDocument.Invoke(new()\n {\n Statements = new[]\n {\n new Aws.Iam.Inputs.GetPolicyDocumentStatementInputArgs\n {\n Effect = \"Allow\",\n Actions = new[]\n {\n \"SNS:Publish\",\n },\n Principals = new[]\n {\n new Aws.Iam.Inputs.GetPolicyDocumentStatementPrincipalInputArgs\n {\n Type = \"Service\",\n Identifiers = new[]\n {\n \"events.amazonaws.com\",\n },\n },\n },\n Resources = new[]\n {\n awsLogins.Arn,\n },\n },\n },\n });\n\n var @default = new Aws.Sns.TopicPolicy(\"default\", new()\n {\n Arn = awsLogins.Arn,\n Policy = snsTopicPolicy.Apply(getPolicyDocumentResult =\u003e getPolicyDocumentResult.Json),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\"encoding/json\"\n\n\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/cloudwatch\"\n\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/iam\"\n\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/sns\"\n)\nfunc main() {\npulumi.Run(func(ctx *pulumi.Context) error {\ntmpJSON0, err := json.Marshal(map[string]interface{}{\n\"detail-type\": []string{\n\"AWS Console Sign In via CloudTrail\",\n},\n})\nif err != nil {\nreturn err\n}\njson0 := string(tmpJSON0)\nconsole, err := cloudwatch.NewEventRule(ctx, \"console\", \u0026cloudwatch.EventRuleArgs{\nDescription: pulumi.String(\"Capture each AWS Console Sign In\"),\nEventPattern: pulumi.String(json0),\n})\nif err != nil {\nreturn err\n}\nawsLogins, err := sns.NewTopic(ctx, \"awsLogins\", nil)\nif err != nil {\nreturn err\n}\n_, err = cloudwatch.NewEventTarget(ctx, \"sns\", \u0026cloudwatch.EventTargetArgs{\nRule: console.Name,\nArn: awsLogins.Arn,\n})\nif err != nil {\nreturn err\n}\nsnsTopicPolicy := awsLogins.Arn.ApplyT(func(arn string) (iam.GetPolicyDocumentResult, error) {\nreturn iam.GetPolicyDocumentOutput(ctx, iam.GetPolicyDocumentOutputArgs{\nStatements: []iam.GetPolicyDocumentStatement{\n{\nEffect: \"Allow\",\nActions: []string{\n\"SNS:Publish\",\n},\nPrincipals: []iam.GetPolicyDocumentStatementPrincipal{\n{\nType: \"Service\",\nIdentifiers: []string{\n\"events.amazonaws.com\",\n},\n},\n},\nResources: interface{}{\narn,\n},\n},\n},\n}, nil), nil\n}).(iam.GetPolicyDocumentResultOutput)\n_, err = sns.NewTopicPolicy(ctx, \"default\", \u0026sns.TopicPolicyArgs{\nArn: awsLogins.Arn,\nPolicy: snsTopicPolicy.ApplyT(func(snsTopicPolicy iam.GetPolicyDocumentResult) (*string, error) {\nreturn \u0026snsTopicPolicy.Json, nil\n}).(pulumi.StringPtrOutput),\n})\nif err != nil {\nreturn err\n}\nreturn nil\n})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.aws.cloudwatch.EventRule;\nimport com.pulumi.aws.cloudwatch.EventRuleArgs;\nimport com.pulumi.aws.sns.Topic;\nimport com.pulumi.aws.cloudwatch.EventTarget;\nimport com.pulumi.aws.cloudwatch.EventTargetArgs;\nimport com.pulumi.aws.iam.IamFunctions;\nimport com.pulumi.aws.iam.inputs.GetPolicyDocumentArgs;\nimport com.pulumi.aws.sns.TopicPolicy;\nimport com.pulumi.aws.sns.TopicPolicyArgs;\nimport static com.pulumi.codegen.internal.Serialization.*;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var console = new EventRule(\"console\", EventRuleArgs.builder() \n .description(\"Capture each AWS Console Sign In\")\n .eventPattern(serializeJson(\n jsonObject(\n jsonProperty(\"detail-type\", jsonArray(\"AWS Console Sign In via CloudTrail\"))\n )))\n .build());\n\n var awsLogins = new Topic(\"awsLogins\");\n\n var sns = new EventTarget(\"sns\", EventTargetArgs.builder() \n .rule(console.name())\n .arn(awsLogins.arn())\n .build());\n\n final var snsTopicPolicy = IamFunctions.getPolicyDocument(GetPolicyDocumentArgs.builder()\n .statements(GetPolicyDocumentStatementArgs.builder()\n .effect(\"Allow\")\n .actions(\"SNS:Publish\")\n .principals(GetPolicyDocumentStatementPrincipalArgs.builder()\n .type(\"Service\")\n .identifiers(\"events.amazonaws.com\")\n .build())\n .resources(awsLogins.arn())\n .build())\n .build());\n\n var default_ = new TopicPolicy(\"default\", TopicPolicyArgs.builder() \n .arn(awsLogins.arn())\n .policy(snsTopicPolicy.applyValue(getPolicyDocumentResult -\u003e getPolicyDocumentResult).applyValue(snsTopicPolicy -\u003e snsTopicPolicy.applyValue(getPolicyDocumentResult -\u003e getPolicyDocumentResult.json())))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n console:\n type: aws:cloudwatch:EventRule\n properties:\n description: Capture each AWS Console Sign In\n eventPattern:\n fn::toJSON:\n detail-type:\n - AWS Console Sign In via CloudTrail\n sns:\n type: aws:cloudwatch:EventTarget\n properties:\n rule: ${console.name}\n arn: ${awsLogins.arn}\n awsLogins:\n type: aws:sns:Topic\n default:\n type: aws:sns:TopicPolicy\n properties:\n arn: ${awsLogins.arn}\n policy: ${snsTopicPolicy.json}\nvariables:\n snsTopicPolicy:\n fn::invoke:\n Function: aws:iam:getPolicyDocument\n Arguments:\n statements:\n - effect: Allow\n actions:\n - SNS:Publish\n principals:\n - type: Service\n identifiers:\n - events.amazonaws.com\n resources:\n - ${awsLogins.arn}\n```\n{{% /example %}}\n{{% /examples %}}\n\n## Import\n\nterraform import {\n\n to = aws_cloudwatch_event_rule.console\n\n id = \"example-event-bus/capture-console-sign-in\" } Using `pulumi import`, import EventBridge Rules using the `event_bus_name/rule_name` (if you omit `event_bus_name`, the `default` event bus will be used). For exampleconsole % pulumi import aws_cloudwatch_event_rule.console example-event-bus/capture-console-sign-in ", + "description": "Provides an EventBridge Rule resource.\n\n\u003e **Note:** EventBridge was formerly known as CloudWatch Events. The functionality is identical.\n\n{{% examples %}}\n## Example Usage\n{{% example %}}\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst console = new aws.cloudwatch.EventRule(\"console\", {\n description: \"Capture each AWS Console Sign In\",\n eventPattern: JSON.stringify({\n \"detail-type\": [\"AWS Console Sign In via CloudTrail\"],\n }),\n});\nconst awsLogins = new aws.sns.Topic(\"awsLogins\", {});\nconst sns = new aws.cloudwatch.EventTarget(\"sns\", {\n rule: console.name,\n arn: awsLogins.arn,\n});\nconst snsTopicPolicy = awsLogins.arn.apply(arn =\u003e aws.iam.getPolicyDocumentOutput({\n statements: [{\n effect: \"Allow\",\n actions: [\"SNS:Publish\"],\n principals: [{\n type: \"Service\",\n identifiers: [\"events.amazonaws.com\"],\n }],\n resources: [arn],\n }],\n}));\nconst _default = new aws.sns.TopicPolicy(\"default\", {\n arn: awsLogins.arn,\n policy: snsTopicPolicy.apply(snsTopicPolicy =\u003e snsTopicPolicy.json),\n});\n```\n```python\nimport pulumi\nimport json\nimport pulumi_aws as aws\n\nconsole = aws.cloudwatch.EventRule(\"console\",\n description=\"Capture each AWS Console Sign In\",\n event_pattern=json.dumps({\n \"detail-type\": [\"AWS Console Sign In via CloudTrail\"],\n }))\naws_logins = aws.sns.Topic(\"awsLogins\")\nsns = aws.cloudwatch.EventTarget(\"sns\",\n rule=console.name,\n arn=aws_logins.arn)\nsns_topic_policy = aws_logins.arn.apply(lambda arn: aws.iam.get_policy_document_output(statements=[aws.iam.GetPolicyDocumentStatementArgs(\n effect=\"Allow\",\n actions=[\"SNS:Publish\"],\n principals=[aws.iam.GetPolicyDocumentStatementPrincipalArgs(\n type=\"Service\",\n identifiers=[\"events.amazonaws.com\"],\n )],\n resources=[arn],\n)]))\ndefault = aws.sns.TopicPolicy(\"default\",\n arn=aws_logins.arn,\n policy=sns_topic_policy.json)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing System.Text.Json;\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var console = new Aws.CloudWatch.EventRule(\"console\", new()\n {\n Description = \"Capture each AWS Console Sign In\",\n EventPattern = JsonSerializer.Serialize(new Dictionary\u003cstring, object?\u003e\n {\n [\"detail-type\"] = new[]\n {\n \"AWS Console Sign In via CloudTrail\",\n },\n }),\n });\n\n var awsLogins = new Aws.Sns.Topic(\"awsLogins\");\n\n var sns = new Aws.CloudWatch.EventTarget(\"sns\", new()\n {\n Rule = console.Name,\n Arn = awsLogins.Arn,\n });\n\n var snsTopicPolicy = Aws.Iam.GetPolicyDocument.Invoke(new()\n {\n Statements = new[]\n {\n new Aws.Iam.Inputs.GetPolicyDocumentStatementInputArgs\n {\n Effect = \"Allow\",\n Actions = new[]\n {\n \"SNS:Publish\",\n },\n Principals = new[]\n {\n new Aws.Iam.Inputs.GetPolicyDocumentStatementPrincipalInputArgs\n {\n Type = \"Service\",\n Identifiers = new[]\n {\n \"events.amazonaws.com\",\n },\n },\n },\n Resources = new[]\n {\n awsLogins.Arn,\n },\n },\n },\n });\n\n var @default = new Aws.Sns.TopicPolicy(\"default\", new()\n {\n Arn = awsLogins.Arn,\n Policy = snsTopicPolicy.Apply(getPolicyDocumentResult =\u003e getPolicyDocumentResult.Json),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"encoding/json\"\n\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/cloudwatch\"\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/iam\"\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/sns\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\nfunc main() {\npulumi.Run(func(ctx *pulumi.Context) error {\ntmpJSON0, err := json.Marshal(map[string]interface{}{\n\"detail-type\": []string{\n\"AWS Console Sign In via CloudTrail\",\n},\n})\nif err != nil {\nreturn err\n}\njson0 := string(tmpJSON0)\nconsole, err := cloudwatch.NewEventRule(ctx, \"console\", \u0026cloudwatch.EventRuleArgs{\nDescription: pulumi.String(\"Capture each AWS Console Sign In\"),\nEventPattern: pulumi.String(json0),\n})\nif err != nil {\nreturn err\n}\nawsLogins, err := sns.NewTopic(ctx, \"awsLogins\", nil)\nif err != nil {\nreturn err\n}\n_, err = cloudwatch.NewEventTarget(ctx, \"sns\", \u0026cloudwatch.EventTargetArgs{\nRule: console.Name,\nArn: awsLogins.Arn,\n})\nif err != nil {\nreturn err\n}\nsnsTopicPolicy := awsLogins.Arn.ApplyT(func(arn string) (iam.GetPolicyDocumentResult, error) {\nreturn iam.GetPolicyDocumentOutput(ctx, iam.GetPolicyDocumentOutputArgs{\nStatements: []iam.GetPolicyDocumentStatement{\n{\nEffect: \"Allow\",\nActions: []string{\n\"SNS:Publish\",\n},\nPrincipals: []iam.GetPolicyDocumentStatementPrincipal{\n{\nType: \"Service\",\nIdentifiers: []string{\n\"events.amazonaws.com\",\n},\n},\n},\nResources: interface{}{\narn,\n},\n},\n},\n}, nil), nil\n}).(iam.GetPolicyDocumentResultOutput)\n_, err = sns.NewTopicPolicy(ctx, \"default\", \u0026sns.TopicPolicyArgs{\nArn: awsLogins.Arn,\nPolicy: snsTopicPolicy.ApplyT(func(snsTopicPolicy iam.GetPolicyDocumentResult) (*string, error) {\nreturn \u0026snsTopicPolicy.Json, nil\n}).(pulumi.StringPtrOutput),\n})\nif err != nil {\nreturn err\n}\nreturn nil\n})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.aws.cloudwatch.EventRule;\nimport com.pulumi.aws.cloudwatch.EventRuleArgs;\nimport com.pulumi.aws.sns.Topic;\nimport com.pulumi.aws.cloudwatch.EventTarget;\nimport com.pulumi.aws.cloudwatch.EventTargetArgs;\nimport com.pulumi.aws.iam.IamFunctions;\nimport com.pulumi.aws.iam.inputs.GetPolicyDocumentArgs;\nimport com.pulumi.aws.sns.TopicPolicy;\nimport com.pulumi.aws.sns.TopicPolicyArgs;\nimport static com.pulumi.codegen.internal.Serialization.*;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var console = new EventRule(\"console\", EventRuleArgs.builder() \n .description(\"Capture each AWS Console Sign In\")\n .eventPattern(serializeJson(\n jsonObject(\n jsonProperty(\"detail-type\", jsonArray(\"AWS Console Sign In via CloudTrail\"))\n )))\n .build());\n\n var awsLogins = new Topic(\"awsLogins\");\n\n var sns = new EventTarget(\"sns\", EventTargetArgs.builder() \n .rule(console.name())\n .arn(awsLogins.arn())\n .build());\n\n final var snsTopicPolicy = IamFunctions.getPolicyDocument(GetPolicyDocumentArgs.builder()\n .statements(GetPolicyDocumentStatementArgs.builder()\n .effect(\"Allow\")\n .actions(\"SNS:Publish\")\n .principals(GetPolicyDocumentStatementPrincipalArgs.builder()\n .type(\"Service\")\n .identifiers(\"events.amazonaws.com\")\n .build())\n .resources(awsLogins.arn())\n .build())\n .build());\n\n var default_ = new TopicPolicy(\"default\", TopicPolicyArgs.builder() \n .arn(awsLogins.arn())\n .policy(snsTopicPolicy.applyValue(getPolicyDocumentResult -\u003e getPolicyDocumentResult).applyValue(snsTopicPolicy -\u003e snsTopicPolicy.applyValue(getPolicyDocumentResult -\u003e getPolicyDocumentResult.json())))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n console:\n type: aws:cloudwatch:EventRule\n properties:\n description: Capture each AWS Console Sign In\n eventPattern:\n fn::toJSON:\n detail-type:\n - AWS Console Sign In via CloudTrail\n sns:\n type: aws:cloudwatch:EventTarget\n properties:\n rule: ${console.name}\n arn: ${awsLogins.arn}\n awsLogins:\n type: aws:sns:Topic\n default:\n type: aws:sns:TopicPolicy\n properties:\n arn: ${awsLogins.arn}\n policy: ${snsTopicPolicy.json}\nvariables:\n snsTopicPolicy:\n fn::invoke:\n Function: aws:iam:getPolicyDocument\n Arguments:\n statements:\n - effect: Allow\n actions:\n - SNS:Publish\n principals:\n - type: Service\n identifiers:\n - events.amazonaws.com\n resources:\n - ${awsLogins.arn}\n```\n{{% /example %}}\n{{% /examples %}}\n\n## Import\n\nterraform import {\n\n to = aws_cloudwatch_event_rule.console\n\n id = \"example-event-bus/capture-console-sign-in\" } Using `pulumi import`, import EventBridge Rules using the `event_bus_name/rule_name` (if you omit `event_bus_name`, the `default` event bus will be used). For exampleconsole % pulumi import aws_cloudwatch_event_rule.console example-event-bus/capture-console-sign-in ", "properties": { "arn": { "type": "string", @@ -152474,7 +152471,7 @@ } }, "aws:codebuild/project:Project": { - "description": "Provides a CodeBuild Project resource. See also the `aws.codebuild.Webhook` resource, which manages the webhook to the source (e.g., the \"rebuild every time a code change is pushed\" option in the CodeBuild web console).\n\n{{% examples %}}\n## Example Usage\n{{% example %}}\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst exampleBucketV2 = new aws.s3.BucketV2(\"exampleBucketV2\", {});\nconst exampleBucketAclV2 = new aws.s3.BucketAclV2(\"exampleBucketAclV2\", {\n bucket: exampleBucketV2.id,\n acl: \"private\",\n});\nconst assumeRole = aws.iam.getPolicyDocument({\n statements: [{\n effect: \"Allow\",\n principals: [{\n type: \"Service\",\n identifiers: [\"codebuild.amazonaws.com\"],\n }],\n actions: [\"sts:AssumeRole\"],\n }],\n});\nconst exampleRole = new aws.iam.Role(\"exampleRole\", {assumeRolePolicy: assumeRole.then(assumeRole =\u003e assumeRole.json)});\nconst examplePolicyDocument = pulumi.all([exampleBucketV2.arn, exampleBucketV2.arn]).apply(([exampleBucketV2Arn, exampleBucketV2Arn1]) =\u003e aws.iam.getPolicyDocumentOutput({\n statements: [\n {\n effect: \"Allow\",\n actions: [\n \"logs:CreateLogGroup\",\n \"logs:CreateLogStream\",\n \"logs:PutLogEvents\",\n ],\n resources: [\"*\"],\n },\n {\n effect: \"Allow\",\n actions: [\n \"ec2:CreateNetworkInterface\",\n \"ec2:DescribeDhcpOptions\",\n \"ec2:DescribeNetworkInterfaces\",\n \"ec2:DeleteNetworkInterface\",\n \"ec2:DescribeSubnets\",\n \"ec2:DescribeSecurityGroups\",\n \"ec2:DescribeVpcs\",\n ],\n resources: [\"*\"],\n },\n {\n effect: \"Allow\",\n actions: [\"ec2:CreateNetworkInterfacePermission\"],\n resources: [\"arn:aws:ec2:us-east-1:123456789012:network-interface/*\"],\n conditions: [\n {\n test: \"StringEquals\",\n variable: \"ec2:Subnet\",\n values: [\n aws_subnet.example1.arn,\n aws_subnet.example2.arn,\n ],\n },\n {\n test: \"StringEquals\",\n variable: \"ec2:AuthorizedService\",\n values: [\"codebuild.amazonaws.com\"],\n },\n ],\n },\n {\n effect: \"Allow\",\n actions: [\"s3:*\"],\n resources: [\n exampleBucketV2Arn,\n `${exampleBucketV2Arn1}/*`,\n ],\n },\n ],\n}));\nconst exampleRolePolicy = new aws.iam.RolePolicy(\"exampleRolePolicy\", {\n role: exampleRole.name,\n policy: examplePolicyDocument.apply(examplePolicyDocument =\u003e examplePolicyDocument.json),\n});\nconst exampleProject = new aws.codebuild.Project(\"exampleProject\", {\n description: \"test_codebuild_project\",\n buildTimeout: 5,\n serviceRole: exampleRole.arn,\n artifacts: {\n type: \"NO_ARTIFACTS\",\n },\n cache: {\n type: \"S3\",\n location: exampleBucketV2.bucket,\n },\n environment: {\n computeType: \"BUILD_GENERAL1_SMALL\",\n image: \"aws/codebuild/amazonlinux2-x86_64-standard:4.0\",\n type: \"LINUX_CONTAINER\",\n imagePullCredentialsType: \"CODEBUILD\",\n environmentVariables: [\n {\n name: \"SOME_KEY1\",\n value: \"SOME_VALUE1\",\n },\n {\n name: \"SOME_KEY2\",\n value: \"SOME_VALUE2\",\n type: \"PARAMETER_STORE\",\n },\n ],\n },\n logsConfig: {\n cloudwatchLogs: {\n groupName: \"log-group\",\n streamName: \"log-stream\",\n },\n s3Logs: {\n status: \"ENABLED\",\n location: pulumi.interpolate`${exampleBucketV2.id}/build-log`,\n },\n },\n source: {\n type: \"GITHUB\",\n location: \"https://github.com/mitchellh/packer.git\",\n gitCloneDepth: 1,\n gitSubmodulesConfig: {\n fetchSubmodules: true,\n },\n },\n sourceVersion: \"master\",\n vpcConfig: {\n vpcId: aws_vpc.example.id,\n subnets: [\n aws_subnet.example1.id,\n aws_subnet.example2.id,\n ],\n securityGroupIds: [\n aws_security_group.example1.id,\n aws_security_group.example2.id,\n ],\n },\n tags: {\n Environment: \"Test\",\n },\n});\nconst project_with_cache = new aws.codebuild.Project(\"project-with-cache\", {\n description: \"test_codebuild_project_cache\",\n buildTimeout: 5,\n queuedTimeout: 5,\n serviceRole: exampleRole.arn,\n artifacts: {\n type: \"NO_ARTIFACTS\",\n },\n cache: {\n type: \"LOCAL\",\n modes: [\n \"LOCAL_DOCKER_LAYER_CACHE\",\n \"LOCAL_SOURCE_CACHE\",\n ],\n },\n environment: {\n computeType: \"BUILD_GENERAL1_SMALL\",\n image: \"aws/codebuild/amazonlinux2-x86_64-standard:4.0\",\n type: \"LINUX_CONTAINER\",\n imagePullCredentialsType: \"CODEBUILD\",\n environmentVariables: [{\n name: \"SOME_KEY1\",\n value: \"SOME_VALUE1\",\n }],\n },\n source: {\n type: \"GITHUB\",\n location: \"https://github.com/mitchellh/packer.git\",\n gitCloneDepth: 1,\n },\n tags: {\n Environment: \"Test\",\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nexample_bucket_v2 = aws.s3.BucketV2(\"exampleBucketV2\")\nexample_bucket_acl_v2 = aws.s3.BucketAclV2(\"exampleBucketAclV2\",\n bucket=example_bucket_v2.id,\n acl=\"private\")\nassume_role = aws.iam.get_policy_document(statements=[aws.iam.GetPolicyDocumentStatementArgs(\n effect=\"Allow\",\n principals=[aws.iam.GetPolicyDocumentStatementPrincipalArgs(\n type=\"Service\",\n identifiers=[\"codebuild.amazonaws.com\"],\n )],\n actions=[\"sts:AssumeRole\"],\n)])\nexample_role = aws.iam.Role(\"exampleRole\", assume_role_policy=assume_role.json)\nexample_policy_document = pulumi.Output.all(example_bucket_v2.arn, example_bucket_v2.arn).apply(lambda exampleBucketV2Arn, exampleBucketV2Arn1: aws.iam.get_policy_document_output(statements=[\n aws.iam.GetPolicyDocumentStatementArgs(\n effect=\"Allow\",\n actions=[\n \"logs:CreateLogGroup\",\n \"logs:CreateLogStream\",\n \"logs:PutLogEvents\",\n ],\n resources=[\"*\"],\n ),\n aws.iam.GetPolicyDocumentStatementArgs(\n effect=\"Allow\",\n actions=[\n \"ec2:CreateNetworkInterface\",\n \"ec2:DescribeDhcpOptions\",\n \"ec2:DescribeNetworkInterfaces\",\n \"ec2:DeleteNetworkInterface\",\n \"ec2:DescribeSubnets\",\n \"ec2:DescribeSecurityGroups\",\n \"ec2:DescribeVpcs\",\n ],\n resources=[\"*\"],\n ),\n aws.iam.GetPolicyDocumentStatementArgs(\n effect=\"Allow\",\n actions=[\"ec2:CreateNetworkInterfacePermission\"],\n resources=[\"arn:aws:ec2:us-east-1:123456789012:network-interface/*\"],\n conditions=[\n aws.iam.GetPolicyDocumentStatementConditionArgs(\n test=\"StringEquals\",\n variable=\"ec2:Subnet\",\n values=[\n aws_subnet[\"example1\"][\"arn\"],\n aws_subnet[\"example2\"][\"arn\"],\n ],\n ),\n aws.iam.GetPolicyDocumentStatementConditionArgs(\n test=\"StringEquals\",\n variable=\"ec2:AuthorizedService\",\n values=[\"codebuild.amazonaws.com\"],\n ),\n ],\n ),\n aws.iam.GetPolicyDocumentStatementArgs(\n effect=\"Allow\",\n actions=[\"s3:*\"],\n resources=[\n example_bucket_v2_arn,\n f\"{example_bucket_v2_arn1}/*\",\n ],\n ),\n]))\nexample_role_policy = aws.iam.RolePolicy(\"exampleRolePolicy\",\n role=example_role.name,\n policy=example_policy_document.json)\nexample_project = aws.codebuild.Project(\"exampleProject\",\n description=\"test_codebuild_project\",\n build_timeout=5,\n service_role=example_role.arn,\n artifacts=aws.codebuild.ProjectArtifactsArgs(\n type=\"NO_ARTIFACTS\",\n ),\n cache=aws.codebuild.ProjectCacheArgs(\n type=\"S3\",\n location=example_bucket_v2.bucket,\n ),\n environment=aws.codebuild.ProjectEnvironmentArgs(\n compute_type=\"BUILD_GENERAL1_SMALL\",\n image=\"aws/codebuild/amazonlinux2-x86_64-standard:4.0\",\n type=\"LINUX_CONTAINER\",\n image_pull_credentials_type=\"CODEBUILD\",\n environment_variables=[\n aws.codebuild.ProjectEnvironmentEnvironmentVariableArgs(\n name=\"SOME_KEY1\",\n value=\"SOME_VALUE1\",\n ),\n aws.codebuild.ProjectEnvironmentEnvironmentVariableArgs(\n name=\"SOME_KEY2\",\n value=\"SOME_VALUE2\",\n type=\"PARAMETER_STORE\",\n ),\n ],\n ),\n logs_config=aws.codebuild.ProjectLogsConfigArgs(\n cloudwatch_logs=aws.codebuild.ProjectLogsConfigCloudwatchLogsArgs(\n group_name=\"log-group\",\n stream_name=\"log-stream\",\n ),\n s3_logs=aws.codebuild.ProjectLogsConfigS3LogsArgs(\n status=\"ENABLED\",\n location=example_bucket_v2.id.apply(lambda id: f\"{id}/build-log\"),\n ),\n ),\n source=aws.codebuild.ProjectSourceArgs(\n type=\"GITHUB\",\n location=\"https://github.com/mitchellh/packer.git\",\n git_clone_depth=1,\n git_submodules_config=aws.codebuild.ProjectSourceGitSubmodulesConfigArgs(\n fetch_submodules=True,\n ),\n ),\n source_version=\"master\",\n vpc_config=aws.codebuild.ProjectVpcConfigArgs(\n vpc_id=aws_vpc[\"example\"][\"id\"],\n subnets=[\n aws_subnet[\"example1\"][\"id\"],\n aws_subnet[\"example2\"][\"id\"],\n ],\n security_group_ids=[\n aws_security_group[\"example1\"][\"id\"],\n aws_security_group[\"example2\"][\"id\"],\n ],\n ),\n tags={\n \"Environment\": \"Test\",\n })\nproject_with_cache = aws.codebuild.Project(\"project-with-cache\",\n description=\"test_codebuild_project_cache\",\n build_timeout=5,\n queued_timeout=5,\n service_role=example_role.arn,\n artifacts=aws.codebuild.ProjectArtifactsArgs(\n type=\"NO_ARTIFACTS\",\n ),\n cache=aws.codebuild.ProjectCacheArgs(\n type=\"LOCAL\",\n modes=[\n \"LOCAL_DOCKER_LAYER_CACHE\",\n \"LOCAL_SOURCE_CACHE\",\n ],\n ),\n environment=aws.codebuild.ProjectEnvironmentArgs(\n compute_type=\"BUILD_GENERAL1_SMALL\",\n image=\"aws/codebuild/amazonlinux2-x86_64-standard:4.0\",\n type=\"LINUX_CONTAINER\",\n image_pull_credentials_type=\"CODEBUILD\",\n environment_variables=[aws.codebuild.ProjectEnvironmentEnvironmentVariableArgs(\n name=\"SOME_KEY1\",\n value=\"SOME_VALUE1\",\n )],\n ),\n source=aws.codebuild.ProjectSourceArgs(\n type=\"GITHUB\",\n location=\"https://github.com/mitchellh/packer.git\",\n git_clone_depth=1,\n ),\n tags={\n \"Environment\": \"Test\",\n })\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var exampleBucketV2 = new Aws.S3.BucketV2(\"exampleBucketV2\");\n\n var exampleBucketAclV2 = new Aws.S3.BucketAclV2(\"exampleBucketAclV2\", new()\n {\n Bucket = exampleBucketV2.Id,\n Acl = \"private\",\n });\n\n var assumeRole = Aws.Iam.GetPolicyDocument.Invoke(new()\n {\n Statements = new[]\n {\n new Aws.Iam.Inputs.GetPolicyDocumentStatementInputArgs\n {\n Effect = \"Allow\",\n Principals = new[]\n {\n new Aws.Iam.Inputs.GetPolicyDocumentStatementPrincipalInputArgs\n {\n Type = \"Service\",\n Identifiers = new[]\n {\n \"codebuild.amazonaws.com\",\n },\n },\n },\n Actions = new[]\n {\n \"sts:AssumeRole\",\n },\n },\n },\n });\n\n var exampleRole = new Aws.Iam.Role(\"exampleRole\", new()\n {\n AssumeRolePolicy = assumeRole.Apply(getPolicyDocumentResult =\u003e getPolicyDocumentResult.Json),\n });\n\n var examplePolicyDocument = Aws.Iam.GetPolicyDocument.Invoke(new()\n {\n Statements = new[]\n {\n new Aws.Iam.Inputs.GetPolicyDocumentStatementInputArgs\n {\n Effect = \"Allow\",\n Actions = new[]\n {\n \"logs:CreateLogGroup\",\n \"logs:CreateLogStream\",\n \"logs:PutLogEvents\",\n },\n Resources = new[]\n {\n \"*\",\n },\n },\n new Aws.Iam.Inputs.GetPolicyDocumentStatementInputArgs\n {\n Effect = \"Allow\",\n Actions = new[]\n {\n \"ec2:CreateNetworkInterface\",\n \"ec2:DescribeDhcpOptions\",\n \"ec2:DescribeNetworkInterfaces\",\n \"ec2:DeleteNetworkInterface\",\n \"ec2:DescribeSubnets\",\n \"ec2:DescribeSecurityGroups\",\n \"ec2:DescribeVpcs\",\n },\n Resources = new[]\n {\n \"*\",\n },\n },\n new Aws.Iam.Inputs.GetPolicyDocumentStatementInputArgs\n {\n Effect = \"Allow\",\n Actions = new[]\n {\n \"ec2:CreateNetworkInterfacePermission\",\n },\n Resources = new[]\n {\n \"arn:aws:ec2:us-east-1:123456789012:network-interface/*\",\n },\n Conditions = new[]\n {\n new Aws.Iam.Inputs.GetPolicyDocumentStatementConditionInputArgs\n {\n Test = \"StringEquals\",\n Variable = \"ec2:Subnet\",\n Values = new[]\n {\n aws_subnet.Example1.Arn,\n aws_subnet.Example2.Arn,\n },\n },\n new Aws.Iam.Inputs.GetPolicyDocumentStatementConditionInputArgs\n {\n Test = \"StringEquals\",\n Variable = \"ec2:AuthorizedService\",\n Values = new[]\n {\n \"codebuild.amazonaws.com\",\n },\n },\n },\n },\n new Aws.Iam.Inputs.GetPolicyDocumentStatementInputArgs\n {\n Effect = \"Allow\",\n Actions = new[]\n {\n \"s3:*\",\n },\n Resources = new[]\n {\n exampleBucketV2.Arn,\n $\"{exampleBucketV2.Arn}/*\",\n },\n },\n },\n });\n\n var exampleRolePolicy = new Aws.Iam.RolePolicy(\"exampleRolePolicy\", new()\n {\n Role = exampleRole.Name,\n Policy = examplePolicyDocument.Apply(getPolicyDocumentResult =\u003e getPolicyDocumentResult.Json),\n });\n\n var exampleProject = new Aws.CodeBuild.Project(\"exampleProject\", new()\n {\n Description = \"test_codebuild_project\",\n BuildTimeout = 5,\n ServiceRole = exampleRole.Arn,\n Artifacts = new Aws.CodeBuild.Inputs.ProjectArtifactsArgs\n {\n Type = \"NO_ARTIFACTS\",\n },\n Cache = new Aws.CodeBuild.Inputs.ProjectCacheArgs\n {\n Type = \"S3\",\n Location = exampleBucketV2.Bucket,\n },\n Environment = new Aws.CodeBuild.Inputs.ProjectEnvironmentArgs\n {\n ComputeType = \"BUILD_GENERAL1_SMALL\",\n Image = \"aws/codebuild/amazonlinux2-x86_64-standard:4.0\",\n Type = \"LINUX_CONTAINER\",\n ImagePullCredentialsType = \"CODEBUILD\",\n EnvironmentVariables = new[]\n {\n new Aws.CodeBuild.Inputs.ProjectEnvironmentEnvironmentVariableArgs\n {\n Name = \"SOME_KEY1\",\n Value = \"SOME_VALUE1\",\n },\n new Aws.CodeBuild.Inputs.ProjectEnvironmentEnvironmentVariableArgs\n {\n Name = \"SOME_KEY2\",\n Value = \"SOME_VALUE2\",\n Type = \"PARAMETER_STORE\",\n },\n },\n },\n LogsConfig = new Aws.CodeBuild.Inputs.ProjectLogsConfigArgs\n {\n CloudwatchLogs = new Aws.CodeBuild.Inputs.ProjectLogsConfigCloudwatchLogsArgs\n {\n GroupName = \"log-group\",\n StreamName = \"log-stream\",\n },\n S3Logs = new Aws.CodeBuild.Inputs.ProjectLogsConfigS3LogsArgs\n {\n Status = \"ENABLED\",\n Location = exampleBucketV2.Id.Apply(id =\u003e $\"{id}/build-log\"),\n },\n },\n Source = new Aws.CodeBuild.Inputs.ProjectSourceArgs\n {\n Type = \"GITHUB\",\n Location = \"https://github.com/mitchellh/packer.git\",\n GitCloneDepth = 1,\n GitSubmodulesConfig = new Aws.CodeBuild.Inputs.ProjectSourceGitSubmodulesConfigArgs\n {\n FetchSubmodules = true,\n },\n },\n SourceVersion = \"master\",\n VpcConfig = new Aws.CodeBuild.Inputs.ProjectVpcConfigArgs\n {\n VpcId = aws_vpc.Example.Id,\n Subnets = new[]\n {\n aws_subnet.Example1.Id,\n aws_subnet.Example2.Id,\n },\n SecurityGroupIds = new[]\n {\n aws_security_group.Example1.Id,\n aws_security_group.Example2.Id,\n },\n },\n Tags = \n {\n { \"Environment\", \"Test\" },\n },\n });\n\n var project_with_cache = new Aws.CodeBuild.Project(\"project-with-cache\", new()\n {\n Description = \"test_codebuild_project_cache\",\n BuildTimeout = 5,\n QueuedTimeout = 5,\n ServiceRole = exampleRole.Arn,\n Artifacts = new Aws.CodeBuild.Inputs.ProjectArtifactsArgs\n {\n Type = \"NO_ARTIFACTS\",\n },\n Cache = new Aws.CodeBuild.Inputs.ProjectCacheArgs\n {\n Type = \"LOCAL\",\n Modes = new[]\n {\n \"LOCAL_DOCKER_LAYER_CACHE\",\n \"LOCAL_SOURCE_CACHE\",\n },\n },\n Environment = new Aws.CodeBuild.Inputs.ProjectEnvironmentArgs\n {\n ComputeType = \"BUILD_GENERAL1_SMALL\",\n Image = \"aws/codebuild/amazonlinux2-x86_64-standard:4.0\",\n Type = \"LINUX_CONTAINER\",\n ImagePullCredentialsType = \"CODEBUILD\",\n EnvironmentVariables = new[]\n {\n new Aws.CodeBuild.Inputs.ProjectEnvironmentEnvironmentVariableArgs\n {\n Name = \"SOME_KEY1\",\n Value = \"SOME_VALUE1\",\n },\n },\n },\n Source = new Aws.CodeBuild.Inputs.ProjectSourceArgs\n {\n Type = \"GITHUB\",\n Location = \"https://github.com/mitchellh/packer.git\",\n GitCloneDepth = 1,\n },\n Tags = \n {\n { \"Environment\", \"Test\" },\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\"fmt\"\n\n\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/codebuild\"\n\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/iam\"\n\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/s3\"\n)\nfunc main() {\npulumi.Run(func(ctx *pulumi.Context) error {\nexampleBucketV2, err := s3.NewBucketV2(ctx, \"exampleBucketV2\", nil)\nif err != nil {\nreturn err\n}\n_, err = s3.NewBucketAclV2(ctx, \"exampleBucketAclV2\", \u0026s3.BucketAclV2Args{\nBucket: exampleBucketV2.ID(),\nAcl: pulumi.String(\"private\"),\n})\nif err != nil {\nreturn err\n}\nassumeRole, err := iam.GetPolicyDocument(ctx, \u0026iam.GetPolicyDocumentArgs{\nStatements: []iam.GetPolicyDocumentStatement{\n{\nEffect: pulumi.StringRef(\"Allow\"),\nPrincipals: []iam.GetPolicyDocumentStatementPrincipal{\n{\nType: \"Service\",\nIdentifiers: []string{\n\"codebuild.amazonaws.com\",\n},\n},\n},\nActions: []string{\n\"sts:AssumeRole\",\n},\n},\n},\n}, nil);\nif err != nil {\nreturn err\n}\nexampleRole, err := iam.NewRole(ctx, \"exampleRole\", \u0026iam.RoleArgs{\nAssumeRolePolicy: *pulumi.String(assumeRole.Json),\n})\nif err != nil {\nreturn err\n}\nexamplePolicyDocument := pulumi.All(exampleBucketV2.Arn,exampleBucketV2.Arn).ApplyT(func(_args []interface{}) (iam.GetPolicyDocumentResult, error) {\nexampleBucketV2Arn := _args[0].(string)\nexampleBucketV2Arn1 := _args[1].(string)\nreturn iam.GetPolicyDocumentOutput(ctx, iam.GetPolicyDocumentOutputArgs{\nStatements: []iam.GetPolicyDocumentStatement{\n{\nEffect: \"Allow\",\nActions: []string{\n\"logs:CreateLogGroup\",\n\"logs:CreateLogStream\",\n\"logs:PutLogEvents\",\n},\nResources: []string{\n\"*\",\n},\n},\n{\nEffect: \"Allow\",\nActions: []string{\n\"ec2:CreateNetworkInterface\",\n\"ec2:DescribeDhcpOptions\",\n\"ec2:DescribeNetworkInterfaces\",\n\"ec2:DeleteNetworkInterface\",\n\"ec2:DescribeSubnets\",\n\"ec2:DescribeSecurityGroups\",\n\"ec2:DescribeVpcs\",\n},\nResources: []string{\n\"*\",\n},\n},\n{\nEffect: \"Allow\",\nActions: []string{\n\"ec2:CreateNetworkInterfacePermission\",\n},\nResources: []string{\n\"arn:aws:ec2:us-east-1:123456789012:network-interface/*\",\n},\nConditions: []iam.GetPolicyDocumentStatementCondition{\n{\nTest: \"StringEquals\",\nVariable: \"ec2:Subnet\",\nValues: interface{}{\naws_subnet.Example1.Arn,\naws_subnet.Example2.Arn,\n},\n},\n{\nTest: \"StringEquals\",\nVariable: \"ec2:AuthorizedService\",\nValues: []string{\n\"codebuild.amazonaws.com\",\n},\n},\n},\n},\n{\nEffect: \"Allow\",\nActions: []string{\n\"s3:*\",\n},\nResources: []string{\nexampleBucketV2Arn,\nfmt.Sprintf(\"%v/*\", exampleBucketV2Arn1),\n},\n},\n},\n}, nil), nil\n}).(iam.GetPolicyDocumentResultOutput)\n_, err = iam.NewRolePolicy(ctx, \"exampleRolePolicy\", \u0026iam.RolePolicyArgs{\nRole: exampleRole.Name,\nPolicy: examplePolicyDocument.ApplyT(func(examplePolicyDocument iam.GetPolicyDocumentResult) (*string, error) {\nreturn \u0026examplePolicyDocument.Json, nil\n}).(pulumi.StringPtrOutput),\n})\nif err != nil {\nreturn err\n}\n_, err = codebuild.NewProject(ctx, \"exampleProject\", \u0026codebuild.ProjectArgs{\nDescription: pulumi.String(\"test_codebuild_project\"),\nBuildTimeout: pulumi.Int(5),\nServiceRole: exampleRole.Arn,\nArtifacts: \u0026codebuild.ProjectArtifactsArgs{\nType: pulumi.String(\"NO_ARTIFACTS\"),\n},\nCache: \u0026codebuild.ProjectCacheArgs{\nType: pulumi.String(\"S3\"),\nLocation: exampleBucketV2.Bucket,\n},\nEnvironment: \u0026codebuild.ProjectEnvironmentArgs{\nComputeType: pulumi.String(\"BUILD_GENERAL1_SMALL\"),\nImage: pulumi.String(\"aws/codebuild/amazonlinux2-x86_64-standard:4.0\"),\nType: pulumi.String(\"LINUX_CONTAINER\"),\nImagePullCredentialsType: pulumi.String(\"CODEBUILD\"),\nEnvironmentVariables: codebuild.ProjectEnvironmentEnvironmentVariableArray{\n\u0026codebuild.ProjectEnvironmentEnvironmentVariableArgs{\nName: pulumi.String(\"SOME_KEY1\"),\nValue: pulumi.String(\"SOME_VALUE1\"),\n},\n\u0026codebuild.ProjectEnvironmentEnvironmentVariableArgs{\nName: pulumi.String(\"SOME_KEY2\"),\nValue: pulumi.String(\"SOME_VALUE2\"),\nType: pulumi.String(\"PARAMETER_STORE\"),\n},\n},\n},\nLogsConfig: \u0026codebuild.ProjectLogsConfigArgs{\nCloudwatchLogs: \u0026codebuild.ProjectLogsConfigCloudwatchLogsArgs{\nGroupName: pulumi.String(\"log-group\"),\nStreamName: pulumi.String(\"log-stream\"),\n},\nS3Logs: \u0026codebuild.ProjectLogsConfigS3LogsArgs{\nStatus: pulumi.String(\"ENABLED\"),\nLocation: exampleBucketV2.ID().ApplyT(func(id string) (string, error) {\nreturn fmt.Sprintf(\"%v/build-log\", id), nil\n}).(pulumi.StringOutput),\n},\n},\nSource: \u0026codebuild.ProjectSourceArgs{\nType: pulumi.String(\"GITHUB\"),\nLocation: pulumi.String(\"https://github.com/mitchellh/packer.git\"),\nGitCloneDepth: pulumi.Int(1),\nGitSubmodulesConfig: \u0026codebuild.ProjectSourceGitSubmodulesConfigArgs{\nFetchSubmodules: pulumi.Bool(true),\n},\n},\nSourceVersion: pulumi.String(\"master\"),\nVpcConfig: \u0026codebuild.ProjectVpcConfigArgs{\nVpcId: pulumi.Any(aws_vpc.Example.Id),\nSubnets: pulumi.StringArray{\naws_subnet.Example1.Id,\naws_subnet.Example2.Id,\n},\nSecurityGroupIds: pulumi.StringArray{\naws_security_group.Example1.Id,\naws_security_group.Example2.Id,\n},\n},\nTags: pulumi.StringMap{\n\"Environment\": pulumi.String(\"Test\"),\n},\n})\nif err != nil {\nreturn err\n}\n_, err = codebuild.NewProject(ctx, \"project-with-cache\", \u0026codebuild.ProjectArgs{\nDescription: pulumi.String(\"test_codebuild_project_cache\"),\nBuildTimeout: pulumi.Int(5),\nQueuedTimeout: pulumi.Int(5),\nServiceRole: exampleRole.Arn,\nArtifacts: \u0026codebuild.ProjectArtifactsArgs{\nType: pulumi.String(\"NO_ARTIFACTS\"),\n},\nCache: \u0026codebuild.ProjectCacheArgs{\nType: pulumi.String(\"LOCAL\"),\nModes: pulumi.StringArray{\npulumi.String(\"LOCAL_DOCKER_LAYER_CACHE\"),\npulumi.String(\"LOCAL_SOURCE_CACHE\"),\n},\n},\nEnvironment: \u0026codebuild.ProjectEnvironmentArgs{\nComputeType: pulumi.String(\"BUILD_GENERAL1_SMALL\"),\nImage: pulumi.String(\"aws/codebuild/amazonlinux2-x86_64-standard:4.0\"),\nType: pulumi.String(\"LINUX_CONTAINER\"),\nImagePullCredentialsType: pulumi.String(\"CODEBUILD\"),\nEnvironmentVariables: codebuild.ProjectEnvironmentEnvironmentVariableArray{\n\u0026codebuild.ProjectEnvironmentEnvironmentVariableArgs{\nName: pulumi.String(\"SOME_KEY1\"),\nValue: pulumi.String(\"SOME_VALUE1\"),\n},\n},\n},\nSource: \u0026codebuild.ProjectSourceArgs{\nType: pulumi.String(\"GITHUB\"),\nLocation: pulumi.String(\"https://github.com/mitchellh/packer.git\"),\nGitCloneDepth: pulumi.Int(1),\n},\nTags: pulumi.StringMap{\n\"Environment\": pulumi.String(\"Test\"),\n},\n})\nif err != nil {\nreturn err\n}\nreturn nil\n})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.aws.s3.BucketV2;\nimport com.pulumi.aws.s3.BucketAclV2;\nimport com.pulumi.aws.s3.BucketAclV2Args;\nimport com.pulumi.aws.iam.IamFunctions;\nimport com.pulumi.aws.iam.inputs.GetPolicyDocumentArgs;\nimport com.pulumi.aws.iam.Role;\nimport com.pulumi.aws.iam.RoleArgs;\nimport com.pulumi.aws.iam.RolePolicy;\nimport com.pulumi.aws.iam.RolePolicyArgs;\nimport com.pulumi.aws.codebuild.Project;\nimport com.pulumi.aws.codebuild.ProjectArgs;\nimport com.pulumi.aws.codebuild.inputs.ProjectArtifactsArgs;\nimport com.pulumi.aws.codebuild.inputs.ProjectCacheArgs;\nimport com.pulumi.aws.codebuild.inputs.ProjectEnvironmentArgs;\nimport com.pulumi.aws.codebuild.inputs.ProjectLogsConfigArgs;\nimport com.pulumi.aws.codebuild.inputs.ProjectLogsConfigCloudwatchLogsArgs;\nimport com.pulumi.aws.codebuild.inputs.ProjectLogsConfigS3LogsArgs;\nimport com.pulumi.aws.codebuild.inputs.ProjectSourceArgs;\nimport com.pulumi.aws.codebuild.inputs.ProjectSourceGitSubmodulesConfigArgs;\nimport com.pulumi.aws.codebuild.inputs.ProjectVpcConfigArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var exampleBucketV2 = new BucketV2(\"exampleBucketV2\");\n\n var exampleBucketAclV2 = new BucketAclV2(\"exampleBucketAclV2\", BucketAclV2Args.builder() \n .bucket(exampleBucketV2.id())\n .acl(\"private\")\n .build());\n\n final var assumeRole = IamFunctions.getPolicyDocument(GetPolicyDocumentArgs.builder()\n .statements(GetPolicyDocumentStatementArgs.builder()\n .effect(\"Allow\")\n .principals(GetPolicyDocumentStatementPrincipalArgs.builder()\n .type(\"Service\")\n .identifiers(\"codebuild.amazonaws.com\")\n .build())\n .actions(\"sts:AssumeRole\")\n .build())\n .build());\n\n var exampleRole = new Role(\"exampleRole\", RoleArgs.builder() \n .assumeRolePolicy(assumeRole.applyValue(getPolicyDocumentResult -\u003e getPolicyDocumentResult.json()))\n .build());\n\n final var examplePolicyDocument = IamFunctions.getPolicyDocument(GetPolicyDocumentArgs.builder()\n .statements( \n GetPolicyDocumentStatementArgs.builder()\n .effect(\"Allow\")\n .actions( \n \"logs:CreateLogGroup\",\n \"logs:CreateLogStream\",\n \"logs:PutLogEvents\")\n .resources(\"*\")\n .build(),\n GetPolicyDocumentStatementArgs.builder()\n .effect(\"Allow\")\n .actions( \n \"ec2:CreateNetworkInterface\",\n \"ec2:DescribeDhcpOptions\",\n \"ec2:DescribeNetworkInterfaces\",\n \"ec2:DeleteNetworkInterface\",\n \"ec2:DescribeSubnets\",\n \"ec2:DescribeSecurityGroups\",\n \"ec2:DescribeVpcs\")\n .resources(\"*\")\n .build(),\n GetPolicyDocumentStatementArgs.builder()\n .effect(\"Allow\")\n .actions(\"ec2:CreateNetworkInterfacePermission\")\n .resources(\"arn:aws:ec2:us-east-1:123456789012:network-interface/*\")\n .conditions( \n GetPolicyDocumentStatementConditionArgs.builder()\n .test(\"StringEquals\")\n .variable(\"ec2:Subnet\")\n .values( \n aws_subnet.example1().arn(),\n aws_subnet.example2().arn())\n .build(),\n GetPolicyDocumentStatementConditionArgs.builder()\n .test(\"StringEquals\")\n .variable(\"ec2:AuthorizedService\")\n .values(\"codebuild.amazonaws.com\")\n .build())\n .build(),\n GetPolicyDocumentStatementArgs.builder()\n .effect(\"Allow\")\n .actions(\"s3:*\")\n .resources( \n exampleBucketV2.arn(),\n exampleBucketV2.arn().applyValue(arn -\u003e String.format(\"%s/*\", arn)))\n .build())\n .build());\n\n var exampleRolePolicy = new RolePolicy(\"exampleRolePolicy\", RolePolicyArgs.builder() \n .role(exampleRole.name())\n .policy(examplePolicyDocument.applyValue(getPolicyDocumentResult -\u003e getPolicyDocumentResult).applyValue(examplePolicyDocument -\u003e examplePolicyDocument.applyValue(getPolicyDocumentResult -\u003e getPolicyDocumentResult.json())))\n .build());\n\n var exampleProject = new Project(\"exampleProject\", ProjectArgs.builder() \n .description(\"test_codebuild_project\")\n .buildTimeout(\"5\")\n .serviceRole(exampleRole.arn())\n .artifacts(ProjectArtifactsArgs.builder()\n .type(\"NO_ARTIFACTS\")\n .build())\n .cache(ProjectCacheArgs.builder()\n .type(\"S3\")\n .location(exampleBucketV2.bucket())\n .build())\n .environment(ProjectEnvironmentArgs.builder()\n .computeType(\"BUILD_GENERAL1_SMALL\")\n .image(\"aws/codebuild/amazonlinux2-x86_64-standard:4.0\")\n .type(\"LINUX_CONTAINER\")\n .imagePullCredentialsType(\"CODEBUILD\")\n .environmentVariables( \n ProjectEnvironmentEnvironmentVariableArgs.builder()\n .name(\"SOME_KEY1\")\n .value(\"SOME_VALUE1\")\n .build(),\n ProjectEnvironmentEnvironmentVariableArgs.builder()\n .name(\"SOME_KEY2\")\n .value(\"SOME_VALUE2\")\n .type(\"PARAMETER_STORE\")\n .build())\n .build())\n .logsConfig(ProjectLogsConfigArgs.builder()\n .cloudwatchLogs(ProjectLogsConfigCloudwatchLogsArgs.builder()\n .groupName(\"log-group\")\n .streamName(\"log-stream\")\n .build())\n .s3Logs(ProjectLogsConfigS3LogsArgs.builder()\n .status(\"ENABLED\")\n .location(exampleBucketV2.id().applyValue(id -\u003e String.format(\"%s/build-log\", id)))\n .build())\n .build())\n .source(ProjectSourceArgs.builder()\n .type(\"GITHUB\")\n .location(\"https://github.com/mitchellh/packer.git\")\n .gitCloneDepth(1)\n .gitSubmodulesConfig(ProjectSourceGitSubmodulesConfigArgs.builder()\n .fetchSubmodules(true)\n .build())\n .build())\n .sourceVersion(\"master\")\n .vpcConfig(ProjectVpcConfigArgs.builder()\n .vpcId(aws_vpc.example().id())\n .subnets( \n aws_subnet.example1().id(),\n aws_subnet.example2().id())\n .securityGroupIds( \n aws_security_group.example1().id(),\n aws_security_group.example2().id())\n .build())\n .tags(Map.of(\"Environment\", \"Test\"))\n .build());\n\n var project_with_cache = new Project(\"project-with-cache\", ProjectArgs.builder() \n .description(\"test_codebuild_project_cache\")\n .buildTimeout(\"5\")\n .queuedTimeout(\"5\")\n .serviceRole(exampleRole.arn())\n .artifacts(ProjectArtifactsArgs.builder()\n .type(\"NO_ARTIFACTS\")\n .build())\n .cache(ProjectCacheArgs.builder()\n .type(\"LOCAL\")\n .modes( \n \"LOCAL_DOCKER_LAYER_CACHE\",\n \"LOCAL_SOURCE_CACHE\")\n .build())\n .environment(ProjectEnvironmentArgs.builder()\n .computeType(\"BUILD_GENERAL1_SMALL\")\n .image(\"aws/codebuild/amazonlinux2-x86_64-standard:4.0\")\n .type(\"LINUX_CONTAINER\")\n .imagePullCredentialsType(\"CODEBUILD\")\n .environmentVariables(ProjectEnvironmentEnvironmentVariableArgs.builder()\n .name(\"SOME_KEY1\")\n .value(\"SOME_VALUE1\")\n .build())\n .build())\n .source(ProjectSourceArgs.builder()\n .type(\"GITHUB\")\n .location(\"https://github.com/mitchellh/packer.git\")\n .gitCloneDepth(1)\n .build())\n .tags(Map.of(\"Environment\", \"Test\"))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n exampleBucketV2:\n type: aws:s3:BucketV2\n exampleBucketAclV2:\n type: aws:s3:BucketAclV2\n properties:\n bucket: ${exampleBucketV2.id}\n acl: private\n exampleRole:\n type: aws:iam:Role\n properties:\n assumeRolePolicy: ${assumeRole.json}\n exampleRolePolicy:\n type: aws:iam:RolePolicy\n properties:\n role: ${exampleRole.name}\n policy: ${examplePolicyDocument.json}\n exampleProject:\n type: aws:codebuild:Project\n properties:\n description: test_codebuild_project\n buildTimeout: '5'\n serviceRole: ${exampleRole.arn}\n artifacts:\n type: NO_ARTIFACTS\n cache:\n type: S3\n location: ${exampleBucketV2.bucket}\n environment:\n computeType: BUILD_GENERAL1_SMALL\n image: aws/codebuild/amazonlinux2-x86_64-standard:4.0\n type: LINUX_CONTAINER\n imagePullCredentialsType: CODEBUILD\n environmentVariables:\n - name: SOME_KEY1\n value: SOME_VALUE1\n - name: SOME_KEY2\n value: SOME_VALUE2\n type: PARAMETER_STORE\n logsConfig:\n cloudwatchLogs:\n groupName: log-group\n streamName: log-stream\n s3Logs:\n status: ENABLED\n location: ${exampleBucketV2.id}/build-log\n source:\n type: GITHUB\n location: https://github.com/mitchellh/packer.git\n gitCloneDepth: 1\n gitSubmodulesConfig:\n fetchSubmodules: true\n sourceVersion: master\n vpcConfig:\n vpcId: ${aws_vpc.example.id}\n subnets:\n - ${aws_subnet.example1.id}\n - ${aws_subnet.example2.id}\n securityGroupIds:\n - ${aws_security_group.example1.id}\n - ${aws_security_group.example2.id}\n tags:\n Environment: Test\n project-with-cache:\n type: aws:codebuild:Project\n properties:\n description: test_codebuild_project_cache\n buildTimeout: '5'\n queuedTimeout: '5'\n serviceRole: ${exampleRole.arn}\n artifacts:\n type: NO_ARTIFACTS\n cache:\n type: LOCAL\n modes:\n - LOCAL_DOCKER_LAYER_CACHE\n - LOCAL_SOURCE_CACHE\n environment:\n computeType: BUILD_GENERAL1_SMALL\n image: aws/codebuild/amazonlinux2-x86_64-standard:4.0\n type: LINUX_CONTAINER\n imagePullCredentialsType: CODEBUILD\n environmentVariables:\n - name: SOME_KEY1\n value: SOME_VALUE1\n source:\n type: GITHUB\n location: https://github.com/mitchellh/packer.git\n gitCloneDepth: 1\n tags:\n Environment: Test\nvariables:\n assumeRole:\n fn::invoke:\n Function: aws:iam:getPolicyDocument\n Arguments:\n statements:\n - effect: Allow\n principals:\n - type: Service\n identifiers:\n - codebuild.amazonaws.com\n actions:\n - sts:AssumeRole\n examplePolicyDocument:\n fn::invoke:\n Function: aws:iam:getPolicyDocument\n Arguments:\n statements:\n - effect: Allow\n actions:\n - logs:CreateLogGroup\n - logs:CreateLogStream\n - logs:PutLogEvents\n resources:\n - '*'\n - effect: Allow\n actions:\n - ec2:CreateNetworkInterface\n - ec2:DescribeDhcpOptions\n - ec2:DescribeNetworkInterfaces\n - ec2:DeleteNetworkInterface\n - ec2:DescribeSubnets\n - ec2:DescribeSecurityGroups\n - ec2:DescribeVpcs\n resources:\n - '*'\n - effect: Allow\n actions:\n - ec2:CreateNetworkInterfacePermission\n resources:\n - arn:aws:ec2:us-east-1:123456789012:network-interface/*\n conditions:\n - test: StringEquals\n variable: ec2:Subnet\n values:\n - ${aws_subnet.example1.arn}\n - ${aws_subnet.example2.arn}\n - test: StringEquals\n variable: ec2:AuthorizedService\n values:\n - codebuild.amazonaws.com\n - effect: Allow\n actions:\n - s3:*\n resources:\n - ${exampleBucketV2.arn}\n - ${exampleBucketV2.arn}/*\n```\n{{% /example %}}\n{{% /examples %}}\n\n## Import\n\nterraform import {\n\n to = aws_codebuild_project.name\n\n id = \"project-name\" } Using `pulumi import`, import CodeBuild Project using the `name`. For exampleconsole % pulumi import aws_codebuild_project.name project-name ", + "description": "Provides a CodeBuild Project resource. See also the `aws.codebuild.Webhook` resource, which manages the webhook to the source (e.g., the \"rebuild every time a code change is pushed\" option in the CodeBuild web console).\n\n{{% examples %}}\n## Example Usage\n{{% example %}}\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst exampleBucketV2 = new aws.s3.BucketV2(\"exampleBucketV2\", {});\nconst exampleBucketAclV2 = new aws.s3.BucketAclV2(\"exampleBucketAclV2\", {\n bucket: exampleBucketV2.id,\n acl: \"private\",\n});\nconst assumeRole = aws.iam.getPolicyDocument({\n statements: [{\n effect: \"Allow\",\n principals: [{\n type: \"Service\",\n identifiers: [\"codebuild.amazonaws.com\"],\n }],\n actions: [\"sts:AssumeRole\"],\n }],\n});\nconst exampleRole = new aws.iam.Role(\"exampleRole\", {assumeRolePolicy: assumeRole.then(assumeRole =\u003e assumeRole.json)});\nconst examplePolicyDocument = pulumi.all([exampleBucketV2.arn, exampleBucketV2.arn]).apply(([exampleBucketV2Arn, exampleBucketV2Arn1]) =\u003e aws.iam.getPolicyDocumentOutput({\n statements: [\n {\n effect: \"Allow\",\n actions: [\n \"logs:CreateLogGroup\",\n \"logs:CreateLogStream\",\n \"logs:PutLogEvents\",\n ],\n resources: [\"*\"],\n },\n {\n effect: \"Allow\",\n actions: [\n \"ec2:CreateNetworkInterface\",\n \"ec2:DescribeDhcpOptions\",\n \"ec2:DescribeNetworkInterfaces\",\n \"ec2:DeleteNetworkInterface\",\n \"ec2:DescribeSubnets\",\n \"ec2:DescribeSecurityGroups\",\n \"ec2:DescribeVpcs\",\n ],\n resources: [\"*\"],\n },\n {\n effect: \"Allow\",\n actions: [\"ec2:CreateNetworkInterfacePermission\"],\n resources: [\"arn:aws:ec2:us-east-1:123456789012:network-interface/*\"],\n conditions: [\n {\n test: \"StringEquals\",\n variable: \"ec2:Subnet\",\n values: [\n aws_subnet.example1.arn,\n aws_subnet.example2.arn,\n ],\n },\n {\n test: \"StringEquals\",\n variable: \"ec2:AuthorizedService\",\n values: [\"codebuild.amazonaws.com\"],\n },\n ],\n },\n {\n effect: \"Allow\",\n actions: [\"s3:*\"],\n resources: [\n exampleBucketV2Arn,\n `${exampleBucketV2Arn1}/*`,\n ],\n },\n ],\n}));\nconst exampleRolePolicy = new aws.iam.RolePolicy(\"exampleRolePolicy\", {\n role: exampleRole.name,\n policy: examplePolicyDocument.apply(examplePolicyDocument =\u003e examplePolicyDocument.json),\n});\nconst exampleProject = new aws.codebuild.Project(\"exampleProject\", {\n description: \"test_codebuild_project\",\n buildTimeout: 5,\n serviceRole: exampleRole.arn,\n artifacts: {\n type: \"NO_ARTIFACTS\",\n },\n cache: {\n type: \"S3\",\n location: exampleBucketV2.bucket,\n },\n environment: {\n computeType: \"BUILD_GENERAL1_SMALL\",\n image: \"aws/codebuild/amazonlinux2-x86_64-standard:4.0\",\n type: \"LINUX_CONTAINER\",\n imagePullCredentialsType: \"CODEBUILD\",\n environmentVariables: [\n {\n name: \"SOME_KEY1\",\n value: \"SOME_VALUE1\",\n },\n {\n name: \"SOME_KEY2\",\n value: \"SOME_VALUE2\",\n type: \"PARAMETER_STORE\",\n },\n ],\n },\n logsConfig: {\n cloudwatchLogs: {\n groupName: \"log-group\",\n streamName: \"log-stream\",\n },\n s3Logs: {\n status: \"ENABLED\",\n location: pulumi.interpolate`${exampleBucketV2.id}/build-log`,\n },\n },\n source: {\n type: \"GITHUB\",\n location: \"https://github.com/mitchellh/packer.git\",\n gitCloneDepth: 1,\n gitSubmodulesConfig: {\n fetchSubmodules: true,\n },\n },\n sourceVersion: \"master\",\n vpcConfig: {\n vpcId: aws_vpc.example.id,\n subnets: [\n aws_subnet.example1.id,\n aws_subnet.example2.id,\n ],\n securityGroupIds: [\n aws_security_group.example1.id,\n aws_security_group.example2.id,\n ],\n },\n tags: {\n Environment: \"Test\",\n },\n});\nconst project_with_cache = new aws.codebuild.Project(\"project-with-cache\", {\n description: \"test_codebuild_project_cache\",\n buildTimeout: 5,\n queuedTimeout: 5,\n serviceRole: exampleRole.arn,\n artifacts: {\n type: \"NO_ARTIFACTS\",\n },\n cache: {\n type: \"LOCAL\",\n modes: [\n \"LOCAL_DOCKER_LAYER_CACHE\",\n \"LOCAL_SOURCE_CACHE\",\n ],\n },\n environment: {\n computeType: \"BUILD_GENERAL1_SMALL\",\n image: \"aws/codebuild/amazonlinux2-x86_64-standard:4.0\",\n type: \"LINUX_CONTAINER\",\n imagePullCredentialsType: \"CODEBUILD\",\n environmentVariables: [{\n name: \"SOME_KEY1\",\n value: \"SOME_VALUE1\",\n }],\n },\n source: {\n type: \"GITHUB\",\n location: \"https://github.com/mitchellh/packer.git\",\n gitCloneDepth: 1,\n },\n tags: {\n Environment: \"Test\",\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nexample_bucket_v2 = aws.s3.BucketV2(\"exampleBucketV2\")\nexample_bucket_acl_v2 = aws.s3.BucketAclV2(\"exampleBucketAclV2\",\n bucket=example_bucket_v2.id,\n acl=\"private\")\nassume_role = aws.iam.get_policy_document(statements=[aws.iam.GetPolicyDocumentStatementArgs(\n effect=\"Allow\",\n principals=[aws.iam.GetPolicyDocumentStatementPrincipalArgs(\n type=\"Service\",\n identifiers=[\"codebuild.amazonaws.com\"],\n )],\n actions=[\"sts:AssumeRole\"],\n)])\nexample_role = aws.iam.Role(\"exampleRole\", assume_role_policy=assume_role.json)\nexample_policy_document = pulumi.Output.all(example_bucket_v2.arn, example_bucket_v2.arn).apply(lambda exampleBucketV2Arn, exampleBucketV2Arn1: aws.iam.get_policy_document_output(statements=[\n aws.iam.GetPolicyDocumentStatementArgs(\n effect=\"Allow\",\n actions=[\n \"logs:CreateLogGroup\",\n \"logs:CreateLogStream\",\n \"logs:PutLogEvents\",\n ],\n resources=[\"*\"],\n ),\n aws.iam.GetPolicyDocumentStatementArgs(\n effect=\"Allow\",\n actions=[\n \"ec2:CreateNetworkInterface\",\n \"ec2:DescribeDhcpOptions\",\n \"ec2:DescribeNetworkInterfaces\",\n \"ec2:DeleteNetworkInterface\",\n \"ec2:DescribeSubnets\",\n \"ec2:DescribeSecurityGroups\",\n \"ec2:DescribeVpcs\",\n ],\n resources=[\"*\"],\n ),\n aws.iam.GetPolicyDocumentStatementArgs(\n effect=\"Allow\",\n actions=[\"ec2:CreateNetworkInterfacePermission\"],\n resources=[\"arn:aws:ec2:us-east-1:123456789012:network-interface/*\"],\n conditions=[\n aws.iam.GetPolicyDocumentStatementConditionArgs(\n test=\"StringEquals\",\n variable=\"ec2:Subnet\",\n values=[\n aws_subnet[\"example1\"][\"arn\"],\n aws_subnet[\"example2\"][\"arn\"],\n ],\n ),\n aws.iam.GetPolicyDocumentStatementConditionArgs(\n test=\"StringEquals\",\n variable=\"ec2:AuthorizedService\",\n values=[\"codebuild.amazonaws.com\"],\n ),\n ],\n ),\n aws.iam.GetPolicyDocumentStatementArgs(\n effect=\"Allow\",\n actions=[\"s3:*\"],\n resources=[\n example_bucket_v2_arn,\n f\"{example_bucket_v2_arn1}/*\",\n ],\n ),\n]))\nexample_role_policy = aws.iam.RolePolicy(\"exampleRolePolicy\",\n role=example_role.name,\n policy=example_policy_document.json)\nexample_project = aws.codebuild.Project(\"exampleProject\",\n description=\"test_codebuild_project\",\n build_timeout=5,\n service_role=example_role.arn,\n artifacts=aws.codebuild.ProjectArtifactsArgs(\n type=\"NO_ARTIFACTS\",\n ),\n cache=aws.codebuild.ProjectCacheArgs(\n type=\"S3\",\n location=example_bucket_v2.bucket,\n ),\n environment=aws.codebuild.ProjectEnvironmentArgs(\n compute_type=\"BUILD_GENERAL1_SMALL\",\n image=\"aws/codebuild/amazonlinux2-x86_64-standard:4.0\",\n type=\"LINUX_CONTAINER\",\n image_pull_credentials_type=\"CODEBUILD\",\n environment_variables=[\n aws.codebuild.ProjectEnvironmentEnvironmentVariableArgs(\n name=\"SOME_KEY1\",\n value=\"SOME_VALUE1\",\n ),\n aws.codebuild.ProjectEnvironmentEnvironmentVariableArgs(\n name=\"SOME_KEY2\",\n value=\"SOME_VALUE2\",\n type=\"PARAMETER_STORE\",\n ),\n ],\n ),\n logs_config=aws.codebuild.ProjectLogsConfigArgs(\n cloudwatch_logs=aws.codebuild.ProjectLogsConfigCloudwatchLogsArgs(\n group_name=\"log-group\",\n stream_name=\"log-stream\",\n ),\n s3_logs=aws.codebuild.ProjectLogsConfigS3LogsArgs(\n status=\"ENABLED\",\n location=example_bucket_v2.id.apply(lambda id: f\"{id}/build-log\"),\n ),\n ),\n source=aws.codebuild.ProjectSourceArgs(\n type=\"GITHUB\",\n location=\"https://github.com/mitchellh/packer.git\",\n git_clone_depth=1,\n git_submodules_config=aws.codebuild.ProjectSourceGitSubmodulesConfigArgs(\n fetch_submodules=True,\n ),\n ),\n source_version=\"master\",\n vpc_config=aws.codebuild.ProjectVpcConfigArgs(\n vpc_id=aws_vpc[\"example\"][\"id\"],\n subnets=[\n aws_subnet[\"example1\"][\"id\"],\n aws_subnet[\"example2\"][\"id\"],\n ],\n security_group_ids=[\n aws_security_group[\"example1\"][\"id\"],\n aws_security_group[\"example2\"][\"id\"],\n ],\n ),\n tags={\n \"Environment\": \"Test\",\n })\nproject_with_cache = aws.codebuild.Project(\"project-with-cache\",\n description=\"test_codebuild_project_cache\",\n build_timeout=5,\n queued_timeout=5,\n service_role=example_role.arn,\n artifacts=aws.codebuild.ProjectArtifactsArgs(\n type=\"NO_ARTIFACTS\",\n ),\n cache=aws.codebuild.ProjectCacheArgs(\n type=\"LOCAL\",\n modes=[\n \"LOCAL_DOCKER_LAYER_CACHE\",\n \"LOCAL_SOURCE_CACHE\",\n ],\n ),\n environment=aws.codebuild.ProjectEnvironmentArgs(\n compute_type=\"BUILD_GENERAL1_SMALL\",\n image=\"aws/codebuild/amazonlinux2-x86_64-standard:4.0\",\n type=\"LINUX_CONTAINER\",\n image_pull_credentials_type=\"CODEBUILD\",\n environment_variables=[aws.codebuild.ProjectEnvironmentEnvironmentVariableArgs(\n name=\"SOME_KEY1\",\n value=\"SOME_VALUE1\",\n )],\n ),\n source=aws.codebuild.ProjectSourceArgs(\n type=\"GITHUB\",\n location=\"https://github.com/mitchellh/packer.git\",\n git_clone_depth=1,\n ),\n tags={\n \"Environment\": \"Test\",\n })\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var exampleBucketV2 = new Aws.S3.BucketV2(\"exampleBucketV2\");\n\n var exampleBucketAclV2 = new Aws.S3.BucketAclV2(\"exampleBucketAclV2\", new()\n {\n Bucket = exampleBucketV2.Id,\n Acl = \"private\",\n });\n\n var assumeRole = Aws.Iam.GetPolicyDocument.Invoke(new()\n {\n Statements = new[]\n {\n new Aws.Iam.Inputs.GetPolicyDocumentStatementInputArgs\n {\n Effect = \"Allow\",\n Principals = new[]\n {\n new Aws.Iam.Inputs.GetPolicyDocumentStatementPrincipalInputArgs\n {\n Type = \"Service\",\n Identifiers = new[]\n {\n \"codebuild.amazonaws.com\",\n },\n },\n },\n Actions = new[]\n {\n \"sts:AssumeRole\",\n },\n },\n },\n });\n\n var exampleRole = new Aws.Iam.Role(\"exampleRole\", new()\n {\n AssumeRolePolicy = assumeRole.Apply(getPolicyDocumentResult =\u003e getPolicyDocumentResult.Json),\n });\n\n var examplePolicyDocument = Aws.Iam.GetPolicyDocument.Invoke(new()\n {\n Statements = new[]\n {\n new Aws.Iam.Inputs.GetPolicyDocumentStatementInputArgs\n {\n Effect = \"Allow\",\n Actions = new[]\n {\n \"logs:CreateLogGroup\",\n \"logs:CreateLogStream\",\n \"logs:PutLogEvents\",\n },\n Resources = new[]\n {\n \"*\",\n },\n },\n new Aws.Iam.Inputs.GetPolicyDocumentStatementInputArgs\n {\n Effect = \"Allow\",\n Actions = new[]\n {\n \"ec2:CreateNetworkInterface\",\n \"ec2:DescribeDhcpOptions\",\n \"ec2:DescribeNetworkInterfaces\",\n \"ec2:DeleteNetworkInterface\",\n \"ec2:DescribeSubnets\",\n \"ec2:DescribeSecurityGroups\",\n \"ec2:DescribeVpcs\",\n },\n Resources = new[]\n {\n \"*\",\n },\n },\n new Aws.Iam.Inputs.GetPolicyDocumentStatementInputArgs\n {\n Effect = \"Allow\",\n Actions = new[]\n {\n \"ec2:CreateNetworkInterfacePermission\",\n },\n Resources = new[]\n {\n \"arn:aws:ec2:us-east-1:123456789012:network-interface/*\",\n },\n Conditions = new[]\n {\n new Aws.Iam.Inputs.GetPolicyDocumentStatementConditionInputArgs\n {\n Test = \"StringEquals\",\n Variable = \"ec2:Subnet\",\n Values = new[]\n {\n aws_subnet.Example1.Arn,\n aws_subnet.Example2.Arn,\n },\n },\n new Aws.Iam.Inputs.GetPolicyDocumentStatementConditionInputArgs\n {\n Test = \"StringEquals\",\n Variable = \"ec2:AuthorizedService\",\n Values = new[]\n {\n \"codebuild.amazonaws.com\",\n },\n },\n },\n },\n new Aws.Iam.Inputs.GetPolicyDocumentStatementInputArgs\n {\n Effect = \"Allow\",\n Actions = new[]\n {\n \"s3:*\",\n },\n Resources = new[]\n {\n exampleBucketV2.Arn,\n $\"{exampleBucketV2.Arn}/*\",\n },\n },\n },\n });\n\n var exampleRolePolicy = new Aws.Iam.RolePolicy(\"exampleRolePolicy\", new()\n {\n Role = exampleRole.Name,\n Policy = examplePolicyDocument.Apply(getPolicyDocumentResult =\u003e getPolicyDocumentResult.Json),\n });\n\n var exampleProject = new Aws.CodeBuild.Project(\"exampleProject\", new()\n {\n Description = \"test_codebuild_project\",\n BuildTimeout = 5,\n ServiceRole = exampleRole.Arn,\n Artifacts = new Aws.CodeBuild.Inputs.ProjectArtifactsArgs\n {\n Type = \"NO_ARTIFACTS\",\n },\n Cache = new Aws.CodeBuild.Inputs.ProjectCacheArgs\n {\n Type = \"S3\",\n Location = exampleBucketV2.Bucket,\n },\n Environment = new Aws.CodeBuild.Inputs.ProjectEnvironmentArgs\n {\n ComputeType = \"BUILD_GENERAL1_SMALL\",\n Image = \"aws/codebuild/amazonlinux2-x86_64-standard:4.0\",\n Type = \"LINUX_CONTAINER\",\n ImagePullCredentialsType = \"CODEBUILD\",\n EnvironmentVariables = new[]\n {\n new Aws.CodeBuild.Inputs.ProjectEnvironmentEnvironmentVariableArgs\n {\n Name = \"SOME_KEY1\",\n Value = \"SOME_VALUE1\",\n },\n new Aws.CodeBuild.Inputs.ProjectEnvironmentEnvironmentVariableArgs\n {\n Name = \"SOME_KEY2\",\n Value = \"SOME_VALUE2\",\n Type = \"PARAMETER_STORE\",\n },\n },\n },\n LogsConfig = new Aws.CodeBuild.Inputs.ProjectLogsConfigArgs\n {\n CloudwatchLogs = new Aws.CodeBuild.Inputs.ProjectLogsConfigCloudwatchLogsArgs\n {\n GroupName = \"log-group\",\n StreamName = \"log-stream\",\n },\n S3Logs = new Aws.CodeBuild.Inputs.ProjectLogsConfigS3LogsArgs\n {\n Status = \"ENABLED\",\n Location = exampleBucketV2.Id.Apply(id =\u003e $\"{id}/build-log\"),\n },\n },\n Source = new Aws.CodeBuild.Inputs.ProjectSourceArgs\n {\n Type = \"GITHUB\",\n Location = \"https://github.com/mitchellh/packer.git\",\n GitCloneDepth = 1,\n GitSubmodulesConfig = new Aws.CodeBuild.Inputs.ProjectSourceGitSubmodulesConfigArgs\n {\n FetchSubmodules = true,\n },\n },\n SourceVersion = \"master\",\n VpcConfig = new Aws.CodeBuild.Inputs.ProjectVpcConfigArgs\n {\n VpcId = aws_vpc.Example.Id,\n Subnets = new[]\n {\n aws_subnet.Example1.Id,\n aws_subnet.Example2.Id,\n },\n SecurityGroupIds = new[]\n {\n aws_security_group.Example1.Id,\n aws_security_group.Example2.Id,\n },\n },\n Tags = \n {\n { \"Environment\", \"Test\" },\n },\n });\n\n var project_with_cache = new Aws.CodeBuild.Project(\"project-with-cache\", new()\n {\n Description = \"test_codebuild_project_cache\",\n BuildTimeout = 5,\n QueuedTimeout = 5,\n ServiceRole = exampleRole.Arn,\n Artifacts = new Aws.CodeBuild.Inputs.ProjectArtifactsArgs\n {\n Type = \"NO_ARTIFACTS\",\n },\n Cache = new Aws.CodeBuild.Inputs.ProjectCacheArgs\n {\n Type = \"LOCAL\",\n Modes = new[]\n {\n \"LOCAL_DOCKER_LAYER_CACHE\",\n \"LOCAL_SOURCE_CACHE\",\n },\n },\n Environment = new Aws.CodeBuild.Inputs.ProjectEnvironmentArgs\n {\n ComputeType = \"BUILD_GENERAL1_SMALL\",\n Image = \"aws/codebuild/amazonlinux2-x86_64-standard:4.0\",\n Type = \"LINUX_CONTAINER\",\n ImagePullCredentialsType = \"CODEBUILD\",\n EnvironmentVariables = new[]\n {\n new Aws.CodeBuild.Inputs.ProjectEnvironmentEnvironmentVariableArgs\n {\n Name = \"SOME_KEY1\",\n Value = \"SOME_VALUE1\",\n },\n },\n },\n Source = new Aws.CodeBuild.Inputs.ProjectSourceArgs\n {\n Type = \"GITHUB\",\n Location = \"https://github.com/mitchellh/packer.git\",\n GitCloneDepth = 1,\n },\n Tags = \n {\n { \"Environment\", \"Test\" },\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"fmt\"\n\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/codebuild\"\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/iam\"\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/s3\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\nfunc main() {\npulumi.Run(func(ctx *pulumi.Context) error {\nexampleBucketV2, err := s3.NewBucketV2(ctx, \"exampleBucketV2\", nil)\nif err != nil {\nreturn err\n}\n_, err = s3.NewBucketAclV2(ctx, \"exampleBucketAclV2\", \u0026s3.BucketAclV2Args{\nBucket: exampleBucketV2.ID(),\nAcl: pulumi.String(\"private\"),\n})\nif err != nil {\nreturn err\n}\nassumeRole, err := iam.GetPolicyDocument(ctx, \u0026iam.GetPolicyDocumentArgs{\nStatements: []iam.GetPolicyDocumentStatement{\n{\nEffect: pulumi.StringRef(\"Allow\"),\nPrincipals: []iam.GetPolicyDocumentStatementPrincipal{\n{\nType: \"Service\",\nIdentifiers: []string{\n\"codebuild.amazonaws.com\",\n},\n},\n},\nActions: []string{\n\"sts:AssumeRole\",\n},\n},\n},\n}, nil);\nif err != nil {\nreturn err\n}\nexampleRole, err := iam.NewRole(ctx, \"exampleRole\", \u0026iam.RoleArgs{\nAssumeRolePolicy: *pulumi.String(assumeRole.Json),\n})\nif err != nil {\nreturn err\n}\nexamplePolicyDocument := pulumi.All(exampleBucketV2.Arn,exampleBucketV2.Arn).ApplyT(func(_args []interface{}) (iam.GetPolicyDocumentResult, error) {\nexampleBucketV2Arn := _args[0].(string)\nexampleBucketV2Arn1 := _args[1].(string)\nreturn iam.GetPolicyDocumentOutput(ctx, iam.GetPolicyDocumentOutputArgs{\nStatements: []iam.GetPolicyDocumentStatement{\n{\nEffect: \"Allow\",\nActions: []string{\n\"logs:CreateLogGroup\",\n\"logs:CreateLogStream\",\n\"logs:PutLogEvents\",\n},\nResources: []string{\n\"*\",\n},\n},\n{\nEffect: \"Allow\",\nActions: []string{\n\"ec2:CreateNetworkInterface\",\n\"ec2:DescribeDhcpOptions\",\n\"ec2:DescribeNetworkInterfaces\",\n\"ec2:DeleteNetworkInterface\",\n\"ec2:DescribeSubnets\",\n\"ec2:DescribeSecurityGroups\",\n\"ec2:DescribeVpcs\",\n},\nResources: []string{\n\"*\",\n},\n},\n{\nEffect: \"Allow\",\nActions: []string{\n\"ec2:CreateNetworkInterfacePermission\",\n},\nResources: []string{\n\"arn:aws:ec2:us-east-1:123456789012:network-interface/*\",\n},\nConditions: []iam.GetPolicyDocumentStatementCondition{\n{\nTest: \"StringEquals\",\nVariable: \"ec2:Subnet\",\nValues: interface{}{\naws_subnet.Example1.Arn,\naws_subnet.Example2.Arn,\n},\n},\n{\nTest: \"StringEquals\",\nVariable: \"ec2:AuthorizedService\",\nValues: []string{\n\"codebuild.amazonaws.com\",\n},\n},\n},\n},\n{\nEffect: \"Allow\",\nActions: []string{\n\"s3:*\",\n},\nResources: []string{\nexampleBucketV2Arn,\nfmt.Sprintf(\"%v/*\", exampleBucketV2Arn1),\n},\n},\n},\n}, nil), nil\n}).(iam.GetPolicyDocumentResultOutput)\n_, err = iam.NewRolePolicy(ctx, \"exampleRolePolicy\", \u0026iam.RolePolicyArgs{\nRole: exampleRole.Name,\nPolicy: examplePolicyDocument.ApplyT(func(examplePolicyDocument iam.GetPolicyDocumentResult) (*string, error) {\nreturn \u0026examplePolicyDocument.Json, nil\n}).(pulumi.StringPtrOutput),\n})\nif err != nil {\nreturn err\n}\n_, err = codebuild.NewProject(ctx, \"exampleProject\", \u0026codebuild.ProjectArgs{\nDescription: pulumi.String(\"test_codebuild_project\"),\nBuildTimeout: pulumi.Int(5),\nServiceRole: exampleRole.Arn,\nArtifacts: \u0026codebuild.ProjectArtifactsArgs{\nType: pulumi.String(\"NO_ARTIFACTS\"),\n},\nCache: \u0026codebuild.ProjectCacheArgs{\nType: pulumi.String(\"S3\"),\nLocation: exampleBucketV2.Bucket,\n},\nEnvironment: \u0026codebuild.ProjectEnvironmentArgs{\nComputeType: pulumi.String(\"BUILD_GENERAL1_SMALL\"),\nImage: pulumi.String(\"aws/codebuild/amazonlinux2-x86_64-standard:4.0\"),\nType: pulumi.String(\"LINUX_CONTAINER\"),\nImagePullCredentialsType: pulumi.String(\"CODEBUILD\"),\nEnvironmentVariables: codebuild.ProjectEnvironmentEnvironmentVariableArray{\n\u0026codebuild.ProjectEnvironmentEnvironmentVariableArgs{\nName: pulumi.String(\"SOME_KEY1\"),\nValue: pulumi.String(\"SOME_VALUE1\"),\n},\n\u0026codebuild.ProjectEnvironmentEnvironmentVariableArgs{\nName: pulumi.String(\"SOME_KEY2\"),\nValue: pulumi.String(\"SOME_VALUE2\"),\nType: pulumi.String(\"PARAMETER_STORE\"),\n},\n},\n},\nLogsConfig: \u0026codebuild.ProjectLogsConfigArgs{\nCloudwatchLogs: \u0026codebuild.ProjectLogsConfigCloudwatchLogsArgs{\nGroupName: pulumi.String(\"log-group\"),\nStreamName: pulumi.String(\"log-stream\"),\n},\nS3Logs: \u0026codebuild.ProjectLogsConfigS3LogsArgs{\nStatus: pulumi.String(\"ENABLED\"),\nLocation: exampleBucketV2.ID().ApplyT(func(id string) (string, error) {\nreturn fmt.Sprintf(\"%v/build-log\", id), nil\n}).(pulumi.StringOutput),\n},\n},\nSource: \u0026codebuild.ProjectSourceArgs{\nType: pulumi.String(\"GITHUB\"),\nLocation: pulumi.String(\"https://github.com/mitchellh/packer.git\"),\nGitCloneDepth: pulumi.Int(1),\nGitSubmodulesConfig: \u0026codebuild.ProjectSourceGitSubmodulesConfigArgs{\nFetchSubmodules: pulumi.Bool(true),\n},\n},\nSourceVersion: pulumi.String(\"master\"),\nVpcConfig: \u0026codebuild.ProjectVpcConfigArgs{\nVpcId: pulumi.Any(aws_vpc.Example.Id),\nSubnets: pulumi.StringArray{\naws_subnet.Example1.Id,\naws_subnet.Example2.Id,\n},\nSecurityGroupIds: pulumi.StringArray{\naws_security_group.Example1.Id,\naws_security_group.Example2.Id,\n},\n},\nTags: pulumi.StringMap{\n\"Environment\": pulumi.String(\"Test\"),\n},\n})\nif err != nil {\nreturn err\n}\n_, err = codebuild.NewProject(ctx, \"project-with-cache\", \u0026codebuild.ProjectArgs{\nDescription: pulumi.String(\"test_codebuild_project_cache\"),\nBuildTimeout: pulumi.Int(5),\nQueuedTimeout: pulumi.Int(5),\nServiceRole: exampleRole.Arn,\nArtifacts: \u0026codebuild.ProjectArtifactsArgs{\nType: pulumi.String(\"NO_ARTIFACTS\"),\n},\nCache: \u0026codebuild.ProjectCacheArgs{\nType: pulumi.String(\"LOCAL\"),\nModes: pulumi.StringArray{\npulumi.String(\"LOCAL_DOCKER_LAYER_CACHE\"),\npulumi.String(\"LOCAL_SOURCE_CACHE\"),\n},\n},\nEnvironment: \u0026codebuild.ProjectEnvironmentArgs{\nComputeType: pulumi.String(\"BUILD_GENERAL1_SMALL\"),\nImage: pulumi.String(\"aws/codebuild/amazonlinux2-x86_64-standard:4.0\"),\nType: pulumi.String(\"LINUX_CONTAINER\"),\nImagePullCredentialsType: pulumi.String(\"CODEBUILD\"),\nEnvironmentVariables: codebuild.ProjectEnvironmentEnvironmentVariableArray{\n\u0026codebuild.ProjectEnvironmentEnvironmentVariableArgs{\nName: pulumi.String(\"SOME_KEY1\"),\nValue: pulumi.String(\"SOME_VALUE1\"),\n},\n},\n},\nSource: \u0026codebuild.ProjectSourceArgs{\nType: pulumi.String(\"GITHUB\"),\nLocation: pulumi.String(\"https://github.com/mitchellh/packer.git\"),\nGitCloneDepth: pulumi.Int(1),\n},\nTags: pulumi.StringMap{\n\"Environment\": pulumi.String(\"Test\"),\n},\n})\nif err != nil {\nreturn err\n}\nreturn nil\n})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.aws.s3.BucketV2;\nimport com.pulumi.aws.s3.BucketAclV2;\nimport com.pulumi.aws.s3.BucketAclV2Args;\nimport com.pulumi.aws.iam.IamFunctions;\nimport com.pulumi.aws.iam.inputs.GetPolicyDocumentArgs;\nimport com.pulumi.aws.iam.Role;\nimport com.pulumi.aws.iam.RoleArgs;\nimport com.pulumi.aws.iam.RolePolicy;\nimport com.pulumi.aws.iam.RolePolicyArgs;\nimport com.pulumi.aws.codebuild.Project;\nimport com.pulumi.aws.codebuild.ProjectArgs;\nimport com.pulumi.aws.codebuild.inputs.ProjectArtifactsArgs;\nimport com.pulumi.aws.codebuild.inputs.ProjectCacheArgs;\nimport com.pulumi.aws.codebuild.inputs.ProjectEnvironmentArgs;\nimport com.pulumi.aws.codebuild.inputs.ProjectLogsConfigArgs;\nimport com.pulumi.aws.codebuild.inputs.ProjectLogsConfigCloudwatchLogsArgs;\nimport com.pulumi.aws.codebuild.inputs.ProjectLogsConfigS3LogsArgs;\nimport com.pulumi.aws.codebuild.inputs.ProjectSourceArgs;\nimport com.pulumi.aws.codebuild.inputs.ProjectSourceGitSubmodulesConfigArgs;\nimport com.pulumi.aws.codebuild.inputs.ProjectVpcConfigArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var exampleBucketV2 = new BucketV2(\"exampleBucketV2\");\n\n var exampleBucketAclV2 = new BucketAclV2(\"exampleBucketAclV2\", BucketAclV2Args.builder() \n .bucket(exampleBucketV2.id())\n .acl(\"private\")\n .build());\n\n final var assumeRole = IamFunctions.getPolicyDocument(GetPolicyDocumentArgs.builder()\n .statements(GetPolicyDocumentStatementArgs.builder()\n .effect(\"Allow\")\n .principals(GetPolicyDocumentStatementPrincipalArgs.builder()\n .type(\"Service\")\n .identifiers(\"codebuild.amazonaws.com\")\n .build())\n .actions(\"sts:AssumeRole\")\n .build())\n .build());\n\n var exampleRole = new Role(\"exampleRole\", RoleArgs.builder() \n .assumeRolePolicy(assumeRole.applyValue(getPolicyDocumentResult -\u003e getPolicyDocumentResult.json()))\n .build());\n\n final var examplePolicyDocument = IamFunctions.getPolicyDocument(GetPolicyDocumentArgs.builder()\n .statements( \n GetPolicyDocumentStatementArgs.builder()\n .effect(\"Allow\")\n .actions( \n \"logs:CreateLogGroup\",\n \"logs:CreateLogStream\",\n \"logs:PutLogEvents\")\n .resources(\"*\")\n .build(),\n GetPolicyDocumentStatementArgs.builder()\n .effect(\"Allow\")\n .actions( \n \"ec2:CreateNetworkInterface\",\n \"ec2:DescribeDhcpOptions\",\n \"ec2:DescribeNetworkInterfaces\",\n \"ec2:DeleteNetworkInterface\",\n \"ec2:DescribeSubnets\",\n \"ec2:DescribeSecurityGroups\",\n \"ec2:DescribeVpcs\")\n .resources(\"*\")\n .build(),\n GetPolicyDocumentStatementArgs.builder()\n .effect(\"Allow\")\n .actions(\"ec2:CreateNetworkInterfacePermission\")\n .resources(\"arn:aws:ec2:us-east-1:123456789012:network-interface/*\")\n .conditions( \n GetPolicyDocumentStatementConditionArgs.builder()\n .test(\"StringEquals\")\n .variable(\"ec2:Subnet\")\n .values( \n aws_subnet.example1().arn(),\n aws_subnet.example2().arn())\n .build(),\n GetPolicyDocumentStatementConditionArgs.builder()\n .test(\"StringEquals\")\n .variable(\"ec2:AuthorizedService\")\n .values(\"codebuild.amazonaws.com\")\n .build())\n .build(),\n GetPolicyDocumentStatementArgs.builder()\n .effect(\"Allow\")\n .actions(\"s3:*\")\n .resources( \n exampleBucketV2.arn(),\n exampleBucketV2.arn().applyValue(arn -\u003e String.format(\"%s/*\", arn)))\n .build())\n .build());\n\n var exampleRolePolicy = new RolePolicy(\"exampleRolePolicy\", RolePolicyArgs.builder() \n .role(exampleRole.name())\n .policy(examplePolicyDocument.applyValue(getPolicyDocumentResult -\u003e getPolicyDocumentResult).applyValue(examplePolicyDocument -\u003e examplePolicyDocument.applyValue(getPolicyDocumentResult -\u003e getPolicyDocumentResult.json())))\n .build());\n\n var exampleProject = new Project(\"exampleProject\", ProjectArgs.builder() \n .description(\"test_codebuild_project\")\n .buildTimeout(\"5\")\n .serviceRole(exampleRole.arn())\n .artifacts(ProjectArtifactsArgs.builder()\n .type(\"NO_ARTIFACTS\")\n .build())\n .cache(ProjectCacheArgs.builder()\n .type(\"S3\")\n .location(exampleBucketV2.bucket())\n .build())\n .environment(ProjectEnvironmentArgs.builder()\n .computeType(\"BUILD_GENERAL1_SMALL\")\n .image(\"aws/codebuild/amazonlinux2-x86_64-standard:4.0\")\n .type(\"LINUX_CONTAINER\")\n .imagePullCredentialsType(\"CODEBUILD\")\n .environmentVariables( \n ProjectEnvironmentEnvironmentVariableArgs.builder()\n .name(\"SOME_KEY1\")\n .value(\"SOME_VALUE1\")\n .build(),\n ProjectEnvironmentEnvironmentVariableArgs.builder()\n .name(\"SOME_KEY2\")\n .value(\"SOME_VALUE2\")\n .type(\"PARAMETER_STORE\")\n .build())\n .build())\n .logsConfig(ProjectLogsConfigArgs.builder()\n .cloudwatchLogs(ProjectLogsConfigCloudwatchLogsArgs.builder()\n .groupName(\"log-group\")\n .streamName(\"log-stream\")\n .build())\n .s3Logs(ProjectLogsConfigS3LogsArgs.builder()\n .status(\"ENABLED\")\n .location(exampleBucketV2.id().applyValue(id -\u003e String.format(\"%s/build-log\", id)))\n .build())\n .build())\n .source(ProjectSourceArgs.builder()\n .type(\"GITHUB\")\n .location(\"https://github.com/mitchellh/packer.git\")\n .gitCloneDepth(1)\n .gitSubmodulesConfig(ProjectSourceGitSubmodulesConfigArgs.builder()\n .fetchSubmodules(true)\n .build())\n .build())\n .sourceVersion(\"master\")\n .vpcConfig(ProjectVpcConfigArgs.builder()\n .vpcId(aws_vpc.example().id())\n .subnets( \n aws_subnet.example1().id(),\n aws_subnet.example2().id())\n .securityGroupIds( \n aws_security_group.example1().id(),\n aws_security_group.example2().id())\n .build())\n .tags(Map.of(\"Environment\", \"Test\"))\n .build());\n\n var project_with_cache = new Project(\"project-with-cache\", ProjectArgs.builder() \n .description(\"test_codebuild_project_cache\")\n .buildTimeout(\"5\")\n .queuedTimeout(\"5\")\n .serviceRole(exampleRole.arn())\n .artifacts(ProjectArtifactsArgs.builder()\n .type(\"NO_ARTIFACTS\")\n .build())\n .cache(ProjectCacheArgs.builder()\n .type(\"LOCAL\")\n .modes( \n \"LOCAL_DOCKER_LAYER_CACHE\",\n \"LOCAL_SOURCE_CACHE\")\n .build())\n .environment(ProjectEnvironmentArgs.builder()\n .computeType(\"BUILD_GENERAL1_SMALL\")\n .image(\"aws/codebuild/amazonlinux2-x86_64-standard:4.0\")\n .type(\"LINUX_CONTAINER\")\n .imagePullCredentialsType(\"CODEBUILD\")\n .environmentVariables(ProjectEnvironmentEnvironmentVariableArgs.builder()\n .name(\"SOME_KEY1\")\n .value(\"SOME_VALUE1\")\n .build())\n .build())\n .source(ProjectSourceArgs.builder()\n .type(\"GITHUB\")\n .location(\"https://github.com/mitchellh/packer.git\")\n .gitCloneDepth(1)\n .build())\n .tags(Map.of(\"Environment\", \"Test\"))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n exampleBucketV2:\n type: aws:s3:BucketV2\n exampleBucketAclV2:\n type: aws:s3:BucketAclV2\n properties:\n bucket: ${exampleBucketV2.id}\n acl: private\n exampleRole:\n type: aws:iam:Role\n properties:\n assumeRolePolicy: ${assumeRole.json}\n exampleRolePolicy:\n type: aws:iam:RolePolicy\n properties:\n role: ${exampleRole.name}\n policy: ${examplePolicyDocument.json}\n exampleProject:\n type: aws:codebuild:Project\n properties:\n description: test_codebuild_project\n buildTimeout: '5'\n serviceRole: ${exampleRole.arn}\n artifacts:\n type: NO_ARTIFACTS\n cache:\n type: S3\n location: ${exampleBucketV2.bucket}\n environment:\n computeType: BUILD_GENERAL1_SMALL\n image: aws/codebuild/amazonlinux2-x86_64-standard:4.0\n type: LINUX_CONTAINER\n imagePullCredentialsType: CODEBUILD\n environmentVariables:\n - name: SOME_KEY1\n value: SOME_VALUE1\n - name: SOME_KEY2\n value: SOME_VALUE2\n type: PARAMETER_STORE\n logsConfig:\n cloudwatchLogs:\n groupName: log-group\n streamName: log-stream\n s3Logs:\n status: ENABLED\n location: ${exampleBucketV2.id}/build-log\n source:\n type: GITHUB\n location: https://github.com/mitchellh/packer.git\n gitCloneDepth: 1\n gitSubmodulesConfig:\n fetchSubmodules: true\n sourceVersion: master\n vpcConfig:\n vpcId: ${aws_vpc.example.id}\n subnets:\n - ${aws_subnet.example1.id}\n - ${aws_subnet.example2.id}\n securityGroupIds:\n - ${aws_security_group.example1.id}\n - ${aws_security_group.example2.id}\n tags:\n Environment: Test\n project-with-cache:\n type: aws:codebuild:Project\n properties:\n description: test_codebuild_project_cache\n buildTimeout: '5'\n queuedTimeout: '5'\n serviceRole: ${exampleRole.arn}\n artifacts:\n type: NO_ARTIFACTS\n cache:\n type: LOCAL\n modes:\n - LOCAL_DOCKER_LAYER_CACHE\n - LOCAL_SOURCE_CACHE\n environment:\n computeType: BUILD_GENERAL1_SMALL\n image: aws/codebuild/amazonlinux2-x86_64-standard:4.0\n type: LINUX_CONTAINER\n imagePullCredentialsType: CODEBUILD\n environmentVariables:\n - name: SOME_KEY1\n value: SOME_VALUE1\n source:\n type: GITHUB\n location: https://github.com/mitchellh/packer.git\n gitCloneDepth: 1\n tags:\n Environment: Test\nvariables:\n assumeRole:\n fn::invoke:\n Function: aws:iam:getPolicyDocument\n Arguments:\n statements:\n - effect: Allow\n principals:\n - type: Service\n identifiers:\n - codebuild.amazonaws.com\n actions:\n - sts:AssumeRole\n examplePolicyDocument:\n fn::invoke:\n Function: aws:iam:getPolicyDocument\n Arguments:\n statements:\n - effect: Allow\n actions:\n - logs:CreateLogGroup\n - logs:CreateLogStream\n - logs:PutLogEvents\n resources:\n - '*'\n - effect: Allow\n actions:\n - ec2:CreateNetworkInterface\n - ec2:DescribeDhcpOptions\n - ec2:DescribeNetworkInterfaces\n - ec2:DeleteNetworkInterface\n - ec2:DescribeSubnets\n - ec2:DescribeSecurityGroups\n - ec2:DescribeVpcs\n resources:\n - '*'\n - effect: Allow\n actions:\n - ec2:CreateNetworkInterfacePermission\n resources:\n - arn:aws:ec2:us-east-1:123456789012:network-interface/*\n conditions:\n - test: StringEquals\n variable: ec2:Subnet\n values:\n - ${aws_subnet.example1.arn}\n - ${aws_subnet.example2.arn}\n - test: StringEquals\n variable: ec2:AuthorizedService\n values:\n - codebuild.amazonaws.com\n - effect: Allow\n actions:\n - s3:*\n resources:\n - ${exampleBucketV2.arn}\n - ${exampleBucketV2.arn}/*\n```\n{{% /example %}}\n{{% /examples %}}\n\n## Import\n\nterraform import {\n\n to = aws_codebuild_project.name\n\n id = \"project-name\" } Using `pulumi import`, import CodeBuild Project using the `name`. For exampleconsole % pulumi import aws_codebuild_project.name project-name ", "properties": { "arn": { "type": "string", @@ -154954,7 +154951,7 @@ } }, "aws:codestarnotifications/notificationRule:NotificationRule": { - "description": "Provides a CodeStar Notifications Rule.\n\n{{% examples %}}\n## Example Usage\n{{% example %}}\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst code = new aws.codecommit.Repository(\"code\", {repositoryName: \"example-code-repo\"});\nconst notif = new aws.sns.Topic(\"notif\", {});\nconst notifAccess = notif.arn.apply(arn =\u003e aws.iam.getPolicyDocumentOutput({\n statements: [{\n actions: [\"sns:Publish\"],\n principals: [{\n type: \"Service\",\n identifiers: [\"codestar-notifications.amazonaws.com\"],\n }],\n resources: [arn],\n }],\n}));\nconst _default = new aws.sns.TopicPolicy(\"default\", {\n arn: notif.arn,\n policy: notifAccess.apply(notifAccess =\u003e notifAccess.json),\n});\nconst commits = new aws.codestarnotifications.NotificationRule(\"commits\", {\n detailType: \"BASIC\",\n eventTypeIds: [\"codecommit-repository-comments-on-commits\"],\n resource: code.arn,\n targets: [{\n address: notif.arn,\n }],\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\ncode = aws.codecommit.Repository(\"code\", repository_name=\"example-code-repo\")\nnotif = aws.sns.Topic(\"notif\")\nnotif_access = notif.arn.apply(lambda arn: aws.iam.get_policy_document_output(statements=[aws.iam.GetPolicyDocumentStatementArgs(\n actions=[\"sns:Publish\"],\n principals=[aws.iam.GetPolicyDocumentStatementPrincipalArgs(\n type=\"Service\",\n identifiers=[\"codestar-notifications.amazonaws.com\"],\n )],\n resources=[arn],\n)]))\ndefault = aws.sns.TopicPolicy(\"default\",\n arn=notif.arn,\n policy=notif_access.json)\ncommits = aws.codestarnotifications.NotificationRule(\"commits\",\n detail_type=\"BASIC\",\n event_type_ids=[\"codecommit-repository-comments-on-commits\"],\n resource=code.arn,\n targets=[aws.codestarnotifications.NotificationRuleTargetArgs(\n address=notif.arn,\n )])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var code = new Aws.CodeCommit.Repository(\"code\", new()\n {\n RepositoryName = \"example-code-repo\",\n });\n\n var notif = new Aws.Sns.Topic(\"notif\");\n\n var notifAccess = Aws.Iam.GetPolicyDocument.Invoke(new()\n {\n Statements = new[]\n {\n new Aws.Iam.Inputs.GetPolicyDocumentStatementInputArgs\n {\n Actions = new[]\n {\n \"sns:Publish\",\n },\n Principals = new[]\n {\n new Aws.Iam.Inputs.GetPolicyDocumentStatementPrincipalInputArgs\n {\n Type = \"Service\",\n Identifiers = new[]\n {\n \"codestar-notifications.amazonaws.com\",\n },\n },\n },\n Resources = new[]\n {\n notif.Arn,\n },\n },\n },\n });\n\n var @default = new Aws.Sns.TopicPolicy(\"default\", new()\n {\n Arn = notif.Arn,\n Policy = notifAccess.Apply(getPolicyDocumentResult =\u003e getPolicyDocumentResult.Json),\n });\n\n var commits = new Aws.CodeStarNotifications.NotificationRule(\"commits\", new()\n {\n DetailType = \"BASIC\",\n EventTypeIds = new[]\n {\n \"codecommit-repository-comments-on-commits\",\n },\n Resource = code.Arn,\n Targets = new[]\n {\n new Aws.CodeStarNotifications.Inputs.NotificationRuleTargetArgs\n {\n Address = notif.Arn,\n },\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\n\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/codecommit\"\n\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/codestarnotifications\"\n\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/iam\"\n\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/sns\"\n)\nfunc main() {\npulumi.Run(func(ctx *pulumi.Context) error {\ncode, err := codecommit.NewRepository(ctx, \"code\", \u0026codecommit.RepositoryArgs{\nRepositoryName: pulumi.String(\"example-code-repo\"),\n})\nif err != nil {\nreturn err\n}\nnotif, err := sns.NewTopic(ctx, \"notif\", nil)\nif err != nil {\nreturn err\n}\nnotifAccess := notif.Arn.ApplyT(func(arn string) (iam.GetPolicyDocumentResult, error) {\nreturn iam.GetPolicyDocumentOutput(ctx, iam.GetPolicyDocumentOutputArgs{\nStatements: []iam.GetPolicyDocumentStatement{\n{\nActions: []string{\n\"sns:Publish\",\n},\nPrincipals: []iam.GetPolicyDocumentStatementPrincipal{\n{\nType: \"Service\",\nIdentifiers: []string{\n\"codestar-notifications.amazonaws.com\",\n},\n},\n},\nResources: interface{}{\narn,\n},\n},\n},\n}, nil), nil\n}).(iam.GetPolicyDocumentResultOutput)\n_, err = sns.NewTopicPolicy(ctx, \"default\", \u0026sns.TopicPolicyArgs{\nArn: notif.Arn,\nPolicy: notifAccess.ApplyT(func(notifAccess iam.GetPolicyDocumentResult) (*string, error) {\nreturn \u0026notifAccess.Json, nil\n}).(pulumi.StringPtrOutput),\n})\nif err != nil {\nreturn err\n}\n_, err = codestarnotifications.NewNotificationRule(ctx, \"commits\", \u0026codestarnotifications.NotificationRuleArgs{\nDetailType: pulumi.String(\"BASIC\"),\nEventTypeIds: pulumi.StringArray{\npulumi.String(\"codecommit-repository-comments-on-commits\"),\n},\nResource: code.Arn,\nTargets: codestarnotifications.NotificationRuleTargetArray{\n\u0026codestarnotifications.NotificationRuleTargetArgs{\nAddress: notif.Arn,\n},\n},\n})\nif err != nil {\nreturn err\n}\nreturn nil\n})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.aws.codecommit.Repository;\nimport com.pulumi.aws.codecommit.RepositoryArgs;\nimport com.pulumi.aws.sns.Topic;\nimport com.pulumi.aws.iam.IamFunctions;\nimport com.pulumi.aws.iam.inputs.GetPolicyDocumentArgs;\nimport com.pulumi.aws.sns.TopicPolicy;\nimport com.pulumi.aws.sns.TopicPolicyArgs;\nimport com.pulumi.aws.codestarnotifications.NotificationRule;\nimport com.pulumi.aws.codestarnotifications.NotificationRuleArgs;\nimport com.pulumi.aws.codestarnotifications.inputs.NotificationRuleTargetArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var code = new Repository(\"code\", RepositoryArgs.builder() \n .repositoryName(\"example-code-repo\")\n .build());\n\n var notif = new Topic(\"notif\");\n\n final var notifAccess = IamFunctions.getPolicyDocument(GetPolicyDocumentArgs.builder()\n .statements(GetPolicyDocumentStatementArgs.builder()\n .actions(\"sns:Publish\")\n .principals(GetPolicyDocumentStatementPrincipalArgs.builder()\n .type(\"Service\")\n .identifiers(\"codestar-notifications.amazonaws.com\")\n .build())\n .resources(notif.arn())\n .build())\n .build());\n\n var default_ = new TopicPolicy(\"default\", TopicPolicyArgs.builder() \n .arn(notif.arn())\n .policy(notifAccess.applyValue(getPolicyDocumentResult -\u003e getPolicyDocumentResult).applyValue(notifAccess -\u003e notifAccess.applyValue(getPolicyDocumentResult -\u003e getPolicyDocumentResult.json())))\n .build());\n\n var commits = new NotificationRule(\"commits\", NotificationRuleArgs.builder() \n .detailType(\"BASIC\")\n .eventTypeIds(\"codecommit-repository-comments-on-commits\")\n .resource(code.arn())\n .targets(NotificationRuleTargetArgs.builder()\n .address(notif.arn())\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n code:\n type: aws:codecommit:Repository\n properties:\n repositoryName: example-code-repo\n notif:\n type: aws:sns:Topic\n default:\n type: aws:sns:TopicPolicy\n properties:\n arn: ${notif.arn}\n policy: ${notifAccess.json}\n commits:\n type: aws:codestarnotifications:NotificationRule\n properties:\n detailType: BASIC\n eventTypeIds:\n - codecommit-repository-comments-on-commits\n resource: ${code.arn}\n targets:\n - address: ${notif.arn}\nvariables:\n notifAccess:\n fn::invoke:\n Function: aws:iam:getPolicyDocument\n Arguments:\n statements:\n - actions:\n - sns:Publish\n principals:\n - type: Service\n identifiers:\n - codestar-notifications.amazonaws.com\n resources:\n - ${notif.arn}\n```\n{{% /example %}}\n{{% /examples %}}\n\n## Import\n\nterraform import {\n\n to = aws_codestarnotifications_notification_rule.foo\n\n id = \"arn:aws:codestar-notifications:us-west-1:0123456789:notificationrule/2cdc68a3-8f7c-4893-b6a5-45b362bd4f2b\" } Using `pulumi import`, import CodeStar notification rule using the ARN. For exampleconsole % pulumi import aws_codestarnotifications_notification_rule.foo arn:aws:codestar-notifications:us-west-1:0123456789:notificationrule/2cdc68a3-8f7c-4893-b6a5-45b362bd4f2b ", + "description": "Provides a CodeStar Notifications Rule.\n\n{{% examples %}}\n## Example Usage\n{{% example %}}\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst code = new aws.codecommit.Repository(\"code\", {repositoryName: \"example-code-repo\"});\nconst notif = new aws.sns.Topic(\"notif\", {});\nconst notifAccess = notif.arn.apply(arn =\u003e aws.iam.getPolicyDocumentOutput({\n statements: [{\n actions: [\"sns:Publish\"],\n principals: [{\n type: \"Service\",\n identifiers: [\"codestar-notifications.amazonaws.com\"],\n }],\n resources: [arn],\n }],\n}));\nconst _default = new aws.sns.TopicPolicy(\"default\", {\n arn: notif.arn,\n policy: notifAccess.apply(notifAccess =\u003e notifAccess.json),\n});\nconst commits = new aws.codestarnotifications.NotificationRule(\"commits\", {\n detailType: \"BASIC\",\n eventTypeIds: [\"codecommit-repository-comments-on-commits\"],\n resource: code.arn,\n targets: [{\n address: notif.arn,\n }],\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\ncode = aws.codecommit.Repository(\"code\", repository_name=\"example-code-repo\")\nnotif = aws.sns.Topic(\"notif\")\nnotif_access = notif.arn.apply(lambda arn: aws.iam.get_policy_document_output(statements=[aws.iam.GetPolicyDocumentStatementArgs(\n actions=[\"sns:Publish\"],\n principals=[aws.iam.GetPolicyDocumentStatementPrincipalArgs(\n type=\"Service\",\n identifiers=[\"codestar-notifications.amazonaws.com\"],\n )],\n resources=[arn],\n)]))\ndefault = aws.sns.TopicPolicy(\"default\",\n arn=notif.arn,\n policy=notif_access.json)\ncommits = aws.codestarnotifications.NotificationRule(\"commits\",\n detail_type=\"BASIC\",\n event_type_ids=[\"codecommit-repository-comments-on-commits\"],\n resource=code.arn,\n targets=[aws.codestarnotifications.NotificationRuleTargetArgs(\n address=notif.arn,\n )])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var code = new Aws.CodeCommit.Repository(\"code\", new()\n {\n RepositoryName = \"example-code-repo\",\n });\n\n var notif = new Aws.Sns.Topic(\"notif\");\n\n var notifAccess = Aws.Iam.GetPolicyDocument.Invoke(new()\n {\n Statements = new[]\n {\n new Aws.Iam.Inputs.GetPolicyDocumentStatementInputArgs\n {\n Actions = new[]\n {\n \"sns:Publish\",\n },\n Principals = new[]\n {\n new Aws.Iam.Inputs.GetPolicyDocumentStatementPrincipalInputArgs\n {\n Type = \"Service\",\n Identifiers = new[]\n {\n \"codestar-notifications.amazonaws.com\",\n },\n },\n },\n Resources = new[]\n {\n notif.Arn,\n },\n },\n },\n });\n\n var @default = new Aws.Sns.TopicPolicy(\"default\", new()\n {\n Arn = notif.Arn,\n Policy = notifAccess.Apply(getPolicyDocumentResult =\u003e getPolicyDocumentResult.Json),\n });\n\n var commits = new Aws.CodeStarNotifications.NotificationRule(\"commits\", new()\n {\n DetailType = \"BASIC\",\n EventTypeIds = new[]\n {\n \"codecommit-repository-comments-on-commits\",\n },\n Resource = code.Arn,\n Targets = new[]\n {\n new Aws.CodeStarNotifications.Inputs.NotificationRuleTargetArgs\n {\n Address = notif.Arn,\n },\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/codecommit\"\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/codestarnotifications\"\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/iam\"\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/sns\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\nfunc main() {\npulumi.Run(func(ctx *pulumi.Context) error {\ncode, err := codecommit.NewRepository(ctx, \"code\", \u0026codecommit.RepositoryArgs{\nRepositoryName: pulumi.String(\"example-code-repo\"),\n})\nif err != nil {\nreturn err\n}\nnotif, err := sns.NewTopic(ctx, \"notif\", nil)\nif err != nil {\nreturn err\n}\nnotifAccess := notif.Arn.ApplyT(func(arn string) (iam.GetPolicyDocumentResult, error) {\nreturn iam.GetPolicyDocumentOutput(ctx, iam.GetPolicyDocumentOutputArgs{\nStatements: []iam.GetPolicyDocumentStatement{\n{\nActions: []string{\n\"sns:Publish\",\n},\nPrincipals: []iam.GetPolicyDocumentStatementPrincipal{\n{\nType: \"Service\",\nIdentifiers: []string{\n\"codestar-notifications.amazonaws.com\",\n},\n},\n},\nResources: interface{}{\narn,\n},\n},\n},\n}, nil), nil\n}).(iam.GetPolicyDocumentResultOutput)\n_, err = sns.NewTopicPolicy(ctx, \"default\", \u0026sns.TopicPolicyArgs{\nArn: notif.Arn,\nPolicy: notifAccess.ApplyT(func(notifAccess iam.GetPolicyDocumentResult) (*string, error) {\nreturn \u0026notifAccess.Json, nil\n}).(pulumi.StringPtrOutput),\n})\nif err != nil {\nreturn err\n}\n_, err = codestarnotifications.NewNotificationRule(ctx, \"commits\", \u0026codestarnotifications.NotificationRuleArgs{\nDetailType: pulumi.String(\"BASIC\"),\nEventTypeIds: pulumi.StringArray{\npulumi.String(\"codecommit-repository-comments-on-commits\"),\n},\nResource: code.Arn,\nTargets: codestarnotifications.NotificationRuleTargetArray{\n\u0026codestarnotifications.NotificationRuleTargetArgs{\nAddress: notif.Arn,\n},\n},\n})\nif err != nil {\nreturn err\n}\nreturn nil\n})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.aws.codecommit.Repository;\nimport com.pulumi.aws.codecommit.RepositoryArgs;\nimport com.pulumi.aws.sns.Topic;\nimport com.pulumi.aws.iam.IamFunctions;\nimport com.pulumi.aws.iam.inputs.GetPolicyDocumentArgs;\nimport com.pulumi.aws.sns.TopicPolicy;\nimport com.pulumi.aws.sns.TopicPolicyArgs;\nimport com.pulumi.aws.codestarnotifications.NotificationRule;\nimport com.pulumi.aws.codestarnotifications.NotificationRuleArgs;\nimport com.pulumi.aws.codestarnotifications.inputs.NotificationRuleTargetArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var code = new Repository(\"code\", RepositoryArgs.builder() \n .repositoryName(\"example-code-repo\")\n .build());\n\n var notif = new Topic(\"notif\");\n\n final var notifAccess = IamFunctions.getPolicyDocument(GetPolicyDocumentArgs.builder()\n .statements(GetPolicyDocumentStatementArgs.builder()\n .actions(\"sns:Publish\")\n .principals(GetPolicyDocumentStatementPrincipalArgs.builder()\n .type(\"Service\")\n .identifiers(\"codestar-notifications.amazonaws.com\")\n .build())\n .resources(notif.arn())\n .build())\n .build());\n\n var default_ = new TopicPolicy(\"default\", TopicPolicyArgs.builder() \n .arn(notif.arn())\n .policy(notifAccess.applyValue(getPolicyDocumentResult -\u003e getPolicyDocumentResult).applyValue(notifAccess -\u003e notifAccess.applyValue(getPolicyDocumentResult -\u003e getPolicyDocumentResult.json())))\n .build());\n\n var commits = new NotificationRule(\"commits\", NotificationRuleArgs.builder() \n .detailType(\"BASIC\")\n .eventTypeIds(\"codecommit-repository-comments-on-commits\")\n .resource(code.arn())\n .targets(NotificationRuleTargetArgs.builder()\n .address(notif.arn())\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n code:\n type: aws:codecommit:Repository\n properties:\n repositoryName: example-code-repo\n notif:\n type: aws:sns:Topic\n default:\n type: aws:sns:TopicPolicy\n properties:\n arn: ${notif.arn}\n policy: ${notifAccess.json}\n commits:\n type: aws:codestarnotifications:NotificationRule\n properties:\n detailType: BASIC\n eventTypeIds:\n - codecommit-repository-comments-on-commits\n resource: ${code.arn}\n targets:\n - address: ${notif.arn}\nvariables:\n notifAccess:\n fn::invoke:\n Function: aws:iam:getPolicyDocument\n Arguments:\n statements:\n - actions:\n - sns:Publish\n principals:\n - type: Service\n identifiers:\n - codestar-notifications.amazonaws.com\n resources:\n - ${notif.arn}\n```\n{{% /example %}}\n{{% /examples %}}\n\n## Import\n\nterraform import {\n\n to = aws_codestarnotifications_notification_rule.foo\n\n id = \"arn:aws:codestar-notifications:us-west-1:0123456789:notificationrule/2cdc68a3-8f7c-4893-b6a5-45b362bd4f2b\" } Using `pulumi import`, import CodeStar notification rule using the ARN. For exampleconsole % pulumi import aws_codestarnotifications_notification_rule.foo arn:aws:codestar-notifications:us-west-1:0123456789:notificationrule/2cdc68a3-8f7c-4893-b6a5-45b362bd4f2b ", "properties": { "arn": { "type": "string", @@ -168127,7 +168124,7 @@ } }, "aws:directoryservice/sharedDirectory:SharedDirectory": { - "description": "Manages a directory in your account (directory owner) shared with another account (directory consumer).\n\n{{% examples %}}\n## Example Usage\n{{% example %}}\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst exampleDirectory = new aws.directoryservice.Directory(\"exampleDirectory\", {\n name: \"tf-example\",\n password: \"SuperSecretPassw0rd\",\n type: \"MicrosoftAD\",\n edition: \"Standard\",\n vpcSettings: {\n vpcId: aws_vpc.example.id,\n subnetIds: aws_subnet.example.map(__item =\u003e __item.id),\n },\n});\nconst exampleSharedDirectory = new aws.directoryservice.SharedDirectory(\"exampleSharedDirectory\", {\n directoryId: exampleDirectory.id,\n notes: \"You wanna have a catch?\",\n target: {\n id: data.aws_caller_identity.receiver.account_id,\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nexample_directory = aws.directoryservice.Directory(\"exampleDirectory\",\n name=\"tf-example\",\n password=\"SuperSecretPassw0rd\",\n type=\"MicrosoftAD\",\n edition=\"Standard\",\n vpc_settings=aws.directoryservice.DirectoryVpcSettingsArgs(\n vpc_id=aws_vpc[\"example\"][\"id\"],\n subnet_ids=[__item[\"id\"] for __item in aws_subnet[\"example\"]],\n ))\nexample_shared_directory = aws.directoryservice.SharedDirectory(\"exampleSharedDirectory\",\n directory_id=example_directory.id,\n notes=\"You wanna have a catch?\",\n target=aws.directoryservice.SharedDirectoryTargetArgs(\n id=data[\"aws_caller_identity\"][\"receiver\"][\"account_id\"],\n ))\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var exampleDirectory = new Aws.DirectoryService.Directory(\"exampleDirectory\", new()\n {\n Name = \"tf-example\",\n Password = \"SuperSecretPassw0rd\",\n Type = \"MicrosoftAD\",\n Edition = \"Standard\",\n VpcSettings = new Aws.DirectoryService.Inputs.DirectoryVpcSettingsArgs\n {\n VpcId = aws_vpc.Example.Id,\n SubnetIds = aws_subnet.Example.Select(__item =\u003e __item.Id).ToList(),\n },\n });\n\n var exampleSharedDirectory = new Aws.DirectoryService.SharedDirectory(\"exampleSharedDirectory\", new()\n {\n DirectoryId = exampleDirectory.Id,\n Notes = \"You wanna have a catch?\",\n Target = new Aws.DirectoryService.Inputs.SharedDirectoryTargetArgs\n {\n Id = data.Aws_caller_identity.Receiver.Account_id,\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\n\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/directoryservice\"\n)\nfunc main() {\npulumi.Run(func(ctx *pulumi.Context) error {\nexampleDirectory, err := directoryservice.NewDirectory(ctx, \"exampleDirectory\", \u0026directoryservice.DirectoryArgs{\nName: pulumi.String(\"tf-example\"),\nPassword: pulumi.String(\"SuperSecretPassw0rd\"),\nType: pulumi.String(\"MicrosoftAD\"),\nEdition: pulumi.String(\"Standard\"),\nVpcSettings: \u0026directoryservice.DirectoryVpcSettingsArgs{\nVpcId: pulumi.Any(aws_vpc.Example.Id),\nSubnetIds: %!v(PANIC=Format method: fatal: A failure has occurred: unlowered splat expression @ #-resources-aws:directoryservice-sharedDirectory:SharedDirectory.pp:7,17-41),\n},\n})\nif err != nil {\nreturn err\n}\n_, err = directoryservice.NewSharedDirectory(ctx, \"exampleSharedDirectory\", \u0026directoryservice.SharedDirectoryArgs{\nDirectoryId: exampleDirectory.ID(),\nNotes: pulumi.String(\"You wanna have a catch?\"),\nTarget: \u0026directoryservice.SharedDirectoryTargetArgs{\nId: pulumi.Any(data.Aws_caller_identity.Receiver.Account_id),\n},\n})\nif err != nil {\nreturn err\n}\nreturn nil\n})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.aws.directoryservice.Directory;\nimport com.pulumi.aws.directoryservice.DirectoryArgs;\nimport com.pulumi.aws.directoryservice.inputs.DirectoryVpcSettingsArgs;\nimport com.pulumi.aws.directoryservice.SharedDirectory;\nimport com.pulumi.aws.directoryservice.SharedDirectoryArgs;\nimport com.pulumi.aws.directoryservice.inputs.SharedDirectoryTargetArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var exampleDirectory = new Directory(\"exampleDirectory\", DirectoryArgs.builder() \n .name(\"tf-example\")\n .password(\"SuperSecretPassw0rd\")\n .type(\"MicrosoftAD\")\n .edition(\"Standard\")\n .vpcSettings(DirectoryVpcSettingsArgs.builder()\n .vpcId(aws_vpc.example().id())\n .subnetIds(aws_subnet.example().stream().map(element -\u003e element.id()).collect(toList()))\n .build())\n .build());\n\n var exampleSharedDirectory = new SharedDirectory(\"exampleSharedDirectory\", SharedDirectoryArgs.builder() \n .directoryId(exampleDirectory.id())\n .notes(\"You wanna have a catch?\")\n .target(SharedDirectoryTargetArgs.builder()\n .id(data.aws_caller_identity().receiver().account_id())\n .build())\n .build());\n\n }\n}\n```\n{{% /example %}}\n{{% /examples %}}\n\n## Import\n\nterraform import {\n\n to = aws_directory_service_shared_directory.example\n\n id = \"d-1234567890/d-9267633ece\" } Using `pulumi import`, import Directory Service Shared Directories using the owner directory ID/shared directory ID. For exampleconsole % pulumi import aws_directory_service_shared_directory.example d-1234567890/d-9267633ece ", + "description": "Manages a directory in your account (directory owner) shared with another account (directory consumer).\n\n{{% examples %}}\n## Example Usage\n{{% example %}}\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst exampleDirectory = new aws.directoryservice.Directory(\"exampleDirectory\", {\n name: \"tf-example\",\n password: \"SuperSecretPassw0rd\",\n type: \"MicrosoftAD\",\n edition: \"Standard\",\n vpcSettings: {\n vpcId: aws_vpc.example.id,\n subnetIds: aws_subnet.example.map(__item =\u003e __item.id),\n },\n});\nconst exampleSharedDirectory = new aws.directoryservice.SharedDirectory(\"exampleSharedDirectory\", {\n directoryId: exampleDirectory.id,\n notes: \"You wanna have a catch?\",\n target: {\n id: data.aws_caller_identity.receiver.account_id,\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nexample_directory = aws.directoryservice.Directory(\"exampleDirectory\",\n name=\"tf-example\",\n password=\"SuperSecretPassw0rd\",\n type=\"MicrosoftAD\",\n edition=\"Standard\",\n vpc_settings=aws.directoryservice.DirectoryVpcSettingsArgs(\n vpc_id=aws_vpc[\"example\"][\"id\"],\n subnet_ids=[__item[\"id\"] for __item in aws_subnet[\"example\"]],\n ))\nexample_shared_directory = aws.directoryservice.SharedDirectory(\"exampleSharedDirectory\",\n directory_id=example_directory.id,\n notes=\"You wanna have a catch?\",\n target=aws.directoryservice.SharedDirectoryTargetArgs(\n id=data[\"aws_caller_identity\"][\"receiver\"][\"account_id\"],\n ))\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var exampleDirectory = new Aws.DirectoryService.Directory(\"exampleDirectory\", new()\n {\n Name = \"tf-example\",\n Password = \"SuperSecretPassw0rd\",\n Type = \"MicrosoftAD\",\n Edition = \"Standard\",\n VpcSettings = new Aws.DirectoryService.Inputs.DirectoryVpcSettingsArgs\n {\n VpcId = aws_vpc.Example.Id,\n SubnetIds = aws_subnet.Example.Select(__item =\u003e __item.Id).ToList(),\n },\n });\n\n var exampleSharedDirectory = new Aws.DirectoryService.SharedDirectory(\"exampleSharedDirectory\", new()\n {\n DirectoryId = exampleDirectory.Id,\n Notes = \"You wanna have a catch?\",\n Target = new Aws.DirectoryService.Inputs.SharedDirectoryTargetArgs\n {\n Id = data.Aws_caller_identity.Receiver.Account_id,\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/directoryservice\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\nfunc main() {\npulumi.Run(func(ctx *pulumi.Context) error {\nexampleDirectory, err := directoryservice.NewDirectory(ctx, \"exampleDirectory\", \u0026directoryservice.DirectoryArgs{\nName: pulumi.String(\"tf-example\"),\nPassword: pulumi.String(\"SuperSecretPassw0rd\"),\nType: pulumi.String(\"MicrosoftAD\"),\nEdition: pulumi.String(\"Standard\"),\nVpcSettings: \u0026directoryservice.DirectoryVpcSettingsArgs{\nVpcId: pulumi.Any(aws_vpc.Example.Id),\nSubnetIds: %!v(PANIC=Format method: fatal: A failure has occurred: unlowered splat expression @ #-resources-aws:directoryservice-sharedDirectory:SharedDirectory.pp:7,17-41),\n},\n})\nif err != nil {\nreturn err\n}\n_, err = directoryservice.NewSharedDirectory(ctx, \"exampleSharedDirectory\", \u0026directoryservice.SharedDirectoryArgs{\nDirectoryId: exampleDirectory.ID(),\nNotes: pulumi.String(\"You wanna have a catch?\"),\nTarget: \u0026directoryservice.SharedDirectoryTargetArgs{\nId: pulumi.Any(data.Aws_caller_identity.Receiver.Account_id),\n},\n})\nif err != nil {\nreturn err\n}\nreturn nil\n})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.aws.directoryservice.Directory;\nimport com.pulumi.aws.directoryservice.DirectoryArgs;\nimport com.pulumi.aws.directoryservice.inputs.DirectoryVpcSettingsArgs;\nimport com.pulumi.aws.directoryservice.SharedDirectory;\nimport com.pulumi.aws.directoryservice.SharedDirectoryArgs;\nimport com.pulumi.aws.directoryservice.inputs.SharedDirectoryTargetArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var exampleDirectory = new Directory(\"exampleDirectory\", DirectoryArgs.builder() \n .name(\"tf-example\")\n .password(\"SuperSecretPassw0rd\")\n .type(\"MicrosoftAD\")\n .edition(\"Standard\")\n .vpcSettings(DirectoryVpcSettingsArgs.builder()\n .vpcId(aws_vpc.example().id())\n .subnetIds(aws_subnet.example().stream().map(element -\u003e element.id()).collect(toList()))\n .build())\n .build());\n\n var exampleSharedDirectory = new SharedDirectory(\"exampleSharedDirectory\", SharedDirectoryArgs.builder() \n .directoryId(exampleDirectory.id())\n .notes(\"You wanna have a catch?\")\n .target(SharedDirectoryTargetArgs.builder()\n .id(data.aws_caller_identity().receiver().account_id())\n .build())\n .build());\n\n }\n}\n```\n{{% /example %}}\n{{% /examples %}}\n\n## Import\n\nterraform import {\n\n to = aws_directory_service_shared_directory.example\n\n id = \"d-1234567890/d-9267633ece\" } Using `pulumi import`, import Directory Service Shared Directories using the owner directory ID/shared directory ID. For exampleconsole % pulumi import aws_directory_service_shared_directory.example d-1234567890/d-9267633ece ", "properties": { "directoryId": { "type": "string", @@ -182924,7 +182921,7 @@ } }, "aws:ec2/spotFleetRequest:SpotFleetRequest": { - "description": "Provides an EC2 Spot Fleet Request resource. This allows a fleet of Spot\ninstances to be requested on the Spot market.\n\n\u003e **NOTE [AWS strongly discourages](https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/spot-best-practices.html#which-spot-request-method-to-use) the use of the legacy APIs called by this resource.\nWe recommend using the EC2 Fleet or Auto Scaling Group resources instead.\n\n{{% examples %}}\n## Example Usage\n{{% example %}}\n### Using launch specifications\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\n// Request a Spot fleet\nconst cheapCompute = new aws.ec2.SpotFleetRequest(\"cheapCompute\", {\n iamFleetRole: \"arn:aws:iam::12345678:role/spot-fleet\",\n spotPrice: \"0.03\",\n allocationStrategy: \"diversified\",\n targetCapacity: 6,\n validUntil: \"2019-11-04T20:44:20Z\",\n launchSpecifications: [\n {\n instanceType: \"m4.10xlarge\",\n ami: \"ami-1234\",\n spotPrice: \"2.793\",\n placementTenancy: \"dedicated\",\n iamInstanceProfileArn: aws_iam_instance_profile.example.arn,\n },\n {\n instanceType: \"m4.4xlarge\",\n ami: \"ami-5678\",\n keyName: \"my-key\",\n spotPrice: \"1.117\",\n iamInstanceProfileArn: aws_iam_instance_profile.example.arn,\n availabilityZone: \"us-west-1a\",\n subnetId: \"subnet-1234\",\n weightedCapacity: \"35\",\n rootBlockDevices: [{\n volumeSize: 300,\n volumeType: \"gp2\",\n }],\n tags: {\n Name: \"spot-fleet-example\",\n },\n },\n ],\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\n# Request a Spot fleet\ncheap_compute = aws.ec2.SpotFleetRequest(\"cheapCompute\",\n iam_fleet_role=\"arn:aws:iam::12345678:role/spot-fleet\",\n spot_price=\"0.03\",\n allocation_strategy=\"diversified\",\n target_capacity=6,\n valid_until=\"2019-11-04T20:44:20Z\",\n launch_specifications=[\n aws.ec2.SpotFleetRequestLaunchSpecificationArgs(\n instance_type=\"m4.10xlarge\",\n ami=\"ami-1234\",\n spot_price=\"2.793\",\n placement_tenancy=\"dedicated\",\n iam_instance_profile_arn=aws_iam_instance_profile[\"example\"][\"arn\"],\n ),\n aws.ec2.SpotFleetRequestLaunchSpecificationArgs(\n instance_type=\"m4.4xlarge\",\n ami=\"ami-5678\",\n key_name=\"my-key\",\n spot_price=\"1.117\",\n iam_instance_profile_arn=aws_iam_instance_profile[\"example\"][\"arn\"],\n availability_zone=\"us-west-1a\",\n subnet_id=\"subnet-1234\",\n weighted_capacity=\"35\",\n root_block_devices=[aws.ec2.SpotFleetRequestLaunchSpecificationRootBlockDeviceArgs(\n volume_size=300,\n volume_type=\"gp2\",\n )],\n tags={\n \"Name\": \"spot-fleet-example\",\n },\n ),\n ])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n // Request a Spot fleet\n var cheapCompute = new Aws.Ec2.SpotFleetRequest(\"cheapCompute\", new()\n {\n IamFleetRole = \"arn:aws:iam::12345678:role/spot-fleet\",\n SpotPrice = \"0.03\",\n AllocationStrategy = \"diversified\",\n TargetCapacity = 6,\n ValidUntil = \"2019-11-04T20:44:20Z\",\n LaunchSpecifications = new[]\n {\n new Aws.Ec2.Inputs.SpotFleetRequestLaunchSpecificationArgs\n {\n InstanceType = \"m4.10xlarge\",\n Ami = \"ami-1234\",\n SpotPrice = \"2.793\",\n PlacementTenancy = \"dedicated\",\n IamInstanceProfileArn = aws_iam_instance_profile.Example.Arn,\n },\n new Aws.Ec2.Inputs.SpotFleetRequestLaunchSpecificationArgs\n {\n InstanceType = \"m4.4xlarge\",\n Ami = \"ami-5678\",\n KeyName = \"my-key\",\n SpotPrice = \"1.117\",\n IamInstanceProfileArn = aws_iam_instance_profile.Example.Arn,\n AvailabilityZone = \"us-west-1a\",\n SubnetId = \"subnet-1234\",\n WeightedCapacity = \"35\",\n RootBlockDevices = new[]\n {\n new Aws.Ec2.Inputs.SpotFleetRequestLaunchSpecificationRootBlockDeviceArgs\n {\n VolumeSize = 300,\n VolumeType = \"gp2\",\n },\n },\n Tags = \n {\n { \"Name\", \"spot-fleet-example\" },\n },\n },\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/ec2\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := ec2.NewSpotFleetRequest(ctx, \"cheapCompute\", \u0026ec2.SpotFleetRequestArgs{\n\t\t\tIamFleetRole: pulumi.String(\"arn:aws:iam::12345678:role/spot-fleet\"),\n\t\t\tSpotPrice: pulumi.String(\"0.03\"),\n\t\t\tAllocationStrategy: pulumi.String(\"diversified\"),\n\t\t\tTargetCapacity: pulumi.Int(6),\n\t\t\tValidUntil: pulumi.String(\"2019-11-04T20:44:20Z\"),\n\t\t\tLaunchSpecifications: ec2.SpotFleetRequestLaunchSpecificationArray{\n\t\t\t\t\u0026ec2.SpotFleetRequestLaunchSpecificationArgs{\n\t\t\t\t\tInstanceType: pulumi.String(\"m4.10xlarge\"),\n\t\t\t\t\tAmi: pulumi.String(\"ami-1234\"),\n\t\t\t\t\tSpotPrice: pulumi.String(\"2.793\"),\n\t\t\t\t\tPlacementTenancy: pulumi.String(\"dedicated\"),\n\t\t\t\t\tIamInstanceProfileArn: pulumi.Any(aws_iam_instance_profile.Example.Arn),\n\t\t\t\t},\n\t\t\t\t\u0026ec2.SpotFleetRequestLaunchSpecificationArgs{\n\t\t\t\t\tInstanceType: pulumi.String(\"m4.4xlarge\"),\n\t\t\t\t\tAmi: pulumi.String(\"ami-5678\"),\n\t\t\t\t\tKeyName: pulumi.String(\"my-key\"),\n\t\t\t\t\tSpotPrice: pulumi.String(\"1.117\"),\n\t\t\t\t\tIamInstanceProfileArn: pulumi.Any(aws_iam_instance_profile.Example.Arn),\n\t\t\t\t\tAvailabilityZone: pulumi.String(\"us-west-1a\"),\n\t\t\t\t\tSubnetId: pulumi.String(\"subnet-1234\"),\n\t\t\t\t\tWeightedCapacity: pulumi.String(\"35\"),\n\t\t\t\t\tRootBlockDevices: ec2.SpotFleetRequestLaunchSpecificationRootBlockDeviceArray{\n\t\t\t\t\t\t\u0026ec2.SpotFleetRequestLaunchSpecificationRootBlockDeviceArgs{\n\t\t\t\t\t\t\tVolumeSize: pulumi.Int(300),\n\t\t\t\t\t\t\tVolumeType: pulumi.String(\"gp2\"),\n\t\t\t\t\t\t},\n\t\t\t\t\t},\n\t\t\t\t\tTags: pulumi.StringMap{\n\t\t\t\t\t\t\"Name\": pulumi.String(\"spot-fleet-example\"),\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.aws.ec2.SpotFleetRequest;\nimport com.pulumi.aws.ec2.SpotFleetRequestArgs;\nimport com.pulumi.aws.ec2.inputs.SpotFleetRequestLaunchSpecificationArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var cheapCompute = new SpotFleetRequest(\"cheapCompute\", SpotFleetRequestArgs.builder() \n .iamFleetRole(\"arn:aws:iam::12345678:role/spot-fleet\")\n .spotPrice(\"0.03\")\n .allocationStrategy(\"diversified\")\n .targetCapacity(6)\n .validUntil(\"2019-11-04T20:44:20Z\")\n .launchSpecifications( \n SpotFleetRequestLaunchSpecificationArgs.builder()\n .instanceType(\"m4.10xlarge\")\n .ami(\"ami-1234\")\n .spotPrice(\"2.793\")\n .placementTenancy(\"dedicated\")\n .iamInstanceProfileArn(aws_iam_instance_profile.example().arn())\n .build(),\n SpotFleetRequestLaunchSpecificationArgs.builder()\n .instanceType(\"m4.4xlarge\")\n .ami(\"ami-5678\")\n .keyName(\"my-key\")\n .spotPrice(\"1.117\")\n .iamInstanceProfileArn(aws_iam_instance_profile.example().arn())\n .availabilityZone(\"us-west-1a\")\n .subnetId(\"subnet-1234\")\n .weightedCapacity(35)\n .rootBlockDevices(SpotFleetRequestLaunchSpecificationRootBlockDeviceArgs.builder()\n .volumeSize(\"300\")\n .volumeType(\"gp2\")\n .build())\n .tags(Map.of(\"Name\", \"spot-fleet-example\"))\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n # Request a Spot fleet\n cheapCompute:\n type: aws:ec2:SpotFleetRequest\n properties:\n iamFleetRole: arn:aws:iam::12345678:role/spot-fleet\n spotPrice: '0.03'\n allocationStrategy: diversified\n targetCapacity: 6\n validUntil: 2019-11-04T20:44:20Z\n launchSpecifications:\n - instanceType: m4.10xlarge\n ami: ami-1234\n spotPrice: '2.793'\n placementTenancy: dedicated\n iamInstanceProfileArn: ${aws_iam_instance_profile.example.arn}\n - instanceType: m4.4xlarge\n ami: ami-5678\n keyName: my-key\n spotPrice: '1.117'\n iamInstanceProfileArn: ${aws_iam_instance_profile.example.arn}\n availabilityZone: us-west-1a\n subnetId: subnet-1234\n weightedCapacity: 35\n rootBlockDevices:\n - volumeSize: '300'\n volumeType: gp2\n tags:\n Name: spot-fleet-example\n```\n{{% /example %}}\n{{% example %}}\n### Using launch templates\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst fooLaunchTemplate = new aws.ec2.LaunchTemplate(\"fooLaunchTemplate\", {\n imageId: \"ami-516b9131\",\n instanceType: \"m1.small\",\n keyName: \"some-key\",\n});\nconst fooSpotFleetRequest = new aws.ec2.SpotFleetRequest(\"fooSpotFleetRequest\", {\n iamFleetRole: \"arn:aws:iam::12345678:role/spot-fleet\",\n spotPrice: \"0.005\",\n targetCapacity: 2,\n validUntil: \"2019-11-04T20:44:20Z\",\n launchTemplateConfigs: [{\n launchTemplateSpecification: {\n id: fooLaunchTemplate.id,\n version: fooLaunchTemplate.latestVersion,\n },\n }],\n}, {\n dependsOn: [aws_iam_policy_attachment[\"test-attach\"]],\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nfoo_launch_template = aws.ec2.LaunchTemplate(\"fooLaunchTemplate\",\n image_id=\"ami-516b9131\",\n instance_type=\"m1.small\",\n key_name=\"some-key\")\nfoo_spot_fleet_request = aws.ec2.SpotFleetRequest(\"fooSpotFleetRequest\",\n iam_fleet_role=\"arn:aws:iam::12345678:role/spot-fleet\",\n spot_price=\"0.005\",\n target_capacity=2,\n valid_until=\"2019-11-04T20:44:20Z\",\n launch_template_configs=[aws.ec2.SpotFleetRequestLaunchTemplateConfigArgs(\n launch_template_specification=aws.ec2.SpotFleetRequestLaunchTemplateConfigLaunchTemplateSpecificationArgs(\n id=foo_launch_template.id,\n version=foo_launch_template.latest_version,\n ),\n )],\n opts=pulumi.ResourceOptions(depends_on=[aws_iam_policy_attachment[\"test-attach\"]]))\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var fooLaunchTemplate = new Aws.Ec2.LaunchTemplate(\"fooLaunchTemplate\", new()\n {\n ImageId = \"ami-516b9131\",\n InstanceType = \"m1.small\",\n KeyName = \"some-key\",\n });\n\n var fooSpotFleetRequest = new Aws.Ec2.SpotFleetRequest(\"fooSpotFleetRequest\", new()\n {\n IamFleetRole = \"arn:aws:iam::12345678:role/spot-fleet\",\n SpotPrice = \"0.005\",\n TargetCapacity = 2,\n ValidUntil = \"2019-11-04T20:44:20Z\",\n LaunchTemplateConfigs = new[]\n {\n new Aws.Ec2.Inputs.SpotFleetRequestLaunchTemplateConfigArgs\n {\n LaunchTemplateSpecification = new Aws.Ec2.Inputs.SpotFleetRequestLaunchTemplateConfigLaunchTemplateSpecificationArgs\n {\n Id = fooLaunchTemplate.Id,\n Version = fooLaunchTemplate.LatestVersion,\n },\n },\n },\n }, new CustomResourceOptions\n {\n DependsOn = new[]\n {\n aws_iam_policy_attachment.Test_attach,\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/ec2\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tfooLaunchTemplate, err := ec2.NewLaunchTemplate(ctx, \"fooLaunchTemplate\", \u0026ec2.LaunchTemplateArgs{\n\t\t\tImageId: pulumi.String(\"ami-516b9131\"),\n\t\t\tInstanceType: pulumi.String(\"m1.small\"),\n\t\t\tKeyName: pulumi.String(\"some-key\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = ec2.NewSpotFleetRequest(ctx, \"fooSpotFleetRequest\", \u0026ec2.SpotFleetRequestArgs{\n\t\t\tIamFleetRole: pulumi.String(\"arn:aws:iam::12345678:role/spot-fleet\"),\n\t\t\tSpotPrice: pulumi.String(\"0.005\"),\n\t\t\tTargetCapacity: pulumi.Int(2),\n\t\t\tValidUntil: pulumi.String(\"2019-11-04T20:44:20Z\"),\n\t\t\tLaunchTemplateConfigs: ec2.SpotFleetRequestLaunchTemplateConfigArray{\n\t\t\t\t\u0026ec2.SpotFleetRequestLaunchTemplateConfigArgs{\n\t\t\t\t\tLaunchTemplateSpecification: \u0026ec2.SpotFleetRequestLaunchTemplateConfigLaunchTemplateSpecificationArgs{\n\t\t\t\t\t\tId: fooLaunchTemplate.ID(),\n\t\t\t\t\t\tVersion: fooLaunchTemplate.LatestVersion,\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, pulumi.DependsOn([]pulumi.Resource{\n\t\t\taws_iam_policy_attachment.TestAttach,\n\t\t}))\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.aws.ec2.LaunchTemplate;\nimport com.pulumi.aws.ec2.LaunchTemplateArgs;\nimport com.pulumi.aws.ec2.SpotFleetRequest;\nimport com.pulumi.aws.ec2.SpotFleetRequestArgs;\nimport com.pulumi.aws.ec2.inputs.SpotFleetRequestLaunchTemplateConfigArgs;\nimport com.pulumi.aws.ec2.inputs.SpotFleetRequestLaunchTemplateConfigLaunchTemplateSpecificationArgs;\nimport com.pulumi.resources.CustomResourceOptions;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var fooLaunchTemplate = new LaunchTemplate(\"fooLaunchTemplate\", LaunchTemplateArgs.builder() \n .imageId(\"ami-516b9131\")\n .instanceType(\"m1.small\")\n .keyName(\"some-key\")\n .build());\n\n var fooSpotFleetRequest = new SpotFleetRequest(\"fooSpotFleetRequest\", SpotFleetRequestArgs.builder() \n .iamFleetRole(\"arn:aws:iam::12345678:role/spot-fleet\")\n .spotPrice(\"0.005\")\n .targetCapacity(2)\n .validUntil(\"2019-11-04T20:44:20Z\")\n .launchTemplateConfigs(SpotFleetRequestLaunchTemplateConfigArgs.builder()\n .launchTemplateSpecification(SpotFleetRequestLaunchTemplateConfigLaunchTemplateSpecificationArgs.builder()\n .id(fooLaunchTemplate.id())\n .version(fooLaunchTemplate.latestVersion())\n .build())\n .build())\n .build(), CustomResourceOptions.builder()\n .dependsOn(aws_iam_policy_attachment.test-attach())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n fooLaunchTemplate:\n type: aws:ec2:LaunchTemplate\n properties:\n imageId: ami-516b9131\n instanceType: m1.small\n keyName: some-key\n fooSpotFleetRequest:\n type: aws:ec2:SpotFleetRequest\n properties:\n iamFleetRole: arn:aws:iam::12345678:role/spot-fleet\n spotPrice: '0.005'\n targetCapacity: 2\n validUntil: 2019-11-04T20:44:20Z\n launchTemplateConfigs:\n - launchTemplateSpecification:\n id: ${fooLaunchTemplate.id}\n version: ${fooLaunchTemplate.latestVersion}\n options:\n dependson:\n - ${aws_iam_policy_attachment\"test-attach\"[%!s(MISSING)]}\n```\n\n\u003e **NOTE:** This provider does not support the functionality where multiple `subnet_id` or `availability_zone` parameters can be specified in the same\nlaunch configuration block. If you want to specify multiple values, then separate launch configuration blocks should be used or launch template overrides should be configured, one per subnet:\n{{% /example %}}\n{{% example %}}\n### Using multiple launch specifications\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst foo = new aws.ec2.SpotFleetRequest(\"foo\", {\n iamFleetRole: \"arn:aws:iam::12345678:role/spot-fleet\",\n launchSpecifications: [\n {\n ami: \"ami-d06a90b0\",\n availabilityZone: \"us-west-2a\",\n instanceType: \"m1.small\",\n keyName: \"my-key\",\n },\n {\n ami: \"ami-d06a90b0\",\n availabilityZone: \"us-west-2a\",\n instanceType: \"m5.large\",\n keyName: \"my-key\",\n },\n ],\n spotPrice: \"0.005\",\n targetCapacity: 2,\n validUntil: \"2019-11-04T20:44:20Z\",\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nfoo = aws.ec2.SpotFleetRequest(\"foo\",\n iam_fleet_role=\"arn:aws:iam::12345678:role/spot-fleet\",\n launch_specifications=[\n aws.ec2.SpotFleetRequestLaunchSpecificationArgs(\n ami=\"ami-d06a90b0\",\n availability_zone=\"us-west-2a\",\n instance_type=\"m1.small\",\n key_name=\"my-key\",\n ),\n aws.ec2.SpotFleetRequestLaunchSpecificationArgs(\n ami=\"ami-d06a90b0\",\n availability_zone=\"us-west-2a\",\n instance_type=\"m5.large\",\n key_name=\"my-key\",\n ),\n ],\n spot_price=\"0.005\",\n target_capacity=2,\n valid_until=\"2019-11-04T20:44:20Z\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var foo = new Aws.Ec2.SpotFleetRequest(\"foo\", new()\n {\n IamFleetRole = \"arn:aws:iam::12345678:role/spot-fleet\",\n LaunchSpecifications = new[]\n {\n new Aws.Ec2.Inputs.SpotFleetRequestLaunchSpecificationArgs\n {\n Ami = \"ami-d06a90b0\",\n AvailabilityZone = \"us-west-2a\",\n InstanceType = \"m1.small\",\n KeyName = \"my-key\",\n },\n new Aws.Ec2.Inputs.SpotFleetRequestLaunchSpecificationArgs\n {\n Ami = \"ami-d06a90b0\",\n AvailabilityZone = \"us-west-2a\",\n InstanceType = \"m5.large\",\n KeyName = \"my-key\",\n },\n },\n SpotPrice = \"0.005\",\n TargetCapacity = 2,\n ValidUntil = \"2019-11-04T20:44:20Z\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/ec2\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := ec2.NewSpotFleetRequest(ctx, \"foo\", \u0026ec2.SpotFleetRequestArgs{\n\t\t\tIamFleetRole: pulumi.String(\"arn:aws:iam::12345678:role/spot-fleet\"),\n\t\t\tLaunchSpecifications: ec2.SpotFleetRequestLaunchSpecificationArray{\n\t\t\t\t\u0026ec2.SpotFleetRequestLaunchSpecificationArgs{\n\t\t\t\t\tAmi: pulumi.String(\"ami-d06a90b0\"),\n\t\t\t\t\tAvailabilityZone: pulumi.String(\"us-west-2a\"),\n\t\t\t\t\tInstanceType: pulumi.String(\"m1.small\"),\n\t\t\t\t\tKeyName: pulumi.String(\"my-key\"),\n\t\t\t\t},\n\t\t\t\t\u0026ec2.SpotFleetRequestLaunchSpecificationArgs{\n\t\t\t\t\tAmi: pulumi.String(\"ami-d06a90b0\"),\n\t\t\t\t\tAvailabilityZone: pulumi.String(\"us-west-2a\"),\n\t\t\t\t\tInstanceType: pulumi.String(\"m5.large\"),\n\t\t\t\t\tKeyName: pulumi.String(\"my-key\"),\n\t\t\t\t},\n\t\t\t},\n\t\t\tSpotPrice: pulumi.String(\"0.005\"),\n\t\t\tTargetCapacity: pulumi.Int(2),\n\t\t\tValidUntil: pulumi.String(\"2019-11-04T20:44:20Z\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.aws.ec2.SpotFleetRequest;\nimport com.pulumi.aws.ec2.SpotFleetRequestArgs;\nimport com.pulumi.aws.ec2.inputs.SpotFleetRequestLaunchSpecificationArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var foo = new SpotFleetRequest(\"foo\", SpotFleetRequestArgs.builder() \n .iamFleetRole(\"arn:aws:iam::12345678:role/spot-fleet\")\n .launchSpecifications( \n SpotFleetRequestLaunchSpecificationArgs.builder()\n .ami(\"ami-d06a90b0\")\n .availabilityZone(\"us-west-2a\")\n .instanceType(\"m1.small\")\n .keyName(\"my-key\")\n .build(),\n SpotFleetRequestLaunchSpecificationArgs.builder()\n .ami(\"ami-d06a90b0\")\n .availabilityZone(\"us-west-2a\")\n .instanceType(\"m5.large\")\n .keyName(\"my-key\")\n .build())\n .spotPrice(\"0.005\")\n .targetCapacity(2)\n .validUntil(\"2019-11-04T20:44:20Z\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n foo:\n type: aws:ec2:SpotFleetRequest\n properties:\n iamFleetRole: arn:aws:iam::12345678:role/spot-fleet\n launchSpecifications:\n - ami: ami-d06a90b0\n availabilityZone: us-west-2a\n instanceType: m1.small\n keyName: my-key\n - ami: ami-d06a90b0\n availabilityZone: us-west-2a\n instanceType: m5.large\n keyName: my-key\n spotPrice: '0.005'\n targetCapacity: 2\n validUntil: 2019-11-04T20:44:20Z\n```\n\n\u003e In this example, we use a `dynamic` block to define zero or more `launch_specification` blocks, producing one for each element in the list of subnet ids.\n\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.aws.ec2.SpotFleetRequest;\nimport com.pulumi.aws.ec2.SpotFleetRequestArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var config = ctx.config();\n final var subnets = config.get(\"subnets\");\n var example = new SpotFleetRequest(\"example\", SpotFleetRequestArgs.builder() \n .iamFleetRole(\"arn:aws:iam::12345678:role/spot-fleet\")\n .targetCapacity(3)\n .validUntil(\"2019-11-04T20:44:20Z\")\n .allocationStrategy(\"lowestPrice\")\n .fleetType(\"request\")\n .waitForFulfillment(\"true\")\n .terminateInstancesWithExpiration(\"true\")\n .dynamic(%!v(PANIC=Format method: runtime error: invalid memory address or nil pointer dereference))\n .build());\n\n }\n}\n```\n{{% /example %}}\n{{% example %}}\n### Using multiple launch configurations\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst example = aws.ec2.getSubnets({\n filters: [{\n name: \"vpc-id\",\n values: [_var.vpc_id],\n }],\n});\nconst fooLaunchTemplate = new aws.ec2.LaunchTemplate(\"fooLaunchTemplate\", {\n imageId: \"ami-516b9131\",\n instanceType: \"m1.small\",\n keyName: \"some-key\",\n});\nconst fooSpotFleetRequest = new aws.ec2.SpotFleetRequest(\"fooSpotFleetRequest\", {\n iamFleetRole: \"arn:aws:iam::12345678:role/spot-fleet\",\n spotPrice: \"0.005\",\n targetCapacity: 2,\n validUntil: \"2019-11-04T20:44:20Z\",\n launchTemplateConfigs: [{\n launchTemplateSpecification: {\n id: fooLaunchTemplate.id,\n version: fooLaunchTemplate.latestVersion,\n },\n overrides: [\n {\n subnetId: example.then(example =\u003e example.ids?.[0]),\n },\n {\n subnetId: example.then(example =\u003e example.ids?.[1]),\n },\n {\n subnetId: example.then(example =\u003e example.ids?.[2]),\n },\n ],\n }],\n}, {\n dependsOn: [aws_iam_policy_attachment[\"test-attach\"]],\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nexample = aws.ec2.get_subnets(filters=[aws.ec2.GetSubnetsFilterArgs(\n name=\"vpc-id\",\n values=[var[\"vpc_id\"]],\n)])\nfoo_launch_template = aws.ec2.LaunchTemplate(\"fooLaunchTemplate\",\n image_id=\"ami-516b9131\",\n instance_type=\"m1.small\",\n key_name=\"some-key\")\nfoo_spot_fleet_request = aws.ec2.SpotFleetRequest(\"fooSpotFleetRequest\",\n iam_fleet_role=\"arn:aws:iam::12345678:role/spot-fleet\",\n spot_price=\"0.005\",\n target_capacity=2,\n valid_until=\"2019-11-04T20:44:20Z\",\n launch_template_configs=[aws.ec2.SpotFleetRequestLaunchTemplateConfigArgs(\n launch_template_specification=aws.ec2.SpotFleetRequestLaunchTemplateConfigLaunchTemplateSpecificationArgs(\n id=foo_launch_template.id,\n version=foo_launch_template.latest_version,\n ),\n overrides=[\n aws.ec2.SpotFleetRequestLaunchTemplateConfigOverrideArgs(\n subnet_id=example.ids[0],\n ),\n aws.ec2.SpotFleetRequestLaunchTemplateConfigOverrideArgs(\n subnet_id=example.ids[1],\n ),\n aws.ec2.SpotFleetRequestLaunchTemplateConfigOverrideArgs(\n subnet_id=example.ids[2],\n ),\n ],\n )],\n opts=pulumi.ResourceOptions(depends_on=[aws_iam_policy_attachment[\"test-attach\"]]))\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var example = Aws.Ec2.GetSubnets.Invoke(new()\n {\n Filters = new[]\n {\n new Aws.Ec2.Inputs.GetSubnetsFilterInputArgs\n {\n Name = \"vpc-id\",\n Values = new[]\n {\n @var.Vpc_id,\n },\n },\n },\n });\n\n var fooLaunchTemplate = new Aws.Ec2.LaunchTemplate(\"fooLaunchTemplate\", new()\n {\n ImageId = \"ami-516b9131\",\n InstanceType = \"m1.small\",\n KeyName = \"some-key\",\n });\n\n var fooSpotFleetRequest = new Aws.Ec2.SpotFleetRequest(\"fooSpotFleetRequest\", new()\n {\n IamFleetRole = \"arn:aws:iam::12345678:role/spot-fleet\",\n SpotPrice = \"0.005\",\n TargetCapacity = 2,\n ValidUntil = \"2019-11-04T20:44:20Z\",\n LaunchTemplateConfigs = new[]\n {\n new Aws.Ec2.Inputs.SpotFleetRequestLaunchTemplateConfigArgs\n {\n LaunchTemplateSpecification = new Aws.Ec2.Inputs.SpotFleetRequestLaunchTemplateConfigLaunchTemplateSpecificationArgs\n {\n Id = fooLaunchTemplate.Id,\n Version = fooLaunchTemplate.LatestVersion,\n },\n Overrides = new[]\n {\n new Aws.Ec2.Inputs.SpotFleetRequestLaunchTemplateConfigOverrideArgs\n {\n SubnetId = example.Apply(getSubnetsResult =\u003e getSubnetsResult.Ids[0]),\n },\n new Aws.Ec2.Inputs.SpotFleetRequestLaunchTemplateConfigOverrideArgs\n {\n SubnetId = example.Apply(getSubnetsResult =\u003e getSubnetsResult.Ids[1]),\n },\n new Aws.Ec2.Inputs.SpotFleetRequestLaunchTemplateConfigOverrideArgs\n {\n SubnetId = example.Apply(getSubnetsResult =\u003e getSubnetsResult.Ids[2]),\n },\n },\n },\n },\n }, new CustomResourceOptions\n {\n DependsOn = new[]\n {\n aws_iam_policy_attachment.Test_attach,\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\n\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/ec2\"\n)\nfunc main() {\npulumi.Run(func(ctx *pulumi.Context) error {\nexample, err := ec2.GetSubnets(ctx, \u0026ec2.GetSubnetsArgs{\nFilters: []ec2.GetSubnetsFilter{\n{\nName: \"vpc-id\",\nValues: interface{}{\n_var.Vpc_id,\n},\n},\n},\n}, nil);\nif err != nil {\nreturn err\n}\nfooLaunchTemplate, err := ec2.NewLaunchTemplate(ctx, \"fooLaunchTemplate\", \u0026ec2.LaunchTemplateArgs{\nImageId: pulumi.String(\"ami-516b9131\"),\nInstanceType: pulumi.String(\"m1.small\"),\nKeyName: pulumi.String(\"some-key\"),\n})\nif err != nil {\nreturn err\n}\n_, err = ec2.NewSpotFleetRequest(ctx, \"fooSpotFleetRequest\", \u0026ec2.SpotFleetRequestArgs{\nIamFleetRole: pulumi.String(\"arn:aws:iam::12345678:role/spot-fleet\"),\nSpotPrice: pulumi.String(\"0.005\"),\nTargetCapacity: pulumi.Int(2),\nValidUntil: pulumi.String(\"2019-11-04T20:44:20Z\"),\nLaunchTemplateConfigs: ec2.SpotFleetRequestLaunchTemplateConfigArray{\n\u0026ec2.SpotFleetRequestLaunchTemplateConfigArgs{\nLaunchTemplateSpecification: \u0026ec2.SpotFleetRequestLaunchTemplateConfigLaunchTemplateSpecificationArgs{\nId: fooLaunchTemplate.ID(),\nVersion: fooLaunchTemplate.LatestVersion,\n},\nOverrides: ec2.SpotFleetRequestLaunchTemplateConfigOverrideArray{\n\u0026ec2.SpotFleetRequestLaunchTemplateConfigOverrideArgs{\nSubnetId: *pulumi.String(example.Ids[0]),\n},\n\u0026ec2.SpotFleetRequestLaunchTemplateConfigOverrideArgs{\nSubnetId: *pulumi.String(example.Ids[1]),\n},\n\u0026ec2.SpotFleetRequestLaunchTemplateConfigOverrideArgs{\nSubnetId: *pulumi.String(example.Ids[2]),\n},\n},\n},\n},\n}, pulumi.DependsOn([]pulumi.Resource{\naws_iam_policy_attachment.TestAttach,\n}))\nif err != nil {\nreturn err\n}\nreturn nil\n})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.aws.ec2.Ec2Functions;\nimport com.pulumi.aws.ec2.inputs.GetSubnetsArgs;\nimport com.pulumi.aws.ec2.LaunchTemplate;\nimport com.pulumi.aws.ec2.LaunchTemplateArgs;\nimport com.pulumi.aws.ec2.SpotFleetRequest;\nimport com.pulumi.aws.ec2.SpotFleetRequestArgs;\nimport com.pulumi.aws.ec2.inputs.SpotFleetRequestLaunchTemplateConfigArgs;\nimport com.pulumi.aws.ec2.inputs.SpotFleetRequestLaunchTemplateConfigLaunchTemplateSpecificationArgs;\nimport com.pulumi.resources.CustomResourceOptions;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var example = Ec2Functions.getSubnets(GetSubnetsArgs.builder()\n .filters(GetSubnetsFilterArgs.builder()\n .name(\"vpc-id\")\n .values(var_.vpc_id())\n .build())\n .build());\n\n var fooLaunchTemplate = new LaunchTemplate(\"fooLaunchTemplate\", LaunchTemplateArgs.builder() \n .imageId(\"ami-516b9131\")\n .instanceType(\"m1.small\")\n .keyName(\"some-key\")\n .build());\n\n var fooSpotFleetRequest = new SpotFleetRequest(\"fooSpotFleetRequest\", SpotFleetRequestArgs.builder() \n .iamFleetRole(\"arn:aws:iam::12345678:role/spot-fleet\")\n .spotPrice(\"0.005\")\n .targetCapacity(2)\n .validUntil(\"2019-11-04T20:44:20Z\")\n .launchTemplateConfigs(SpotFleetRequestLaunchTemplateConfigArgs.builder()\n .launchTemplateSpecification(SpotFleetRequestLaunchTemplateConfigLaunchTemplateSpecificationArgs.builder()\n .id(fooLaunchTemplate.id())\n .version(fooLaunchTemplate.latestVersion())\n .build())\n .overrides( \n SpotFleetRequestLaunchTemplateConfigOverrideArgs.builder()\n .subnetId(example.applyValue(getSubnetsResult -\u003e getSubnetsResult.ids()[0]))\n .build(),\n SpotFleetRequestLaunchTemplateConfigOverrideArgs.builder()\n .subnetId(example.applyValue(getSubnetsResult -\u003e getSubnetsResult.ids()[1]))\n .build(),\n SpotFleetRequestLaunchTemplateConfigOverrideArgs.builder()\n .subnetId(example.applyValue(getSubnetsResult -\u003e getSubnetsResult.ids()[2]))\n .build())\n .build())\n .build(), CustomResourceOptions.builder()\n .dependsOn(aws_iam_policy_attachment.test-attach())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n fooLaunchTemplate:\n type: aws:ec2:LaunchTemplate\n properties:\n imageId: ami-516b9131\n instanceType: m1.small\n keyName: some-key\n fooSpotFleetRequest:\n type: aws:ec2:SpotFleetRequest\n properties:\n iamFleetRole: arn:aws:iam::12345678:role/spot-fleet\n spotPrice: '0.005'\n targetCapacity: 2\n validUntil: 2019-11-04T20:44:20Z\n launchTemplateConfigs:\n - launchTemplateSpecification:\n id: ${fooLaunchTemplate.id}\n version: ${fooLaunchTemplate.latestVersion}\n overrides:\n - subnetId: ${example.ids[0]}\n - subnetId: ${example.ids[1]}\n - subnetId: ${example.ids[2]}\n options:\n dependson:\n - ${aws_iam_policy_attachment\"test-attach\"[%!s(MISSING)]}\nvariables:\n example:\n fn::invoke:\n Function: aws:ec2:getSubnets\n Arguments:\n filters:\n - name: vpc-id\n values:\n - ${var.vpc_id}\n```\n{{% /example %}}\n{{% /examples %}}\n\n## Import\n\nterraform import {\n\n to = aws_spot_fleet_request.fleet\n\n id = \"sfr-005e9ec8-5546-4c31-b317-31a62325411e\" } Using `pulumi import`, import Spot Fleet Requests using `id`. For exampleconsole % pulumi import aws_spot_fleet_request.fleet sfr-005e9ec8-5546-4c31-b317-31a62325411e ", + "description": "Provides an EC2 Spot Fleet Request resource. This allows a fleet of Spot\ninstances to be requested on the Spot market.\n\n\u003e **NOTE [AWS strongly discourages](https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/spot-best-practices.html#which-spot-request-method-to-use) the use of the legacy APIs called by this resource.\nWe recommend using the EC2 Fleet or Auto Scaling Group resources instead.\n\n{{% examples %}}\n## Example Usage\n{{% example %}}\n### Using launch specifications\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\n// Request a Spot fleet\nconst cheapCompute = new aws.ec2.SpotFleetRequest(\"cheapCompute\", {\n iamFleetRole: \"arn:aws:iam::12345678:role/spot-fleet\",\n spotPrice: \"0.03\",\n allocationStrategy: \"diversified\",\n targetCapacity: 6,\n validUntil: \"2019-11-04T20:44:20Z\",\n launchSpecifications: [\n {\n instanceType: \"m4.10xlarge\",\n ami: \"ami-1234\",\n spotPrice: \"2.793\",\n placementTenancy: \"dedicated\",\n iamInstanceProfileArn: aws_iam_instance_profile.example.arn,\n },\n {\n instanceType: \"m4.4xlarge\",\n ami: \"ami-5678\",\n keyName: \"my-key\",\n spotPrice: \"1.117\",\n iamInstanceProfileArn: aws_iam_instance_profile.example.arn,\n availabilityZone: \"us-west-1a\",\n subnetId: \"subnet-1234\",\n weightedCapacity: \"35\",\n rootBlockDevices: [{\n volumeSize: 300,\n volumeType: \"gp2\",\n }],\n tags: {\n Name: \"spot-fleet-example\",\n },\n },\n ],\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\n# Request a Spot fleet\ncheap_compute = aws.ec2.SpotFleetRequest(\"cheapCompute\",\n iam_fleet_role=\"arn:aws:iam::12345678:role/spot-fleet\",\n spot_price=\"0.03\",\n allocation_strategy=\"diversified\",\n target_capacity=6,\n valid_until=\"2019-11-04T20:44:20Z\",\n launch_specifications=[\n aws.ec2.SpotFleetRequestLaunchSpecificationArgs(\n instance_type=\"m4.10xlarge\",\n ami=\"ami-1234\",\n spot_price=\"2.793\",\n placement_tenancy=\"dedicated\",\n iam_instance_profile_arn=aws_iam_instance_profile[\"example\"][\"arn\"],\n ),\n aws.ec2.SpotFleetRequestLaunchSpecificationArgs(\n instance_type=\"m4.4xlarge\",\n ami=\"ami-5678\",\n key_name=\"my-key\",\n spot_price=\"1.117\",\n iam_instance_profile_arn=aws_iam_instance_profile[\"example\"][\"arn\"],\n availability_zone=\"us-west-1a\",\n subnet_id=\"subnet-1234\",\n weighted_capacity=\"35\",\n root_block_devices=[aws.ec2.SpotFleetRequestLaunchSpecificationRootBlockDeviceArgs(\n volume_size=300,\n volume_type=\"gp2\",\n )],\n tags={\n \"Name\": \"spot-fleet-example\",\n },\n ),\n ])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n // Request a Spot fleet\n var cheapCompute = new Aws.Ec2.SpotFleetRequest(\"cheapCompute\", new()\n {\n IamFleetRole = \"arn:aws:iam::12345678:role/spot-fleet\",\n SpotPrice = \"0.03\",\n AllocationStrategy = \"diversified\",\n TargetCapacity = 6,\n ValidUntil = \"2019-11-04T20:44:20Z\",\n LaunchSpecifications = new[]\n {\n new Aws.Ec2.Inputs.SpotFleetRequestLaunchSpecificationArgs\n {\n InstanceType = \"m4.10xlarge\",\n Ami = \"ami-1234\",\n SpotPrice = \"2.793\",\n PlacementTenancy = \"dedicated\",\n IamInstanceProfileArn = aws_iam_instance_profile.Example.Arn,\n },\n new Aws.Ec2.Inputs.SpotFleetRequestLaunchSpecificationArgs\n {\n InstanceType = \"m4.4xlarge\",\n Ami = \"ami-5678\",\n KeyName = \"my-key\",\n SpotPrice = \"1.117\",\n IamInstanceProfileArn = aws_iam_instance_profile.Example.Arn,\n AvailabilityZone = \"us-west-1a\",\n SubnetId = \"subnet-1234\",\n WeightedCapacity = \"35\",\n RootBlockDevices = new[]\n {\n new Aws.Ec2.Inputs.SpotFleetRequestLaunchSpecificationRootBlockDeviceArgs\n {\n VolumeSize = 300,\n VolumeType = \"gp2\",\n },\n },\n Tags = \n {\n { \"Name\", \"spot-fleet-example\" },\n },\n },\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/ec2\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := ec2.NewSpotFleetRequest(ctx, \"cheapCompute\", \u0026ec2.SpotFleetRequestArgs{\n\t\t\tIamFleetRole: pulumi.String(\"arn:aws:iam::12345678:role/spot-fleet\"),\n\t\t\tSpotPrice: pulumi.String(\"0.03\"),\n\t\t\tAllocationStrategy: pulumi.String(\"diversified\"),\n\t\t\tTargetCapacity: pulumi.Int(6),\n\t\t\tValidUntil: pulumi.String(\"2019-11-04T20:44:20Z\"),\n\t\t\tLaunchSpecifications: ec2.SpotFleetRequestLaunchSpecificationArray{\n\t\t\t\t\u0026ec2.SpotFleetRequestLaunchSpecificationArgs{\n\t\t\t\t\tInstanceType: pulumi.String(\"m4.10xlarge\"),\n\t\t\t\t\tAmi: pulumi.String(\"ami-1234\"),\n\t\t\t\t\tSpotPrice: pulumi.String(\"2.793\"),\n\t\t\t\t\tPlacementTenancy: pulumi.String(\"dedicated\"),\n\t\t\t\t\tIamInstanceProfileArn: pulumi.Any(aws_iam_instance_profile.Example.Arn),\n\t\t\t\t},\n\t\t\t\t\u0026ec2.SpotFleetRequestLaunchSpecificationArgs{\n\t\t\t\t\tInstanceType: pulumi.String(\"m4.4xlarge\"),\n\t\t\t\t\tAmi: pulumi.String(\"ami-5678\"),\n\t\t\t\t\tKeyName: pulumi.String(\"my-key\"),\n\t\t\t\t\tSpotPrice: pulumi.String(\"1.117\"),\n\t\t\t\t\tIamInstanceProfileArn: pulumi.Any(aws_iam_instance_profile.Example.Arn),\n\t\t\t\t\tAvailabilityZone: pulumi.String(\"us-west-1a\"),\n\t\t\t\t\tSubnetId: pulumi.String(\"subnet-1234\"),\n\t\t\t\t\tWeightedCapacity: pulumi.String(\"35\"),\n\t\t\t\t\tRootBlockDevices: ec2.SpotFleetRequestLaunchSpecificationRootBlockDeviceArray{\n\t\t\t\t\t\t\u0026ec2.SpotFleetRequestLaunchSpecificationRootBlockDeviceArgs{\n\t\t\t\t\t\t\tVolumeSize: pulumi.Int(300),\n\t\t\t\t\t\t\tVolumeType: pulumi.String(\"gp2\"),\n\t\t\t\t\t\t},\n\t\t\t\t\t},\n\t\t\t\t\tTags: pulumi.StringMap{\n\t\t\t\t\t\t\"Name\": pulumi.String(\"spot-fleet-example\"),\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.aws.ec2.SpotFleetRequest;\nimport com.pulumi.aws.ec2.SpotFleetRequestArgs;\nimport com.pulumi.aws.ec2.inputs.SpotFleetRequestLaunchSpecificationArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var cheapCompute = new SpotFleetRequest(\"cheapCompute\", SpotFleetRequestArgs.builder() \n .iamFleetRole(\"arn:aws:iam::12345678:role/spot-fleet\")\n .spotPrice(\"0.03\")\n .allocationStrategy(\"diversified\")\n .targetCapacity(6)\n .validUntil(\"2019-11-04T20:44:20Z\")\n .launchSpecifications( \n SpotFleetRequestLaunchSpecificationArgs.builder()\n .instanceType(\"m4.10xlarge\")\n .ami(\"ami-1234\")\n .spotPrice(\"2.793\")\n .placementTenancy(\"dedicated\")\n .iamInstanceProfileArn(aws_iam_instance_profile.example().arn())\n .build(),\n SpotFleetRequestLaunchSpecificationArgs.builder()\n .instanceType(\"m4.4xlarge\")\n .ami(\"ami-5678\")\n .keyName(\"my-key\")\n .spotPrice(\"1.117\")\n .iamInstanceProfileArn(aws_iam_instance_profile.example().arn())\n .availabilityZone(\"us-west-1a\")\n .subnetId(\"subnet-1234\")\n .weightedCapacity(35)\n .rootBlockDevices(SpotFleetRequestLaunchSpecificationRootBlockDeviceArgs.builder()\n .volumeSize(\"300\")\n .volumeType(\"gp2\")\n .build())\n .tags(Map.of(\"Name\", \"spot-fleet-example\"))\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n # Request a Spot fleet\n cheapCompute:\n type: aws:ec2:SpotFleetRequest\n properties:\n iamFleetRole: arn:aws:iam::12345678:role/spot-fleet\n spotPrice: '0.03'\n allocationStrategy: diversified\n targetCapacity: 6\n validUntil: 2019-11-04T20:44:20Z\n launchSpecifications:\n - instanceType: m4.10xlarge\n ami: ami-1234\n spotPrice: '2.793'\n placementTenancy: dedicated\n iamInstanceProfileArn: ${aws_iam_instance_profile.example.arn}\n - instanceType: m4.4xlarge\n ami: ami-5678\n keyName: my-key\n spotPrice: '1.117'\n iamInstanceProfileArn: ${aws_iam_instance_profile.example.arn}\n availabilityZone: us-west-1a\n subnetId: subnet-1234\n weightedCapacity: 35\n rootBlockDevices:\n - volumeSize: '300'\n volumeType: gp2\n tags:\n Name: spot-fleet-example\n```\n{{% /example %}}\n{{% example %}}\n### Using launch templates\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst fooLaunchTemplate = new aws.ec2.LaunchTemplate(\"fooLaunchTemplate\", {\n imageId: \"ami-516b9131\",\n instanceType: \"m1.small\",\n keyName: \"some-key\",\n});\nconst fooSpotFleetRequest = new aws.ec2.SpotFleetRequest(\"fooSpotFleetRequest\", {\n iamFleetRole: \"arn:aws:iam::12345678:role/spot-fleet\",\n spotPrice: \"0.005\",\n targetCapacity: 2,\n validUntil: \"2019-11-04T20:44:20Z\",\n launchTemplateConfigs: [{\n launchTemplateSpecification: {\n id: fooLaunchTemplate.id,\n version: fooLaunchTemplate.latestVersion,\n },\n }],\n}, {\n dependsOn: [aws_iam_policy_attachment[\"test-attach\"]],\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nfoo_launch_template = aws.ec2.LaunchTemplate(\"fooLaunchTemplate\",\n image_id=\"ami-516b9131\",\n instance_type=\"m1.small\",\n key_name=\"some-key\")\nfoo_spot_fleet_request = aws.ec2.SpotFleetRequest(\"fooSpotFleetRequest\",\n iam_fleet_role=\"arn:aws:iam::12345678:role/spot-fleet\",\n spot_price=\"0.005\",\n target_capacity=2,\n valid_until=\"2019-11-04T20:44:20Z\",\n launch_template_configs=[aws.ec2.SpotFleetRequestLaunchTemplateConfigArgs(\n launch_template_specification=aws.ec2.SpotFleetRequestLaunchTemplateConfigLaunchTemplateSpecificationArgs(\n id=foo_launch_template.id,\n version=foo_launch_template.latest_version,\n ),\n )],\n opts=pulumi.ResourceOptions(depends_on=[aws_iam_policy_attachment[\"test-attach\"]]))\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var fooLaunchTemplate = new Aws.Ec2.LaunchTemplate(\"fooLaunchTemplate\", new()\n {\n ImageId = \"ami-516b9131\",\n InstanceType = \"m1.small\",\n KeyName = \"some-key\",\n });\n\n var fooSpotFleetRequest = new Aws.Ec2.SpotFleetRequest(\"fooSpotFleetRequest\", new()\n {\n IamFleetRole = \"arn:aws:iam::12345678:role/spot-fleet\",\n SpotPrice = \"0.005\",\n TargetCapacity = 2,\n ValidUntil = \"2019-11-04T20:44:20Z\",\n LaunchTemplateConfigs = new[]\n {\n new Aws.Ec2.Inputs.SpotFleetRequestLaunchTemplateConfigArgs\n {\n LaunchTemplateSpecification = new Aws.Ec2.Inputs.SpotFleetRequestLaunchTemplateConfigLaunchTemplateSpecificationArgs\n {\n Id = fooLaunchTemplate.Id,\n Version = fooLaunchTemplate.LatestVersion,\n },\n },\n },\n }, new CustomResourceOptions\n {\n DependsOn = new[]\n {\n aws_iam_policy_attachment.Test_attach,\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/ec2\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tfooLaunchTemplate, err := ec2.NewLaunchTemplate(ctx, \"fooLaunchTemplate\", \u0026ec2.LaunchTemplateArgs{\n\t\t\tImageId: pulumi.String(\"ami-516b9131\"),\n\t\t\tInstanceType: pulumi.String(\"m1.small\"),\n\t\t\tKeyName: pulumi.String(\"some-key\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = ec2.NewSpotFleetRequest(ctx, \"fooSpotFleetRequest\", \u0026ec2.SpotFleetRequestArgs{\n\t\t\tIamFleetRole: pulumi.String(\"arn:aws:iam::12345678:role/spot-fleet\"),\n\t\t\tSpotPrice: pulumi.String(\"0.005\"),\n\t\t\tTargetCapacity: pulumi.Int(2),\n\t\t\tValidUntil: pulumi.String(\"2019-11-04T20:44:20Z\"),\n\t\t\tLaunchTemplateConfigs: ec2.SpotFleetRequestLaunchTemplateConfigArray{\n\t\t\t\t\u0026ec2.SpotFleetRequestLaunchTemplateConfigArgs{\n\t\t\t\t\tLaunchTemplateSpecification: \u0026ec2.SpotFleetRequestLaunchTemplateConfigLaunchTemplateSpecificationArgs{\n\t\t\t\t\t\tId: fooLaunchTemplate.ID(),\n\t\t\t\t\t\tVersion: fooLaunchTemplate.LatestVersion,\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, pulumi.DependsOn([]pulumi.Resource{\n\t\t\taws_iam_policy_attachment.TestAttach,\n\t\t}))\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.aws.ec2.LaunchTemplate;\nimport com.pulumi.aws.ec2.LaunchTemplateArgs;\nimport com.pulumi.aws.ec2.SpotFleetRequest;\nimport com.pulumi.aws.ec2.SpotFleetRequestArgs;\nimport com.pulumi.aws.ec2.inputs.SpotFleetRequestLaunchTemplateConfigArgs;\nimport com.pulumi.aws.ec2.inputs.SpotFleetRequestLaunchTemplateConfigLaunchTemplateSpecificationArgs;\nimport com.pulumi.resources.CustomResourceOptions;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var fooLaunchTemplate = new LaunchTemplate(\"fooLaunchTemplate\", LaunchTemplateArgs.builder() \n .imageId(\"ami-516b9131\")\n .instanceType(\"m1.small\")\n .keyName(\"some-key\")\n .build());\n\n var fooSpotFleetRequest = new SpotFleetRequest(\"fooSpotFleetRequest\", SpotFleetRequestArgs.builder() \n .iamFleetRole(\"arn:aws:iam::12345678:role/spot-fleet\")\n .spotPrice(\"0.005\")\n .targetCapacity(2)\n .validUntil(\"2019-11-04T20:44:20Z\")\n .launchTemplateConfigs(SpotFleetRequestLaunchTemplateConfigArgs.builder()\n .launchTemplateSpecification(SpotFleetRequestLaunchTemplateConfigLaunchTemplateSpecificationArgs.builder()\n .id(fooLaunchTemplate.id())\n .version(fooLaunchTemplate.latestVersion())\n .build())\n .build())\n .build(), CustomResourceOptions.builder()\n .dependsOn(aws_iam_policy_attachment.test-attach())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n fooLaunchTemplate:\n type: aws:ec2:LaunchTemplate\n properties:\n imageId: ami-516b9131\n instanceType: m1.small\n keyName: some-key\n fooSpotFleetRequest:\n type: aws:ec2:SpotFleetRequest\n properties:\n iamFleetRole: arn:aws:iam::12345678:role/spot-fleet\n spotPrice: '0.005'\n targetCapacity: 2\n validUntil: 2019-11-04T20:44:20Z\n launchTemplateConfigs:\n - launchTemplateSpecification:\n id: ${fooLaunchTemplate.id}\n version: ${fooLaunchTemplate.latestVersion}\n options:\n dependson:\n - ${aws_iam_policy_attachment\"test-attach\"[%!s(MISSING)]}\n```\n\n\u003e **NOTE:** This provider does not support the functionality where multiple `subnet_id` or `availability_zone` parameters can be specified in the same\nlaunch configuration block. If you want to specify multiple values, then separate launch configuration blocks should be used or launch template overrides should be configured, one per subnet:\n{{% /example %}}\n{{% example %}}\n### Using multiple launch specifications\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst foo = new aws.ec2.SpotFleetRequest(\"foo\", {\n iamFleetRole: \"arn:aws:iam::12345678:role/spot-fleet\",\n launchSpecifications: [\n {\n ami: \"ami-d06a90b0\",\n availabilityZone: \"us-west-2a\",\n instanceType: \"m1.small\",\n keyName: \"my-key\",\n },\n {\n ami: \"ami-d06a90b0\",\n availabilityZone: \"us-west-2a\",\n instanceType: \"m5.large\",\n keyName: \"my-key\",\n },\n ],\n spotPrice: \"0.005\",\n targetCapacity: 2,\n validUntil: \"2019-11-04T20:44:20Z\",\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nfoo = aws.ec2.SpotFleetRequest(\"foo\",\n iam_fleet_role=\"arn:aws:iam::12345678:role/spot-fleet\",\n launch_specifications=[\n aws.ec2.SpotFleetRequestLaunchSpecificationArgs(\n ami=\"ami-d06a90b0\",\n availability_zone=\"us-west-2a\",\n instance_type=\"m1.small\",\n key_name=\"my-key\",\n ),\n aws.ec2.SpotFleetRequestLaunchSpecificationArgs(\n ami=\"ami-d06a90b0\",\n availability_zone=\"us-west-2a\",\n instance_type=\"m5.large\",\n key_name=\"my-key\",\n ),\n ],\n spot_price=\"0.005\",\n target_capacity=2,\n valid_until=\"2019-11-04T20:44:20Z\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var foo = new Aws.Ec2.SpotFleetRequest(\"foo\", new()\n {\n IamFleetRole = \"arn:aws:iam::12345678:role/spot-fleet\",\n LaunchSpecifications = new[]\n {\n new Aws.Ec2.Inputs.SpotFleetRequestLaunchSpecificationArgs\n {\n Ami = \"ami-d06a90b0\",\n AvailabilityZone = \"us-west-2a\",\n InstanceType = \"m1.small\",\n KeyName = \"my-key\",\n },\n new Aws.Ec2.Inputs.SpotFleetRequestLaunchSpecificationArgs\n {\n Ami = \"ami-d06a90b0\",\n AvailabilityZone = \"us-west-2a\",\n InstanceType = \"m5.large\",\n KeyName = \"my-key\",\n },\n },\n SpotPrice = \"0.005\",\n TargetCapacity = 2,\n ValidUntil = \"2019-11-04T20:44:20Z\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/ec2\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := ec2.NewSpotFleetRequest(ctx, \"foo\", \u0026ec2.SpotFleetRequestArgs{\n\t\t\tIamFleetRole: pulumi.String(\"arn:aws:iam::12345678:role/spot-fleet\"),\n\t\t\tLaunchSpecifications: ec2.SpotFleetRequestLaunchSpecificationArray{\n\t\t\t\t\u0026ec2.SpotFleetRequestLaunchSpecificationArgs{\n\t\t\t\t\tAmi: pulumi.String(\"ami-d06a90b0\"),\n\t\t\t\t\tAvailabilityZone: pulumi.String(\"us-west-2a\"),\n\t\t\t\t\tInstanceType: pulumi.String(\"m1.small\"),\n\t\t\t\t\tKeyName: pulumi.String(\"my-key\"),\n\t\t\t\t},\n\t\t\t\t\u0026ec2.SpotFleetRequestLaunchSpecificationArgs{\n\t\t\t\t\tAmi: pulumi.String(\"ami-d06a90b0\"),\n\t\t\t\t\tAvailabilityZone: pulumi.String(\"us-west-2a\"),\n\t\t\t\t\tInstanceType: pulumi.String(\"m5.large\"),\n\t\t\t\t\tKeyName: pulumi.String(\"my-key\"),\n\t\t\t\t},\n\t\t\t},\n\t\t\tSpotPrice: pulumi.String(\"0.005\"),\n\t\t\tTargetCapacity: pulumi.Int(2),\n\t\t\tValidUntil: pulumi.String(\"2019-11-04T20:44:20Z\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.aws.ec2.SpotFleetRequest;\nimport com.pulumi.aws.ec2.SpotFleetRequestArgs;\nimport com.pulumi.aws.ec2.inputs.SpotFleetRequestLaunchSpecificationArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var foo = new SpotFleetRequest(\"foo\", SpotFleetRequestArgs.builder() \n .iamFleetRole(\"arn:aws:iam::12345678:role/spot-fleet\")\n .launchSpecifications( \n SpotFleetRequestLaunchSpecificationArgs.builder()\n .ami(\"ami-d06a90b0\")\n .availabilityZone(\"us-west-2a\")\n .instanceType(\"m1.small\")\n .keyName(\"my-key\")\n .build(),\n SpotFleetRequestLaunchSpecificationArgs.builder()\n .ami(\"ami-d06a90b0\")\n .availabilityZone(\"us-west-2a\")\n .instanceType(\"m5.large\")\n .keyName(\"my-key\")\n .build())\n .spotPrice(\"0.005\")\n .targetCapacity(2)\n .validUntil(\"2019-11-04T20:44:20Z\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n foo:\n type: aws:ec2:SpotFleetRequest\n properties:\n iamFleetRole: arn:aws:iam::12345678:role/spot-fleet\n launchSpecifications:\n - ami: ami-d06a90b0\n availabilityZone: us-west-2a\n instanceType: m1.small\n keyName: my-key\n - ami: ami-d06a90b0\n availabilityZone: us-west-2a\n instanceType: m5.large\n keyName: my-key\n spotPrice: '0.005'\n targetCapacity: 2\n validUntil: 2019-11-04T20:44:20Z\n```\n\n\u003e In this example, we use a `dynamic` block to define zero or more `launch_specification` blocks, producing one for each element in the list of subnet ids.\n\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.aws.ec2.SpotFleetRequest;\nimport com.pulumi.aws.ec2.SpotFleetRequestArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var config = ctx.config();\n final var subnets = config.get(\"subnets\");\n var example = new SpotFleetRequest(\"example\", SpotFleetRequestArgs.builder() \n .iamFleetRole(\"arn:aws:iam::12345678:role/spot-fleet\")\n .targetCapacity(3)\n .validUntil(\"2019-11-04T20:44:20Z\")\n .allocationStrategy(\"lowestPrice\")\n .fleetType(\"request\")\n .waitForFulfillment(\"true\")\n .terminateInstancesWithExpiration(\"true\")\n .dynamic(%!v(PANIC=Format method: runtime error: invalid memory address or nil pointer dereference))\n .build());\n\n }\n}\n```\n{{% /example %}}\n{{% example %}}\n### Using multiple launch configurations\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst example = aws.ec2.getSubnets({\n filters: [{\n name: \"vpc-id\",\n values: [_var.vpc_id],\n }],\n});\nconst fooLaunchTemplate = new aws.ec2.LaunchTemplate(\"fooLaunchTemplate\", {\n imageId: \"ami-516b9131\",\n instanceType: \"m1.small\",\n keyName: \"some-key\",\n});\nconst fooSpotFleetRequest = new aws.ec2.SpotFleetRequest(\"fooSpotFleetRequest\", {\n iamFleetRole: \"arn:aws:iam::12345678:role/spot-fleet\",\n spotPrice: \"0.005\",\n targetCapacity: 2,\n validUntil: \"2019-11-04T20:44:20Z\",\n launchTemplateConfigs: [{\n launchTemplateSpecification: {\n id: fooLaunchTemplate.id,\n version: fooLaunchTemplate.latestVersion,\n },\n overrides: [\n {\n subnetId: example.then(example =\u003e example.ids?.[0]),\n },\n {\n subnetId: example.then(example =\u003e example.ids?.[1]),\n },\n {\n subnetId: example.then(example =\u003e example.ids?.[2]),\n },\n ],\n }],\n}, {\n dependsOn: [aws_iam_policy_attachment[\"test-attach\"]],\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nexample = aws.ec2.get_subnets(filters=[aws.ec2.GetSubnetsFilterArgs(\n name=\"vpc-id\",\n values=[var[\"vpc_id\"]],\n)])\nfoo_launch_template = aws.ec2.LaunchTemplate(\"fooLaunchTemplate\",\n image_id=\"ami-516b9131\",\n instance_type=\"m1.small\",\n key_name=\"some-key\")\nfoo_spot_fleet_request = aws.ec2.SpotFleetRequest(\"fooSpotFleetRequest\",\n iam_fleet_role=\"arn:aws:iam::12345678:role/spot-fleet\",\n spot_price=\"0.005\",\n target_capacity=2,\n valid_until=\"2019-11-04T20:44:20Z\",\n launch_template_configs=[aws.ec2.SpotFleetRequestLaunchTemplateConfigArgs(\n launch_template_specification=aws.ec2.SpotFleetRequestLaunchTemplateConfigLaunchTemplateSpecificationArgs(\n id=foo_launch_template.id,\n version=foo_launch_template.latest_version,\n ),\n overrides=[\n aws.ec2.SpotFleetRequestLaunchTemplateConfigOverrideArgs(\n subnet_id=example.ids[0],\n ),\n aws.ec2.SpotFleetRequestLaunchTemplateConfigOverrideArgs(\n subnet_id=example.ids[1],\n ),\n aws.ec2.SpotFleetRequestLaunchTemplateConfigOverrideArgs(\n subnet_id=example.ids[2],\n ),\n ],\n )],\n opts=pulumi.ResourceOptions(depends_on=[aws_iam_policy_attachment[\"test-attach\"]]))\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var example = Aws.Ec2.GetSubnets.Invoke(new()\n {\n Filters = new[]\n {\n new Aws.Ec2.Inputs.GetSubnetsFilterInputArgs\n {\n Name = \"vpc-id\",\n Values = new[]\n {\n @var.Vpc_id,\n },\n },\n },\n });\n\n var fooLaunchTemplate = new Aws.Ec2.LaunchTemplate(\"fooLaunchTemplate\", new()\n {\n ImageId = \"ami-516b9131\",\n InstanceType = \"m1.small\",\n KeyName = \"some-key\",\n });\n\n var fooSpotFleetRequest = new Aws.Ec2.SpotFleetRequest(\"fooSpotFleetRequest\", new()\n {\n IamFleetRole = \"arn:aws:iam::12345678:role/spot-fleet\",\n SpotPrice = \"0.005\",\n TargetCapacity = 2,\n ValidUntil = \"2019-11-04T20:44:20Z\",\n LaunchTemplateConfigs = new[]\n {\n new Aws.Ec2.Inputs.SpotFleetRequestLaunchTemplateConfigArgs\n {\n LaunchTemplateSpecification = new Aws.Ec2.Inputs.SpotFleetRequestLaunchTemplateConfigLaunchTemplateSpecificationArgs\n {\n Id = fooLaunchTemplate.Id,\n Version = fooLaunchTemplate.LatestVersion,\n },\n Overrides = new[]\n {\n new Aws.Ec2.Inputs.SpotFleetRequestLaunchTemplateConfigOverrideArgs\n {\n SubnetId = example.Apply(getSubnetsResult =\u003e getSubnetsResult.Ids[0]),\n },\n new Aws.Ec2.Inputs.SpotFleetRequestLaunchTemplateConfigOverrideArgs\n {\n SubnetId = example.Apply(getSubnetsResult =\u003e getSubnetsResult.Ids[1]),\n },\n new Aws.Ec2.Inputs.SpotFleetRequestLaunchTemplateConfigOverrideArgs\n {\n SubnetId = example.Apply(getSubnetsResult =\u003e getSubnetsResult.Ids[2]),\n },\n },\n },\n },\n }, new CustomResourceOptions\n {\n DependsOn = new[]\n {\n aws_iam_policy_attachment.Test_attach,\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/ec2\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\nfunc main() {\npulumi.Run(func(ctx *pulumi.Context) error {\nexample, err := ec2.GetSubnets(ctx, \u0026ec2.GetSubnetsArgs{\nFilters: []ec2.GetSubnetsFilter{\n{\nName: \"vpc-id\",\nValues: interface{}{\n_var.Vpc_id,\n},\n},\n},\n}, nil);\nif err != nil {\nreturn err\n}\nfooLaunchTemplate, err := ec2.NewLaunchTemplate(ctx, \"fooLaunchTemplate\", \u0026ec2.LaunchTemplateArgs{\nImageId: pulumi.String(\"ami-516b9131\"),\nInstanceType: pulumi.String(\"m1.small\"),\nKeyName: pulumi.String(\"some-key\"),\n})\nif err != nil {\nreturn err\n}\n_, err = ec2.NewSpotFleetRequest(ctx, \"fooSpotFleetRequest\", \u0026ec2.SpotFleetRequestArgs{\nIamFleetRole: pulumi.String(\"arn:aws:iam::12345678:role/spot-fleet\"),\nSpotPrice: pulumi.String(\"0.005\"),\nTargetCapacity: pulumi.Int(2),\nValidUntil: pulumi.String(\"2019-11-04T20:44:20Z\"),\nLaunchTemplateConfigs: ec2.SpotFleetRequestLaunchTemplateConfigArray{\n\u0026ec2.SpotFleetRequestLaunchTemplateConfigArgs{\nLaunchTemplateSpecification: \u0026ec2.SpotFleetRequestLaunchTemplateConfigLaunchTemplateSpecificationArgs{\nId: fooLaunchTemplate.ID(),\nVersion: fooLaunchTemplate.LatestVersion,\n},\nOverrides: ec2.SpotFleetRequestLaunchTemplateConfigOverrideArray{\n\u0026ec2.SpotFleetRequestLaunchTemplateConfigOverrideArgs{\nSubnetId: *pulumi.String(example.Ids[0]),\n},\n\u0026ec2.SpotFleetRequestLaunchTemplateConfigOverrideArgs{\nSubnetId: *pulumi.String(example.Ids[1]),\n},\n\u0026ec2.SpotFleetRequestLaunchTemplateConfigOverrideArgs{\nSubnetId: *pulumi.String(example.Ids[2]),\n},\n},\n},\n},\n}, pulumi.DependsOn([]pulumi.Resource{\naws_iam_policy_attachment.TestAttach,\n}))\nif err != nil {\nreturn err\n}\nreturn nil\n})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.aws.ec2.Ec2Functions;\nimport com.pulumi.aws.ec2.inputs.GetSubnetsArgs;\nimport com.pulumi.aws.ec2.LaunchTemplate;\nimport com.pulumi.aws.ec2.LaunchTemplateArgs;\nimport com.pulumi.aws.ec2.SpotFleetRequest;\nimport com.pulumi.aws.ec2.SpotFleetRequestArgs;\nimport com.pulumi.aws.ec2.inputs.SpotFleetRequestLaunchTemplateConfigArgs;\nimport com.pulumi.aws.ec2.inputs.SpotFleetRequestLaunchTemplateConfigLaunchTemplateSpecificationArgs;\nimport com.pulumi.resources.CustomResourceOptions;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var example = Ec2Functions.getSubnets(GetSubnetsArgs.builder()\n .filters(GetSubnetsFilterArgs.builder()\n .name(\"vpc-id\")\n .values(var_.vpc_id())\n .build())\n .build());\n\n var fooLaunchTemplate = new LaunchTemplate(\"fooLaunchTemplate\", LaunchTemplateArgs.builder() \n .imageId(\"ami-516b9131\")\n .instanceType(\"m1.small\")\n .keyName(\"some-key\")\n .build());\n\n var fooSpotFleetRequest = new SpotFleetRequest(\"fooSpotFleetRequest\", SpotFleetRequestArgs.builder() \n .iamFleetRole(\"arn:aws:iam::12345678:role/spot-fleet\")\n .spotPrice(\"0.005\")\n .targetCapacity(2)\n .validUntil(\"2019-11-04T20:44:20Z\")\n .launchTemplateConfigs(SpotFleetRequestLaunchTemplateConfigArgs.builder()\n .launchTemplateSpecification(SpotFleetRequestLaunchTemplateConfigLaunchTemplateSpecificationArgs.builder()\n .id(fooLaunchTemplate.id())\n .version(fooLaunchTemplate.latestVersion())\n .build())\n .overrides( \n SpotFleetRequestLaunchTemplateConfigOverrideArgs.builder()\n .subnetId(example.applyValue(getSubnetsResult -\u003e getSubnetsResult.ids()[0]))\n .build(),\n SpotFleetRequestLaunchTemplateConfigOverrideArgs.builder()\n .subnetId(example.applyValue(getSubnetsResult -\u003e getSubnetsResult.ids()[1]))\n .build(),\n SpotFleetRequestLaunchTemplateConfigOverrideArgs.builder()\n .subnetId(example.applyValue(getSubnetsResult -\u003e getSubnetsResult.ids()[2]))\n .build())\n .build())\n .build(), CustomResourceOptions.builder()\n .dependsOn(aws_iam_policy_attachment.test-attach())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n fooLaunchTemplate:\n type: aws:ec2:LaunchTemplate\n properties:\n imageId: ami-516b9131\n instanceType: m1.small\n keyName: some-key\n fooSpotFleetRequest:\n type: aws:ec2:SpotFleetRequest\n properties:\n iamFleetRole: arn:aws:iam::12345678:role/spot-fleet\n spotPrice: '0.005'\n targetCapacity: 2\n validUntil: 2019-11-04T20:44:20Z\n launchTemplateConfigs:\n - launchTemplateSpecification:\n id: ${fooLaunchTemplate.id}\n version: ${fooLaunchTemplate.latestVersion}\n overrides:\n - subnetId: ${example.ids[0]}\n - subnetId: ${example.ids[1]}\n - subnetId: ${example.ids[2]}\n options:\n dependson:\n - ${aws_iam_policy_attachment\"test-attach\"[%!s(MISSING)]}\nvariables:\n example:\n fn::invoke:\n Function: aws:ec2:getSubnets\n Arguments:\n filters:\n - name: vpc-id\n values:\n - ${var.vpc_id}\n```\n{{% /example %}}\n{{% /examples %}}\n\n## Import\n\nterraform import {\n\n to = aws_spot_fleet_request.fleet\n\n id = \"sfr-005e9ec8-5546-4c31-b317-31a62325411e\" } Using `pulumi import`, import Spot Fleet Requests using `id`. For exampleconsole % pulumi import aws_spot_fleet_request.fleet sfr-005e9ec8-5546-4c31-b317-31a62325411e ", "properties": { "allocationStrategy": { "type": "string", @@ -199246,7 +199243,7 @@ } }, "aws:elasticsearch/domain:Domain": { - "description": "Manages an AWS Elasticsearch Domain.\n\n{{% examples %}}\n## Example Usage\n{{% example %}}\n### Basic Usage\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst example = new aws.elasticsearch.Domain(\"example\", {\n clusterConfig: {\n instanceType: \"r4.large.elasticsearch\",\n },\n elasticsearchVersion: \"7.10\",\n tags: {\n Domain: \"TestDomain\",\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nexample = aws.elasticsearch.Domain(\"example\",\n cluster_config=aws.elasticsearch.DomainClusterConfigArgs(\n instance_type=\"r4.large.elasticsearch\",\n ),\n elasticsearch_version=\"7.10\",\n tags={\n \"Domain\": \"TestDomain\",\n })\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var example = new Aws.ElasticSearch.Domain(\"example\", new()\n {\n ClusterConfig = new Aws.ElasticSearch.Inputs.DomainClusterConfigArgs\n {\n InstanceType = \"r4.large.elasticsearch\",\n },\n ElasticsearchVersion = \"7.10\",\n Tags = \n {\n { \"Domain\", \"TestDomain\" },\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/elasticsearch\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := elasticsearch.NewDomain(ctx, \"example\", \u0026elasticsearch.DomainArgs{\n\t\t\tClusterConfig: \u0026elasticsearch.DomainClusterConfigArgs{\n\t\t\t\tInstanceType: pulumi.String(\"r4.large.elasticsearch\"),\n\t\t\t},\n\t\t\tElasticsearchVersion: pulumi.String(\"7.10\"),\n\t\t\tTags: pulumi.StringMap{\n\t\t\t\t\"Domain\": pulumi.String(\"TestDomain\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.aws.elasticsearch.Domain;\nimport com.pulumi.aws.elasticsearch.DomainArgs;\nimport com.pulumi.aws.elasticsearch.inputs.DomainClusterConfigArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var example = new Domain(\"example\", DomainArgs.builder() \n .clusterConfig(DomainClusterConfigArgs.builder()\n .instanceType(\"r4.large.elasticsearch\")\n .build())\n .elasticsearchVersion(\"7.10\")\n .tags(Map.of(\"Domain\", \"TestDomain\"))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n example:\n type: aws:elasticsearch:Domain\n properties:\n clusterConfig:\n instanceType: r4.large.elasticsearch\n elasticsearchVersion: '7.10'\n tags:\n Domain: TestDomain\n```\n{{% /example %}}\n{{% example %}}\n### Access Policy\n\n\u003e See also: `aws.elasticsearch.DomainPolicy` resource\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst config = new pulumi.Config();\nconst domain = config.get(\"domain\") || \"tf-test\";\nconst currentRegion = aws.getRegion({});\nconst currentCallerIdentity = aws.getCallerIdentity({});\nconst example = new aws.elasticsearch.Domain(\"example\", {accessPolicies: Promise.all([currentRegion, currentCallerIdentity]).then(([currentRegion, currentCallerIdentity]) =\u003e `{\n \"Version\": \"2012-10-17\",\n \"Statement\": [\n {\n \"Action\": \"es:*\",\n \"Principal\": \"*\",\n \"Effect\": \"Allow\",\n \"Resource\": \"arn:aws:es:${currentRegion.name}:${currentCallerIdentity.accountId}:domain/${domain}/*\",\n \"Condition\": {\n \"IpAddress\": {\"aws:SourceIp\": [\"66.193.100.22/32\"]}\n }\n }\n ]\n}\n`)});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nconfig = pulumi.Config()\ndomain = config.get(\"domain\")\nif domain is None:\n domain = \"tf-test\"\ncurrent_region = aws.get_region()\ncurrent_caller_identity = aws.get_caller_identity()\nexample = aws.elasticsearch.Domain(\"example\", access_policies=f\"\"\"{{\n \"Version\": \"2012-10-17\",\n \"Statement\": [\n {{\n \"Action\": \"es:*\",\n \"Principal\": \"*\",\n \"Effect\": \"Allow\",\n \"Resource\": \"arn:aws:es:{current_region.name}:{current_caller_identity.account_id}:domain/{domain}/*\",\n \"Condition\": {{\n \"IpAddress\": {{\"aws:SourceIp\": [\"66.193.100.22/32\"]}}\n }}\n }}\n ]\n}}\n\"\"\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var config = new Config();\n var domain = config.Get(\"domain\") ?? \"tf-test\";\n var currentRegion = Aws.GetRegion.Invoke();\n\n var currentCallerIdentity = Aws.GetCallerIdentity.Invoke();\n\n var example = new Aws.ElasticSearch.Domain(\"example\", new()\n {\n AccessPolicies = Output.Tuple(currentRegion, currentCallerIdentity).Apply(values =\u003e\n {\n var currentRegion = values.Item1;\n var currentCallerIdentity = values.Item2;\n return @$\"{{\n \"\"Version\"\": \"\"2012-10-17\"\",\n \"\"Statement\"\": [\n {{\n \"\"Action\"\": \"\"es:*\"\",\n \"\"Principal\"\": \"\"*\"\",\n \"\"Effect\"\": \"\"Allow\"\",\n \"\"Resource\"\": \"\"arn:aws:es:{currentRegion.Apply(getRegionResult =\u003e getRegionResult.Name)}:{currentCallerIdentity.Apply(getCallerIdentityResult =\u003e getCallerIdentityResult.AccountId)}:domain/{domain}/*\"\",\n \"\"Condition\"\": {{\n \"\"IpAddress\"\": {{\"\"aws:SourceIp\"\": [\"\"66.193.100.22/32\"\"]}}\n }}\n }}\n ]\n}}\n\";\n }),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"fmt\"\n\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws\"\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/elasticsearch\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi/config\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tcfg := config.New(ctx, \"\")\n\t\tdomain := \"tf-test\"\n\t\tif param := cfg.Get(\"domain\"); param != \"\" {\n\t\t\tdomain = param\n\t\t}\n\t\tcurrentRegion, err := aws.GetRegion(ctx, nil, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tcurrentCallerIdentity, err := aws.GetCallerIdentity(ctx, nil, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = elasticsearch.NewDomain(ctx, \"example\", \u0026elasticsearch.DomainArgs{\n\t\t\tAccessPolicies: pulumi.Any(fmt.Sprintf(`{\n \"Version\": \"2012-10-17\",\n \"Statement\": [\n {\n \"Action\": \"es:*\",\n \"Principal\": \"*\",\n \"Effect\": \"Allow\",\n \"Resource\": \"arn:aws:es:%v:%v:domain/%v/*\",\n \"Condition\": {\n \"IpAddress\": {\"aws:SourceIp\": [\"66.193.100.22/32\"]}\n }\n }\n ]\n}\n`, currentRegion.Name, currentCallerIdentity.AccountId, domain)),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.aws.AwsFunctions;\nimport com.pulumi.aws.inputs.GetRegionArgs;\nimport com.pulumi.aws.inputs.GetCallerIdentityArgs;\nimport com.pulumi.aws.elasticsearch.Domain;\nimport com.pulumi.aws.elasticsearch.DomainArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var config = ctx.config();\n final var domain = config.get(\"domain\").orElse(\"tf-test\");\n final var currentRegion = AwsFunctions.getRegion();\n\n final var currentCallerIdentity = AwsFunctions.getCallerIdentity();\n\n var example = new Domain(\"example\", DomainArgs.builder() \n .accessPolicies(\"\"\"\n{\n \"Version\": \"2012-10-17\",\n \"Statement\": [\n {\n \"Action\": \"es:*\",\n \"Principal\": \"*\",\n \"Effect\": \"Allow\",\n \"Resource\": \"arn:aws:es:%s:%s:domain/%s/*\",\n \"Condition\": {\n \"IpAddress\": {\"aws:SourceIp\": [\"66.193.100.22/32\"]}\n }\n }\n ]\n}\n\", currentRegion.applyValue(getRegionResult -\u003e getRegionResult.name()),currentCallerIdentity.applyValue(getCallerIdentityResult -\u003e getCallerIdentityResult.accountId()),domain))\n .build());\n\n }\n}\n```\n```yaml\nconfiguration:\n domain:\n type: string\n default: tf-test\nresources:\n example:\n type: aws:elasticsearch:Domain\n properties:\n accessPolicies: |\n {\n \"Version\": \"2012-10-17\",\n \"Statement\": [\n {\n \"Action\": \"es:*\",\n \"Principal\": \"*\",\n \"Effect\": \"Allow\",\n \"Resource\": \"arn:aws:es:${currentRegion.name}:${currentCallerIdentity.accountId}:domain/${domain}/*\",\n \"Condition\": {\n \"IpAddress\": {\"aws:SourceIp\": [\"66.193.100.22/32\"]}\n }\n }\n ]\n }\nvariables:\n currentRegion:\n fn::invoke:\n Function: aws:getRegion\n Arguments: {}\n currentCallerIdentity:\n fn::invoke:\n Function: aws:getCallerIdentity\n Arguments: {}\n```\n{{% /example %}}\n{{% example %}}\n### Log Publishing to CloudWatch Logs\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst exampleLogGroup = new aws.cloudwatch.LogGroup(\"exampleLogGroup\", {});\nconst examplePolicyDocument = aws.iam.getPolicyDocument({\n statements: [{\n effect: \"Allow\",\n principals: [{\n type: \"Service\",\n identifiers: [\"es.amazonaws.com\"],\n }],\n actions: [\n \"logs:PutLogEvents\",\n \"logs:PutLogEventsBatch\",\n \"logs:CreateLogStream\",\n ],\n resources: [\"arn:aws:logs:*\"],\n }],\n});\nconst exampleLogResourcePolicy = new aws.cloudwatch.LogResourcePolicy(\"exampleLogResourcePolicy\", {\n policyName: \"example\",\n policyDocument: examplePolicyDocument.then(examplePolicyDocument =\u003e examplePolicyDocument.json),\n});\n// .. other configuration ...\nconst exampleDomain = new aws.elasticsearch.Domain(\"exampleDomain\", {logPublishingOptions: [{\n cloudwatchLogGroupArn: exampleLogGroup.arn,\n logType: \"INDEX_SLOW_LOGS\",\n}]});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nexample_log_group = aws.cloudwatch.LogGroup(\"exampleLogGroup\")\nexample_policy_document = aws.iam.get_policy_document(statements=[aws.iam.GetPolicyDocumentStatementArgs(\n effect=\"Allow\",\n principals=[aws.iam.GetPolicyDocumentStatementPrincipalArgs(\n type=\"Service\",\n identifiers=[\"es.amazonaws.com\"],\n )],\n actions=[\n \"logs:PutLogEvents\",\n \"logs:PutLogEventsBatch\",\n \"logs:CreateLogStream\",\n ],\n resources=[\"arn:aws:logs:*\"],\n)])\nexample_log_resource_policy = aws.cloudwatch.LogResourcePolicy(\"exampleLogResourcePolicy\",\n policy_name=\"example\",\n policy_document=example_policy_document.json)\n# .. other configuration ...\nexample_domain = aws.elasticsearch.Domain(\"exampleDomain\", log_publishing_options=[aws.elasticsearch.DomainLogPublishingOptionArgs(\n cloudwatch_log_group_arn=example_log_group.arn,\n log_type=\"INDEX_SLOW_LOGS\",\n)])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var exampleLogGroup = new Aws.CloudWatch.LogGroup(\"exampleLogGroup\");\n\n var examplePolicyDocument = Aws.Iam.GetPolicyDocument.Invoke(new()\n {\n Statements = new[]\n {\n new Aws.Iam.Inputs.GetPolicyDocumentStatementInputArgs\n {\n Effect = \"Allow\",\n Principals = new[]\n {\n new Aws.Iam.Inputs.GetPolicyDocumentStatementPrincipalInputArgs\n {\n Type = \"Service\",\n Identifiers = new[]\n {\n \"es.amazonaws.com\",\n },\n },\n },\n Actions = new[]\n {\n \"logs:PutLogEvents\",\n \"logs:PutLogEventsBatch\",\n \"logs:CreateLogStream\",\n },\n Resources = new[]\n {\n \"arn:aws:logs:*\",\n },\n },\n },\n });\n\n var exampleLogResourcePolicy = new Aws.CloudWatch.LogResourcePolicy(\"exampleLogResourcePolicy\", new()\n {\n PolicyName = \"example\",\n PolicyDocument = examplePolicyDocument.Apply(getPolicyDocumentResult =\u003e getPolicyDocumentResult.Json),\n });\n\n // .. other configuration ...\n var exampleDomain = new Aws.ElasticSearch.Domain(\"exampleDomain\", new()\n {\n LogPublishingOptions = new[]\n {\n new Aws.ElasticSearch.Inputs.DomainLogPublishingOptionArgs\n {\n CloudwatchLogGroupArn = exampleLogGroup.Arn,\n LogType = \"INDEX_SLOW_LOGS\",\n },\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/cloudwatch\"\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/elasticsearch\"\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/iam\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\texampleLogGroup, err := cloudwatch.NewLogGroup(ctx, \"exampleLogGroup\", nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\texamplePolicyDocument, err := iam.GetPolicyDocument(ctx, \u0026iam.GetPolicyDocumentArgs{\n\t\t\tStatements: []iam.GetPolicyDocumentStatement{\n\t\t\t\t{\n\t\t\t\t\tEffect: pulumi.StringRef(\"Allow\"),\n\t\t\t\t\tPrincipals: []iam.GetPolicyDocumentStatementPrincipal{\n\t\t\t\t\t\t{\n\t\t\t\t\t\t\tType: \"Service\",\n\t\t\t\t\t\t\tIdentifiers: []string{\n\t\t\t\t\t\t\t\t\"es.amazonaws.com\",\n\t\t\t\t\t\t\t},\n\t\t\t\t\t\t},\n\t\t\t\t\t},\n\t\t\t\t\tActions: []string{\n\t\t\t\t\t\t\"logs:PutLogEvents\",\n\t\t\t\t\t\t\"logs:PutLogEventsBatch\",\n\t\t\t\t\t\t\"logs:CreateLogStream\",\n\t\t\t\t\t},\n\t\t\t\t\tResources: []string{\n\t\t\t\t\t\t\"arn:aws:logs:*\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = cloudwatch.NewLogResourcePolicy(ctx, \"exampleLogResourcePolicy\", \u0026cloudwatch.LogResourcePolicyArgs{\n\t\t\tPolicyName: pulumi.String(\"example\"),\n\t\t\tPolicyDocument: *pulumi.String(examplePolicyDocument.Json),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = elasticsearch.NewDomain(ctx, \"exampleDomain\", \u0026elasticsearch.DomainArgs{\n\t\t\tLogPublishingOptions: elasticsearch.DomainLogPublishingOptionArray{\n\t\t\t\t\u0026elasticsearch.DomainLogPublishingOptionArgs{\n\t\t\t\t\tCloudwatchLogGroupArn: exampleLogGroup.Arn,\n\t\t\t\t\tLogType: pulumi.String(\"INDEX_SLOW_LOGS\"),\n\t\t\t\t},\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.aws.cloudwatch.LogGroup;\nimport com.pulumi.aws.iam.IamFunctions;\nimport com.pulumi.aws.iam.inputs.GetPolicyDocumentArgs;\nimport com.pulumi.aws.cloudwatch.LogResourcePolicy;\nimport com.pulumi.aws.cloudwatch.LogResourcePolicyArgs;\nimport com.pulumi.aws.elasticsearch.Domain;\nimport com.pulumi.aws.elasticsearch.DomainArgs;\nimport com.pulumi.aws.elasticsearch.inputs.DomainLogPublishingOptionArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var exampleLogGroup = new LogGroup(\"exampleLogGroup\");\n\n final var examplePolicyDocument = IamFunctions.getPolicyDocument(GetPolicyDocumentArgs.builder()\n .statements(GetPolicyDocumentStatementArgs.builder()\n .effect(\"Allow\")\n .principals(GetPolicyDocumentStatementPrincipalArgs.builder()\n .type(\"Service\")\n .identifiers(\"es.amazonaws.com\")\n .build())\n .actions( \n \"logs:PutLogEvents\",\n \"logs:PutLogEventsBatch\",\n \"logs:CreateLogStream\")\n .resources(\"arn:aws:logs:*\")\n .build())\n .build());\n\n var exampleLogResourcePolicy = new LogResourcePolicy(\"exampleLogResourcePolicy\", LogResourcePolicyArgs.builder() \n .policyName(\"example\")\n .policyDocument(examplePolicyDocument.applyValue(getPolicyDocumentResult -\u003e getPolicyDocumentResult.json()))\n .build());\n\n var exampleDomain = new Domain(\"exampleDomain\", DomainArgs.builder() \n .logPublishingOptions(DomainLogPublishingOptionArgs.builder()\n .cloudwatchLogGroupArn(exampleLogGroup.arn())\n .logType(\"INDEX_SLOW_LOGS\")\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n exampleLogGroup:\n type: aws:cloudwatch:LogGroup\n exampleLogResourcePolicy:\n type: aws:cloudwatch:LogResourcePolicy\n properties:\n policyName: example\n policyDocument: ${examplePolicyDocument.json}\n exampleDomain:\n type: aws:elasticsearch:Domain\n properties:\n logPublishingOptions:\n - cloudwatchLogGroupArn: ${exampleLogGroup.arn}\n logType: INDEX_SLOW_LOGS\nvariables:\n examplePolicyDocument:\n fn::invoke:\n Function: aws:iam:getPolicyDocument\n Arguments:\n statements:\n - effect: Allow\n principals:\n - type: Service\n identifiers:\n - es.amazonaws.com\n actions:\n - logs:PutLogEvents\n - logs:PutLogEventsBatch\n - logs:CreateLogStream\n resources:\n - arn:aws:logs:*\n```\n{{% /example %}}\n{{% example %}}\n### VPC based ES\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst config = new pulumi.Config();\nconst vpc = config.requireObject(\"vpc\");\nconst domain = config.get(\"domain\") || \"tf-test\";\nconst selectedVpc = aws.ec2.getVpc({\n tags: {\n Name: vpc,\n },\n});\nconst selectedSubnets = selectedVpc.then(selectedVpc =\u003e aws.ec2.getSubnets({\n filters: [{\n name: \"vpc-id\",\n values: [selectedVpc.id],\n }],\n tags: {\n Tier: \"private\",\n },\n}));\nconst currentRegion = aws.getRegion({});\nconst currentCallerIdentity = aws.getCallerIdentity({});\nconst esSecurityGroup = new aws.ec2.SecurityGroup(\"esSecurityGroup\", {\n description: \"Managed by Pulumi\",\n vpcId: selectedVpc.then(selectedVpc =\u003e selectedVpc.id),\n ingress: [{\n fromPort: 443,\n toPort: 443,\n protocol: \"tcp\",\n cidrBlocks: [selectedVpc.then(selectedVpc =\u003e selectedVpc.cidrBlock)],\n }],\n});\nconst esServiceLinkedRole = new aws.iam.ServiceLinkedRole(\"esServiceLinkedRole\", {awsServiceName: \"opensearchservice.amazonaws.com\"});\nconst esDomain = new aws.elasticsearch.Domain(\"esDomain\", {\n elasticsearchVersion: \"6.3\",\n clusterConfig: {\n instanceType: \"m4.large.elasticsearch\",\n zoneAwarenessEnabled: true,\n },\n vpcOptions: {\n subnetIds: [\n selectedSubnets.then(selectedSubnets =\u003e selectedSubnets.ids?.[0]),\n selectedSubnets.then(selectedSubnets =\u003e selectedSubnets.ids?.[1]),\n ],\n securityGroupIds: [esSecurityGroup.id],\n },\n advancedOptions: {\n \"rest.action.multi.allow_explicit_index\": \"true\",\n },\n accessPolicies: Promise.all([currentRegion, currentCallerIdentity]).then(([currentRegion, currentCallerIdentity]) =\u003e `{\n\t\"Version\": \"2012-10-17\",\n\t\"Statement\": [\n\t\t{\n\t\t\t\"Action\": \"es:*\",\n\t\t\t\"Principal\": \"*\",\n\t\t\t\"Effect\": \"Allow\",\n\t\t\t\"Resource\": \"arn:aws:es:${currentRegion.name}:${currentCallerIdentity.accountId}:domain/${domain}/*\"\n\t\t}\n\t]\n}\n`),\n tags: {\n Domain: \"TestDomain\",\n },\n}, {\n dependsOn: [esServiceLinkedRole],\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nconfig = pulumi.Config()\nvpc = config.require_object(\"vpc\")\ndomain = config.get(\"domain\")\nif domain is None:\n domain = \"tf-test\"\nselected_vpc = aws.ec2.get_vpc(tags={\n \"Name\": vpc,\n})\nselected_subnets = aws.ec2.get_subnets(filters=[aws.ec2.GetSubnetsFilterArgs(\n name=\"vpc-id\",\n values=[selected_vpc.id],\n )],\n tags={\n \"Tier\": \"private\",\n })\ncurrent_region = aws.get_region()\ncurrent_caller_identity = aws.get_caller_identity()\nes_security_group = aws.ec2.SecurityGroup(\"esSecurityGroup\",\n description=\"Managed by Pulumi\",\n vpc_id=selected_vpc.id,\n ingress=[aws.ec2.SecurityGroupIngressArgs(\n from_port=443,\n to_port=443,\n protocol=\"tcp\",\n cidr_blocks=[selected_vpc.cidr_block],\n )])\nes_service_linked_role = aws.iam.ServiceLinkedRole(\"esServiceLinkedRole\", aws_service_name=\"opensearchservice.amazonaws.com\")\nes_domain = aws.elasticsearch.Domain(\"esDomain\",\n elasticsearch_version=\"6.3\",\n cluster_config=aws.elasticsearch.DomainClusterConfigArgs(\n instance_type=\"m4.large.elasticsearch\",\n zone_awareness_enabled=True,\n ),\n vpc_options=aws.elasticsearch.DomainVpcOptionsArgs(\n subnet_ids=[\n selected_subnets.ids[0],\n selected_subnets.ids[1],\n ],\n security_group_ids=[es_security_group.id],\n ),\n advanced_options={\n \"rest.action.multi.allow_explicit_index\": \"true\",\n },\n access_policies=f\"\"\"{{\n\t\"Version\": \"2012-10-17\",\n\t\"Statement\": [\n\t\t{{\n\t\t\t\"Action\": \"es:*\",\n\t\t\t\"Principal\": \"*\",\n\t\t\t\"Effect\": \"Allow\",\n\t\t\t\"Resource\": \"arn:aws:es:{current_region.name}:{current_caller_identity.account_id}:domain/{domain}/*\"\n\t\t}}\n\t]\n}}\n\"\"\",\n tags={\n \"Domain\": \"TestDomain\",\n },\n opts=pulumi.ResourceOptions(depends_on=[es_service_linked_role]))\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var config = new Config();\n var vpc = config.RequireObject\u003cdynamic\u003e(\"vpc\");\n var domain = config.Get(\"domain\") ?? \"tf-test\";\n var selectedVpc = Aws.Ec2.GetVpc.Invoke(new()\n {\n Tags = \n {\n { \"Name\", vpc },\n },\n });\n\n var selectedSubnets = Aws.Ec2.GetSubnets.Invoke(new()\n {\n Filters = new[]\n {\n new Aws.Ec2.Inputs.GetSubnetsFilterInputArgs\n {\n Name = \"vpc-id\",\n Values = new[]\n {\n selectedVpc.Apply(getVpcResult =\u003e getVpcResult.Id),\n },\n },\n },\n Tags = \n {\n { \"Tier\", \"private\" },\n },\n });\n\n var currentRegion = Aws.GetRegion.Invoke();\n\n var currentCallerIdentity = Aws.GetCallerIdentity.Invoke();\n\n var esSecurityGroup = new Aws.Ec2.SecurityGroup(\"esSecurityGroup\", new()\n {\n Description = \"Managed by Pulumi\",\n VpcId = selectedVpc.Apply(getVpcResult =\u003e getVpcResult.Id),\n Ingress = new[]\n {\n new Aws.Ec2.Inputs.SecurityGroupIngressArgs\n {\n FromPort = 443,\n ToPort = 443,\n Protocol = \"tcp\",\n CidrBlocks = new[]\n {\n selectedVpc.Apply(getVpcResult =\u003e getVpcResult.CidrBlock),\n },\n },\n },\n });\n\n var esServiceLinkedRole = new Aws.Iam.ServiceLinkedRole(\"esServiceLinkedRole\", new()\n {\n AwsServiceName = \"opensearchservice.amazonaws.com\",\n });\n\n var esDomain = new Aws.ElasticSearch.Domain(\"esDomain\", new()\n {\n ElasticsearchVersion = \"6.3\",\n ClusterConfig = new Aws.ElasticSearch.Inputs.DomainClusterConfigArgs\n {\n InstanceType = \"m4.large.elasticsearch\",\n ZoneAwarenessEnabled = true,\n },\n VpcOptions = new Aws.ElasticSearch.Inputs.DomainVpcOptionsArgs\n {\n SubnetIds = new[]\n {\n selectedSubnets.Apply(getSubnetsResult =\u003e getSubnetsResult.Ids[0]),\n selectedSubnets.Apply(getSubnetsResult =\u003e getSubnetsResult.Ids[1]),\n },\n SecurityGroupIds = new[]\n {\n esSecurityGroup.Id,\n },\n },\n AdvancedOptions = \n {\n { \"rest.action.multi.allow_explicit_index\", \"true\" },\n },\n AccessPolicies = Output.Tuple(currentRegion, currentCallerIdentity).Apply(values =\u003e\n {\n var currentRegion = values.Item1;\n var currentCallerIdentity = values.Item2;\n return @$\"{{\n\t\"\"Version\"\": \"\"2012-10-17\"\",\n\t\"\"Statement\"\": [\n\t\t{{\n\t\t\t\"\"Action\"\": \"\"es:*\"\",\n\t\t\t\"\"Principal\"\": \"\"*\"\",\n\t\t\t\"\"Effect\"\": \"\"Allow\"\",\n\t\t\t\"\"Resource\"\": \"\"arn:aws:es:{currentRegion.Apply(getRegionResult =\u003e getRegionResult.Name)}:{currentCallerIdentity.Apply(getCallerIdentityResult =\u003e getCallerIdentityResult.AccountId)}:domain/{domain}/*\"\"\n\t\t}}\n\t]\n}}\n\";\n }),\n Tags = \n {\n { \"Domain\", \"TestDomain\" },\n },\n }, new CustomResourceOptions\n {\n DependsOn = new[]\n {\n esServiceLinkedRole,\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\"fmt\"\n\n\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws\"\n\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/ec2\"\n\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/elasticsearch\"\n\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/iam\"\n\"github.com/pulumi/pulumi/sdk/v3/go/pulumi/config\"\n)\nfunc main() {\npulumi.Run(func(ctx *pulumi.Context) error {\ncfg := config.New(ctx, \"\")\nvpc := cfg.RequireObject(\"vpc\")\ndomain := \"tf-test\";\nif param := cfg.Get(\"domain\"); param != \"\"{\ndomain = param\n}\nselectedVpc, err := ec2.LookupVpc(ctx, \u0026ec2.LookupVpcArgs{\nTags: interface{}{\nName: vpc,\n},\n}, nil);\nif err != nil {\nreturn err\n}\nselectedSubnets, err := ec2.GetSubnets(ctx, \u0026ec2.GetSubnetsArgs{\nFilters: []ec2.GetSubnetsFilter{\n{\nName: \"vpc-id\",\nValues: interface{}{\nselectedVpc.Id,\n},\n},\n},\nTags: map[string]interface{}{\n\"Tier\": \"private\",\n},\n}, nil);\nif err != nil {\nreturn err\n}\ncurrentRegion, err := aws.GetRegion(ctx, nil, nil);\nif err != nil {\nreturn err\n}\ncurrentCallerIdentity, err := aws.GetCallerIdentity(ctx, nil, nil);\nif err != nil {\nreturn err\n}\nesSecurityGroup, err := ec2.NewSecurityGroup(ctx, \"esSecurityGroup\", \u0026ec2.SecurityGroupArgs{\nDescription: pulumi.String(\"Managed by Pulumi\"),\nVpcId: *pulumi.String(selectedVpc.Id),\nIngress: ec2.SecurityGroupIngressArray{\n\u0026ec2.SecurityGroupIngressArgs{\nFromPort: pulumi.Int(443),\nToPort: pulumi.Int(443),\nProtocol: pulumi.String(\"tcp\"),\nCidrBlocks: pulumi.StringArray{\n*pulumi.String(selectedVpc.CidrBlock),\n},\n},\n},\n})\nif err != nil {\nreturn err\n}\nesServiceLinkedRole, err := iam.NewServiceLinkedRole(ctx, \"esServiceLinkedRole\", \u0026iam.ServiceLinkedRoleArgs{\nAwsServiceName: pulumi.String(\"opensearchservice.amazonaws.com\"),\n})\nif err != nil {\nreturn err\n}\n_, err = elasticsearch.NewDomain(ctx, \"esDomain\", \u0026elasticsearch.DomainArgs{\nElasticsearchVersion: pulumi.String(\"6.3\"),\nClusterConfig: \u0026elasticsearch.DomainClusterConfigArgs{\nInstanceType: pulumi.String(\"m4.large.elasticsearch\"),\nZoneAwarenessEnabled: pulumi.Bool(true),\n},\nVpcOptions: \u0026elasticsearch.DomainVpcOptionsArgs{\nSubnetIds: pulumi.StringArray{\n*pulumi.String(selectedSubnets.Ids[0]),\n*pulumi.String(selectedSubnets.Ids[1]),\n},\nSecurityGroupIds: pulumi.StringArray{\nesSecurityGroup.ID(),\n},\n},\nAdvancedOptions: pulumi.StringMap{\n\"rest.action.multi.allow_explicit_index\": pulumi.String(\"true\"),\n},\nAccessPolicies: pulumi.Any(fmt.Sprintf(`{\n\t\"Version\": \"2012-10-17\",\n\t\"Statement\": [\n\t\t{\n\t\t\t\"Action\": \"es:*\",\n\t\t\t\"Principal\": \"*\",\n\t\t\t\"Effect\": \"Allow\",\n\t\t\t\"Resource\": \"arn:aws:es:%v:%v:domain/%v/*\"\n\t\t}\n\t]\n}\n`, currentRegion.Name, currentCallerIdentity.AccountId, domain)),\nTags: pulumi.StringMap{\n\"Domain\": pulumi.String(\"TestDomain\"),\n},\n}, pulumi.DependsOn([]pulumi.Resource{\nesServiceLinkedRole,\n}))\nif err != nil {\nreturn err\n}\nreturn nil\n})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.aws.ec2.Ec2Functions;\nimport com.pulumi.aws.ec2.inputs.GetVpcArgs;\nimport com.pulumi.aws.ec2.inputs.GetSubnetsArgs;\nimport com.pulumi.aws.AwsFunctions;\nimport com.pulumi.aws.inputs.GetRegionArgs;\nimport com.pulumi.aws.inputs.GetCallerIdentityArgs;\nimport com.pulumi.aws.ec2.SecurityGroup;\nimport com.pulumi.aws.ec2.SecurityGroupArgs;\nimport com.pulumi.aws.ec2.inputs.SecurityGroupIngressArgs;\nimport com.pulumi.aws.iam.ServiceLinkedRole;\nimport com.pulumi.aws.iam.ServiceLinkedRoleArgs;\nimport com.pulumi.aws.elasticsearch.Domain;\nimport com.pulumi.aws.elasticsearch.DomainArgs;\nimport com.pulumi.aws.elasticsearch.inputs.DomainClusterConfigArgs;\nimport com.pulumi.aws.elasticsearch.inputs.DomainVpcOptionsArgs;\nimport com.pulumi.resources.CustomResourceOptions;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var config = ctx.config();\n final var vpc = config.get(\"vpc\");\n final var domain = config.get(\"domain\").orElse(\"tf-test\");\n final var selectedVpc = Ec2Functions.getVpc(GetVpcArgs.builder()\n .tags(Map.of(\"Name\", vpc))\n .build());\n\n final var selectedSubnets = Ec2Functions.getSubnets(GetSubnetsArgs.builder()\n .filters(GetSubnetsFilterArgs.builder()\n .name(\"vpc-id\")\n .values(selectedVpc.applyValue(getVpcResult -\u003e getVpcResult.id()))\n .build())\n .tags(Map.of(\"Tier\", \"private\"))\n .build());\n\n final var currentRegion = AwsFunctions.getRegion();\n\n final var currentCallerIdentity = AwsFunctions.getCallerIdentity();\n\n var esSecurityGroup = new SecurityGroup(\"esSecurityGroup\", SecurityGroupArgs.builder() \n .description(\"Managed by Pulumi\")\n .vpcId(selectedVpc.applyValue(getVpcResult -\u003e getVpcResult.id()))\n .ingress(SecurityGroupIngressArgs.builder()\n .fromPort(443)\n .toPort(443)\n .protocol(\"tcp\")\n .cidrBlocks(selectedVpc.applyValue(getVpcResult -\u003e getVpcResult.cidrBlock()))\n .build())\n .build());\n\n var esServiceLinkedRole = new ServiceLinkedRole(\"esServiceLinkedRole\", ServiceLinkedRoleArgs.builder() \n .awsServiceName(\"opensearchservice.amazonaws.com\")\n .build());\n\n var esDomain = new Domain(\"esDomain\", DomainArgs.builder() \n .elasticsearchVersion(\"6.3\")\n .clusterConfig(DomainClusterConfigArgs.builder()\n .instanceType(\"m4.large.elasticsearch\")\n .zoneAwarenessEnabled(true)\n .build())\n .vpcOptions(DomainVpcOptionsArgs.builder()\n .subnetIds( \n selectedSubnets.applyValue(getSubnetsResult -\u003e getSubnetsResult.ids()[0]),\n selectedSubnets.applyValue(getSubnetsResult -\u003e getSubnetsResult.ids()[1]))\n .securityGroupIds(esSecurityGroup.id())\n .build())\n .advancedOptions(Map.of(\"rest.action.multi.allow_explicit_index\", \"true\"))\n .accessPolicies(\"\"\"\n{\n\t\"Version\": \"2012-10-17\",\n\t\"Statement\": [\n\t\t{\n\t\t\t\"Action\": \"es:*\",\n\t\t\t\"Principal\": \"*\",\n\t\t\t\"Effect\": \"Allow\",\n\t\t\t\"Resource\": \"arn:aws:es:%s:%s:domain/%s/*\"\n\t\t}\n\t]\n}\n\", currentRegion.applyValue(getRegionResult -\u003e getRegionResult.name()),currentCallerIdentity.applyValue(getCallerIdentityResult -\u003e getCallerIdentityResult.accountId()),domain))\n .tags(Map.of(\"Domain\", \"TestDomain\"))\n .build(), CustomResourceOptions.builder()\n .dependsOn(esServiceLinkedRole)\n .build());\n\n }\n}\n```\n```yaml\nconfiguration:\n vpc:\n type: dynamic\n domain:\n type: string\n default: tf-test\nresources:\n esSecurityGroup:\n type: aws:ec2:SecurityGroup\n properties:\n description: Managed by Pulumi\n vpcId: ${selectedVpc.id}\n ingress:\n - fromPort: 443\n toPort: 443\n protocol: tcp\n cidrBlocks:\n - ${selectedVpc.cidrBlock}\n esServiceLinkedRole:\n type: aws:iam:ServiceLinkedRole\n properties:\n awsServiceName: opensearchservice.amazonaws.com\n esDomain:\n type: aws:elasticsearch:Domain\n properties:\n elasticsearchVersion: '6.3'\n clusterConfig:\n instanceType: m4.large.elasticsearch\n zoneAwarenessEnabled: true\n vpcOptions:\n subnetIds:\n - ${selectedSubnets.ids[0]}\n - ${selectedSubnets.ids[1]}\n securityGroupIds:\n - ${esSecurityGroup.id}\n advancedOptions:\n rest.action.multi.allow_explicit_index: 'true'\n accessPolicies: |\n {\n \t\"Version\": \"2012-10-17\",\n \t\"Statement\": [\n \t\t{\n \t\t\t\"Action\": \"es:*\",\n \t\t\t\"Principal\": \"*\",\n \t\t\t\"Effect\": \"Allow\",\n \t\t\t\"Resource\": \"arn:aws:es:${currentRegion.name}:${currentCallerIdentity.accountId}:domain/${domain}/*\"\n \t\t}\n \t]\n }\n tags:\n Domain: TestDomain\n options:\n dependson:\n - ${esServiceLinkedRole}\nvariables:\n selectedVpc:\n fn::invoke:\n Function: aws:ec2:getVpc\n Arguments:\n tags:\n Name: ${vpc}\n selectedSubnets:\n fn::invoke:\n Function: aws:ec2:getSubnets\n Arguments:\n filters:\n - name: vpc-id\n values:\n - ${selectedVpc.id}\n tags:\n Tier: private\n currentRegion:\n fn::invoke:\n Function: aws:getRegion\n Arguments: {}\n currentCallerIdentity:\n fn::invoke:\n Function: aws:getCallerIdentity\n Arguments: {}\n```\n{{% /example %}}\n{{% /examples %}}\n\n## Import\n\nterraform import {\n\n to = aws_elasticsearch_domain.example\n\n id = \"domain_name\" } Using `pulumi import`, import Elasticsearch domains using the `domain_name`. For exampleconsole % pulumi import aws_elasticsearch_domain.example domain_name ", + "description": "Manages an AWS Elasticsearch Domain.\n\n{{% examples %}}\n## Example Usage\n{{% example %}}\n### Basic Usage\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst example = new aws.elasticsearch.Domain(\"example\", {\n clusterConfig: {\n instanceType: \"r4.large.elasticsearch\",\n },\n elasticsearchVersion: \"7.10\",\n tags: {\n Domain: \"TestDomain\",\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nexample = aws.elasticsearch.Domain(\"example\",\n cluster_config=aws.elasticsearch.DomainClusterConfigArgs(\n instance_type=\"r4.large.elasticsearch\",\n ),\n elasticsearch_version=\"7.10\",\n tags={\n \"Domain\": \"TestDomain\",\n })\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var example = new Aws.ElasticSearch.Domain(\"example\", new()\n {\n ClusterConfig = new Aws.ElasticSearch.Inputs.DomainClusterConfigArgs\n {\n InstanceType = \"r4.large.elasticsearch\",\n },\n ElasticsearchVersion = \"7.10\",\n Tags = \n {\n { \"Domain\", \"TestDomain\" },\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/elasticsearch\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := elasticsearch.NewDomain(ctx, \"example\", \u0026elasticsearch.DomainArgs{\n\t\t\tClusterConfig: \u0026elasticsearch.DomainClusterConfigArgs{\n\t\t\t\tInstanceType: pulumi.String(\"r4.large.elasticsearch\"),\n\t\t\t},\n\t\t\tElasticsearchVersion: pulumi.String(\"7.10\"),\n\t\t\tTags: pulumi.StringMap{\n\t\t\t\t\"Domain\": pulumi.String(\"TestDomain\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.aws.elasticsearch.Domain;\nimport com.pulumi.aws.elasticsearch.DomainArgs;\nimport com.pulumi.aws.elasticsearch.inputs.DomainClusterConfigArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var example = new Domain(\"example\", DomainArgs.builder() \n .clusterConfig(DomainClusterConfigArgs.builder()\n .instanceType(\"r4.large.elasticsearch\")\n .build())\n .elasticsearchVersion(\"7.10\")\n .tags(Map.of(\"Domain\", \"TestDomain\"))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n example:\n type: aws:elasticsearch:Domain\n properties:\n clusterConfig:\n instanceType: r4.large.elasticsearch\n elasticsearchVersion: '7.10'\n tags:\n Domain: TestDomain\n```\n{{% /example %}}\n{{% example %}}\n### Access Policy\n\n\u003e See also: `aws.elasticsearch.DomainPolicy` resource\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst config = new pulumi.Config();\nconst domain = config.get(\"domain\") || \"tf-test\";\nconst currentRegion = aws.getRegion({});\nconst currentCallerIdentity = aws.getCallerIdentity({});\nconst example = new aws.elasticsearch.Domain(\"example\", {accessPolicies: Promise.all([currentRegion, currentCallerIdentity]).then(([currentRegion, currentCallerIdentity]) =\u003e `{\n \"Version\": \"2012-10-17\",\n \"Statement\": [\n {\n \"Action\": \"es:*\",\n \"Principal\": \"*\",\n \"Effect\": \"Allow\",\n \"Resource\": \"arn:aws:es:${currentRegion.name}:${currentCallerIdentity.accountId}:domain/${domain}/*\",\n \"Condition\": {\n \"IpAddress\": {\"aws:SourceIp\": [\"66.193.100.22/32\"]}\n }\n }\n ]\n}\n`)});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nconfig = pulumi.Config()\ndomain = config.get(\"domain\")\nif domain is None:\n domain = \"tf-test\"\ncurrent_region = aws.get_region()\ncurrent_caller_identity = aws.get_caller_identity()\nexample = aws.elasticsearch.Domain(\"example\", access_policies=f\"\"\"{{\n \"Version\": \"2012-10-17\",\n \"Statement\": [\n {{\n \"Action\": \"es:*\",\n \"Principal\": \"*\",\n \"Effect\": \"Allow\",\n \"Resource\": \"arn:aws:es:{current_region.name}:{current_caller_identity.account_id}:domain/{domain}/*\",\n \"Condition\": {{\n \"IpAddress\": {{\"aws:SourceIp\": [\"66.193.100.22/32\"]}}\n }}\n }}\n ]\n}}\n\"\"\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var config = new Config();\n var domain = config.Get(\"domain\") ?? \"tf-test\";\n var currentRegion = Aws.GetRegion.Invoke();\n\n var currentCallerIdentity = Aws.GetCallerIdentity.Invoke();\n\n var example = new Aws.ElasticSearch.Domain(\"example\", new()\n {\n AccessPolicies = Output.Tuple(currentRegion, currentCallerIdentity).Apply(values =\u003e\n {\n var currentRegion = values.Item1;\n var currentCallerIdentity = values.Item2;\n return @$\"{{\n \"\"Version\"\": \"\"2012-10-17\"\",\n \"\"Statement\"\": [\n {{\n \"\"Action\"\": \"\"es:*\"\",\n \"\"Principal\"\": \"\"*\"\",\n \"\"Effect\"\": \"\"Allow\"\",\n \"\"Resource\"\": \"\"arn:aws:es:{currentRegion.Apply(getRegionResult =\u003e getRegionResult.Name)}:{currentCallerIdentity.Apply(getCallerIdentityResult =\u003e getCallerIdentityResult.AccountId)}:domain/{domain}/*\"\",\n \"\"Condition\"\": {{\n \"\"IpAddress\"\": {{\"\"aws:SourceIp\"\": [\"\"66.193.100.22/32\"\"]}}\n }}\n }}\n ]\n}}\n\";\n }),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"fmt\"\n\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws\"\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/elasticsearch\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi/config\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tcfg := config.New(ctx, \"\")\n\t\tdomain := \"tf-test\"\n\t\tif param := cfg.Get(\"domain\"); param != \"\" {\n\t\t\tdomain = param\n\t\t}\n\t\tcurrentRegion, err := aws.GetRegion(ctx, nil, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tcurrentCallerIdentity, err := aws.GetCallerIdentity(ctx, nil, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = elasticsearch.NewDomain(ctx, \"example\", \u0026elasticsearch.DomainArgs{\n\t\t\tAccessPolicies: pulumi.Any(fmt.Sprintf(`{\n \"Version\": \"2012-10-17\",\n \"Statement\": [\n {\n \"Action\": \"es:*\",\n \"Principal\": \"*\",\n \"Effect\": \"Allow\",\n \"Resource\": \"arn:aws:es:%v:%v:domain/%v/*\",\n \"Condition\": {\n \"IpAddress\": {\"aws:SourceIp\": [\"66.193.100.22/32\"]}\n }\n }\n ]\n}\n`, currentRegion.Name, currentCallerIdentity.AccountId, domain)),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.aws.AwsFunctions;\nimport com.pulumi.aws.inputs.GetRegionArgs;\nimport com.pulumi.aws.inputs.GetCallerIdentityArgs;\nimport com.pulumi.aws.elasticsearch.Domain;\nimport com.pulumi.aws.elasticsearch.DomainArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var config = ctx.config();\n final var domain = config.get(\"domain\").orElse(\"tf-test\");\n final var currentRegion = AwsFunctions.getRegion();\n\n final var currentCallerIdentity = AwsFunctions.getCallerIdentity();\n\n var example = new Domain(\"example\", DomainArgs.builder() \n .accessPolicies(\"\"\"\n{\n \"Version\": \"2012-10-17\",\n \"Statement\": [\n {\n \"Action\": \"es:*\",\n \"Principal\": \"*\",\n \"Effect\": \"Allow\",\n \"Resource\": \"arn:aws:es:%s:%s:domain/%s/*\",\n \"Condition\": {\n \"IpAddress\": {\"aws:SourceIp\": [\"66.193.100.22/32\"]}\n }\n }\n ]\n}\n\", currentRegion.applyValue(getRegionResult -\u003e getRegionResult.name()),currentCallerIdentity.applyValue(getCallerIdentityResult -\u003e getCallerIdentityResult.accountId()),domain))\n .build());\n\n }\n}\n```\n```yaml\nconfiguration:\n domain:\n type: string\n default: tf-test\nresources:\n example:\n type: aws:elasticsearch:Domain\n properties:\n accessPolicies: |\n {\n \"Version\": \"2012-10-17\",\n \"Statement\": [\n {\n \"Action\": \"es:*\",\n \"Principal\": \"*\",\n \"Effect\": \"Allow\",\n \"Resource\": \"arn:aws:es:${currentRegion.name}:${currentCallerIdentity.accountId}:domain/${domain}/*\",\n \"Condition\": {\n \"IpAddress\": {\"aws:SourceIp\": [\"66.193.100.22/32\"]}\n }\n }\n ]\n }\nvariables:\n currentRegion:\n fn::invoke:\n Function: aws:getRegion\n Arguments: {}\n currentCallerIdentity:\n fn::invoke:\n Function: aws:getCallerIdentity\n Arguments: {}\n```\n{{% /example %}}\n{{% example %}}\n### Log Publishing to CloudWatch Logs\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst exampleLogGroup = new aws.cloudwatch.LogGroup(\"exampleLogGroup\", {});\nconst examplePolicyDocument = aws.iam.getPolicyDocument({\n statements: [{\n effect: \"Allow\",\n principals: [{\n type: \"Service\",\n identifiers: [\"es.amazonaws.com\"],\n }],\n actions: [\n \"logs:PutLogEvents\",\n \"logs:PutLogEventsBatch\",\n \"logs:CreateLogStream\",\n ],\n resources: [\"arn:aws:logs:*\"],\n }],\n});\nconst exampleLogResourcePolicy = new aws.cloudwatch.LogResourcePolicy(\"exampleLogResourcePolicy\", {\n policyName: \"example\",\n policyDocument: examplePolicyDocument.then(examplePolicyDocument =\u003e examplePolicyDocument.json),\n});\n// .. other configuration ...\nconst exampleDomain = new aws.elasticsearch.Domain(\"exampleDomain\", {logPublishingOptions: [{\n cloudwatchLogGroupArn: exampleLogGroup.arn,\n logType: \"INDEX_SLOW_LOGS\",\n}]});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nexample_log_group = aws.cloudwatch.LogGroup(\"exampleLogGroup\")\nexample_policy_document = aws.iam.get_policy_document(statements=[aws.iam.GetPolicyDocumentStatementArgs(\n effect=\"Allow\",\n principals=[aws.iam.GetPolicyDocumentStatementPrincipalArgs(\n type=\"Service\",\n identifiers=[\"es.amazonaws.com\"],\n )],\n actions=[\n \"logs:PutLogEvents\",\n \"logs:PutLogEventsBatch\",\n \"logs:CreateLogStream\",\n ],\n resources=[\"arn:aws:logs:*\"],\n)])\nexample_log_resource_policy = aws.cloudwatch.LogResourcePolicy(\"exampleLogResourcePolicy\",\n policy_name=\"example\",\n policy_document=example_policy_document.json)\n# .. other configuration ...\nexample_domain = aws.elasticsearch.Domain(\"exampleDomain\", log_publishing_options=[aws.elasticsearch.DomainLogPublishingOptionArgs(\n cloudwatch_log_group_arn=example_log_group.arn,\n log_type=\"INDEX_SLOW_LOGS\",\n)])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var exampleLogGroup = new Aws.CloudWatch.LogGroup(\"exampleLogGroup\");\n\n var examplePolicyDocument = Aws.Iam.GetPolicyDocument.Invoke(new()\n {\n Statements = new[]\n {\n new Aws.Iam.Inputs.GetPolicyDocumentStatementInputArgs\n {\n Effect = \"Allow\",\n Principals = new[]\n {\n new Aws.Iam.Inputs.GetPolicyDocumentStatementPrincipalInputArgs\n {\n Type = \"Service\",\n Identifiers = new[]\n {\n \"es.amazonaws.com\",\n },\n },\n },\n Actions = new[]\n {\n \"logs:PutLogEvents\",\n \"logs:PutLogEventsBatch\",\n \"logs:CreateLogStream\",\n },\n Resources = new[]\n {\n \"arn:aws:logs:*\",\n },\n },\n },\n });\n\n var exampleLogResourcePolicy = new Aws.CloudWatch.LogResourcePolicy(\"exampleLogResourcePolicy\", new()\n {\n PolicyName = \"example\",\n PolicyDocument = examplePolicyDocument.Apply(getPolicyDocumentResult =\u003e getPolicyDocumentResult.Json),\n });\n\n // .. other configuration ...\n var exampleDomain = new Aws.ElasticSearch.Domain(\"exampleDomain\", new()\n {\n LogPublishingOptions = new[]\n {\n new Aws.ElasticSearch.Inputs.DomainLogPublishingOptionArgs\n {\n CloudwatchLogGroupArn = exampleLogGroup.Arn,\n LogType = \"INDEX_SLOW_LOGS\",\n },\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/cloudwatch\"\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/elasticsearch\"\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/iam\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\texampleLogGroup, err := cloudwatch.NewLogGroup(ctx, \"exampleLogGroup\", nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\texamplePolicyDocument, err := iam.GetPolicyDocument(ctx, \u0026iam.GetPolicyDocumentArgs{\n\t\t\tStatements: []iam.GetPolicyDocumentStatement{\n\t\t\t\t{\n\t\t\t\t\tEffect: pulumi.StringRef(\"Allow\"),\n\t\t\t\t\tPrincipals: []iam.GetPolicyDocumentStatementPrincipal{\n\t\t\t\t\t\t{\n\t\t\t\t\t\t\tType: \"Service\",\n\t\t\t\t\t\t\tIdentifiers: []string{\n\t\t\t\t\t\t\t\t\"es.amazonaws.com\",\n\t\t\t\t\t\t\t},\n\t\t\t\t\t\t},\n\t\t\t\t\t},\n\t\t\t\t\tActions: []string{\n\t\t\t\t\t\t\"logs:PutLogEvents\",\n\t\t\t\t\t\t\"logs:PutLogEventsBatch\",\n\t\t\t\t\t\t\"logs:CreateLogStream\",\n\t\t\t\t\t},\n\t\t\t\t\tResources: []string{\n\t\t\t\t\t\t\"arn:aws:logs:*\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = cloudwatch.NewLogResourcePolicy(ctx, \"exampleLogResourcePolicy\", \u0026cloudwatch.LogResourcePolicyArgs{\n\t\t\tPolicyName: pulumi.String(\"example\"),\n\t\t\tPolicyDocument: *pulumi.String(examplePolicyDocument.Json),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = elasticsearch.NewDomain(ctx, \"exampleDomain\", \u0026elasticsearch.DomainArgs{\n\t\t\tLogPublishingOptions: elasticsearch.DomainLogPublishingOptionArray{\n\t\t\t\t\u0026elasticsearch.DomainLogPublishingOptionArgs{\n\t\t\t\t\tCloudwatchLogGroupArn: exampleLogGroup.Arn,\n\t\t\t\t\tLogType: pulumi.String(\"INDEX_SLOW_LOGS\"),\n\t\t\t\t},\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.aws.cloudwatch.LogGroup;\nimport com.pulumi.aws.iam.IamFunctions;\nimport com.pulumi.aws.iam.inputs.GetPolicyDocumentArgs;\nimport com.pulumi.aws.cloudwatch.LogResourcePolicy;\nimport com.pulumi.aws.cloudwatch.LogResourcePolicyArgs;\nimport com.pulumi.aws.elasticsearch.Domain;\nimport com.pulumi.aws.elasticsearch.DomainArgs;\nimport com.pulumi.aws.elasticsearch.inputs.DomainLogPublishingOptionArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var exampleLogGroup = new LogGroup(\"exampleLogGroup\");\n\n final var examplePolicyDocument = IamFunctions.getPolicyDocument(GetPolicyDocumentArgs.builder()\n .statements(GetPolicyDocumentStatementArgs.builder()\n .effect(\"Allow\")\n .principals(GetPolicyDocumentStatementPrincipalArgs.builder()\n .type(\"Service\")\n .identifiers(\"es.amazonaws.com\")\n .build())\n .actions( \n \"logs:PutLogEvents\",\n \"logs:PutLogEventsBatch\",\n \"logs:CreateLogStream\")\n .resources(\"arn:aws:logs:*\")\n .build())\n .build());\n\n var exampleLogResourcePolicy = new LogResourcePolicy(\"exampleLogResourcePolicy\", LogResourcePolicyArgs.builder() \n .policyName(\"example\")\n .policyDocument(examplePolicyDocument.applyValue(getPolicyDocumentResult -\u003e getPolicyDocumentResult.json()))\n .build());\n\n var exampleDomain = new Domain(\"exampleDomain\", DomainArgs.builder() \n .logPublishingOptions(DomainLogPublishingOptionArgs.builder()\n .cloudwatchLogGroupArn(exampleLogGroup.arn())\n .logType(\"INDEX_SLOW_LOGS\")\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n exampleLogGroup:\n type: aws:cloudwatch:LogGroup\n exampleLogResourcePolicy:\n type: aws:cloudwatch:LogResourcePolicy\n properties:\n policyName: example\n policyDocument: ${examplePolicyDocument.json}\n exampleDomain:\n type: aws:elasticsearch:Domain\n properties:\n logPublishingOptions:\n - cloudwatchLogGroupArn: ${exampleLogGroup.arn}\n logType: INDEX_SLOW_LOGS\nvariables:\n examplePolicyDocument:\n fn::invoke:\n Function: aws:iam:getPolicyDocument\n Arguments:\n statements:\n - effect: Allow\n principals:\n - type: Service\n identifiers:\n - es.amazonaws.com\n actions:\n - logs:PutLogEvents\n - logs:PutLogEventsBatch\n - logs:CreateLogStream\n resources:\n - arn:aws:logs:*\n```\n{{% /example %}}\n{{% example %}}\n### VPC based ES\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst config = new pulumi.Config();\nconst vpc = config.requireObject(\"vpc\");\nconst domain = config.get(\"domain\") || \"tf-test\";\nconst selectedVpc = aws.ec2.getVpc({\n tags: {\n Name: vpc,\n },\n});\nconst selectedSubnets = selectedVpc.then(selectedVpc =\u003e aws.ec2.getSubnets({\n filters: [{\n name: \"vpc-id\",\n values: [selectedVpc.id],\n }],\n tags: {\n Tier: \"private\",\n },\n}));\nconst currentRegion = aws.getRegion({});\nconst currentCallerIdentity = aws.getCallerIdentity({});\nconst esSecurityGroup = new aws.ec2.SecurityGroup(\"esSecurityGroup\", {\n description: \"Managed by Pulumi\",\n vpcId: selectedVpc.then(selectedVpc =\u003e selectedVpc.id),\n ingress: [{\n fromPort: 443,\n toPort: 443,\n protocol: \"tcp\",\n cidrBlocks: [selectedVpc.then(selectedVpc =\u003e selectedVpc.cidrBlock)],\n }],\n});\nconst esServiceLinkedRole = new aws.iam.ServiceLinkedRole(\"esServiceLinkedRole\", {awsServiceName: \"opensearchservice.amazonaws.com\"});\nconst esDomain = new aws.elasticsearch.Domain(\"esDomain\", {\n elasticsearchVersion: \"6.3\",\n clusterConfig: {\n instanceType: \"m4.large.elasticsearch\",\n zoneAwarenessEnabled: true,\n },\n vpcOptions: {\n subnetIds: [\n selectedSubnets.then(selectedSubnets =\u003e selectedSubnets.ids?.[0]),\n selectedSubnets.then(selectedSubnets =\u003e selectedSubnets.ids?.[1]),\n ],\n securityGroupIds: [esSecurityGroup.id],\n },\n advancedOptions: {\n \"rest.action.multi.allow_explicit_index\": \"true\",\n },\n accessPolicies: Promise.all([currentRegion, currentCallerIdentity]).then(([currentRegion, currentCallerIdentity]) =\u003e `{\n\t\"Version\": \"2012-10-17\",\n\t\"Statement\": [\n\t\t{\n\t\t\t\"Action\": \"es:*\",\n\t\t\t\"Principal\": \"*\",\n\t\t\t\"Effect\": \"Allow\",\n\t\t\t\"Resource\": \"arn:aws:es:${currentRegion.name}:${currentCallerIdentity.accountId}:domain/${domain}/*\"\n\t\t}\n\t]\n}\n`),\n tags: {\n Domain: \"TestDomain\",\n },\n}, {\n dependsOn: [esServiceLinkedRole],\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nconfig = pulumi.Config()\nvpc = config.require_object(\"vpc\")\ndomain = config.get(\"domain\")\nif domain is None:\n domain = \"tf-test\"\nselected_vpc = aws.ec2.get_vpc(tags={\n \"Name\": vpc,\n})\nselected_subnets = aws.ec2.get_subnets(filters=[aws.ec2.GetSubnetsFilterArgs(\n name=\"vpc-id\",\n values=[selected_vpc.id],\n )],\n tags={\n \"Tier\": \"private\",\n })\ncurrent_region = aws.get_region()\ncurrent_caller_identity = aws.get_caller_identity()\nes_security_group = aws.ec2.SecurityGroup(\"esSecurityGroup\",\n description=\"Managed by Pulumi\",\n vpc_id=selected_vpc.id,\n ingress=[aws.ec2.SecurityGroupIngressArgs(\n from_port=443,\n to_port=443,\n protocol=\"tcp\",\n cidr_blocks=[selected_vpc.cidr_block],\n )])\nes_service_linked_role = aws.iam.ServiceLinkedRole(\"esServiceLinkedRole\", aws_service_name=\"opensearchservice.amazonaws.com\")\nes_domain = aws.elasticsearch.Domain(\"esDomain\",\n elasticsearch_version=\"6.3\",\n cluster_config=aws.elasticsearch.DomainClusterConfigArgs(\n instance_type=\"m4.large.elasticsearch\",\n zone_awareness_enabled=True,\n ),\n vpc_options=aws.elasticsearch.DomainVpcOptionsArgs(\n subnet_ids=[\n selected_subnets.ids[0],\n selected_subnets.ids[1],\n ],\n security_group_ids=[es_security_group.id],\n ),\n advanced_options={\n \"rest.action.multi.allow_explicit_index\": \"true\",\n },\n access_policies=f\"\"\"{{\n\t\"Version\": \"2012-10-17\",\n\t\"Statement\": [\n\t\t{{\n\t\t\t\"Action\": \"es:*\",\n\t\t\t\"Principal\": \"*\",\n\t\t\t\"Effect\": \"Allow\",\n\t\t\t\"Resource\": \"arn:aws:es:{current_region.name}:{current_caller_identity.account_id}:domain/{domain}/*\"\n\t\t}}\n\t]\n}}\n\"\"\",\n tags={\n \"Domain\": \"TestDomain\",\n },\n opts=pulumi.ResourceOptions(depends_on=[es_service_linked_role]))\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var config = new Config();\n var vpc = config.RequireObject\u003cdynamic\u003e(\"vpc\");\n var domain = config.Get(\"domain\") ?? \"tf-test\";\n var selectedVpc = Aws.Ec2.GetVpc.Invoke(new()\n {\n Tags = \n {\n { \"Name\", vpc },\n },\n });\n\n var selectedSubnets = Aws.Ec2.GetSubnets.Invoke(new()\n {\n Filters = new[]\n {\n new Aws.Ec2.Inputs.GetSubnetsFilterInputArgs\n {\n Name = \"vpc-id\",\n Values = new[]\n {\n selectedVpc.Apply(getVpcResult =\u003e getVpcResult.Id),\n },\n },\n },\n Tags = \n {\n { \"Tier\", \"private\" },\n },\n });\n\n var currentRegion = Aws.GetRegion.Invoke();\n\n var currentCallerIdentity = Aws.GetCallerIdentity.Invoke();\n\n var esSecurityGroup = new Aws.Ec2.SecurityGroup(\"esSecurityGroup\", new()\n {\n Description = \"Managed by Pulumi\",\n VpcId = selectedVpc.Apply(getVpcResult =\u003e getVpcResult.Id),\n Ingress = new[]\n {\n new Aws.Ec2.Inputs.SecurityGroupIngressArgs\n {\n FromPort = 443,\n ToPort = 443,\n Protocol = \"tcp\",\n CidrBlocks = new[]\n {\n selectedVpc.Apply(getVpcResult =\u003e getVpcResult.CidrBlock),\n },\n },\n },\n });\n\n var esServiceLinkedRole = new Aws.Iam.ServiceLinkedRole(\"esServiceLinkedRole\", new()\n {\n AwsServiceName = \"opensearchservice.amazonaws.com\",\n });\n\n var esDomain = new Aws.ElasticSearch.Domain(\"esDomain\", new()\n {\n ElasticsearchVersion = \"6.3\",\n ClusterConfig = new Aws.ElasticSearch.Inputs.DomainClusterConfigArgs\n {\n InstanceType = \"m4.large.elasticsearch\",\n ZoneAwarenessEnabled = true,\n },\n VpcOptions = new Aws.ElasticSearch.Inputs.DomainVpcOptionsArgs\n {\n SubnetIds = new[]\n {\n selectedSubnets.Apply(getSubnetsResult =\u003e getSubnetsResult.Ids[0]),\n selectedSubnets.Apply(getSubnetsResult =\u003e getSubnetsResult.Ids[1]),\n },\n SecurityGroupIds = new[]\n {\n esSecurityGroup.Id,\n },\n },\n AdvancedOptions = \n {\n { \"rest.action.multi.allow_explicit_index\", \"true\" },\n },\n AccessPolicies = Output.Tuple(currentRegion, currentCallerIdentity).Apply(values =\u003e\n {\n var currentRegion = values.Item1;\n var currentCallerIdentity = values.Item2;\n return @$\"{{\n\t\"\"Version\"\": \"\"2012-10-17\"\",\n\t\"\"Statement\"\": [\n\t\t{{\n\t\t\t\"\"Action\"\": \"\"es:*\"\",\n\t\t\t\"\"Principal\"\": \"\"*\"\",\n\t\t\t\"\"Effect\"\": \"\"Allow\"\",\n\t\t\t\"\"Resource\"\": \"\"arn:aws:es:{currentRegion.Apply(getRegionResult =\u003e getRegionResult.Name)}:{currentCallerIdentity.Apply(getCallerIdentityResult =\u003e getCallerIdentityResult.AccountId)}:domain/{domain}/*\"\"\n\t\t}}\n\t]\n}}\n\";\n }),\n Tags = \n {\n { \"Domain\", \"TestDomain\" },\n },\n }, new CustomResourceOptions\n {\n DependsOn = new[]\n {\n esServiceLinkedRole,\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"fmt\"\n\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws\"\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/ec2\"\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/elasticsearch\"\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/iam\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi/config\"\n)\nfunc main() {\npulumi.Run(func(ctx *pulumi.Context) error {\ncfg := config.New(ctx, \"\")\nvpc := cfg.RequireObject(\"vpc\")\ndomain := \"tf-test\";\nif param := cfg.Get(\"domain\"); param != \"\"{\ndomain = param\n}\nselectedVpc, err := ec2.LookupVpc(ctx, \u0026ec2.LookupVpcArgs{\nTags: interface{}{\nName: vpc,\n},\n}, nil);\nif err != nil {\nreturn err\n}\nselectedSubnets, err := ec2.GetSubnets(ctx, \u0026ec2.GetSubnetsArgs{\nFilters: []ec2.GetSubnetsFilter{\n{\nName: \"vpc-id\",\nValues: interface{}{\nselectedVpc.Id,\n},\n},\n},\nTags: map[string]interface{}{\n\"Tier\": \"private\",\n},\n}, nil);\nif err != nil {\nreturn err\n}\ncurrentRegion, err := aws.GetRegion(ctx, nil, nil);\nif err != nil {\nreturn err\n}\ncurrentCallerIdentity, err := aws.GetCallerIdentity(ctx, nil, nil);\nif err != nil {\nreturn err\n}\nesSecurityGroup, err := ec2.NewSecurityGroup(ctx, \"esSecurityGroup\", \u0026ec2.SecurityGroupArgs{\nDescription: pulumi.String(\"Managed by Pulumi\"),\nVpcId: *pulumi.String(selectedVpc.Id),\nIngress: ec2.SecurityGroupIngressArray{\n\u0026ec2.SecurityGroupIngressArgs{\nFromPort: pulumi.Int(443),\nToPort: pulumi.Int(443),\nProtocol: pulumi.String(\"tcp\"),\nCidrBlocks: pulumi.StringArray{\n*pulumi.String(selectedVpc.CidrBlock),\n},\n},\n},\n})\nif err != nil {\nreturn err\n}\nesServiceLinkedRole, err := iam.NewServiceLinkedRole(ctx, \"esServiceLinkedRole\", \u0026iam.ServiceLinkedRoleArgs{\nAwsServiceName: pulumi.String(\"opensearchservice.amazonaws.com\"),\n})\nif err != nil {\nreturn err\n}\n_, err = elasticsearch.NewDomain(ctx, \"esDomain\", \u0026elasticsearch.DomainArgs{\nElasticsearchVersion: pulumi.String(\"6.3\"),\nClusterConfig: \u0026elasticsearch.DomainClusterConfigArgs{\nInstanceType: pulumi.String(\"m4.large.elasticsearch\"),\nZoneAwarenessEnabled: pulumi.Bool(true),\n},\nVpcOptions: \u0026elasticsearch.DomainVpcOptionsArgs{\nSubnetIds: pulumi.StringArray{\n*pulumi.String(selectedSubnets.Ids[0]),\n*pulumi.String(selectedSubnets.Ids[1]),\n},\nSecurityGroupIds: pulumi.StringArray{\nesSecurityGroup.ID(),\n},\n},\nAdvancedOptions: pulumi.StringMap{\n\"rest.action.multi.allow_explicit_index\": pulumi.String(\"true\"),\n},\nAccessPolicies: pulumi.Any(fmt.Sprintf(`{\n\t\"Version\": \"2012-10-17\",\n\t\"Statement\": [\n\t\t{\n\t\t\t\"Action\": \"es:*\",\n\t\t\t\"Principal\": \"*\",\n\t\t\t\"Effect\": \"Allow\",\n\t\t\t\"Resource\": \"arn:aws:es:%v:%v:domain/%v/*\"\n\t\t}\n\t]\n}\n`, currentRegion.Name, currentCallerIdentity.AccountId, domain)),\nTags: pulumi.StringMap{\n\"Domain\": pulumi.String(\"TestDomain\"),\n},\n}, pulumi.DependsOn([]pulumi.Resource{\nesServiceLinkedRole,\n}))\nif err != nil {\nreturn err\n}\nreturn nil\n})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.aws.ec2.Ec2Functions;\nimport com.pulumi.aws.ec2.inputs.GetVpcArgs;\nimport com.pulumi.aws.ec2.inputs.GetSubnetsArgs;\nimport com.pulumi.aws.AwsFunctions;\nimport com.pulumi.aws.inputs.GetRegionArgs;\nimport com.pulumi.aws.inputs.GetCallerIdentityArgs;\nimport com.pulumi.aws.ec2.SecurityGroup;\nimport com.pulumi.aws.ec2.SecurityGroupArgs;\nimport com.pulumi.aws.ec2.inputs.SecurityGroupIngressArgs;\nimport com.pulumi.aws.iam.ServiceLinkedRole;\nimport com.pulumi.aws.iam.ServiceLinkedRoleArgs;\nimport com.pulumi.aws.elasticsearch.Domain;\nimport com.pulumi.aws.elasticsearch.DomainArgs;\nimport com.pulumi.aws.elasticsearch.inputs.DomainClusterConfigArgs;\nimport com.pulumi.aws.elasticsearch.inputs.DomainVpcOptionsArgs;\nimport com.pulumi.resources.CustomResourceOptions;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var config = ctx.config();\n final var vpc = config.get(\"vpc\");\n final var domain = config.get(\"domain\").orElse(\"tf-test\");\n final var selectedVpc = Ec2Functions.getVpc(GetVpcArgs.builder()\n .tags(Map.of(\"Name\", vpc))\n .build());\n\n final var selectedSubnets = Ec2Functions.getSubnets(GetSubnetsArgs.builder()\n .filters(GetSubnetsFilterArgs.builder()\n .name(\"vpc-id\")\n .values(selectedVpc.applyValue(getVpcResult -\u003e getVpcResult.id()))\n .build())\n .tags(Map.of(\"Tier\", \"private\"))\n .build());\n\n final var currentRegion = AwsFunctions.getRegion();\n\n final var currentCallerIdentity = AwsFunctions.getCallerIdentity();\n\n var esSecurityGroup = new SecurityGroup(\"esSecurityGroup\", SecurityGroupArgs.builder() \n .description(\"Managed by Pulumi\")\n .vpcId(selectedVpc.applyValue(getVpcResult -\u003e getVpcResult.id()))\n .ingress(SecurityGroupIngressArgs.builder()\n .fromPort(443)\n .toPort(443)\n .protocol(\"tcp\")\n .cidrBlocks(selectedVpc.applyValue(getVpcResult -\u003e getVpcResult.cidrBlock()))\n .build())\n .build());\n\n var esServiceLinkedRole = new ServiceLinkedRole(\"esServiceLinkedRole\", ServiceLinkedRoleArgs.builder() \n .awsServiceName(\"opensearchservice.amazonaws.com\")\n .build());\n\n var esDomain = new Domain(\"esDomain\", DomainArgs.builder() \n .elasticsearchVersion(\"6.3\")\n .clusterConfig(DomainClusterConfigArgs.builder()\n .instanceType(\"m4.large.elasticsearch\")\n .zoneAwarenessEnabled(true)\n .build())\n .vpcOptions(DomainVpcOptionsArgs.builder()\n .subnetIds( \n selectedSubnets.applyValue(getSubnetsResult -\u003e getSubnetsResult.ids()[0]),\n selectedSubnets.applyValue(getSubnetsResult -\u003e getSubnetsResult.ids()[1]))\n .securityGroupIds(esSecurityGroup.id())\n .build())\n .advancedOptions(Map.of(\"rest.action.multi.allow_explicit_index\", \"true\"))\n .accessPolicies(\"\"\"\n{\n\t\"Version\": \"2012-10-17\",\n\t\"Statement\": [\n\t\t{\n\t\t\t\"Action\": \"es:*\",\n\t\t\t\"Principal\": \"*\",\n\t\t\t\"Effect\": \"Allow\",\n\t\t\t\"Resource\": \"arn:aws:es:%s:%s:domain/%s/*\"\n\t\t}\n\t]\n}\n\", currentRegion.applyValue(getRegionResult -\u003e getRegionResult.name()),currentCallerIdentity.applyValue(getCallerIdentityResult -\u003e getCallerIdentityResult.accountId()),domain))\n .tags(Map.of(\"Domain\", \"TestDomain\"))\n .build(), CustomResourceOptions.builder()\n .dependsOn(esServiceLinkedRole)\n .build());\n\n }\n}\n```\n```yaml\nconfiguration:\n vpc:\n type: dynamic\n domain:\n type: string\n default: tf-test\nresources:\n esSecurityGroup:\n type: aws:ec2:SecurityGroup\n properties:\n description: Managed by Pulumi\n vpcId: ${selectedVpc.id}\n ingress:\n - fromPort: 443\n toPort: 443\n protocol: tcp\n cidrBlocks:\n - ${selectedVpc.cidrBlock}\n esServiceLinkedRole:\n type: aws:iam:ServiceLinkedRole\n properties:\n awsServiceName: opensearchservice.amazonaws.com\n esDomain:\n type: aws:elasticsearch:Domain\n properties:\n elasticsearchVersion: '6.3'\n clusterConfig:\n instanceType: m4.large.elasticsearch\n zoneAwarenessEnabled: true\n vpcOptions:\n subnetIds:\n - ${selectedSubnets.ids[0]}\n - ${selectedSubnets.ids[1]}\n securityGroupIds:\n - ${esSecurityGroup.id}\n advancedOptions:\n rest.action.multi.allow_explicit_index: 'true'\n accessPolicies: |\n {\n \t\"Version\": \"2012-10-17\",\n \t\"Statement\": [\n \t\t{\n \t\t\t\"Action\": \"es:*\",\n \t\t\t\"Principal\": \"*\",\n \t\t\t\"Effect\": \"Allow\",\n \t\t\t\"Resource\": \"arn:aws:es:${currentRegion.name}:${currentCallerIdentity.accountId}:domain/${domain}/*\"\n \t\t}\n \t]\n }\n tags:\n Domain: TestDomain\n options:\n dependson:\n - ${esServiceLinkedRole}\nvariables:\n selectedVpc:\n fn::invoke:\n Function: aws:ec2:getVpc\n Arguments:\n tags:\n Name: ${vpc}\n selectedSubnets:\n fn::invoke:\n Function: aws:ec2:getSubnets\n Arguments:\n filters:\n - name: vpc-id\n values:\n - ${selectedVpc.id}\n tags:\n Tier: private\n currentRegion:\n fn::invoke:\n Function: aws:getRegion\n Arguments: {}\n currentCallerIdentity:\n fn::invoke:\n Function: aws:getCallerIdentity\n Arguments: {}\n```\n{{% /example %}}\n{{% /examples %}}\n\n## Import\n\nterraform import {\n\n to = aws_elasticsearch_domain.example\n\n id = \"domain_name\" } Using `pulumi import`, import Elasticsearch domains using the `domain_name`. For exampleconsole % pulumi import aws_elasticsearch_domain.example domain_name ", "properties": { "accessPolicies": { "type": "string", @@ -221122,7 +221119,7 @@ } }, "aws:iot/topicRule:TopicRule": { - "description": "{{% examples %}}\n## Example Usage\n{{% example %}}\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst mytopic = new aws.sns.Topic(\"mytopic\", {});\nconst myerrortopic = new aws.sns.Topic(\"myerrortopic\", {});\nconst assumeRole = aws.iam.getPolicyDocument({\n statements: [{\n effect: \"Allow\",\n principals: [{\n type: \"Service\",\n identifiers: [\"iot.amazonaws.com\"],\n }],\n actions: [\"sts:AssumeRole\"],\n }],\n});\nconst role = new aws.iam.Role(\"role\", {assumeRolePolicy: assumeRole.then(assumeRole =\u003e assumeRole.json)});\nconst rule = new aws.iot.TopicRule(\"rule\", {\n description: \"Example rule\",\n enabled: true,\n sql: \"SELECT * FROM 'topic/test'\",\n sqlVersion: \"2016-03-23\",\n sns: [{\n messageFormat: \"RAW\",\n roleArn: role.arn,\n targetArn: mytopic.arn,\n }],\n errorAction: {\n sns: {\n messageFormat: \"RAW\",\n roleArn: role.arn,\n targetArn: myerrortopic.arn,\n },\n },\n});\nconst iamPolicyForLambdaPolicyDocument = mytopic.arn.apply(arn =\u003e aws.iam.getPolicyDocumentOutput({\n statements: [{\n effect: \"Allow\",\n actions: [\"sns:Publish\"],\n resources: [arn],\n }],\n}));\nconst iamPolicyForLambdaRolePolicy = new aws.iam.RolePolicy(\"iamPolicyForLambdaRolePolicy\", {\n role: role.id,\n policy: iamPolicyForLambdaPolicyDocument.apply(iamPolicyForLambdaPolicyDocument =\u003e iamPolicyForLambdaPolicyDocument.json),\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nmytopic = aws.sns.Topic(\"mytopic\")\nmyerrortopic = aws.sns.Topic(\"myerrortopic\")\nassume_role = aws.iam.get_policy_document(statements=[aws.iam.GetPolicyDocumentStatementArgs(\n effect=\"Allow\",\n principals=[aws.iam.GetPolicyDocumentStatementPrincipalArgs(\n type=\"Service\",\n identifiers=[\"iot.amazonaws.com\"],\n )],\n actions=[\"sts:AssumeRole\"],\n)])\nrole = aws.iam.Role(\"role\", assume_role_policy=assume_role.json)\nrule = aws.iot.TopicRule(\"rule\",\n description=\"Example rule\",\n enabled=True,\n sql=\"SELECT * FROM 'topic/test'\",\n sql_version=\"2016-03-23\",\n sns=[aws.iot.TopicRuleSnsArgs(\n message_format=\"RAW\",\n role_arn=role.arn,\n target_arn=mytopic.arn,\n )],\n error_action=aws.iot.TopicRuleErrorActionArgs(\n sns=aws.iot.TopicRuleErrorActionSnsArgs(\n message_format=\"RAW\",\n role_arn=role.arn,\n target_arn=myerrortopic.arn,\n ),\n ))\niam_policy_for_lambda_policy_document = mytopic.arn.apply(lambda arn: aws.iam.get_policy_document_output(statements=[aws.iam.GetPolicyDocumentStatementArgs(\n effect=\"Allow\",\n actions=[\"sns:Publish\"],\n resources=[arn],\n)]))\niam_policy_for_lambda_role_policy = aws.iam.RolePolicy(\"iamPolicyForLambdaRolePolicy\",\n role=role.id,\n policy=iam_policy_for_lambda_policy_document.json)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var mytopic = new Aws.Sns.Topic(\"mytopic\");\n\n var myerrortopic = new Aws.Sns.Topic(\"myerrortopic\");\n\n var assumeRole = Aws.Iam.GetPolicyDocument.Invoke(new()\n {\n Statements = new[]\n {\n new Aws.Iam.Inputs.GetPolicyDocumentStatementInputArgs\n {\n Effect = \"Allow\",\n Principals = new[]\n {\n new Aws.Iam.Inputs.GetPolicyDocumentStatementPrincipalInputArgs\n {\n Type = \"Service\",\n Identifiers = new[]\n {\n \"iot.amazonaws.com\",\n },\n },\n },\n Actions = new[]\n {\n \"sts:AssumeRole\",\n },\n },\n },\n });\n\n var role = new Aws.Iam.Role(\"role\", new()\n {\n AssumeRolePolicy = assumeRole.Apply(getPolicyDocumentResult =\u003e getPolicyDocumentResult.Json),\n });\n\n var rule = new Aws.Iot.TopicRule(\"rule\", new()\n {\n Description = \"Example rule\",\n Enabled = true,\n Sql = \"SELECT * FROM 'topic/test'\",\n SqlVersion = \"2016-03-23\",\n Sns = new[]\n {\n new Aws.Iot.Inputs.TopicRuleSnsArgs\n {\n MessageFormat = \"RAW\",\n RoleArn = role.Arn,\n TargetArn = mytopic.Arn,\n },\n },\n ErrorAction = new Aws.Iot.Inputs.TopicRuleErrorActionArgs\n {\n Sns = new Aws.Iot.Inputs.TopicRuleErrorActionSnsArgs\n {\n MessageFormat = \"RAW\",\n RoleArn = role.Arn,\n TargetArn = myerrortopic.Arn,\n },\n },\n });\n\n var iamPolicyForLambdaPolicyDocument = Aws.Iam.GetPolicyDocument.Invoke(new()\n {\n Statements = new[]\n {\n new Aws.Iam.Inputs.GetPolicyDocumentStatementInputArgs\n {\n Effect = \"Allow\",\n Actions = new[]\n {\n \"sns:Publish\",\n },\n Resources = new[]\n {\n mytopic.Arn,\n },\n },\n },\n });\n\n var iamPolicyForLambdaRolePolicy = new Aws.Iam.RolePolicy(\"iamPolicyForLambdaRolePolicy\", new()\n {\n Role = role.Id,\n Policy = iamPolicyForLambdaPolicyDocument.Apply(getPolicyDocumentResult =\u003e getPolicyDocumentResult.Json),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\n\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/iam\"\n\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/iot\"\n\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/sns\"\n)\nfunc main() {\npulumi.Run(func(ctx *pulumi.Context) error {\nmytopic, err := sns.NewTopic(ctx, \"mytopic\", nil)\nif err != nil {\nreturn err\n}\nmyerrortopic, err := sns.NewTopic(ctx, \"myerrortopic\", nil)\nif err != nil {\nreturn err\n}\nassumeRole, err := iam.GetPolicyDocument(ctx, \u0026iam.GetPolicyDocumentArgs{\nStatements: []iam.GetPolicyDocumentStatement{\n{\nEffect: pulumi.StringRef(\"Allow\"),\nPrincipals: []iam.GetPolicyDocumentStatementPrincipal{\n{\nType: \"Service\",\nIdentifiers: []string{\n\"iot.amazonaws.com\",\n},\n},\n},\nActions: []string{\n\"sts:AssumeRole\",\n},\n},\n},\n}, nil);\nif err != nil {\nreturn err\n}\nrole, err := iam.NewRole(ctx, \"role\", \u0026iam.RoleArgs{\nAssumeRolePolicy: *pulumi.String(assumeRole.Json),\n})\nif err != nil {\nreturn err\n}\n_, err = iot.NewTopicRule(ctx, \"rule\", \u0026iot.TopicRuleArgs{\nDescription: pulumi.String(\"Example rule\"),\nEnabled: pulumi.Bool(true),\nSql: pulumi.String(\"SELECT * FROM 'topic/test'\"),\nSqlVersion: pulumi.String(\"2016-03-23\"),\nSns: iot.TopicRuleSnsArray{\n\u0026iot.TopicRuleSnsArgs{\nMessageFormat: pulumi.String(\"RAW\"),\nRoleArn: role.Arn,\nTargetArn: mytopic.Arn,\n},\n},\nErrorAction: \u0026iot.TopicRuleErrorActionArgs{\nSns: \u0026iot.TopicRuleErrorActionSnsArgs{\nMessageFormat: pulumi.String(\"RAW\"),\nRoleArn: role.Arn,\nTargetArn: myerrortopic.Arn,\n},\n},\n})\nif err != nil {\nreturn err\n}\niamPolicyForLambdaPolicyDocument := mytopic.Arn.ApplyT(func(arn string) (iam.GetPolicyDocumentResult, error) {\nreturn iam.GetPolicyDocumentOutput(ctx, iam.GetPolicyDocumentOutputArgs{\nStatements: []iam.GetPolicyDocumentStatement{\n{\nEffect: \"Allow\",\nActions: []string{\n\"sns:Publish\",\n},\nResources: interface{}{\narn,\n},\n},\n},\n}, nil), nil\n}).(iam.GetPolicyDocumentResultOutput)\n_, err = iam.NewRolePolicy(ctx, \"iamPolicyForLambdaRolePolicy\", \u0026iam.RolePolicyArgs{\nRole: role.ID(),\nPolicy: iamPolicyForLambdaPolicyDocument.ApplyT(func(iamPolicyForLambdaPolicyDocument iam.GetPolicyDocumentResult) (*string, error) {\nreturn \u0026iamPolicyForLambdaPolicyDocument.Json, nil\n}).(pulumi.StringPtrOutput),\n})\nif err != nil {\nreturn err\n}\nreturn nil\n})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.aws.sns.Topic;\nimport com.pulumi.aws.iam.IamFunctions;\nimport com.pulumi.aws.iam.inputs.GetPolicyDocumentArgs;\nimport com.pulumi.aws.iam.Role;\nimport com.pulumi.aws.iam.RoleArgs;\nimport com.pulumi.aws.iot.TopicRule;\nimport com.pulumi.aws.iot.TopicRuleArgs;\nimport com.pulumi.aws.iot.inputs.TopicRuleSnsArgs;\nimport com.pulumi.aws.iot.inputs.TopicRuleErrorActionArgs;\nimport com.pulumi.aws.iot.inputs.TopicRuleErrorActionSnsArgs;\nimport com.pulumi.aws.iam.RolePolicy;\nimport com.pulumi.aws.iam.RolePolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var mytopic = new Topic(\"mytopic\");\n\n var myerrortopic = new Topic(\"myerrortopic\");\n\n final var assumeRole = IamFunctions.getPolicyDocument(GetPolicyDocumentArgs.builder()\n .statements(GetPolicyDocumentStatementArgs.builder()\n .effect(\"Allow\")\n .principals(GetPolicyDocumentStatementPrincipalArgs.builder()\n .type(\"Service\")\n .identifiers(\"iot.amazonaws.com\")\n .build())\n .actions(\"sts:AssumeRole\")\n .build())\n .build());\n\n var role = new Role(\"role\", RoleArgs.builder() \n .assumeRolePolicy(assumeRole.applyValue(getPolicyDocumentResult -\u003e getPolicyDocumentResult.json()))\n .build());\n\n var rule = new TopicRule(\"rule\", TopicRuleArgs.builder() \n .description(\"Example rule\")\n .enabled(true)\n .sql(\"SELECT * FROM 'topic/test'\")\n .sqlVersion(\"2016-03-23\")\n .sns(TopicRuleSnsArgs.builder()\n .messageFormat(\"RAW\")\n .roleArn(role.arn())\n .targetArn(mytopic.arn())\n .build())\n .errorAction(TopicRuleErrorActionArgs.builder()\n .sns(TopicRuleErrorActionSnsArgs.builder()\n .messageFormat(\"RAW\")\n .roleArn(role.arn())\n .targetArn(myerrortopic.arn())\n .build())\n .build())\n .build());\n\n final var iamPolicyForLambdaPolicyDocument = IamFunctions.getPolicyDocument(GetPolicyDocumentArgs.builder()\n .statements(GetPolicyDocumentStatementArgs.builder()\n .effect(\"Allow\")\n .actions(\"sns:Publish\")\n .resources(mytopic.arn())\n .build())\n .build());\n\n var iamPolicyForLambdaRolePolicy = new RolePolicy(\"iamPolicyForLambdaRolePolicy\", RolePolicyArgs.builder() \n .role(role.id())\n .policy(iamPolicyForLambdaPolicyDocument.applyValue(getPolicyDocumentResult -\u003e getPolicyDocumentResult).applyValue(iamPolicyForLambdaPolicyDocument -\u003e iamPolicyForLambdaPolicyDocument.applyValue(getPolicyDocumentResult -\u003e getPolicyDocumentResult.json())))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n rule:\n type: aws:iot:TopicRule\n properties:\n description: Example rule\n enabled: true\n sql: SELECT * FROM 'topic/test'\n sqlVersion: 2016-03-23\n sns:\n - messageFormat: RAW\n roleArn: ${role.arn}\n targetArn: ${mytopic.arn}\n errorAction:\n sns:\n messageFormat: RAW\n roleArn: ${role.arn}\n targetArn: ${myerrortopic.arn}\n mytopic:\n type: aws:sns:Topic\n myerrortopic:\n type: aws:sns:Topic\n role:\n type: aws:iam:Role\n properties:\n assumeRolePolicy: ${assumeRole.json}\n iamPolicyForLambdaRolePolicy:\n type: aws:iam:RolePolicy\n properties:\n role: ${role.id}\n policy: ${iamPolicyForLambdaPolicyDocument.json}\nvariables:\n assumeRole:\n fn::invoke:\n Function: aws:iam:getPolicyDocument\n Arguments:\n statements:\n - effect: Allow\n principals:\n - type: Service\n identifiers:\n - iot.amazonaws.com\n actions:\n - sts:AssumeRole\n iamPolicyForLambdaPolicyDocument:\n fn::invoke:\n Function: aws:iam:getPolicyDocument\n Arguments:\n statements:\n - effect: Allow\n actions:\n - sns:Publish\n resources:\n - ${mytopic.arn}\n```\n{{% /example %}}\n{{% /examples %}}\n\n## Import\n\nterraform import {\n\n to = aws_iot_topic_rule.rule\n\n id = \"\u003cname\u003e\" } Using `pulumi import`, import IoT Topic Rules using the `name`. For exampleconsole % pulumi import aws_iot_topic_rule.rule \u003cname\u003e ", + "description": "{{% examples %}}\n## Example Usage\n{{% example %}}\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst mytopic = new aws.sns.Topic(\"mytopic\", {});\nconst myerrortopic = new aws.sns.Topic(\"myerrortopic\", {});\nconst assumeRole = aws.iam.getPolicyDocument({\n statements: [{\n effect: \"Allow\",\n principals: [{\n type: \"Service\",\n identifiers: [\"iot.amazonaws.com\"],\n }],\n actions: [\"sts:AssumeRole\"],\n }],\n});\nconst role = new aws.iam.Role(\"role\", {assumeRolePolicy: assumeRole.then(assumeRole =\u003e assumeRole.json)});\nconst rule = new aws.iot.TopicRule(\"rule\", {\n description: \"Example rule\",\n enabled: true,\n sql: \"SELECT * FROM 'topic/test'\",\n sqlVersion: \"2016-03-23\",\n sns: [{\n messageFormat: \"RAW\",\n roleArn: role.arn,\n targetArn: mytopic.arn,\n }],\n errorAction: {\n sns: {\n messageFormat: \"RAW\",\n roleArn: role.arn,\n targetArn: myerrortopic.arn,\n },\n },\n});\nconst iamPolicyForLambdaPolicyDocument = mytopic.arn.apply(arn =\u003e aws.iam.getPolicyDocumentOutput({\n statements: [{\n effect: \"Allow\",\n actions: [\"sns:Publish\"],\n resources: [arn],\n }],\n}));\nconst iamPolicyForLambdaRolePolicy = new aws.iam.RolePolicy(\"iamPolicyForLambdaRolePolicy\", {\n role: role.id,\n policy: iamPolicyForLambdaPolicyDocument.apply(iamPolicyForLambdaPolicyDocument =\u003e iamPolicyForLambdaPolicyDocument.json),\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nmytopic = aws.sns.Topic(\"mytopic\")\nmyerrortopic = aws.sns.Topic(\"myerrortopic\")\nassume_role = aws.iam.get_policy_document(statements=[aws.iam.GetPolicyDocumentStatementArgs(\n effect=\"Allow\",\n principals=[aws.iam.GetPolicyDocumentStatementPrincipalArgs(\n type=\"Service\",\n identifiers=[\"iot.amazonaws.com\"],\n )],\n actions=[\"sts:AssumeRole\"],\n)])\nrole = aws.iam.Role(\"role\", assume_role_policy=assume_role.json)\nrule = aws.iot.TopicRule(\"rule\",\n description=\"Example rule\",\n enabled=True,\n sql=\"SELECT * FROM 'topic/test'\",\n sql_version=\"2016-03-23\",\n sns=[aws.iot.TopicRuleSnsArgs(\n message_format=\"RAW\",\n role_arn=role.arn,\n target_arn=mytopic.arn,\n )],\n error_action=aws.iot.TopicRuleErrorActionArgs(\n sns=aws.iot.TopicRuleErrorActionSnsArgs(\n message_format=\"RAW\",\n role_arn=role.arn,\n target_arn=myerrortopic.arn,\n ),\n ))\niam_policy_for_lambda_policy_document = mytopic.arn.apply(lambda arn: aws.iam.get_policy_document_output(statements=[aws.iam.GetPolicyDocumentStatementArgs(\n effect=\"Allow\",\n actions=[\"sns:Publish\"],\n resources=[arn],\n)]))\niam_policy_for_lambda_role_policy = aws.iam.RolePolicy(\"iamPolicyForLambdaRolePolicy\",\n role=role.id,\n policy=iam_policy_for_lambda_policy_document.json)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var mytopic = new Aws.Sns.Topic(\"mytopic\");\n\n var myerrortopic = new Aws.Sns.Topic(\"myerrortopic\");\n\n var assumeRole = Aws.Iam.GetPolicyDocument.Invoke(new()\n {\n Statements = new[]\n {\n new Aws.Iam.Inputs.GetPolicyDocumentStatementInputArgs\n {\n Effect = \"Allow\",\n Principals = new[]\n {\n new Aws.Iam.Inputs.GetPolicyDocumentStatementPrincipalInputArgs\n {\n Type = \"Service\",\n Identifiers = new[]\n {\n \"iot.amazonaws.com\",\n },\n },\n },\n Actions = new[]\n {\n \"sts:AssumeRole\",\n },\n },\n },\n });\n\n var role = new Aws.Iam.Role(\"role\", new()\n {\n AssumeRolePolicy = assumeRole.Apply(getPolicyDocumentResult =\u003e getPolicyDocumentResult.Json),\n });\n\n var rule = new Aws.Iot.TopicRule(\"rule\", new()\n {\n Description = \"Example rule\",\n Enabled = true,\n Sql = \"SELECT * FROM 'topic/test'\",\n SqlVersion = \"2016-03-23\",\n Sns = new[]\n {\n new Aws.Iot.Inputs.TopicRuleSnsArgs\n {\n MessageFormat = \"RAW\",\n RoleArn = role.Arn,\n TargetArn = mytopic.Arn,\n },\n },\n ErrorAction = new Aws.Iot.Inputs.TopicRuleErrorActionArgs\n {\n Sns = new Aws.Iot.Inputs.TopicRuleErrorActionSnsArgs\n {\n MessageFormat = \"RAW\",\n RoleArn = role.Arn,\n TargetArn = myerrortopic.Arn,\n },\n },\n });\n\n var iamPolicyForLambdaPolicyDocument = Aws.Iam.GetPolicyDocument.Invoke(new()\n {\n Statements = new[]\n {\n new Aws.Iam.Inputs.GetPolicyDocumentStatementInputArgs\n {\n Effect = \"Allow\",\n Actions = new[]\n {\n \"sns:Publish\",\n },\n Resources = new[]\n {\n mytopic.Arn,\n },\n },\n },\n });\n\n var iamPolicyForLambdaRolePolicy = new Aws.Iam.RolePolicy(\"iamPolicyForLambdaRolePolicy\", new()\n {\n Role = role.Id,\n Policy = iamPolicyForLambdaPolicyDocument.Apply(getPolicyDocumentResult =\u003e getPolicyDocumentResult.Json),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/iam\"\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/iot\"\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/sns\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\nfunc main() {\npulumi.Run(func(ctx *pulumi.Context) error {\nmytopic, err := sns.NewTopic(ctx, \"mytopic\", nil)\nif err != nil {\nreturn err\n}\nmyerrortopic, err := sns.NewTopic(ctx, \"myerrortopic\", nil)\nif err != nil {\nreturn err\n}\nassumeRole, err := iam.GetPolicyDocument(ctx, \u0026iam.GetPolicyDocumentArgs{\nStatements: []iam.GetPolicyDocumentStatement{\n{\nEffect: pulumi.StringRef(\"Allow\"),\nPrincipals: []iam.GetPolicyDocumentStatementPrincipal{\n{\nType: \"Service\",\nIdentifiers: []string{\n\"iot.amazonaws.com\",\n},\n},\n},\nActions: []string{\n\"sts:AssumeRole\",\n},\n},\n},\n}, nil);\nif err != nil {\nreturn err\n}\nrole, err := iam.NewRole(ctx, \"role\", \u0026iam.RoleArgs{\nAssumeRolePolicy: *pulumi.String(assumeRole.Json),\n})\nif err != nil {\nreturn err\n}\n_, err = iot.NewTopicRule(ctx, \"rule\", \u0026iot.TopicRuleArgs{\nDescription: pulumi.String(\"Example rule\"),\nEnabled: pulumi.Bool(true),\nSql: pulumi.String(\"SELECT * FROM 'topic/test'\"),\nSqlVersion: pulumi.String(\"2016-03-23\"),\nSns: iot.TopicRuleSnsArray{\n\u0026iot.TopicRuleSnsArgs{\nMessageFormat: pulumi.String(\"RAW\"),\nRoleArn: role.Arn,\nTargetArn: mytopic.Arn,\n},\n},\nErrorAction: \u0026iot.TopicRuleErrorActionArgs{\nSns: \u0026iot.TopicRuleErrorActionSnsArgs{\nMessageFormat: pulumi.String(\"RAW\"),\nRoleArn: role.Arn,\nTargetArn: myerrortopic.Arn,\n},\n},\n})\nif err != nil {\nreturn err\n}\niamPolicyForLambdaPolicyDocument := mytopic.Arn.ApplyT(func(arn string) (iam.GetPolicyDocumentResult, error) {\nreturn iam.GetPolicyDocumentOutput(ctx, iam.GetPolicyDocumentOutputArgs{\nStatements: []iam.GetPolicyDocumentStatement{\n{\nEffect: \"Allow\",\nActions: []string{\n\"sns:Publish\",\n},\nResources: interface{}{\narn,\n},\n},\n},\n}, nil), nil\n}).(iam.GetPolicyDocumentResultOutput)\n_, err = iam.NewRolePolicy(ctx, \"iamPolicyForLambdaRolePolicy\", \u0026iam.RolePolicyArgs{\nRole: role.ID(),\nPolicy: iamPolicyForLambdaPolicyDocument.ApplyT(func(iamPolicyForLambdaPolicyDocument iam.GetPolicyDocumentResult) (*string, error) {\nreturn \u0026iamPolicyForLambdaPolicyDocument.Json, nil\n}).(pulumi.StringPtrOutput),\n})\nif err != nil {\nreturn err\n}\nreturn nil\n})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.aws.sns.Topic;\nimport com.pulumi.aws.iam.IamFunctions;\nimport com.pulumi.aws.iam.inputs.GetPolicyDocumentArgs;\nimport com.pulumi.aws.iam.Role;\nimport com.pulumi.aws.iam.RoleArgs;\nimport com.pulumi.aws.iot.TopicRule;\nimport com.pulumi.aws.iot.TopicRuleArgs;\nimport com.pulumi.aws.iot.inputs.TopicRuleSnsArgs;\nimport com.pulumi.aws.iot.inputs.TopicRuleErrorActionArgs;\nimport com.pulumi.aws.iot.inputs.TopicRuleErrorActionSnsArgs;\nimport com.pulumi.aws.iam.RolePolicy;\nimport com.pulumi.aws.iam.RolePolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var mytopic = new Topic(\"mytopic\");\n\n var myerrortopic = new Topic(\"myerrortopic\");\n\n final var assumeRole = IamFunctions.getPolicyDocument(GetPolicyDocumentArgs.builder()\n .statements(GetPolicyDocumentStatementArgs.builder()\n .effect(\"Allow\")\n .principals(GetPolicyDocumentStatementPrincipalArgs.builder()\n .type(\"Service\")\n .identifiers(\"iot.amazonaws.com\")\n .build())\n .actions(\"sts:AssumeRole\")\n .build())\n .build());\n\n var role = new Role(\"role\", RoleArgs.builder() \n .assumeRolePolicy(assumeRole.applyValue(getPolicyDocumentResult -\u003e getPolicyDocumentResult.json()))\n .build());\n\n var rule = new TopicRule(\"rule\", TopicRuleArgs.builder() \n .description(\"Example rule\")\n .enabled(true)\n .sql(\"SELECT * FROM 'topic/test'\")\n .sqlVersion(\"2016-03-23\")\n .sns(TopicRuleSnsArgs.builder()\n .messageFormat(\"RAW\")\n .roleArn(role.arn())\n .targetArn(mytopic.arn())\n .build())\n .errorAction(TopicRuleErrorActionArgs.builder()\n .sns(TopicRuleErrorActionSnsArgs.builder()\n .messageFormat(\"RAW\")\n .roleArn(role.arn())\n .targetArn(myerrortopic.arn())\n .build())\n .build())\n .build());\n\n final var iamPolicyForLambdaPolicyDocument = IamFunctions.getPolicyDocument(GetPolicyDocumentArgs.builder()\n .statements(GetPolicyDocumentStatementArgs.builder()\n .effect(\"Allow\")\n .actions(\"sns:Publish\")\n .resources(mytopic.arn())\n .build())\n .build());\n\n var iamPolicyForLambdaRolePolicy = new RolePolicy(\"iamPolicyForLambdaRolePolicy\", RolePolicyArgs.builder() \n .role(role.id())\n .policy(iamPolicyForLambdaPolicyDocument.applyValue(getPolicyDocumentResult -\u003e getPolicyDocumentResult).applyValue(iamPolicyForLambdaPolicyDocument -\u003e iamPolicyForLambdaPolicyDocument.applyValue(getPolicyDocumentResult -\u003e getPolicyDocumentResult.json())))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n rule:\n type: aws:iot:TopicRule\n properties:\n description: Example rule\n enabled: true\n sql: SELECT * FROM 'topic/test'\n sqlVersion: 2016-03-23\n sns:\n - messageFormat: RAW\n roleArn: ${role.arn}\n targetArn: ${mytopic.arn}\n errorAction:\n sns:\n messageFormat: RAW\n roleArn: ${role.arn}\n targetArn: ${myerrortopic.arn}\n mytopic:\n type: aws:sns:Topic\n myerrortopic:\n type: aws:sns:Topic\n role:\n type: aws:iam:Role\n properties:\n assumeRolePolicy: ${assumeRole.json}\n iamPolicyForLambdaRolePolicy:\n type: aws:iam:RolePolicy\n properties:\n role: ${role.id}\n policy: ${iamPolicyForLambdaPolicyDocument.json}\nvariables:\n assumeRole:\n fn::invoke:\n Function: aws:iam:getPolicyDocument\n Arguments:\n statements:\n - effect: Allow\n principals:\n - type: Service\n identifiers:\n - iot.amazonaws.com\n actions:\n - sts:AssumeRole\n iamPolicyForLambdaPolicyDocument:\n fn::invoke:\n Function: aws:iam:getPolicyDocument\n Arguments:\n statements:\n - effect: Allow\n actions:\n - sns:Publish\n resources:\n - ${mytopic.arn}\n```\n{{% /example %}}\n{{% /examples %}}\n\n## Import\n\nterraform import {\n\n to = aws_iot_topic_rule.rule\n\n id = \"\u003cname\u003e\" } Using `pulumi import`, import IoT Topic Rules using the `name`. For exampleconsole % pulumi import aws_iot_topic_rule.rule \u003cname\u003e ", "properties": { "arn": { "type": "string", @@ -231508,7 +231505,7 @@ } }, "aws:lightsail/containerService:ContainerService": { - "description": "An Amazon Lightsail container service is a highly scalable compute and networking resource on which you can deploy, run,\nand manage containers. For more information, see\n[Container services in Amazon Lightsail](https://lightsail.aws.amazon.com/ls/docs/en_us/articles/amazon-lightsail-container-services).\n\n\u003e **Note:** For more information about the AWS Regions in which you can create Amazon Lightsail container services,\nsee [\"Regions and Availability Zones in Amazon Lightsail\"](https://lightsail.aws.amazon.com/ls/docs/overview/article/understanding-regions-and-availability-zones-in-amazon-lightsail).\n\n{{% examples %}}\n## Example Usage\n{{% example %}}\n### Basic Usage\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst myContainerService = new aws.lightsail.ContainerService(\"myContainerService\", {\n isDisabled: false,\n power: \"nano\",\n scale: 1,\n tags: {\n foo1: \"bar1\",\n foo2: \"\",\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nmy_container_service = aws.lightsail.ContainerService(\"myContainerService\",\n is_disabled=False,\n power=\"nano\",\n scale=1,\n tags={\n \"foo1\": \"bar1\",\n \"foo2\": \"\",\n })\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var myContainerService = new Aws.LightSail.ContainerService(\"myContainerService\", new()\n {\n IsDisabled = false,\n Power = \"nano\",\n Scale = 1,\n Tags = \n {\n { \"foo1\", \"bar1\" },\n { \"foo2\", \"\" },\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/lightsail\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := lightsail.NewContainerService(ctx, \"myContainerService\", \u0026lightsail.ContainerServiceArgs{\n\t\t\tIsDisabled: pulumi.Bool(false),\n\t\t\tPower: pulumi.String(\"nano\"),\n\t\t\tScale: pulumi.Int(1),\n\t\t\tTags: pulumi.StringMap{\n\t\t\t\t\"foo1\": pulumi.String(\"bar1\"),\n\t\t\t\t\"foo2\": pulumi.String(\"\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.aws.lightsail.ContainerService;\nimport com.pulumi.aws.lightsail.ContainerServiceArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var myContainerService = new ContainerService(\"myContainerService\", ContainerServiceArgs.builder() \n .isDisabled(false)\n .power(\"nano\")\n .scale(1)\n .tags(Map.ofEntries(\n Map.entry(\"foo1\", \"bar1\"),\n Map.entry(\"foo2\", \"\")\n ))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n myContainerService:\n type: aws:lightsail:ContainerService\n properties:\n isDisabled: false\n power: nano\n scale: 1\n tags:\n foo1: bar1\n foo2:\n```\n{{% /example %}}\n{{% example %}}\n### Public Domain Names\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst myContainerService = new aws.lightsail.ContainerService(\"myContainerService\", {publicDomainNames: {\n certificates: [{\n certificateName: \"example-certificate\",\n domainNames: [\"www.example.com\"],\n }],\n}});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nmy_container_service = aws.lightsail.ContainerService(\"myContainerService\", public_domain_names=aws.lightsail.ContainerServicePublicDomainNamesArgs(\n certificates=[aws.lightsail.ContainerServicePublicDomainNamesCertificateArgs(\n certificate_name=\"example-certificate\",\n domain_names=[\"www.example.com\"],\n )],\n))\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var myContainerService = new Aws.LightSail.ContainerService(\"myContainerService\", new()\n {\n PublicDomainNames = new Aws.LightSail.Inputs.ContainerServicePublicDomainNamesArgs\n {\n Certificates = new[]\n {\n new Aws.LightSail.Inputs.ContainerServicePublicDomainNamesCertificateArgs\n {\n CertificateName = \"example-certificate\",\n DomainNames = new[]\n {\n \"www.example.com\",\n },\n },\n },\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/lightsail\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := lightsail.NewContainerService(ctx, \"myContainerService\", \u0026lightsail.ContainerServiceArgs{\n\t\t\tPublicDomainNames: \u0026lightsail.ContainerServicePublicDomainNamesArgs{\n\t\t\t\tCertificates: lightsail.ContainerServicePublicDomainNamesCertificateArray{\n\t\t\t\t\t\u0026lightsail.ContainerServicePublicDomainNamesCertificateArgs{\n\t\t\t\t\t\tCertificateName: pulumi.String(\"example-certificate\"),\n\t\t\t\t\t\tDomainNames: pulumi.StringArray{\n\t\t\t\t\t\t\tpulumi.String(\"www.example.com\"),\n\t\t\t\t\t\t},\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.aws.lightsail.ContainerService;\nimport com.pulumi.aws.lightsail.ContainerServiceArgs;\nimport com.pulumi.aws.lightsail.inputs.ContainerServicePublicDomainNamesArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var myContainerService = new ContainerService(\"myContainerService\", ContainerServiceArgs.builder() \n .publicDomainNames(ContainerServicePublicDomainNamesArgs.builder()\n .certificates(ContainerServicePublicDomainNamesCertificateArgs.builder()\n .certificateName(\"example-certificate\")\n .domainNames(\"www.example.com\")\n .build())\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n myContainerService:\n type: aws:lightsail:ContainerService\n properties:\n publicDomainNames:\n certificates:\n - certificateName: example-certificate\n domainNames:\n - www.example.com\n```\n{{% /example %}}\n{{% example %}}\n### Private Registry Access\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\n// ... other configuration ...\nconst defaultContainerService = new aws.lightsail.ContainerService(\"defaultContainerService\", {privateRegistryAccess: {\n ecrImagePullerRole: {\n isActive: true,\n },\n}});\nconst defaultPolicyDocument = defaultContainerService.privateRegistryAccess.apply(privateRegistryAccess =\u003e aws.iam.getPolicyDocumentOutput({\n statements: [{\n effect: \"Allow\",\n principals: [{\n type: \"AWS\",\n identifiers: [privateRegistryAccess.ecrImagePullerRole?.principalArn],\n }],\n actions: [\n \"ecr:BatchGetImage\",\n \"ecr:GetDownloadUrlForLayer\",\n ],\n }],\n}));\nconst defaultRepositoryPolicy = new aws.ecr.RepositoryPolicy(\"defaultRepositoryPolicy\", {\n repository: aws_ecr_repository[\"default\"].name,\n policy: defaultPolicyDocument.apply(defaultPolicyDocument =\u003e defaultPolicyDocument.json),\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\n# ... other configuration ...\ndefault_container_service = aws.lightsail.ContainerService(\"defaultContainerService\", private_registry_access=aws.lightsail.ContainerServicePrivateRegistryAccessArgs(\n ecr_image_puller_role=aws.lightsail.ContainerServicePrivateRegistryAccessEcrImagePullerRoleArgs(\n is_active=True,\n ),\n))\ndefault_policy_document = default_container_service.private_registry_access.apply(lambda private_registry_access: aws.iam.get_policy_document_output(statements=[aws.iam.GetPolicyDocumentStatementArgs(\n effect=\"Allow\",\n principals=[aws.iam.GetPolicyDocumentStatementPrincipalArgs(\n type=\"AWS\",\n identifiers=[private_registry_access.ecr_image_puller_role.principal_arn],\n )],\n actions=[\n \"ecr:BatchGetImage\",\n \"ecr:GetDownloadUrlForLayer\",\n ],\n)]))\ndefault_repository_policy = aws.ecr.RepositoryPolicy(\"defaultRepositoryPolicy\",\n repository=aws_ecr_repository[\"default\"][\"name\"],\n policy=default_policy_document.json)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n // ... other configuration ...\n var defaultContainerService = new Aws.LightSail.ContainerService(\"defaultContainerService\", new()\n {\n PrivateRegistryAccess = new Aws.LightSail.Inputs.ContainerServicePrivateRegistryAccessArgs\n {\n EcrImagePullerRole = new Aws.LightSail.Inputs.ContainerServicePrivateRegistryAccessEcrImagePullerRoleArgs\n {\n IsActive = true,\n },\n },\n });\n\n var defaultPolicyDocument = Aws.Iam.GetPolicyDocument.Invoke(new()\n {\n Statements = new[]\n {\n new Aws.Iam.Inputs.GetPolicyDocumentStatementInputArgs\n {\n Effect = \"Allow\",\n Principals = new[]\n {\n new Aws.Iam.Inputs.GetPolicyDocumentStatementPrincipalInputArgs\n {\n Type = \"AWS\",\n Identifiers = new[]\n {\n defaultContainerService.PrivateRegistryAccess.EcrImagePullerRole?.PrincipalArn,\n },\n },\n },\n Actions = new[]\n {\n \"ecr:BatchGetImage\",\n \"ecr:GetDownloadUrlForLayer\",\n },\n },\n },\n });\n\n var defaultRepositoryPolicy = new Aws.Ecr.RepositoryPolicy(\"defaultRepositoryPolicy\", new()\n {\n Repository = aws_ecr_repository.Default.Name,\n Policy = defaultPolicyDocument.Apply(getPolicyDocumentResult =\u003e getPolicyDocumentResult.Json),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\n\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/ecr\"\n\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/iam\"\n\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/lightsail\"\n)\nfunc main() {\npulumi.Run(func(ctx *pulumi.Context) error {\ndefaultContainerService, err := lightsail.NewContainerService(ctx, \"defaultContainerService\", \u0026lightsail.ContainerServiceArgs{\nPrivateRegistryAccess: \u0026lightsail.ContainerServicePrivateRegistryAccessArgs{\nEcrImagePullerRole: \u0026lightsail.ContainerServicePrivateRegistryAccessEcrImagePullerRoleArgs{\nIsActive: pulumi.Bool(true),\n},\n},\n})\nif err != nil {\nreturn err\n}\ndefaultPolicyDocument := defaultContainerService.PrivateRegistryAccess.ApplyT(func(privateRegistryAccess lightsail.ContainerServicePrivateRegistryAccess) (iam.GetPolicyDocumentResult, error) {\nreturn iam.GetPolicyDocumentOutput(ctx, iam.GetPolicyDocumentOutputArgs{\nStatements: []iam.GetPolicyDocumentStatement{\n{\nEffect: \"Allow\",\nPrincipals: []iam.GetPolicyDocumentStatementPrincipal{\n{\nType: \"AWS\",\nIdentifiers: interface{}{\nprivateRegistryAccess.EcrImagePullerRole.PrincipalArn,\n},\n},\n},\nActions: []string{\n\"ecr:BatchGetImage\",\n\"ecr:GetDownloadUrlForLayer\",\n},\n},\n},\n}, nil), nil\n}).(iam.GetPolicyDocumentResultOutput)\n_, err = ecr.NewRepositoryPolicy(ctx, \"defaultRepositoryPolicy\", \u0026ecr.RepositoryPolicyArgs{\nRepository: pulumi.Any(aws_ecr_repository.Default.Name),\nPolicy: defaultPolicyDocument.ApplyT(func(defaultPolicyDocument iam.GetPolicyDocumentResult) (*string, error) {\nreturn \u0026defaultPolicyDocument.Json, nil\n}).(pulumi.StringPtrOutput),\n})\nif err != nil {\nreturn err\n}\nreturn nil\n})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.aws.lightsail.ContainerService;\nimport com.pulumi.aws.lightsail.ContainerServiceArgs;\nimport com.pulumi.aws.lightsail.inputs.ContainerServicePrivateRegistryAccessArgs;\nimport com.pulumi.aws.lightsail.inputs.ContainerServicePrivateRegistryAccessEcrImagePullerRoleArgs;\nimport com.pulumi.aws.iam.IamFunctions;\nimport com.pulumi.aws.iam.inputs.GetPolicyDocumentArgs;\nimport com.pulumi.aws.ecr.RepositoryPolicy;\nimport com.pulumi.aws.ecr.RepositoryPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var defaultContainerService = new ContainerService(\"defaultContainerService\", ContainerServiceArgs.builder() \n .privateRegistryAccess(ContainerServicePrivateRegistryAccessArgs.builder()\n .ecrImagePullerRole(ContainerServicePrivateRegistryAccessEcrImagePullerRoleArgs.builder()\n .isActive(true)\n .build())\n .build())\n .build());\n\n final var defaultPolicyDocument = IamFunctions.getPolicyDocument(GetPolicyDocumentArgs.builder()\n .statements(GetPolicyDocumentStatementArgs.builder()\n .effect(\"Allow\")\n .principals(GetPolicyDocumentStatementPrincipalArgs.builder()\n .type(\"AWS\")\n .identifiers(defaultContainerService.privateRegistryAccess().applyValue(privateRegistryAccess -\u003e privateRegistryAccess.ecrImagePullerRole().principalArn()))\n .build())\n .actions( \n \"ecr:BatchGetImage\",\n \"ecr:GetDownloadUrlForLayer\")\n .build())\n .build());\n\n var defaultRepositoryPolicy = new RepositoryPolicy(\"defaultRepositoryPolicy\", RepositoryPolicyArgs.builder() \n .repository(aws_ecr_repository.default().name())\n .policy(defaultPolicyDocument.applyValue(getPolicyDocumentResult -\u003e getPolicyDocumentResult).applyValue(defaultPolicyDocument -\u003e defaultPolicyDocument.applyValue(getPolicyDocumentResult -\u003e getPolicyDocumentResult.json())))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n defaultContainerService:\n type: aws:lightsail:ContainerService\n properties:\n privateRegistryAccess:\n ecrImagePullerRole:\n isActive: true\n defaultRepositoryPolicy:\n type: aws:ecr:RepositoryPolicy\n properties:\n repository: ${aws_ecr_repository.default.name}\n policy: ${defaultPolicyDocument.json}\nvariables:\n defaultPolicyDocument:\n fn::invoke:\n Function: aws:iam:getPolicyDocument\n Arguments:\n statements:\n - effect: Allow\n principals:\n - type: AWS\n identifiers:\n - ${defaultContainerService.privateRegistryAccess.ecrImagePullerRole.principalArn}\n actions:\n - ecr:BatchGetImage\n - ecr:GetDownloadUrlForLayer\n```\n{{% /example %}}\n{{% /examples %}}\n\n## Import\n\nterraform import {\n\n to = aws_lightsail_container_service.my_container_service\n\n id = \"container-service-1\" } Using `pulumi import`, import Lightsail Container Service using the `name`. For exampleconsole % pulumi import aws_lightsail_container_service.my_container_service container-service-1 ", + "description": "An Amazon Lightsail container service is a highly scalable compute and networking resource on which you can deploy, run,\nand manage containers. For more information, see\n[Container services in Amazon Lightsail](https://lightsail.aws.amazon.com/ls/docs/en_us/articles/amazon-lightsail-container-services).\n\n\u003e **Note:** For more information about the AWS Regions in which you can create Amazon Lightsail container services,\nsee [\"Regions and Availability Zones in Amazon Lightsail\"](https://lightsail.aws.amazon.com/ls/docs/overview/article/understanding-regions-and-availability-zones-in-amazon-lightsail).\n\n{{% examples %}}\n## Example Usage\n{{% example %}}\n### Basic Usage\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst myContainerService = new aws.lightsail.ContainerService(\"myContainerService\", {\n isDisabled: false,\n power: \"nano\",\n scale: 1,\n tags: {\n foo1: \"bar1\",\n foo2: \"\",\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nmy_container_service = aws.lightsail.ContainerService(\"myContainerService\",\n is_disabled=False,\n power=\"nano\",\n scale=1,\n tags={\n \"foo1\": \"bar1\",\n \"foo2\": \"\",\n })\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var myContainerService = new Aws.LightSail.ContainerService(\"myContainerService\", new()\n {\n IsDisabled = false,\n Power = \"nano\",\n Scale = 1,\n Tags = \n {\n { \"foo1\", \"bar1\" },\n { \"foo2\", \"\" },\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/lightsail\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := lightsail.NewContainerService(ctx, \"myContainerService\", \u0026lightsail.ContainerServiceArgs{\n\t\t\tIsDisabled: pulumi.Bool(false),\n\t\t\tPower: pulumi.String(\"nano\"),\n\t\t\tScale: pulumi.Int(1),\n\t\t\tTags: pulumi.StringMap{\n\t\t\t\t\"foo1\": pulumi.String(\"bar1\"),\n\t\t\t\t\"foo2\": pulumi.String(\"\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.aws.lightsail.ContainerService;\nimport com.pulumi.aws.lightsail.ContainerServiceArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var myContainerService = new ContainerService(\"myContainerService\", ContainerServiceArgs.builder() \n .isDisabled(false)\n .power(\"nano\")\n .scale(1)\n .tags(Map.ofEntries(\n Map.entry(\"foo1\", \"bar1\"),\n Map.entry(\"foo2\", \"\")\n ))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n myContainerService:\n type: aws:lightsail:ContainerService\n properties:\n isDisabled: false\n power: nano\n scale: 1\n tags:\n foo1: bar1\n foo2:\n```\n{{% /example %}}\n{{% example %}}\n### Public Domain Names\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst myContainerService = new aws.lightsail.ContainerService(\"myContainerService\", {publicDomainNames: {\n certificates: [{\n certificateName: \"example-certificate\",\n domainNames: [\"www.example.com\"],\n }],\n}});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nmy_container_service = aws.lightsail.ContainerService(\"myContainerService\", public_domain_names=aws.lightsail.ContainerServicePublicDomainNamesArgs(\n certificates=[aws.lightsail.ContainerServicePublicDomainNamesCertificateArgs(\n certificate_name=\"example-certificate\",\n domain_names=[\"www.example.com\"],\n )],\n))\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var myContainerService = new Aws.LightSail.ContainerService(\"myContainerService\", new()\n {\n PublicDomainNames = new Aws.LightSail.Inputs.ContainerServicePublicDomainNamesArgs\n {\n Certificates = new[]\n {\n new Aws.LightSail.Inputs.ContainerServicePublicDomainNamesCertificateArgs\n {\n CertificateName = \"example-certificate\",\n DomainNames = new[]\n {\n \"www.example.com\",\n },\n },\n },\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/lightsail\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := lightsail.NewContainerService(ctx, \"myContainerService\", \u0026lightsail.ContainerServiceArgs{\n\t\t\tPublicDomainNames: \u0026lightsail.ContainerServicePublicDomainNamesArgs{\n\t\t\t\tCertificates: lightsail.ContainerServicePublicDomainNamesCertificateArray{\n\t\t\t\t\t\u0026lightsail.ContainerServicePublicDomainNamesCertificateArgs{\n\t\t\t\t\t\tCertificateName: pulumi.String(\"example-certificate\"),\n\t\t\t\t\t\tDomainNames: pulumi.StringArray{\n\t\t\t\t\t\t\tpulumi.String(\"www.example.com\"),\n\t\t\t\t\t\t},\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.aws.lightsail.ContainerService;\nimport com.pulumi.aws.lightsail.ContainerServiceArgs;\nimport com.pulumi.aws.lightsail.inputs.ContainerServicePublicDomainNamesArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var myContainerService = new ContainerService(\"myContainerService\", ContainerServiceArgs.builder() \n .publicDomainNames(ContainerServicePublicDomainNamesArgs.builder()\n .certificates(ContainerServicePublicDomainNamesCertificateArgs.builder()\n .certificateName(\"example-certificate\")\n .domainNames(\"www.example.com\")\n .build())\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n myContainerService:\n type: aws:lightsail:ContainerService\n properties:\n publicDomainNames:\n certificates:\n - certificateName: example-certificate\n domainNames:\n - www.example.com\n```\n{{% /example %}}\n{{% example %}}\n### Private Registry Access\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\n// ... other configuration ...\nconst defaultContainerService = new aws.lightsail.ContainerService(\"defaultContainerService\", {privateRegistryAccess: {\n ecrImagePullerRole: {\n isActive: true,\n },\n}});\nconst defaultPolicyDocument = defaultContainerService.privateRegistryAccess.apply(privateRegistryAccess =\u003e aws.iam.getPolicyDocumentOutput({\n statements: [{\n effect: \"Allow\",\n principals: [{\n type: \"AWS\",\n identifiers: [privateRegistryAccess.ecrImagePullerRole?.principalArn],\n }],\n actions: [\n \"ecr:BatchGetImage\",\n \"ecr:GetDownloadUrlForLayer\",\n ],\n }],\n}));\nconst defaultRepositoryPolicy = new aws.ecr.RepositoryPolicy(\"defaultRepositoryPolicy\", {\n repository: aws_ecr_repository[\"default\"].name,\n policy: defaultPolicyDocument.apply(defaultPolicyDocument =\u003e defaultPolicyDocument.json),\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\n# ... other configuration ...\ndefault_container_service = aws.lightsail.ContainerService(\"defaultContainerService\", private_registry_access=aws.lightsail.ContainerServicePrivateRegistryAccessArgs(\n ecr_image_puller_role=aws.lightsail.ContainerServicePrivateRegistryAccessEcrImagePullerRoleArgs(\n is_active=True,\n ),\n))\ndefault_policy_document = default_container_service.private_registry_access.apply(lambda private_registry_access: aws.iam.get_policy_document_output(statements=[aws.iam.GetPolicyDocumentStatementArgs(\n effect=\"Allow\",\n principals=[aws.iam.GetPolicyDocumentStatementPrincipalArgs(\n type=\"AWS\",\n identifiers=[private_registry_access.ecr_image_puller_role.principal_arn],\n )],\n actions=[\n \"ecr:BatchGetImage\",\n \"ecr:GetDownloadUrlForLayer\",\n ],\n)]))\ndefault_repository_policy = aws.ecr.RepositoryPolicy(\"defaultRepositoryPolicy\",\n repository=aws_ecr_repository[\"default\"][\"name\"],\n policy=default_policy_document.json)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n // ... other configuration ...\n var defaultContainerService = new Aws.LightSail.ContainerService(\"defaultContainerService\", new()\n {\n PrivateRegistryAccess = new Aws.LightSail.Inputs.ContainerServicePrivateRegistryAccessArgs\n {\n EcrImagePullerRole = new Aws.LightSail.Inputs.ContainerServicePrivateRegistryAccessEcrImagePullerRoleArgs\n {\n IsActive = true,\n },\n },\n });\n\n var defaultPolicyDocument = Aws.Iam.GetPolicyDocument.Invoke(new()\n {\n Statements = new[]\n {\n new Aws.Iam.Inputs.GetPolicyDocumentStatementInputArgs\n {\n Effect = \"Allow\",\n Principals = new[]\n {\n new Aws.Iam.Inputs.GetPolicyDocumentStatementPrincipalInputArgs\n {\n Type = \"AWS\",\n Identifiers = new[]\n {\n defaultContainerService.PrivateRegistryAccess.EcrImagePullerRole?.PrincipalArn,\n },\n },\n },\n Actions = new[]\n {\n \"ecr:BatchGetImage\",\n \"ecr:GetDownloadUrlForLayer\",\n },\n },\n },\n });\n\n var defaultRepositoryPolicy = new Aws.Ecr.RepositoryPolicy(\"defaultRepositoryPolicy\", new()\n {\n Repository = aws_ecr_repository.Default.Name,\n Policy = defaultPolicyDocument.Apply(getPolicyDocumentResult =\u003e getPolicyDocumentResult.Json),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/ecr\"\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/iam\"\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/lightsail\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\nfunc main() {\npulumi.Run(func(ctx *pulumi.Context) error {\ndefaultContainerService, err := lightsail.NewContainerService(ctx, \"defaultContainerService\", \u0026lightsail.ContainerServiceArgs{\nPrivateRegistryAccess: \u0026lightsail.ContainerServicePrivateRegistryAccessArgs{\nEcrImagePullerRole: \u0026lightsail.ContainerServicePrivateRegistryAccessEcrImagePullerRoleArgs{\nIsActive: pulumi.Bool(true),\n},\n},\n})\nif err != nil {\nreturn err\n}\ndefaultPolicyDocument := defaultContainerService.PrivateRegistryAccess.ApplyT(func(privateRegistryAccess lightsail.ContainerServicePrivateRegistryAccess) (iam.GetPolicyDocumentResult, error) {\nreturn iam.GetPolicyDocumentOutput(ctx, iam.GetPolicyDocumentOutputArgs{\nStatements: []iam.GetPolicyDocumentStatement{\n{\nEffect: \"Allow\",\nPrincipals: []iam.GetPolicyDocumentStatementPrincipal{\n{\nType: \"AWS\",\nIdentifiers: interface{}{\nprivateRegistryAccess.EcrImagePullerRole.PrincipalArn,\n},\n},\n},\nActions: []string{\n\"ecr:BatchGetImage\",\n\"ecr:GetDownloadUrlForLayer\",\n},\n},\n},\n}, nil), nil\n}).(iam.GetPolicyDocumentResultOutput)\n_, err = ecr.NewRepositoryPolicy(ctx, \"defaultRepositoryPolicy\", \u0026ecr.RepositoryPolicyArgs{\nRepository: pulumi.Any(aws_ecr_repository.Default.Name),\nPolicy: defaultPolicyDocument.ApplyT(func(defaultPolicyDocument iam.GetPolicyDocumentResult) (*string, error) {\nreturn \u0026defaultPolicyDocument.Json, nil\n}).(pulumi.StringPtrOutput),\n})\nif err != nil {\nreturn err\n}\nreturn nil\n})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.aws.lightsail.ContainerService;\nimport com.pulumi.aws.lightsail.ContainerServiceArgs;\nimport com.pulumi.aws.lightsail.inputs.ContainerServicePrivateRegistryAccessArgs;\nimport com.pulumi.aws.lightsail.inputs.ContainerServicePrivateRegistryAccessEcrImagePullerRoleArgs;\nimport com.pulumi.aws.iam.IamFunctions;\nimport com.pulumi.aws.iam.inputs.GetPolicyDocumentArgs;\nimport com.pulumi.aws.ecr.RepositoryPolicy;\nimport com.pulumi.aws.ecr.RepositoryPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var defaultContainerService = new ContainerService(\"defaultContainerService\", ContainerServiceArgs.builder() \n .privateRegistryAccess(ContainerServicePrivateRegistryAccessArgs.builder()\n .ecrImagePullerRole(ContainerServicePrivateRegistryAccessEcrImagePullerRoleArgs.builder()\n .isActive(true)\n .build())\n .build())\n .build());\n\n final var defaultPolicyDocument = IamFunctions.getPolicyDocument(GetPolicyDocumentArgs.builder()\n .statements(GetPolicyDocumentStatementArgs.builder()\n .effect(\"Allow\")\n .principals(GetPolicyDocumentStatementPrincipalArgs.builder()\n .type(\"AWS\")\n .identifiers(defaultContainerService.privateRegistryAccess().applyValue(privateRegistryAccess -\u003e privateRegistryAccess.ecrImagePullerRole().principalArn()))\n .build())\n .actions( \n \"ecr:BatchGetImage\",\n \"ecr:GetDownloadUrlForLayer\")\n .build())\n .build());\n\n var defaultRepositoryPolicy = new RepositoryPolicy(\"defaultRepositoryPolicy\", RepositoryPolicyArgs.builder() \n .repository(aws_ecr_repository.default().name())\n .policy(defaultPolicyDocument.applyValue(getPolicyDocumentResult -\u003e getPolicyDocumentResult).applyValue(defaultPolicyDocument -\u003e defaultPolicyDocument.applyValue(getPolicyDocumentResult -\u003e getPolicyDocumentResult.json())))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n defaultContainerService:\n type: aws:lightsail:ContainerService\n properties:\n privateRegistryAccess:\n ecrImagePullerRole:\n isActive: true\n defaultRepositoryPolicy:\n type: aws:ecr:RepositoryPolicy\n properties:\n repository: ${aws_ecr_repository.default.name}\n policy: ${defaultPolicyDocument.json}\nvariables:\n defaultPolicyDocument:\n fn::invoke:\n Function: aws:iam:getPolicyDocument\n Arguments:\n statements:\n - effect: Allow\n principals:\n - type: AWS\n identifiers:\n - ${defaultContainerService.privateRegistryAccess.ecrImagePullerRole.principalArn}\n actions:\n - ecr:BatchGetImage\n - ecr:GetDownloadUrlForLayer\n```\n{{% /example %}}\n{{% /examples %}}\n\n## Import\n\nterraform import {\n\n to = aws_lightsail_container_service.my_container_service\n\n id = \"container-service-1\" } Using `pulumi import`, import Lightsail Container Service using the `name`. For exampleconsole % pulumi import aws_lightsail_container_service.my_container_service container-service-1 ", "properties": { "arn": { "type": "string", @@ -239210,7 +239207,7 @@ } }, "aws:mwaa/environment:Environment": { - "description": "Creates a MWAA Environment resource.\n\n{{% examples %}}\n## Example Usage\n\nA MWAA Environment requires an IAM role (`aws.iam.Role`), two subnets in the private zone (`aws.ec2.Subnet`) and a versioned S3 bucket (`aws.s3.BucketV2`).\n{{% example %}}\n### Basic Usage\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst example = new aws.mwaa.Environment(\"example\", {\n dagS3Path: \"dags/\",\n executionRoleArn: aws_iam_role.example.arn,\n networkConfiguration: {\n securityGroupIds: [aws_security_group.example.id],\n subnetIds: aws_subnet[\"private\"].map(__item =\u003e __item.id),\n },\n sourceBucketArn: aws_s3_bucket.example.arn,\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nexample = aws.mwaa.Environment(\"example\",\n dag_s3_path=\"dags/\",\n execution_role_arn=aws_iam_role[\"example\"][\"arn\"],\n network_configuration=aws.mwaa.EnvironmentNetworkConfigurationArgs(\n security_group_ids=[aws_security_group[\"example\"][\"id\"]],\n subnet_ids=[__item[\"id\"] for __item in aws_subnet[\"private\"]],\n ),\n source_bucket_arn=aws_s3_bucket[\"example\"][\"arn\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var example = new Aws.Mwaa.Environment(\"example\", new()\n {\n DagS3Path = \"dags/\",\n ExecutionRoleArn = aws_iam_role.Example.Arn,\n NetworkConfiguration = new Aws.Mwaa.Inputs.EnvironmentNetworkConfigurationArgs\n {\n SecurityGroupIds = new[]\n {\n aws_security_group.Example.Id,\n },\n SubnetIds = aws_subnet.Private.Select(__item =\u003e __item.Id).ToList(),\n },\n SourceBucketArn = aws_s3_bucket.Example.Arn,\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\n\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/mwaa\"\n)\nfunc main() {\npulumi.Run(func(ctx *pulumi.Context) error {\n_, err := mwaa.NewEnvironment(ctx, \"example\", \u0026mwaa.EnvironmentArgs{\nDagS3Path: pulumi.String(\"dags/\"),\nExecutionRoleArn: pulumi.Any(aws_iam_role.Example.Arn),\nNetworkConfiguration: \u0026mwaa.EnvironmentNetworkConfigurationArgs{\nSecurityGroupIds: pulumi.StringArray{\naws_security_group.Example.Id,\n},\nSubnetIds: %!v(PANIC=Format method: fatal: A failure has occurred: unlowered splat expression @ #-resources-aws:mwaa-environment:Environment.pp:5,25-49),\n},\nSourceBucketArn: pulumi.Any(aws_s3_bucket.Example.Arn),\n})\nif err != nil {\nreturn err\n}\nreturn nil\n})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.aws.mwaa.Environment;\nimport com.pulumi.aws.mwaa.EnvironmentArgs;\nimport com.pulumi.aws.mwaa.inputs.EnvironmentNetworkConfigurationArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var example = new Environment(\"example\", EnvironmentArgs.builder() \n .dagS3Path(\"dags/\")\n .executionRoleArn(aws_iam_role.example().arn())\n .networkConfiguration(EnvironmentNetworkConfigurationArgs.builder()\n .securityGroupIds(aws_security_group.example().id())\n .subnetIds(aws_subnet.private().stream().map(element -\u003e element.id()).collect(toList()))\n .build())\n .sourceBucketArn(aws_s3_bucket.example().arn())\n .build());\n\n }\n}\n```\n{{% /example %}}\n{{% example %}}\n### Example with Airflow configuration options\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst example = new aws.mwaa.Environment(\"example\", {\n airflowConfigurationOptions: {\n \"core.default_task_retries\": \"16\",\n \"core.parallelism\": \"1\",\n },\n dagS3Path: \"dags/\",\n executionRoleArn: aws_iam_role.example.arn,\n networkConfiguration: {\n securityGroupIds: [aws_security_group.example.id],\n subnetIds: aws_subnet[\"private\"].map(__item =\u003e __item.id),\n },\n sourceBucketArn: aws_s3_bucket.example.arn,\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nexample = aws.mwaa.Environment(\"example\",\n airflow_configuration_options={\n \"core.default_task_retries\": \"16\",\n \"core.parallelism\": \"1\",\n },\n dag_s3_path=\"dags/\",\n execution_role_arn=aws_iam_role[\"example\"][\"arn\"],\n network_configuration=aws.mwaa.EnvironmentNetworkConfigurationArgs(\n security_group_ids=[aws_security_group[\"example\"][\"id\"]],\n subnet_ids=[__item[\"id\"] for __item in aws_subnet[\"private\"]],\n ),\n source_bucket_arn=aws_s3_bucket[\"example\"][\"arn\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var example = new Aws.Mwaa.Environment(\"example\", new()\n {\n AirflowConfigurationOptions = \n {\n { \"core.default_task_retries\", \"16\" },\n { \"core.parallelism\", \"1\" },\n },\n DagS3Path = \"dags/\",\n ExecutionRoleArn = aws_iam_role.Example.Arn,\n NetworkConfiguration = new Aws.Mwaa.Inputs.EnvironmentNetworkConfigurationArgs\n {\n SecurityGroupIds = new[]\n {\n aws_security_group.Example.Id,\n },\n SubnetIds = aws_subnet.Private.Select(__item =\u003e __item.Id).ToList(),\n },\n SourceBucketArn = aws_s3_bucket.Example.Arn,\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\n\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/mwaa\"\n)\nfunc main() {\npulumi.Run(func(ctx *pulumi.Context) error {\n_, err := mwaa.NewEnvironment(ctx, \"example\", \u0026mwaa.EnvironmentArgs{\nAirflowConfigurationOptions: pulumi.StringMap{\n\"core.default_task_retries\": pulumi.String(\"16\"),\n\"core.parallelism\": pulumi.String(\"1\"),\n},\nDagS3Path: pulumi.String(\"dags/\"),\nExecutionRoleArn: pulumi.Any(aws_iam_role.Example.Arn),\nNetworkConfiguration: \u0026mwaa.EnvironmentNetworkConfigurationArgs{\nSecurityGroupIds: pulumi.StringArray{\naws_security_group.Example.Id,\n},\nSubnetIds: %!v(PANIC=Format method: fatal: A failure has occurred: unlowered splat expression @ #-resources-aws:mwaa-environment:Environment.pp:9,25-49),\n},\nSourceBucketArn: pulumi.Any(aws_s3_bucket.Example.Arn),\n})\nif err != nil {\nreturn err\n}\nreturn nil\n})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.aws.mwaa.Environment;\nimport com.pulumi.aws.mwaa.EnvironmentArgs;\nimport com.pulumi.aws.mwaa.inputs.EnvironmentNetworkConfigurationArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var example = new Environment(\"example\", EnvironmentArgs.builder() \n .airflowConfigurationOptions(Map.ofEntries(\n Map.entry(\"core.default_task_retries\", 16),\n Map.entry(\"core.parallelism\", 1)\n ))\n .dagS3Path(\"dags/\")\n .executionRoleArn(aws_iam_role.example().arn())\n .networkConfiguration(EnvironmentNetworkConfigurationArgs.builder()\n .securityGroupIds(aws_security_group.example().id())\n .subnetIds(aws_subnet.private().stream().map(element -\u003e element.id()).collect(toList()))\n .build())\n .sourceBucketArn(aws_s3_bucket.example().arn())\n .build());\n\n }\n}\n```\n{{% /example %}}\n{{% example %}}\n### Example with logging configurations\n\nNote that Airflow task logs are enabled by default with the `INFO` log level.\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst example = new aws.mwaa.Environment(\"example\", {\n dagS3Path: \"dags/\",\n executionRoleArn: aws_iam_role.example.arn,\n loggingConfiguration: {\n dagProcessingLogs: {\n enabled: true,\n logLevel: \"DEBUG\",\n },\n schedulerLogs: {\n enabled: true,\n logLevel: \"INFO\",\n },\n taskLogs: {\n enabled: true,\n logLevel: \"WARNING\",\n },\n webserverLogs: {\n enabled: true,\n logLevel: \"ERROR\",\n },\n workerLogs: {\n enabled: true,\n logLevel: \"CRITICAL\",\n },\n },\n networkConfiguration: {\n securityGroupIds: [aws_security_group.example.id],\n subnetIds: aws_subnet[\"private\"].map(__item =\u003e __item.id),\n },\n sourceBucketArn: aws_s3_bucket.example.arn,\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nexample = aws.mwaa.Environment(\"example\",\n dag_s3_path=\"dags/\",\n execution_role_arn=aws_iam_role[\"example\"][\"arn\"],\n logging_configuration=aws.mwaa.EnvironmentLoggingConfigurationArgs(\n dag_processing_logs=aws.mwaa.EnvironmentLoggingConfigurationDagProcessingLogsArgs(\n enabled=True,\n log_level=\"DEBUG\",\n ),\n scheduler_logs=aws.mwaa.EnvironmentLoggingConfigurationSchedulerLogsArgs(\n enabled=True,\n log_level=\"INFO\",\n ),\n task_logs=aws.mwaa.EnvironmentLoggingConfigurationTaskLogsArgs(\n enabled=True,\n log_level=\"WARNING\",\n ),\n webserver_logs=aws.mwaa.EnvironmentLoggingConfigurationWebserverLogsArgs(\n enabled=True,\n log_level=\"ERROR\",\n ),\n worker_logs=aws.mwaa.EnvironmentLoggingConfigurationWorkerLogsArgs(\n enabled=True,\n log_level=\"CRITICAL\",\n ),\n ),\n network_configuration=aws.mwaa.EnvironmentNetworkConfigurationArgs(\n security_group_ids=[aws_security_group[\"example\"][\"id\"]],\n subnet_ids=[__item[\"id\"] for __item in aws_subnet[\"private\"]],\n ),\n source_bucket_arn=aws_s3_bucket[\"example\"][\"arn\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var example = new Aws.Mwaa.Environment(\"example\", new()\n {\n DagS3Path = \"dags/\",\n ExecutionRoleArn = aws_iam_role.Example.Arn,\n LoggingConfiguration = new Aws.Mwaa.Inputs.EnvironmentLoggingConfigurationArgs\n {\n DagProcessingLogs = new Aws.Mwaa.Inputs.EnvironmentLoggingConfigurationDagProcessingLogsArgs\n {\n Enabled = true,\n LogLevel = \"DEBUG\",\n },\n SchedulerLogs = new Aws.Mwaa.Inputs.EnvironmentLoggingConfigurationSchedulerLogsArgs\n {\n Enabled = true,\n LogLevel = \"INFO\",\n },\n TaskLogs = new Aws.Mwaa.Inputs.EnvironmentLoggingConfigurationTaskLogsArgs\n {\n Enabled = true,\n LogLevel = \"WARNING\",\n },\n WebserverLogs = new Aws.Mwaa.Inputs.EnvironmentLoggingConfigurationWebserverLogsArgs\n {\n Enabled = true,\n LogLevel = \"ERROR\",\n },\n WorkerLogs = new Aws.Mwaa.Inputs.EnvironmentLoggingConfigurationWorkerLogsArgs\n {\n Enabled = true,\n LogLevel = \"CRITICAL\",\n },\n },\n NetworkConfiguration = new Aws.Mwaa.Inputs.EnvironmentNetworkConfigurationArgs\n {\n SecurityGroupIds = new[]\n {\n aws_security_group.Example.Id,\n },\n SubnetIds = aws_subnet.Private.Select(__item =\u003e __item.Id).ToList(),\n },\n SourceBucketArn = aws_s3_bucket.Example.Arn,\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\n\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/mwaa\"\n)\nfunc main() {\npulumi.Run(func(ctx *pulumi.Context) error {\n_, err := mwaa.NewEnvironment(ctx, \"example\", \u0026mwaa.EnvironmentArgs{\nDagS3Path: pulumi.String(\"dags/\"),\nExecutionRoleArn: pulumi.Any(aws_iam_role.Example.Arn),\nLoggingConfiguration: \u0026mwaa.EnvironmentLoggingConfigurationArgs{\nDagProcessingLogs: \u0026mwaa.EnvironmentLoggingConfigurationDagProcessingLogsArgs{\nEnabled: pulumi.Bool(true),\nLogLevel: pulumi.String(\"DEBUG\"),\n},\nSchedulerLogs: \u0026mwaa.EnvironmentLoggingConfigurationSchedulerLogsArgs{\nEnabled: pulumi.Bool(true),\nLogLevel: pulumi.String(\"INFO\"),\n},\nTaskLogs: \u0026mwaa.EnvironmentLoggingConfigurationTaskLogsArgs{\nEnabled: pulumi.Bool(true),\nLogLevel: pulumi.String(\"WARNING\"),\n},\nWebserverLogs: \u0026mwaa.EnvironmentLoggingConfigurationWebserverLogsArgs{\nEnabled: pulumi.Bool(true),\nLogLevel: pulumi.String(\"ERROR\"),\n},\nWorkerLogs: \u0026mwaa.EnvironmentLoggingConfigurationWorkerLogsArgs{\nEnabled: pulumi.Bool(true),\nLogLevel: pulumi.String(\"CRITICAL\"),\n},\n},\nNetworkConfiguration: \u0026mwaa.EnvironmentNetworkConfigurationArgs{\nSecurityGroupIds: pulumi.StringArray{\naws_security_group.Example.Id,\n},\nSubnetIds: %!v(PANIC=Format method: fatal: A failure has occurred: unlowered splat expression @ #-resources-aws:mwaa-environment:Environment.pp:27,25-49),\n},\nSourceBucketArn: pulumi.Any(aws_s3_bucket.Example.Arn),\n})\nif err != nil {\nreturn err\n}\nreturn nil\n})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.aws.mwaa.Environment;\nimport com.pulumi.aws.mwaa.EnvironmentArgs;\nimport com.pulumi.aws.mwaa.inputs.EnvironmentLoggingConfigurationArgs;\nimport com.pulumi.aws.mwaa.inputs.EnvironmentLoggingConfigurationDagProcessingLogsArgs;\nimport com.pulumi.aws.mwaa.inputs.EnvironmentLoggingConfigurationSchedulerLogsArgs;\nimport com.pulumi.aws.mwaa.inputs.EnvironmentLoggingConfigurationTaskLogsArgs;\nimport com.pulumi.aws.mwaa.inputs.EnvironmentLoggingConfigurationWebserverLogsArgs;\nimport com.pulumi.aws.mwaa.inputs.EnvironmentLoggingConfigurationWorkerLogsArgs;\nimport com.pulumi.aws.mwaa.inputs.EnvironmentNetworkConfigurationArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var example = new Environment(\"example\", EnvironmentArgs.builder() \n .dagS3Path(\"dags/\")\n .executionRoleArn(aws_iam_role.example().arn())\n .loggingConfiguration(EnvironmentLoggingConfigurationArgs.builder()\n .dagProcessingLogs(EnvironmentLoggingConfigurationDagProcessingLogsArgs.builder()\n .enabled(true)\n .logLevel(\"DEBUG\")\n .build())\n .schedulerLogs(EnvironmentLoggingConfigurationSchedulerLogsArgs.builder()\n .enabled(true)\n .logLevel(\"INFO\")\n .build())\n .taskLogs(EnvironmentLoggingConfigurationTaskLogsArgs.builder()\n .enabled(true)\n .logLevel(\"WARNING\")\n .build())\n .webserverLogs(EnvironmentLoggingConfigurationWebserverLogsArgs.builder()\n .enabled(true)\n .logLevel(\"ERROR\")\n .build())\n .workerLogs(EnvironmentLoggingConfigurationWorkerLogsArgs.builder()\n .enabled(true)\n .logLevel(\"CRITICAL\")\n .build())\n .build())\n .networkConfiguration(EnvironmentNetworkConfigurationArgs.builder()\n .securityGroupIds(aws_security_group.example().id())\n .subnetIds(aws_subnet.private().stream().map(element -\u003e element.id()).collect(toList()))\n .build())\n .sourceBucketArn(aws_s3_bucket.example().arn())\n .build());\n\n }\n}\n```\n{{% /example %}}\n{{% example %}}\n### Example with tags\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst example = new aws.mwaa.Environment(\"example\", {\n dagS3Path: \"dags/\",\n executionRoleArn: aws_iam_role.example.arn,\n networkConfiguration: {\n securityGroupIds: [aws_security_group.example.id],\n subnetIds: aws_subnet[\"private\"].map(__item =\u003e __item.id),\n },\n sourceBucketArn: aws_s3_bucket.example.arn,\n tags: {\n Name: \"example\",\n Environment: \"production\",\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nexample = aws.mwaa.Environment(\"example\",\n dag_s3_path=\"dags/\",\n execution_role_arn=aws_iam_role[\"example\"][\"arn\"],\n network_configuration=aws.mwaa.EnvironmentNetworkConfigurationArgs(\n security_group_ids=[aws_security_group[\"example\"][\"id\"]],\n subnet_ids=[__item[\"id\"] for __item in aws_subnet[\"private\"]],\n ),\n source_bucket_arn=aws_s3_bucket[\"example\"][\"arn\"],\n tags={\n \"Name\": \"example\",\n \"Environment\": \"production\",\n })\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var example = new Aws.Mwaa.Environment(\"example\", new()\n {\n DagS3Path = \"dags/\",\n ExecutionRoleArn = aws_iam_role.Example.Arn,\n NetworkConfiguration = new Aws.Mwaa.Inputs.EnvironmentNetworkConfigurationArgs\n {\n SecurityGroupIds = new[]\n {\n aws_security_group.Example.Id,\n },\n SubnetIds = aws_subnet.Private.Select(__item =\u003e __item.Id).ToList(),\n },\n SourceBucketArn = aws_s3_bucket.Example.Arn,\n Tags = \n {\n { \"Name\", \"example\" },\n { \"Environment\", \"production\" },\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\n\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/mwaa\"\n)\nfunc main() {\npulumi.Run(func(ctx *pulumi.Context) error {\n_, err := mwaa.NewEnvironment(ctx, \"example\", \u0026mwaa.EnvironmentArgs{\nDagS3Path: pulumi.String(\"dags/\"),\nExecutionRoleArn: pulumi.Any(aws_iam_role.Example.Arn),\nNetworkConfiguration: \u0026mwaa.EnvironmentNetworkConfigurationArgs{\nSecurityGroupIds: pulumi.StringArray{\naws_security_group.Example.Id,\n},\nSubnetIds: %!v(PANIC=Format method: fatal: A failure has occurred: unlowered splat expression @ #-resources-aws:mwaa-environment:Environment.pp:5,25-49),\n},\nSourceBucketArn: pulumi.Any(aws_s3_bucket.Example.Arn),\nTags: pulumi.StringMap{\n\"Name\": pulumi.String(\"example\"),\n\"Environment\": pulumi.String(\"production\"),\n},\n})\nif err != nil {\nreturn err\n}\nreturn nil\n})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.aws.mwaa.Environment;\nimport com.pulumi.aws.mwaa.EnvironmentArgs;\nimport com.pulumi.aws.mwaa.inputs.EnvironmentNetworkConfigurationArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var example = new Environment(\"example\", EnvironmentArgs.builder() \n .dagS3Path(\"dags/\")\n .executionRoleArn(aws_iam_role.example().arn())\n .networkConfiguration(EnvironmentNetworkConfigurationArgs.builder()\n .securityGroupIds(aws_security_group.example().id())\n .subnetIds(aws_subnet.private().stream().map(element -\u003e element.id()).collect(toList()))\n .build())\n .sourceBucketArn(aws_s3_bucket.example().arn())\n .tags(Map.ofEntries(\n Map.entry(\"Name\", \"example\"),\n Map.entry(\"Environment\", \"production\")\n ))\n .build());\n\n }\n}\n```\n{{% /example %}}\n{{% /examples %}}\n\n## Import\n\nterraform import {\n\n to = aws_mwaa_environment.example\n\n id = \"MyAirflowEnvironment\" } Using `pulumi import`, import MWAA Environment using `Name`. For exampleconsole % pulumi import aws_mwaa_environment.example MyAirflowEnvironment ", + "description": "Creates a MWAA Environment resource.\n\n{{% examples %}}\n## Example Usage\n\nA MWAA Environment requires an IAM role (`aws.iam.Role`), two subnets in the private zone (`aws.ec2.Subnet`) and a versioned S3 bucket (`aws.s3.BucketV2`).\n{{% example %}}\n### Basic Usage\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst example = new aws.mwaa.Environment(\"example\", {\n dagS3Path: \"dags/\",\n executionRoleArn: aws_iam_role.example.arn,\n networkConfiguration: {\n securityGroupIds: [aws_security_group.example.id],\n subnetIds: aws_subnet[\"private\"].map(__item =\u003e __item.id),\n },\n sourceBucketArn: aws_s3_bucket.example.arn,\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nexample = aws.mwaa.Environment(\"example\",\n dag_s3_path=\"dags/\",\n execution_role_arn=aws_iam_role[\"example\"][\"arn\"],\n network_configuration=aws.mwaa.EnvironmentNetworkConfigurationArgs(\n security_group_ids=[aws_security_group[\"example\"][\"id\"]],\n subnet_ids=[__item[\"id\"] for __item in aws_subnet[\"private\"]],\n ),\n source_bucket_arn=aws_s3_bucket[\"example\"][\"arn\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var example = new Aws.Mwaa.Environment(\"example\", new()\n {\n DagS3Path = \"dags/\",\n ExecutionRoleArn = aws_iam_role.Example.Arn,\n NetworkConfiguration = new Aws.Mwaa.Inputs.EnvironmentNetworkConfigurationArgs\n {\n SecurityGroupIds = new[]\n {\n aws_security_group.Example.Id,\n },\n SubnetIds = aws_subnet.Private.Select(__item =\u003e __item.Id).ToList(),\n },\n SourceBucketArn = aws_s3_bucket.Example.Arn,\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/mwaa\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\nfunc main() {\npulumi.Run(func(ctx *pulumi.Context) error {\n_, err := mwaa.NewEnvironment(ctx, \"example\", \u0026mwaa.EnvironmentArgs{\nDagS3Path: pulumi.String(\"dags/\"),\nExecutionRoleArn: pulumi.Any(aws_iam_role.Example.Arn),\nNetworkConfiguration: \u0026mwaa.EnvironmentNetworkConfigurationArgs{\nSecurityGroupIds: pulumi.StringArray{\naws_security_group.Example.Id,\n},\nSubnetIds: %!v(PANIC=Format method: fatal: A failure has occurred: unlowered splat expression @ #-resources-aws:mwaa-environment:Environment.pp:5,25-49),\n},\nSourceBucketArn: pulumi.Any(aws_s3_bucket.Example.Arn),\n})\nif err != nil {\nreturn err\n}\nreturn nil\n})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.aws.mwaa.Environment;\nimport com.pulumi.aws.mwaa.EnvironmentArgs;\nimport com.pulumi.aws.mwaa.inputs.EnvironmentNetworkConfigurationArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var example = new Environment(\"example\", EnvironmentArgs.builder() \n .dagS3Path(\"dags/\")\n .executionRoleArn(aws_iam_role.example().arn())\n .networkConfiguration(EnvironmentNetworkConfigurationArgs.builder()\n .securityGroupIds(aws_security_group.example().id())\n .subnetIds(aws_subnet.private().stream().map(element -\u003e element.id()).collect(toList()))\n .build())\n .sourceBucketArn(aws_s3_bucket.example().arn())\n .build());\n\n }\n}\n```\n{{% /example %}}\n{{% example %}}\n### Example with Airflow configuration options\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst example = new aws.mwaa.Environment(\"example\", {\n airflowConfigurationOptions: {\n \"core.default_task_retries\": \"16\",\n \"core.parallelism\": \"1\",\n },\n dagS3Path: \"dags/\",\n executionRoleArn: aws_iam_role.example.arn,\n networkConfiguration: {\n securityGroupIds: [aws_security_group.example.id],\n subnetIds: aws_subnet[\"private\"].map(__item =\u003e __item.id),\n },\n sourceBucketArn: aws_s3_bucket.example.arn,\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nexample = aws.mwaa.Environment(\"example\",\n airflow_configuration_options={\n \"core.default_task_retries\": \"16\",\n \"core.parallelism\": \"1\",\n },\n dag_s3_path=\"dags/\",\n execution_role_arn=aws_iam_role[\"example\"][\"arn\"],\n network_configuration=aws.mwaa.EnvironmentNetworkConfigurationArgs(\n security_group_ids=[aws_security_group[\"example\"][\"id\"]],\n subnet_ids=[__item[\"id\"] for __item in aws_subnet[\"private\"]],\n ),\n source_bucket_arn=aws_s3_bucket[\"example\"][\"arn\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var example = new Aws.Mwaa.Environment(\"example\", new()\n {\n AirflowConfigurationOptions = \n {\n { \"core.default_task_retries\", \"16\" },\n { \"core.parallelism\", \"1\" },\n },\n DagS3Path = \"dags/\",\n ExecutionRoleArn = aws_iam_role.Example.Arn,\n NetworkConfiguration = new Aws.Mwaa.Inputs.EnvironmentNetworkConfigurationArgs\n {\n SecurityGroupIds = new[]\n {\n aws_security_group.Example.Id,\n },\n SubnetIds = aws_subnet.Private.Select(__item =\u003e __item.Id).ToList(),\n },\n SourceBucketArn = aws_s3_bucket.Example.Arn,\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/mwaa\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\nfunc main() {\npulumi.Run(func(ctx *pulumi.Context) error {\n_, err := mwaa.NewEnvironment(ctx, \"example\", \u0026mwaa.EnvironmentArgs{\nAirflowConfigurationOptions: pulumi.StringMap{\n\"core.default_task_retries\": pulumi.String(\"16\"),\n\"core.parallelism\": pulumi.String(\"1\"),\n},\nDagS3Path: pulumi.String(\"dags/\"),\nExecutionRoleArn: pulumi.Any(aws_iam_role.Example.Arn),\nNetworkConfiguration: \u0026mwaa.EnvironmentNetworkConfigurationArgs{\nSecurityGroupIds: pulumi.StringArray{\naws_security_group.Example.Id,\n},\nSubnetIds: %!v(PANIC=Format method: fatal: A failure has occurred: unlowered splat expression @ #-resources-aws:mwaa-environment:Environment.pp:9,25-49),\n},\nSourceBucketArn: pulumi.Any(aws_s3_bucket.Example.Arn),\n})\nif err != nil {\nreturn err\n}\nreturn nil\n})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.aws.mwaa.Environment;\nimport com.pulumi.aws.mwaa.EnvironmentArgs;\nimport com.pulumi.aws.mwaa.inputs.EnvironmentNetworkConfigurationArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var example = new Environment(\"example\", EnvironmentArgs.builder() \n .airflowConfigurationOptions(Map.ofEntries(\n Map.entry(\"core.default_task_retries\", 16),\n Map.entry(\"core.parallelism\", 1)\n ))\n .dagS3Path(\"dags/\")\n .executionRoleArn(aws_iam_role.example().arn())\n .networkConfiguration(EnvironmentNetworkConfigurationArgs.builder()\n .securityGroupIds(aws_security_group.example().id())\n .subnetIds(aws_subnet.private().stream().map(element -\u003e element.id()).collect(toList()))\n .build())\n .sourceBucketArn(aws_s3_bucket.example().arn())\n .build());\n\n }\n}\n```\n{{% /example %}}\n{{% example %}}\n### Example with logging configurations\n\nNote that Airflow task logs are enabled by default with the `INFO` log level.\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst example = new aws.mwaa.Environment(\"example\", {\n dagS3Path: \"dags/\",\n executionRoleArn: aws_iam_role.example.arn,\n loggingConfiguration: {\n dagProcessingLogs: {\n enabled: true,\n logLevel: \"DEBUG\",\n },\n schedulerLogs: {\n enabled: true,\n logLevel: \"INFO\",\n },\n taskLogs: {\n enabled: true,\n logLevel: \"WARNING\",\n },\n webserverLogs: {\n enabled: true,\n logLevel: \"ERROR\",\n },\n workerLogs: {\n enabled: true,\n logLevel: \"CRITICAL\",\n },\n },\n networkConfiguration: {\n securityGroupIds: [aws_security_group.example.id],\n subnetIds: aws_subnet[\"private\"].map(__item =\u003e __item.id),\n },\n sourceBucketArn: aws_s3_bucket.example.arn,\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nexample = aws.mwaa.Environment(\"example\",\n dag_s3_path=\"dags/\",\n execution_role_arn=aws_iam_role[\"example\"][\"arn\"],\n logging_configuration=aws.mwaa.EnvironmentLoggingConfigurationArgs(\n dag_processing_logs=aws.mwaa.EnvironmentLoggingConfigurationDagProcessingLogsArgs(\n enabled=True,\n log_level=\"DEBUG\",\n ),\n scheduler_logs=aws.mwaa.EnvironmentLoggingConfigurationSchedulerLogsArgs(\n enabled=True,\n log_level=\"INFO\",\n ),\n task_logs=aws.mwaa.EnvironmentLoggingConfigurationTaskLogsArgs(\n enabled=True,\n log_level=\"WARNING\",\n ),\n webserver_logs=aws.mwaa.EnvironmentLoggingConfigurationWebserverLogsArgs(\n enabled=True,\n log_level=\"ERROR\",\n ),\n worker_logs=aws.mwaa.EnvironmentLoggingConfigurationWorkerLogsArgs(\n enabled=True,\n log_level=\"CRITICAL\",\n ),\n ),\n network_configuration=aws.mwaa.EnvironmentNetworkConfigurationArgs(\n security_group_ids=[aws_security_group[\"example\"][\"id\"]],\n subnet_ids=[__item[\"id\"] for __item in aws_subnet[\"private\"]],\n ),\n source_bucket_arn=aws_s3_bucket[\"example\"][\"arn\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var example = new Aws.Mwaa.Environment(\"example\", new()\n {\n DagS3Path = \"dags/\",\n ExecutionRoleArn = aws_iam_role.Example.Arn,\n LoggingConfiguration = new Aws.Mwaa.Inputs.EnvironmentLoggingConfigurationArgs\n {\n DagProcessingLogs = new Aws.Mwaa.Inputs.EnvironmentLoggingConfigurationDagProcessingLogsArgs\n {\n Enabled = true,\n LogLevel = \"DEBUG\",\n },\n SchedulerLogs = new Aws.Mwaa.Inputs.EnvironmentLoggingConfigurationSchedulerLogsArgs\n {\n Enabled = true,\n LogLevel = \"INFO\",\n },\n TaskLogs = new Aws.Mwaa.Inputs.EnvironmentLoggingConfigurationTaskLogsArgs\n {\n Enabled = true,\n LogLevel = \"WARNING\",\n },\n WebserverLogs = new Aws.Mwaa.Inputs.EnvironmentLoggingConfigurationWebserverLogsArgs\n {\n Enabled = true,\n LogLevel = \"ERROR\",\n },\n WorkerLogs = new Aws.Mwaa.Inputs.EnvironmentLoggingConfigurationWorkerLogsArgs\n {\n Enabled = true,\n LogLevel = \"CRITICAL\",\n },\n },\n NetworkConfiguration = new Aws.Mwaa.Inputs.EnvironmentNetworkConfigurationArgs\n {\n SecurityGroupIds = new[]\n {\n aws_security_group.Example.Id,\n },\n SubnetIds = aws_subnet.Private.Select(__item =\u003e __item.Id).ToList(),\n },\n SourceBucketArn = aws_s3_bucket.Example.Arn,\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/mwaa\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\nfunc main() {\npulumi.Run(func(ctx *pulumi.Context) error {\n_, err := mwaa.NewEnvironment(ctx, \"example\", \u0026mwaa.EnvironmentArgs{\nDagS3Path: pulumi.String(\"dags/\"),\nExecutionRoleArn: pulumi.Any(aws_iam_role.Example.Arn),\nLoggingConfiguration: \u0026mwaa.EnvironmentLoggingConfigurationArgs{\nDagProcessingLogs: \u0026mwaa.EnvironmentLoggingConfigurationDagProcessingLogsArgs{\nEnabled: pulumi.Bool(true),\nLogLevel: pulumi.String(\"DEBUG\"),\n},\nSchedulerLogs: \u0026mwaa.EnvironmentLoggingConfigurationSchedulerLogsArgs{\nEnabled: pulumi.Bool(true),\nLogLevel: pulumi.String(\"INFO\"),\n},\nTaskLogs: \u0026mwaa.EnvironmentLoggingConfigurationTaskLogsArgs{\nEnabled: pulumi.Bool(true),\nLogLevel: pulumi.String(\"WARNING\"),\n},\nWebserverLogs: \u0026mwaa.EnvironmentLoggingConfigurationWebserverLogsArgs{\nEnabled: pulumi.Bool(true),\nLogLevel: pulumi.String(\"ERROR\"),\n},\nWorkerLogs: \u0026mwaa.EnvironmentLoggingConfigurationWorkerLogsArgs{\nEnabled: pulumi.Bool(true),\nLogLevel: pulumi.String(\"CRITICAL\"),\n},\n},\nNetworkConfiguration: \u0026mwaa.EnvironmentNetworkConfigurationArgs{\nSecurityGroupIds: pulumi.StringArray{\naws_security_group.Example.Id,\n},\nSubnetIds: %!v(PANIC=Format method: fatal: A failure has occurred: unlowered splat expression @ #-resources-aws:mwaa-environment:Environment.pp:27,25-49),\n},\nSourceBucketArn: pulumi.Any(aws_s3_bucket.Example.Arn),\n})\nif err != nil {\nreturn err\n}\nreturn nil\n})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.aws.mwaa.Environment;\nimport com.pulumi.aws.mwaa.EnvironmentArgs;\nimport com.pulumi.aws.mwaa.inputs.EnvironmentLoggingConfigurationArgs;\nimport com.pulumi.aws.mwaa.inputs.EnvironmentLoggingConfigurationDagProcessingLogsArgs;\nimport com.pulumi.aws.mwaa.inputs.EnvironmentLoggingConfigurationSchedulerLogsArgs;\nimport com.pulumi.aws.mwaa.inputs.EnvironmentLoggingConfigurationTaskLogsArgs;\nimport com.pulumi.aws.mwaa.inputs.EnvironmentLoggingConfigurationWebserverLogsArgs;\nimport com.pulumi.aws.mwaa.inputs.EnvironmentLoggingConfigurationWorkerLogsArgs;\nimport com.pulumi.aws.mwaa.inputs.EnvironmentNetworkConfigurationArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var example = new Environment(\"example\", EnvironmentArgs.builder() \n .dagS3Path(\"dags/\")\n .executionRoleArn(aws_iam_role.example().arn())\n .loggingConfiguration(EnvironmentLoggingConfigurationArgs.builder()\n .dagProcessingLogs(EnvironmentLoggingConfigurationDagProcessingLogsArgs.builder()\n .enabled(true)\n .logLevel(\"DEBUG\")\n .build())\n .schedulerLogs(EnvironmentLoggingConfigurationSchedulerLogsArgs.builder()\n .enabled(true)\n .logLevel(\"INFO\")\n .build())\n .taskLogs(EnvironmentLoggingConfigurationTaskLogsArgs.builder()\n .enabled(true)\n .logLevel(\"WARNING\")\n .build())\n .webserverLogs(EnvironmentLoggingConfigurationWebserverLogsArgs.builder()\n .enabled(true)\n .logLevel(\"ERROR\")\n .build())\n .workerLogs(EnvironmentLoggingConfigurationWorkerLogsArgs.builder()\n .enabled(true)\n .logLevel(\"CRITICAL\")\n .build())\n .build())\n .networkConfiguration(EnvironmentNetworkConfigurationArgs.builder()\n .securityGroupIds(aws_security_group.example().id())\n .subnetIds(aws_subnet.private().stream().map(element -\u003e element.id()).collect(toList()))\n .build())\n .sourceBucketArn(aws_s3_bucket.example().arn())\n .build());\n\n }\n}\n```\n{{% /example %}}\n{{% example %}}\n### Example with tags\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst example = new aws.mwaa.Environment(\"example\", {\n dagS3Path: \"dags/\",\n executionRoleArn: aws_iam_role.example.arn,\n networkConfiguration: {\n securityGroupIds: [aws_security_group.example.id],\n subnetIds: aws_subnet[\"private\"].map(__item =\u003e __item.id),\n },\n sourceBucketArn: aws_s3_bucket.example.arn,\n tags: {\n Name: \"example\",\n Environment: \"production\",\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nexample = aws.mwaa.Environment(\"example\",\n dag_s3_path=\"dags/\",\n execution_role_arn=aws_iam_role[\"example\"][\"arn\"],\n network_configuration=aws.mwaa.EnvironmentNetworkConfigurationArgs(\n security_group_ids=[aws_security_group[\"example\"][\"id\"]],\n subnet_ids=[__item[\"id\"] for __item in aws_subnet[\"private\"]],\n ),\n source_bucket_arn=aws_s3_bucket[\"example\"][\"arn\"],\n tags={\n \"Name\": \"example\",\n \"Environment\": \"production\",\n })\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var example = new Aws.Mwaa.Environment(\"example\", new()\n {\n DagS3Path = \"dags/\",\n ExecutionRoleArn = aws_iam_role.Example.Arn,\n NetworkConfiguration = new Aws.Mwaa.Inputs.EnvironmentNetworkConfigurationArgs\n {\n SecurityGroupIds = new[]\n {\n aws_security_group.Example.Id,\n },\n SubnetIds = aws_subnet.Private.Select(__item =\u003e __item.Id).ToList(),\n },\n SourceBucketArn = aws_s3_bucket.Example.Arn,\n Tags = \n {\n { \"Name\", \"example\" },\n { \"Environment\", \"production\" },\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/mwaa\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\nfunc main() {\npulumi.Run(func(ctx *pulumi.Context) error {\n_, err := mwaa.NewEnvironment(ctx, \"example\", \u0026mwaa.EnvironmentArgs{\nDagS3Path: pulumi.String(\"dags/\"),\nExecutionRoleArn: pulumi.Any(aws_iam_role.Example.Arn),\nNetworkConfiguration: \u0026mwaa.EnvironmentNetworkConfigurationArgs{\nSecurityGroupIds: pulumi.StringArray{\naws_security_group.Example.Id,\n},\nSubnetIds: %!v(PANIC=Format method: fatal: A failure has occurred: unlowered splat expression @ #-resources-aws:mwaa-environment:Environment.pp:5,25-49),\n},\nSourceBucketArn: pulumi.Any(aws_s3_bucket.Example.Arn),\nTags: pulumi.StringMap{\n\"Name\": pulumi.String(\"example\"),\n\"Environment\": pulumi.String(\"production\"),\n},\n})\nif err != nil {\nreturn err\n}\nreturn nil\n})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.aws.mwaa.Environment;\nimport com.pulumi.aws.mwaa.EnvironmentArgs;\nimport com.pulumi.aws.mwaa.inputs.EnvironmentNetworkConfigurationArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var example = new Environment(\"example\", EnvironmentArgs.builder() \n .dagS3Path(\"dags/\")\n .executionRoleArn(aws_iam_role.example().arn())\n .networkConfiguration(EnvironmentNetworkConfigurationArgs.builder()\n .securityGroupIds(aws_security_group.example().id())\n .subnetIds(aws_subnet.private().stream().map(element -\u003e element.id()).collect(toList()))\n .build())\n .sourceBucketArn(aws_s3_bucket.example().arn())\n .tags(Map.ofEntries(\n Map.entry(\"Name\", \"example\"),\n Map.entry(\"Environment\", \"production\")\n ))\n .build());\n\n }\n}\n```\n{{% /example %}}\n{{% /examples %}}\n\n## Import\n\nterraform import {\n\n to = aws_mwaa_environment.example\n\n id = \"MyAirflowEnvironment\" } Using `pulumi import`, import MWAA Environment using `Name`. For exampleconsole % pulumi import aws_mwaa_environment.example MyAirflowEnvironment ", "properties": { "airflowConfigurationOptions": { "type": "object", @@ -244805,7 +244802,7 @@ } }, "aws:opensearch/domain:Domain": { - "description": "Manages an Amazon OpenSearch Domain.\n\n## Elasticsearch vs. OpenSearch\n\nAmazon OpenSearch Service is the successor to Amazon Elasticsearch Service and supports OpenSearch and legacy Elasticsearch OSS (up to 7.10, the final open source version of the software).\n\nOpenSearch Domain configurations are similar in many ways to Elasticsearch Domain configurations. However, there are important differences including these:\n\n* OpenSearch has `engine_version` while Elasticsearch has `elasticsearch_version`\n* Versions are specified differently - _e.g._, `Elasticsearch_7.10` with OpenSearch vs. `7.10` for Elasticsearch.\n* `instance_type` argument values end in `search` for OpenSearch vs. `elasticsearch` for Elasticsearch (_e.g._, `t2.micro.search` vs. `t2.micro.elasticsearch`).\n* The AWS-managed service-linked role for OpenSearch is called `AWSServiceRoleForAmazonOpenSearchService` instead of `AWSServiceRoleForAmazonElasticsearchService` for Elasticsearch.\n\nThere are also some potentially unexpected similarities in configurations:\n\n* ARNs for both are prefaced with `arn:aws:es:`.\n* Both OpenSearch and Elasticsearch use assume role policies that refer to the `Principal` `Service` as `es.amazonaws.com`.\n* IAM policy actions, such as those you will find in `access_policies`, are prefaced with `es:` for both.\n\n{{% examples %}}\n## Example Usage\n{{% example %}}\n### Basic Usage\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst example = new aws.opensearch.Domain(\"example\", {\n clusterConfig: {\n instanceType: \"r4.large.search\",\n },\n engineVersion: \"Elasticsearch_7.10\",\n tags: {\n Domain: \"TestDomain\",\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nexample = aws.opensearch.Domain(\"example\",\n cluster_config=aws.opensearch.DomainClusterConfigArgs(\n instance_type=\"r4.large.search\",\n ),\n engine_version=\"Elasticsearch_7.10\",\n tags={\n \"Domain\": \"TestDomain\",\n })\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var example = new Aws.OpenSearch.Domain(\"example\", new()\n {\n ClusterConfig = new Aws.OpenSearch.Inputs.DomainClusterConfigArgs\n {\n InstanceType = \"r4.large.search\",\n },\n EngineVersion = \"Elasticsearch_7.10\",\n Tags = \n {\n { \"Domain\", \"TestDomain\" },\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/opensearch\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := opensearch.NewDomain(ctx, \"example\", \u0026opensearch.DomainArgs{\n\t\t\tClusterConfig: \u0026opensearch.DomainClusterConfigArgs{\n\t\t\t\tInstanceType: pulumi.String(\"r4.large.search\"),\n\t\t\t},\n\t\t\tEngineVersion: pulumi.String(\"Elasticsearch_7.10\"),\n\t\t\tTags: pulumi.StringMap{\n\t\t\t\t\"Domain\": pulumi.String(\"TestDomain\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.aws.opensearch.Domain;\nimport com.pulumi.aws.opensearch.DomainArgs;\nimport com.pulumi.aws.opensearch.inputs.DomainClusterConfigArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var example = new Domain(\"example\", DomainArgs.builder() \n .clusterConfig(DomainClusterConfigArgs.builder()\n .instanceType(\"r4.large.search\")\n .build())\n .engineVersion(\"Elasticsearch_7.10\")\n .tags(Map.of(\"Domain\", \"TestDomain\"))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n example:\n type: aws:opensearch:Domain\n properties:\n clusterConfig:\n instanceType: r4.large.search\n engineVersion: Elasticsearch_7.10\n tags:\n Domain: TestDomain\n```\n{{% /example %}}\n{{% example %}}\n### Access Policy\n\n\u003e See also: `aws.opensearch.DomainPolicy` resource\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst config = new pulumi.Config();\nconst domain = config.get(\"domain\") || \"tf-test\";\nconst currentRegion = aws.getRegion({});\nconst currentCallerIdentity = aws.getCallerIdentity({});\nconst examplePolicyDocument = Promise.all([currentRegion, currentCallerIdentity]).then(([currentRegion, currentCallerIdentity]) =\u003e aws.iam.getPolicyDocument({\n statements: [{\n effect: \"Allow\",\n principals: [{\n type: \"*\",\n identifiers: [\"*\"],\n }],\n actions: [\"es:*\"],\n resources: [`arn:aws:es:${currentRegion.name}:${currentCallerIdentity.accountId}:domain/${domain}/*`],\n conditions: [{\n test: \"IpAddress\",\n variable: \"aws:SourceIp\",\n values: [\"66.193.100.22/32\"],\n }],\n }],\n}));\nconst exampleDomain = new aws.opensearch.Domain(\"exampleDomain\", {accessPolicies: examplePolicyDocument.then(examplePolicyDocument =\u003e examplePolicyDocument.json)});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nconfig = pulumi.Config()\ndomain = config.get(\"domain\")\nif domain is None:\n domain = \"tf-test\"\ncurrent_region = aws.get_region()\ncurrent_caller_identity = aws.get_caller_identity()\nexample_policy_document = aws.iam.get_policy_document(statements=[aws.iam.GetPolicyDocumentStatementArgs(\n effect=\"Allow\",\n principals=[aws.iam.GetPolicyDocumentStatementPrincipalArgs(\n type=\"*\",\n identifiers=[\"*\"],\n )],\n actions=[\"es:*\"],\n resources=[f\"arn:aws:es:{current_region.name}:{current_caller_identity.account_id}:domain/{domain}/*\"],\n conditions=[aws.iam.GetPolicyDocumentStatementConditionArgs(\n test=\"IpAddress\",\n variable=\"aws:SourceIp\",\n values=[\"66.193.100.22/32\"],\n )],\n)])\nexample_domain = aws.opensearch.Domain(\"exampleDomain\", access_policies=example_policy_document.json)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var config = new Config();\n var domain = config.Get(\"domain\") ?? \"tf-test\";\n var currentRegion = Aws.GetRegion.Invoke();\n\n var currentCallerIdentity = Aws.GetCallerIdentity.Invoke();\n\n var examplePolicyDocument = Aws.Iam.GetPolicyDocument.Invoke(new()\n {\n Statements = new[]\n {\n new Aws.Iam.Inputs.GetPolicyDocumentStatementInputArgs\n {\n Effect = \"Allow\",\n Principals = new[]\n {\n new Aws.Iam.Inputs.GetPolicyDocumentStatementPrincipalInputArgs\n {\n Type = \"*\",\n Identifiers = new[]\n {\n \"*\",\n },\n },\n },\n Actions = new[]\n {\n \"es:*\",\n },\n Resources = new[]\n {\n $\"arn:aws:es:{currentRegion.Apply(getRegionResult =\u003e getRegionResult.Name)}:{currentCallerIdentity.Apply(getCallerIdentityResult =\u003e getCallerIdentityResult.AccountId)}:domain/{domain}/*\",\n },\n Conditions = new[]\n {\n new Aws.Iam.Inputs.GetPolicyDocumentStatementConditionInputArgs\n {\n Test = \"IpAddress\",\n Variable = \"aws:SourceIp\",\n Values = new[]\n {\n \"66.193.100.22/32\",\n },\n },\n },\n },\n },\n });\n\n var exampleDomain = new Aws.OpenSearch.Domain(\"exampleDomain\", new()\n {\n AccessPolicies = examplePolicyDocument.Apply(getPolicyDocumentResult =\u003e getPolicyDocumentResult.Json),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"fmt\"\n\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws\"\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/iam\"\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/opensearch\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi/config\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tcfg := config.New(ctx, \"\")\n\t\tdomain := \"tf-test\"\n\t\tif param := cfg.Get(\"domain\"); param != \"\" {\n\t\t\tdomain = param\n\t\t}\n\t\tcurrentRegion, err := aws.GetRegion(ctx, nil, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tcurrentCallerIdentity, err := aws.GetCallerIdentity(ctx, nil, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\texamplePolicyDocument, err := iam.GetPolicyDocument(ctx, \u0026iam.GetPolicyDocumentArgs{\n\t\t\tStatements: []iam.GetPolicyDocumentStatement{\n\t\t\t\t{\n\t\t\t\t\tEffect: pulumi.StringRef(\"Allow\"),\n\t\t\t\t\tPrincipals: []iam.GetPolicyDocumentStatementPrincipal{\n\t\t\t\t\t\t{\n\t\t\t\t\t\t\tType: \"*\",\n\t\t\t\t\t\t\tIdentifiers: []string{\n\t\t\t\t\t\t\t\t\"*\",\n\t\t\t\t\t\t\t},\n\t\t\t\t\t\t},\n\t\t\t\t\t},\n\t\t\t\t\tActions: []string{\n\t\t\t\t\t\t\"es:*\",\n\t\t\t\t\t},\n\t\t\t\t\tResources: []string{\n\t\t\t\t\t\tfmt.Sprintf(\"arn:aws:es:%v:%v:domain/%v/*\", currentRegion.Name, currentCallerIdentity.AccountId, domain),\n\t\t\t\t\t},\n\t\t\t\t\tConditions: []iam.GetPolicyDocumentStatementCondition{\n\t\t\t\t\t\t{\n\t\t\t\t\t\t\tTest: \"IpAddress\",\n\t\t\t\t\t\t\tVariable: \"aws:SourceIp\",\n\t\t\t\t\t\t\tValues: []string{\n\t\t\t\t\t\t\t\t\"66.193.100.22/32\",\n\t\t\t\t\t\t\t},\n\t\t\t\t\t\t},\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = opensearch.NewDomain(ctx, \"exampleDomain\", \u0026opensearch.DomainArgs{\n\t\t\tAccessPolicies: *pulumi.String(examplePolicyDocument.Json),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.aws.AwsFunctions;\nimport com.pulumi.aws.inputs.GetRegionArgs;\nimport com.pulumi.aws.inputs.GetCallerIdentityArgs;\nimport com.pulumi.aws.iam.IamFunctions;\nimport com.pulumi.aws.iam.inputs.GetPolicyDocumentArgs;\nimport com.pulumi.aws.opensearch.Domain;\nimport com.pulumi.aws.opensearch.DomainArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var config = ctx.config();\n final var domain = config.get(\"domain\").orElse(\"tf-test\");\n final var currentRegion = AwsFunctions.getRegion();\n\n final var currentCallerIdentity = AwsFunctions.getCallerIdentity();\n\n final var examplePolicyDocument = IamFunctions.getPolicyDocument(GetPolicyDocumentArgs.builder()\n .statements(GetPolicyDocumentStatementArgs.builder()\n .effect(\"Allow\")\n .principals(GetPolicyDocumentStatementPrincipalArgs.builder()\n .type(\"*\")\n .identifiers(\"*\")\n .build())\n .actions(\"es:*\")\n .resources(String.format(\"arn:aws:es:%s:%s:domain/%s/*\", currentRegion.applyValue(getRegionResult -\u003e getRegionResult.name()),currentCallerIdentity.applyValue(getCallerIdentityResult -\u003e getCallerIdentityResult.accountId()),domain))\n .conditions(GetPolicyDocumentStatementConditionArgs.builder()\n .test(\"IpAddress\")\n .variable(\"aws:SourceIp\")\n .values(\"66.193.100.22/32\")\n .build())\n .build())\n .build());\n\n var exampleDomain = new Domain(\"exampleDomain\", DomainArgs.builder() \n .accessPolicies(examplePolicyDocument.applyValue(getPolicyDocumentResult -\u003e getPolicyDocumentResult.json()))\n .build());\n\n }\n}\n```\n```yaml\nconfiguration:\n domain:\n type: string\n default: tf-test\nresources:\n exampleDomain:\n type: aws:opensearch:Domain\n properties:\n accessPolicies: ${examplePolicyDocument.json}\nvariables:\n currentRegion:\n fn::invoke:\n Function: aws:getRegion\n Arguments: {}\n currentCallerIdentity:\n fn::invoke:\n Function: aws:getCallerIdentity\n Arguments: {}\n examplePolicyDocument:\n fn::invoke:\n Function: aws:iam:getPolicyDocument\n Arguments:\n statements:\n - effect: Allow\n principals:\n - type: '*'\n identifiers:\n - '*'\n actions:\n - es:*\n resources:\n - arn:aws:es:${currentRegion.name}:${currentCallerIdentity.accountId}:domain/${domain}/*\n conditions:\n - test: IpAddress\n variable: aws:SourceIp\n values:\n - 66.193.100.22/32\n```\n{{% /example %}}\n{{% example %}}\n### Log publishing to CloudWatch Logs\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst exampleLogGroup = new aws.cloudwatch.LogGroup(\"exampleLogGroup\", {});\nconst examplePolicyDocument = aws.iam.getPolicyDocument({\n statements: [{\n effect: \"Allow\",\n principals: [{\n type: \"Service\",\n identifiers: [\"es.amazonaws.com\"],\n }],\n actions: [\n \"logs:PutLogEvents\",\n \"logs:PutLogEventsBatch\",\n \"logs:CreateLogStream\",\n ],\n resources: [\"arn:aws:logs:*\"],\n }],\n});\nconst exampleLogResourcePolicy = new aws.cloudwatch.LogResourcePolicy(\"exampleLogResourcePolicy\", {\n policyName: \"example\",\n policyDocument: examplePolicyDocument.then(examplePolicyDocument =\u003e examplePolicyDocument.json),\n});\n// .. other configuration ...\nconst exampleDomain = new aws.opensearch.Domain(\"exampleDomain\", {logPublishingOptions: [{\n cloudwatchLogGroupArn: exampleLogGroup.arn,\n logType: \"INDEX_SLOW_LOGS\",\n}]});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nexample_log_group = aws.cloudwatch.LogGroup(\"exampleLogGroup\")\nexample_policy_document = aws.iam.get_policy_document(statements=[aws.iam.GetPolicyDocumentStatementArgs(\n effect=\"Allow\",\n principals=[aws.iam.GetPolicyDocumentStatementPrincipalArgs(\n type=\"Service\",\n identifiers=[\"es.amazonaws.com\"],\n )],\n actions=[\n \"logs:PutLogEvents\",\n \"logs:PutLogEventsBatch\",\n \"logs:CreateLogStream\",\n ],\n resources=[\"arn:aws:logs:*\"],\n)])\nexample_log_resource_policy = aws.cloudwatch.LogResourcePolicy(\"exampleLogResourcePolicy\",\n policy_name=\"example\",\n policy_document=example_policy_document.json)\n# .. other configuration ...\nexample_domain = aws.opensearch.Domain(\"exampleDomain\", log_publishing_options=[aws.opensearch.DomainLogPublishingOptionArgs(\n cloudwatch_log_group_arn=example_log_group.arn,\n log_type=\"INDEX_SLOW_LOGS\",\n)])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var exampleLogGroup = new Aws.CloudWatch.LogGroup(\"exampleLogGroup\");\n\n var examplePolicyDocument = Aws.Iam.GetPolicyDocument.Invoke(new()\n {\n Statements = new[]\n {\n new Aws.Iam.Inputs.GetPolicyDocumentStatementInputArgs\n {\n Effect = \"Allow\",\n Principals = new[]\n {\n new Aws.Iam.Inputs.GetPolicyDocumentStatementPrincipalInputArgs\n {\n Type = \"Service\",\n Identifiers = new[]\n {\n \"es.amazonaws.com\",\n },\n },\n },\n Actions = new[]\n {\n \"logs:PutLogEvents\",\n \"logs:PutLogEventsBatch\",\n \"logs:CreateLogStream\",\n },\n Resources = new[]\n {\n \"arn:aws:logs:*\",\n },\n },\n },\n });\n\n var exampleLogResourcePolicy = new Aws.CloudWatch.LogResourcePolicy(\"exampleLogResourcePolicy\", new()\n {\n PolicyName = \"example\",\n PolicyDocument = examplePolicyDocument.Apply(getPolicyDocumentResult =\u003e getPolicyDocumentResult.Json),\n });\n\n // .. other configuration ...\n var exampleDomain = new Aws.OpenSearch.Domain(\"exampleDomain\", new()\n {\n LogPublishingOptions = new[]\n {\n new Aws.OpenSearch.Inputs.DomainLogPublishingOptionArgs\n {\n CloudwatchLogGroupArn = exampleLogGroup.Arn,\n LogType = \"INDEX_SLOW_LOGS\",\n },\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/cloudwatch\"\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/iam\"\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/opensearch\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\texampleLogGroup, err := cloudwatch.NewLogGroup(ctx, \"exampleLogGroup\", nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\texamplePolicyDocument, err := iam.GetPolicyDocument(ctx, \u0026iam.GetPolicyDocumentArgs{\n\t\t\tStatements: []iam.GetPolicyDocumentStatement{\n\t\t\t\t{\n\t\t\t\t\tEffect: pulumi.StringRef(\"Allow\"),\n\t\t\t\t\tPrincipals: []iam.GetPolicyDocumentStatementPrincipal{\n\t\t\t\t\t\t{\n\t\t\t\t\t\t\tType: \"Service\",\n\t\t\t\t\t\t\tIdentifiers: []string{\n\t\t\t\t\t\t\t\t\"es.amazonaws.com\",\n\t\t\t\t\t\t\t},\n\t\t\t\t\t\t},\n\t\t\t\t\t},\n\t\t\t\t\tActions: []string{\n\t\t\t\t\t\t\"logs:PutLogEvents\",\n\t\t\t\t\t\t\"logs:PutLogEventsBatch\",\n\t\t\t\t\t\t\"logs:CreateLogStream\",\n\t\t\t\t\t},\n\t\t\t\t\tResources: []string{\n\t\t\t\t\t\t\"arn:aws:logs:*\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = cloudwatch.NewLogResourcePolicy(ctx, \"exampleLogResourcePolicy\", \u0026cloudwatch.LogResourcePolicyArgs{\n\t\t\tPolicyName: pulumi.String(\"example\"),\n\t\t\tPolicyDocument: *pulumi.String(examplePolicyDocument.Json),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = opensearch.NewDomain(ctx, \"exampleDomain\", \u0026opensearch.DomainArgs{\n\t\t\tLogPublishingOptions: opensearch.DomainLogPublishingOptionArray{\n\t\t\t\t\u0026opensearch.DomainLogPublishingOptionArgs{\n\t\t\t\t\tCloudwatchLogGroupArn: exampleLogGroup.Arn,\n\t\t\t\t\tLogType: pulumi.String(\"INDEX_SLOW_LOGS\"),\n\t\t\t\t},\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.aws.cloudwatch.LogGroup;\nimport com.pulumi.aws.iam.IamFunctions;\nimport com.pulumi.aws.iam.inputs.GetPolicyDocumentArgs;\nimport com.pulumi.aws.cloudwatch.LogResourcePolicy;\nimport com.pulumi.aws.cloudwatch.LogResourcePolicyArgs;\nimport com.pulumi.aws.opensearch.Domain;\nimport com.pulumi.aws.opensearch.DomainArgs;\nimport com.pulumi.aws.opensearch.inputs.DomainLogPublishingOptionArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var exampleLogGroup = new LogGroup(\"exampleLogGroup\");\n\n final var examplePolicyDocument = IamFunctions.getPolicyDocument(GetPolicyDocumentArgs.builder()\n .statements(GetPolicyDocumentStatementArgs.builder()\n .effect(\"Allow\")\n .principals(GetPolicyDocumentStatementPrincipalArgs.builder()\n .type(\"Service\")\n .identifiers(\"es.amazonaws.com\")\n .build())\n .actions( \n \"logs:PutLogEvents\",\n \"logs:PutLogEventsBatch\",\n \"logs:CreateLogStream\")\n .resources(\"arn:aws:logs:*\")\n .build())\n .build());\n\n var exampleLogResourcePolicy = new LogResourcePolicy(\"exampleLogResourcePolicy\", LogResourcePolicyArgs.builder() \n .policyName(\"example\")\n .policyDocument(examplePolicyDocument.applyValue(getPolicyDocumentResult -\u003e getPolicyDocumentResult.json()))\n .build());\n\n var exampleDomain = new Domain(\"exampleDomain\", DomainArgs.builder() \n .logPublishingOptions(DomainLogPublishingOptionArgs.builder()\n .cloudwatchLogGroupArn(exampleLogGroup.arn())\n .logType(\"INDEX_SLOW_LOGS\")\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n exampleLogGroup:\n type: aws:cloudwatch:LogGroup\n exampleLogResourcePolicy:\n type: aws:cloudwatch:LogResourcePolicy\n properties:\n policyName: example\n policyDocument: ${examplePolicyDocument.json}\n exampleDomain:\n type: aws:opensearch:Domain\n properties:\n logPublishingOptions:\n - cloudwatchLogGroupArn: ${exampleLogGroup.arn}\n logType: INDEX_SLOW_LOGS\nvariables:\n examplePolicyDocument:\n fn::invoke:\n Function: aws:iam:getPolicyDocument\n Arguments:\n statements:\n - effect: Allow\n principals:\n - type: Service\n identifiers:\n - es.amazonaws.com\n actions:\n - logs:PutLogEvents\n - logs:PutLogEventsBatch\n - logs:CreateLogStream\n resources:\n - arn:aws:logs:*\n```\n{{% /example %}}\n{{% example %}}\n### VPC based OpenSearch\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst config = new pulumi.Config();\nconst vpc = config.requireObject(\"vpc\");\nconst domain = config.get(\"domain\") || \"tf-test\";\nconst exampleVpc = aws.ec2.getVpc({\n tags: {\n Name: vpc,\n },\n});\nconst exampleSubnets = exampleVpc.then(exampleVpc =\u003e aws.ec2.getSubnets({\n filters: [{\n name: \"vpc-id\",\n values: [exampleVpc.id],\n }],\n tags: {\n Tier: \"private\",\n },\n}));\nconst currentRegion = aws.getRegion({});\nconst currentCallerIdentity = aws.getCallerIdentity({});\nconst exampleSecurityGroup = new aws.ec2.SecurityGroup(\"exampleSecurityGroup\", {\n description: \"Managed by Pulumi\",\n vpcId: exampleVpc.then(exampleVpc =\u003e exampleVpc.id),\n ingress: [{\n fromPort: 443,\n toPort: 443,\n protocol: \"tcp\",\n cidrBlocks: [exampleVpc.then(exampleVpc =\u003e exampleVpc.cidrBlock)],\n }],\n});\nconst exampleServiceLinkedRole = new aws.iam.ServiceLinkedRole(\"exampleServiceLinkedRole\", {awsServiceName: \"opensearchservice.amazonaws.com\"});\nconst examplePolicyDocument = Promise.all([currentRegion, currentCallerIdentity]).then(([currentRegion, currentCallerIdentity]) =\u003e aws.iam.getPolicyDocument({\n statements: [{\n effect: \"Allow\",\n principals: [{\n type: \"*\",\n identifiers: [\"*\"],\n }],\n actions: [\"es:*\"],\n resources: [`arn:aws:es:${currentRegion.name}:${currentCallerIdentity.accountId}:domain/${domain}/*`],\n }],\n}));\nconst exampleDomain = new aws.opensearch.Domain(\"exampleDomain\", {\n engineVersion: \"OpenSearch_1.0\",\n clusterConfig: {\n instanceType: \"m4.large.search\",\n zoneAwarenessEnabled: true,\n },\n vpcOptions: {\n subnetIds: [\n exampleSubnets.then(exampleSubnets =\u003e exampleSubnets.ids?.[0]),\n exampleSubnets.then(exampleSubnets =\u003e exampleSubnets.ids?.[1]),\n ],\n securityGroupIds: [exampleSecurityGroup.id],\n },\n advancedOptions: {\n \"rest.action.multi.allow_explicit_index\": \"true\",\n },\n accessPolicies: examplePolicyDocument.then(examplePolicyDocument =\u003e examplePolicyDocument.json),\n tags: {\n Domain: \"TestDomain\",\n },\n}, {\n dependsOn: [exampleServiceLinkedRole],\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nconfig = pulumi.Config()\nvpc = config.require_object(\"vpc\")\ndomain = config.get(\"domain\")\nif domain is None:\n domain = \"tf-test\"\nexample_vpc = aws.ec2.get_vpc(tags={\n \"Name\": vpc,\n})\nexample_subnets = aws.ec2.get_subnets(filters=[aws.ec2.GetSubnetsFilterArgs(\n name=\"vpc-id\",\n values=[example_vpc.id],\n )],\n tags={\n \"Tier\": \"private\",\n })\ncurrent_region = aws.get_region()\ncurrent_caller_identity = aws.get_caller_identity()\nexample_security_group = aws.ec2.SecurityGroup(\"exampleSecurityGroup\",\n description=\"Managed by Pulumi\",\n vpc_id=example_vpc.id,\n ingress=[aws.ec2.SecurityGroupIngressArgs(\n from_port=443,\n to_port=443,\n protocol=\"tcp\",\n cidr_blocks=[example_vpc.cidr_block],\n )])\nexample_service_linked_role = aws.iam.ServiceLinkedRole(\"exampleServiceLinkedRole\", aws_service_name=\"opensearchservice.amazonaws.com\")\nexample_policy_document = aws.iam.get_policy_document(statements=[aws.iam.GetPolicyDocumentStatementArgs(\n effect=\"Allow\",\n principals=[aws.iam.GetPolicyDocumentStatementPrincipalArgs(\n type=\"*\",\n identifiers=[\"*\"],\n )],\n actions=[\"es:*\"],\n resources=[f\"arn:aws:es:{current_region.name}:{current_caller_identity.account_id}:domain/{domain}/*\"],\n)])\nexample_domain = aws.opensearch.Domain(\"exampleDomain\",\n engine_version=\"OpenSearch_1.0\",\n cluster_config=aws.opensearch.DomainClusterConfigArgs(\n instance_type=\"m4.large.search\",\n zone_awareness_enabled=True,\n ),\n vpc_options=aws.opensearch.DomainVpcOptionsArgs(\n subnet_ids=[\n example_subnets.ids[0],\n example_subnets.ids[1],\n ],\n security_group_ids=[example_security_group.id],\n ),\n advanced_options={\n \"rest.action.multi.allow_explicit_index\": \"true\",\n },\n access_policies=example_policy_document.json,\n tags={\n \"Domain\": \"TestDomain\",\n },\n opts=pulumi.ResourceOptions(depends_on=[example_service_linked_role]))\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var config = new Config();\n var vpc = config.RequireObject\u003cdynamic\u003e(\"vpc\");\n var domain = config.Get(\"domain\") ?? \"tf-test\";\n var exampleVpc = Aws.Ec2.GetVpc.Invoke(new()\n {\n Tags = \n {\n { \"Name\", vpc },\n },\n });\n\n var exampleSubnets = Aws.Ec2.GetSubnets.Invoke(new()\n {\n Filters = new[]\n {\n new Aws.Ec2.Inputs.GetSubnetsFilterInputArgs\n {\n Name = \"vpc-id\",\n Values = new[]\n {\n exampleVpc.Apply(getVpcResult =\u003e getVpcResult.Id),\n },\n },\n },\n Tags = \n {\n { \"Tier\", \"private\" },\n },\n });\n\n var currentRegion = Aws.GetRegion.Invoke();\n\n var currentCallerIdentity = Aws.GetCallerIdentity.Invoke();\n\n var exampleSecurityGroup = new Aws.Ec2.SecurityGroup(\"exampleSecurityGroup\", new()\n {\n Description = \"Managed by Pulumi\",\n VpcId = exampleVpc.Apply(getVpcResult =\u003e getVpcResult.Id),\n Ingress = new[]\n {\n new Aws.Ec2.Inputs.SecurityGroupIngressArgs\n {\n FromPort = 443,\n ToPort = 443,\n Protocol = \"tcp\",\n CidrBlocks = new[]\n {\n exampleVpc.Apply(getVpcResult =\u003e getVpcResult.CidrBlock),\n },\n },\n },\n });\n\n var exampleServiceLinkedRole = new Aws.Iam.ServiceLinkedRole(\"exampleServiceLinkedRole\", new()\n {\n AwsServiceName = \"opensearchservice.amazonaws.com\",\n });\n\n var examplePolicyDocument = Aws.Iam.GetPolicyDocument.Invoke(new()\n {\n Statements = new[]\n {\n new Aws.Iam.Inputs.GetPolicyDocumentStatementInputArgs\n {\n Effect = \"Allow\",\n Principals = new[]\n {\n new Aws.Iam.Inputs.GetPolicyDocumentStatementPrincipalInputArgs\n {\n Type = \"*\",\n Identifiers = new[]\n {\n \"*\",\n },\n },\n },\n Actions = new[]\n {\n \"es:*\",\n },\n Resources = new[]\n {\n $\"arn:aws:es:{currentRegion.Apply(getRegionResult =\u003e getRegionResult.Name)}:{currentCallerIdentity.Apply(getCallerIdentityResult =\u003e getCallerIdentityResult.AccountId)}:domain/{domain}/*\",\n },\n },\n },\n });\n\n var exampleDomain = new Aws.OpenSearch.Domain(\"exampleDomain\", new()\n {\n EngineVersion = \"OpenSearch_1.0\",\n ClusterConfig = new Aws.OpenSearch.Inputs.DomainClusterConfigArgs\n {\n InstanceType = \"m4.large.search\",\n ZoneAwarenessEnabled = true,\n },\n VpcOptions = new Aws.OpenSearch.Inputs.DomainVpcOptionsArgs\n {\n SubnetIds = new[]\n {\n exampleSubnets.Apply(getSubnetsResult =\u003e getSubnetsResult.Ids[0]),\n exampleSubnets.Apply(getSubnetsResult =\u003e getSubnetsResult.Ids[1]),\n },\n SecurityGroupIds = new[]\n {\n exampleSecurityGroup.Id,\n },\n },\n AdvancedOptions = \n {\n { \"rest.action.multi.allow_explicit_index\", \"true\" },\n },\n AccessPolicies = examplePolicyDocument.Apply(getPolicyDocumentResult =\u003e getPolicyDocumentResult.Json),\n Tags = \n {\n { \"Domain\", \"TestDomain\" },\n },\n }, new CustomResourceOptions\n {\n DependsOn = new[]\n {\n exampleServiceLinkedRole,\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\"fmt\"\n\n\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws\"\n\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/ec2\"\n\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/iam\"\n\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/opensearch\"\n\"github.com/pulumi/pulumi/sdk/v3/go/pulumi/config\"\n)\nfunc main() {\npulumi.Run(func(ctx *pulumi.Context) error {\ncfg := config.New(ctx, \"\")\nvpc := cfg.RequireObject(\"vpc\")\ndomain := \"tf-test\";\nif param := cfg.Get(\"domain\"); param != \"\"{\ndomain = param\n}\nexampleVpc, err := ec2.LookupVpc(ctx, \u0026ec2.LookupVpcArgs{\nTags: interface{}{\nName: vpc,\n},\n}, nil);\nif err != nil {\nreturn err\n}\nexampleSubnets, err := ec2.GetSubnets(ctx, \u0026ec2.GetSubnetsArgs{\nFilters: []ec2.GetSubnetsFilter{\n{\nName: \"vpc-id\",\nValues: interface{}{\nexampleVpc.Id,\n},\n},\n},\nTags: map[string]interface{}{\n\"Tier\": \"private\",\n},\n}, nil);\nif err != nil {\nreturn err\n}\ncurrentRegion, err := aws.GetRegion(ctx, nil, nil);\nif err != nil {\nreturn err\n}\ncurrentCallerIdentity, err := aws.GetCallerIdentity(ctx, nil, nil);\nif err != nil {\nreturn err\n}\nexampleSecurityGroup, err := ec2.NewSecurityGroup(ctx, \"exampleSecurityGroup\", \u0026ec2.SecurityGroupArgs{\nDescription: pulumi.String(\"Managed by Pulumi\"),\nVpcId: *pulumi.String(exampleVpc.Id),\nIngress: ec2.SecurityGroupIngressArray{\n\u0026ec2.SecurityGroupIngressArgs{\nFromPort: pulumi.Int(443),\nToPort: pulumi.Int(443),\nProtocol: pulumi.String(\"tcp\"),\nCidrBlocks: pulumi.StringArray{\n*pulumi.String(exampleVpc.CidrBlock),\n},\n},\n},\n})\nif err != nil {\nreturn err\n}\nexampleServiceLinkedRole, err := iam.NewServiceLinkedRole(ctx, \"exampleServiceLinkedRole\", \u0026iam.ServiceLinkedRoleArgs{\nAwsServiceName: pulumi.String(\"opensearchservice.amazonaws.com\"),\n})\nif err != nil {\nreturn err\n}\nexamplePolicyDocument, err := iam.GetPolicyDocument(ctx, \u0026iam.GetPolicyDocumentArgs{\nStatements: []iam.GetPolicyDocumentStatement{\n{\nEffect: pulumi.StringRef(\"Allow\"),\nPrincipals: []iam.GetPolicyDocumentStatementPrincipal{\n{\nType: \"*\",\nIdentifiers: []string{\n\"*\",\n},\n},\n},\nActions: []string{\n\"es:*\",\n},\nResources: []string{\nfmt.Sprintf(\"arn:aws:es:%v:%v:domain/%v/*\", currentRegion.Name, currentCallerIdentity.AccountId, domain),\n},\n},\n},\n}, nil);\nif err != nil {\nreturn err\n}\n_, err = opensearch.NewDomain(ctx, \"exampleDomain\", \u0026opensearch.DomainArgs{\nEngineVersion: pulumi.String(\"OpenSearch_1.0\"),\nClusterConfig: \u0026opensearch.DomainClusterConfigArgs{\nInstanceType: pulumi.String(\"m4.large.search\"),\nZoneAwarenessEnabled: pulumi.Bool(true),\n},\nVpcOptions: \u0026opensearch.DomainVpcOptionsArgs{\nSubnetIds: pulumi.StringArray{\n*pulumi.String(exampleSubnets.Ids[0]),\n*pulumi.String(exampleSubnets.Ids[1]),\n},\nSecurityGroupIds: pulumi.StringArray{\nexampleSecurityGroup.ID(),\n},\n},\nAdvancedOptions: pulumi.StringMap{\n\"rest.action.multi.allow_explicit_index\": pulumi.String(\"true\"),\n},\nAccessPolicies: *pulumi.String(examplePolicyDocument.Json),\nTags: pulumi.StringMap{\n\"Domain\": pulumi.String(\"TestDomain\"),\n},\n}, pulumi.DependsOn([]pulumi.Resource{\nexampleServiceLinkedRole,\n}))\nif err != nil {\nreturn err\n}\nreturn nil\n})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.aws.ec2.Ec2Functions;\nimport com.pulumi.aws.ec2.inputs.GetVpcArgs;\nimport com.pulumi.aws.ec2.inputs.GetSubnetsArgs;\nimport com.pulumi.aws.AwsFunctions;\nimport com.pulumi.aws.inputs.GetRegionArgs;\nimport com.pulumi.aws.inputs.GetCallerIdentityArgs;\nimport com.pulumi.aws.ec2.SecurityGroup;\nimport com.pulumi.aws.ec2.SecurityGroupArgs;\nimport com.pulumi.aws.ec2.inputs.SecurityGroupIngressArgs;\nimport com.pulumi.aws.iam.ServiceLinkedRole;\nimport com.pulumi.aws.iam.ServiceLinkedRoleArgs;\nimport com.pulumi.aws.iam.IamFunctions;\nimport com.pulumi.aws.iam.inputs.GetPolicyDocumentArgs;\nimport com.pulumi.aws.opensearch.Domain;\nimport com.pulumi.aws.opensearch.DomainArgs;\nimport com.pulumi.aws.opensearch.inputs.DomainClusterConfigArgs;\nimport com.pulumi.aws.opensearch.inputs.DomainVpcOptionsArgs;\nimport com.pulumi.resources.CustomResourceOptions;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var config = ctx.config();\n final var vpc = config.get(\"vpc\");\n final var domain = config.get(\"domain\").orElse(\"tf-test\");\n final var exampleVpc = Ec2Functions.getVpc(GetVpcArgs.builder()\n .tags(Map.of(\"Name\", vpc))\n .build());\n\n final var exampleSubnets = Ec2Functions.getSubnets(GetSubnetsArgs.builder()\n .filters(GetSubnetsFilterArgs.builder()\n .name(\"vpc-id\")\n .values(exampleVpc.applyValue(getVpcResult -\u003e getVpcResult.id()))\n .build())\n .tags(Map.of(\"Tier\", \"private\"))\n .build());\n\n final var currentRegion = AwsFunctions.getRegion();\n\n final var currentCallerIdentity = AwsFunctions.getCallerIdentity();\n\n var exampleSecurityGroup = new SecurityGroup(\"exampleSecurityGroup\", SecurityGroupArgs.builder() \n .description(\"Managed by Pulumi\")\n .vpcId(exampleVpc.applyValue(getVpcResult -\u003e getVpcResult.id()))\n .ingress(SecurityGroupIngressArgs.builder()\n .fromPort(443)\n .toPort(443)\n .protocol(\"tcp\")\n .cidrBlocks(exampleVpc.applyValue(getVpcResult -\u003e getVpcResult.cidrBlock()))\n .build())\n .build());\n\n var exampleServiceLinkedRole = new ServiceLinkedRole(\"exampleServiceLinkedRole\", ServiceLinkedRoleArgs.builder() \n .awsServiceName(\"opensearchservice.amazonaws.com\")\n .build());\n\n final var examplePolicyDocument = IamFunctions.getPolicyDocument(GetPolicyDocumentArgs.builder()\n .statements(GetPolicyDocumentStatementArgs.builder()\n .effect(\"Allow\")\n .principals(GetPolicyDocumentStatementPrincipalArgs.builder()\n .type(\"*\")\n .identifiers(\"*\")\n .build())\n .actions(\"es:*\")\n .resources(String.format(\"arn:aws:es:%s:%s:domain/%s/*\", currentRegion.applyValue(getRegionResult -\u003e getRegionResult.name()),currentCallerIdentity.applyValue(getCallerIdentityResult -\u003e getCallerIdentityResult.accountId()),domain))\n .build())\n .build());\n\n var exampleDomain = new Domain(\"exampleDomain\", DomainArgs.builder() \n .engineVersion(\"OpenSearch_1.0\")\n .clusterConfig(DomainClusterConfigArgs.builder()\n .instanceType(\"m4.large.search\")\n .zoneAwarenessEnabled(true)\n .build())\n .vpcOptions(DomainVpcOptionsArgs.builder()\n .subnetIds( \n exampleSubnets.applyValue(getSubnetsResult -\u003e getSubnetsResult.ids()[0]),\n exampleSubnets.applyValue(getSubnetsResult -\u003e getSubnetsResult.ids()[1]))\n .securityGroupIds(exampleSecurityGroup.id())\n .build())\n .advancedOptions(Map.of(\"rest.action.multi.allow_explicit_index\", \"true\"))\n .accessPolicies(examplePolicyDocument.applyValue(getPolicyDocumentResult -\u003e getPolicyDocumentResult.json()))\n .tags(Map.of(\"Domain\", \"TestDomain\"))\n .build(), CustomResourceOptions.builder()\n .dependsOn(exampleServiceLinkedRole)\n .build());\n\n }\n}\n```\n```yaml\nconfiguration:\n vpc:\n type: dynamic\n domain:\n type: string\n default: tf-test\nresources:\n exampleSecurityGroup:\n type: aws:ec2:SecurityGroup\n properties:\n description: Managed by Pulumi\n vpcId: ${exampleVpc.id}\n ingress:\n - fromPort: 443\n toPort: 443\n protocol: tcp\n cidrBlocks:\n - ${exampleVpc.cidrBlock}\n exampleServiceLinkedRole:\n type: aws:iam:ServiceLinkedRole\n properties:\n awsServiceName: opensearchservice.amazonaws.com\n exampleDomain:\n type: aws:opensearch:Domain\n properties:\n engineVersion: OpenSearch_1.0\n clusterConfig:\n instanceType: m4.large.search\n zoneAwarenessEnabled: true\n vpcOptions:\n subnetIds:\n - ${exampleSubnets.ids[0]}\n - ${exampleSubnets.ids[1]}\n securityGroupIds:\n - ${exampleSecurityGroup.id}\n advancedOptions:\n rest.action.multi.allow_explicit_index: 'true'\n accessPolicies: ${examplePolicyDocument.json}\n tags:\n Domain: TestDomain\n options:\n dependson:\n - ${exampleServiceLinkedRole}\nvariables:\n exampleVpc:\n fn::invoke:\n Function: aws:ec2:getVpc\n Arguments:\n tags:\n Name: ${vpc}\n exampleSubnets:\n fn::invoke:\n Function: aws:ec2:getSubnets\n Arguments:\n filters:\n - name: vpc-id\n values:\n - ${exampleVpc.id}\n tags:\n Tier: private\n currentRegion:\n fn::invoke:\n Function: aws:getRegion\n Arguments: {}\n currentCallerIdentity:\n fn::invoke:\n Function: aws:getCallerIdentity\n Arguments: {}\n examplePolicyDocument:\n fn::invoke:\n Function: aws:iam:getPolicyDocument\n Arguments:\n statements:\n - effect: Allow\n principals:\n - type: '*'\n identifiers:\n - '*'\n actions:\n - es:*\n resources:\n - arn:aws:es:${currentRegion.name}:${currentCallerIdentity.accountId}:domain/${domain}/*\n```\n{{% /example %}}\n### Enabling fine-grained access control on an existing domain\n\nThis example shows two configurations: one to create a domain without fine-grained access control and the second to modify the domain to enable fine-grained access control. For more information, see [Enabling fine-grained access control](https://docs.aws.amazon.com/opensearch-service/latest/developerguide/fgac.html).\n{{% example %}}\n### First apply\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst example = new aws.opensearch.Domain(\"example\", {\n advancedSecurityOptions: {\n anonymousAuthEnabled: true,\n enabled: false,\n internalUserDatabaseEnabled: true,\n masterUserOptions: {\n masterUserName: \"example\",\n masterUserPassword: \"Barbarbarbar1!\",\n },\n },\n clusterConfig: {\n instanceType: \"r5.large.search\",\n },\n domainEndpointOptions: {\n enforceHttps: true,\n tlsSecurityPolicy: \"Policy-Min-TLS-1-2-2019-07\",\n },\n ebsOptions: {\n ebsEnabled: true,\n volumeSize: 10,\n },\n encryptAtRest: {\n enabled: true,\n },\n engineVersion: \"Elasticsearch_7.1\",\n nodeToNodeEncryption: {\n enabled: true,\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nexample = aws.opensearch.Domain(\"example\",\n advanced_security_options=aws.opensearch.DomainAdvancedSecurityOptionsArgs(\n anonymous_auth_enabled=True,\n enabled=False,\n internal_user_database_enabled=True,\n master_user_options=aws.opensearch.DomainAdvancedSecurityOptionsMasterUserOptionsArgs(\n master_user_name=\"example\",\n master_user_password=\"Barbarbarbar1!\",\n ),\n ),\n cluster_config=aws.opensearch.DomainClusterConfigArgs(\n instance_type=\"r5.large.search\",\n ),\n domain_endpoint_options=aws.opensearch.DomainDomainEndpointOptionsArgs(\n enforce_https=True,\n tls_security_policy=\"Policy-Min-TLS-1-2-2019-07\",\n ),\n ebs_options=aws.opensearch.DomainEbsOptionsArgs(\n ebs_enabled=True,\n volume_size=10,\n ),\n encrypt_at_rest=aws.opensearch.DomainEncryptAtRestArgs(\n enabled=True,\n ),\n engine_version=\"Elasticsearch_7.1\",\n node_to_node_encryption=aws.opensearch.DomainNodeToNodeEncryptionArgs(\n enabled=True,\n ))\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var example = new Aws.OpenSearch.Domain(\"example\", new()\n {\n AdvancedSecurityOptions = new Aws.OpenSearch.Inputs.DomainAdvancedSecurityOptionsArgs\n {\n AnonymousAuthEnabled = true,\n Enabled = false,\n InternalUserDatabaseEnabled = true,\n MasterUserOptions = new Aws.OpenSearch.Inputs.DomainAdvancedSecurityOptionsMasterUserOptionsArgs\n {\n MasterUserName = \"example\",\n MasterUserPassword = \"Barbarbarbar1!\",\n },\n },\n ClusterConfig = new Aws.OpenSearch.Inputs.DomainClusterConfigArgs\n {\n InstanceType = \"r5.large.search\",\n },\n DomainEndpointOptions = new Aws.OpenSearch.Inputs.DomainDomainEndpointOptionsArgs\n {\n EnforceHttps = true,\n TlsSecurityPolicy = \"Policy-Min-TLS-1-2-2019-07\",\n },\n EbsOptions = new Aws.OpenSearch.Inputs.DomainEbsOptionsArgs\n {\n EbsEnabled = true,\n VolumeSize = 10,\n },\n EncryptAtRest = new Aws.OpenSearch.Inputs.DomainEncryptAtRestArgs\n {\n Enabled = true,\n },\n EngineVersion = \"Elasticsearch_7.1\",\n NodeToNodeEncryption = new Aws.OpenSearch.Inputs.DomainNodeToNodeEncryptionArgs\n {\n Enabled = true,\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/opensearch\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := opensearch.NewDomain(ctx, \"example\", \u0026opensearch.DomainArgs{\n\t\t\tAdvancedSecurityOptions: \u0026opensearch.DomainAdvancedSecurityOptionsArgs{\n\t\t\t\tAnonymousAuthEnabled: pulumi.Bool(true),\n\t\t\t\tEnabled: pulumi.Bool(false),\n\t\t\t\tInternalUserDatabaseEnabled: pulumi.Bool(true),\n\t\t\t\tMasterUserOptions: \u0026opensearch.DomainAdvancedSecurityOptionsMasterUserOptionsArgs{\n\t\t\t\t\tMasterUserName: pulumi.String(\"example\"),\n\t\t\t\t\tMasterUserPassword: pulumi.String(\"Barbarbarbar1!\"),\n\t\t\t\t},\n\t\t\t},\n\t\t\tClusterConfig: \u0026opensearch.DomainClusterConfigArgs{\n\t\t\t\tInstanceType: pulumi.String(\"r5.large.search\"),\n\t\t\t},\n\t\t\tDomainEndpointOptions: \u0026opensearch.DomainDomainEndpointOptionsArgs{\n\t\t\t\tEnforceHttps: pulumi.Bool(true),\n\t\t\t\tTlsSecurityPolicy: pulumi.String(\"Policy-Min-TLS-1-2-2019-07\"),\n\t\t\t},\n\t\t\tEbsOptions: \u0026opensearch.DomainEbsOptionsArgs{\n\t\t\t\tEbsEnabled: pulumi.Bool(true),\n\t\t\t\tVolumeSize: pulumi.Int(10),\n\t\t\t},\n\t\t\tEncryptAtRest: \u0026opensearch.DomainEncryptAtRestArgs{\n\t\t\t\tEnabled: pulumi.Bool(true),\n\t\t\t},\n\t\t\tEngineVersion: pulumi.String(\"Elasticsearch_7.1\"),\n\t\t\tNodeToNodeEncryption: \u0026opensearch.DomainNodeToNodeEncryptionArgs{\n\t\t\t\tEnabled: pulumi.Bool(true),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.aws.opensearch.Domain;\nimport com.pulumi.aws.opensearch.DomainArgs;\nimport com.pulumi.aws.opensearch.inputs.DomainAdvancedSecurityOptionsArgs;\nimport com.pulumi.aws.opensearch.inputs.DomainAdvancedSecurityOptionsMasterUserOptionsArgs;\nimport com.pulumi.aws.opensearch.inputs.DomainClusterConfigArgs;\nimport com.pulumi.aws.opensearch.inputs.DomainDomainEndpointOptionsArgs;\nimport com.pulumi.aws.opensearch.inputs.DomainEbsOptionsArgs;\nimport com.pulumi.aws.opensearch.inputs.DomainEncryptAtRestArgs;\nimport com.pulumi.aws.opensearch.inputs.DomainNodeToNodeEncryptionArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var example = new Domain(\"example\", DomainArgs.builder() \n .advancedSecurityOptions(DomainAdvancedSecurityOptionsArgs.builder()\n .anonymousAuthEnabled(true)\n .enabled(false)\n .internalUserDatabaseEnabled(true)\n .masterUserOptions(DomainAdvancedSecurityOptionsMasterUserOptionsArgs.builder()\n .masterUserName(\"example\")\n .masterUserPassword(\"Barbarbarbar1!\")\n .build())\n .build())\n .clusterConfig(DomainClusterConfigArgs.builder()\n .instanceType(\"r5.large.search\")\n .build())\n .domainEndpointOptions(DomainDomainEndpointOptionsArgs.builder()\n .enforceHttps(true)\n .tlsSecurityPolicy(\"Policy-Min-TLS-1-2-2019-07\")\n .build())\n .ebsOptions(DomainEbsOptionsArgs.builder()\n .ebsEnabled(true)\n .volumeSize(10)\n .build())\n .encryptAtRest(DomainEncryptAtRestArgs.builder()\n .enabled(true)\n .build())\n .engineVersion(\"Elasticsearch_7.1\")\n .nodeToNodeEncryption(DomainNodeToNodeEncryptionArgs.builder()\n .enabled(true)\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n example:\n type: aws:opensearch:Domain\n properties:\n advancedSecurityOptions:\n anonymousAuthEnabled: true\n enabled: false\n internalUserDatabaseEnabled: true\n masterUserOptions:\n masterUserName: example\n masterUserPassword: Barbarbarbar1!\n clusterConfig:\n instanceType: r5.large.search\n domainEndpointOptions:\n enforceHttps: true\n tlsSecurityPolicy: Policy-Min-TLS-1-2-2019-07\n ebsOptions:\n ebsEnabled: true\n volumeSize: 10\n encryptAtRest:\n enabled: true\n engineVersion: Elasticsearch_7.1\n nodeToNodeEncryption:\n enabled: true\n```\n{{% /example %}}\n{{% example %}}\n### Second apply\n\nNotice that the only change is `advanced_security_options.0.enabled` is now set to `true`.\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst example = new aws.opensearch.Domain(\"example\", {\n advancedSecurityOptions: {\n anonymousAuthEnabled: true,\n enabled: true,\n internalUserDatabaseEnabled: true,\n masterUserOptions: {\n masterUserName: \"example\",\n masterUserPassword: \"Barbarbarbar1!\",\n },\n },\n clusterConfig: {\n instanceType: \"r5.large.search\",\n },\n domainEndpointOptions: {\n enforceHttps: true,\n tlsSecurityPolicy: \"Policy-Min-TLS-1-2-2019-07\",\n },\n ebsOptions: {\n ebsEnabled: true,\n volumeSize: 10,\n },\n encryptAtRest: {\n enabled: true,\n },\n engineVersion: \"Elasticsearch_7.1\",\n nodeToNodeEncryption: {\n enabled: true,\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nexample = aws.opensearch.Domain(\"example\",\n advanced_security_options=aws.opensearch.DomainAdvancedSecurityOptionsArgs(\n anonymous_auth_enabled=True,\n enabled=True,\n internal_user_database_enabled=True,\n master_user_options=aws.opensearch.DomainAdvancedSecurityOptionsMasterUserOptionsArgs(\n master_user_name=\"example\",\n master_user_password=\"Barbarbarbar1!\",\n ),\n ),\n cluster_config=aws.opensearch.DomainClusterConfigArgs(\n instance_type=\"r5.large.search\",\n ),\n domain_endpoint_options=aws.opensearch.DomainDomainEndpointOptionsArgs(\n enforce_https=True,\n tls_security_policy=\"Policy-Min-TLS-1-2-2019-07\",\n ),\n ebs_options=aws.opensearch.DomainEbsOptionsArgs(\n ebs_enabled=True,\n volume_size=10,\n ),\n encrypt_at_rest=aws.opensearch.DomainEncryptAtRestArgs(\n enabled=True,\n ),\n engine_version=\"Elasticsearch_7.1\",\n node_to_node_encryption=aws.opensearch.DomainNodeToNodeEncryptionArgs(\n enabled=True,\n ))\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var example = new Aws.OpenSearch.Domain(\"example\", new()\n {\n AdvancedSecurityOptions = new Aws.OpenSearch.Inputs.DomainAdvancedSecurityOptionsArgs\n {\n AnonymousAuthEnabled = true,\n Enabled = true,\n InternalUserDatabaseEnabled = true,\n MasterUserOptions = new Aws.OpenSearch.Inputs.DomainAdvancedSecurityOptionsMasterUserOptionsArgs\n {\n MasterUserName = \"example\",\n MasterUserPassword = \"Barbarbarbar1!\",\n },\n },\n ClusterConfig = new Aws.OpenSearch.Inputs.DomainClusterConfigArgs\n {\n InstanceType = \"r5.large.search\",\n },\n DomainEndpointOptions = new Aws.OpenSearch.Inputs.DomainDomainEndpointOptionsArgs\n {\n EnforceHttps = true,\n TlsSecurityPolicy = \"Policy-Min-TLS-1-2-2019-07\",\n },\n EbsOptions = new Aws.OpenSearch.Inputs.DomainEbsOptionsArgs\n {\n EbsEnabled = true,\n VolumeSize = 10,\n },\n EncryptAtRest = new Aws.OpenSearch.Inputs.DomainEncryptAtRestArgs\n {\n Enabled = true,\n },\n EngineVersion = \"Elasticsearch_7.1\",\n NodeToNodeEncryption = new Aws.OpenSearch.Inputs.DomainNodeToNodeEncryptionArgs\n {\n Enabled = true,\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/opensearch\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := opensearch.NewDomain(ctx, \"example\", \u0026opensearch.DomainArgs{\n\t\t\tAdvancedSecurityOptions: \u0026opensearch.DomainAdvancedSecurityOptionsArgs{\n\t\t\t\tAnonymousAuthEnabled: pulumi.Bool(true),\n\t\t\t\tEnabled: pulumi.Bool(true),\n\t\t\t\tInternalUserDatabaseEnabled: pulumi.Bool(true),\n\t\t\t\tMasterUserOptions: \u0026opensearch.DomainAdvancedSecurityOptionsMasterUserOptionsArgs{\n\t\t\t\t\tMasterUserName: pulumi.String(\"example\"),\n\t\t\t\t\tMasterUserPassword: pulumi.String(\"Barbarbarbar1!\"),\n\t\t\t\t},\n\t\t\t},\n\t\t\tClusterConfig: \u0026opensearch.DomainClusterConfigArgs{\n\t\t\t\tInstanceType: pulumi.String(\"r5.large.search\"),\n\t\t\t},\n\t\t\tDomainEndpointOptions: \u0026opensearch.DomainDomainEndpointOptionsArgs{\n\t\t\t\tEnforceHttps: pulumi.Bool(true),\n\t\t\t\tTlsSecurityPolicy: pulumi.String(\"Policy-Min-TLS-1-2-2019-07\"),\n\t\t\t},\n\t\t\tEbsOptions: \u0026opensearch.DomainEbsOptionsArgs{\n\t\t\t\tEbsEnabled: pulumi.Bool(true),\n\t\t\t\tVolumeSize: pulumi.Int(10),\n\t\t\t},\n\t\t\tEncryptAtRest: \u0026opensearch.DomainEncryptAtRestArgs{\n\t\t\t\tEnabled: pulumi.Bool(true),\n\t\t\t},\n\t\t\tEngineVersion: pulumi.String(\"Elasticsearch_7.1\"),\n\t\t\tNodeToNodeEncryption: \u0026opensearch.DomainNodeToNodeEncryptionArgs{\n\t\t\t\tEnabled: pulumi.Bool(true),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.aws.opensearch.Domain;\nimport com.pulumi.aws.opensearch.DomainArgs;\nimport com.pulumi.aws.opensearch.inputs.DomainAdvancedSecurityOptionsArgs;\nimport com.pulumi.aws.opensearch.inputs.DomainAdvancedSecurityOptionsMasterUserOptionsArgs;\nimport com.pulumi.aws.opensearch.inputs.DomainClusterConfigArgs;\nimport com.pulumi.aws.opensearch.inputs.DomainDomainEndpointOptionsArgs;\nimport com.pulumi.aws.opensearch.inputs.DomainEbsOptionsArgs;\nimport com.pulumi.aws.opensearch.inputs.DomainEncryptAtRestArgs;\nimport com.pulumi.aws.opensearch.inputs.DomainNodeToNodeEncryptionArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var example = new Domain(\"example\", DomainArgs.builder() \n .advancedSecurityOptions(DomainAdvancedSecurityOptionsArgs.builder()\n .anonymousAuthEnabled(true)\n .enabled(true)\n .internalUserDatabaseEnabled(true)\n .masterUserOptions(DomainAdvancedSecurityOptionsMasterUserOptionsArgs.builder()\n .masterUserName(\"example\")\n .masterUserPassword(\"Barbarbarbar1!\")\n .build())\n .build())\n .clusterConfig(DomainClusterConfigArgs.builder()\n .instanceType(\"r5.large.search\")\n .build())\n .domainEndpointOptions(DomainDomainEndpointOptionsArgs.builder()\n .enforceHttps(true)\n .tlsSecurityPolicy(\"Policy-Min-TLS-1-2-2019-07\")\n .build())\n .ebsOptions(DomainEbsOptionsArgs.builder()\n .ebsEnabled(true)\n .volumeSize(10)\n .build())\n .encryptAtRest(DomainEncryptAtRestArgs.builder()\n .enabled(true)\n .build())\n .engineVersion(\"Elasticsearch_7.1\")\n .nodeToNodeEncryption(DomainNodeToNodeEncryptionArgs.builder()\n .enabled(true)\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n example:\n type: aws:opensearch:Domain\n properties:\n advancedSecurityOptions:\n anonymousAuthEnabled: true\n enabled: true\n internalUserDatabaseEnabled: true\n masterUserOptions:\n masterUserName: example\n masterUserPassword: Barbarbarbar1!\n clusterConfig:\n instanceType: r5.large.search\n domainEndpointOptions:\n enforceHttps: true\n tlsSecurityPolicy: Policy-Min-TLS-1-2-2019-07\n ebsOptions:\n ebsEnabled: true\n volumeSize: 10\n encryptAtRest:\n enabled: true\n engineVersion: Elasticsearch_7.1\n nodeToNodeEncryption:\n enabled: true\n```\n{{% /example %}}\n{{% /examples %}}\n\n## Import\n\nterraform import {\n\n to = aws_opensearch_domain.example\n\n id = \"domain_name\" } Using `pulumi import`, import OpenSearch domains using the `domain_name`. For exampleconsole % pulumi import aws_opensearch_domain.example domain_name ", + "description": "Manages an Amazon OpenSearch Domain.\n\n## Elasticsearch vs. OpenSearch\n\nAmazon OpenSearch Service is the successor to Amazon Elasticsearch Service and supports OpenSearch and legacy Elasticsearch OSS (up to 7.10, the final open source version of the software).\n\nOpenSearch Domain configurations are similar in many ways to Elasticsearch Domain configurations. However, there are important differences including these:\n\n* OpenSearch has `engine_version` while Elasticsearch has `elasticsearch_version`\n* Versions are specified differently - _e.g._, `Elasticsearch_7.10` with OpenSearch vs. `7.10` for Elasticsearch.\n* `instance_type` argument values end in `search` for OpenSearch vs. `elasticsearch` for Elasticsearch (_e.g._, `t2.micro.search` vs. `t2.micro.elasticsearch`).\n* The AWS-managed service-linked role for OpenSearch is called `AWSServiceRoleForAmazonOpenSearchService` instead of `AWSServiceRoleForAmazonElasticsearchService` for Elasticsearch.\n\nThere are also some potentially unexpected similarities in configurations:\n\n* ARNs for both are prefaced with `arn:aws:es:`.\n* Both OpenSearch and Elasticsearch use assume role policies that refer to the `Principal` `Service` as `es.amazonaws.com`.\n* IAM policy actions, such as those you will find in `access_policies`, are prefaced with `es:` for both.\n\n{{% examples %}}\n## Example Usage\n{{% example %}}\n### Basic Usage\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst example = new aws.opensearch.Domain(\"example\", {\n clusterConfig: {\n instanceType: \"r4.large.search\",\n },\n engineVersion: \"Elasticsearch_7.10\",\n tags: {\n Domain: \"TestDomain\",\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nexample = aws.opensearch.Domain(\"example\",\n cluster_config=aws.opensearch.DomainClusterConfigArgs(\n instance_type=\"r4.large.search\",\n ),\n engine_version=\"Elasticsearch_7.10\",\n tags={\n \"Domain\": \"TestDomain\",\n })\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var example = new Aws.OpenSearch.Domain(\"example\", new()\n {\n ClusterConfig = new Aws.OpenSearch.Inputs.DomainClusterConfigArgs\n {\n InstanceType = \"r4.large.search\",\n },\n EngineVersion = \"Elasticsearch_7.10\",\n Tags = \n {\n { \"Domain\", \"TestDomain\" },\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/opensearch\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := opensearch.NewDomain(ctx, \"example\", \u0026opensearch.DomainArgs{\n\t\t\tClusterConfig: \u0026opensearch.DomainClusterConfigArgs{\n\t\t\t\tInstanceType: pulumi.String(\"r4.large.search\"),\n\t\t\t},\n\t\t\tEngineVersion: pulumi.String(\"Elasticsearch_7.10\"),\n\t\t\tTags: pulumi.StringMap{\n\t\t\t\t\"Domain\": pulumi.String(\"TestDomain\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.aws.opensearch.Domain;\nimport com.pulumi.aws.opensearch.DomainArgs;\nimport com.pulumi.aws.opensearch.inputs.DomainClusterConfigArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var example = new Domain(\"example\", DomainArgs.builder() \n .clusterConfig(DomainClusterConfigArgs.builder()\n .instanceType(\"r4.large.search\")\n .build())\n .engineVersion(\"Elasticsearch_7.10\")\n .tags(Map.of(\"Domain\", \"TestDomain\"))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n example:\n type: aws:opensearch:Domain\n properties:\n clusterConfig:\n instanceType: r4.large.search\n engineVersion: Elasticsearch_7.10\n tags:\n Domain: TestDomain\n```\n{{% /example %}}\n{{% example %}}\n### Access Policy\n\n\u003e See also: `aws.opensearch.DomainPolicy` resource\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst config = new pulumi.Config();\nconst domain = config.get(\"domain\") || \"tf-test\";\nconst currentRegion = aws.getRegion({});\nconst currentCallerIdentity = aws.getCallerIdentity({});\nconst examplePolicyDocument = Promise.all([currentRegion, currentCallerIdentity]).then(([currentRegion, currentCallerIdentity]) =\u003e aws.iam.getPolicyDocument({\n statements: [{\n effect: \"Allow\",\n principals: [{\n type: \"*\",\n identifiers: [\"*\"],\n }],\n actions: [\"es:*\"],\n resources: [`arn:aws:es:${currentRegion.name}:${currentCallerIdentity.accountId}:domain/${domain}/*`],\n conditions: [{\n test: \"IpAddress\",\n variable: \"aws:SourceIp\",\n values: [\"66.193.100.22/32\"],\n }],\n }],\n}));\nconst exampleDomain = new aws.opensearch.Domain(\"exampleDomain\", {accessPolicies: examplePolicyDocument.then(examplePolicyDocument =\u003e examplePolicyDocument.json)});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nconfig = pulumi.Config()\ndomain = config.get(\"domain\")\nif domain is None:\n domain = \"tf-test\"\ncurrent_region = aws.get_region()\ncurrent_caller_identity = aws.get_caller_identity()\nexample_policy_document = aws.iam.get_policy_document(statements=[aws.iam.GetPolicyDocumentStatementArgs(\n effect=\"Allow\",\n principals=[aws.iam.GetPolicyDocumentStatementPrincipalArgs(\n type=\"*\",\n identifiers=[\"*\"],\n )],\n actions=[\"es:*\"],\n resources=[f\"arn:aws:es:{current_region.name}:{current_caller_identity.account_id}:domain/{domain}/*\"],\n conditions=[aws.iam.GetPolicyDocumentStatementConditionArgs(\n test=\"IpAddress\",\n variable=\"aws:SourceIp\",\n values=[\"66.193.100.22/32\"],\n )],\n)])\nexample_domain = aws.opensearch.Domain(\"exampleDomain\", access_policies=example_policy_document.json)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var config = new Config();\n var domain = config.Get(\"domain\") ?? \"tf-test\";\n var currentRegion = Aws.GetRegion.Invoke();\n\n var currentCallerIdentity = Aws.GetCallerIdentity.Invoke();\n\n var examplePolicyDocument = Aws.Iam.GetPolicyDocument.Invoke(new()\n {\n Statements = new[]\n {\n new Aws.Iam.Inputs.GetPolicyDocumentStatementInputArgs\n {\n Effect = \"Allow\",\n Principals = new[]\n {\n new Aws.Iam.Inputs.GetPolicyDocumentStatementPrincipalInputArgs\n {\n Type = \"*\",\n Identifiers = new[]\n {\n \"*\",\n },\n },\n },\n Actions = new[]\n {\n \"es:*\",\n },\n Resources = new[]\n {\n $\"arn:aws:es:{currentRegion.Apply(getRegionResult =\u003e getRegionResult.Name)}:{currentCallerIdentity.Apply(getCallerIdentityResult =\u003e getCallerIdentityResult.AccountId)}:domain/{domain}/*\",\n },\n Conditions = new[]\n {\n new Aws.Iam.Inputs.GetPolicyDocumentStatementConditionInputArgs\n {\n Test = \"IpAddress\",\n Variable = \"aws:SourceIp\",\n Values = new[]\n {\n \"66.193.100.22/32\",\n },\n },\n },\n },\n },\n });\n\n var exampleDomain = new Aws.OpenSearch.Domain(\"exampleDomain\", new()\n {\n AccessPolicies = examplePolicyDocument.Apply(getPolicyDocumentResult =\u003e getPolicyDocumentResult.Json),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"fmt\"\n\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws\"\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/iam\"\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/opensearch\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi/config\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tcfg := config.New(ctx, \"\")\n\t\tdomain := \"tf-test\"\n\t\tif param := cfg.Get(\"domain\"); param != \"\" {\n\t\t\tdomain = param\n\t\t}\n\t\tcurrentRegion, err := aws.GetRegion(ctx, nil, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tcurrentCallerIdentity, err := aws.GetCallerIdentity(ctx, nil, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\texamplePolicyDocument, err := iam.GetPolicyDocument(ctx, \u0026iam.GetPolicyDocumentArgs{\n\t\t\tStatements: []iam.GetPolicyDocumentStatement{\n\t\t\t\t{\n\t\t\t\t\tEffect: pulumi.StringRef(\"Allow\"),\n\t\t\t\t\tPrincipals: []iam.GetPolicyDocumentStatementPrincipal{\n\t\t\t\t\t\t{\n\t\t\t\t\t\t\tType: \"*\",\n\t\t\t\t\t\t\tIdentifiers: []string{\n\t\t\t\t\t\t\t\t\"*\",\n\t\t\t\t\t\t\t},\n\t\t\t\t\t\t},\n\t\t\t\t\t},\n\t\t\t\t\tActions: []string{\n\t\t\t\t\t\t\"es:*\",\n\t\t\t\t\t},\n\t\t\t\t\tResources: []string{\n\t\t\t\t\t\tfmt.Sprintf(\"arn:aws:es:%v:%v:domain/%v/*\", currentRegion.Name, currentCallerIdentity.AccountId, domain),\n\t\t\t\t\t},\n\t\t\t\t\tConditions: []iam.GetPolicyDocumentStatementCondition{\n\t\t\t\t\t\t{\n\t\t\t\t\t\t\tTest: \"IpAddress\",\n\t\t\t\t\t\t\tVariable: \"aws:SourceIp\",\n\t\t\t\t\t\t\tValues: []string{\n\t\t\t\t\t\t\t\t\"66.193.100.22/32\",\n\t\t\t\t\t\t\t},\n\t\t\t\t\t\t},\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = opensearch.NewDomain(ctx, \"exampleDomain\", \u0026opensearch.DomainArgs{\n\t\t\tAccessPolicies: *pulumi.String(examplePolicyDocument.Json),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.aws.AwsFunctions;\nimport com.pulumi.aws.inputs.GetRegionArgs;\nimport com.pulumi.aws.inputs.GetCallerIdentityArgs;\nimport com.pulumi.aws.iam.IamFunctions;\nimport com.pulumi.aws.iam.inputs.GetPolicyDocumentArgs;\nimport com.pulumi.aws.opensearch.Domain;\nimport com.pulumi.aws.opensearch.DomainArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var config = ctx.config();\n final var domain = config.get(\"domain\").orElse(\"tf-test\");\n final var currentRegion = AwsFunctions.getRegion();\n\n final var currentCallerIdentity = AwsFunctions.getCallerIdentity();\n\n final var examplePolicyDocument = IamFunctions.getPolicyDocument(GetPolicyDocumentArgs.builder()\n .statements(GetPolicyDocumentStatementArgs.builder()\n .effect(\"Allow\")\n .principals(GetPolicyDocumentStatementPrincipalArgs.builder()\n .type(\"*\")\n .identifiers(\"*\")\n .build())\n .actions(\"es:*\")\n .resources(String.format(\"arn:aws:es:%s:%s:domain/%s/*\", currentRegion.applyValue(getRegionResult -\u003e getRegionResult.name()),currentCallerIdentity.applyValue(getCallerIdentityResult -\u003e getCallerIdentityResult.accountId()),domain))\n .conditions(GetPolicyDocumentStatementConditionArgs.builder()\n .test(\"IpAddress\")\n .variable(\"aws:SourceIp\")\n .values(\"66.193.100.22/32\")\n .build())\n .build())\n .build());\n\n var exampleDomain = new Domain(\"exampleDomain\", DomainArgs.builder() \n .accessPolicies(examplePolicyDocument.applyValue(getPolicyDocumentResult -\u003e getPolicyDocumentResult.json()))\n .build());\n\n }\n}\n```\n```yaml\nconfiguration:\n domain:\n type: string\n default: tf-test\nresources:\n exampleDomain:\n type: aws:opensearch:Domain\n properties:\n accessPolicies: ${examplePolicyDocument.json}\nvariables:\n currentRegion:\n fn::invoke:\n Function: aws:getRegion\n Arguments: {}\n currentCallerIdentity:\n fn::invoke:\n Function: aws:getCallerIdentity\n Arguments: {}\n examplePolicyDocument:\n fn::invoke:\n Function: aws:iam:getPolicyDocument\n Arguments:\n statements:\n - effect: Allow\n principals:\n - type: '*'\n identifiers:\n - '*'\n actions:\n - es:*\n resources:\n - arn:aws:es:${currentRegion.name}:${currentCallerIdentity.accountId}:domain/${domain}/*\n conditions:\n - test: IpAddress\n variable: aws:SourceIp\n values:\n - 66.193.100.22/32\n```\n{{% /example %}}\n{{% example %}}\n### Log publishing to CloudWatch Logs\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst exampleLogGroup = new aws.cloudwatch.LogGroup(\"exampleLogGroup\", {});\nconst examplePolicyDocument = aws.iam.getPolicyDocument({\n statements: [{\n effect: \"Allow\",\n principals: [{\n type: \"Service\",\n identifiers: [\"es.amazonaws.com\"],\n }],\n actions: [\n \"logs:PutLogEvents\",\n \"logs:PutLogEventsBatch\",\n \"logs:CreateLogStream\",\n ],\n resources: [\"arn:aws:logs:*\"],\n }],\n});\nconst exampleLogResourcePolicy = new aws.cloudwatch.LogResourcePolicy(\"exampleLogResourcePolicy\", {\n policyName: \"example\",\n policyDocument: examplePolicyDocument.then(examplePolicyDocument =\u003e examplePolicyDocument.json),\n});\n// .. other configuration ...\nconst exampleDomain = new aws.opensearch.Domain(\"exampleDomain\", {logPublishingOptions: [{\n cloudwatchLogGroupArn: exampleLogGroup.arn,\n logType: \"INDEX_SLOW_LOGS\",\n}]});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nexample_log_group = aws.cloudwatch.LogGroup(\"exampleLogGroup\")\nexample_policy_document = aws.iam.get_policy_document(statements=[aws.iam.GetPolicyDocumentStatementArgs(\n effect=\"Allow\",\n principals=[aws.iam.GetPolicyDocumentStatementPrincipalArgs(\n type=\"Service\",\n identifiers=[\"es.amazonaws.com\"],\n )],\n actions=[\n \"logs:PutLogEvents\",\n \"logs:PutLogEventsBatch\",\n \"logs:CreateLogStream\",\n ],\n resources=[\"arn:aws:logs:*\"],\n)])\nexample_log_resource_policy = aws.cloudwatch.LogResourcePolicy(\"exampleLogResourcePolicy\",\n policy_name=\"example\",\n policy_document=example_policy_document.json)\n# .. other configuration ...\nexample_domain = aws.opensearch.Domain(\"exampleDomain\", log_publishing_options=[aws.opensearch.DomainLogPublishingOptionArgs(\n cloudwatch_log_group_arn=example_log_group.arn,\n log_type=\"INDEX_SLOW_LOGS\",\n)])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var exampleLogGroup = new Aws.CloudWatch.LogGroup(\"exampleLogGroup\");\n\n var examplePolicyDocument = Aws.Iam.GetPolicyDocument.Invoke(new()\n {\n Statements = new[]\n {\n new Aws.Iam.Inputs.GetPolicyDocumentStatementInputArgs\n {\n Effect = \"Allow\",\n Principals = new[]\n {\n new Aws.Iam.Inputs.GetPolicyDocumentStatementPrincipalInputArgs\n {\n Type = \"Service\",\n Identifiers = new[]\n {\n \"es.amazonaws.com\",\n },\n },\n },\n Actions = new[]\n {\n \"logs:PutLogEvents\",\n \"logs:PutLogEventsBatch\",\n \"logs:CreateLogStream\",\n },\n Resources = new[]\n {\n \"arn:aws:logs:*\",\n },\n },\n },\n });\n\n var exampleLogResourcePolicy = new Aws.CloudWatch.LogResourcePolicy(\"exampleLogResourcePolicy\", new()\n {\n PolicyName = \"example\",\n PolicyDocument = examplePolicyDocument.Apply(getPolicyDocumentResult =\u003e getPolicyDocumentResult.Json),\n });\n\n // .. other configuration ...\n var exampleDomain = new Aws.OpenSearch.Domain(\"exampleDomain\", new()\n {\n LogPublishingOptions = new[]\n {\n new Aws.OpenSearch.Inputs.DomainLogPublishingOptionArgs\n {\n CloudwatchLogGroupArn = exampleLogGroup.Arn,\n LogType = \"INDEX_SLOW_LOGS\",\n },\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/cloudwatch\"\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/iam\"\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/opensearch\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\texampleLogGroup, err := cloudwatch.NewLogGroup(ctx, \"exampleLogGroup\", nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\texamplePolicyDocument, err := iam.GetPolicyDocument(ctx, \u0026iam.GetPolicyDocumentArgs{\n\t\t\tStatements: []iam.GetPolicyDocumentStatement{\n\t\t\t\t{\n\t\t\t\t\tEffect: pulumi.StringRef(\"Allow\"),\n\t\t\t\t\tPrincipals: []iam.GetPolicyDocumentStatementPrincipal{\n\t\t\t\t\t\t{\n\t\t\t\t\t\t\tType: \"Service\",\n\t\t\t\t\t\t\tIdentifiers: []string{\n\t\t\t\t\t\t\t\t\"es.amazonaws.com\",\n\t\t\t\t\t\t\t},\n\t\t\t\t\t\t},\n\t\t\t\t\t},\n\t\t\t\t\tActions: []string{\n\t\t\t\t\t\t\"logs:PutLogEvents\",\n\t\t\t\t\t\t\"logs:PutLogEventsBatch\",\n\t\t\t\t\t\t\"logs:CreateLogStream\",\n\t\t\t\t\t},\n\t\t\t\t\tResources: []string{\n\t\t\t\t\t\t\"arn:aws:logs:*\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = cloudwatch.NewLogResourcePolicy(ctx, \"exampleLogResourcePolicy\", \u0026cloudwatch.LogResourcePolicyArgs{\n\t\t\tPolicyName: pulumi.String(\"example\"),\n\t\t\tPolicyDocument: *pulumi.String(examplePolicyDocument.Json),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = opensearch.NewDomain(ctx, \"exampleDomain\", \u0026opensearch.DomainArgs{\n\t\t\tLogPublishingOptions: opensearch.DomainLogPublishingOptionArray{\n\t\t\t\t\u0026opensearch.DomainLogPublishingOptionArgs{\n\t\t\t\t\tCloudwatchLogGroupArn: exampleLogGroup.Arn,\n\t\t\t\t\tLogType: pulumi.String(\"INDEX_SLOW_LOGS\"),\n\t\t\t\t},\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.aws.cloudwatch.LogGroup;\nimport com.pulumi.aws.iam.IamFunctions;\nimport com.pulumi.aws.iam.inputs.GetPolicyDocumentArgs;\nimport com.pulumi.aws.cloudwatch.LogResourcePolicy;\nimport com.pulumi.aws.cloudwatch.LogResourcePolicyArgs;\nimport com.pulumi.aws.opensearch.Domain;\nimport com.pulumi.aws.opensearch.DomainArgs;\nimport com.pulumi.aws.opensearch.inputs.DomainLogPublishingOptionArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var exampleLogGroup = new LogGroup(\"exampleLogGroup\");\n\n final var examplePolicyDocument = IamFunctions.getPolicyDocument(GetPolicyDocumentArgs.builder()\n .statements(GetPolicyDocumentStatementArgs.builder()\n .effect(\"Allow\")\n .principals(GetPolicyDocumentStatementPrincipalArgs.builder()\n .type(\"Service\")\n .identifiers(\"es.amazonaws.com\")\n .build())\n .actions( \n \"logs:PutLogEvents\",\n \"logs:PutLogEventsBatch\",\n \"logs:CreateLogStream\")\n .resources(\"arn:aws:logs:*\")\n .build())\n .build());\n\n var exampleLogResourcePolicy = new LogResourcePolicy(\"exampleLogResourcePolicy\", LogResourcePolicyArgs.builder() \n .policyName(\"example\")\n .policyDocument(examplePolicyDocument.applyValue(getPolicyDocumentResult -\u003e getPolicyDocumentResult.json()))\n .build());\n\n var exampleDomain = new Domain(\"exampleDomain\", DomainArgs.builder() \n .logPublishingOptions(DomainLogPublishingOptionArgs.builder()\n .cloudwatchLogGroupArn(exampleLogGroup.arn())\n .logType(\"INDEX_SLOW_LOGS\")\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n exampleLogGroup:\n type: aws:cloudwatch:LogGroup\n exampleLogResourcePolicy:\n type: aws:cloudwatch:LogResourcePolicy\n properties:\n policyName: example\n policyDocument: ${examplePolicyDocument.json}\n exampleDomain:\n type: aws:opensearch:Domain\n properties:\n logPublishingOptions:\n - cloudwatchLogGroupArn: ${exampleLogGroup.arn}\n logType: INDEX_SLOW_LOGS\nvariables:\n examplePolicyDocument:\n fn::invoke:\n Function: aws:iam:getPolicyDocument\n Arguments:\n statements:\n - effect: Allow\n principals:\n - type: Service\n identifiers:\n - es.amazonaws.com\n actions:\n - logs:PutLogEvents\n - logs:PutLogEventsBatch\n - logs:CreateLogStream\n resources:\n - arn:aws:logs:*\n```\n{{% /example %}}\n{{% example %}}\n### VPC based OpenSearch\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst config = new pulumi.Config();\nconst vpc = config.requireObject(\"vpc\");\nconst domain = config.get(\"domain\") || \"tf-test\";\nconst exampleVpc = aws.ec2.getVpc({\n tags: {\n Name: vpc,\n },\n});\nconst exampleSubnets = exampleVpc.then(exampleVpc =\u003e aws.ec2.getSubnets({\n filters: [{\n name: \"vpc-id\",\n values: [exampleVpc.id],\n }],\n tags: {\n Tier: \"private\",\n },\n}));\nconst currentRegion = aws.getRegion({});\nconst currentCallerIdentity = aws.getCallerIdentity({});\nconst exampleSecurityGroup = new aws.ec2.SecurityGroup(\"exampleSecurityGroup\", {\n description: \"Managed by Pulumi\",\n vpcId: exampleVpc.then(exampleVpc =\u003e exampleVpc.id),\n ingress: [{\n fromPort: 443,\n toPort: 443,\n protocol: \"tcp\",\n cidrBlocks: [exampleVpc.then(exampleVpc =\u003e exampleVpc.cidrBlock)],\n }],\n});\nconst exampleServiceLinkedRole = new aws.iam.ServiceLinkedRole(\"exampleServiceLinkedRole\", {awsServiceName: \"opensearchservice.amazonaws.com\"});\nconst examplePolicyDocument = Promise.all([currentRegion, currentCallerIdentity]).then(([currentRegion, currentCallerIdentity]) =\u003e aws.iam.getPolicyDocument({\n statements: [{\n effect: \"Allow\",\n principals: [{\n type: \"*\",\n identifiers: [\"*\"],\n }],\n actions: [\"es:*\"],\n resources: [`arn:aws:es:${currentRegion.name}:${currentCallerIdentity.accountId}:domain/${domain}/*`],\n }],\n}));\nconst exampleDomain = new aws.opensearch.Domain(\"exampleDomain\", {\n engineVersion: \"OpenSearch_1.0\",\n clusterConfig: {\n instanceType: \"m4.large.search\",\n zoneAwarenessEnabled: true,\n },\n vpcOptions: {\n subnetIds: [\n exampleSubnets.then(exampleSubnets =\u003e exampleSubnets.ids?.[0]),\n exampleSubnets.then(exampleSubnets =\u003e exampleSubnets.ids?.[1]),\n ],\n securityGroupIds: [exampleSecurityGroup.id],\n },\n advancedOptions: {\n \"rest.action.multi.allow_explicit_index\": \"true\",\n },\n accessPolicies: examplePolicyDocument.then(examplePolicyDocument =\u003e examplePolicyDocument.json),\n tags: {\n Domain: \"TestDomain\",\n },\n}, {\n dependsOn: [exampleServiceLinkedRole],\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nconfig = pulumi.Config()\nvpc = config.require_object(\"vpc\")\ndomain = config.get(\"domain\")\nif domain is None:\n domain = \"tf-test\"\nexample_vpc = aws.ec2.get_vpc(tags={\n \"Name\": vpc,\n})\nexample_subnets = aws.ec2.get_subnets(filters=[aws.ec2.GetSubnetsFilterArgs(\n name=\"vpc-id\",\n values=[example_vpc.id],\n )],\n tags={\n \"Tier\": \"private\",\n })\ncurrent_region = aws.get_region()\ncurrent_caller_identity = aws.get_caller_identity()\nexample_security_group = aws.ec2.SecurityGroup(\"exampleSecurityGroup\",\n description=\"Managed by Pulumi\",\n vpc_id=example_vpc.id,\n ingress=[aws.ec2.SecurityGroupIngressArgs(\n from_port=443,\n to_port=443,\n protocol=\"tcp\",\n cidr_blocks=[example_vpc.cidr_block],\n )])\nexample_service_linked_role = aws.iam.ServiceLinkedRole(\"exampleServiceLinkedRole\", aws_service_name=\"opensearchservice.amazonaws.com\")\nexample_policy_document = aws.iam.get_policy_document(statements=[aws.iam.GetPolicyDocumentStatementArgs(\n effect=\"Allow\",\n principals=[aws.iam.GetPolicyDocumentStatementPrincipalArgs(\n type=\"*\",\n identifiers=[\"*\"],\n )],\n actions=[\"es:*\"],\n resources=[f\"arn:aws:es:{current_region.name}:{current_caller_identity.account_id}:domain/{domain}/*\"],\n)])\nexample_domain = aws.opensearch.Domain(\"exampleDomain\",\n engine_version=\"OpenSearch_1.0\",\n cluster_config=aws.opensearch.DomainClusterConfigArgs(\n instance_type=\"m4.large.search\",\n zone_awareness_enabled=True,\n ),\n vpc_options=aws.opensearch.DomainVpcOptionsArgs(\n subnet_ids=[\n example_subnets.ids[0],\n example_subnets.ids[1],\n ],\n security_group_ids=[example_security_group.id],\n ),\n advanced_options={\n \"rest.action.multi.allow_explicit_index\": \"true\",\n },\n access_policies=example_policy_document.json,\n tags={\n \"Domain\": \"TestDomain\",\n },\n opts=pulumi.ResourceOptions(depends_on=[example_service_linked_role]))\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var config = new Config();\n var vpc = config.RequireObject\u003cdynamic\u003e(\"vpc\");\n var domain = config.Get(\"domain\") ?? \"tf-test\";\n var exampleVpc = Aws.Ec2.GetVpc.Invoke(new()\n {\n Tags = \n {\n { \"Name\", vpc },\n },\n });\n\n var exampleSubnets = Aws.Ec2.GetSubnets.Invoke(new()\n {\n Filters = new[]\n {\n new Aws.Ec2.Inputs.GetSubnetsFilterInputArgs\n {\n Name = \"vpc-id\",\n Values = new[]\n {\n exampleVpc.Apply(getVpcResult =\u003e getVpcResult.Id),\n },\n },\n },\n Tags = \n {\n { \"Tier\", \"private\" },\n },\n });\n\n var currentRegion = Aws.GetRegion.Invoke();\n\n var currentCallerIdentity = Aws.GetCallerIdentity.Invoke();\n\n var exampleSecurityGroup = new Aws.Ec2.SecurityGroup(\"exampleSecurityGroup\", new()\n {\n Description = \"Managed by Pulumi\",\n VpcId = exampleVpc.Apply(getVpcResult =\u003e getVpcResult.Id),\n Ingress = new[]\n {\n new Aws.Ec2.Inputs.SecurityGroupIngressArgs\n {\n FromPort = 443,\n ToPort = 443,\n Protocol = \"tcp\",\n CidrBlocks = new[]\n {\n exampleVpc.Apply(getVpcResult =\u003e getVpcResult.CidrBlock),\n },\n },\n },\n });\n\n var exampleServiceLinkedRole = new Aws.Iam.ServiceLinkedRole(\"exampleServiceLinkedRole\", new()\n {\n AwsServiceName = \"opensearchservice.amazonaws.com\",\n });\n\n var examplePolicyDocument = Aws.Iam.GetPolicyDocument.Invoke(new()\n {\n Statements = new[]\n {\n new Aws.Iam.Inputs.GetPolicyDocumentStatementInputArgs\n {\n Effect = \"Allow\",\n Principals = new[]\n {\n new Aws.Iam.Inputs.GetPolicyDocumentStatementPrincipalInputArgs\n {\n Type = \"*\",\n Identifiers = new[]\n {\n \"*\",\n },\n },\n },\n Actions = new[]\n {\n \"es:*\",\n },\n Resources = new[]\n {\n $\"arn:aws:es:{currentRegion.Apply(getRegionResult =\u003e getRegionResult.Name)}:{currentCallerIdentity.Apply(getCallerIdentityResult =\u003e getCallerIdentityResult.AccountId)}:domain/{domain}/*\",\n },\n },\n },\n });\n\n var exampleDomain = new Aws.OpenSearch.Domain(\"exampleDomain\", new()\n {\n EngineVersion = \"OpenSearch_1.0\",\n ClusterConfig = new Aws.OpenSearch.Inputs.DomainClusterConfigArgs\n {\n InstanceType = \"m4.large.search\",\n ZoneAwarenessEnabled = true,\n },\n VpcOptions = new Aws.OpenSearch.Inputs.DomainVpcOptionsArgs\n {\n SubnetIds = new[]\n {\n exampleSubnets.Apply(getSubnetsResult =\u003e getSubnetsResult.Ids[0]),\n exampleSubnets.Apply(getSubnetsResult =\u003e getSubnetsResult.Ids[1]),\n },\n SecurityGroupIds = new[]\n {\n exampleSecurityGroup.Id,\n },\n },\n AdvancedOptions = \n {\n { \"rest.action.multi.allow_explicit_index\", \"true\" },\n },\n AccessPolicies = examplePolicyDocument.Apply(getPolicyDocumentResult =\u003e getPolicyDocumentResult.Json),\n Tags = \n {\n { \"Domain\", \"TestDomain\" },\n },\n }, new CustomResourceOptions\n {\n DependsOn = new[]\n {\n exampleServiceLinkedRole,\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"fmt\"\n\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws\"\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/ec2\"\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/iam\"\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/opensearch\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi/config\"\n)\nfunc main() {\npulumi.Run(func(ctx *pulumi.Context) error {\ncfg := config.New(ctx, \"\")\nvpc := cfg.RequireObject(\"vpc\")\ndomain := \"tf-test\";\nif param := cfg.Get(\"domain\"); param != \"\"{\ndomain = param\n}\nexampleVpc, err := ec2.LookupVpc(ctx, \u0026ec2.LookupVpcArgs{\nTags: interface{}{\nName: vpc,\n},\n}, nil);\nif err != nil {\nreturn err\n}\nexampleSubnets, err := ec2.GetSubnets(ctx, \u0026ec2.GetSubnetsArgs{\nFilters: []ec2.GetSubnetsFilter{\n{\nName: \"vpc-id\",\nValues: interface{}{\nexampleVpc.Id,\n},\n},\n},\nTags: map[string]interface{}{\n\"Tier\": \"private\",\n},\n}, nil);\nif err != nil {\nreturn err\n}\ncurrentRegion, err := aws.GetRegion(ctx, nil, nil);\nif err != nil {\nreturn err\n}\ncurrentCallerIdentity, err := aws.GetCallerIdentity(ctx, nil, nil);\nif err != nil {\nreturn err\n}\nexampleSecurityGroup, err := ec2.NewSecurityGroup(ctx, \"exampleSecurityGroup\", \u0026ec2.SecurityGroupArgs{\nDescription: pulumi.String(\"Managed by Pulumi\"),\nVpcId: *pulumi.String(exampleVpc.Id),\nIngress: ec2.SecurityGroupIngressArray{\n\u0026ec2.SecurityGroupIngressArgs{\nFromPort: pulumi.Int(443),\nToPort: pulumi.Int(443),\nProtocol: pulumi.String(\"tcp\"),\nCidrBlocks: pulumi.StringArray{\n*pulumi.String(exampleVpc.CidrBlock),\n},\n},\n},\n})\nif err != nil {\nreturn err\n}\nexampleServiceLinkedRole, err := iam.NewServiceLinkedRole(ctx, \"exampleServiceLinkedRole\", \u0026iam.ServiceLinkedRoleArgs{\nAwsServiceName: pulumi.String(\"opensearchservice.amazonaws.com\"),\n})\nif err != nil {\nreturn err\n}\nexamplePolicyDocument, err := iam.GetPolicyDocument(ctx, \u0026iam.GetPolicyDocumentArgs{\nStatements: []iam.GetPolicyDocumentStatement{\n{\nEffect: pulumi.StringRef(\"Allow\"),\nPrincipals: []iam.GetPolicyDocumentStatementPrincipal{\n{\nType: \"*\",\nIdentifiers: []string{\n\"*\",\n},\n},\n},\nActions: []string{\n\"es:*\",\n},\nResources: []string{\nfmt.Sprintf(\"arn:aws:es:%v:%v:domain/%v/*\", currentRegion.Name, currentCallerIdentity.AccountId, domain),\n},\n},\n},\n}, nil);\nif err != nil {\nreturn err\n}\n_, err = opensearch.NewDomain(ctx, \"exampleDomain\", \u0026opensearch.DomainArgs{\nEngineVersion: pulumi.String(\"OpenSearch_1.0\"),\nClusterConfig: \u0026opensearch.DomainClusterConfigArgs{\nInstanceType: pulumi.String(\"m4.large.search\"),\nZoneAwarenessEnabled: pulumi.Bool(true),\n},\nVpcOptions: \u0026opensearch.DomainVpcOptionsArgs{\nSubnetIds: pulumi.StringArray{\n*pulumi.String(exampleSubnets.Ids[0]),\n*pulumi.String(exampleSubnets.Ids[1]),\n},\nSecurityGroupIds: pulumi.StringArray{\nexampleSecurityGroup.ID(),\n},\n},\nAdvancedOptions: pulumi.StringMap{\n\"rest.action.multi.allow_explicit_index\": pulumi.String(\"true\"),\n},\nAccessPolicies: *pulumi.String(examplePolicyDocument.Json),\nTags: pulumi.StringMap{\n\"Domain\": pulumi.String(\"TestDomain\"),\n},\n}, pulumi.DependsOn([]pulumi.Resource{\nexampleServiceLinkedRole,\n}))\nif err != nil {\nreturn err\n}\nreturn nil\n})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.aws.ec2.Ec2Functions;\nimport com.pulumi.aws.ec2.inputs.GetVpcArgs;\nimport com.pulumi.aws.ec2.inputs.GetSubnetsArgs;\nimport com.pulumi.aws.AwsFunctions;\nimport com.pulumi.aws.inputs.GetRegionArgs;\nimport com.pulumi.aws.inputs.GetCallerIdentityArgs;\nimport com.pulumi.aws.ec2.SecurityGroup;\nimport com.pulumi.aws.ec2.SecurityGroupArgs;\nimport com.pulumi.aws.ec2.inputs.SecurityGroupIngressArgs;\nimport com.pulumi.aws.iam.ServiceLinkedRole;\nimport com.pulumi.aws.iam.ServiceLinkedRoleArgs;\nimport com.pulumi.aws.iam.IamFunctions;\nimport com.pulumi.aws.iam.inputs.GetPolicyDocumentArgs;\nimport com.pulumi.aws.opensearch.Domain;\nimport com.pulumi.aws.opensearch.DomainArgs;\nimport com.pulumi.aws.opensearch.inputs.DomainClusterConfigArgs;\nimport com.pulumi.aws.opensearch.inputs.DomainVpcOptionsArgs;\nimport com.pulumi.resources.CustomResourceOptions;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var config = ctx.config();\n final var vpc = config.get(\"vpc\");\n final var domain = config.get(\"domain\").orElse(\"tf-test\");\n final var exampleVpc = Ec2Functions.getVpc(GetVpcArgs.builder()\n .tags(Map.of(\"Name\", vpc))\n .build());\n\n final var exampleSubnets = Ec2Functions.getSubnets(GetSubnetsArgs.builder()\n .filters(GetSubnetsFilterArgs.builder()\n .name(\"vpc-id\")\n .values(exampleVpc.applyValue(getVpcResult -\u003e getVpcResult.id()))\n .build())\n .tags(Map.of(\"Tier\", \"private\"))\n .build());\n\n final var currentRegion = AwsFunctions.getRegion();\n\n final var currentCallerIdentity = AwsFunctions.getCallerIdentity();\n\n var exampleSecurityGroup = new SecurityGroup(\"exampleSecurityGroup\", SecurityGroupArgs.builder() \n .description(\"Managed by Pulumi\")\n .vpcId(exampleVpc.applyValue(getVpcResult -\u003e getVpcResult.id()))\n .ingress(SecurityGroupIngressArgs.builder()\n .fromPort(443)\n .toPort(443)\n .protocol(\"tcp\")\n .cidrBlocks(exampleVpc.applyValue(getVpcResult -\u003e getVpcResult.cidrBlock()))\n .build())\n .build());\n\n var exampleServiceLinkedRole = new ServiceLinkedRole(\"exampleServiceLinkedRole\", ServiceLinkedRoleArgs.builder() \n .awsServiceName(\"opensearchservice.amazonaws.com\")\n .build());\n\n final var examplePolicyDocument = IamFunctions.getPolicyDocument(GetPolicyDocumentArgs.builder()\n .statements(GetPolicyDocumentStatementArgs.builder()\n .effect(\"Allow\")\n .principals(GetPolicyDocumentStatementPrincipalArgs.builder()\n .type(\"*\")\n .identifiers(\"*\")\n .build())\n .actions(\"es:*\")\n .resources(String.format(\"arn:aws:es:%s:%s:domain/%s/*\", currentRegion.applyValue(getRegionResult -\u003e getRegionResult.name()),currentCallerIdentity.applyValue(getCallerIdentityResult -\u003e getCallerIdentityResult.accountId()),domain))\n .build())\n .build());\n\n var exampleDomain = new Domain(\"exampleDomain\", DomainArgs.builder() \n .engineVersion(\"OpenSearch_1.0\")\n .clusterConfig(DomainClusterConfigArgs.builder()\n .instanceType(\"m4.large.search\")\n .zoneAwarenessEnabled(true)\n .build())\n .vpcOptions(DomainVpcOptionsArgs.builder()\n .subnetIds( \n exampleSubnets.applyValue(getSubnetsResult -\u003e getSubnetsResult.ids()[0]),\n exampleSubnets.applyValue(getSubnetsResult -\u003e getSubnetsResult.ids()[1]))\n .securityGroupIds(exampleSecurityGroup.id())\n .build())\n .advancedOptions(Map.of(\"rest.action.multi.allow_explicit_index\", \"true\"))\n .accessPolicies(examplePolicyDocument.applyValue(getPolicyDocumentResult -\u003e getPolicyDocumentResult.json()))\n .tags(Map.of(\"Domain\", \"TestDomain\"))\n .build(), CustomResourceOptions.builder()\n .dependsOn(exampleServiceLinkedRole)\n .build());\n\n }\n}\n```\n```yaml\nconfiguration:\n vpc:\n type: dynamic\n domain:\n type: string\n default: tf-test\nresources:\n exampleSecurityGroup:\n type: aws:ec2:SecurityGroup\n properties:\n description: Managed by Pulumi\n vpcId: ${exampleVpc.id}\n ingress:\n - fromPort: 443\n toPort: 443\n protocol: tcp\n cidrBlocks:\n - ${exampleVpc.cidrBlock}\n exampleServiceLinkedRole:\n type: aws:iam:ServiceLinkedRole\n properties:\n awsServiceName: opensearchservice.amazonaws.com\n exampleDomain:\n type: aws:opensearch:Domain\n properties:\n engineVersion: OpenSearch_1.0\n clusterConfig:\n instanceType: m4.large.search\n zoneAwarenessEnabled: true\n vpcOptions:\n subnetIds:\n - ${exampleSubnets.ids[0]}\n - ${exampleSubnets.ids[1]}\n securityGroupIds:\n - ${exampleSecurityGroup.id}\n advancedOptions:\n rest.action.multi.allow_explicit_index: 'true'\n accessPolicies: ${examplePolicyDocument.json}\n tags:\n Domain: TestDomain\n options:\n dependson:\n - ${exampleServiceLinkedRole}\nvariables:\n exampleVpc:\n fn::invoke:\n Function: aws:ec2:getVpc\n Arguments:\n tags:\n Name: ${vpc}\n exampleSubnets:\n fn::invoke:\n Function: aws:ec2:getSubnets\n Arguments:\n filters:\n - name: vpc-id\n values:\n - ${exampleVpc.id}\n tags:\n Tier: private\n currentRegion:\n fn::invoke:\n Function: aws:getRegion\n Arguments: {}\n currentCallerIdentity:\n fn::invoke:\n Function: aws:getCallerIdentity\n Arguments: {}\n examplePolicyDocument:\n fn::invoke:\n Function: aws:iam:getPolicyDocument\n Arguments:\n statements:\n - effect: Allow\n principals:\n - type: '*'\n identifiers:\n - '*'\n actions:\n - es:*\n resources:\n - arn:aws:es:${currentRegion.name}:${currentCallerIdentity.accountId}:domain/${domain}/*\n```\n{{% /example %}}\n### Enabling fine-grained access control on an existing domain\n\nThis example shows two configurations: one to create a domain without fine-grained access control and the second to modify the domain to enable fine-grained access control. For more information, see [Enabling fine-grained access control](https://docs.aws.amazon.com/opensearch-service/latest/developerguide/fgac.html).\n{{% example %}}\n### First apply\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst example = new aws.opensearch.Domain(\"example\", {\n advancedSecurityOptions: {\n anonymousAuthEnabled: true,\n enabled: false,\n internalUserDatabaseEnabled: true,\n masterUserOptions: {\n masterUserName: \"example\",\n masterUserPassword: \"Barbarbarbar1!\",\n },\n },\n clusterConfig: {\n instanceType: \"r5.large.search\",\n },\n domainEndpointOptions: {\n enforceHttps: true,\n tlsSecurityPolicy: \"Policy-Min-TLS-1-2-2019-07\",\n },\n ebsOptions: {\n ebsEnabled: true,\n volumeSize: 10,\n },\n encryptAtRest: {\n enabled: true,\n },\n engineVersion: \"Elasticsearch_7.1\",\n nodeToNodeEncryption: {\n enabled: true,\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nexample = aws.opensearch.Domain(\"example\",\n advanced_security_options=aws.opensearch.DomainAdvancedSecurityOptionsArgs(\n anonymous_auth_enabled=True,\n enabled=False,\n internal_user_database_enabled=True,\n master_user_options=aws.opensearch.DomainAdvancedSecurityOptionsMasterUserOptionsArgs(\n master_user_name=\"example\",\n master_user_password=\"Barbarbarbar1!\",\n ),\n ),\n cluster_config=aws.opensearch.DomainClusterConfigArgs(\n instance_type=\"r5.large.search\",\n ),\n domain_endpoint_options=aws.opensearch.DomainDomainEndpointOptionsArgs(\n enforce_https=True,\n tls_security_policy=\"Policy-Min-TLS-1-2-2019-07\",\n ),\n ebs_options=aws.opensearch.DomainEbsOptionsArgs(\n ebs_enabled=True,\n volume_size=10,\n ),\n encrypt_at_rest=aws.opensearch.DomainEncryptAtRestArgs(\n enabled=True,\n ),\n engine_version=\"Elasticsearch_7.1\",\n node_to_node_encryption=aws.opensearch.DomainNodeToNodeEncryptionArgs(\n enabled=True,\n ))\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var example = new Aws.OpenSearch.Domain(\"example\", new()\n {\n AdvancedSecurityOptions = new Aws.OpenSearch.Inputs.DomainAdvancedSecurityOptionsArgs\n {\n AnonymousAuthEnabled = true,\n Enabled = false,\n InternalUserDatabaseEnabled = true,\n MasterUserOptions = new Aws.OpenSearch.Inputs.DomainAdvancedSecurityOptionsMasterUserOptionsArgs\n {\n MasterUserName = \"example\",\n MasterUserPassword = \"Barbarbarbar1!\",\n },\n },\n ClusterConfig = new Aws.OpenSearch.Inputs.DomainClusterConfigArgs\n {\n InstanceType = \"r5.large.search\",\n },\n DomainEndpointOptions = new Aws.OpenSearch.Inputs.DomainDomainEndpointOptionsArgs\n {\n EnforceHttps = true,\n TlsSecurityPolicy = \"Policy-Min-TLS-1-2-2019-07\",\n },\n EbsOptions = new Aws.OpenSearch.Inputs.DomainEbsOptionsArgs\n {\n EbsEnabled = true,\n VolumeSize = 10,\n },\n EncryptAtRest = new Aws.OpenSearch.Inputs.DomainEncryptAtRestArgs\n {\n Enabled = true,\n },\n EngineVersion = \"Elasticsearch_7.1\",\n NodeToNodeEncryption = new Aws.OpenSearch.Inputs.DomainNodeToNodeEncryptionArgs\n {\n Enabled = true,\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/opensearch\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := opensearch.NewDomain(ctx, \"example\", \u0026opensearch.DomainArgs{\n\t\t\tAdvancedSecurityOptions: \u0026opensearch.DomainAdvancedSecurityOptionsArgs{\n\t\t\t\tAnonymousAuthEnabled: pulumi.Bool(true),\n\t\t\t\tEnabled: pulumi.Bool(false),\n\t\t\t\tInternalUserDatabaseEnabled: pulumi.Bool(true),\n\t\t\t\tMasterUserOptions: \u0026opensearch.DomainAdvancedSecurityOptionsMasterUserOptionsArgs{\n\t\t\t\t\tMasterUserName: pulumi.String(\"example\"),\n\t\t\t\t\tMasterUserPassword: pulumi.String(\"Barbarbarbar1!\"),\n\t\t\t\t},\n\t\t\t},\n\t\t\tClusterConfig: \u0026opensearch.DomainClusterConfigArgs{\n\t\t\t\tInstanceType: pulumi.String(\"r5.large.search\"),\n\t\t\t},\n\t\t\tDomainEndpointOptions: \u0026opensearch.DomainDomainEndpointOptionsArgs{\n\t\t\t\tEnforceHttps: pulumi.Bool(true),\n\t\t\t\tTlsSecurityPolicy: pulumi.String(\"Policy-Min-TLS-1-2-2019-07\"),\n\t\t\t},\n\t\t\tEbsOptions: \u0026opensearch.DomainEbsOptionsArgs{\n\t\t\t\tEbsEnabled: pulumi.Bool(true),\n\t\t\t\tVolumeSize: pulumi.Int(10),\n\t\t\t},\n\t\t\tEncryptAtRest: \u0026opensearch.DomainEncryptAtRestArgs{\n\t\t\t\tEnabled: pulumi.Bool(true),\n\t\t\t},\n\t\t\tEngineVersion: pulumi.String(\"Elasticsearch_7.1\"),\n\t\t\tNodeToNodeEncryption: \u0026opensearch.DomainNodeToNodeEncryptionArgs{\n\t\t\t\tEnabled: pulumi.Bool(true),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.aws.opensearch.Domain;\nimport com.pulumi.aws.opensearch.DomainArgs;\nimport com.pulumi.aws.opensearch.inputs.DomainAdvancedSecurityOptionsArgs;\nimport com.pulumi.aws.opensearch.inputs.DomainAdvancedSecurityOptionsMasterUserOptionsArgs;\nimport com.pulumi.aws.opensearch.inputs.DomainClusterConfigArgs;\nimport com.pulumi.aws.opensearch.inputs.DomainDomainEndpointOptionsArgs;\nimport com.pulumi.aws.opensearch.inputs.DomainEbsOptionsArgs;\nimport com.pulumi.aws.opensearch.inputs.DomainEncryptAtRestArgs;\nimport com.pulumi.aws.opensearch.inputs.DomainNodeToNodeEncryptionArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var example = new Domain(\"example\", DomainArgs.builder() \n .advancedSecurityOptions(DomainAdvancedSecurityOptionsArgs.builder()\n .anonymousAuthEnabled(true)\n .enabled(false)\n .internalUserDatabaseEnabled(true)\n .masterUserOptions(DomainAdvancedSecurityOptionsMasterUserOptionsArgs.builder()\n .masterUserName(\"example\")\n .masterUserPassword(\"Barbarbarbar1!\")\n .build())\n .build())\n .clusterConfig(DomainClusterConfigArgs.builder()\n .instanceType(\"r5.large.search\")\n .build())\n .domainEndpointOptions(DomainDomainEndpointOptionsArgs.builder()\n .enforceHttps(true)\n .tlsSecurityPolicy(\"Policy-Min-TLS-1-2-2019-07\")\n .build())\n .ebsOptions(DomainEbsOptionsArgs.builder()\n .ebsEnabled(true)\n .volumeSize(10)\n .build())\n .encryptAtRest(DomainEncryptAtRestArgs.builder()\n .enabled(true)\n .build())\n .engineVersion(\"Elasticsearch_7.1\")\n .nodeToNodeEncryption(DomainNodeToNodeEncryptionArgs.builder()\n .enabled(true)\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n example:\n type: aws:opensearch:Domain\n properties:\n advancedSecurityOptions:\n anonymousAuthEnabled: true\n enabled: false\n internalUserDatabaseEnabled: true\n masterUserOptions:\n masterUserName: example\n masterUserPassword: Barbarbarbar1!\n clusterConfig:\n instanceType: r5.large.search\n domainEndpointOptions:\n enforceHttps: true\n tlsSecurityPolicy: Policy-Min-TLS-1-2-2019-07\n ebsOptions:\n ebsEnabled: true\n volumeSize: 10\n encryptAtRest:\n enabled: true\n engineVersion: Elasticsearch_7.1\n nodeToNodeEncryption:\n enabled: true\n```\n{{% /example %}}\n{{% example %}}\n### Second apply\n\nNotice that the only change is `advanced_security_options.0.enabled` is now set to `true`.\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst example = new aws.opensearch.Domain(\"example\", {\n advancedSecurityOptions: {\n anonymousAuthEnabled: true,\n enabled: true,\n internalUserDatabaseEnabled: true,\n masterUserOptions: {\n masterUserName: \"example\",\n masterUserPassword: \"Barbarbarbar1!\",\n },\n },\n clusterConfig: {\n instanceType: \"r5.large.search\",\n },\n domainEndpointOptions: {\n enforceHttps: true,\n tlsSecurityPolicy: \"Policy-Min-TLS-1-2-2019-07\",\n },\n ebsOptions: {\n ebsEnabled: true,\n volumeSize: 10,\n },\n encryptAtRest: {\n enabled: true,\n },\n engineVersion: \"Elasticsearch_7.1\",\n nodeToNodeEncryption: {\n enabled: true,\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nexample = aws.opensearch.Domain(\"example\",\n advanced_security_options=aws.opensearch.DomainAdvancedSecurityOptionsArgs(\n anonymous_auth_enabled=True,\n enabled=True,\n internal_user_database_enabled=True,\n master_user_options=aws.opensearch.DomainAdvancedSecurityOptionsMasterUserOptionsArgs(\n master_user_name=\"example\",\n master_user_password=\"Barbarbarbar1!\",\n ),\n ),\n cluster_config=aws.opensearch.DomainClusterConfigArgs(\n instance_type=\"r5.large.search\",\n ),\n domain_endpoint_options=aws.opensearch.DomainDomainEndpointOptionsArgs(\n enforce_https=True,\n tls_security_policy=\"Policy-Min-TLS-1-2-2019-07\",\n ),\n ebs_options=aws.opensearch.DomainEbsOptionsArgs(\n ebs_enabled=True,\n volume_size=10,\n ),\n encrypt_at_rest=aws.opensearch.DomainEncryptAtRestArgs(\n enabled=True,\n ),\n engine_version=\"Elasticsearch_7.1\",\n node_to_node_encryption=aws.opensearch.DomainNodeToNodeEncryptionArgs(\n enabled=True,\n ))\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var example = new Aws.OpenSearch.Domain(\"example\", new()\n {\n AdvancedSecurityOptions = new Aws.OpenSearch.Inputs.DomainAdvancedSecurityOptionsArgs\n {\n AnonymousAuthEnabled = true,\n Enabled = true,\n InternalUserDatabaseEnabled = true,\n MasterUserOptions = new Aws.OpenSearch.Inputs.DomainAdvancedSecurityOptionsMasterUserOptionsArgs\n {\n MasterUserName = \"example\",\n MasterUserPassword = \"Barbarbarbar1!\",\n },\n },\n ClusterConfig = new Aws.OpenSearch.Inputs.DomainClusterConfigArgs\n {\n InstanceType = \"r5.large.search\",\n },\n DomainEndpointOptions = new Aws.OpenSearch.Inputs.DomainDomainEndpointOptionsArgs\n {\n EnforceHttps = true,\n TlsSecurityPolicy = \"Policy-Min-TLS-1-2-2019-07\",\n },\n EbsOptions = new Aws.OpenSearch.Inputs.DomainEbsOptionsArgs\n {\n EbsEnabled = true,\n VolumeSize = 10,\n },\n EncryptAtRest = new Aws.OpenSearch.Inputs.DomainEncryptAtRestArgs\n {\n Enabled = true,\n },\n EngineVersion = \"Elasticsearch_7.1\",\n NodeToNodeEncryption = new Aws.OpenSearch.Inputs.DomainNodeToNodeEncryptionArgs\n {\n Enabled = true,\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/opensearch\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := opensearch.NewDomain(ctx, \"example\", \u0026opensearch.DomainArgs{\n\t\t\tAdvancedSecurityOptions: \u0026opensearch.DomainAdvancedSecurityOptionsArgs{\n\t\t\t\tAnonymousAuthEnabled: pulumi.Bool(true),\n\t\t\t\tEnabled: pulumi.Bool(true),\n\t\t\t\tInternalUserDatabaseEnabled: pulumi.Bool(true),\n\t\t\t\tMasterUserOptions: \u0026opensearch.DomainAdvancedSecurityOptionsMasterUserOptionsArgs{\n\t\t\t\t\tMasterUserName: pulumi.String(\"example\"),\n\t\t\t\t\tMasterUserPassword: pulumi.String(\"Barbarbarbar1!\"),\n\t\t\t\t},\n\t\t\t},\n\t\t\tClusterConfig: \u0026opensearch.DomainClusterConfigArgs{\n\t\t\t\tInstanceType: pulumi.String(\"r5.large.search\"),\n\t\t\t},\n\t\t\tDomainEndpointOptions: \u0026opensearch.DomainDomainEndpointOptionsArgs{\n\t\t\t\tEnforceHttps: pulumi.Bool(true),\n\t\t\t\tTlsSecurityPolicy: pulumi.String(\"Policy-Min-TLS-1-2-2019-07\"),\n\t\t\t},\n\t\t\tEbsOptions: \u0026opensearch.DomainEbsOptionsArgs{\n\t\t\t\tEbsEnabled: pulumi.Bool(true),\n\t\t\t\tVolumeSize: pulumi.Int(10),\n\t\t\t},\n\t\t\tEncryptAtRest: \u0026opensearch.DomainEncryptAtRestArgs{\n\t\t\t\tEnabled: pulumi.Bool(true),\n\t\t\t},\n\t\t\tEngineVersion: pulumi.String(\"Elasticsearch_7.1\"),\n\t\t\tNodeToNodeEncryption: \u0026opensearch.DomainNodeToNodeEncryptionArgs{\n\t\t\t\tEnabled: pulumi.Bool(true),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.aws.opensearch.Domain;\nimport com.pulumi.aws.opensearch.DomainArgs;\nimport com.pulumi.aws.opensearch.inputs.DomainAdvancedSecurityOptionsArgs;\nimport com.pulumi.aws.opensearch.inputs.DomainAdvancedSecurityOptionsMasterUserOptionsArgs;\nimport com.pulumi.aws.opensearch.inputs.DomainClusterConfigArgs;\nimport com.pulumi.aws.opensearch.inputs.DomainDomainEndpointOptionsArgs;\nimport com.pulumi.aws.opensearch.inputs.DomainEbsOptionsArgs;\nimport com.pulumi.aws.opensearch.inputs.DomainEncryptAtRestArgs;\nimport com.pulumi.aws.opensearch.inputs.DomainNodeToNodeEncryptionArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var example = new Domain(\"example\", DomainArgs.builder() \n .advancedSecurityOptions(DomainAdvancedSecurityOptionsArgs.builder()\n .anonymousAuthEnabled(true)\n .enabled(true)\n .internalUserDatabaseEnabled(true)\n .masterUserOptions(DomainAdvancedSecurityOptionsMasterUserOptionsArgs.builder()\n .masterUserName(\"example\")\n .masterUserPassword(\"Barbarbarbar1!\")\n .build())\n .build())\n .clusterConfig(DomainClusterConfigArgs.builder()\n .instanceType(\"r5.large.search\")\n .build())\n .domainEndpointOptions(DomainDomainEndpointOptionsArgs.builder()\n .enforceHttps(true)\n .tlsSecurityPolicy(\"Policy-Min-TLS-1-2-2019-07\")\n .build())\n .ebsOptions(DomainEbsOptionsArgs.builder()\n .ebsEnabled(true)\n .volumeSize(10)\n .build())\n .encryptAtRest(DomainEncryptAtRestArgs.builder()\n .enabled(true)\n .build())\n .engineVersion(\"Elasticsearch_7.1\")\n .nodeToNodeEncryption(DomainNodeToNodeEncryptionArgs.builder()\n .enabled(true)\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n example:\n type: aws:opensearch:Domain\n properties:\n advancedSecurityOptions:\n anonymousAuthEnabled: true\n enabled: true\n internalUserDatabaseEnabled: true\n masterUserOptions:\n masterUserName: example\n masterUserPassword: Barbarbarbar1!\n clusterConfig:\n instanceType: r5.large.search\n domainEndpointOptions:\n enforceHttps: true\n tlsSecurityPolicy: Policy-Min-TLS-1-2-2019-07\n ebsOptions:\n ebsEnabled: true\n volumeSize: 10\n encryptAtRest:\n enabled: true\n engineVersion: Elasticsearch_7.1\n nodeToNodeEncryption:\n enabled: true\n```\n{{% /example %}}\n{{% /examples %}}\n\n## Import\n\nterraform import {\n\n to = aws_opensearch_domain.example\n\n id = \"domain_name\" } Using `pulumi import`, import OpenSearch domains using the `domain_name`. For exampleconsole % pulumi import aws_opensearch_domain.example domain_name ", "properties": { "accessPolicies": { "type": "string", @@ -287440,7 +287437,7 @@ } }, "aws:sns/topicPolicy:TopicPolicy": { - "description": "Provides an SNS topic policy resource\n\n\u003e **NOTE:** If a Principal is specified as just an AWS account ID rather than an ARN, AWS silently converts it to the ARN for the root user, causing future deployments to differ. To avoid this problem, just specify the full ARN, e.g. `arn:aws:iam::123456789012:root`\n\n{{% examples %}}\n## Example Usage\n{{% example %}}\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst test = new aws.sns.Topic(\"test\", {});\nconst snsTopicPolicy = test.arn.apply(arn =\u003e aws.iam.getPolicyDocumentOutput({\n policyId: \"__default_policy_ID\",\n statements: [{\n actions: [\n \"SNS:Subscribe\",\n \"SNS:SetTopicAttributes\",\n \"SNS:RemovePermission\",\n \"SNS:Receive\",\n \"SNS:Publish\",\n \"SNS:ListSubscriptionsByTopic\",\n \"SNS:GetTopicAttributes\",\n \"SNS:DeleteTopic\",\n \"SNS:AddPermission\",\n ],\n conditions: [{\n test: \"StringEquals\",\n variable: \"AWS:SourceOwner\",\n values: [_var[\"account-id\"]],\n }],\n effect: \"Allow\",\n principals: [{\n type: \"AWS\",\n identifiers: [\"*\"],\n }],\n resources: [arn],\n sid: \"__default_statement_ID\",\n }],\n}));\nconst _default = new aws.sns.TopicPolicy(\"default\", {\n arn: test.arn,\n policy: snsTopicPolicy.apply(snsTopicPolicy =\u003e snsTopicPolicy.json),\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\ntest = aws.sns.Topic(\"test\")\nsns_topic_policy = test.arn.apply(lambda arn: aws.iam.get_policy_document_output(policy_id=\"__default_policy_ID\",\n statements=[aws.iam.GetPolicyDocumentStatementArgs(\n actions=[\n \"SNS:Subscribe\",\n \"SNS:SetTopicAttributes\",\n \"SNS:RemovePermission\",\n \"SNS:Receive\",\n \"SNS:Publish\",\n \"SNS:ListSubscriptionsByTopic\",\n \"SNS:GetTopicAttributes\",\n \"SNS:DeleteTopic\",\n \"SNS:AddPermission\",\n ],\n conditions=[aws.iam.GetPolicyDocumentStatementConditionArgs(\n test=\"StringEquals\",\n variable=\"AWS:SourceOwner\",\n values=[var[\"account-id\"]],\n )],\n effect=\"Allow\",\n principals=[aws.iam.GetPolicyDocumentStatementPrincipalArgs(\n type=\"AWS\",\n identifiers=[\"*\"],\n )],\n resources=[arn],\n sid=\"__default_statement_ID\",\n )]))\ndefault = aws.sns.TopicPolicy(\"default\",\n arn=test.arn,\n policy=sns_topic_policy.json)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var test = new Aws.Sns.Topic(\"test\");\n\n var snsTopicPolicy = Aws.Iam.GetPolicyDocument.Invoke(new()\n {\n PolicyId = \"__default_policy_ID\",\n Statements = new[]\n {\n new Aws.Iam.Inputs.GetPolicyDocumentStatementInputArgs\n {\n Actions = new[]\n {\n \"SNS:Subscribe\",\n \"SNS:SetTopicAttributes\",\n \"SNS:RemovePermission\",\n \"SNS:Receive\",\n \"SNS:Publish\",\n \"SNS:ListSubscriptionsByTopic\",\n \"SNS:GetTopicAttributes\",\n \"SNS:DeleteTopic\",\n \"SNS:AddPermission\",\n },\n Conditions = new[]\n {\n new Aws.Iam.Inputs.GetPolicyDocumentStatementConditionInputArgs\n {\n Test = \"StringEquals\",\n Variable = \"AWS:SourceOwner\",\n Values = new[]\n {\n @var.Account_id,\n },\n },\n },\n Effect = \"Allow\",\n Principals = new[]\n {\n new Aws.Iam.Inputs.GetPolicyDocumentStatementPrincipalInputArgs\n {\n Type = \"AWS\",\n Identifiers = new[]\n {\n \"*\",\n },\n },\n },\n Resources = new[]\n {\n test.Arn,\n },\n Sid = \"__default_statement_ID\",\n },\n },\n });\n\n var @default = new Aws.Sns.TopicPolicy(\"default\", new()\n {\n Arn = test.Arn,\n Policy = snsTopicPolicy.Apply(getPolicyDocumentResult =\u003e getPolicyDocumentResult.Json),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\n\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/iam\"\n\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/sns\"\n)\nfunc main() {\npulumi.Run(func(ctx *pulumi.Context) error {\ntest, err := sns.NewTopic(ctx, \"test\", nil)\nif err != nil {\nreturn err\n}\nsnsTopicPolicy := test.Arn.ApplyT(func(arn string) (iam.GetPolicyDocumentResult, error) {\nreturn iam.GetPolicyDocumentOutput(ctx, iam.GetPolicyDocumentOutputArgs{\nPolicyId: \"__default_policy_ID\",\nStatements: []iam.GetPolicyDocumentStatement{\n{\nActions: []string{\n\"SNS:Subscribe\",\n\"SNS:SetTopicAttributes\",\n\"SNS:RemovePermission\",\n\"SNS:Receive\",\n\"SNS:Publish\",\n\"SNS:ListSubscriptionsByTopic\",\n\"SNS:GetTopicAttributes\",\n\"SNS:DeleteTopic\",\n\"SNS:AddPermission\",\n},\nConditions: []iam.GetPolicyDocumentStatementCondition{\n{\nTest: \"StringEquals\",\nVariable: \"AWS:SourceOwner\",\nValues: interface{}{\n_var.AccountId,\n},\n},\n},\nEffect: \"Allow\",\nPrincipals: []iam.GetPolicyDocumentStatementPrincipal{\n{\nType: \"AWS\",\nIdentifiers: []string{\n\"*\",\n},\n},\n},\nResources: interface{}{\narn,\n},\nSid: \"__default_statement_ID\",\n},\n},\n}, nil), nil\n}).(iam.GetPolicyDocumentResultOutput)\n_, err = sns.NewTopicPolicy(ctx, \"default\", \u0026sns.TopicPolicyArgs{\nArn: test.Arn,\nPolicy: snsTopicPolicy.ApplyT(func(snsTopicPolicy iam.GetPolicyDocumentResult) (*string, error) {\nreturn \u0026snsTopicPolicy.Json, nil\n}).(pulumi.StringPtrOutput),\n})\nif err != nil {\nreturn err\n}\nreturn nil\n})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.aws.sns.Topic;\nimport com.pulumi.aws.iam.IamFunctions;\nimport com.pulumi.aws.iam.inputs.GetPolicyDocumentArgs;\nimport com.pulumi.aws.sns.TopicPolicy;\nimport com.pulumi.aws.sns.TopicPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var test = new Topic(\"test\");\n\n final var snsTopicPolicy = IamFunctions.getPolicyDocument(GetPolicyDocumentArgs.builder()\n .policyId(\"__default_policy_ID\")\n .statements(GetPolicyDocumentStatementArgs.builder()\n .actions( \n \"SNS:Subscribe\",\n \"SNS:SetTopicAttributes\",\n \"SNS:RemovePermission\",\n \"SNS:Receive\",\n \"SNS:Publish\",\n \"SNS:ListSubscriptionsByTopic\",\n \"SNS:GetTopicAttributes\",\n \"SNS:DeleteTopic\",\n \"SNS:AddPermission\")\n .conditions(GetPolicyDocumentStatementConditionArgs.builder()\n .test(\"StringEquals\")\n .variable(\"AWS:SourceOwner\")\n .values(var_.account-id())\n .build())\n .effect(\"Allow\")\n .principals(GetPolicyDocumentStatementPrincipalArgs.builder()\n .type(\"AWS\")\n .identifiers(\"*\")\n .build())\n .resources(test.arn())\n .sid(\"__default_statement_ID\")\n .build())\n .build());\n\n var default_ = new TopicPolicy(\"default\", TopicPolicyArgs.builder() \n .arn(test.arn())\n .policy(snsTopicPolicy.applyValue(getPolicyDocumentResult -\u003e getPolicyDocumentResult).applyValue(snsTopicPolicy -\u003e snsTopicPolicy.applyValue(getPolicyDocumentResult -\u003e getPolicyDocumentResult.json())))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n test:\n type: aws:sns:Topic\n default:\n type: aws:sns:TopicPolicy\n properties:\n arn: ${test.arn}\n policy: ${snsTopicPolicy.json}\nvariables:\n snsTopicPolicy:\n fn::invoke:\n Function: aws:iam:getPolicyDocument\n Arguments:\n policyId: __default_policy_ID\n statements:\n - actions:\n - SNS:Subscribe\n - SNS:SetTopicAttributes\n - SNS:RemovePermission\n - SNS:Receive\n - SNS:Publish\n - SNS:ListSubscriptionsByTopic\n - SNS:GetTopicAttributes\n - SNS:DeleteTopic\n - SNS:AddPermission\n conditions:\n - test: StringEquals\n variable: AWS:SourceOwner\n values:\n - ${var\"account-id\"[%!s(MISSING)]}\n effect: Allow\n principals:\n - type: AWS\n identifiers:\n - '*'\n resources:\n - ${test.arn}\n sid: __default_statement_ID\n```\n{{% /example %}}\n{{% /examples %}}\n\n## Import\n\nterraform import {\n\n to = aws_sns_topic_policy.user_updates\n\n id = \"arn:aws:sns:us-west-2:0123456789012:my-topic\" } Using `pulumi import`, import SNS Topic Policy using the topic ARN. For exampleconsole % pulumi import aws_sns_topic_policy.user_updates arn:aws:sns:us-west-2:0123456789012:my-topic ", + "description": "Provides an SNS topic policy resource\n\n\u003e **NOTE:** If a Principal is specified as just an AWS account ID rather than an ARN, AWS silently converts it to the ARN for the root user, causing future deployments to differ. To avoid this problem, just specify the full ARN, e.g. `arn:aws:iam::123456789012:root`\n\n{{% examples %}}\n## Example Usage\n{{% example %}}\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst test = new aws.sns.Topic(\"test\", {});\nconst snsTopicPolicy = test.arn.apply(arn =\u003e aws.iam.getPolicyDocumentOutput({\n policyId: \"__default_policy_ID\",\n statements: [{\n actions: [\n \"SNS:Subscribe\",\n \"SNS:SetTopicAttributes\",\n \"SNS:RemovePermission\",\n \"SNS:Receive\",\n \"SNS:Publish\",\n \"SNS:ListSubscriptionsByTopic\",\n \"SNS:GetTopicAttributes\",\n \"SNS:DeleteTopic\",\n \"SNS:AddPermission\",\n ],\n conditions: [{\n test: \"StringEquals\",\n variable: \"AWS:SourceOwner\",\n values: [_var[\"account-id\"]],\n }],\n effect: \"Allow\",\n principals: [{\n type: \"AWS\",\n identifiers: [\"*\"],\n }],\n resources: [arn],\n sid: \"__default_statement_ID\",\n }],\n}));\nconst _default = new aws.sns.TopicPolicy(\"default\", {\n arn: test.arn,\n policy: snsTopicPolicy.apply(snsTopicPolicy =\u003e snsTopicPolicy.json),\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\ntest = aws.sns.Topic(\"test\")\nsns_topic_policy = test.arn.apply(lambda arn: aws.iam.get_policy_document_output(policy_id=\"__default_policy_ID\",\n statements=[aws.iam.GetPolicyDocumentStatementArgs(\n actions=[\n \"SNS:Subscribe\",\n \"SNS:SetTopicAttributes\",\n \"SNS:RemovePermission\",\n \"SNS:Receive\",\n \"SNS:Publish\",\n \"SNS:ListSubscriptionsByTopic\",\n \"SNS:GetTopicAttributes\",\n \"SNS:DeleteTopic\",\n \"SNS:AddPermission\",\n ],\n conditions=[aws.iam.GetPolicyDocumentStatementConditionArgs(\n test=\"StringEquals\",\n variable=\"AWS:SourceOwner\",\n values=[var[\"account-id\"]],\n )],\n effect=\"Allow\",\n principals=[aws.iam.GetPolicyDocumentStatementPrincipalArgs(\n type=\"AWS\",\n identifiers=[\"*\"],\n )],\n resources=[arn],\n sid=\"__default_statement_ID\",\n )]))\ndefault = aws.sns.TopicPolicy(\"default\",\n arn=test.arn,\n policy=sns_topic_policy.json)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var test = new Aws.Sns.Topic(\"test\");\n\n var snsTopicPolicy = Aws.Iam.GetPolicyDocument.Invoke(new()\n {\n PolicyId = \"__default_policy_ID\",\n Statements = new[]\n {\n new Aws.Iam.Inputs.GetPolicyDocumentStatementInputArgs\n {\n Actions = new[]\n {\n \"SNS:Subscribe\",\n \"SNS:SetTopicAttributes\",\n \"SNS:RemovePermission\",\n \"SNS:Receive\",\n \"SNS:Publish\",\n \"SNS:ListSubscriptionsByTopic\",\n \"SNS:GetTopicAttributes\",\n \"SNS:DeleteTopic\",\n \"SNS:AddPermission\",\n },\n Conditions = new[]\n {\n new Aws.Iam.Inputs.GetPolicyDocumentStatementConditionInputArgs\n {\n Test = \"StringEquals\",\n Variable = \"AWS:SourceOwner\",\n Values = new[]\n {\n @var.Account_id,\n },\n },\n },\n Effect = \"Allow\",\n Principals = new[]\n {\n new Aws.Iam.Inputs.GetPolicyDocumentStatementPrincipalInputArgs\n {\n Type = \"AWS\",\n Identifiers = new[]\n {\n \"*\",\n },\n },\n },\n Resources = new[]\n {\n test.Arn,\n },\n Sid = \"__default_statement_ID\",\n },\n },\n });\n\n var @default = new Aws.Sns.TopicPolicy(\"default\", new()\n {\n Arn = test.Arn,\n Policy = snsTopicPolicy.Apply(getPolicyDocumentResult =\u003e getPolicyDocumentResult.Json),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/iam\"\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/sns\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\nfunc main() {\npulumi.Run(func(ctx *pulumi.Context) error {\ntest, err := sns.NewTopic(ctx, \"test\", nil)\nif err != nil {\nreturn err\n}\nsnsTopicPolicy := test.Arn.ApplyT(func(arn string) (iam.GetPolicyDocumentResult, error) {\nreturn iam.GetPolicyDocumentOutput(ctx, iam.GetPolicyDocumentOutputArgs{\nPolicyId: \"__default_policy_ID\",\nStatements: []iam.GetPolicyDocumentStatement{\n{\nActions: []string{\n\"SNS:Subscribe\",\n\"SNS:SetTopicAttributes\",\n\"SNS:RemovePermission\",\n\"SNS:Receive\",\n\"SNS:Publish\",\n\"SNS:ListSubscriptionsByTopic\",\n\"SNS:GetTopicAttributes\",\n\"SNS:DeleteTopic\",\n\"SNS:AddPermission\",\n},\nConditions: []iam.GetPolicyDocumentStatementCondition{\n{\nTest: \"StringEquals\",\nVariable: \"AWS:SourceOwner\",\nValues: interface{}{\n_var.AccountId,\n},\n},\n},\nEffect: \"Allow\",\nPrincipals: []iam.GetPolicyDocumentStatementPrincipal{\n{\nType: \"AWS\",\nIdentifiers: []string{\n\"*\",\n},\n},\n},\nResources: interface{}{\narn,\n},\nSid: \"__default_statement_ID\",\n},\n},\n}, nil), nil\n}).(iam.GetPolicyDocumentResultOutput)\n_, err = sns.NewTopicPolicy(ctx, \"default\", \u0026sns.TopicPolicyArgs{\nArn: test.Arn,\nPolicy: snsTopicPolicy.ApplyT(func(snsTopicPolicy iam.GetPolicyDocumentResult) (*string, error) {\nreturn \u0026snsTopicPolicy.Json, nil\n}).(pulumi.StringPtrOutput),\n})\nif err != nil {\nreturn err\n}\nreturn nil\n})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.aws.sns.Topic;\nimport com.pulumi.aws.iam.IamFunctions;\nimport com.pulumi.aws.iam.inputs.GetPolicyDocumentArgs;\nimport com.pulumi.aws.sns.TopicPolicy;\nimport com.pulumi.aws.sns.TopicPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var test = new Topic(\"test\");\n\n final var snsTopicPolicy = IamFunctions.getPolicyDocument(GetPolicyDocumentArgs.builder()\n .policyId(\"__default_policy_ID\")\n .statements(GetPolicyDocumentStatementArgs.builder()\n .actions( \n \"SNS:Subscribe\",\n \"SNS:SetTopicAttributes\",\n \"SNS:RemovePermission\",\n \"SNS:Receive\",\n \"SNS:Publish\",\n \"SNS:ListSubscriptionsByTopic\",\n \"SNS:GetTopicAttributes\",\n \"SNS:DeleteTopic\",\n \"SNS:AddPermission\")\n .conditions(GetPolicyDocumentStatementConditionArgs.builder()\n .test(\"StringEquals\")\n .variable(\"AWS:SourceOwner\")\n .values(var_.account-id())\n .build())\n .effect(\"Allow\")\n .principals(GetPolicyDocumentStatementPrincipalArgs.builder()\n .type(\"AWS\")\n .identifiers(\"*\")\n .build())\n .resources(test.arn())\n .sid(\"__default_statement_ID\")\n .build())\n .build());\n\n var default_ = new TopicPolicy(\"default\", TopicPolicyArgs.builder() \n .arn(test.arn())\n .policy(snsTopicPolicy.applyValue(getPolicyDocumentResult -\u003e getPolicyDocumentResult).applyValue(snsTopicPolicy -\u003e snsTopicPolicy.applyValue(getPolicyDocumentResult -\u003e getPolicyDocumentResult.json())))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n test:\n type: aws:sns:Topic\n default:\n type: aws:sns:TopicPolicy\n properties:\n arn: ${test.arn}\n policy: ${snsTopicPolicy.json}\nvariables:\n snsTopicPolicy:\n fn::invoke:\n Function: aws:iam:getPolicyDocument\n Arguments:\n policyId: __default_policy_ID\n statements:\n - actions:\n - SNS:Subscribe\n - SNS:SetTopicAttributes\n - SNS:RemovePermission\n - SNS:Receive\n - SNS:Publish\n - SNS:ListSubscriptionsByTopic\n - SNS:GetTopicAttributes\n - SNS:DeleteTopic\n - SNS:AddPermission\n conditions:\n - test: StringEquals\n variable: AWS:SourceOwner\n values:\n - ${var\"account-id\"[%!s(MISSING)]}\n effect: Allow\n principals:\n - type: AWS\n identifiers:\n - '*'\n resources:\n - ${test.arn}\n sid: __default_statement_ID\n```\n{{% /example %}}\n{{% /examples %}}\n\n## Import\n\nterraform import {\n\n to = aws_sns_topic_policy.user_updates\n\n id = \"arn:aws:sns:us-west-2:0123456789012:my-topic\" } Using `pulumi import`, import SNS Topic Policy using the topic ARN. For exampleconsole % pulumi import aws_sns_topic_policy.user_updates arn:aws:sns:us-west-2:0123456789012:my-topic ", "properties": { "arn": { "type": "string", @@ -287496,7 +287493,7 @@ } }, "aws:sns/topicSubscription:TopicSubscription": { - "description": "Provides a resource for subscribing to SNS topics. Requires that an SNS topic exist for the subscription to attach to. This resource allows you to automatically place messages sent to SNS topics in SQS queues, send them as HTTP(S) POST requests to a given endpoint, send SMS messages, or notify devices / applications. The most likely use case for provider users will probably be SQS queues.\n\n\u003e **NOTE:** If the SNS topic and SQS queue are in different AWS regions, the `aws.sns.TopicSubscription` must use an AWS provider that is in the same region as the SNS topic. If the `aws.sns.TopicSubscription` uses a provider with a different region than the SNS topic, this provider will fail to create the subscription.\n\n\u003e **NOTE:** Setup of cross-account subscriptions from SNS topics to SQS queues requires the provider to have access to BOTH accounts.\n\n\u003e **NOTE:** If an SNS topic and SQS queue are in different AWS accounts but the same region, the `aws.sns.TopicSubscription` must use the AWS provider for the account with the SQS queue. If `aws.sns.TopicSubscription` uses a Provider with a different account than the SQS queue, this provider creates the subscription but does not keep state and tries to re-create the subscription at every `apply`.\n\n\u003e **NOTE:** If an SNS topic and SQS queue are in different AWS accounts and different AWS regions, the subscription needs to be initiated from the account with the SQS queue but in the region of the SNS topic.\n\n\u003e **NOTE:** You cannot unsubscribe to a subscription that is pending confirmation. If you use `email`, `email-json`, or `http`/`https` (without auto-confirmation enabled), until the subscription is confirmed (e.g., outside of this provider), AWS does not allow this provider to delete / unsubscribe the subscription. If you `destroy` an unconfirmed subscription, this provider will remove the subscription from its state but the subscription will still exist in AWS. However, if you delete an SNS topic, SNS [deletes all the subscriptions](https://docs.aws.amazon.com/sns/latest/dg/sns-delete-subscription-topic.html) associated with the topic. Also, you can import a subscription after confirmation and then have the capability to delete it.\n\n{{% examples %}}\n## Example Usage\n{{% example %}}\n\nYou can directly supply a topic and ARN by hand in the `topic_arn` property along with the queue ARN:\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst userUpdatesSqsTarget = new aws.sns.TopicSubscription(\"userUpdatesSqsTarget\", {\n endpoint: \"arn:aws:sqs:us-west-2:432981146916:queue-too\",\n protocol: \"sqs\",\n topic: \"arn:aws:sns:us-west-2:432981146916:user-updates-topic\",\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nuser_updates_sqs_target = aws.sns.TopicSubscription(\"userUpdatesSqsTarget\",\n endpoint=\"arn:aws:sqs:us-west-2:432981146916:queue-too\",\n protocol=\"sqs\",\n topic=\"arn:aws:sns:us-west-2:432981146916:user-updates-topic\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var userUpdatesSqsTarget = new Aws.Sns.TopicSubscription(\"userUpdatesSqsTarget\", new()\n {\n Endpoint = \"arn:aws:sqs:us-west-2:432981146916:queue-too\",\n Protocol = \"sqs\",\n Topic = \"arn:aws:sns:us-west-2:432981146916:user-updates-topic\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/sns\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := sns.NewTopicSubscription(ctx, \"userUpdatesSqsTarget\", \u0026sns.TopicSubscriptionArgs{\n\t\t\tEndpoint: pulumi.String(\"arn:aws:sqs:us-west-2:432981146916:queue-too\"),\n\t\t\tProtocol: pulumi.String(\"sqs\"),\n\t\t\tTopic: pulumi.Any(\"arn:aws:sns:us-west-2:432981146916:user-updates-topic\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.aws.sns.TopicSubscription;\nimport com.pulumi.aws.sns.TopicSubscriptionArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var userUpdatesSqsTarget = new TopicSubscription(\"userUpdatesSqsTarget\", TopicSubscriptionArgs.builder() \n .endpoint(\"arn:aws:sqs:us-west-2:432981146916:queue-too\")\n .protocol(\"sqs\")\n .topic(\"arn:aws:sns:us-west-2:432981146916:user-updates-topic\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n userUpdatesSqsTarget:\n type: aws:sns:TopicSubscription\n properties:\n endpoint: arn:aws:sqs:us-west-2:432981146916:queue-too\n protocol: sqs\n topic: arn:aws:sns:us-west-2:432981146916:user-updates-topic\n```\n\nAlternatively you can use the ARN properties of a managed SNS topic and SQS queue:\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst userUpdates = new aws.sns.Topic(\"userUpdates\", {});\nconst userUpdatesQueue = new aws.sqs.Queue(\"userUpdatesQueue\", {});\nconst userUpdatesSqsTarget = new aws.sns.TopicSubscription(\"userUpdatesSqsTarget\", {\n topic: userUpdates.arn,\n protocol: \"sqs\",\n endpoint: userUpdatesQueue.arn,\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nuser_updates = aws.sns.Topic(\"userUpdates\")\nuser_updates_queue = aws.sqs.Queue(\"userUpdatesQueue\")\nuser_updates_sqs_target = aws.sns.TopicSubscription(\"userUpdatesSqsTarget\",\n topic=user_updates.arn,\n protocol=\"sqs\",\n endpoint=user_updates_queue.arn)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var userUpdates = new Aws.Sns.Topic(\"userUpdates\");\n\n var userUpdatesQueue = new Aws.Sqs.Queue(\"userUpdatesQueue\");\n\n var userUpdatesSqsTarget = new Aws.Sns.TopicSubscription(\"userUpdatesSqsTarget\", new()\n {\n Topic = userUpdates.Arn,\n Protocol = \"sqs\",\n Endpoint = userUpdatesQueue.Arn,\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/sns\"\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/sqs\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tuserUpdates, err := sns.NewTopic(ctx, \"userUpdates\", nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tuserUpdatesQueue, err := sqs.NewQueue(ctx, \"userUpdatesQueue\", nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = sns.NewTopicSubscription(ctx, \"userUpdatesSqsTarget\", \u0026sns.TopicSubscriptionArgs{\n\t\t\tTopic: userUpdates.Arn,\n\t\t\tProtocol: pulumi.String(\"sqs\"),\n\t\t\tEndpoint: userUpdatesQueue.Arn,\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.aws.sns.Topic;\nimport com.pulumi.aws.sqs.Queue;\nimport com.pulumi.aws.sns.TopicSubscription;\nimport com.pulumi.aws.sns.TopicSubscriptionArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var userUpdates = new Topic(\"userUpdates\");\n\n var userUpdatesQueue = new Queue(\"userUpdatesQueue\");\n\n var userUpdatesSqsTarget = new TopicSubscription(\"userUpdatesSqsTarget\", TopicSubscriptionArgs.builder() \n .topic(userUpdates.arn())\n .protocol(\"sqs\")\n .endpoint(userUpdatesQueue.arn())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n userUpdates:\n type: aws:sns:Topic\n userUpdatesQueue:\n type: aws:sqs:Queue\n userUpdatesSqsTarget:\n type: aws:sns:TopicSubscription\n properties:\n topic: ${userUpdates.arn}\n protocol: sqs\n endpoint: ${userUpdatesQueue.arn}\n```\n\nYou can subscribe SNS topics to SQS queues in different Amazon accounts and regions:\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst config = new pulumi.Config();\nconst sns = config.getObject(\"sns\") || {\n \"account-id\": \"111111111111\",\n \"role-name\": \"service/service\",\n name: \"example-sns-topic\",\n display_name: \"example\",\n region: \"us-west-1\",\n};\nconst sqs = config.getObject(\"sqs\") || {\n \"account-id\": \"222222222222\",\n \"role-name\": \"service/service\",\n name: \"example-sqs-queue\",\n region: \"us-east-1\",\n};\nconst sns-topic-policy = aws.iam.getPolicyDocument({\n policyId: \"__default_policy_ID\",\n statements: [\n {\n actions: [\n \"SNS:Subscribe\",\n \"SNS:SetTopicAttributes\",\n \"SNS:RemovePermission\",\n \"SNS:Publish\",\n \"SNS:ListSubscriptionsByTopic\",\n \"SNS:GetTopicAttributes\",\n \"SNS:DeleteTopic\",\n \"SNS:AddPermission\",\n ],\n conditions: [{\n test: \"StringEquals\",\n variable: \"AWS:SourceOwner\",\n values: [sns[\"account-id\"]],\n }],\n effect: \"Allow\",\n principals: [{\n type: \"AWS\",\n identifiers: [\"*\"],\n }],\n resources: [`arn:aws:sns:${sns.region}:${sns[\"account-id\"]}:${sns.name}`],\n sid: \"__default_statement_ID\",\n },\n {\n actions: [\n \"SNS:Subscribe\",\n \"SNS:Receive\",\n ],\n conditions: [{\n test: \"StringLike\",\n variable: \"SNS:Endpoint\",\n values: [`arn:aws:sqs:${sqs.region}:${sqs[\"account-id\"]}:${sqs.name}`],\n }],\n effect: \"Allow\",\n principals: [{\n type: \"AWS\",\n identifiers: [\"*\"],\n }],\n resources: [`arn:aws:sns:${sns.region}:${sns[\"account-id\"]}:${sns.name}`],\n sid: \"__console_sub_0\",\n },\n ],\n});\nconst sqs-queue-policy = aws.iam.getPolicyDocument({\n policyId: `arn:aws:sqs:${sqs.region}:${sqs[\"account-id\"]}:${sqs.name}/SQSDefaultPolicy`,\n statements: [{\n sid: \"example-sns-topic\",\n effect: \"Allow\",\n principals: [{\n type: \"AWS\",\n identifiers: [\"*\"],\n }],\n actions: [\"SQS:SendMessage\"],\n resources: [`arn:aws:sqs:${sqs.region}:${sqs[\"account-id\"]}:${sqs.name}`],\n conditions: [{\n test: \"ArnEquals\",\n variable: \"aws:SourceArn\",\n values: [`arn:aws:sns:${sns.region}:${sns[\"account-id\"]}:${sns.name}`],\n }],\n }],\n});\n// provider to manage SNS topics\nconst awsSns = new aws.Provider(\"awsSns\", {\n region: sns.region,\n assumeRole: {\n roleArn: `arn:aws:iam::${sns[\"account-id\"]}:role/${sns[\"role-name\"]}`,\n sessionName: `sns-${sns.region}`,\n },\n});\n// provider to manage SQS queues\nconst awsSqs = new aws.Provider(\"awsSqs\", {\n region: sqs.region,\n assumeRole: {\n roleArn: `arn:aws:iam::${sqs[\"account-id\"]}:role/${sqs[\"role-name\"]}`,\n sessionName: `sqs-${sqs.region}`,\n },\n});\n// provider to subscribe SQS to SNS (using the SQS account but the SNS region)\nconst sns2sqs = new aws.Provider(\"sns2sqs\", {\n region: sns.region,\n assumeRole: {\n roleArn: `arn:aws:iam::${sqs[\"account-id\"]}:role/${sqs[\"role-name\"]}`,\n sessionName: `sns2sqs-${sns.region}`,\n },\n});\nconst sns_topicTopic = new aws.sns.Topic(\"sns-topicTopic\", {\n displayName: sns.display_name,\n policy: sns_topic_policy.then(sns_topic_policy =\u003e sns_topic_policy.json),\n}, {\n provider: aws.sns,\n});\nconst sqs_queue = new aws.sqs.Queue(\"sqs-queue\", {policy: sqs_queue_policy.then(sqs_queue_policy =\u003e sqs_queue_policy.json)}, {\n provider: aws.sqs,\n});\nconst sns_topicTopicSubscription = new aws.sns.TopicSubscription(\"sns-topicTopicSubscription\", {\n topic: sns_topicTopic.arn,\n protocol: \"sqs\",\n endpoint: sqs_queue.arn,\n}, {\n provider: aws.sns2sqs,\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nconfig = pulumi.Config()\nsns = config.get_object(\"sns\")\nif sns is None:\n sns = {\n \"account-id\": \"111111111111\",\n \"role-name\": \"service/service\",\n \"name\": \"example-sns-topic\",\n \"display_name\": \"example\",\n \"region\": \"us-west-1\",\n }\nsqs = config.get_object(\"sqs\")\nif sqs is None:\n sqs = {\n \"account-id\": \"222222222222\",\n \"role-name\": \"service/service\",\n \"name\": \"example-sqs-queue\",\n \"region\": \"us-east-1\",\n }\nsns_topic_policy = aws.iam.get_policy_document(policy_id=\"__default_policy_ID\",\n statements=[\n aws.iam.GetPolicyDocumentStatementArgs(\n actions=[\n \"SNS:Subscribe\",\n \"SNS:SetTopicAttributes\",\n \"SNS:RemovePermission\",\n \"SNS:Publish\",\n \"SNS:ListSubscriptionsByTopic\",\n \"SNS:GetTopicAttributes\",\n \"SNS:DeleteTopic\",\n \"SNS:AddPermission\",\n ],\n conditions=[aws.iam.GetPolicyDocumentStatementConditionArgs(\n test=\"StringEquals\",\n variable=\"AWS:SourceOwner\",\n values=[sns[\"account-id\"]],\n )],\n effect=\"Allow\",\n principals=[aws.iam.GetPolicyDocumentStatementPrincipalArgs(\n type=\"AWS\",\n identifiers=[\"*\"],\n )],\n resources=[f\"arn:aws:sns:{sns['region']}:{sns['account-id']}:{sns['name']}\"],\n sid=\"__default_statement_ID\",\n ),\n aws.iam.GetPolicyDocumentStatementArgs(\n actions=[\n \"SNS:Subscribe\",\n \"SNS:Receive\",\n ],\n conditions=[aws.iam.GetPolicyDocumentStatementConditionArgs(\n test=\"StringLike\",\n variable=\"SNS:Endpoint\",\n values=[f\"arn:aws:sqs:{sqs['region']}:{sqs['account-id']}:{sqs['name']}\"],\n )],\n effect=\"Allow\",\n principals=[aws.iam.GetPolicyDocumentStatementPrincipalArgs(\n type=\"AWS\",\n identifiers=[\"*\"],\n )],\n resources=[f\"arn:aws:sns:{sns['region']}:{sns['account-id']}:{sns['name']}\"],\n sid=\"__console_sub_0\",\n ),\n ])\nsqs_queue_policy = aws.iam.get_policy_document(policy_id=f\"arn:aws:sqs:{sqs['region']}:{sqs['account-id']}:{sqs['name']}/SQSDefaultPolicy\",\n statements=[aws.iam.GetPolicyDocumentStatementArgs(\n sid=\"example-sns-topic\",\n effect=\"Allow\",\n principals=[aws.iam.GetPolicyDocumentStatementPrincipalArgs(\n type=\"AWS\",\n identifiers=[\"*\"],\n )],\n actions=[\"SQS:SendMessage\"],\n resources=[f\"arn:aws:sqs:{sqs['region']}:{sqs['account-id']}:{sqs['name']}\"],\n conditions=[aws.iam.GetPolicyDocumentStatementConditionArgs(\n test=\"ArnEquals\",\n variable=\"aws:SourceArn\",\n values=[f\"arn:aws:sns:{sns['region']}:{sns['account-id']}:{sns['name']}\"],\n )],\n )])\n# provider to manage SNS topics\naws_sns = aws.Provider(\"awsSns\",\n region=sns[\"region\"],\n assume_role=aws.ProviderAssumeRoleArgs(\n role_arn=f\"arn:aws:iam::{sns['account-id']}:role/{sns['role-name']}\",\n session_name=f\"sns-{sns['region']}\",\n ))\n# provider to manage SQS queues\naws_sqs = aws.Provider(\"awsSqs\",\n region=sqs[\"region\"],\n assume_role=aws.ProviderAssumeRoleArgs(\n role_arn=f\"arn:aws:iam::{sqs['account-id']}:role/{sqs['role-name']}\",\n session_name=f\"sqs-{sqs['region']}\",\n ))\n# provider to subscribe SQS to SNS (using the SQS account but the SNS region)\nsns2sqs = aws.Provider(\"sns2sqs\",\n region=sns[\"region\"],\n assume_role=aws.ProviderAssumeRoleArgs(\n role_arn=f\"arn:aws:iam::{sqs['account-id']}:role/{sqs['role-name']}\",\n session_name=f\"sns2sqs-{sns['region']}\",\n ))\nsns_topic_topic = aws.sns.Topic(\"sns-topicTopic\",\n display_name=sns[\"display_name\"],\n policy=sns_topic_policy.json,\n opts=pulumi.ResourceOptions(provider=aws[\"sns\"]))\nsqs_queue = aws.sqs.Queue(\"sqs-queue\", policy=sqs_queue_policy.json,\nopts=pulumi.ResourceOptions(provider=aws[\"sqs\"]))\nsns_topic_topic_subscription = aws.sns.TopicSubscription(\"sns-topicTopicSubscription\",\n topic=sns_topic_topic.arn,\n protocol=\"sqs\",\n endpoint=sqs_queue.arn,\n opts=pulumi.ResourceOptions(provider=aws[\"sns2sqs\"]))\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var config = new Config();\n var sns = config.GetObject\u003cdynamic\u003e(\"sns\") ?? \n {\n { \"account-id\", \"111111111111\" },\n { \"role-name\", \"service/service\" },\n { \"name\", \"example-sns-topic\" },\n { \"display_name\", \"example\" },\n { \"region\", \"us-west-1\" },\n };\n var sqs = config.GetObject\u003cdynamic\u003e(\"sqs\") ?? \n {\n { \"account-id\", \"222222222222\" },\n { \"role-name\", \"service/service\" },\n { \"name\", \"example-sqs-queue\" },\n { \"region\", \"us-east-1\" },\n };\n var sns_topic_policy = Aws.Iam.GetPolicyDocument.Invoke(new()\n {\n PolicyId = \"__default_policy_ID\",\n Statements = new[]\n {\n new Aws.Iam.Inputs.GetPolicyDocumentStatementInputArgs\n {\n Actions = new[]\n {\n \"SNS:Subscribe\",\n \"SNS:SetTopicAttributes\",\n \"SNS:RemovePermission\",\n \"SNS:Publish\",\n \"SNS:ListSubscriptionsByTopic\",\n \"SNS:GetTopicAttributes\",\n \"SNS:DeleteTopic\",\n \"SNS:AddPermission\",\n },\n Conditions = new[]\n {\n new Aws.Iam.Inputs.GetPolicyDocumentStatementConditionInputArgs\n {\n Test = \"StringEquals\",\n Variable = \"AWS:SourceOwner\",\n Values = new[]\n {\n sns.Account_id,\n },\n },\n },\n Effect = \"Allow\",\n Principals = new[]\n {\n new Aws.Iam.Inputs.GetPolicyDocumentStatementPrincipalInputArgs\n {\n Type = \"AWS\",\n Identifiers = new[]\n {\n \"*\",\n },\n },\n },\n Resources = new[]\n {\n $\"arn:aws:sns:{sns.Region}:{sns.Account_id}:{sns.Name}\",\n },\n Sid = \"__default_statement_ID\",\n },\n new Aws.Iam.Inputs.GetPolicyDocumentStatementInputArgs\n {\n Actions = new[]\n {\n \"SNS:Subscribe\",\n \"SNS:Receive\",\n },\n Conditions = new[]\n {\n new Aws.Iam.Inputs.GetPolicyDocumentStatementConditionInputArgs\n {\n Test = \"StringLike\",\n Variable = \"SNS:Endpoint\",\n Values = new[]\n {\n $\"arn:aws:sqs:{sqs.Region}:{sqs.Account_id}:{sqs.Name}\",\n },\n },\n },\n Effect = \"Allow\",\n Principals = new[]\n {\n new Aws.Iam.Inputs.GetPolicyDocumentStatementPrincipalInputArgs\n {\n Type = \"AWS\",\n Identifiers = new[]\n {\n \"*\",\n },\n },\n },\n Resources = new[]\n {\n $\"arn:aws:sns:{sns.Region}:{sns.Account_id}:{sns.Name}\",\n },\n Sid = \"__console_sub_0\",\n },\n },\n });\n\n var sqs_queue_policy = Aws.Iam.GetPolicyDocument.Invoke(new()\n {\n PolicyId = $\"arn:aws:sqs:{sqs.Region}:{sqs.Account_id}:{sqs.Name}/SQSDefaultPolicy\",\n Statements = new[]\n {\n new Aws.Iam.Inputs.GetPolicyDocumentStatementInputArgs\n {\n Sid = \"example-sns-topic\",\n Effect = \"Allow\",\n Principals = new[]\n {\n new Aws.Iam.Inputs.GetPolicyDocumentStatementPrincipalInputArgs\n {\n Type = \"AWS\",\n Identifiers = new[]\n {\n \"*\",\n },\n },\n },\n Actions = new[]\n {\n \"SQS:SendMessage\",\n },\n Resources = new[]\n {\n $\"arn:aws:sqs:{sqs.Region}:{sqs.Account_id}:{sqs.Name}\",\n },\n Conditions = new[]\n {\n new Aws.Iam.Inputs.GetPolicyDocumentStatementConditionInputArgs\n {\n Test = \"ArnEquals\",\n Variable = \"aws:SourceArn\",\n Values = new[]\n {\n $\"arn:aws:sns:{sns.Region}:{sns.Account_id}:{sns.Name}\",\n },\n },\n },\n },\n },\n });\n\n // provider to manage SNS topics\n var awsSns = new Aws.Provider(\"awsSns\", new()\n {\n Region = sns.Region,\n AssumeRole = new Aws.Inputs.ProviderAssumeRoleArgs\n {\n RoleArn = $\"arn:aws:iam::{sns.Account_id}:role/{sns.Role_name}\",\n SessionName = $\"sns-{sns.Region}\",\n },\n });\n\n // provider to manage SQS queues\n var awsSqs = new Aws.Provider(\"awsSqs\", new()\n {\n Region = sqs.Region,\n AssumeRole = new Aws.Inputs.ProviderAssumeRoleArgs\n {\n RoleArn = $\"arn:aws:iam::{sqs.Account_id}:role/{sqs.Role_name}\",\n SessionName = $\"sqs-{sqs.Region}\",\n },\n });\n\n // provider to subscribe SQS to SNS (using the SQS account but the SNS region)\n var sns2sqs = new Aws.Provider(\"sns2sqs\", new()\n {\n Region = sns.Region,\n AssumeRole = new Aws.Inputs.ProviderAssumeRoleArgs\n {\n RoleArn = $\"arn:aws:iam::{sqs.Account_id}:role/{sqs.Role_name}\",\n SessionName = $\"sns2sqs-{sns.Region}\",\n },\n });\n\n var sns_topicTopic = new Aws.Sns.Topic(\"sns-topicTopic\", new()\n {\n DisplayName = sns.Display_name,\n Policy = sns_topic_policy.Apply(sns_topic_policy =\u003e sns_topic_policy.Apply(getPolicyDocumentResult =\u003e getPolicyDocumentResult.Json)),\n }, new CustomResourceOptions\n {\n Provider = aws.Sns,\n });\n\n var sqs_queue = new Aws.Sqs.Queue(\"sqs-queue\", new()\n {\n Policy = sqs_queue_policy.Apply(sqs_queue_policy =\u003e sqs_queue_policy.Apply(getPolicyDocumentResult =\u003e getPolicyDocumentResult.Json)),\n }, new CustomResourceOptions\n {\n Provider = aws.Sqs,\n });\n\n var sns_topicTopicSubscription = new Aws.Sns.TopicSubscription(\"sns-topicTopicSubscription\", new()\n {\n Topic = sns_topicTopic.Arn,\n Protocol = \"sqs\",\n Endpoint = sqs_queue.Arn,\n }, new CustomResourceOptions\n {\n Provider = aws.Sns2sqs,\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\"fmt\"\n\n\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws\"\n\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/iam\"\n\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/sns\"\n\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/sqs\"\n\"github.com/pulumi/pulumi/sdk/v3/go/pulumi/config\"\n)\nfunc main() {\npulumi.Run(func(ctx *pulumi.Context) error {\ncfg := config.New(ctx, \"\")\nsns := map[string]interface{}{\n\"account-id\": \"111111111111\",\n\"role-name\": \"service/service\",\n\"name\": \"example-sns-topic\",\n\"display_name\": \"example\",\n\"region\": \"us-west-1\",\n};\nif param := cfg.GetBool(\"sns\"); param != nil {\nsns = param\n}\nsqs := map[string]interface{}{\n\"account-id\": \"222222222222\",\n\"role-name\": \"service/service\",\n\"name\": \"example-sqs-queue\",\n\"region\": \"us-east-1\",\n};\nif param := cfg.GetBool(\"sqs\"); param != nil {\nsqs = param\n}\nsns_topic_policy, err := iam.GetPolicyDocument(ctx, \u0026iam.GetPolicyDocumentArgs{\nPolicyId: pulumi.StringRef(\"__default_policy_ID\"),\nStatements: []iam.GetPolicyDocumentStatement{\n{\nActions: []string{\n\"SNS:Subscribe\",\n\"SNS:SetTopicAttributes\",\n\"SNS:RemovePermission\",\n\"SNS:Publish\",\n\"SNS:ListSubscriptionsByTopic\",\n\"SNS:GetTopicAttributes\",\n\"SNS:DeleteTopic\",\n\"SNS:AddPermission\",\n},\nConditions: []iam.GetPolicyDocumentStatementCondition{\n{\nTest: \"StringEquals\",\nVariable: \"AWS:SourceOwner\",\nValues: interface{}{\nsns.AccountId,\n},\n},\n},\nEffect: pulumi.StringRef(\"Allow\"),\nPrincipals: []iam.GetPolicyDocumentStatementPrincipal{\n{\nType: \"AWS\",\nIdentifiers: []string{\n\"*\",\n},\n},\n},\nResources: []string{\nfmt.Sprintf(\"arn:aws:sns:%v:%v:%v\", sns.Region, sns.AccountId, sns.Name),\n},\nSid: pulumi.StringRef(\"__default_statement_ID\"),\n},\n{\nActions: []string{\n\"SNS:Subscribe\",\n\"SNS:Receive\",\n},\nConditions: []iam.GetPolicyDocumentStatementCondition{\n{\nTest: \"StringLike\",\nVariable: \"SNS:Endpoint\",\nValues: []string{\nfmt.Sprintf(\"arn:aws:sqs:%v:%v:%v\", sqs.Region, sqs.AccountId, sqs.Name),\n},\n},\n},\nEffect: pulumi.StringRef(\"Allow\"),\nPrincipals: []iam.GetPolicyDocumentStatementPrincipal{\n{\nType: \"AWS\",\nIdentifiers: []string{\n\"*\",\n},\n},\n},\nResources: []string{\nfmt.Sprintf(\"arn:aws:sns:%v:%v:%v\", sns.Region, sns.AccountId, sns.Name),\n},\nSid: pulumi.StringRef(\"__console_sub_0\"),\n},\n},\n}, nil);\nif err != nil {\nreturn err\n}\nsqs_queue_policy, err := iam.GetPolicyDocument(ctx, \u0026iam.GetPolicyDocumentArgs{\nPolicyId: pulumi.StringRef(fmt.Sprintf(\"arn:aws:sqs:%v:%v:%v/SQSDefaultPolicy\", sqs.Region, sqs.AccountId, sqs.Name)),\nStatements: []iam.GetPolicyDocumentStatement{\n{\nSid: pulumi.StringRef(\"example-sns-topic\"),\nEffect: pulumi.StringRef(\"Allow\"),\nPrincipals: []iam.GetPolicyDocumentStatementPrincipal{\n{\nType: \"AWS\",\nIdentifiers: []string{\n\"*\",\n},\n},\n},\nActions: []string{\n\"SQS:SendMessage\",\n},\nResources: []string{\nfmt.Sprintf(\"arn:aws:sqs:%v:%v:%v\", sqs.Region, sqs.AccountId, sqs.Name),\n},\nConditions: []iam.GetPolicyDocumentStatementCondition{\n{\nTest: \"ArnEquals\",\nVariable: \"aws:SourceArn\",\nValues: []string{\nfmt.Sprintf(\"arn:aws:sns:%v:%v:%v\", sns.Region, sns.AccountId, sns.Name),\n},\n},\n},\n},\n},\n}, nil);\nif err != nil {\nreturn err\n}\n_, err = aws.NewProvider(ctx, \"awsSns\", \u0026aws.ProviderArgs{\nRegion: *pulumi.String(sns.Region),\nAssumeRole: \u0026aws.ProviderAssumeRoleArgs{\nRoleArn: pulumi.String(fmt.Sprintf(\"arn:aws:iam::%v:role/%v\", sns.AccountId, sns.RoleName)),\nSessionName: pulumi.String(fmt.Sprintf(\"sns-%v\", sns.Region)),\n},\n})\nif err != nil {\nreturn err\n}\n_, err = aws.NewProvider(ctx, \"awsSqs\", \u0026aws.ProviderArgs{\nRegion: *pulumi.String(sqs.Region),\nAssumeRole: \u0026aws.ProviderAssumeRoleArgs{\nRoleArn: pulumi.String(fmt.Sprintf(\"arn:aws:iam::%v:role/%v\", sqs.AccountId, sqs.RoleName)),\nSessionName: pulumi.String(fmt.Sprintf(\"sqs-%v\", sqs.Region)),\n},\n})\nif err != nil {\nreturn err\n}\n_, err = aws.NewProvider(ctx, \"sns2sqs\", \u0026aws.ProviderArgs{\nRegion: *pulumi.String(sns.Region),\nAssumeRole: \u0026aws.ProviderAssumeRoleArgs{\nRoleArn: pulumi.String(fmt.Sprintf(\"arn:aws:iam::%v:role/%v\", sqs.AccountId, sqs.RoleName)),\nSessionName: pulumi.String(fmt.Sprintf(\"sns2sqs-%v\", sns.Region)),\n},\n})\nif err != nil {\nreturn err\n}\n_, err = sns.NewTopic(ctx, \"sns-topicTopic\", \u0026sns.TopicArgs{\nDisplayName: *pulumi.String(sns.Display_name),\nPolicy: *pulumi.String(sns_topic_policy.Json),\n}, pulumi.Provider(aws.Sns))\nif err != nil {\nreturn err\n}\n_, err = sqs.NewQueue(ctx, \"sqs-queue\", \u0026sqs.QueueArgs{\nPolicy: *pulumi.String(sqs_queue_policy.Json),\n}, pulumi.Provider(aws.Sqs))\nif err != nil {\nreturn err\n}\n_, err = sns.NewTopicSubscription(ctx, \"sns-topicTopicSubscription\", \u0026sns.TopicSubscriptionArgs{\nTopic: sns_topicTopic.Arn,\nProtocol: pulumi.String(\"sqs\"),\nEndpoint: sqs_queue.Arn,\n}, pulumi.Provider(aws.Sns2sqs))\nif err != nil {\nreturn err\n}\nreturn nil\n})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.aws.iam.IamFunctions;\nimport com.pulumi.aws.iam.inputs.GetPolicyDocumentArgs;\nimport com.pulumi.aws.Provider;\nimport com.pulumi.aws.ProviderArgs;\nimport com.pulumi.aws.inputs.ProviderAssumeRoleArgs;\nimport com.pulumi.aws.sns.Topic;\nimport com.pulumi.aws.sns.TopicArgs;\nimport com.pulumi.aws.sqs.Queue;\nimport com.pulumi.aws.sqs.QueueArgs;\nimport com.pulumi.aws.sns.TopicSubscription;\nimport com.pulumi.aws.sns.TopicSubscriptionArgs;\nimport com.pulumi.resources.CustomResourceOptions;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var config = ctx.config();\n final var sns = config.get(\"sns\").orElse(%!v(PANIC=Format method: runtime error: invalid memory address or nil pointer dereference));\n final var sqs = config.get(\"sqs\").orElse(%!v(PANIC=Format method: runtime error: invalid memory address or nil pointer dereference));\n final var sns-topic-policy = IamFunctions.getPolicyDocument(GetPolicyDocumentArgs.builder()\n .policyId(\"__default_policy_ID\")\n .statements( \n GetPolicyDocumentStatementArgs.builder()\n .actions( \n \"SNS:Subscribe\",\n \"SNS:SetTopicAttributes\",\n \"SNS:RemovePermission\",\n \"SNS:Publish\",\n \"SNS:ListSubscriptionsByTopic\",\n \"SNS:GetTopicAttributes\",\n \"SNS:DeleteTopic\",\n \"SNS:AddPermission\")\n .conditions(GetPolicyDocumentStatementConditionArgs.builder()\n .test(\"StringEquals\")\n .variable(\"AWS:SourceOwner\")\n .values(sns.account-id())\n .build())\n .effect(\"Allow\")\n .principals(GetPolicyDocumentStatementPrincipalArgs.builder()\n .type(\"AWS\")\n .identifiers(\"*\")\n .build())\n .resources(String.format(\"arn:aws:sns:%s:%s:%s\", sns.region(),sns.account-id(),sns.name()))\n .sid(\"__default_statement_ID\")\n .build(),\n GetPolicyDocumentStatementArgs.builder()\n .actions( \n \"SNS:Subscribe\",\n \"SNS:Receive\")\n .conditions(GetPolicyDocumentStatementConditionArgs.builder()\n .test(\"StringLike\")\n .variable(\"SNS:Endpoint\")\n .values(String.format(\"arn:aws:sqs:%s:%s:%s\", sqs.region(),sqs.account-id(),sqs.name()))\n .build())\n .effect(\"Allow\")\n .principals(GetPolicyDocumentStatementPrincipalArgs.builder()\n .type(\"AWS\")\n .identifiers(\"*\")\n .build())\n .resources(String.format(\"arn:aws:sns:%s:%s:%s\", sns.region(),sns.account-id(),sns.name()))\n .sid(\"__console_sub_0\")\n .build())\n .build());\n\n final var sqs-queue-policy = IamFunctions.getPolicyDocument(GetPolicyDocumentArgs.builder()\n .policyId(String.format(\"arn:aws:sqs:%s:%s:%s/SQSDefaultPolicy\", sqs.region(),sqs.account-id(),sqs.name()))\n .statements(GetPolicyDocumentStatementArgs.builder()\n .sid(\"example-sns-topic\")\n .effect(\"Allow\")\n .principals(GetPolicyDocumentStatementPrincipalArgs.builder()\n .type(\"AWS\")\n .identifiers(\"*\")\n .build())\n .actions(\"SQS:SendMessage\")\n .resources(String.format(\"arn:aws:sqs:%s:%s:%s\", sqs.region(),sqs.account-id(),sqs.name()))\n .conditions(GetPolicyDocumentStatementConditionArgs.builder()\n .test(\"ArnEquals\")\n .variable(\"aws:SourceArn\")\n .values(String.format(\"arn:aws:sns:%s:%s:%s\", sns.region(),sns.account-id(),sns.name()))\n .build())\n .build())\n .build());\n\n var awsSns = new Provider(\"awsSns\", ProviderArgs.builder() \n .region(sns.region())\n .assumeRole(ProviderAssumeRoleArgs.builder()\n .roleArn(String.format(\"arn:aws:iam::%s:role/%s\", sns.account-id(),sns.role-name()))\n .sessionName(String.format(\"sns-%s\", sns.region()))\n .build())\n .build());\n\n var awsSqs = new Provider(\"awsSqs\", ProviderArgs.builder() \n .region(sqs.region())\n .assumeRole(ProviderAssumeRoleArgs.builder()\n .roleArn(String.format(\"arn:aws:iam::%s:role/%s\", sqs.account-id(),sqs.role-name()))\n .sessionName(String.format(\"sqs-%s\", sqs.region()))\n .build())\n .build());\n\n var sns2sqs = new Provider(\"sns2sqs\", ProviderArgs.builder() \n .region(sns.region())\n .assumeRole(ProviderAssumeRoleArgs.builder()\n .roleArn(String.format(\"arn:aws:iam::%s:role/%s\", sqs.account-id(),sqs.role-name()))\n .sessionName(String.format(\"sns2sqs-%s\", sns.region()))\n .build())\n .build());\n\n var sns_topicTopic = new Topic(\"sns-topicTopic\", TopicArgs.builder() \n .displayName(sns.display_name())\n .policy(sns_topic_policy.json())\n .build(), CustomResourceOptions.builder()\n .provider(aws.sns())\n .build());\n\n var sqs_queue = new Queue(\"sqs-queue\", QueueArgs.builder() \n .policy(sqs_queue_policy.json())\n .build(), CustomResourceOptions.builder()\n .provider(aws.sqs())\n .build());\n\n var sns_topicTopicSubscription = new TopicSubscription(\"sns-topicTopicSubscription\", TopicSubscriptionArgs.builder() \n .topic(sns_topicTopic.arn())\n .protocol(\"sqs\")\n .endpoint(sqs_queue.arn())\n .build(), CustomResourceOptions.builder()\n .provider(aws.sns2sqs())\n .build());\n\n }\n}\n```\n```yaml\nconfiguration:\n sns:\n type: object({account-id = union(none, string), display_name = union(none, string), name = union(none, string), region = union(none, string), role-name = union(none, string)})\n default:\n account-id: '111111111111'\n role-name: service/service\n name: example-sns-topic\n display_name: example\n region: us-west-1\n sqs:\n type: object({account-id = union(none, string), name = union(none, string), region = union(none, string), role-name = union(none, string)})\n default:\n account-id: '222222222222'\n role-name: service/service\n name: example-sqs-queue\n region: us-east-1\nresources:\n # provider to manage SNS topics\n awsSns:\n type: pulumi:providers:aws\n properties:\n region: ${sns.region}\n assumeRole:\n roleArn: arn:aws:iam::${sns\"account-id\"[%!s(MISSING)]}:role/${sns\"role-name\"[%!s(MISSING)]}\n sessionName: sns-${sns.region}\n # provider to manage SQS queues\n awsSqs:\n type: pulumi:providers:aws\n properties:\n region: ${sqs.region}\n assumeRole:\n roleArn: arn:aws:iam::${sqs\"account-id\"[%!s(MISSING)]}:role/${sqs\"role-name\"[%!s(MISSING)]}\n sessionName: sqs-${sqs.region}\n # provider to subscribe SQS to SNS (using the SQS account but the SNS region)\n sns2sqs:\n type: pulumi:providers:aws\n properties:\n region: ${sns.region}\n assumeRole:\n roleArn: arn:aws:iam::${sqs\"account-id\"[%!s(MISSING)]}:role/${sqs\"role-name\"[%!s(MISSING)]}\n sessionName: sns2sqs-${sns.region}\n sns-topicTopic:\n type: aws:sns:Topic\n properties:\n displayName: ${sns.display_name}\n policy: ${[\"sns-topic-policy\"].json}\n options:\n provider: ${aws.sns}\n sqs-queue:\n type: aws:sqs:Queue\n properties:\n policy: ${[\"sqs-queue-policy\"].json}\n options:\n provider: ${aws.sqs}\n sns-topicTopicSubscription:\n type: aws:sns:TopicSubscription\n properties:\n topic: ${[\"sns-topicTopic\"].arn}\n protocol: sqs\n endpoint: ${[\"sqs-queue\"].arn}\n options:\n provider: ${aws.sns2sqs}\nvariables:\n sns-topic-policy:\n fn::invoke:\n Function: aws:iam:getPolicyDocument\n Arguments:\n policyId: __default_policy_ID\n statements:\n - actions:\n - SNS:Subscribe\n - SNS:SetTopicAttributes\n - SNS:RemovePermission\n - SNS:Publish\n - SNS:ListSubscriptionsByTopic\n - SNS:GetTopicAttributes\n - SNS:DeleteTopic\n - SNS:AddPermission\n conditions:\n - test: StringEquals\n variable: AWS:SourceOwner\n values:\n - ${sns\"account-id\"[%!s(MISSING)]}\n effect: Allow\n principals:\n - type: AWS\n identifiers:\n - '*'\n resources:\n - arn:aws:sns:${sns.region}:${sns\"account-id\"[%!s(MISSING)]}:${sns.name}\n sid: __default_statement_ID\n - actions:\n - SNS:Subscribe\n - SNS:Receive\n conditions:\n - test: StringLike\n variable: SNS:Endpoint\n values:\n - arn:aws:sqs:${sqs.region}:${sqs\"account-id\"[%!s(MISSING)]}:${sqs.name}\n effect: Allow\n principals:\n - type: AWS\n identifiers:\n - '*'\n resources:\n - arn:aws:sns:${sns.region}:${sns\"account-id\"[%!s(MISSING)]}:${sns.name}\n sid: __console_sub_0\n sqs-queue-policy:\n fn::invoke:\n Function: aws:iam:getPolicyDocument\n Arguments:\n policyId: arn:aws:sqs:${sqs.region}:${sqs\"account-id\"[%!s(MISSING)]}:${sqs.name}/SQSDefaultPolicy\n statements:\n - sid: example-sns-topic\n effect: Allow\n principals:\n - type: AWS\n identifiers:\n - '*'\n actions:\n - SQS:SendMessage\n resources:\n - arn:aws:sqs:${sqs.region}:${sqs\"account-id\"[%!s(MISSING)]}:${sqs.name}\n conditions:\n - test: ArnEquals\n variable: aws:SourceArn\n values:\n - arn:aws:sns:${sns.region}:${sns\"account-id\"[%!s(MISSING)]}:${sns.name}\n```\n{{% /example %}}\n{{% /examples %}}\n\n## Import\n\nterraform import {\n\n to = aws_sns_topic_subscription.user_updates_sqs_target\n\n id = \"arn:aws:sns:us-west-2:0123456789012:my-topic:8a21d249-4329-4871-acc6-7be709c6ea7f\" } Using `pulumi import`, import SNS Topic Subscriptions using the subscription `arn`. For exampleconsole % pulumi import aws_sns_topic_subscription.user_updates_sqs_target arn:aws:sns:us-west-2:0123456789012:my-topic:8a21d249-4329-4871-acc6-7be709c6ea7f ", + "description": "Provides a resource for subscribing to SNS topics. Requires that an SNS topic exist for the subscription to attach to. This resource allows you to automatically place messages sent to SNS topics in SQS queues, send them as HTTP(S) POST requests to a given endpoint, send SMS messages, or notify devices / applications. The most likely use case for provider users will probably be SQS queues.\n\n\u003e **NOTE:** If the SNS topic and SQS queue are in different AWS regions, the `aws.sns.TopicSubscription` must use an AWS provider that is in the same region as the SNS topic. If the `aws.sns.TopicSubscription` uses a provider with a different region than the SNS topic, this provider will fail to create the subscription.\n\n\u003e **NOTE:** Setup of cross-account subscriptions from SNS topics to SQS queues requires the provider to have access to BOTH accounts.\n\n\u003e **NOTE:** If an SNS topic and SQS queue are in different AWS accounts but the same region, the `aws.sns.TopicSubscription` must use the AWS provider for the account with the SQS queue. If `aws.sns.TopicSubscription` uses a Provider with a different account than the SQS queue, this provider creates the subscription but does not keep state and tries to re-create the subscription at every `apply`.\n\n\u003e **NOTE:** If an SNS topic and SQS queue are in different AWS accounts and different AWS regions, the subscription needs to be initiated from the account with the SQS queue but in the region of the SNS topic.\n\n\u003e **NOTE:** You cannot unsubscribe to a subscription that is pending confirmation. If you use `email`, `email-json`, or `http`/`https` (without auto-confirmation enabled), until the subscription is confirmed (e.g., outside of this provider), AWS does not allow this provider to delete / unsubscribe the subscription. If you `destroy` an unconfirmed subscription, this provider will remove the subscription from its state but the subscription will still exist in AWS. However, if you delete an SNS topic, SNS [deletes all the subscriptions](https://docs.aws.amazon.com/sns/latest/dg/sns-delete-subscription-topic.html) associated with the topic. Also, you can import a subscription after confirmation and then have the capability to delete it.\n\n{{% examples %}}\n## Example Usage\n{{% example %}}\n\nYou can directly supply a topic and ARN by hand in the `topic_arn` property along with the queue ARN:\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst userUpdatesSqsTarget = new aws.sns.TopicSubscription(\"userUpdatesSqsTarget\", {\n endpoint: \"arn:aws:sqs:us-west-2:432981146916:queue-too\",\n protocol: \"sqs\",\n topic: \"arn:aws:sns:us-west-2:432981146916:user-updates-topic\",\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nuser_updates_sqs_target = aws.sns.TopicSubscription(\"userUpdatesSqsTarget\",\n endpoint=\"arn:aws:sqs:us-west-2:432981146916:queue-too\",\n protocol=\"sqs\",\n topic=\"arn:aws:sns:us-west-2:432981146916:user-updates-topic\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var userUpdatesSqsTarget = new Aws.Sns.TopicSubscription(\"userUpdatesSqsTarget\", new()\n {\n Endpoint = \"arn:aws:sqs:us-west-2:432981146916:queue-too\",\n Protocol = \"sqs\",\n Topic = \"arn:aws:sns:us-west-2:432981146916:user-updates-topic\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/sns\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := sns.NewTopicSubscription(ctx, \"userUpdatesSqsTarget\", \u0026sns.TopicSubscriptionArgs{\n\t\t\tEndpoint: pulumi.String(\"arn:aws:sqs:us-west-2:432981146916:queue-too\"),\n\t\t\tProtocol: pulumi.String(\"sqs\"),\n\t\t\tTopic: pulumi.Any(\"arn:aws:sns:us-west-2:432981146916:user-updates-topic\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.aws.sns.TopicSubscription;\nimport com.pulumi.aws.sns.TopicSubscriptionArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var userUpdatesSqsTarget = new TopicSubscription(\"userUpdatesSqsTarget\", TopicSubscriptionArgs.builder() \n .endpoint(\"arn:aws:sqs:us-west-2:432981146916:queue-too\")\n .protocol(\"sqs\")\n .topic(\"arn:aws:sns:us-west-2:432981146916:user-updates-topic\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n userUpdatesSqsTarget:\n type: aws:sns:TopicSubscription\n properties:\n endpoint: arn:aws:sqs:us-west-2:432981146916:queue-too\n protocol: sqs\n topic: arn:aws:sns:us-west-2:432981146916:user-updates-topic\n```\n\nAlternatively you can use the ARN properties of a managed SNS topic and SQS queue:\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst userUpdates = new aws.sns.Topic(\"userUpdates\", {});\nconst userUpdatesQueue = new aws.sqs.Queue(\"userUpdatesQueue\", {});\nconst userUpdatesSqsTarget = new aws.sns.TopicSubscription(\"userUpdatesSqsTarget\", {\n topic: userUpdates.arn,\n protocol: \"sqs\",\n endpoint: userUpdatesQueue.arn,\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nuser_updates = aws.sns.Topic(\"userUpdates\")\nuser_updates_queue = aws.sqs.Queue(\"userUpdatesQueue\")\nuser_updates_sqs_target = aws.sns.TopicSubscription(\"userUpdatesSqsTarget\",\n topic=user_updates.arn,\n protocol=\"sqs\",\n endpoint=user_updates_queue.arn)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var userUpdates = new Aws.Sns.Topic(\"userUpdates\");\n\n var userUpdatesQueue = new Aws.Sqs.Queue(\"userUpdatesQueue\");\n\n var userUpdatesSqsTarget = new Aws.Sns.TopicSubscription(\"userUpdatesSqsTarget\", new()\n {\n Topic = userUpdates.Arn,\n Protocol = \"sqs\",\n Endpoint = userUpdatesQueue.Arn,\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/sns\"\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/sqs\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tuserUpdates, err := sns.NewTopic(ctx, \"userUpdates\", nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tuserUpdatesQueue, err := sqs.NewQueue(ctx, \"userUpdatesQueue\", nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = sns.NewTopicSubscription(ctx, \"userUpdatesSqsTarget\", \u0026sns.TopicSubscriptionArgs{\n\t\t\tTopic: userUpdates.Arn,\n\t\t\tProtocol: pulumi.String(\"sqs\"),\n\t\t\tEndpoint: userUpdatesQueue.Arn,\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.aws.sns.Topic;\nimport com.pulumi.aws.sqs.Queue;\nimport com.pulumi.aws.sns.TopicSubscription;\nimport com.pulumi.aws.sns.TopicSubscriptionArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var userUpdates = new Topic(\"userUpdates\");\n\n var userUpdatesQueue = new Queue(\"userUpdatesQueue\");\n\n var userUpdatesSqsTarget = new TopicSubscription(\"userUpdatesSqsTarget\", TopicSubscriptionArgs.builder() \n .topic(userUpdates.arn())\n .protocol(\"sqs\")\n .endpoint(userUpdatesQueue.arn())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n userUpdates:\n type: aws:sns:Topic\n userUpdatesQueue:\n type: aws:sqs:Queue\n userUpdatesSqsTarget:\n type: aws:sns:TopicSubscription\n properties:\n topic: ${userUpdates.arn}\n protocol: sqs\n endpoint: ${userUpdatesQueue.arn}\n```\n\nYou can subscribe SNS topics to SQS queues in different Amazon accounts and regions:\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst config = new pulumi.Config();\nconst sns = config.getObject\u003c{account-id?: string, display_name?: string, name?: string, region?: string, role-name?: string}\u003e(\"sns\") || {\n \"account-id\": \"111111111111\",\n \"role-name\": \"service/service\",\n name: \"example-sns-topic\",\n display_name: \"example\",\n region: \"us-west-1\",\n};\nconst sqs = config.getObject\u003c{account-id?: string, name?: string, region?: string, role-name?: string}\u003e(\"sqs\") || {\n \"account-id\": \"222222222222\",\n \"role-name\": \"service/service\",\n name: \"example-sqs-queue\",\n region: \"us-east-1\",\n};\nconst sns-topic-policy = aws.iam.getPolicyDocument({\n policyId: \"__default_policy_ID\",\n statements: [\n {\n actions: [\n \"SNS:Subscribe\",\n \"SNS:SetTopicAttributes\",\n \"SNS:RemovePermission\",\n \"SNS:Publish\",\n \"SNS:ListSubscriptionsByTopic\",\n \"SNS:GetTopicAttributes\",\n \"SNS:DeleteTopic\",\n \"SNS:AddPermission\",\n ],\n conditions: [{\n test: \"StringEquals\",\n variable: \"AWS:SourceOwner\",\n values: [sns[\"account-id\"]],\n }],\n effect: \"Allow\",\n principals: [{\n type: \"AWS\",\n identifiers: [\"*\"],\n }],\n resources: [`arn:aws:sns:${sns.region}:${sns[\"account-id\"]}:${sns.name}`],\n sid: \"__default_statement_ID\",\n },\n {\n actions: [\n \"SNS:Subscribe\",\n \"SNS:Receive\",\n ],\n conditions: [{\n test: \"StringLike\",\n variable: \"SNS:Endpoint\",\n values: [`arn:aws:sqs:${sqs.region}:${sqs[\"account-id\"]}:${sqs.name}`],\n }],\n effect: \"Allow\",\n principals: [{\n type: \"AWS\",\n identifiers: [\"*\"],\n }],\n resources: [`arn:aws:sns:${sns.region}:${sns[\"account-id\"]}:${sns.name}`],\n sid: \"__console_sub_0\",\n },\n ],\n});\nconst sqs-queue-policy = aws.iam.getPolicyDocument({\n policyId: `arn:aws:sqs:${sqs.region}:${sqs[\"account-id\"]}:${sqs.name}/SQSDefaultPolicy`,\n statements: [{\n sid: \"example-sns-topic\",\n effect: \"Allow\",\n principals: [{\n type: \"AWS\",\n identifiers: [\"*\"],\n }],\n actions: [\"SQS:SendMessage\"],\n resources: [`arn:aws:sqs:${sqs.region}:${sqs[\"account-id\"]}:${sqs.name}`],\n conditions: [{\n test: \"ArnEquals\",\n variable: \"aws:SourceArn\",\n values: [`arn:aws:sns:${sns.region}:${sns[\"account-id\"]}:${sns.name}`],\n }],\n }],\n});\n// provider to manage SNS topics\nconst awsSns = new aws.Provider(\"awsSns\", {\n region: sns.region,\n assumeRole: {\n roleArn: `arn:aws:iam::${sns[\"account-id\"]}:role/${sns[\"role-name\"]}`,\n sessionName: `sns-${sns.region}`,\n },\n});\n// provider to manage SQS queues\nconst awsSqs = new aws.Provider(\"awsSqs\", {\n region: sqs.region,\n assumeRole: {\n roleArn: `arn:aws:iam::${sqs[\"account-id\"]}:role/${sqs[\"role-name\"]}`,\n sessionName: `sqs-${sqs.region}`,\n },\n});\n// provider to subscribe SQS to SNS (using the SQS account but the SNS region)\nconst sns2sqs = new aws.Provider(\"sns2sqs\", {\n region: sns.region,\n assumeRole: {\n roleArn: `arn:aws:iam::${sqs[\"account-id\"]}:role/${sqs[\"role-name\"]}`,\n sessionName: `sns2sqs-${sns.region}`,\n },\n});\nconst sns_topicTopic = new aws.sns.Topic(\"sns-topicTopic\", {\n displayName: sns.display_name,\n policy: sns_topic_policy.then(sns_topic_policy =\u003e sns_topic_policy.json),\n}, {\n provider: aws.sns,\n});\nconst sqs_queue = new aws.sqs.Queue(\"sqs-queue\", {policy: sqs_queue_policy.then(sqs_queue_policy =\u003e sqs_queue_policy.json)}, {\n provider: aws.sqs,\n});\nconst sns_topicTopicSubscription = new aws.sns.TopicSubscription(\"sns-topicTopicSubscription\", {\n topic: sns_topicTopic.arn,\n protocol: \"sqs\",\n endpoint: sqs_queue.arn,\n}, {\n provider: aws.sns2sqs,\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nconfig = pulumi.Config()\nsns = config.get_object(\"sns\")\nif sns is None:\n sns = {\n \"account-id\": \"111111111111\",\n \"role-name\": \"service/service\",\n \"name\": \"example-sns-topic\",\n \"display_name\": \"example\",\n \"region\": \"us-west-1\",\n }\nsqs = config.get_object(\"sqs\")\nif sqs is None:\n sqs = {\n \"account-id\": \"222222222222\",\n \"role-name\": \"service/service\",\n \"name\": \"example-sqs-queue\",\n \"region\": \"us-east-1\",\n }\nsns_topic_policy = aws.iam.get_policy_document(policy_id=\"__default_policy_ID\",\n statements=[\n aws.iam.GetPolicyDocumentStatementArgs(\n actions=[\n \"SNS:Subscribe\",\n \"SNS:SetTopicAttributes\",\n \"SNS:RemovePermission\",\n \"SNS:Publish\",\n \"SNS:ListSubscriptionsByTopic\",\n \"SNS:GetTopicAttributes\",\n \"SNS:DeleteTopic\",\n \"SNS:AddPermission\",\n ],\n conditions=[aws.iam.GetPolicyDocumentStatementConditionArgs(\n test=\"StringEquals\",\n variable=\"AWS:SourceOwner\",\n values=[sns[\"account-id\"]],\n )],\n effect=\"Allow\",\n principals=[aws.iam.GetPolicyDocumentStatementPrincipalArgs(\n type=\"AWS\",\n identifiers=[\"*\"],\n )],\n resources=[f\"arn:aws:sns:{sns['region']}:{sns['account-id']}:{sns['name']}\"],\n sid=\"__default_statement_ID\",\n ),\n aws.iam.GetPolicyDocumentStatementArgs(\n actions=[\n \"SNS:Subscribe\",\n \"SNS:Receive\",\n ],\n conditions=[aws.iam.GetPolicyDocumentStatementConditionArgs(\n test=\"StringLike\",\n variable=\"SNS:Endpoint\",\n values=[f\"arn:aws:sqs:{sqs['region']}:{sqs['account-id']}:{sqs['name']}\"],\n )],\n effect=\"Allow\",\n principals=[aws.iam.GetPolicyDocumentStatementPrincipalArgs(\n type=\"AWS\",\n identifiers=[\"*\"],\n )],\n resources=[f\"arn:aws:sns:{sns['region']}:{sns['account-id']}:{sns['name']}\"],\n sid=\"__console_sub_0\",\n ),\n ])\nsqs_queue_policy = aws.iam.get_policy_document(policy_id=f\"arn:aws:sqs:{sqs['region']}:{sqs['account-id']}:{sqs['name']}/SQSDefaultPolicy\",\n statements=[aws.iam.GetPolicyDocumentStatementArgs(\n sid=\"example-sns-topic\",\n effect=\"Allow\",\n principals=[aws.iam.GetPolicyDocumentStatementPrincipalArgs(\n type=\"AWS\",\n identifiers=[\"*\"],\n )],\n actions=[\"SQS:SendMessage\"],\n resources=[f\"arn:aws:sqs:{sqs['region']}:{sqs['account-id']}:{sqs['name']}\"],\n conditions=[aws.iam.GetPolicyDocumentStatementConditionArgs(\n test=\"ArnEquals\",\n variable=\"aws:SourceArn\",\n values=[f\"arn:aws:sns:{sns['region']}:{sns['account-id']}:{sns['name']}\"],\n )],\n )])\n# provider to manage SNS topics\naws_sns = aws.Provider(\"awsSns\",\n region=sns[\"region\"],\n assume_role=aws.ProviderAssumeRoleArgs(\n role_arn=f\"arn:aws:iam::{sns['account-id']}:role/{sns['role-name']}\",\n session_name=f\"sns-{sns['region']}\",\n ))\n# provider to manage SQS queues\naws_sqs = aws.Provider(\"awsSqs\",\n region=sqs[\"region\"],\n assume_role=aws.ProviderAssumeRoleArgs(\n role_arn=f\"arn:aws:iam::{sqs['account-id']}:role/{sqs['role-name']}\",\n session_name=f\"sqs-{sqs['region']}\",\n ))\n# provider to subscribe SQS to SNS (using the SQS account but the SNS region)\nsns2sqs = aws.Provider(\"sns2sqs\",\n region=sns[\"region\"],\n assume_role=aws.ProviderAssumeRoleArgs(\n role_arn=f\"arn:aws:iam::{sqs['account-id']}:role/{sqs['role-name']}\",\n session_name=f\"sns2sqs-{sns['region']}\",\n ))\nsns_topic_topic = aws.sns.Topic(\"sns-topicTopic\",\n display_name=sns[\"display_name\"],\n policy=sns_topic_policy.json,\n opts=pulumi.ResourceOptions(provider=aws[\"sns\"]))\nsqs_queue = aws.sqs.Queue(\"sqs-queue\", policy=sqs_queue_policy.json,\nopts=pulumi.ResourceOptions(provider=aws[\"sqs\"]))\nsns_topic_topic_subscription = aws.sns.TopicSubscription(\"sns-topicTopicSubscription\",\n topic=sns_topic_topic.arn,\n protocol=\"sqs\",\n endpoint=sqs_queue.arn,\n opts=pulumi.ResourceOptions(provider=aws[\"sns2sqs\"]))\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var config = new Config();\n var sns = config.GetObject\u003cdynamic\u003e(\"sns\") ?? \n {\n { \"account-id\", \"111111111111\" },\n { \"role-name\", \"service/service\" },\n { \"name\", \"example-sns-topic\" },\n { \"display_name\", \"example\" },\n { \"region\", \"us-west-1\" },\n };\n var sqs = config.GetObject\u003cdynamic\u003e(\"sqs\") ?? \n {\n { \"account-id\", \"222222222222\" },\n { \"role-name\", \"service/service\" },\n { \"name\", \"example-sqs-queue\" },\n { \"region\", \"us-east-1\" },\n };\n var sns_topic_policy = Aws.Iam.GetPolicyDocument.Invoke(new()\n {\n PolicyId = \"__default_policy_ID\",\n Statements = new[]\n {\n new Aws.Iam.Inputs.GetPolicyDocumentStatementInputArgs\n {\n Actions = new[]\n {\n \"SNS:Subscribe\",\n \"SNS:SetTopicAttributes\",\n \"SNS:RemovePermission\",\n \"SNS:Publish\",\n \"SNS:ListSubscriptionsByTopic\",\n \"SNS:GetTopicAttributes\",\n \"SNS:DeleteTopic\",\n \"SNS:AddPermission\",\n },\n Conditions = new[]\n {\n new Aws.Iam.Inputs.GetPolicyDocumentStatementConditionInputArgs\n {\n Test = \"StringEquals\",\n Variable = \"AWS:SourceOwner\",\n Values = new[]\n {\n sns.Account_id,\n },\n },\n },\n Effect = \"Allow\",\n Principals = new[]\n {\n new Aws.Iam.Inputs.GetPolicyDocumentStatementPrincipalInputArgs\n {\n Type = \"AWS\",\n Identifiers = new[]\n {\n \"*\",\n },\n },\n },\n Resources = new[]\n {\n $\"arn:aws:sns:{sns.Region}:{sns.Account_id}:{sns.Name}\",\n },\n Sid = \"__default_statement_ID\",\n },\n new Aws.Iam.Inputs.GetPolicyDocumentStatementInputArgs\n {\n Actions = new[]\n {\n \"SNS:Subscribe\",\n \"SNS:Receive\",\n },\n Conditions = new[]\n {\n new Aws.Iam.Inputs.GetPolicyDocumentStatementConditionInputArgs\n {\n Test = \"StringLike\",\n Variable = \"SNS:Endpoint\",\n Values = new[]\n {\n $\"arn:aws:sqs:{sqs.Region}:{sqs.Account_id}:{sqs.Name}\",\n },\n },\n },\n Effect = \"Allow\",\n Principals = new[]\n {\n new Aws.Iam.Inputs.GetPolicyDocumentStatementPrincipalInputArgs\n {\n Type = \"AWS\",\n Identifiers = new[]\n {\n \"*\",\n },\n },\n },\n Resources = new[]\n {\n $\"arn:aws:sns:{sns.Region}:{sns.Account_id}:{sns.Name}\",\n },\n Sid = \"__console_sub_0\",\n },\n },\n });\n\n var sqs_queue_policy = Aws.Iam.GetPolicyDocument.Invoke(new()\n {\n PolicyId = $\"arn:aws:sqs:{sqs.Region}:{sqs.Account_id}:{sqs.Name}/SQSDefaultPolicy\",\n Statements = new[]\n {\n new Aws.Iam.Inputs.GetPolicyDocumentStatementInputArgs\n {\n Sid = \"example-sns-topic\",\n Effect = \"Allow\",\n Principals = new[]\n {\n new Aws.Iam.Inputs.GetPolicyDocumentStatementPrincipalInputArgs\n {\n Type = \"AWS\",\n Identifiers = new[]\n {\n \"*\",\n },\n },\n },\n Actions = new[]\n {\n \"SQS:SendMessage\",\n },\n Resources = new[]\n {\n $\"arn:aws:sqs:{sqs.Region}:{sqs.Account_id}:{sqs.Name}\",\n },\n Conditions = new[]\n {\n new Aws.Iam.Inputs.GetPolicyDocumentStatementConditionInputArgs\n {\n Test = \"ArnEquals\",\n Variable = \"aws:SourceArn\",\n Values = new[]\n {\n $\"arn:aws:sns:{sns.Region}:{sns.Account_id}:{sns.Name}\",\n },\n },\n },\n },\n },\n });\n\n // provider to manage SNS topics\n var awsSns = new Aws.Provider(\"awsSns\", new()\n {\n Region = sns.Region,\n AssumeRole = new Aws.Inputs.ProviderAssumeRoleArgs\n {\n RoleArn = $\"arn:aws:iam::{sns.Account_id}:role/{sns.Role_name}\",\n SessionName = $\"sns-{sns.Region}\",\n },\n });\n\n // provider to manage SQS queues\n var awsSqs = new Aws.Provider(\"awsSqs\", new()\n {\n Region = sqs.Region,\n AssumeRole = new Aws.Inputs.ProviderAssumeRoleArgs\n {\n RoleArn = $\"arn:aws:iam::{sqs.Account_id}:role/{sqs.Role_name}\",\n SessionName = $\"sqs-{sqs.Region}\",\n },\n });\n\n // provider to subscribe SQS to SNS (using the SQS account but the SNS region)\n var sns2sqs = new Aws.Provider(\"sns2sqs\", new()\n {\n Region = sns.Region,\n AssumeRole = new Aws.Inputs.ProviderAssumeRoleArgs\n {\n RoleArn = $\"arn:aws:iam::{sqs.Account_id}:role/{sqs.Role_name}\",\n SessionName = $\"sns2sqs-{sns.Region}\",\n },\n });\n\n var sns_topicTopic = new Aws.Sns.Topic(\"sns-topicTopic\", new()\n {\n DisplayName = sns.Display_name,\n Policy = sns_topic_policy.Apply(sns_topic_policy =\u003e sns_topic_policy.Apply(getPolicyDocumentResult =\u003e getPolicyDocumentResult.Json)),\n }, new CustomResourceOptions\n {\n Provider = aws.Sns,\n });\n\n var sqs_queue = new Aws.Sqs.Queue(\"sqs-queue\", new()\n {\n Policy = sqs_queue_policy.Apply(sqs_queue_policy =\u003e sqs_queue_policy.Apply(getPolicyDocumentResult =\u003e getPolicyDocumentResult.Json)),\n }, new CustomResourceOptions\n {\n Provider = aws.Sqs,\n });\n\n var sns_topicTopicSubscription = new Aws.Sns.TopicSubscription(\"sns-topicTopicSubscription\", new()\n {\n Topic = sns_topicTopic.Arn,\n Protocol = \"sqs\",\n Endpoint = sqs_queue.Arn,\n }, new CustomResourceOptions\n {\n Provider = aws.Sns2sqs,\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"fmt\"\n\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws\"\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/iam\"\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/sns\"\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/sqs\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi/config\"\n)\nfunc main() {\npulumi.Run(func(ctx *pulumi.Context) error {\ncfg := config.New(ctx, \"\")\nsns := map[string]interface{}{\n\"account-id\": \"111111111111\",\n\"role-name\": \"service/service\",\n\"name\": \"example-sns-topic\",\n\"display_name\": \"example\",\n\"region\": \"us-west-1\",\n};\nif param := cfg.GetBool(\"sns\"); param != nil {\nsns = param\n}\nsqs := map[string]interface{}{\n\"account-id\": \"222222222222\",\n\"role-name\": \"service/service\",\n\"name\": \"example-sqs-queue\",\n\"region\": \"us-east-1\",\n};\nif param := cfg.GetBool(\"sqs\"); param != nil {\nsqs = param\n}\nsns_topic_policy, err := iam.GetPolicyDocument(ctx, \u0026iam.GetPolicyDocumentArgs{\nPolicyId: pulumi.StringRef(\"__default_policy_ID\"),\nStatements: []iam.GetPolicyDocumentStatement{\n{\nActions: []string{\n\"SNS:Subscribe\",\n\"SNS:SetTopicAttributes\",\n\"SNS:RemovePermission\",\n\"SNS:Publish\",\n\"SNS:ListSubscriptionsByTopic\",\n\"SNS:GetTopicAttributes\",\n\"SNS:DeleteTopic\",\n\"SNS:AddPermission\",\n},\nConditions: []iam.GetPolicyDocumentStatementCondition{\n{\nTest: \"StringEquals\",\nVariable: \"AWS:SourceOwner\",\nValues: interface{}{\nsns.AccountId,\n},\n},\n},\nEffect: pulumi.StringRef(\"Allow\"),\nPrincipals: []iam.GetPolicyDocumentStatementPrincipal{\n{\nType: \"AWS\",\nIdentifiers: []string{\n\"*\",\n},\n},\n},\nResources: []string{\nfmt.Sprintf(\"arn:aws:sns:%v:%v:%v\", sns.Region, sns.AccountId, sns.Name),\n},\nSid: pulumi.StringRef(\"__default_statement_ID\"),\n},\n{\nActions: []string{\n\"SNS:Subscribe\",\n\"SNS:Receive\",\n},\nConditions: []iam.GetPolicyDocumentStatementCondition{\n{\nTest: \"StringLike\",\nVariable: \"SNS:Endpoint\",\nValues: []string{\nfmt.Sprintf(\"arn:aws:sqs:%v:%v:%v\", sqs.Region, sqs.AccountId, sqs.Name),\n},\n},\n},\nEffect: pulumi.StringRef(\"Allow\"),\nPrincipals: []iam.GetPolicyDocumentStatementPrincipal{\n{\nType: \"AWS\",\nIdentifiers: []string{\n\"*\",\n},\n},\n},\nResources: []string{\nfmt.Sprintf(\"arn:aws:sns:%v:%v:%v\", sns.Region, sns.AccountId, sns.Name),\n},\nSid: pulumi.StringRef(\"__console_sub_0\"),\n},\n},\n}, nil);\nif err != nil {\nreturn err\n}\nsqs_queue_policy, err := iam.GetPolicyDocument(ctx, \u0026iam.GetPolicyDocumentArgs{\nPolicyId: pulumi.StringRef(fmt.Sprintf(\"arn:aws:sqs:%v:%v:%v/SQSDefaultPolicy\", sqs.Region, sqs.AccountId, sqs.Name)),\nStatements: []iam.GetPolicyDocumentStatement{\n{\nSid: pulumi.StringRef(\"example-sns-topic\"),\nEffect: pulumi.StringRef(\"Allow\"),\nPrincipals: []iam.GetPolicyDocumentStatementPrincipal{\n{\nType: \"AWS\",\nIdentifiers: []string{\n\"*\",\n},\n},\n},\nActions: []string{\n\"SQS:SendMessage\",\n},\nResources: []string{\nfmt.Sprintf(\"arn:aws:sqs:%v:%v:%v\", sqs.Region, sqs.AccountId, sqs.Name),\n},\nConditions: []iam.GetPolicyDocumentStatementCondition{\n{\nTest: \"ArnEquals\",\nVariable: \"aws:SourceArn\",\nValues: []string{\nfmt.Sprintf(\"arn:aws:sns:%v:%v:%v\", sns.Region, sns.AccountId, sns.Name),\n},\n},\n},\n},\n},\n}, nil);\nif err != nil {\nreturn err\n}\n_, err = aws.NewProvider(ctx, \"awsSns\", \u0026aws.ProviderArgs{\nRegion: *pulumi.String(sns.Region),\nAssumeRole: \u0026aws.ProviderAssumeRoleArgs{\nRoleArn: pulumi.String(fmt.Sprintf(\"arn:aws:iam::%v:role/%v\", sns.AccountId, sns.RoleName)),\nSessionName: pulumi.String(fmt.Sprintf(\"sns-%v\", sns.Region)),\n},\n})\nif err != nil {\nreturn err\n}\n_, err = aws.NewProvider(ctx, \"awsSqs\", \u0026aws.ProviderArgs{\nRegion: *pulumi.String(sqs.Region),\nAssumeRole: \u0026aws.ProviderAssumeRoleArgs{\nRoleArn: pulumi.String(fmt.Sprintf(\"arn:aws:iam::%v:role/%v\", sqs.AccountId, sqs.RoleName)),\nSessionName: pulumi.String(fmt.Sprintf(\"sqs-%v\", sqs.Region)),\n},\n})\nif err != nil {\nreturn err\n}\n_, err = aws.NewProvider(ctx, \"sns2sqs\", \u0026aws.ProviderArgs{\nRegion: *pulumi.String(sns.Region),\nAssumeRole: \u0026aws.ProviderAssumeRoleArgs{\nRoleArn: pulumi.String(fmt.Sprintf(\"arn:aws:iam::%v:role/%v\", sqs.AccountId, sqs.RoleName)),\nSessionName: pulumi.String(fmt.Sprintf(\"sns2sqs-%v\", sns.Region)),\n},\n})\nif err != nil {\nreturn err\n}\n_, err = sns.NewTopic(ctx, \"sns-topicTopic\", \u0026sns.TopicArgs{\nDisplayName: *pulumi.String(sns.Display_name),\nPolicy: *pulumi.String(sns_topic_policy.Json),\n}, pulumi.Provider(aws.Sns))\nif err != nil {\nreturn err\n}\n_, err = sqs.NewQueue(ctx, \"sqs-queue\", \u0026sqs.QueueArgs{\nPolicy: *pulumi.String(sqs_queue_policy.Json),\n}, pulumi.Provider(aws.Sqs))\nif err != nil {\nreturn err\n}\n_, err = sns.NewTopicSubscription(ctx, \"sns-topicTopicSubscription\", \u0026sns.TopicSubscriptionArgs{\nTopic: sns_topicTopic.Arn,\nProtocol: pulumi.String(\"sqs\"),\nEndpoint: sqs_queue.Arn,\n}, pulumi.Provider(aws.Sns2sqs))\nif err != nil {\nreturn err\n}\nreturn nil\n})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.aws.iam.IamFunctions;\nimport com.pulumi.aws.iam.inputs.GetPolicyDocumentArgs;\nimport com.pulumi.aws.Provider;\nimport com.pulumi.aws.ProviderArgs;\nimport com.pulumi.aws.inputs.ProviderAssumeRoleArgs;\nimport com.pulumi.aws.sns.Topic;\nimport com.pulumi.aws.sns.TopicArgs;\nimport com.pulumi.aws.sqs.Queue;\nimport com.pulumi.aws.sqs.QueueArgs;\nimport com.pulumi.aws.sns.TopicSubscription;\nimport com.pulumi.aws.sns.TopicSubscriptionArgs;\nimport com.pulumi.resources.CustomResourceOptions;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var config = ctx.config();\n final var sns = config.get(\"sns\").orElse(%!v(PANIC=Format method: runtime error: invalid memory address or nil pointer dereference));\n final var sqs = config.get(\"sqs\").orElse(%!v(PANIC=Format method: runtime error: invalid memory address or nil pointer dereference));\n final var sns-topic-policy = IamFunctions.getPolicyDocument(GetPolicyDocumentArgs.builder()\n .policyId(\"__default_policy_ID\")\n .statements( \n GetPolicyDocumentStatementArgs.builder()\n .actions( \n \"SNS:Subscribe\",\n \"SNS:SetTopicAttributes\",\n \"SNS:RemovePermission\",\n \"SNS:Publish\",\n \"SNS:ListSubscriptionsByTopic\",\n \"SNS:GetTopicAttributes\",\n \"SNS:DeleteTopic\",\n \"SNS:AddPermission\")\n .conditions(GetPolicyDocumentStatementConditionArgs.builder()\n .test(\"StringEquals\")\n .variable(\"AWS:SourceOwner\")\n .values(sns.account-id())\n .build())\n .effect(\"Allow\")\n .principals(GetPolicyDocumentStatementPrincipalArgs.builder()\n .type(\"AWS\")\n .identifiers(\"*\")\n .build())\n .resources(String.format(\"arn:aws:sns:%s:%s:%s\", sns.region(),sns.account-id(),sns.name()))\n .sid(\"__default_statement_ID\")\n .build(),\n GetPolicyDocumentStatementArgs.builder()\n .actions( \n \"SNS:Subscribe\",\n \"SNS:Receive\")\n .conditions(GetPolicyDocumentStatementConditionArgs.builder()\n .test(\"StringLike\")\n .variable(\"SNS:Endpoint\")\n .values(String.format(\"arn:aws:sqs:%s:%s:%s\", sqs.region(),sqs.account-id(),sqs.name()))\n .build())\n .effect(\"Allow\")\n .principals(GetPolicyDocumentStatementPrincipalArgs.builder()\n .type(\"AWS\")\n .identifiers(\"*\")\n .build())\n .resources(String.format(\"arn:aws:sns:%s:%s:%s\", sns.region(),sns.account-id(),sns.name()))\n .sid(\"__console_sub_0\")\n .build())\n .build());\n\n final var sqs-queue-policy = IamFunctions.getPolicyDocument(GetPolicyDocumentArgs.builder()\n .policyId(String.format(\"arn:aws:sqs:%s:%s:%s/SQSDefaultPolicy\", sqs.region(),sqs.account-id(),sqs.name()))\n .statements(GetPolicyDocumentStatementArgs.builder()\n .sid(\"example-sns-topic\")\n .effect(\"Allow\")\n .principals(GetPolicyDocumentStatementPrincipalArgs.builder()\n .type(\"AWS\")\n .identifiers(\"*\")\n .build())\n .actions(\"SQS:SendMessage\")\n .resources(String.format(\"arn:aws:sqs:%s:%s:%s\", sqs.region(),sqs.account-id(),sqs.name()))\n .conditions(GetPolicyDocumentStatementConditionArgs.builder()\n .test(\"ArnEquals\")\n .variable(\"aws:SourceArn\")\n .values(String.format(\"arn:aws:sns:%s:%s:%s\", sns.region(),sns.account-id(),sns.name()))\n .build())\n .build())\n .build());\n\n var awsSns = new Provider(\"awsSns\", ProviderArgs.builder() \n .region(sns.region())\n .assumeRole(ProviderAssumeRoleArgs.builder()\n .roleArn(String.format(\"arn:aws:iam::%s:role/%s\", sns.account-id(),sns.role-name()))\n .sessionName(String.format(\"sns-%s\", sns.region()))\n .build())\n .build());\n\n var awsSqs = new Provider(\"awsSqs\", ProviderArgs.builder() \n .region(sqs.region())\n .assumeRole(ProviderAssumeRoleArgs.builder()\n .roleArn(String.format(\"arn:aws:iam::%s:role/%s\", sqs.account-id(),sqs.role-name()))\n .sessionName(String.format(\"sqs-%s\", sqs.region()))\n .build())\n .build());\n\n var sns2sqs = new Provider(\"sns2sqs\", ProviderArgs.builder() \n .region(sns.region())\n .assumeRole(ProviderAssumeRoleArgs.builder()\n .roleArn(String.format(\"arn:aws:iam::%s:role/%s\", sqs.account-id(),sqs.role-name()))\n .sessionName(String.format(\"sns2sqs-%s\", sns.region()))\n .build())\n .build());\n\n var sns_topicTopic = new Topic(\"sns-topicTopic\", TopicArgs.builder() \n .displayName(sns.display_name())\n .policy(sns_topic_policy.json())\n .build(), CustomResourceOptions.builder()\n .provider(aws.sns())\n .build());\n\n var sqs_queue = new Queue(\"sqs-queue\", QueueArgs.builder() \n .policy(sqs_queue_policy.json())\n .build(), CustomResourceOptions.builder()\n .provider(aws.sqs())\n .build());\n\n var sns_topicTopicSubscription = new TopicSubscription(\"sns-topicTopicSubscription\", TopicSubscriptionArgs.builder() \n .topic(sns_topicTopic.arn())\n .protocol(\"sqs\")\n .endpoint(sqs_queue.arn())\n .build(), CustomResourceOptions.builder()\n .provider(aws.sns2sqs())\n .build());\n\n }\n}\n```\n```yaml\nconfiguration:\n sns:\n type: object({account-id = union(none, string), display_name = union(none, string), name = union(none, string), region = union(none, string), role-name = union(none, string)})\n default:\n account-id: '111111111111'\n role-name: service/service\n name: example-sns-topic\n display_name: example\n region: us-west-1\n sqs:\n type: object({account-id = union(none, string), name = union(none, string), region = union(none, string), role-name = union(none, string)})\n default:\n account-id: '222222222222'\n role-name: service/service\n name: example-sqs-queue\n region: us-east-1\nresources:\n # provider to manage SNS topics\n awsSns:\n type: pulumi:providers:aws\n properties:\n region: ${sns.region}\n assumeRole:\n roleArn: arn:aws:iam::${sns\"account-id\"[%!s(MISSING)]}:role/${sns\"role-name\"[%!s(MISSING)]}\n sessionName: sns-${sns.region}\n # provider to manage SQS queues\n awsSqs:\n type: pulumi:providers:aws\n properties:\n region: ${sqs.region}\n assumeRole:\n roleArn: arn:aws:iam::${sqs\"account-id\"[%!s(MISSING)]}:role/${sqs\"role-name\"[%!s(MISSING)]}\n sessionName: sqs-${sqs.region}\n # provider to subscribe SQS to SNS (using the SQS account but the SNS region)\n sns2sqs:\n type: pulumi:providers:aws\n properties:\n region: ${sns.region}\n assumeRole:\n roleArn: arn:aws:iam::${sqs\"account-id\"[%!s(MISSING)]}:role/${sqs\"role-name\"[%!s(MISSING)]}\n sessionName: sns2sqs-${sns.region}\n sns-topicTopic:\n type: aws:sns:Topic\n properties:\n displayName: ${sns.display_name}\n policy: ${[\"sns-topic-policy\"].json}\n options:\n provider: ${aws.sns}\n sqs-queue:\n type: aws:sqs:Queue\n properties:\n policy: ${[\"sqs-queue-policy\"].json}\n options:\n provider: ${aws.sqs}\n sns-topicTopicSubscription:\n type: aws:sns:TopicSubscription\n properties:\n topic: ${[\"sns-topicTopic\"].arn}\n protocol: sqs\n endpoint: ${[\"sqs-queue\"].arn}\n options:\n provider: ${aws.sns2sqs}\nvariables:\n sns-topic-policy:\n fn::invoke:\n Function: aws:iam:getPolicyDocument\n Arguments:\n policyId: __default_policy_ID\n statements:\n - actions:\n - SNS:Subscribe\n - SNS:SetTopicAttributes\n - SNS:RemovePermission\n - SNS:Publish\n - SNS:ListSubscriptionsByTopic\n - SNS:GetTopicAttributes\n - SNS:DeleteTopic\n - SNS:AddPermission\n conditions:\n - test: StringEquals\n variable: AWS:SourceOwner\n values:\n - ${sns\"account-id\"[%!s(MISSING)]}\n effect: Allow\n principals:\n - type: AWS\n identifiers:\n - '*'\n resources:\n - arn:aws:sns:${sns.region}:${sns\"account-id\"[%!s(MISSING)]}:${sns.name}\n sid: __default_statement_ID\n - actions:\n - SNS:Subscribe\n - SNS:Receive\n conditions:\n - test: StringLike\n variable: SNS:Endpoint\n values:\n - arn:aws:sqs:${sqs.region}:${sqs\"account-id\"[%!s(MISSING)]}:${sqs.name}\n effect: Allow\n principals:\n - type: AWS\n identifiers:\n - '*'\n resources:\n - arn:aws:sns:${sns.region}:${sns\"account-id\"[%!s(MISSING)]}:${sns.name}\n sid: __console_sub_0\n sqs-queue-policy:\n fn::invoke:\n Function: aws:iam:getPolicyDocument\n Arguments:\n policyId: arn:aws:sqs:${sqs.region}:${sqs\"account-id\"[%!s(MISSING)]}:${sqs.name}/SQSDefaultPolicy\n statements:\n - sid: example-sns-topic\n effect: Allow\n principals:\n - type: AWS\n identifiers:\n - '*'\n actions:\n - SQS:SendMessage\n resources:\n - arn:aws:sqs:${sqs.region}:${sqs\"account-id\"[%!s(MISSING)]}:${sqs.name}\n conditions:\n - test: ArnEquals\n variable: aws:SourceArn\n values:\n - arn:aws:sns:${sns.region}:${sns\"account-id\"[%!s(MISSING)]}:${sns.name}\n```\n{{% /example %}}\n{{% /examples %}}\n\n## Import\n\nterraform import {\n\n to = aws_sns_topic_subscription.user_updates_sqs_target\n\n id = \"arn:aws:sns:us-west-2:0123456789012:my-topic:8a21d249-4329-4871-acc6-7be709c6ea7f\" } Using `pulumi import`, import SNS Topic Subscriptions using the subscription `arn`. For exampleconsole % pulumi import aws_sns_topic_subscription.user_updates_sqs_target arn:aws:sns:us-west-2:0123456789012:my-topic:8a21d249-4329-4871-acc6-7be709c6ea7f ", "properties": { "arn": { "type": "string", @@ -288000,7 +287997,7 @@ } }, "aws:sqs/queuePolicy:QueuePolicy": { - "description": "Allows you to set a policy of an SQS Queue\nwhile referencing ARN of the queue within the policy.\n\n{{% examples %}}\n## Example Usage\n{{% example %}}\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst queue = new aws.sqs.Queue(\"queue\", {});\nconst testPolicyDocument = queue.arn.apply(arn =\u003e aws.iam.getPolicyDocumentOutput({\n statements: [{\n sid: \"First\",\n effect: \"Allow\",\n principals: [{\n type: \"*\",\n identifiers: [\"*\"],\n }],\n actions: [\"sqs:SendMessage\"],\n resources: [arn],\n conditions: [{\n test: \"ArnEquals\",\n variable: \"aws:SourceArn\",\n values: [aws_sns_topic.example.arn],\n }],\n }],\n}));\nconst testQueuePolicy = new aws.sqs.QueuePolicy(\"testQueuePolicy\", {\n queueUrl: queue.id,\n policy: testPolicyDocument.apply(testPolicyDocument =\u003e testPolicyDocument.json),\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nqueue = aws.sqs.Queue(\"queue\")\ntest_policy_document = queue.arn.apply(lambda arn: aws.iam.get_policy_document_output(statements=[aws.iam.GetPolicyDocumentStatementArgs(\n sid=\"First\",\n effect=\"Allow\",\n principals=[aws.iam.GetPolicyDocumentStatementPrincipalArgs(\n type=\"*\",\n identifiers=[\"*\"],\n )],\n actions=[\"sqs:SendMessage\"],\n resources=[arn],\n conditions=[aws.iam.GetPolicyDocumentStatementConditionArgs(\n test=\"ArnEquals\",\n variable=\"aws:SourceArn\",\n values=[aws_sns_topic[\"example\"][\"arn\"]],\n )],\n)]))\ntest_queue_policy = aws.sqs.QueuePolicy(\"testQueuePolicy\",\n queue_url=queue.id,\n policy=test_policy_document.json)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var queue = new Aws.Sqs.Queue(\"queue\");\n\n var testPolicyDocument = Aws.Iam.GetPolicyDocument.Invoke(new()\n {\n Statements = new[]\n {\n new Aws.Iam.Inputs.GetPolicyDocumentStatementInputArgs\n {\n Sid = \"First\",\n Effect = \"Allow\",\n Principals = new[]\n {\n new Aws.Iam.Inputs.GetPolicyDocumentStatementPrincipalInputArgs\n {\n Type = \"*\",\n Identifiers = new[]\n {\n \"*\",\n },\n },\n },\n Actions = new[]\n {\n \"sqs:SendMessage\",\n },\n Resources = new[]\n {\n queue.Arn,\n },\n Conditions = new[]\n {\n new Aws.Iam.Inputs.GetPolicyDocumentStatementConditionInputArgs\n {\n Test = \"ArnEquals\",\n Variable = \"aws:SourceArn\",\n Values = new[]\n {\n aws_sns_topic.Example.Arn,\n },\n },\n },\n },\n },\n });\n\n var testQueuePolicy = new Aws.Sqs.QueuePolicy(\"testQueuePolicy\", new()\n {\n QueueUrl = queue.Id,\n Policy = testPolicyDocument.Apply(getPolicyDocumentResult =\u003e getPolicyDocumentResult.Json),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\n\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/iam\"\n\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/sqs\"\n)\nfunc main() {\npulumi.Run(func(ctx *pulumi.Context) error {\nqueue, err := sqs.NewQueue(ctx, \"queue\", nil)\nif err != nil {\nreturn err\n}\ntestPolicyDocument := queue.Arn.ApplyT(func(arn string) (iam.GetPolicyDocumentResult, error) {\nreturn iam.GetPolicyDocumentOutput(ctx, iam.GetPolicyDocumentOutputArgs{\nStatements: []iam.GetPolicyDocumentStatement{\n{\nSid: \"First\",\nEffect: \"Allow\",\nPrincipals: []iam.GetPolicyDocumentStatementPrincipal{\n{\nType: \"*\",\nIdentifiers: []string{\n\"*\",\n},\n},\n},\nActions: []string{\n\"sqs:SendMessage\",\n},\nResources: []string{\narn,\n},\nConditions: []iam.GetPolicyDocumentStatementCondition{\n{\nTest: \"ArnEquals\",\nVariable: \"aws:SourceArn\",\nValues: interface{}{\naws_sns_topic.Example.Arn,\n},\n},\n},\n},\n},\n}, nil), nil\n}).(iam.GetPolicyDocumentResultOutput)\n_, err = sqs.NewQueuePolicy(ctx, \"testQueuePolicy\", \u0026sqs.QueuePolicyArgs{\nQueueUrl: queue.ID(),\nPolicy: testPolicyDocument.ApplyT(func(testPolicyDocument iam.GetPolicyDocumentResult) (*string, error) {\nreturn \u0026testPolicyDocument.Json, nil\n}).(pulumi.StringPtrOutput),\n})\nif err != nil {\nreturn err\n}\nreturn nil\n})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.aws.sqs.Queue;\nimport com.pulumi.aws.iam.IamFunctions;\nimport com.pulumi.aws.iam.inputs.GetPolicyDocumentArgs;\nimport com.pulumi.aws.sqs.QueuePolicy;\nimport com.pulumi.aws.sqs.QueuePolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var queue = new Queue(\"queue\");\n\n final var testPolicyDocument = IamFunctions.getPolicyDocument(GetPolicyDocumentArgs.builder()\n .statements(GetPolicyDocumentStatementArgs.builder()\n .sid(\"First\")\n .effect(\"Allow\")\n .principals(GetPolicyDocumentStatementPrincipalArgs.builder()\n .type(\"*\")\n .identifiers(\"*\")\n .build())\n .actions(\"sqs:SendMessage\")\n .resources(queue.arn())\n .conditions(GetPolicyDocumentStatementConditionArgs.builder()\n .test(\"ArnEquals\")\n .variable(\"aws:SourceArn\")\n .values(aws_sns_topic.example().arn())\n .build())\n .build())\n .build());\n\n var testQueuePolicy = new QueuePolicy(\"testQueuePolicy\", QueuePolicyArgs.builder() \n .queueUrl(queue.id())\n .policy(testPolicyDocument.applyValue(getPolicyDocumentResult -\u003e getPolicyDocumentResult).applyValue(testPolicyDocument -\u003e testPolicyDocument.applyValue(getPolicyDocumentResult -\u003e getPolicyDocumentResult.json())))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n queue:\n type: aws:sqs:Queue\n testQueuePolicy:\n type: aws:sqs:QueuePolicy\n properties:\n queueUrl: ${queue.id}\n policy: ${testPolicyDocument.json}\nvariables:\n testPolicyDocument:\n fn::invoke:\n Function: aws:iam:getPolicyDocument\n Arguments:\n statements:\n - sid: First\n effect: Allow\n principals:\n - type: '*'\n identifiers:\n - '*'\n actions:\n - sqs:SendMessage\n resources:\n - ${queue.arn}\n conditions:\n - test: ArnEquals\n variable: aws:SourceArn\n values:\n - ${aws_sns_topic.example.arn}\n```\n{{% /example %}}\n{{% /examples %}}\n\n## Import\n\nterraform import {\n\n to = aws_sqs_queue_policy.test\n\n id = \"https://queue.amazonaws.com/0123456789012/myqueue\" } Using `pulumi import`, import SQS Queue Policies using the queue URL. For exampleconsole % pulumi import aws_sqs_queue_policy.test https://queue.amazonaws.com/0123456789012/myqueue ", + "description": "Allows you to set a policy of an SQS Queue\nwhile referencing ARN of the queue within the policy.\n\n{{% examples %}}\n## Example Usage\n{{% example %}}\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst queue = new aws.sqs.Queue(\"queue\", {});\nconst testPolicyDocument = queue.arn.apply(arn =\u003e aws.iam.getPolicyDocumentOutput({\n statements: [{\n sid: \"First\",\n effect: \"Allow\",\n principals: [{\n type: \"*\",\n identifiers: [\"*\"],\n }],\n actions: [\"sqs:SendMessage\"],\n resources: [arn],\n conditions: [{\n test: \"ArnEquals\",\n variable: \"aws:SourceArn\",\n values: [aws_sns_topic.example.arn],\n }],\n }],\n}));\nconst testQueuePolicy = new aws.sqs.QueuePolicy(\"testQueuePolicy\", {\n queueUrl: queue.id,\n policy: testPolicyDocument.apply(testPolicyDocument =\u003e testPolicyDocument.json),\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nqueue = aws.sqs.Queue(\"queue\")\ntest_policy_document = queue.arn.apply(lambda arn: aws.iam.get_policy_document_output(statements=[aws.iam.GetPolicyDocumentStatementArgs(\n sid=\"First\",\n effect=\"Allow\",\n principals=[aws.iam.GetPolicyDocumentStatementPrincipalArgs(\n type=\"*\",\n identifiers=[\"*\"],\n )],\n actions=[\"sqs:SendMessage\"],\n resources=[arn],\n conditions=[aws.iam.GetPolicyDocumentStatementConditionArgs(\n test=\"ArnEquals\",\n variable=\"aws:SourceArn\",\n values=[aws_sns_topic[\"example\"][\"arn\"]],\n )],\n)]))\ntest_queue_policy = aws.sqs.QueuePolicy(\"testQueuePolicy\",\n queue_url=queue.id,\n policy=test_policy_document.json)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var queue = new Aws.Sqs.Queue(\"queue\");\n\n var testPolicyDocument = Aws.Iam.GetPolicyDocument.Invoke(new()\n {\n Statements = new[]\n {\n new Aws.Iam.Inputs.GetPolicyDocumentStatementInputArgs\n {\n Sid = \"First\",\n Effect = \"Allow\",\n Principals = new[]\n {\n new Aws.Iam.Inputs.GetPolicyDocumentStatementPrincipalInputArgs\n {\n Type = \"*\",\n Identifiers = new[]\n {\n \"*\",\n },\n },\n },\n Actions = new[]\n {\n \"sqs:SendMessage\",\n },\n Resources = new[]\n {\n queue.Arn,\n },\n Conditions = new[]\n {\n new Aws.Iam.Inputs.GetPolicyDocumentStatementConditionInputArgs\n {\n Test = \"ArnEquals\",\n Variable = \"aws:SourceArn\",\n Values = new[]\n {\n aws_sns_topic.Example.Arn,\n },\n },\n },\n },\n },\n });\n\n var testQueuePolicy = new Aws.Sqs.QueuePolicy(\"testQueuePolicy\", new()\n {\n QueueUrl = queue.Id,\n Policy = testPolicyDocument.Apply(getPolicyDocumentResult =\u003e getPolicyDocumentResult.Json),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/iam\"\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/sqs\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\nfunc main() {\npulumi.Run(func(ctx *pulumi.Context) error {\nqueue, err := sqs.NewQueue(ctx, \"queue\", nil)\nif err != nil {\nreturn err\n}\ntestPolicyDocument := queue.Arn.ApplyT(func(arn string) (iam.GetPolicyDocumentResult, error) {\nreturn iam.GetPolicyDocumentOutput(ctx, iam.GetPolicyDocumentOutputArgs{\nStatements: []iam.GetPolicyDocumentStatement{\n{\nSid: \"First\",\nEffect: \"Allow\",\nPrincipals: []iam.GetPolicyDocumentStatementPrincipal{\n{\nType: \"*\",\nIdentifiers: []string{\n\"*\",\n},\n},\n},\nActions: []string{\n\"sqs:SendMessage\",\n},\nResources: []string{\narn,\n},\nConditions: []iam.GetPolicyDocumentStatementCondition{\n{\nTest: \"ArnEquals\",\nVariable: \"aws:SourceArn\",\nValues: interface{}{\naws_sns_topic.Example.Arn,\n},\n},\n},\n},\n},\n}, nil), nil\n}).(iam.GetPolicyDocumentResultOutput)\n_, err = sqs.NewQueuePolicy(ctx, \"testQueuePolicy\", \u0026sqs.QueuePolicyArgs{\nQueueUrl: queue.ID(),\nPolicy: testPolicyDocument.ApplyT(func(testPolicyDocument iam.GetPolicyDocumentResult) (*string, error) {\nreturn \u0026testPolicyDocument.Json, nil\n}).(pulumi.StringPtrOutput),\n})\nif err != nil {\nreturn err\n}\nreturn nil\n})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.aws.sqs.Queue;\nimport com.pulumi.aws.iam.IamFunctions;\nimport com.pulumi.aws.iam.inputs.GetPolicyDocumentArgs;\nimport com.pulumi.aws.sqs.QueuePolicy;\nimport com.pulumi.aws.sqs.QueuePolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var queue = new Queue(\"queue\");\n\n final var testPolicyDocument = IamFunctions.getPolicyDocument(GetPolicyDocumentArgs.builder()\n .statements(GetPolicyDocumentStatementArgs.builder()\n .sid(\"First\")\n .effect(\"Allow\")\n .principals(GetPolicyDocumentStatementPrincipalArgs.builder()\n .type(\"*\")\n .identifiers(\"*\")\n .build())\n .actions(\"sqs:SendMessage\")\n .resources(queue.arn())\n .conditions(GetPolicyDocumentStatementConditionArgs.builder()\n .test(\"ArnEquals\")\n .variable(\"aws:SourceArn\")\n .values(aws_sns_topic.example().arn())\n .build())\n .build())\n .build());\n\n var testQueuePolicy = new QueuePolicy(\"testQueuePolicy\", QueuePolicyArgs.builder() \n .queueUrl(queue.id())\n .policy(testPolicyDocument.applyValue(getPolicyDocumentResult -\u003e getPolicyDocumentResult).applyValue(testPolicyDocument -\u003e testPolicyDocument.applyValue(getPolicyDocumentResult -\u003e getPolicyDocumentResult.json())))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n queue:\n type: aws:sqs:Queue\n testQueuePolicy:\n type: aws:sqs:QueuePolicy\n properties:\n queueUrl: ${queue.id}\n policy: ${testPolicyDocument.json}\nvariables:\n testPolicyDocument:\n fn::invoke:\n Function: aws:iam:getPolicyDocument\n Arguments:\n statements:\n - sid: First\n effect: Allow\n principals:\n - type: '*'\n identifiers:\n - '*'\n actions:\n - sqs:SendMessage\n resources:\n - ${queue.arn}\n conditions:\n - test: ArnEquals\n variable: aws:SourceArn\n values:\n - ${aws_sns_topic.example.arn}\n```\n{{% /example %}}\n{{% /examples %}}\n\n## Import\n\nterraform import {\n\n to = aws_sqs_queue_policy.test\n\n id = \"https://queue.amazonaws.com/0123456789012/myqueue\" } Using `pulumi import`, import SQS Queue Policies using the queue URL. For exampleconsole % pulumi import aws_sqs_queue_policy.test https://queue.amazonaws.com/0123456789012/myqueue ", "properties": { "policy": { "type": "string", @@ -300327,7 +300324,7 @@ } }, "aws:worklink/fleet:Fleet": { - "description": "{{% examples %}}\n## Example Usage\n{{% example %}}\n\nBasic usage:\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst example = new aws.worklink.Fleet(\"example\", {});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nexample = aws.worklink.Fleet(\"example\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var example = new Aws.WorkLink.Fleet(\"example\");\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/worklink\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := worklink.NewFleet(ctx, \"example\", nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.aws.worklink.Fleet;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var example = new Fleet(\"example\");\n\n }\n}\n```\n```yaml\nresources:\n example:\n type: aws:worklink:Fleet\n```\n\nNetwork Configuration Usage:\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst example = new aws.worklink.Fleet(\"example\", {network: {\n vpcId: aws_vpc.test.id,\n subnetIds: [aws_subnet.test.map(__item =\u003e __item.id)],\n securityGroupIds: [aws_security_group.test.id],\n}});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nexample = aws.worklink.Fleet(\"example\", network=aws.worklink.FleetNetworkArgs(\n vpc_id=aws_vpc[\"test\"][\"id\"],\n subnet_ids=[[__item[\"id\"] for __item in aws_subnet[\"test\"]]],\n security_group_ids=[aws_security_group[\"test\"][\"id\"]],\n))\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var example = new Aws.WorkLink.Fleet(\"example\", new()\n {\n Network = new Aws.WorkLink.Inputs.FleetNetworkArgs\n {\n VpcId = aws_vpc.Test.Id,\n SubnetIds = new[]\n {\n aws_subnet.Test.Select(__item =\u003e __item.Id).ToList(),\n },\n SecurityGroupIds = new[]\n {\n aws_security_group.Test.Id,\n },\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\n\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/worklink\"\n)\nfunc main() {\npulumi.Run(func(ctx *pulumi.Context) error {\n_, err := worklink.NewFleet(ctx, \"example\", \u0026worklink.FleetArgs{\nNetwork: \u0026worklink.FleetNetworkArgs{\nVpcId: pulumi.Any(aws_vpc.Test.Id),\nSubnetIds: pulumi.StringArray{\n%!v(PANIC=Format method: fatal: A failure has occurred: unlowered splat expression @ #-resources-aws:worklink-fleet:Fleet.pp:3,26-47),\n},\nSecurityGroupIds: pulumi.StringArray{\naws_security_group.Test.Id,\n},\n},\n})\nif err != nil {\nreturn err\n}\nreturn nil\n})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.aws.worklink.Fleet;\nimport com.pulumi.aws.worklink.FleetArgs;\nimport com.pulumi.aws.worklink.inputs.FleetNetworkArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var example = new Fleet(\"example\", FleetArgs.builder() \n .network(FleetNetworkArgs.builder()\n .vpcId(aws_vpc.test().id())\n .subnetIds(aws_subnet.test().stream().map(element -\u003e element.id()).collect(toList()))\n .securityGroupIds(aws_security_group.test().id())\n .build())\n .build());\n\n }\n}\n```\n\nIdentity Provider Configuration Usage:\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\nimport * as fs from \"fs\";\n\nconst test = new aws.worklink.Fleet(\"test\", {identityProvider: {\n type: \"SAML\",\n samlMetadata: fs.readFileSync(\"saml-metadata.xml\"),\n}});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\ntest = aws.worklink.Fleet(\"test\", identity_provider=aws.worklink.FleetIdentityProviderArgs(\n type=\"SAML\",\n saml_metadata=(lambda path: open(path).read())(\"saml-metadata.xml\"),\n))\n```\n```csharp\nusing System.Collections.Generic;\nusing System.IO;\nusing System.Linq;\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var test = new Aws.WorkLink.Fleet(\"test\", new()\n {\n IdentityProvider = new Aws.WorkLink.Inputs.FleetIdentityProviderArgs\n {\n Type = \"SAML\",\n SamlMetadata = File.ReadAllText(\"saml-metadata.xml\"),\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"os\"\n\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/worklink\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc readFileOrPanic(path string) pulumi.StringPtrInput {\n\tdata, err := os.ReadFile(path)\n\tif err != nil {\n\t\tpanic(err.Error())\n\t}\n\treturn pulumi.String(string(data))\n}\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := worklink.NewFleet(ctx, \"test\", \u0026worklink.FleetArgs{\n\t\t\tIdentityProvider: \u0026worklink.FleetIdentityProviderArgs{\n\t\t\t\tType: pulumi.String(\"SAML\"),\n\t\t\t\tSamlMetadata: readFileOrPanic(\"saml-metadata.xml\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.aws.worklink.Fleet;\nimport com.pulumi.aws.worklink.FleetArgs;\nimport com.pulumi.aws.worklink.inputs.FleetIdentityProviderArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var test = new Fleet(\"test\", FleetArgs.builder() \n .identityProvider(FleetIdentityProviderArgs.builder()\n .type(\"SAML\")\n .samlMetadata(Files.readString(Paths.get(\"saml-metadata.xml\")))\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n test:\n type: aws:worklink:Fleet\n properties:\n identityProvider:\n type: SAML\n samlMetadata:\n fn::readFile: saml-metadata.xml\n```\n{{% /example %}}\n{{% /examples %}}\n\n## Import\n\nterraform import {\n\n to = aws_worklink_fleet.test\n\n id = \"arn:aws:worklink::123456789012:fleet/example\" } Using `pulumi import`, import WorkLink using the ARN. For exampleconsole % pulumi import aws_worklink_fleet.test arn:aws:worklink::123456789012:fleet/example ", + "description": "{{% examples %}}\n## Example Usage\n{{% example %}}\n\nBasic usage:\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst example = new aws.worklink.Fleet(\"example\", {});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nexample = aws.worklink.Fleet(\"example\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var example = new Aws.WorkLink.Fleet(\"example\");\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/worklink\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := worklink.NewFleet(ctx, \"example\", nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.aws.worklink.Fleet;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var example = new Fleet(\"example\");\n\n }\n}\n```\n```yaml\nresources:\n example:\n type: aws:worklink:Fleet\n```\n\nNetwork Configuration Usage:\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst example = new aws.worklink.Fleet(\"example\", {network: {\n vpcId: aws_vpc.test.id,\n subnetIds: [aws_subnet.test.map(__item =\u003e __item.id)],\n securityGroupIds: [aws_security_group.test.id],\n}});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nexample = aws.worklink.Fleet(\"example\", network=aws.worklink.FleetNetworkArgs(\n vpc_id=aws_vpc[\"test\"][\"id\"],\n subnet_ids=[[__item[\"id\"] for __item in aws_subnet[\"test\"]]],\n security_group_ids=[aws_security_group[\"test\"][\"id\"]],\n))\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var example = new Aws.WorkLink.Fleet(\"example\", new()\n {\n Network = new Aws.WorkLink.Inputs.FleetNetworkArgs\n {\n VpcId = aws_vpc.Test.Id,\n SubnetIds = new[]\n {\n aws_subnet.Test.Select(__item =\u003e __item.Id).ToList(),\n },\n SecurityGroupIds = new[]\n {\n aws_security_group.Test.Id,\n },\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/worklink\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\nfunc main() {\npulumi.Run(func(ctx *pulumi.Context) error {\n_, err := worklink.NewFleet(ctx, \"example\", \u0026worklink.FleetArgs{\nNetwork: \u0026worklink.FleetNetworkArgs{\nVpcId: pulumi.Any(aws_vpc.Test.Id),\nSubnetIds: pulumi.StringArray{\n%!v(PANIC=Format method: fatal: A failure has occurred: unlowered splat expression @ #-resources-aws:worklink-fleet:Fleet.pp:3,26-47),\n},\nSecurityGroupIds: pulumi.StringArray{\naws_security_group.Test.Id,\n},\n},\n})\nif err != nil {\nreturn err\n}\nreturn nil\n})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.aws.worklink.Fleet;\nimport com.pulumi.aws.worklink.FleetArgs;\nimport com.pulumi.aws.worklink.inputs.FleetNetworkArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var example = new Fleet(\"example\", FleetArgs.builder() \n .network(FleetNetworkArgs.builder()\n .vpcId(aws_vpc.test().id())\n .subnetIds(aws_subnet.test().stream().map(element -\u003e element.id()).collect(toList()))\n .securityGroupIds(aws_security_group.test().id())\n .build())\n .build());\n\n }\n}\n```\n\nIdentity Provider Configuration Usage:\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\nimport * as fs from \"fs\";\n\nconst test = new aws.worklink.Fleet(\"test\", {identityProvider: {\n type: \"SAML\",\n samlMetadata: fs.readFileSync(\"saml-metadata.xml\"),\n}});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\ntest = aws.worklink.Fleet(\"test\", identity_provider=aws.worklink.FleetIdentityProviderArgs(\n type=\"SAML\",\n saml_metadata=(lambda path: open(path).read())(\"saml-metadata.xml\"),\n))\n```\n```csharp\nusing System.Collections.Generic;\nusing System.IO;\nusing System.Linq;\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var test = new Aws.WorkLink.Fleet(\"test\", new()\n {\n IdentityProvider = new Aws.WorkLink.Inputs.FleetIdentityProviderArgs\n {\n Type = \"SAML\",\n SamlMetadata = File.ReadAllText(\"saml-metadata.xml\"),\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"os\"\n\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/worklink\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc readFileOrPanic(path string) pulumi.StringPtrInput {\n\tdata, err := os.ReadFile(path)\n\tif err != nil {\n\t\tpanic(err.Error())\n\t}\n\treturn pulumi.String(string(data))\n}\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := worklink.NewFleet(ctx, \"test\", \u0026worklink.FleetArgs{\n\t\t\tIdentityProvider: \u0026worklink.FleetIdentityProviderArgs{\n\t\t\t\tType: pulumi.String(\"SAML\"),\n\t\t\t\tSamlMetadata: readFileOrPanic(\"saml-metadata.xml\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.aws.worklink.Fleet;\nimport com.pulumi.aws.worklink.FleetArgs;\nimport com.pulumi.aws.worklink.inputs.FleetIdentityProviderArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var test = new Fleet(\"test\", FleetArgs.builder() \n .identityProvider(FleetIdentityProviderArgs.builder()\n .type(\"SAML\")\n .samlMetadata(Files.readString(Paths.get(\"saml-metadata.xml\")))\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n test:\n type: aws:worklink:Fleet\n properties:\n identityProvider:\n type: SAML\n samlMetadata:\n fn::readFile: saml-metadata.xml\n```\n{{% /example %}}\n{{% /examples %}}\n\n## Import\n\nterraform import {\n\n to = aws_worklink_fleet.test\n\n id = \"arn:aws:worklink::123456789012:fleet/example\" } Using `pulumi import`, import WorkLink using the ARN. For exampleconsole % pulumi import aws_worklink_fleet.test arn:aws:worklink::123456789012:fleet/example ", "properties": { "arn": { "type": "string", @@ -306320,7 +306317,7 @@ } }, "aws:cloudtrail/getServiceAccount:getServiceAccount": { - "description": "Use this data source to get the Account ID of the [AWS CloudTrail Service Account](http://docs.aws.amazon.com/awscloudtrail/latest/userguide/cloudtrail-supported-regions.html)\nin a given region for the purpose of allowing CloudTrail to store trail data in S3.\n\n{{% examples %}}\n## Example Usage\n{{% example %}}\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst main = aws.cloudtrail.getServiceAccount({});\nconst bucket = new aws.s3.BucketV2(\"bucket\", {forceDestroy: true});\nconst allowCloudtrailLoggingPolicyDocument = pulumi.all([main, bucket.arn, main, bucket.arn]).apply(([main, bucketArn, main1, bucketArn1]) =\u003e aws.iam.getPolicyDocumentOutput({\n statements: [\n {\n sid: \"Put bucket policy needed for trails\",\n effect: \"Allow\",\n principals: [{\n type: \"AWS\",\n identifiers: [main.arn],\n }],\n actions: [\"s3:PutObject\"],\n resources: [`${bucketArn}/*`],\n },\n {\n sid: \"Get bucket policy needed for trails\",\n effect: \"Allow\",\n principals: [{\n type: \"AWS\",\n identifiers: [main1.arn],\n }],\n actions: [\"s3:GetBucketAcl\"],\n resources: [bucketArn1],\n },\n ],\n}));\nconst allowCloudtrailLoggingBucketPolicy = new aws.s3.BucketPolicy(\"allowCloudtrailLoggingBucketPolicy\", {\n bucket: bucket.id,\n policy: allowCloudtrailLoggingPolicyDocument.apply(allowCloudtrailLoggingPolicyDocument =\u003e allowCloudtrailLoggingPolicyDocument.json),\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nmain = aws.cloudtrail.get_service_account()\nbucket = aws.s3.BucketV2(\"bucket\", force_destroy=True)\nallow_cloudtrail_logging_policy_document = pulumi.Output.all(bucket.arn, bucket.arn).apply(lambda bucketArn, bucketArn1: aws.iam.get_policy_document_output(statements=[\n aws.iam.GetPolicyDocumentStatementArgs(\n sid=\"Put bucket policy needed for trails\",\n effect=\"Allow\",\n principals=[aws.iam.GetPolicyDocumentStatementPrincipalArgs(\n type=\"AWS\",\n identifiers=[main.arn],\n )],\n actions=[\"s3:PutObject\"],\n resources=[f\"{bucket_arn}/*\"],\n ),\n aws.iam.GetPolicyDocumentStatementArgs(\n sid=\"Get bucket policy needed for trails\",\n effect=\"Allow\",\n principals=[aws.iam.GetPolicyDocumentStatementPrincipalArgs(\n type=\"AWS\",\n identifiers=[main.arn],\n )],\n actions=[\"s3:GetBucketAcl\"],\n resources=[bucket_arn1],\n ),\n]))\nallow_cloudtrail_logging_bucket_policy = aws.s3.BucketPolicy(\"allowCloudtrailLoggingBucketPolicy\",\n bucket=bucket.id,\n policy=allow_cloudtrail_logging_policy_document.json)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var main = Aws.CloudTrail.GetServiceAccount.Invoke();\n\n var bucket = new Aws.S3.BucketV2(\"bucket\", new()\n {\n ForceDestroy = true,\n });\n\n var allowCloudtrailLoggingPolicyDocument = Aws.Iam.GetPolicyDocument.Invoke(new()\n {\n Statements = new[]\n {\n new Aws.Iam.Inputs.GetPolicyDocumentStatementInputArgs\n {\n Sid = \"Put bucket policy needed for trails\",\n Effect = \"Allow\",\n Principals = new[]\n {\n new Aws.Iam.Inputs.GetPolicyDocumentStatementPrincipalInputArgs\n {\n Type = \"AWS\",\n Identifiers = new[]\n {\n main.Apply(getServiceAccountResult =\u003e getServiceAccountResult.Arn),\n },\n },\n },\n Actions = new[]\n {\n \"s3:PutObject\",\n },\n Resources = new[]\n {\n $\"{bucket.Arn}/*\",\n },\n },\n new Aws.Iam.Inputs.GetPolicyDocumentStatementInputArgs\n {\n Sid = \"Get bucket policy needed for trails\",\n Effect = \"Allow\",\n Principals = new[]\n {\n new Aws.Iam.Inputs.GetPolicyDocumentStatementPrincipalInputArgs\n {\n Type = \"AWS\",\n Identifiers = new[]\n {\n main.Apply(getServiceAccountResult =\u003e getServiceAccountResult.Arn),\n },\n },\n },\n Actions = new[]\n {\n \"s3:GetBucketAcl\",\n },\n Resources = new[]\n {\n bucket.Arn,\n },\n },\n },\n });\n\n var allowCloudtrailLoggingBucketPolicy = new Aws.S3.BucketPolicy(\"allowCloudtrailLoggingBucketPolicy\", new()\n {\n Bucket = bucket.Id,\n Policy = allowCloudtrailLoggingPolicyDocument.Apply(getPolicyDocumentResult =\u003e getPolicyDocumentResult.Json),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\"fmt\"\n\n\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/cloudtrail\"\n\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/iam\"\n\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/s3\"\n)\nfunc main() {\npulumi.Run(func(ctx *pulumi.Context) error {\nmain, err := cloudtrail.GetServiceAccount(ctx, nil, nil);\nif err != nil {\nreturn err\n}\nbucket, err := s3.NewBucketV2(ctx, \"bucket\", \u0026s3.BucketV2Args{\nForceDestroy: pulumi.Bool(true),\n})\nif err != nil {\nreturn err\n}\nallowCloudtrailLoggingPolicyDocument := pulumi.All(bucket.Arn,bucket.Arn).ApplyT(func(_args []interface{}) (iam.GetPolicyDocumentResult, error) {\nbucketArn := _args[0].(string)\nbucketArn1 := _args[1].(string)\nreturn iam.GetPolicyDocumentOutput(ctx, iam.GetPolicyDocumentOutputArgs{\nStatements: []iam.GetPolicyDocumentStatement{\n{\nSid: \"Put bucket policy needed for trails\",\nEffect: \"Allow\",\nPrincipals: []iam.GetPolicyDocumentStatementPrincipal{\n{\nType: \"AWS\",\nIdentifiers: interface{}{\nmain.Arn,\n},\n},\n},\nActions: []string{\n\"s3:PutObject\",\n},\nResources: []string{\nfmt.Sprintf(\"%v/*\", bucketArn),\n},\n},\n{\nSid: \"Get bucket policy needed for trails\",\nEffect: \"Allow\",\nPrincipals: []iam.GetPolicyDocumentStatementPrincipal{\n{\nType: \"AWS\",\nIdentifiers: interface{}{\nmain.Arn,\n},\n},\n},\nActions: []string{\n\"s3:GetBucketAcl\",\n},\nResources: []string{\nbucketArn1,\n},\n},\n},\n}, nil), nil\n}).(iam.GetPolicyDocumentResultOutput)\n_, err = s3.NewBucketPolicy(ctx, \"allowCloudtrailLoggingBucketPolicy\", \u0026s3.BucketPolicyArgs{\nBucket: bucket.ID(),\nPolicy: allowCloudtrailLoggingPolicyDocument.ApplyT(func(allowCloudtrailLoggingPolicyDocument iam.GetPolicyDocumentResult) (*string, error) {\nreturn \u0026allowCloudtrailLoggingPolicyDocument.Json, nil\n}).(pulumi.StringPtrOutput),\n})\nif err != nil {\nreturn err\n}\nreturn nil\n})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.aws.cloudtrail.CloudtrailFunctions;\nimport com.pulumi.aws.cloudtrail.inputs.GetServiceAccountArgs;\nimport com.pulumi.aws.s3.BucketV2;\nimport com.pulumi.aws.s3.BucketV2Args;\nimport com.pulumi.aws.iam.IamFunctions;\nimport com.pulumi.aws.iam.inputs.GetPolicyDocumentArgs;\nimport com.pulumi.aws.s3.BucketPolicy;\nimport com.pulumi.aws.s3.BucketPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var main = CloudtrailFunctions.getServiceAccount();\n\n var bucket = new BucketV2(\"bucket\", BucketV2Args.builder() \n .forceDestroy(true)\n .build());\n\n final var allowCloudtrailLoggingPolicyDocument = IamFunctions.getPolicyDocument(GetPolicyDocumentArgs.builder()\n .statements( \n GetPolicyDocumentStatementArgs.builder()\n .sid(\"Put bucket policy needed for trails\")\n .effect(\"Allow\")\n .principals(GetPolicyDocumentStatementPrincipalArgs.builder()\n .type(\"AWS\")\n .identifiers(main.applyValue(getServiceAccountResult -\u003e getServiceAccountResult.arn()))\n .build())\n .actions(\"s3:PutObject\")\n .resources(bucket.arn().applyValue(arn -\u003e String.format(\"%s/*\", arn)))\n .build(),\n GetPolicyDocumentStatementArgs.builder()\n .sid(\"Get bucket policy needed for trails\")\n .effect(\"Allow\")\n .principals(GetPolicyDocumentStatementPrincipalArgs.builder()\n .type(\"AWS\")\n .identifiers(main.applyValue(getServiceAccountResult -\u003e getServiceAccountResult.arn()))\n .build())\n .actions(\"s3:GetBucketAcl\")\n .resources(bucket.arn())\n .build())\n .build());\n\n var allowCloudtrailLoggingBucketPolicy = new BucketPolicy(\"allowCloudtrailLoggingBucketPolicy\", BucketPolicyArgs.builder() \n .bucket(bucket.id())\n .policy(allowCloudtrailLoggingPolicyDocument.applyValue(getPolicyDocumentResult -\u003e getPolicyDocumentResult).applyValue(allowCloudtrailLoggingPolicyDocument -\u003e allowCloudtrailLoggingPolicyDocument.applyValue(getPolicyDocumentResult -\u003e getPolicyDocumentResult.json())))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n bucket:\n type: aws:s3:BucketV2\n properties:\n forceDestroy: true\n allowCloudtrailLoggingBucketPolicy:\n type: aws:s3:BucketPolicy\n properties:\n bucket: ${bucket.id}\n policy: ${allowCloudtrailLoggingPolicyDocument.json}\nvariables:\n main:\n fn::invoke:\n Function: aws:cloudtrail:getServiceAccount\n Arguments: {}\n allowCloudtrailLoggingPolicyDocument:\n fn::invoke:\n Function: aws:iam:getPolicyDocument\n Arguments:\n statements:\n - sid: Put bucket policy needed for trails\n effect: Allow\n principals:\n - type: AWS\n identifiers:\n - ${main.arn}\n actions:\n - s3:PutObject\n resources:\n - ${bucket.arn}/*\n - sid: Get bucket policy needed for trails\n effect: Allow\n principals:\n - type: AWS\n identifiers:\n - ${main.arn}\n actions:\n - s3:GetBucketAcl\n resources:\n - ${bucket.arn}\n```\n{{% /example %}}\n{{% /examples %}}", + "description": "Use this data source to get the Account ID of the [AWS CloudTrail Service Account](http://docs.aws.amazon.com/awscloudtrail/latest/userguide/cloudtrail-supported-regions.html)\nin a given region for the purpose of allowing CloudTrail to store trail data in S3.\n\n{{% examples %}}\n## Example Usage\n{{% example %}}\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst main = aws.cloudtrail.getServiceAccount({});\nconst bucket = new aws.s3.BucketV2(\"bucket\", {forceDestroy: true});\nconst allowCloudtrailLoggingPolicyDocument = pulumi.all([main, bucket.arn, main, bucket.arn]).apply(([main, bucketArn, main1, bucketArn1]) =\u003e aws.iam.getPolicyDocumentOutput({\n statements: [\n {\n sid: \"Put bucket policy needed for trails\",\n effect: \"Allow\",\n principals: [{\n type: \"AWS\",\n identifiers: [main.arn],\n }],\n actions: [\"s3:PutObject\"],\n resources: [`${bucketArn}/*`],\n },\n {\n sid: \"Get bucket policy needed for trails\",\n effect: \"Allow\",\n principals: [{\n type: \"AWS\",\n identifiers: [main1.arn],\n }],\n actions: [\"s3:GetBucketAcl\"],\n resources: [bucketArn1],\n },\n ],\n}));\nconst allowCloudtrailLoggingBucketPolicy = new aws.s3.BucketPolicy(\"allowCloudtrailLoggingBucketPolicy\", {\n bucket: bucket.id,\n policy: allowCloudtrailLoggingPolicyDocument.apply(allowCloudtrailLoggingPolicyDocument =\u003e allowCloudtrailLoggingPolicyDocument.json),\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nmain = aws.cloudtrail.get_service_account()\nbucket = aws.s3.BucketV2(\"bucket\", force_destroy=True)\nallow_cloudtrail_logging_policy_document = pulumi.Output.all(bucket.arn, bucket.arn).apply(lambda bucketArn, bucketArn1: aws.iam.get_policy_document_output(statements=[\n aws.iam.GetPolicyDocumentStatementArgs(\n sid=\"Put bucket policy needed for trails\",\n effect=\"Allow\",\n principals=[aws.iam.GetPolicyDocumentStatementPrincipalArgs(\n type=\"AWS\",\n identifiers=[main.arn],\n )],\n actions=[\"s3:PutObject\"],\n resources=[f\"{bucket_arn}/*\"],\n ),\n aws.iam.GetPolicyDocumentStatementArgs(\n sid=\"Get bucket policy needed for trails\",\n effect=\"Allow\",\n principals=[aws.iam.GetPolicyDocumentStatementPrincipalArgs(\n type=\"AWS\",\n identifiers=[main.arn],\n )],\n actions=[\"s3:GetBucketAcl\"],\n resources=[bucket_arn1],\n ),\n]))\nallow_cloudtrail_logging_bucket_policy = aws.s3.BucketPolicy(\"allowCloudtrailLoggingBucketPolicy\",\n bucket=bucket.id,\n policy=allow_cloudtrail_logging_policy_document.json)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var main = Aws.CloudTrail.GetServiceAccount.Invoke();\n\n var bucket = new Aws.S3.BucketV2(\"bucket\", new()\n {\n ForceDestroy = true,\n });\n\n var allowCloudtrailLoggingPolicyDocument = Aws.Iam.GetPolicyDocument.Invoke(new()\n {\n Statements = new[]\n {\n new Aws.Iam.Inputs.GetPolicyDocumentStatementInputArgs\n {\n Sid = \"Put bucket policy needed for trails\",\n Effect = \"Allow\",\n Principals = new[]\n {\n new Aws.Iam.Inputs.GetPolicyDocumentStatementPrincipalInputArgs\n {\n Type = \"AWS\",\n Identifiers = new[]\n {\n main.Apply(getServiceAccountResult =\u003e getServiceAccountResult.Arn),\n },\n },\n },\n Actions = new[]\n {\n \"s3:PutObject\",\n },\n Resources = new[]\n {\n $\"{bucket.Arn}/*\",\n },\n },\n new Aws.Iam.Inputs.GetPolicyDocumentStatementInputArgs\n {\n Sid = \"Get bucket policy needed for trails\",\n Effect = \"Allow\",\n Principals = new[]\n {\n new Aws.Iam.Inputs.GetPolicyDocumentStatementPrincipalInputArgs\n {\n Type = \"AWS\",\n Identifiers = new[]\n {\n main.Apply(getServiceAccountResult =\u003e getServiceAccountResult.Arn),\n },\n },\n },\n Actions = new[]\n {\n \"s3:GetBucketAcl\",\n },\n Resources = new[]\n {\n bucket.Arn,\n },\n },\n },\n });\n\n var allowCloudtrailLoggingBucketPolicy = new Aws.S3.BucketPolicy(\"allowCloudtrailLoggingBucketPolicy\", new()\n {\n Bucket = bucket.Id,\n Policy = allowCloudtrailLoggingPolicyDocument.Apply(getPolicyDocumentResult =\u003e getPolicyDocumentResult.Json),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"fmt\"\n\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/cloudtrail\"\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/iam\"\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/s3\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\nfunc main() {\npulumi.Run(func(ctx *pulumi.Context) error {\nmain, err := cloudtrail.GetServiceAccount(ctx, nil, nil);\nif err != nil {\nreturn err\n}\nbucket, err := s3.NewBucketV2(ctx, \"bucket\", \u0026s3.BucketV2Args{\nForceDestroy: pulumi.Bool(true),\n})\nif err != nil {\nreturn err\n}\nallowCloudtrailLoggingPolicyDocument := pulumi.All(bucket.Arn,bucket.Arn).ApplyT(func(_args []interface{}) (iam.GetPolicyDocumentResult, error) {\nbucketArn := _args[0].(string)\nbucketArn1 := _args[1].(string)\nreturn iam.GetPolicyDocumentOutput(ctx, iam.GetPolicyDocumentOutputArgs{\nStatements: []iam.GetPolicyDocumentStatement{\n{\nSid: \"Put bucket policy needed for trails\",\nEffect: \"Allow\",\nPrincipals: []iam.GetPolicyDocumentStatementPrincipal{\n{\nType: \"AWS\",\nIdentifiers: interface{}{\nmain.Arn,\n},\n},\n},\nActions: []string{\n\"s3:PutObject\",\n},\nResources: []string{\nfmt.Sprintf(\"%v/*\", bucketArn),\n},\n},\n{\nSid: \"Get bucket policy needed for trails\",\nEffect: \"Allow\",\nPrincipals: []iam.GetPolicyDocumentStatementPrincipal{\n{\nType: \"AWS\",\nIdentifiers: interface{}{\nmain.Arn,\n},\n},\n},\nActions: []string{\n\"s3:GetBucketAcl\",\n},\nResources: []string{\nbucketArn1,\n},\n},\n},\n}, nil), nil\n}).(iam.GetPolicyDocumentResultOutput)\n_, err = s3.NewBucketPolicy(ctx, \"allowCloudtrailLoggingBucketPolicy\", \u0026s3.BucketPolicyArgs{\nBucket: bucket.ID(),\nPolicy: allowCloudtrailLoggingPolicyDocument.ApplyT(func(allowCloudtrailLoggingPolicyDocument iam.GetPolicyDocumentResult) (*string, error) {\nreturn \u0026allowCloudtrailLoggingPolicyDocument.Json, nil\n}).(pulumi.StringPtrOutput),\n})\nif err != nil {\nreturn err\n}\nreturn nil\n})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.aws.cloudtrail.CloudtrailFunctions;\nimport com.pulumi.aws.cloudtrail.inputs.GetServiceAccountArgs;\nimport com.pulumi.aws.s3.BucketV2;\nimport com.pulumi.aws.s3.BucketV2Args;\nimport com.pulumi.aws.iam.IamFunctions;\nimport com.pulumi.aws.iam.inputs.GetPolicyDocumentArgs;\nimport com.pulumi.aws.s3.BucketPolicy;\nimport com.pulumi.aws.s3.BucketPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var main = CloudtrailFunctions.getServiceAccount();\n\n var bucket = new BucketV2(\"bucket\", BucketV2Args.builder() \n .forceDestroy(true)\n .build());\n\n final var allowCloudtrailLoggingPolicyDocument = IamFunctions.getPolicyDocument(GetPolicyDocumentArgs.builder()\n .statements( \n GetPolicyDocumentStatementArgs.builder()\n .sid(\"Put bucket policy needed for trails\")\n .effect(\"Allow\")\n .principals(GetPolicyDocumentStatementPrincipalArgs.builder()\n .type(\"AWS\")\n .identifiers(main.applyValue(getServiceAccountResult -\u003e getServiceAccountResult.arn()))\n .build())\n .actions(\"s3:PutObject\")\n .resources(bucket.arn().applyValue(arn -\u003e String.format(\"%s/*\", arn)))\n .build(),\n GetPolicyDocumentStatementArgs.builder()\n .sid(\"Get bucket policy needed for trails\")\n .effect(\"Allow\")\n .principals(GetPolicyDocumentStatementPrincipalArgs.builder()\n .type(\"AWS\")\n .identifiers(main.applyValue(getServiceAccountResult -\u003e getServiceAccountResult.arn()))\n .build())\n .actions(\"s3:GetBucketAcl\")\n .resources(bucket.arn())\n .build())\n .build());\n\n var allowCloudtrailLoggingBucketPolicy = new BucketPolicy(\"allowCloudtrailLoggingBucketPolicy\", BucketPolicyArgs.builder() \n .bucket(bucket.id())\n .policy(allowCloudtrailLoggingPolicyDocument.applyValue(getPolicyDocumentResult -\u003e getPolicyDocumentResult).applyValue(allowCloudtrailLoggingPolicyDocument -\u003e allowCloudtrailLoggingPolicyDocument.applyValue(getPolicyDocumentResult -\u003e getPolicyDocumentResult.json())))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n bucket:\n type: aws:s3:BucketV2\n properties:\n forceDestroy: true\n allowCloudtrailLoggingBucketPolicy:\n type: aws:s3:BucketPolicy\n properties:\n bucket: ${bucket.id}\n policy: ${allowCloudtrailLoggingPolicyDocument.json}\nvariables:\n main:\n fn::invoke:\n Function: aws:cloudtrail:getServiceAccount\n Arguments: {}\n allowCloudtrailLoggingPolicyDocument:\n fn::invoke:\n Function: aws:iam:getPolicyDocument\n Arguments:\n statements:\n - sid: Put bucket policy needed for trails\n effect: Allow\n principals:\n - type: AWS\n identifiers:\n - ${main.arn}\n actions:\n - s3:PutObject\n resources:\n - ${bucket.arn}/*\n - sid: Get bucket policy needed for trails\n effect: Allow\n principals:\n - type: AWS\n identifiers:\n - ${main.arn}\n actions:\n - s3:GetBucketAcl\n resources:\n - ${bucket.arn}\n```\n{{% /example %}}\n{{% /examples %}}", "inputs": { "description": "A collection of arguments for invoking getServiceAccount.\n", "properties": { @@ -312491,7 +312488,7 @@ } }, "aws:ec2/getInternetGateway:getInternetGateway": { - "description": "`aws.ec2.InternetGateway` provides details about a specific Internet Gateway.\n\n{{% examples %}}\n## Example Usage\n{{% example %}}\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst config = new pulumi.Config();\nconst vpcId = config.requireObject(\"vpcId\");\nconst default = aws.ec2.getInternetGateway({\n filters: [{\n name: \"attachment.vpc-id\",\n values: [vpcId],\n }],\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nconfig = pulumi.Config()\nvpc_id = config.require_object(\"vpcId\")\ndefault = aws.ec2.get_internet_gateway(filters=[aws.ec2.GetInternetGatewayFilterArgs(\n name=\"attachment.vpc-id\",\n values=[vpc_id],\n)])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var config = new Config();\n var vpcId = config.RequireObject\u003cdynamic\u003e(\"vpcId\");\n var @default = Aws.Ec2.GetInternetGateway.Invoke(new()\n {\n Filters = new[]\n {\n new Aws.Ec2.Inputs.GetInternetGatewayFilterInputArgs\n {\n Name = \"attachment.vpc-id\",\n Values = new[]\n {\n vpcId,\n },\n },\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\n\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/ec2\"\n\"github.com/pulumi/pulumi/sdk/v3/go/pulumi/config\"\n)\nfunc main() {\npulumi.Run(func(ctx *pulumi.Context) error {\ncfg := config.New(ctx, \"\")\nvpcId := cfg.RequireObject(\"vpcId\")\n_, err := ec2.LookupInternetGateway(ctx, \u0026ec2.LookupInternetGatewayArgs{\nFilters: []ec2.GetInternetGatewayFilter{\n{\nName: \"attachment.vpc-id\",\nValues: interface{}{\nvpcId,\n},\n},\n},\n}, nil);\nif err != nil {\nreturn err\n}\nreturn nil\n})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.aws.ec2.Ec2Functions;\nimport com.pulumi.aws.ec2.inputs.GetInternetGatewayArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var config = ctx.config();\n final var vpcId = config.get(\"vpcId\");\n final var default = Ec2Functions.getInternetGateway(GetInternetGatewayArgs.builder()\n .filters(GetInternetGatewayFilterArgs.builder()\n .name(\"attachment.vpc-id\")\n .values(vpcId)\n .build())\n .build());\n\n }\n}\n```\n```yaml\nconfiguration:\n vpcId:\n type: dynamic\nvariables:\n default:\n fn::invoke:\n Function: aws:ec2:getInternetGateway\n Arguments:\n filters:\n - name: attachment.vpc-id\n values:\n - ${vpcId}\n```\n{{% /example %}}\n{{% /examples %}}", + "description": "`aws.ec2.InternetGateway` provides details about a specific Internet Gateway.\n\n{{% examples %}}\n## Example Usage\n{{% example %}}\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst config = new pulumi.Config();\nconst vpcId = config.requireObject(\"vpcId\");\nconst default = aws.ec2.getInternetGateway({\n filters: [{\n name: \"attachment.vpc-id\",\n values: [vpcId],\n }],\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nconfig = pulumi.Config()\nvpc_id = config.require_object(\"vpcId\")\ndefault = aws.ec2.get_internet_gateway(filters=[aws.ec2.GetInternetGatewayFilterArgs(\n name=\"attachment.vpc-id\",\n values=[vpc_id],\n)])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var config = new Config();\n var vpcId = config.RequireObject\u003cdynamic\u003e(\"vpcId\");\n var @default = Aws.Ec2.GetInternetGateway.Invoke(new()\n {\n Filters = new[]\n {\n new Aws.Ec2.Inputs.GetInternetGatewayFilterInputArgs\n {\n Name = \"attachment.vpc-id\",\n Values = new[]\n {\n vpcId,\n },\n },\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/ec2\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi/config\"\n)\nfunc main() {\npulumi.Run(func(ctx *pulumi.Context) error {\ncfg := config.New(ctx, \"\")\nvpcId := cfg.RequireObject(\"vpcId\")\n_, err := ec2.LookupInternetGateway(ctx, \u0026ec2.LookupInternetGatewayArgs{\nFilters: []ec2.GetInternetGatewayFilter{\n{\nName: \"attachment.vpc-id\",\nValues: interface{}{\nvpcId,\n},\n},\n},\n}, nil);\nif err != nil {\nreturn err\n}\nreturn nil\n})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.aws.ec2.Ec2Functions;\nimport com.pulumi.aws.ec2.inputs.GetInternetGatewayArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var config = ctx.config();\n final var vpcId = config.get(\"vpcId\");\n final var default = Ec2Functions.getInternetGateway(GetInternetGatewayArgs.builder()\n .filters(GetInternetGatewayFilterArgs.builder()\n .name(\"attachment.vpc-id\")\n .values(vpcId)\n .build())\n .build());\n\n }\n}\n```\n```yaml\nconfiguration:\n vpcId:\n type: dynamic\nvariables:\n default:\n fn::invoke:\n Function: aws:ec2:getInternetGateway\n Arguments:\n filters:\n - name: attachment.vpc-id\n values:\n - ${vpcId}\n```\n{{% /example %}}\n{{% /examples %}}", "inputs": { "description": "A collection of arguments for invoking getInternetGateway.\n", "properties": { @@ -313921,7 +313918,7 @@ } }, "aws:ec2/getNetworkAcls:getNetworkAcls": { - "description": "{{% examples %}}\n## Example Usage\n{{% example %}}\n\nThe following shows outputting all network ACL ids in a vpc.\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst exampleNetworkAcls = aws.ec2.getNetworkAcls({\n vpcId: _var.vpc_id,\n});\nexport const example = exampleNetworkAcls.then(exampleNetworkAcls =\u003e exampleNetworkAcls.ids);\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nexample_network_acls = aws.ec2.get_network_acls(vpc_id=var[\"vpc_id\"])\npulumi.export(\"example\", example_network_acls.ids)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var exampleNetworkAcls = Aws.Ec2.GetNetworkAcls.Invoke(new()\n {\n VpcId = @var.Vpc_id,\n });\n\n return new Dictionary\u003cstring, object?\u003e\n {\n [\"example\"] = exampleNetworkAcls.Apply(getNetworkAclsResult =\u003e getNetworkAclsResult.Ids),\n };\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/ec2\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\texampleNetworkAcls, err := ec2.GetNetworkAcls(ctx, \u0026ec2.GetNetworkAclsArgs{\n\t\t\tVpcId: pulumi.StringRef(_var.Vpc_id),\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tctx.Export(\"example\", exampleNetworkAcls.Ids)\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.aws.ec2.Ec2Functions;\nimport com.pulumi.aws.ec2.inputs.GetNetworkAclsArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var exampleNetworkAcls = Ec2Functions.getNetworkAcls(GetNetworkAclsArgs.builder()\n .vpcId(var_.vpc_id())\n .build());\n\n ctx.export(\"example\", exampleNetworkAcls.applyValue(getNetworkAclsResult -\u003e getNetworkAclsResult.ids()));\n }\n}\n```\n```yaml\nvariables:\n exampleNetworkAcls:\n fn::invoke:\n Function: aws:ec2:getNetworkAcls\n Arguments:\n vpcId: ${var.vpc_id}\noutputs:\n example: ${exampleNetworkAcls.ids}\n```\n\nThe following example retrieves a list of all network ACL ids in a VPC with a custom\ntag of `Tier` set to a value of \"Private\".\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst example = aws.ec2.getNetworkAcls({\n vpcId: _var.vpc_id,\n tags: {\n Tier: \"Private\",\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nexample = aws.ec2.get_network_acls(vpc_id=var[\"vpc_id\"],\n tags={\n \"Tier\": \"Private\",\n })\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var example = Aws.Ec2.GetNetworkAcls.Invoke(new()\n {\n VpcId = @var.Vpc_id,\n Tags = \n {\n { \"Tier\", \"Private\" },\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/ec2\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := ec2.GetNetworkAcls(ctx, \u0026ec2.GetNetworkAclsArgs{\n\t\t\tVpcId: pulumi.StringRef(_var.Vpc_id),\n\t\t\tTags: map[string]interface{}{\n\t\t\t\t\"Tier\": \"Private\",\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.aws.ec2.Ec2Functions;\nimport com.pulumi.aws.ec2.inputs.GetNetworkAclsArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var example = Ec2Functions.getNetworkAcls(GetNetworkAclsArgs.builder()\n .vpcId(var_.vpc_id())\n .tags(Map.of(\"Tier\", \"Private\"))\n .build());\n\n }\n}\n```\n```yaml\nvariables:\n example:\n fn::invoke:\n Function: aws:ec2:getNetworkAcls\n Arguments:\n vpcId: ${var.vpc_id}\n tags:\n Tier: Private\n```\n\nThe following example retrieves a network ACL id in a VPC which associated\nwith specific subnet.\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst example = aws.ec2.getNetworkAcls({\n vpcId: _var.vpc_id,\n filters: [{\n name: \"association.subnet-id\",\n values: [aws_subnet.test.id],\n }],\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nexample = aws.ec2.get_network_acls(vpc_id=var[\"vpc_id\"],\n filters=[aws.ec2.GetNetworkAclsFilterArgs(\n name=\"association.subnet-id\",\n values=[aws_subnet[\"test\"][\"id\"]],\n )])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var example = Aws.Ec2.GetNetworkAcls.Invoke(new()\n {\n VpcId = @var.Vpc_id,\n Filters = new[]\n {\n new Aws.Ec2.Inputs.GetNetworkAclsFilterInputArgs\n {\n Name = \"association.subnet-id\",\n Values = new[]\n {\n aws_subnet.Test.Id,\n },\n },\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\n\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/ec2\"\n)\nfunc main() {\npulumi.Run(func(ctx *pulumi.Context) error {\n_, err := ec2.GetNetworkAcls(ctx, \u0026ec2.GetNetworkAclsArgs{\nVpcId: pulumi.StringRef(_var.Vpc_id),\nFilters: []ec2.GetNetworkAclsFilter{\n{\nName: \"association.subnet-id\",\nValues: interface{}{\naws_subnet.Test.Id,\n},\n},\n},\n}, nil);\nif err != nil {\nreturn err\n}\nreturn nil\n})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.aws.ec2.Ec2Functions;\nimport com.pulumi.aws.ec2.inputs.GetNetworkAclsArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var example = Ec2Functions.getNetworkAcls(GetNetworkAclsArgs.builder()\n .vpcId(var_.vpc_id())\n .filters(GetNetworkAclsFilterArgs.builder()\n .name(\"association.subnet-id\")\n .values(aws_subnet.test().id())\n .build())\n .build());\n\n }\n}\n```\n```yaml\nvariables:\n example:\n fn::invoke:\n Function: aws:ec2:getNetworkAcls\n Arguments:\n vpcId: ${var.vpc_id}\n filters:\n - name: association.subnet-id\n values:\n - ${aws_subnet.test.id}\n```\n{{% /example %}}\n{{% /examples %}}", + "description": "{{% examples %}}\n## Example Usage\n{{% example %}}\n\nThe following shows outputting all network ACL ids in a vpc.\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst exampleNetworkAcls = aws.ec2.getNetworkAcls({\n vpcId: _var.vpc_id,\n});\nexport const example = exampleNetworkAcls.then(exampleNetworkAcls =\u003e exampleNetworkAcls.ids);\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nexample_network_acls = aws.ec2.get_network_acls(vpc_id=var[\"vpc_id\"])\npulumi.export(\"example\", example_network_acls.ids)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var exampleNetworkAcls = Aws.Ec2.GetNetworkAcls.Invoke(new()\n {\n VpcId = @var.Vpc_id,\n });\n\n return new Dictionary\u003cstring, object?\u003e\n {\n [\"example\"] = exampleNetworkAcls.Apply(getNetworkAclsResult =\u003e getNetworkAclsResult.Ids),\n };\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/ec2\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\texampleNetworkAcls, err := ec2.GetNetworkAcls(ctx, \u0026ec2.GetNetworkAclsArgs{\n\t\t\tVpcId: pulumi.StringRef(_var.Vpc_id),\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tctx.Export(\"example\", exampleNetworkAcls.Ids)\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.aws.ec2.Ec2Functions;\nimport com.pulumi.aws.ec2.inputs.GetNetworkAclsArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var exampleNetworkAcls = Ec2Functions.getNetworkAcls(GetNetworkAclsArgs.builder()\n .vpcId(var_.vpc_id())\n .build());\n\n ctx.export(\"example\", exampleNetworkAcls.applyValue(getNetworkAclsResult -\u003e getNetworkAclsResult.ids()));\n }\n}\n```\n```yaml\nvariables:\n exampleNetworkAcls:\n fn::invoke:\n Function: aws:ec2:getNetworkAcls\n Arguments:\n vpcId: ${var.vpc_id}\noutputs:\n example: ${exampleNetworkAcls.ids}\n```\n\nThe following example retrieves a list of all network ACL ids in a VPC with a custom\ntag of `Tier` set to a value of \"Private\".\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst example = aws.ec2.getNetworkAcls({\n vpcId: _var.vpc_id,\n tags: {\n Tier: \"Private\",\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nexample = aws.ec2.get_network_acls(vpc_id=var[\"vpc_id\"],\n tags={\n \"Tier\": \"Private\",\n })\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var example = Aws.Ec2.GetNetworkAcls.Invoke(new()\n {\n VpcId = @var.Vpc_id,\n Tags = \n {\n { \"Tier\", \"Private\" },\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/ec2\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := ec2.GetNetworkAcls(ctx, \u0026ec2.GetNetworkAclsArgs{\n\t\t\tVpcId: pulumi.StringRef(_var.Vpc_id),\n\t\t\tTags: map[string]interface{}{\n\t\t\t\t\"Tier\": \"Private\",\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.aws.ec2.Ec2Functions;\nimport com.pulumi.aws.ec2.inputs.GetNetworkAclsArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var example = Ec2Functions.getNetworkAcls(GetNetworkAclsArgs.builder()\n .vpcId(var_.vpc_id())\n .tags(Map.of(\"Tier\", \"Private\"))\n .build());\n\n }\n}\n```\n```yaml\nvariables:\n example:\n fn::invoke:\n Function: aws:ec2:getNetworkAcls\n Arguments:\n vpcId: ${var.vpc_id}\n tags:\n Tier: Private\n```\n\nThe following example retrieves a network ACL id in a VPC which associated\nwith specific subnet.\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst example = aws.ec2.getNetworkAcls({\n vpcId: _var.vpc_id,\n filters: [{\n name: \"association.subnet-id\",\n values: [aws_subnet.test.id],\n }],\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nexample = aws.ec2.get_network_acls(vpc_id=var[\"vpc_id\"],\n filters=[aws.ec2.GetNetworkAclsFilterArgs(\n name=\"association.subnet-id\",\n values=[aws_subnet[\"test\"][\"id\"]],\n )])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var example = Aws.Ec2.GetNetworkAcls.Invoke(new()\n {\n VpcId = @var.Vpc_id,\n Filters = new[]\n {\n new Aws.Ec2.Inputs.GetNetworkAclsFilterInputArgs\n {\n Name = \"association.subnet-id\",\n Values = new[]\n {\n aws_subnet.Test.Id,\n },\n },\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/ec2\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\nfunc main() {\npulumi.Run(func(ctx *pulumi.Context) error {\n_, err := ec2.GetNetworkAcls(ctx, \u0026ec2.GetNetworkAclsArgs{\nVpcId: pulumi.StringRef(_var.Vpc_id),\nFilters: []ec2.GetNetworkAclsFilter{\n{\nName: \"association.subnet-id\",\nValues: interface{}{\naws_subnet.Test.Id,\n},\n},\n},\n}, nil);\nif err != nil {\nreturn err\n}\nreturn nil\n})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.aws.ec2.Ec2Functions;\nimport com.pulumi.aws.ec2.inputs.GetNetworkAclsArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var example = Ec2Functions.getNetworkAcls(GetNetworkAclsArgs.builder()\n .vpcId(var_.vpc_id())\n .filters(GetNetworkAclsFilterArgs.builder()\n .name(\"association.subnet-id\")\n .values(aws_subnet.test().id())\n .build())\n .build());\n\n }\n}\n```\n```yaml\nvariables:\n example:\n fn::invoke:\n Function: aws:ec2:getNetworkAcls\n Arguments:\n vpcId: ${var.vpc_id}\n filters:\n - name: association.subnet-id\n values:\n - ${aws_subnet.test.id}\n```\n{{% /example %}}\n{{% /examples %}}", "inputs": { "description": "A collection of arguments for invoking getNetworkAcls.\n", "properties": { @@ -314361,7 +314358,7 @@ } }, "aws:ec2/getNetworkInterfaces:getNetworkInterfaces": { - "description": "{{% examples %}}\n## Example Usage\n{{% example %}}\n\nThe following shows outputting all network interface ids in a region.\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst exampleNetworkInterfaces = aws.ec2.getNetworkInterfaces({});\nexport const example = exampleNetworkInterfaces.then(exampleNetworkInterfaces =\u003e exampleNetworkInterfaces.ids);\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nexample_network_interfaces = aws.ec2.get_network_interfaces()\npulumi.export(\"example\", example_network_interfaces.ids)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var exampleNetworkInterfaces = Aws.Ec2.GetNetworkInterfaces.Invoke();\n\n return new Dictionary\u003cstring, object?\u003e\n {\n [\"example\"] = exampleNetworkInterfaces.Apply(getNetworkInterfacesResult =\u003e getNetworkInterfacesResult.Ids),\n };\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/ec2\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\texampleNetworkInterfaces, err := ec2.GetNetworkInterfaces(ctx, nil, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tctx.Export(\"example\", exampleNetworkInterfaces.Ids)\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.aws.ec2.Ec2Functions;\nimport com.pulumi.aws.ec2.inputs.GetNetworkInterfacesArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var exampleNetworkInterfaces = Ec2Functions.getNetworkInterfaces();\n\n ctx.export(\"example\", exampleNetworkInterfaces.applyValue(getNetworkInterfacesResult -\u003e getNetworkInterfacesResult.ids()));\n }\n}\n```\n```yaml\nvariables:\n exampleNetworkInterfaces:\n fn::invoke:\n Function: aws:ec2:getNetworkInterfaces\n Arguments: {}\noutputs:\n example: ${exampleNetworkInterfaces.ids}\n```\n\nThe following example retrieves a list of all network interface ids with a custom tag of `Name` set to a value of `test`.\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst example = aws.ec2.getNetworkInterfaces({\n tags: {\n Name: \"test\",\n },\n});\nexport const example1 = example.then(example =\u003e example.ids);\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nexample = aws.ec2.get_network_interfaces(tags={\n \"Name\": \"test\",\n})\npulumi.export(\"example1\", example.ids)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var example = Aws.Ec2.GetNetworkInterfaces.Invoke(new()\n {\n Tags = \n {\n { \"Name\", \"test\" },\n },\n });\n\n return new Dictionary\u003cstring, object?\u003e\n {\n [\"example1\"] = example.Apply(getNetworkInterfacesResult =\u003e getNetworkInterfacesResult.Ids),\n };\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/ec2\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\texample, err := ec2.GetNetworkInterfaces(ctx, \u0026ec2.GetNetworkInterfacesArgs{\n\t\t\tTags: map[string]interface{}{\n\t\t\t\t\"Name\": \"test\",\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tctx.Export(\"example1\", example.Ids)\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.aws.ec2.Ec2Functions;\nimport com.pulumi.aws.ec2.inputs.GetNetworkInterfacesArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var example = Ec2Functions.getNetworkInterfaces(GetNetworkInterfacesArgs.builder()\n .tags(Map.of(\"Name\", \"test\"))\n .build());\n\n ctx.export(\"example1\", example.applyValue(getNetworkInterfacesResult -\u003e getNetworkInterfacesResult.ids()));\n }\n}\n```\n```yaml\nvariables:\n example:\n fn::invoke:\n Function: aws:ec2:getNetworkInterfaces\n Arguments:\n tags:\n Name: test\noutputs:\n example1: ${example.ids}\n```\n\nThe following example retrieves a network interface ids which associated\nwith specific subnet.\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst exampleNetworkInterfaces = aws.ec2.getNetworkInterfaces({\n filters: [{\n name: \"subnet-id\",\n values: [aws_subnet.test.id],\n }],\n});\nexport const example = exampleNetworkInterfaces.then(exampleNetworkInterfaces =\u003e exampleNetworkInterfaces.ids);\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nexample_network_interfaces = aws.ec2.get_network_interfaces(filters=[aws.ec2.GetNetworkInterfacesFilterArgs(\n name=\"subnet-id\",\n values=[aws_subnet[\"test\"][\"id\"]],\n)])\npulumi.export(\"example\", example_network_interfaces.ids)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var exampleNetworkInterfaces = Aws.Ec2.GetNetworkInterfaces.Invoke(new()\n {\n Filters = new[]\n {\n new Aws.Ec2.Inputs.GetNetworkInterfacesFilterInputArgs\n {\n Name = \"subnet-id\",\n Values = new[]\n {\n aws_subnet.Test.Id,\n },\n },\n },\n });\n\n return new Dictionary\u003cstring, object?\u003e\n {\n [\"example\"] = exampleNetworkInterfaces.Apply(getNetworkInterfacesResult =\u003e getNetworkInterfacesResult.Ids),\n };\n});\n```\n```go\npackage main\n\nimport (\n\n\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/ec2\"\n)\nfunc main() {\npulumi.Run(func(ctx *pulumi.Context) error {\nexampleNetworkInterfaces, err := ec2.GetNetworkInterfaces(ctx, \u0026ec2.GetNetworkInterfacesArgs{\nFilters: []ec2.GetNetworkInterfacesFilter{\n{\nName: \"subnet-id\",\nValues: interface{}{\naws_subnet.Test.Id,\n},\n},\n},\n}, nil);\nif err != nil {\nreturn err\n}\nctx.Export(\"example\", exampleNetworkInterfaces.Ids)\nreturn nil\n})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.aws.ec2.Ec2Functions;\nimport com.pulumi.aws.ec2.inputs.GetNetworkInterfacesArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var exampleNetworkInterfaces = Ec2Functions.getNetworkInterfaces(GetNetworkInterfacesArgs.builder()\n .filters(GetNetworkInterfacesFilterArgs.builder()\n .name(\"subnet-id\")\n .values(aws_subnet.test().id())\n .build())\n .build());\n\n ctx.export(\"example\", exampleNetworkInterfaces.applyValue(getNetworkInterfacesResult -\u003e getNetworkInterfacesResult.ids()));\n }\n}\n```\n```yaml\nvariables:\n exampleNetworkInterfaces:\n fn::invoke:\n Function: aws:ec2:getNetworkInterfaces\n Arguments:\n filters:\n - name: subnet-id\n values:\n - ${aws_subnet.test.id}\noutputs:\n example: ${exampleNetworkInterfaces.ids}\n```\n{{% /example %}}\n{{% /examples %}}", + "description": "{{% examples %}}\n## Example Usage\n{{% example %}}\n\nThe following shows outputting all network interface ids in a region.\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst exampleNetworkInterfaces = aws.ec2.getNetworkInterfaces({});\nexport const example = exampleNetworkInterfaces.then(exampleNetworkInterfaces =\u003e exampleNetworkInterfaces.ids);\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nexample_network_interfaces = aws.ec2.get_network_interfaces()\npulumi.export(\"example\", example_network_interfaces.ids)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var exampleNetworkInterfaces = Aws.Ec2.GetNetworkInterfaces.Invoke();\n\n return new Dictionary\u003cstring, object?\u003e\n {\n [\"example\"] = exampleNetworkInterfaces.Apply(getNetworkInterfacesResult =\u003e getNetworkInterfacesResult.Ids),\n };\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/ec2\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\texampleNetworkInterfaces, err := ec2.GetNetworkInterfaces(ctx, nil, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tctx.Export(\"example\", exampleNetworkInterfaces.Ids)\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.aws.ec2.Ec2Functions;\nimport com.pulumi.aws.ec2.inputs.GetNetworkInterfacesArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var exampleNetworkInterfaces = Ec2Functions.getNetworkInterfaces();\n\n ctx.export(\"example\", exampleNetworkInterfaces.applyValue(getNetworkInterfacesResult -\u003e getNetworkInterfacesResult.ids()));\n }\n}\n```\n```yaml\nvariables:\n exampleNetworkInterfaces:\n fn::invoke:\n Function: aws:ec2:getNetworkInterfaces\n Arguments: {}\noutputs:\n example: ${exampleNetworkInterfaces.ids}\n```\n\nThe following example retrieves a list of all network interface ids with a custom tag of `Name` set to a value of `test`.\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst example = aws.ec2.getNetworkInterfaces({\n tags: {\n Name: \"test\",\n },\n});\nexport const example1 = example.then(example =\u003e example.ids);\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nexample = aws.ec2.get_network_interfaces(tags={\n \"Name\": \"test\",\n})\npulumi.export(\"example1\", example.ids)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var example = Aws.Ec2.GetNetworkInterfaces.Invoke(new()\n {\n Tags = \n {\n { \"Name\", \"test\" },\n },\n });\n\n return new Dictionary\u003cstring, object?\u003e\n {\n [\"example1\"] = example.Apply(getNetworkInterfacesResult =\u003e getNetworkInterfacesResult.Ids),\n };\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/ec2\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\texample, err := ec2.GetNetworkInterfaces(ctx, \u0026ec2.GetNetworkInterfacesArgs{\n\t\t\tTags: map[string]interface{}{\n\t\t\t\t\"Name\": \"test\",\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tctx.Export(\"example1\", example.Ids)\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.aws.ec2.Ec2Functions;\nimport com.pulumi.aws.ec2.inputs.GetNetworkInterfacesArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var example = Ec2Functions.getNetworkInterfaces(GetNetworkInterfacesArgs.builder()\n .tags(Map.of(\"Name\", \"test\"))\n .build());\n\n ctx.export(\"example1\", example.applyValue(getNetworkInterfacesResult -\u003e getNetworkInterfacesResult.ids()));\n }\n}\n```\n```yaml\nvariables:\n example:\n fn::invoke:\n Function: aws:ec2:getNetworkInterfaces\n Arguments:\n tags:\n Name: test\noutputs:\n example1: ${example.ids}\n```\n\nThe following example retrieves a network interface ids which associated\nwith specific subnet.\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst exampleNetworkInterfaces = aws.ec2.getNetworkInterfaces({\n filters: [{\n name: \"subnet-id\",\n values: [aws_subnet.test.id],\n }],\n});\nexport const example = exampleNetworkInterfaces.then(exampleNetworkInterfaces =\u003e exampleNetworkInterfaces.ids);\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nexample_network_interfaces = aws.ec2.get_network_interfaces(filters=[aws.ec2.GetNetworkInterfacesFilterArgs(\n name=\"subnet-id\",\n values=[aws_subnet[\"test\"][\"id\"]],\n)])\npulumi.export(\"example\", example_network_interfaces.ids)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var exampleNetworkInterfaces = Aws.Ec2.GetNetworkInterfaces.Invoke(new()\n {\n Filters = new[]\n {\n new Aws.Ec2.Inputs.GetNetworkInterfacesFilterInputArgs\n {\n Name = \"subnet-id\",\n Values = new[]\n {\n aws_subnet.Test.Id,\n },\n },\n },\n });\n\n return new Dictionary\u003cstring, object?\u003e\n {\n [\"example\"] = exampleNetworkInterfaces.Apply(getNetworkInterfacesResult =\u003e getNetworkInterfacesResult.Ids),\n };\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/ec2\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\nfunc main() {\npulumi.Run(func(ctx *pulumi.Context) error {\nexampleNetworkInterfaces, err := ec2.GetNetworkInterfaces(ctx, \u0026ec2.GetNetworkInterfacesArgs{\nFilters: []ec2.GetNetworkInterfacesFilter{\n{\nName: \"subnet-id\",\nValues: interface{}{\naws_subnet.Test.Id,\n},\n},\n},\n}, nil);\nif err != nil {\nreturn err\n}\nctx.Export(\"example\", exampleNetworkInterfaces.Ids)\nreturn nil\n})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.aws.ec2.Ec2Functions;\nimport com.pulumi.aws.ec2.inputs.GetNetworkInterfacesArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var exampleNetworkInterfaces = Ec2Functions.getNetworkInterfaces(GetNetworkInterfacesArgs.builder()\n .filters(GetNetworkInterfacesFilterArgs.builder()\n .name(\"subnet-id\")\n .values(aws_subnet.test().id())\n .build())\n .build());\n\n ctx.export(\"example\", exampleNetworkInterfaces.applyValue(getNetworkInterfacesResult -\u003e getNetworkInterfacesResult.ids()));\n }\n}\n```\n```yaml\nvariables:\n exampleNetworkInterfaces:\n fn::invoke:\n Function: aws:ec2:getNetworkInterfaces\n Arguments:\n filters:\n - name: subnet-id\n values:\n - ${aws_subnet.test.id}\noutputs:\n example: ${exampleNetworkInterfaces.ids}\n```\n{{% /example %}}\n{{% /examples %}}", "inputs": { "description": "A collection of arguments for invoking getNetworkInterfaces.\n", "properties": { @@ -314998,7 +314995,7 @@ } }, "aws:ec2/getSecurityGroups:getSecurityGroups": { - "description": "Use this data source to get IDs and VPC membership of Security Groups that are created outside this provider.\n\n{{% examples %}}\n## Example Usage\n{{% example %}}\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst test = aws.ec2.getSecurityGroups({\n tags: {\n Application: \"k8s\",\n Environment: \"dev\",\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\ntest = aws.ec2.get_security_groups(tags={\n \"Application\": \"k8s\",\n \"Environment\": \"dev\",\n})\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var test = Aws.Ec2.GetSecurityGroups.Invoke(new()\n {\n Tags = \n {\n { \"Application\", \"k8s\" },\n { \"Environment\", \"dev\" },\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/ec2\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := ec2.GetSecurityGroups(ctx, \u0026ec2.GetSecurityGroupsArgs{\n\t\t\tTags: map[string]interface{}{\n\t\t\t\t\"Application\": \"k8s\",\n\t\t\t\t\"Environment\": \"dev\",\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.aws.ec2.Ec2Functions;\nimport com.pulumi.aws.ec2.inputs.GetSecurityGroupsArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var test = Ec2Functions.getSecurityGroups(GetSecurityGroupsArgs.builder()\n .tags(Map.ofEntries(\n Map.entry(\"Application\", \"k8s\"),\n Map.entry(\"Environment\", \"dev\")\n ))\n .build());\n\n }\n}\n```\n```yaml\nvariables:\n test:\n fn::invoke:\n Function: aws:ec2:getSecurityGroups\n Arguments:\n tags:\n Application: k8s\n Environment: dev\n```\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst test = aws.ec2.getSecurityGroups({\n filters: [\n {\n name: \"group-name\",\n values: [\"*nodes*\"],\n },\n {\n name: \"vpc-id\",\n values: [_var.vpc_id],\n },\n ],\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\ntest = aws.ec2.get_security_groups(filters=[\n aws.ec2.GetSecurityGroupsFilterArgs(\n name=\"group-name\",\n values=[\"*nodes*\"],\n ),\n aws.ec2.GetSecurityGroupsFilterArgs(\n name=\"vpc-id\",\n values=[var[\"vpc_id\"]],\n ),\n])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var test = Aws.Ec2.GetSecurityGroups.Invoke(new()\n {\n Filters = new[]\n {\n new Aws.Ec2.Inputs.GetSecurityGroupsFilterInputArgs\n {\n Name = \"group-name\",\n Values = new[]\n {\n \"*nodes*\",\n },\n },\n new Aws.Ec2.Inputs.GetSecurityGroupsFilterInputArgs\n {\n Name = \"vpc-id\",\n Values = new[]\n {\n @var.Vpc_id,\n },\n },\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\n\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/ec2\"\n)\nfunc main() {\npulumi.Run(func(ctx *pulumi.Context) error {\n_, err := ec2.GetSecurityGroups(ctx, \u0026ec2.GetSecurityGroupsArgs{\nFilters: []ec2.GetSecurityGroupsFilter{\n{\nName: \"group-name\",\nValues: []string{\n\"*nodes*\",\n},\n},\n{\nName: \"vpc-id\",\nValues: interface{}{\n_var.Vpc_id,\n},\n},\n},\n}, nil);\nif err != nil {\nreturn err\n}\nreturn nil\n})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.aws.ec2.Ec2Functions;\nimport com.pulumi.aws.ec2.inputs.GetSecurityGroupsArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var test = Ec2Functions.getSecurityGroups(GetSecurityGroupsArgs.builder()\n .filters( \n GetSecurityGroupsFilterArgs.builder()\n .name(\"group-name\")\n .values(\"*nodes*\")\n .build(),\n GetSecurityGroupsFilterArgs.builder()\n .name(\"vpc-id\")\n .values(var_.vpc_id())\n .build())\n .build());\n\n }\n}\n```\n```yaml\nvariables:\n test:\n fn::invoke:\n Function: aws:ec2:getSecurityGroups\n Arguments:\n filters:\n - name: group-name\n values:\n - '*nodes*'\n - name: vpc-id\n values:\n - ${var.vpc_id}\n```\n{{% /example %}}\n{{% /examples %}}", + "description": "Use this data source to get IDs and VPC membership of Security Groups that are created outside this provider.\n\n{{% examples %}}\n## Example Usage\n{{% example %}}\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst test = aws.ec2.getSecurityGroups({\n tags: {\n Application: \"k8s\",\n Environment: \"dev\",\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\ntest = aws.ec2.get_security_groups(tags={\n \"Application\": \"k8s\",\n \"Environment\": \"dev\",\n})\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var test = Aws.Ec2.GetSecurityGroups.Invoke(new()\n {\n Tags = \n {\n { \"Application\", \"k8s\" },\n { \"Environment\", \"dev\" },\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/ec2\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := ec2.GetSecurityGroups(ctx, \u0026ec2.GetSecurityGroupsArgs{\n\t\t\tTags: map[string]interface{}{\n\t\t\t\t\"Application\": \"k8s\",\n\t\t\t\t\"Environment\": \"dev\",\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.aws.ec2.Ec2Functions;\nimport com.pulumi.aws.ec2.inputs.GetSecurityGroupsArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var test = Ec2Functions.getSecurityGroups(GetSecurityGroupsArgs.builder()\n .tags(Map.ofEntries(\n Map.entry(\"Application\", \"k8s\"),\n Map.entry(\"Environment\", \"dev\")\n ))\n .build());\n\n }\n}\n```\n```yaml\nvariables:\n test:\n fn::invoke:\n Function: aws:ec2:getSecurityGroups\n Arguments:\n tags:\n Application: k8s\n Environment: dev\n```\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst test = aws.ec2.getSecurityGroups({\n filters: [\n {\n name: \"group-name\",\n values: [\"*nodes*\"],\n },\n {\n name: \"vpc-id\",\n values: [_var.vpc_id],\n },\n ],\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\ntest = aws.ec2.get_security_groups(filters=[\n aws.ec2.GetSecurityGroupsFilterArgs(\n name=\"group-name\",\n values=[\"*nodes*\"],\n ),\n aws.ec2.GetSecurityGroupsFilterArgs(\n name=\"vpc-id\",\n values=[var[\"vpc_id\"]],\n ),\n])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var test = Aws.Ec2.GetSecurityGroups.Invoke(new()\n {\n Filters = new[]\n {\n new Aws.Ec2.Inputs.GetSecurityGroupsFilterInputArgs\n {\n Name = \"group-name\",\n Values = new[]\n {\n \"*nodes*\",\n },\n },\n new Aws.Ec2.Inputs.GetSecurityGroupsFilterInputArgs\n {\n Name = \"vpc-id\",\n Values = new[]\n {\n @var.Vpc_id,\n },\n },\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/ec2\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\nfunc main() {\npulumi.Run(func(ctx *pulumi.Context) error {\n_, err := ec2.GetSecurityGroups(ctx, \u0026ec2.GetSecurityGroupsArgs{\nFilters: []ec2.GetSecurityGroupsFilter{\n{\nName: \"group-name\",\nValues: []string{\n\"*nodes*\",\n},\n},\n{\nName: \"vpc-id\",\nValues: interface{}{\n_var.Vpc_id,\n},\n},\n},\n}, nil);\nif err != nil {\nreturn err\n}\nreturn nil\n})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.aws.ec2.Ec2Functions;\nimport com.pulumi.aws.ec2.inputs.GetSecurityGroupsArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var test = Ec2Functions.getSecurityGroups(GetSecurityGroupsArgs.builder()\n .filters( \n GetSecurityGroupsFilterArgs.builder()\n .name(\"group-name\")\n .values(\"*nodes*\")\n .build(),\n GetSecurityGroupsFilterArgs.builder()\n .name(\"vpc-id\")\n .values(var_.vpc_id())\n .build())\n .build());\n\n }\n}\n```\n```yaml\nvariables:\n test:\n fn::invoke:\n Function: aws:ec2:getSecurityGroups\n Arguments:\n filters:\n - name: group-name\n values:\n - '*nodes*'\n - name: vpc-id\n values:\n - ${var.vpc_id}\n```\n{{% /example %}}\n{{% /examples %}}", "inputs": { "description": "A collection of arguments for invoking getSecurityGroups.\n", "properties": { @@ -316393,7 +316390,7 @@ } }, "aws:ec2/getVpcPeeringConnections:getVpcPeeringConnections": { - "description": "Use this data source to get IDs of Amazon VPC peering connections\nTo get more details on each connection, use the data resource aws.ec2.VpcPeeringConnection\n\nNote: To use this data source in a count, the resources should exist before trying to access\nthe data source.\n\n{{% examples %}}\n## Example Usage\n{{% example %}}\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst pcs = aws.ec2.getVpcPeeringConnections({\n filters: [{\n name: \"requester-vpc-info.vpc-id\",\n values: [aws_vpc.foo.id],\n }],\n});\nconst pc = .map(__index =\u003e (aws.ec2.getVpcPeeringConnection({\n id: _arg0_.ids[__index],\n})));\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\npcs = aws.ec2.get_vpc_peering_connections(filters=[aws.ec2.GetVpcPeeringConnectionsFilterArgs(\n name=\"requester-vpc-info.vpc-id\",\n values=[aws_vpc[\"foo\"][\"id\"]],\n)])\npc = [aws.ec2.get_vpc_peering_connection(id=pcs.ids[__index]) for __index in range(len(pcs.ids))]\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var pcs = Aws.Ec2.GetVpcPeeringConnections.Invoke(new()\n {\n Filters = new[]\n {\n new Aws.Ec2.Inputs.GetVpcPeeringConnectionsFilterInputArgs\n {\n Name = \"requester-vpc-info.vpc-id\",\n Values = new[]\n {\n aws_vpc.Foo.Id,\n },\n },\n },\n });\n\n var pc = .Select(__index =\u003e \n {\n return Aws.Ec2.GetVpcPeeringConnection.Invoke(new()\n {\n Id = _arg0_.Ids[__index],\n });\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\n\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/ec2\"\n)\nfunc main() {\npulumi.Run(func(ctx *pulumi.Context) error {\npcs, err := ec2.GetVpcPeeringConnections(ctx, \u0026ec2.GetVpcPeeringConnectionsArgs{\nFilters: []ec2.GetVpcPeeringConnectionsFilter{\n{\nName: \"requester-vpc-info.vpc-id\",\nValues: interface{}{\naws_vpc.Foo.Id,\n},\n},\n},\n}, nil);\nif err != nil {\nreturn err\n}\n_ := \"TODO: For expression\";\nreturn nil\n})\n}\n```\n{{% /example %}}\n{{% /examples %}}", + "description": "Use this data source to get IDs of Amazon VPC peering connections\nTo get more details on each connection, use the data resource aws.ec2.VpcPeeringConnection\n\nNote: To use this data source in a count, the resources should exist before trying to access\nthe data source.\n\n{{% examples %}}\n## Example Usage\n{{% example %}}\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst pcs = aws.ec2.getVpcPeeringConnections({\n filters: [{\n name: \"requester-vpc-info.vpc-id\",\n values: [aws_vpc.foo.id],\n }],\n});\nconst pc = .map(__index =\u003e (aws.ec2.getVpcPeeringConnection({\n id: _arg0_.ids[__index],\n})));\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\npcs = aws.ec2.get_vpc_peering_connections(filters=[aws.ec2.GetVpcPeeringConnectionsFilterArgs(\n name=\"requester-vpc-info.vpc-id\",\n values=[aws_vpc[\"foo\"][\"id\"]],\n)])\npc = [aws.ec2.get_vpc_peering_connection(id=pcs.ids[__index]) for __index in range(len(pcs.ids))]\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var pcs = Aws.Ec2.GetVpcPeeringConnections.Invoke(new()\n {\n Filters = new[]\n {\n new Aws.Ec2.Inputs.GetVpcPeeringConnectionsFilterInputArgs\n {\n Name = \"requester-vpc-info.vpc-id\",\n Values = new[]\n {\n aws_vpc.Foo.Id,\n },\n },\n },\n });\n\n var pc = .Select(__index =\u003e \n {\n return Aws.Ec2.GetVpcPeeringConnection.Invoke(new()\n {\n Id = _arg0_.Ids[__index],\n });\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/ec2\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\nfunc main() {\npulumi.Run(func(ctx *pulumi.Context) error {\npcs, err := ec2.GetVpcPeeringConnections(ctx, \u0026ec2.GetVpcPeeringConnectionsArgs{\nFilters: []ec2.GetVpcPeeringConnectionsFilter{\n{\nName: \"requester-vpc-info.vpc-id\",\nValues: interface{}{\naws_vpc.Foo.Id,\n},\n},\n},\n}, nil);\nif err != nil {\nreturn err\n}\n_ := \"TODO: For expression\";\nreturn nil\n})\n}\n```\n{{% /example %}}\n{{% /examples %}}", "inputs": { "description": "A collection of arguments for invoking getVpcPeeringConnections.\n", "properties": { @@ -316755,7 +316752,7 @@ } }, "aws:ec2transitgateway/getAttachment:getAttachment": { - "description": "Get information on an EC2 Transit Gateway's attachment to a resource.\n\n{{% examples %}}\n## Example Usage\n{{% example %}}\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst example = aws.ec2transitgateway.getAttachment({\n filters: [\n {\n name: \"transit-gateway-id\",\n values: [aws_ec2_transit_gateway.example.id],\n },\n {\n name: \"resource-type\",\n values: [\"peering\"],\n },\n ],\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nexample = aws.ec2transitgateway.get_attachment(filters=[\n aws.ec2transitgateway.GetAttachmentFilterArgs(\n name=\"transit-gateway-id\",\n values=[aws_ec2_transit_gateway[\"example\"][\"id\"]],\n ),\n aws.ec2transitgateway.GetAttachmentFilterArgs(\n name=\"resource-type\",\n values=[\"peering\"],\n ),\n])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var example = Aws.Ec2TransitGateway.GetAttachment.Invoke(new()\n {\n Filters = new[]\n {\n new Aws.Ec2TransitGateway.Inputs.GetAttachmentFilterInputArgs\n {\n Name = \"transit-gateway-id\",\n Values = new[]\n {\n aws_ec2_transit_gateway.Example.Id,\n },\n },\n new Aws.Ec2TransitGateway.Inputs.GetAttachmentFilterInputArgs\n {\n Name = \"resource-type\",\n Values = new[]\n {\n \"peering\",\n },\n },\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\n\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/ec2transitgateway\"\n)\nfunc main() {\npulumi.Run(func(ctx *pulumi.Context) error {\n_, err := ec2transitgateway.GetAttachment(ctx, \u0026ec2transitgateway.GetAttachmentArgs{\nFilters: []ec2transitgateway.GetAttachmentFilter{\n{\nName: \"transit-gateway-id\",\nValues: interface{}{\naws_ec2_transit_gateway.Example.Id,\n},\n},\n{\nName: \"resource-type\",\nValues: []string{\n\"peering\",\n},\n},\n},\n}, nil);\nif err != nil {\nreturn err\n}\nreturn nil\n})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.aws.ec2transitgateway.Ec2transitgatewayFunctions;\nimport com.pulumi.aws.ec2transitgateway.inputs.GetAttachmentArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var example = Ec2transitgatewayFunctions.getAttachment(GetAttachmentArgs.builder()\n .filters( \n GetAttachmentFilterArgs.builder()\n .name(\"transit-gateway-id\")\n .values(aws_ec2_transit_gateway.example().id())\n .build(),\n GetAttachmentFilterArgs.builder()\n .name(\"resource-type\")\n .values(\"peering\")\n .build())\n .build());\n\n }\n}\n```\n```yaml\nvariables:\n example:\n fn::invoke:\n Function: aws:ec2transitgateway:getAttachment\n Arguments:\n filters:\n - name: transit-gateway-id\n values:\n - ${aws_ec2_transit_gateway.example.id}\n - name: resource-type\n values:\n - peering\n```\n{{% /example %}}\n{{% /examples %}}", + "description": "Get information on an EC2 Transit Gateway's attachment to a resource.\n\n{{% examples %}}\n## Example Usage\n{{% example %}}\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst example = aws.ec2transitgateway.getAttachment({\n filters: [\n {\n name: \"transit-gateway-id\",\n values: [aws_ec2_transit_gateway.example.id],\n },\n {\n name: \"resource-type\",\n values: [\"peering\"],\n },\n ],\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nexample = aws.ec2transitgateway.get_attachment(filters=[\n aws.ec2transitgateway.GetAttachmentFilterArgs(\n name=\"transit-gateway-id\",\n values=[aws_ec2_transit_gateway[\"example\"][\"id\"]],\n ),\n aws.ec2transitgateway.GetAttachmentFilterArgs(\n name=\"resource-type\",\n values=[\"peering\"],\n ),\n])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var example = Aws.Ec2TransitGateway.GetAttachment.Invoke(new()\n {\n Filters = new[]\n {\n new Aws.Ec2TransitGateway.Inputs.GetAttachmentFilterInputArgs\n {\n Name = \"transit-gateway-id\",\n Values = new[]\n {\n aws_ec2_transit_gateway.Example.Id,\n },\n },\n new Aws.Ec2TransitGateway.Inputs.GetAttachmentFilterInputArgs\n {\n Name = \"resource-type\",\n Values = new[]\n {\n \"peering\",\n },\n },\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/ec2transitgateway\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\nfunc main() {\npulumi.Run(func(ctx *pulumi.Context) error {\n_, err := ec2transitgateway.GetAttachment(ctx, \u0026ec2transitgateway.GetAttachmentArgs{\nFilters: []ec2transitgateway.GetAttachmentFilter{\n{\nName: \"transit-gateway-id\",\nValues: interface{}{\naws_ec2_transit_gateway.Example.Id,\n},\n},\n{\nName: \"resource-type\",\nValues: []string{\n\"peering\",\n},\n},\n},\n}, nil);\nif err != nil {\nreturn err\n}\nreturn nil\n})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.aws.ec2transitgateway.Ec2transitgatewayFunctions;\nimport com.pulumi.aws.ec2transitgateway.inputs.GetAttachmentArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var example = Ec2transitgatewayFunctions.getAttachment(GetAttachmentArgs.builder()\n .filters( \n GetAttachmentFilterArgs.builder()\n .name(\"transit-gateway-id\")\n .values(aws_ec2_transit_gateway.example().id())\n .build(),\n GetAttachmentFilterArgs.builder()\n .name(\"resource-type\")\n .values(\"peering\")\n .build())\n .build());\n\n }\n}\n```\n```yaml\nvariables:\n example:\n fn::invoke:\n Function: aws:ec2transitgateway:getAttachment\n Arguments:\n filters:\n - name: transit-gateway-id\n values:\n - ${aws_ec2_transit_gateway.example.id}\n - name: resource-type\n values:\n - peering\n```\n{{% /example %}}\n{{% /examples %}}", "inputs": { "description": "A collection of arguments for invoking getAttachment.\n", "properties": { @@ -320502,7 +320499,7 @@ } }, "aws:elb/getServiceAccount:getServiceAccount": { - "description": "Use this data source to get the Account ID of the [AWS Elastic Load Balancing Service Account](http://docs.aws.amazon.com/elasticloadbalancing/latest/classic/enable-access-logs.html#attach-bucket-policy)\nin a given region for the purpose of permitting in S3 bucket policy.\n\n\u003e **Note:** For AWS Regions opened since Jakarta (`ap-southeast-3`) in December 2021, AWS [documents that](https://docs.aws.amazon.com/elasticloadbalancing/latest/classic/enable-access-logs.html#attach-bucket-policy) a [service principal name](https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_elements_principal.html#principal-services) should be used instead of an AWS account ID in any relevant IAM policy.\n\n{{% examples %}}\n## Example Usage\n{{% example %}}\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst main = aws.elb.getServiceAccount({});\nconst elbLogs = new aws.s3.BucketV2(\"elbLogs\", {});\nconst elbLogsAcl = new aws.s3.BucketAclV2(\"elbLogsAcl\", {\n bucket: elbLogs.id,\n acl: \"private\",\n});\nconst allowElbLoggingPolicyDocument = pulumi.all([main, elbLogs.arn]).apply(([main, arn]) =\u003e aws.iam.getPolicyDocumentOutput({\n statements: [{\n effect: \"Allow\",\n principals: [{\n type: \"AWS\",\n identifiers: [main.arn],\n }],\n actions: [\"s3:PutObject\"],\n resources: [`${arn}/AWSLogs/*`],\n }],\n}));\nconst allowElbLoggingBucketPolicy = new aws.s3.BucketPolicy(\"allowElbLoggingBucketPolicy\", {\n bucket: elbLogs.id,\n policy: allowElbLoggingPolicyDocument.apply(allowElbLoggingPolicyDocument =\u003e allowElbLoggingPolicyDocument.json),\n});\nconst bar = new aws.elb.LoadBalancer(\"bar\", {\n availabilityZones: [\"us-west-2a\"],\n accessLogs: {\n bucket: elbLogs.id,\n interval: 5,\n },\n listeners: [{\n instancePort: 8000,\n instanceProtocol: \"http\",\n lbPort: 80,\n lbProtocol: \"http\",\n }],\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nmain = aws.elb.get_service_account()\nelb_logs = aws.s3.BucketV2(\"elbLogs\")\nelb_logs_acl = aws.s3.BucketAclV2(\"elbLogsAcl\",\n bucket=elb_logs.id,\n acl=\"private\")\nallow_elb_logging_policy_document = elb_logs.arn.apply(lambda arn: aws.iam.get_policy_document_output(statements=[aws.iam.GetPolicyDocumentStatementArgs(\n effect=\"Allow\",\n principals=[aws.iam.GetPolicyDocumentStatementPrincipalArgs(\n type=\"AWS\",\n identifiers=[main.arn],\n )],\n actions=[\"s3:PutObject\"],\n resources=[f\"{arn}/AWSLogs/*\"],\n)]))\nallow_elb_logging_bucket_policy = aws.s3.BucketPolicy(\"allowElbLoggingBucketPolicy\",\n bucket=elb_logs.id,\n policy=allow_elb_logging_policy_document.json)\nbar = aws.elb.LoadBalancer(\"bar\",\n availability_zones=[\"us-west-2a\"],\n access_logs=aws.elb.LoadBalancerAccessLogsArgs(\n bucket=elb_logs.id,\n interval=5,\n ),\n listeners=[aws.elb.LoadBalancerListenerArgs(\n instance_port=8000,\n instance_protocol=\"http\",\n lb_port=80,\n lb_protocol=\"http\",\n )])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var main = Aws.Elb.GetServiceAccount.Invoke();\n\n var elbLogs = new Aws.S3.BucketV2(\"elbLogs\");\n\n var elbLogsAcl = new Aws.S3.BucketAclV2(\"elbLogsAcl\", new()\n {\n Bucket = elbLogs.Id,\n Acl = \"private\",\n });\n\n var allowElbLoggingPolicyDocument = Aws.Iam.GetPolicyDocument.Invoke(new()\n {\n Statements = new[]\n {\n new Aws.Iam.Inputs.GetPolicyDocumentStatementInputArgs\n {\n Effect = \"Allow\",\n Principals = new[]\n {\n new Aws.Iam.Inputs.GetPolicyDocumentStatementPrincipalInputArgs\n {\n Type = \"AWS\",\n Identifiers = new[]\n {\n main.Apply(getServiceAccountResult =\u003e getServiceAccountResult.Arn),\n },\n },\n },\n Actions = new[]\n {\n \"s3:PutObject\",\n },\n Resources = new[]\n {\n $\"{elbLogs.Arn}/AWSLogs/*\",\n },\n },\n },\n });\n\n var allowElbLoggingBucketPolicy = new Aws.S3.BucketPolicy(\"allowElbLoggingBucketPolicy\", new()\n {\n Bucket = elbLogs.Id,\n Policy = allowElbLoggingPolicyDocument.Apply(getPolicyDocumentResult =\u003e getPolicyDocumentResult.Json),\n });\n\n var bar = new Aws.Elb.LoadBalancer(\"bar\", new()\n {\n AvailabilityZones = new[]\n {\n \"us-west-2a\",\n },\n AccessLogs = new Aws.Elb.Inputs.LoadBalancerAccessLogsArgs\n {\n Bucket = elbLogs.Id,\n Interval = 5,\n },\n Listeners = new[]\n {\n new Aws.Elb.Inputs.LoadBalancerListenerArgs\n {\n InstancePort = 8000,\n InstanceProtocol = \"http\",\n LbPort = 80,\n LbProtocol = \"http\",\n },\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\"fmt\"\n\n\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/elb\"\n\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/iam\"\n\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/s3\"\n)\nfunc main() {\npulumi.Run(func(ctx *pulumi.Context) error {\nmain, err := elb.GetServiceAccount(ctx, nil, nil);\nif err != nil {\nreturn err\n}\nelbLogs, err := s3.NewBucketV2(ctx, \"elbLogs\", nil)\nif err != nil {\nreturn err\n}\n_, err = s3.NewBucketAclV2(ctx, \"elbLogsAcl\", \u0026s3.BucketAclV2Args{\nBucket: elbLogs.ID(),\nAcl: pulumi.String(\"private\"),\n})\nif err != nil {\nreturn err\n}\nallowElbLoggingPolicyDocument := elbLogs.Arn.ApplyT(func(arn string) (iam.GetPolicyDocumentResult, error) {\nreturn iam.GetPolicyDocumentOutput(ctx, iam.GetPolicyDocumentOutputArgs{\nStatements: []iam.GetPolicyDocumentStatement{\n{\nEffect: \"Allow\",\nPrincipals: []iam.GetPolicyDocumentStatementPrincipal{\n{\nType: \"AWS\",\nIdentifiers: interface{}{\nmain.Arn,\n},\n},\n},\nActions: []string{\n\"s3:PutObject\",\n},\nResources: []string{\nfmt.Sprintf(\"%v/AWSLogs/*\", arn),\n},\n},\n},\n}, nil), nil\n}).(iam.GetPolicyDocumentResultOutput)\n_, err = s3.NewBucketPolicy(ctx, \"allowElbLoggingBucketPolicy\", \u0026s3.BucketPolicyArgs{\nBucket: elbLogs.ID(),\nPolicy: allowElbLoggingPolicyDocument.ApplyT(func(allowElbLoggingPolicyDocument iam.GetPolicyDocumentResult) (*string, error) {\nreturn \u0026allowElbLoggingPolicyDocument.Json, nil\n}).(pulumi.StringPtrOutput),\n})\nif err != nil {\nreturn err\n}\n_, err = elb.NewLoadBalancer(ctx, \"bar\", \u0026elb.LoadBalancerArgs{\nAvailabilityZones: pulumi.StringArray{\npulumi.String(\"us-west-2a\"),\n},\nAccessLogs: \u0026elb.LoadBalancerAccessLogsArgs{\nBucket: elbLogs.ID(),\nInterval: pulumi.Int(5),\n},\nListeners: elb.LoadBalancerListenerArray{\n\u0026elb.LoadBalancerListenerArgs{\nInstancePort: pulumi.Int(8000),\nInstanceProtocol: pulumi.String(\"http\"),\nLbPort: pulumi.Int(80),\nLbProtocol: pulumi.String(\"http\"),\n},\n},\n})\nif err != nil {\nreturn err\n}\nreturn nil\n})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.aws.elb.ElbFunctions;\nimport com.pulumi.aws.elb.inputs.GetServiceAccountArgs;\nimport com.pulumi.aws.s3.BucketV2;\nimport com.pulumi.aws.s3.BucketAclV2;\nimport com.pulumi.aws.s3.BucketAclV2Args;\nimport com.pulumi.aws.iam.IamFunctions;\nimport com.pulumi.aws.iam.inputs.GetPolicyDocumentArgs;\nimport com.pulumi.aws.s3.BucketPolicy;\nimport com.pulumi.aws.s3.BucketPolicyArgs;\nimport com.pulumi.aws.elb.LoadBalancer;\nimport com.pulumi.aws.elb.LoadBalancerArgs;\nimport com.pulumi.aws.elb.inputs.LoadBalancerAccessLogsArgs;\nimport com.pulumi.aws.elb.inputs.LoadBalancerListenerArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var main = ElbFunctions.getServiceAccount();\n\n var elbLogs = new BucketV2(\"elbLogs\");\n\n var elbLogsAcl = new BucketAclV2(\"elbLogsAcl\", BucketAclV2Args.builder() \n .bucket(elbLogs.id())\n .acl(\"private\")\n .build());\n\n final var allowElbLoggingPolicyDocument = IamFunctions.getPolicyDocument(GetPolicyDocumentArgs.builder()\n .statements(GetPolicyDocumentStatementArgs.builder()\n .effect(\"Allow\")\n .principals(GetPolicyDocumentStatementPrincipalArgs.builder()\n .type(\"AWS\")\n .identifiers(main.applyValue(getServiceAccountResult -\u003e getServiceAccountResult.arn()))\n .build())\n .actions(\"s3:PutObject\")\n .resources(elbLogs.arn().applyValue(arn -\u003e String.format(\"%s/AWSLogs/*\", arn)))\n .build())\n .build());\n\n var allowElbLoggingBucketPolicy = new BucketPolicy(\"allowElbLoggingBucketPolicy\", BucketPolicyArgs.builder() \n .bucket(elbLogs.id())\n .policy(allowElbLoggingPolicyDocument.applyValue(getPolicyDocumentResult -\u003e getPolicyDocumentResult).applyValue(allowElbLoggingPolicyDocument -\u003e allowElbLoggingPolicyDocument.applyValue(getPolicyDocumentResult -\u003e getPolicyDocumentResult.json())))\n .build());\n\n var bar = new LoadBalancer(\"bar\", LoadBalancerArgs.builder() \n .availabilityZones(\"us-west-2a\")\n .accessLogs(LoadBalancerAccessLogsArgs.builder()\n .bucket(elbLogs.id())\n .interval(5)\n .build())\n .listeners(LoadBalancerListenerArgs.builder()\n .instancePort(8000)\n .instanceProtocol(\"http\")\n .lbPort(80)\n .lbProtocol(\"http\")\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n elbLogs:\n type: aws:s3:BucketV2\n elbLogsAcl:\n type: aws:s3:BucketAclV2\n properties:\n bucket: ${elbLogs.id}\n acl: private\n allowElbLoggingBucketPolicy:\n type: aws:s3:BucketPolicy\n properties:\n bucket: ${elbLogs.id}\n policy: ${allowElbLoggingPolicyDocument.json}\n bar:\n type: aws:elb:LoadBalancer\n properties:\n availabilityZones:\n - us-west-2a\n accessLogs:\n bucket: ${elbLogs.id}\n interval: 5\n listeners:\n - instancePort: 8000\n instanceProtocol: http\n lbPort: 80\n lbProtocol: http\nvariables:\n main:\n fn::invoke:\n Function: aws:elb:getServiceAccount\n Arguments: {}\n allowElbLoggingPolicyDocument:\n fn::invoke:\n Function: aws:iam:getPolicyDocument\n Arguments:\n statements:\n - effect: Allow\n principals:\n - type: AWS\n identifiers:\n - ${main.arn}\n actions:\n - s3:PutObject\n resources:\n - ${elbLogs.arn}/AWSLogs/*\n```\n{{% /example %}}\n{{% /examples %}}", + "description": "Use this data source to get the Account ID of the [AWS Elastic Load Balancing Service Account](http://docs.aws.amazon.com/elasticloadbalancing/latest/classic/enable-access-logs.html#attach-bucket-policy)\nin a given region for the purpose of permitting in S3 bucket policy.\n\n\u003e **Note:** For AWS Regions opened since Jakarta (`ap-southeast-3`) in December 2021, AWS [documents that](https://docs.aws.amazon.com/elasticloadbalancing/latest/classic/enable-access-logs.html#attach-bucket-policy) a [service principal name](https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_elements_principal.html#principal-services) should be used instead of an AWS account ID in any relevant IAM policy.\n\n{{% examples %}}\n## Example Usage\n{{% example %}}\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst main = aws.elb.getServiceAccount({});\nconst elbLogs = new aws.s3.BucketV2(\"elbLogs\", {});\nconst elbLogsAcl = new aws.s3.BucketAclV2(\"elbLogsAcl\", {\n bucket: elbLogs.id,\n acl: \"private\",\n});\nconst allowElbLoggingPolicyDocument = pulumi.all([main, elbLogs.arn]).apply(([main, arn]) =\u003e aws.iam.getPolicyDocumentOutput({\n statements: [{\n effect: \"Allow\",\n principals: [{\n type: \"AWS\",\n identifiers: [main.arn],\n }],\n actions: [\"s3:PutObject\"],\n resources: [`${arn}/AWSLogs/*`],\n }],\n}));\nconst allowElbLoggingBucketPolicy = new aws.s3.BucketPolicy(\"allowElbLoggingBucketPolicy\", {\n bucket: elbLogs.id,\n policy: allowElbLoggingPolicyDocument.apply(allowElbLoggingPolicyDocument =\u003e allowElbLoggingPolicyDocument.json),\n});\nconst bar = new aws.elb.LoadBalancer(\"bar\", {\n availabilityZones: [\"us-west-2a\"],\n accessLogs: {\n bucket: elbLogs.id,\n interval: 5,\n },\n listeners: [{\n instancePort: 8000,\n instanceProtocol: \"http\",\n lbPort: 80,\n lbProtocol: \"http\",\n }],\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nmain = aws.elb.get_service_account()\nelb_logs = aws.s3.BucketV2(\"elbLogs\")\nelb_logs_acl = aws.s3.BucketAclV2(\"elbLogsAcl\",\n bucket=elb_logs.id,\n acl=\"private\")\nallow_elb_logging_policy_document = elb_logs.arn.apply(lambda arn: aws.iam.get_policy_document_output(statements=[aws.iam.GetPolicyDocumentStatementArgs(\n effect=\"Allow\",\n principals=[aws.iam.GetPolicyDocumentStatementPrincipalArgs(\n type=\"AWS\",\n identifiers=[main.arn],\n )],\n actions=[\"s3:PutObject\"],\n resources=[f\"{arn}/AWSLogs/*\"],\n)]))\nallow_elb_logging_bucket_policy = aws.s3.BucketPolicy(\"allowElbLoggingBucketPolicy\",\n bucket=elb_logs.id,\n policy=allow_elb_logging_policy_document.json)\nbar = aws.elb.LoadBalancer(\"bar\",\n availability_zones=[\"us-west-2a\"],\n access_logs=aws.elb.LoadBalancerAccessLogsArgs(\n bucket=elb_logs.id,\n interval=5,\n ),\n listeners=[aws.elb.LoadBalancerListenerArgs(\n instance_port=8000,\n instance_protocol=\"http\",\n lb_port=80,\n lb_protocol=\"http\",\n )])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var main = Aws.Elb.GetServiceAccount.Invoke();\n\n var elbLogs = new Aws.S3.BucketV2(\"elbLogs\");\n\n var elbLogsAcl = new Aws.S3.BucketAclV2(\"elbLogsAcl\", new()\n {\n Bucket = elbLogs.Id,\n Acl = \"private\",\n });\n\n var allowElbLoggingPolicyDocument = Aws.Iam.GetPolicyDocument.Invoke(new()\n {\n Statements = new[]\n {\n new Aws.Iam.Inputs.GetPolicyDocumentStatementInputArgs\n {\n Effect = \"Allow\",\n Principals = new[]\n {\n new Aws.Iam.Inputs.GetPolicyDocumentStatementPrincipalInputArgs\n {\n Type = \"AWS\",\n Identifiers = new[]\n {\n main.Apply(getServiceAccountResult =\u003e getServiceAccountResult.Arn),\n },\n },\n },\n Actions = new[]\n {\n \"s3:PutObject\",\n },\n Resources = new[]\n {\n $\"{elbLogs.Arn}/AWSLogs/*\",\n },\n },\n },\n });\n\n var allowElbLoggingBucketPolicy = new Aws.S3.BucketPolicy(\"allowElbLoggingBucketPolicy\", new()\n {\n Bucket = elbLogs.Id,\n Policy = allowElbLoggingPolicyDocument.Apply(getPolicyDocumentResult =\u003e getPolicyDocumentResult.Json),\n });\n\n var bar = new Aws.Elb.LoadBalancer(\"bar\", new()\n {\n AvailabilityZones = new[]\n {\n \"us-west-2a\",\n },\n AccessLogs = new Aws.Elb.Inputs.LoadBalancerAccessLogsArgs\n {\n Bucket = elbLogs.Id,\n Interval = 5,\n },\n Listeners = new[]\n {\n new Aws.Elb.Inputs.LoadBalancerListenerArgs\n {\n InstancePort = 8000,\n InstanceProtocol = \"http\",\n LbPort = 80,\n LbProtocol = \"http\",\n },\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"fmt\"\n\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/elb\"\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/iam\"\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/s3\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\nfunc main() {\npulumi.Run(func(ctx *pulumi.Context) error {\nmain, err := elb.GetServiceAccount(ctx, nil, nil);\nif err != nil {\nreturn err\n}\nelbLogs, err := s3.NewBucketV2(ctx, \"elbLogs\", nil)\nif err != nil {\nreturn err\n}\n_, err = s3.NewBucketAclV2(ctx, \"elbLogsAcl\", \u0026s3.BucketAclV2Args{\nBucket: elbLogs.ID(),\nAcl: pulumi.String(\"private\"),\n})\nif err != nil {\nreturn err\n}\nallowElbLoggingPolicyDocument := elbLogs.Arn.ApplyT(func(arn string) (iam.GetPolicyDocumentResult, error) {\nreturn iam.GetPolicyDocumentOutput(ctx, iam.GetPolicyDocumentOutputArgs{\nStatements: []iam.GetPolicyDocumentStatement{\n{\nEffect: \"Allow\",\nPrincipals: []iam.GetPolicyDocumentStatementPrincipal{\n{\nType: \"AWS\",\nIdentifiers: interface{}{\nmain.Arn,\n},\n},\n},\nActions: []string{\n\"s3:PutObject\",\n},\nResources: []string{\nfmt.Sprintf(\"%v/AWSLogs/*\", arn),\n},\n},\n},\n}, nil), nil\n}).(iam.GetPolicyDocumentResultOutput)\n_, err = s3.NewBucketPolicy(ctx, \"allowElbLoggingBucketPolicy\", \u0026s3.BucketPolicyArgs{\nBucket: elbLogs.ID(),\nPolicy: allowElbLoggingPolicyDocument.ApplyT(func(allowElbLoggingPolicyDocument iam.GetPolicyDocumentResult) (*string, error) {\nreturn \u0026allowElbLoggingPolicyDocument.Json, nil\n}).(pulumi.StringPtrOutput),\n})\nif err != nil {\nreturn err\n}\n_, err = elb.NewLoadBalancer(ctx, \"bar\", \u0026elb.LoadBalancerArgs{\nAvailabilityZones: pulumi.StringArray{\npulumi.String(\"us-west-2a\"),\n},\nAccessLogs: \u0026elb.LoadBalancerAccessLogsArgs{\nBucket: elbLogs.ID(),\nInterval: pulumi.Int(5),\n},\nListeners: elb.LoadBalancerListenerArray{\n\u0026elb.LoadBalancerListenerArgs{\nInstancePort: pulumi.Int(8000),\nInstanceProtocol: pulumi.String(\"http\"),\nLbPort: pulumi.Int(80),\nLbProtocol: pulumi.String(\"http\"),\n},\n},\n})\nif err != nil {\nreturn err\n}\nreturn nil\n})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.aws.elb.ElbFunctions;\nimport com.pulumi.aws.elb.inputs.GetServiceAccountArgs;\nimport com.pulumi.aws.s3.BucketV2;\nimport com.pulumi.aws.s3.BucketAclV2;\nimport com.pulumi.aws.s3.BucketAclV2Args;\nimport com.pulumi.aws.iam.IamFunctions;\nimport com.pulumi.aws.iam.inputs.GetPolicyDocumentArgs;\nimport com.pulumi.aws.s3.BucketPolicy;\nimport com.pulumi.aws.s3.BucketPolicyArgs;\nimport com.pulumi.aws.elb.LoadBalancer;\nimport com.pulumi.aws.elb.LoadBalancerArgs;\nimport com.pulumi.aws.elb.inputs.LoadBalancerAccessLogsArgs;\nimport com.pulumi.aws.elb.inputs.LoadBalancerListenerArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var main = ElbFunctions.getServiceAccount();\n\n var elbLogs = new BucketV2(\"elbLogs\");\n\n var elbLogsAcl = new BucketAclV2(\"elbLogsAcl\", BucketAclV2Args.builder() \n .bucket(elbLogs.id())\n .acl(\"private\")\n .build());\n\n final var allowElbLoggingPolicyDocument = IamFunctions.getPolicyDocument(GetPolicyDocumentArgs.builder()\n .statements(GetPolicyDocumentStatementArgs.builder()\n .effect(\"Allow\")\n .principals(GetPolicyDocumentStatementPrincipalArgs.builder()\n .type(\"AWS\")\n .identifiers(main.applyValue(getServiceAccountResult -\u003e getServiceAccountResult.arn()))\n .build())\n .actions(\"s3:PutObject\")\n .resources(elbLogs.arn().applyValue(arn -\u003e String.format(\"%s/AWSLogs/*\", arn)))\n .build())\n .build());\n\n var allowElbLoggingBucketPolicy = new BucketPolicy(\"allowElbLoggingBucketPolicy\", BucketPolicyArgs.builder() \n .bucket(elbLogs.id())\n .policy(allowElbLoggingPolicyDocument.applyValue(getPolicyDocumentResult -\u003e getPolicyDocumentResult).applyValue(allowElbLoggingPolicyDocument -\u003e allowElbLoggingPolicyDocument.applyValue(getPolicyDocumentResult -\u003e getPolicyDocumentResult.json())))\n .build());\n\n var bar = new LoadBalancer(\"bar\", LoadBalancerArgs.builder() \n .availabilityZones(\"us-west-2a\")\n .accessLogs(LoadBalancerAccessLogsArgs.builder()\n .bucket(elbLogs.id())\n .interval(5)\n .build())\n .listeners(LoadBalancerListenerArgs.builder()\n .instancePort(8000)\n .instanceProtocol(\"http\")\n .lbPort(80)\n .lbProtocol(\"http\")\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n elbLogs:\n type: aws:s3:BucketV2\n elbLogsAcl:\n type: aws:s3:BucketAclV2\n properties:\n bucket: ${elbLogs.id}\n acl: private\n allowElbLoggingBucketPolicy:\n type: aws:s3:BucketPolicy\n properties:\n bucket: ${elbLogs.id}\n policy: ${allowElbLoggingPolicyDocument.json}\n bar:\n type: aws:elb:LoadBalancer\n properties:\n availabilityZones:\n - us-west-2a\n accessLogs:\n bucket: ${elbLogs.id}\n interval: 5\n listeners:\n - instancePort: 8000\n instanceProtocol: http\n lbPort: 80\n lbProtocol: http\nvariables:\n main:\n fn::invoke:\n Function: aws:elb:getServiceAccount\n Arguments: {}\n allowElbLoggingPolicyDocument:\n fn::invoke:\n Function: aws:iam:getPolicyDocument\n Arguments:\n statements:\n - effect: Allow\n principals:\n - type: AWS\n identifiers:\n - ${main.arn}\n actions:\n - s3:PutObject\n resources:\n - ${elbLogs.arn}/AWSLogs/*\n```\n{{% /example %}}\n{{% /examples %}}", "inputs": { "description": "A collection of arguments for invoking getServiceAccount.\n", "properties": { @@ -322047,7 +322044,7 @@ } }, "aws:iam/getPolicyDocument:getPolicyDocument": { - "description": "Generates an IAM policy document in JSON format for use with resources that expect policy documents such as `aws.iam.Policy`.\n\nUsing this data source to generate policy documents is *optional*. It is also valid to use literal JSON strings in your configuration or to use the `file` interpolation function to read a raw JSON policy document from a file.\n\n{{% examples %}}\n## Example Usage\n{{% example %}}\n### Basic Example\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst examplePolicyDocument = aws.iam.getPolicyDocument({\n statements: [\n {\n sid: \"1\",\n actions: [\n \"s3:ListAllMyBuckets\",\n \"s3:GetBucketLocation\",\n ],\n resources: [\"arn:aws:s3:::*\"],\n },\n {\n actions: [\"s3:ListBucket\"],\n resources: [`arn:aws:s3:::${_var.s3_bucket_name}`],\n conditions: [{\n test: \"StringLike\",\n variable: \"s3:prefix\",\n values: [\n \"\",\n \"home/\",\n \"home/\u0026{aws:username}/\",\n ],\n }],\n },\n {\n actions: [\"s3:*\"],\n resources: [\n `arn:aws:s3:::${_var.s3_bucket_name}/home/\u0026{aws:username}`,\n `arn:aws:s3:::${_var.s3_bucket_name}/home/\u0026{aws:username}/*`,\n ],\n },\n ],\n});\nconst examplePolicy = new aws.iam.Policy(\"examplePolicy\", {\n path: \"/\",\n policy: examplePolicyDocument.then(examplePolicyDocument =\u003e examplePolicyDocument.json),\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nexample_policy_document = aws.iam.get_policy_document(statements=[\n aws.iam.GetPolicyDocumentStatementArgs(\n sid=\"1\",\n actions=[\n \"s3:ListAllMyBuckets\",\n \"s3:GetBucketLocation\",\n ],\n resources=[\"arn:aws:s3:::*\"],\n ),\n aws.iam.GetPolicyDocumentStatementArgs(\n actions=[\"s3:ListBucket\"],\n resources=[f\"arn:aws:s3:::{var['s3_bucket_name']}\"],\n conditions=[aws.iam.GetPolicyDocumentStatementConditionArgs(\n test=\"StringLike\",\n variable=\"s3:prefix\",\n values=[\n \"\",\n \"home/\",\n \"home/\u0026{aws:username}/\",\n ],\n )],\n ),\n aws.iam.GetPolicyDocumentStatementArgs(\n actions=[\"s3:*\"],\n resources=[\n f\"arn:aws:s3:::{var['s3_bucket_name']}/home/\u0026{{aws:username}}\",\n f\"arn:aws:s3:::{var['s3_bucket_name']}/home/\u0026{{aws:username}}/*\",\n ],\n ),\n])\nexample_policy = aws.iam.Policy(\"examplePolicy\",\n path=\"/\",\n policy=example_policy_document.json)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var examplePolicyDocument = Aws.Iam.GetPolicyDocument.Invoke(new()\n {\n Statements = new[]\n {\n new Aws.Iam.Inputs.GetPolicyDocumentStatementInputArgs\n {\n Sid = \"1\",\n Actions = new[]\n {\n \"s3:ListAllMyBuckets\",\n \"s3:GetBucketLocation\",\n },\n Resources = new[]\n {\n \"arn:aws:s3:::*\",\n },\n },\n new Aws.Iam.Inputs.GetPolicyDocumentStatementInputArgs\n {\n Actions = new[]\n {\n \"s3:ListBucket\",\n },\n Resources = new[]\n {\n $\"arn:aws:s3:::{@var.S3_bucket_name}\",\n },\n Conditions = new[]\n {\n new Aws.Iam.Inputs.GetPolicyDocumentStatementConditionInputArgs\n {\n Test = \"StringLike\",\n Variable = \"s3:prefix\",\n Values = new[]\n {\n \"\",\n \"home/\",\n \"home/\u0026{aws:username}/\",\n },\n },\n },\n },\n new Aws.Iam.Inputs.GetPolicyDocumentStatementInputArgs\n {\n Actions = new[]\n {\n \"s3:*\",\n },\n Resources = new[]\n {\n $\"arn:aws:s3:::{@var.S3_bucket_name}/home/\u0026{{aws:username}}\",\n $\"arn:aws:s3:::{@var.S3_bucket_name}/home/\u0026{{aws:username}}/*\",\n },\n },\n },\n });\n\n var examplePolicy = new Aws.Iam.Policy(\"examplePolicy\", new()\n {\n Path = \"/\",\n PolicyDocument = examplePolicyDocument.Apply(getPolicyDocumentResult =\u003e getPolicyDocumentResult.Json),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"fmt\"\n\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/iam\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\texamplePolicyDocument, err := iam.GetPolicyDocument(ctx, \u0026iam.GetPolicyDocumentArgs{\n\t\t\tStatements: pulumi.Array{\n\t\t\t\tiam.GetPolicyDocumentStatement{\n\t\t\t\t\tSid: pulumi.StringRef(\"1\"),\n\t\t\t\t\tActions: []string{\n\t\t\t\t\t\t\"s3:ListAllMyBuckets\",\n\t\t\t\t\t\t\"s3:GetBucketLocation\",\n\t\t\t\t\t},\n\t\t\t\t\tResources: []string{\n\t\t\t\t\t\t\"arn:aws:s3:::*\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t\tiam.GetPolicyDocumentStatement{\n\t\t\t\t\tActions: []string{\n\t\t\t\t\t\t\"s3:ListBucket\",\n\t\t\t\t\t},\n\t\t\t\t\tResources: []string{\n\t\t\t\t\t\tfmt.Sprintf(\"arn:aws:s3:::%v\", _var.S3_bucket_name),\n\t\t\t\t\t},\n\t\t\t\t\tConditions: []iam.GetPolicyDocumentStatementCondition{\n\t\t\t\t\t\t{\n\t\t\t\t\t\t\tTest: \"StringLike\",\n\t\t\t\t\t\t\tVariable: \"s3:prefix\",\n\t\t\t\t\t\t\tValues: []string{\n\t\t\t\t\t\t\t\t\"\",\n\t\t\t\t\t\t\t\t\"home/\",\n\t\t\t\t\t\t\t\t\"home/\u0026{aws:username}/\",\n\t\t\t\t\t\t\t},\n\t\t\t\t\t\t},\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t\tiam.GetPolicyDocumentStatement{\n\t\t\t\t\tActions: []string{\n\t\t\t\t\t\t\"s3:*\",\n\t\t\t\t\t},\n\t\t\t\t\tResources: []string{\n\t\t\t\t\t\tfmt.Sprintf(\"arn:aws:s3:::%v/home/\u0026{aws:username}\", _var.S3_bucket_name),\n\t\t\t\t\t\tfmt.Sprintf(\"arn:aws:s3:::%v/home/\u0026{aws:username}/*\", _var.S3_bucket_name),\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = iam.NewPolicy(ctx, \"examplePolicy\", \u0026iam.PolicyArgs{\n\t\t\tPath: pulumi.String(\"/\"),\n\t\t\tPolicy: *pulumi.String(examplePolicyDocument.Json),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.aws.iam.IamFunctions;\nimport com.pulumi.aws.iam.inputs.GetPolicyDocumentArgs;\nimport com.pulumi.aws.iam.Policy;\nimport com.pulumi.aws.iam.PolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var examplePolicyDocument = IamFunctions.getPolicyDocument(GetPolicyDocumentArgs.builder()\n .statements( \n GetPolicyDocumentStatementArgs.builder()\n .sid(\"1\")\n .actions( \n \"s3:ListAllMyBuckets\",\n \"s3:GetBucketLocation\")\n .resources(\"arn:aws:s3:::*\")\n .build(),\n GetPolicyDocumentStatementArgs.builder()\n .actions(\"s3:ListBucket\")\n .resources(String.format(\"arn:aws:s3:::%s\", var_.s3_bucket_name()))\n .conditions(GetPolicyDocumentStatementConditionArgs.builder()\n .test(\"StringLike\")\n .variable(\"s3:prefix\")\n .values( \n \"\",\n \"home/\",\n \"home/\u0026{aws:username}/\")\n .build())\n .build(),\n GetPolicyDocumentStatementArgs.builder()\n .actions(\"s3:*\")\n .resources( \n String.format(\"arn:aws:s3:::%s/home/\u0026{{aws:username}}\", var_.s3_bucket_name()),\n String.format(\"arn:aws:s3:::%s/home/\u0026{{aws:username}}/*\", var_.s3_bucket_name()))\n .build())\n .build());\n\n var examplePolicy = new Policy(\"examplePolicy\", PolicyArgs.builder() \n .path(\"/\")\n .policy(examplePolicyDocument.applyValue(getPolicyDocumentResult -\u003e getPolicyDocumentResult.json()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n examplePolicy:\n type: aws:iam:Policy\n properties:\n path: /\n policy: ${examplePolicyDocument.json}\nvariables:\n examplePolicyDocument:\n fn::invoke:\n Function: aws:iam:getPolicyDocument\n Arguments:\n statements:\n - sid: '1'\n actions:\n - s3:ListAllMyBuckets\n - s3:GetBucketLocation\n resources:\n - arn:aws:s3:::*\n - actions:\n - s3:ListBucket\n resources:\n - arn:aws:s3:::${var.s3_bucket_name}\n conditions:\n - test: StringLike\n variable: s3:prefix\n values:\n -\n - home/\n - home/\u0026{aws:username}/\n - actions:\n - s3:*\n resources:\n - arn:aws:s3:::${var.s3_bucket_name}/home/\u0026{aws:username}\n - arn:aws:s3:::${var.s3_bucket_name}/home/\u0026{aws:username}/*\n```\n{{% /example %}}\n{{% example %}}\n### Example Multiple Condition Keys and Values\n\nYou can specify a [condition with multiple keys and values](https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_multi-value-conditions.html) by supplying multiple `condition` blocks with the same `test` value, but differing `variable` and `values` values.\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst exampleMultipleConditionKeysAndValues = aws.iam.getPolicyDocument({\n statements: [{\n actions: [\n \"kms:Decrypt\",\n \"kms:GenerateDataKey\",\n ],\n conditions: [\n {\n test: \"ForAnyValue:StringEquals\",\n values: [\"pi\"],\n variable: \"kms:EncryptionContext:service\",\n },\n {\n test: \"ForAnyValue:StringEquals\",\n values: [\"rds\"],\n variable: \"kms:EncryptionContext:aws:pi:service\",\n },\n {\n test: \"ForAnyValue:StringEquals\",\n values: [\n \"db-AAAAABBBBBCCCCCDDDDDEEEEE\",\n \"db-EEEEEDDDDDCCCCCBBBBBAAAAA\",\n ],\n variable: \"kms:EncryptionContext:aws:rds:db-id\",\n },\n ],\n resources: [\"*\"],\n }],\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nexample_multiple_condition_keys_and_values = aws.iam.get_policy_document(statements=[aws.iam.GetPolicyDocumentStatementArgs(\n actions=[\n \"kms:Decrypt\",\n \"kms:GenerateDataKey\",\n ],\n conditions=[\n aws.iam.GetPolicyDocumentStatementConditionArgs(\n test=\"ForAnyValue:StringEquals\",\n values=[\"pi\"],\n variable=\"kms:EncryptionContext:service\",\n ),\n aws.iam.GetPolicyDocumentStatementConditionArgs(\n test=\"ForAnyValue:StringEquals\",\n values=[\"rds\"],\n variable=\"kms:EncryptionContext:aws:pi:service\",\n ),\n aws.iam.GetPolicyDocumentStatementConditionArgs(\n test=\"ForAnyValue:StringEquals\",\n values=[\n \"db-AAAAABBBBBCCCCCDDDDDEEEEE\",\n \"db-EEEEEDDDDDCCCCCBBBBBAAAAA\",\n ],\n variable=\"kms:EncryptionContext:aws:rds:db-id\",\n ),\n ],\n resources=[\"*\"],\n)])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var exampleMultipleConditionKeysAndValues = Aws.Iam.GetPolicyDocument.Invoke(new()\n {\n Statements = new[]\n {\n new Aws.Iam.Inputs.GetPolicyDocumentStatementInputArgs\n {\n Actions = new[]\n {\n \"kms:Decrypt\",\n \"kms:GenerateDataKey\",\n },\n Conditions = new[]\n {\n new Aws.Iam.Inputs.GetPolicyDocumentStatementConditionInputArgs\n {\n Test = \"ForAnyValue:StringEquals\",\n Values = new[]\n {\n \"pi\",\n },\n Variable = \"kms:EncryptionContext:service\",\n },\n new Aws.Iam.Inputs.GetPolicyDocumentStatementConditionInputArgs\n {\n Test = \"ForAnyValue:StringEquals\",\n Values = new[]\n {\n \"rds\",\n },\n Variable = \"kms:EncryptionContext:aws:pi:service\",\n },\n new Aws.Iam.Inputs.GetPolicyDocumentStatementConditionInputArgs\n {\n Test = \"ForAnyValue:StringEquals\",\n Values = new[]\n {\n \"db-AAAAABBBBBCCCCCDDDDDEEEEE\",\n \"db-EEEEEDDDDDCCCCCBBBBBAAAAA\",\n },\n Variable = \"kms:EncryptionContext:aws:rds:db-id\",\n },\n },\n Resources = new[]\n {\n \"*\",\n },\n },\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/iam\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := iam.GetPolicyDocument(ctx, \u0026iam.GetPolicyDocumentArgs{\n\t\t\tStatements: []iam.GetPolicyDocumentStatement{\n\t\t\t\t{\n\t\t\t\t\tActions: []string{\n\t\t\t\t\t\t\"kms:Decrypt\",\n\t\t\t\t\t\t\"kms:GenerateDataKey\",\n\t\t\t\t\t},\n\t\t\t\t\tConditions: []iam.GetPolicyDocumentStatementCondition{\n\t\t\t\t\t\t{\n\t\t\t\t\t\t\tTest: \"ForAnyValue:StringEquals\",\n\t\t\t\t\t\t\tValues: []string{\n\t\t\t\t\t\t\t\t\"pi\",\n\t\t\t\t\t\t\t},\n\t\t\t\t\t\t\tVariable: \"kms:EncryptionContext:service\",\n\t\t\t\t\t\t},\n\t\t\t\t\t\t{\n\t\t\t\t\t\t\tTest: \"ForAnyValue:StringEquals\",\n\t\t\t\t\t\t\tValues: []string{\n\t\t\t\t\t\t\t\t\"rds\",\n\t\t\t\t\t\t\t},\n\t\t\t\t\t\t\tVariable: \"kms:EncryptionContext:aws:pi:service\",\n\t\t\t\t\t\t},\n\t\t\t\t\t\t{\n\t\t\t\t\t\t\tTest: \"ForAnyValue:StringEquals\",\n\t\t\t\t\t\t\tValues: []string{\n\t\t\t\t\t\t\t\t\"db-AAAAABBBBBCCCCCDDDDDEEEEE\",\n\t\t\t\t\t\t\t\t\"db-EEEEEDDDDDCCCCCBBBBBAAAAA\",\n\t\t\t\t\t\t\t},\n\t\t\t\t\t\t\tVariable: \"kms:EncryptionContext:aws:rds:db-id\",\n\t\t\t\t\t\t},\n\t\t\t\t\t},\n\t\t\t\t\tResources: []string{\n\t\t\t\t\t\t\"*\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.aws.iam.IamFunctions;\nimport com.pulumi.aws.iam.inputs.GetPolicyDocumentArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var exampleMultipleConditionKeysAndValues = IamFunctions.getPolicyDocument(GetPolicyDocumentArgs.builder()\n .statements(GetPolicyDocumentStatementArgs.builder()\n .actions( \n \"kms:Decrypt\",\n \"kms:GenerateDataKey\")\n .conditions( \n GetPolicyDocumentStatementConditionArgs.builder()\n .test(\"ForAnyValue:StringEquals\")\n .values(\"pi\")\n .variable(\"kms:EncryptionContext:service\")\n .build(),\n GetPolicyDocumentStatementConditionArgs.builder()\n .test(\"ForAnyValue:StringEquals\")\n .values(\"rds\")\n .variable(\"kms:EncryptionContext:aws:pi:service\")\n .build(),\n GetPolicyDocumentStatementConditionArgs.builder()\n .test(\"ForAnyValue:StringEquals\")\n .values( \n \"db-AAAAABBBBBCCCCCDDDDDEEEEE\",\n \"db-EEEEEDDDDDCCCCCBBBBBAAAAA\")\n .variable(\"kms:EncryptionContext:aws:rds:db-id\")\n .build())\n .resources(\"*\")\n .build())\n .build());\n\n }\n}\n```\n```yaml\nvariables:\n exampleMultipleConditionKeysAndValues:\n fn::invoke:\n Function: aws:iam:getPolicyDocument\n Arguments:\n statements:\n - actions:\n - kms:Decrypt\n - kms:GenerateDataKey\n conditions:\n - test: ForAnyValue:StringEquals\n values:\n - pi\n variable: kms:EncryptionContext:service\n - test: ForAnyValue:StringEquals\n values:\n - rds\n variable: kms:EncryptionContext:aws:pi:service\n - test: ForAnyValue:StringEquals\n values:\n - db-AAAAABBBBBCCCCCDDDDDEEEEE\n - db-EEEEEDDDDDCCCCCBBBBBAAAAA\n variable: kms:EncryptionContext:aws:rds:db-id\n resources:\n - '*'\n```\n\n`data.aws_iam_policy_document.example_multiple_condition_keys_and_values.json` will evaluate to:\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\n```\n```python\nimport pulumi\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n }\n}\n```\n```yaml\n{}\n```\n{{% /example %}}\n{{% example %}}\n### Example Assume-Role Policy with Multiple Principals\n\nYou can specify multiple principal blocks with different types. You can also use this data source to generate an assume-role policy.\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst eventStreamBucketRoleAssumeRolePolicy = aws.iam.getPolicyDocument({\n statements: [{\n actions: [\"sts:AssumeRole\"],\n principals: [\n {\n type: \"Service\",\n identifiers: [\"firehose.amazonaws.com\"],\n },\n {\n type: \"AWS\",\n identifiers: [_var.trusted_role_arn],\n },\n {\n type: \"Federated\",\n identifiers: [\n `arn:aws:iam::${_var.account_id}:saml-provider/${_var.provider_name}`,\n \"cognito-identity.amazonaws.com\",\n ],\n },\n ],\n }],\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nevent_stream_bucket_role_assume_role_policy = aws.iam.get_policy_document(statements=[aws.iam.GetPolicyDocumentStatementArgs(\n actions=[\"sts:AssumeRole\"],\n principals=[\n aws.iam.GetPolicyDocumentStatementPrincipalArgs(\n type=\"Service\",\n identifiers=[\"firehose.amazonaws.com\"],\n ),\n aws.iam.GetPolicyDocumentStatementPrincipalArgs(\n type=\"AWS\",\n identifiers=[var[\"trusted_role_arn\"]],\n ),\n aws.iam.GetPolicyDocumentStatementPrincipalArgs(\n type=\"Federated\",\n identifiers=[\n f\"arn:aws:iam::{var['account_id']}:saml-provider/{var['provider_name']}\",\n \"cognito-identity.amazonaws.com\",\n ],\n ),\n ],\n)])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var eventStreamBucketRoleAssumeRolePolicy = Aws.Iam.GetPolicyDocument.Invoke(new()\n {\n Statements = new[]\n {\n new Aws.Iam.Inputs.GetPolicyDocumentStatementInputArgs\n {\n Actions = new[]\n {\n \"sts:AssumeRole\",\n },\n Principals = new[]\n {\n new Aws.Iam.Inputs.GetPolicyDocumentStatementPrincipalInputArgs\n {\n Type = \"Service\",\n Identifiers = new[]\n {\n \"firehose.amazonaws.com\",\n },\n },\n new Aws.Iam.Inputs.GetPolicyDocumentStatementPrincipalInputArgs\n {\n Type = \"AWS\",\n Identifiers = new[]\n {\n @var.Trusted_role_arn,\n },\n },\n new Aws.Iam.Inputs.GetPolicyDocumentStatementPrincipalInputArgs\n {\n Type = \"Federated\",\n Identifiers = new[]\n {\n $\"arn:aws:iam::{@var.Account_id}:saml-provider/{@var.Provider_name}\",\n \"cognito-identity.amazonaws.com\",\n },\n },\n },\n },\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\"fmt\"\n\n\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/iam\"\n)\nfunc main() {\npulumi.Run(func(ctx *pulumi.Context) error {\n_, err := iam.GetPolicyDocument(ctx, \u0026iam.GetPolicyDocumentArgs{\nStatements: []iam.GetPolicyDocumentStatement{\n{\nActions: []string{\n\"sts:AssumeRole\",\n},\nPrincipals: []iam.GetPolicyDocumentStatementPrincipal{\n{\nType: \"Service\",\nIdentifiers: []string{\n\"firehose.amazonaws.com\",\n},\n},\n{\nType: \"AWS\",\nIdentifiers: interface{}{\n_var.Trusted_role_arn,\n},\n},\n{\nType: \"Federated\",\nIdentifiers: []string{\nfmt.Sprintf(\"arn:aws:iam::%v:saml-provider/%v\", _var.Account_id, _var.Provider_name),\n\"cognito-identity.amazonaws.com\",\n},\n},\n},\n},\n},\n}, nil);\nif err != nil {\nreturn err\n}\nreturn nil\n})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.aws.iam.IamFunctions;\nimport com.pulumi.aws.iam.inputs.GetPolicyDocumentArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var eventStreamBucketRoleAssumeRolePolicy = IamFunctions.getPolicyDocument(GetPolicyDocumentArgs.builder()\n .statements(GetPolicyDocumentStatementArgs.builder()\n .actions(\"sts:AssumeRole\")\n .principals( \n GetPolicyDocumentStatementPrincipalArgs.builder()\n .type(\"Service\")\n .identifiers(\"firehose.amazonaws.com\")\n .build(),\n GetPolicyDocumentStatementPrincipalArgs.builder()\n .type(\"AWS\")\n .identifiers(var_.trusted_role_arn())\n .build(),\n GetPolicyDocumentStatementPrincipalArgs.builder()\n .type(\"Federated\")\n .identifiers( \n String.format(\"arn:aws:iam::%s:saml-provider/%s\", var_.account_id(),var_.provider_name()),\n \"cognito-identity.amazonaws.com\")\n .build())\n .build())\n .build());\n\n }\n}\n```\n```yaml\nvariables:\n eventStreamBucketRoleAssumeRolePolicy:\n fn::invoke:\n Function: aws:iam:getPolicyDocument\n Arguments:\n statements:\n - actions:\n - sts:AssumeRole\n principals:\n - type: Service\n identifiers:\n - firehose.amazonaws.com\n - type: AWS\n identifiers:\n - ${var.trusted_role_arn}\n - type: Federated\n identifiers:\n - arn:aws:iam::${var.account_id}:saml-provider/${var.provider_name}\n - cognito-identity.amazonaws.com\n```\n{{% /example %}}\n{{% example %}}\n### Example Using A Source Document\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst source = aws.iam.getPolicyDocument({\n statements: [\n {\n actions: [\"ec2:*\"],\n resources: [\"*\"],\n },\n {\n sid: \"SidToOverride\",\n actions: [\"s3:*\"],\n resources: [\"*\"],\n },\n ],\n});\nconst sourceDocumentExample = source.then(source =\u003e aws.iam.getPolicyDocument({\n sourcePolicyDocuments: [source.json],\n statements: [{\n sid: \"SidToOverride\",\n actions: [\"s3:*\"],\n resources: [\n \"arn:aws:s3:::somebucket\",\n \"arn:aws:s3:::somebucket/*\",\n ],\n }],\n}));\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nsource = aws.iam.get_policy_document(statements=[\n aws.iam.GetPolicyDocumentStatementArgs(\n actions=[\"ec2:*\"],\n resources=[\"*\"],\n ),\n aws.iam.GetPolicyDocumentStatementArgs(\n sid=\"SidToOverride\",\n actions=[\"s3:*\"],\n resources=[\"*\"],\n ),\n])\nsource_document_example = aws.iam.get_policy_document(source_policy_documents=[source.json],\n statements=[aws.iam.GetPolicyDocumentStatementArgs(\n sid=\"SidToOverride\",\n actions=[\"s3:*\"],\n resources=[\n \"arn:aws:s3:::somebucket\",\n \"arn:aws:s3:::somebucket/*\",\n ],\n )])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var source = Aws.Iam.GetPolicyDocument.Invoke(new()\n {\n Statements = new[]\n {\n new Aws.Iam.Inputs.GetPolicyDocumentStatementInputArgs\n {\n Actions = new[]\n {\n \"ec2:*\",\n },\n Resources = new[]\n {\n \"*\",\n },\n },\n new Aws.Iam.Inputs.GetPolicyDocumentStatementInputArgs\n {\n Sid = \"SidToOverride\",\n Actions = new[]\n {\n \"s3:*\",\n },\n Resources = new[]\n {\n \"*\",\n },\n },\n },\n });\n\n var sourceDocumentExample = Aws.Iam.GetPolicyDocument.Invoke(new()\n {\n SourcePolicyDocuments = new[]\n {\n source.Apply(getPolicyDocumentResult =\u003e getPolicyDocumentResult.Json),\n },\n Statements = new[]\n {\n new Aws.Iam.Inputs.GetPolicyDocumentStatementInputArgs\n {\n Sid = \"SidToOverride\",\n Actions = new[]\n {\n \"s3:*\",\n },\n Resources = new[]\n {\n \"arn:aws:s3:::somebucket\",\n \"arn:aws:s3:::somebucket/*\",\n },\n },\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\n\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/iam\"\n)\nfunc main() {\npulumi.Run(func(ctx *pulumi.Context) error {\nsource, err := iam.GetPolicyDocument(ctx, \u0026iam.GetPolicyDocumentArgs{\nStatements: []iam.GetPolicyDocumentStatement{\n{\nActions: []string{\n\"ec2:*\",\n},\nResources: []string{\n\"*\",\n},\n},\n{\nSid: pulumi.StringRef(\"SidToOverride\"),\nActions: []string{\n\"s3:*\",\n},\nResources: []string{\n\"*\",\n},\n},\n},\n}, nil);\nif err != nil {\nreturn err\n}\n_, err = iam.GetPolicyDocument(ctx, \u0026iam.GetPolicyDocumentArgs{\nSourcePolicyDocuments: interface{}{\nsource.Json,\n},\nStatements: []iam.GetPolicyDocumentStatement{\n{\nSid: pulumi.StringRef(\"SidToOverride\"),\nActions: []string{\n\"s3:*\",\n},\nResources: []string{\n\"arn:aws:s3:::somebucket\",\n\"arn:aws:s3:::somebucket/*\",\n},\n},\n},\n}, nil);\nif err != nil {\nreturn err\n}\nreturn nil\n})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.aws.iam.IamFunctions;\nimport com.pulumi.aws.iam.inputs.GetPolicyDocumentArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var source = IamFunctions.getPolicyDocument(GetPolicyDocumentArgs.builder()\n .statements( \n GetPolicyDocumentStatementArgs.builder()\n .actions(\"ec2:*\")\n .resources(\"*\")\n .build(),\n GetPolicyDocumentStatementArgs.builder()\n .sid(\"SidToOverride\")\n .actions(\"s3:*\")\n .resources(\"*\")\n .build())\n .build());\n\n final var sourceDocumentExample = IamFunctions.getPolicyDocument(GetPolicyDocumentArgs.builder()\n .sourcePolicyDocuments(source.applyValue(getPolicyDocumentResult -\u003e getPolicyDocumentResult.json()))\n .statements(GetPolicyDocumentStatementArgs.builder()\n .sid(\"SidToOverride\")\n .actions(\"s3:*\")\n .resources( \n \"arn:aws:s3:::somebucket\",\n \"arn:aws:s3:::somebucket/*\")\n .build())\n .build());\n\n }\n}\n```\n```yaml\nvariables:\n source:\n fn::invoke:\n Function: aws:iam:getPolicyDocument\n Arguments:\n statements:\n - actions:\n - ec2:*\n resources:\n - '*'\n - sid: SidToOverride\n actions:\n - s3:*\n resources:\n - '*'\n sourceDocumentExample:\n fn::invoke:\n Function: aws:iam:getPolicyDocument\n Arguments:\n sourcePolicyDocuments:\n - ${source.json}\n statements:\n - sid: SidToOverride\n actions:\n - s3:*\n resources:\n - arn:aws:s3:::somebucket\n - arn:aws:s3:::somebucket/*\n```\n\n`data.aws_iam_policy_document.source_document_example.json` will evaluate to:\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\n```\n```python\nimport pulumi\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n }\n}\n```\n```yaml\n{}\n```\n{{% /example %}}\n{{% example %}}\n### Example Using An Override Document\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst override = aws.iam.getPolicyDocument({\n statements: [{\n sid: \"SidToOverride\",\n actions: [\"s3:*\"],\n resources: [\"*\"],\n }],\n});\nconst overridePolicyDocumentExample = override.then(override =\u003e aws.iam.getPolicyDocument({\n overridePolicyDocuments: [override.json],\n statements: [\n {\n actions: [\"ec2:*\"],\n resources: [\"*\"],\n },\n {\n sid: \"SidToOverride\",\n actions: [\"s3:*\"],\n resources: [\n \"arn:aws:s3:::somebucket\",\n \"arn:aws:s3:::somebucket/*\",\n ],\n },\n ],\n}));\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\noverride = aws.iam.get_policy_document(statements=[aws.iam.GetPolicyDocumentStatementArgs(\n sid=\"SidToOverride\",\n actions=[\"s3:*\"],\n resources=[\"*\"],\n)])\noverride_policy_document_example = aws.iam.get_policy_document(override_policy_documents=[override.json],\n statements=[\n aws.iam.GetPolicyDocumentStatementArgs(\n actions=[\"ec2:*\"],\n resources=[\"*\"],\n ),\n aws.iam.GetPolicyDocumentStatementArgs(\n sid=\"SidToOverride\",\n actions=[\"s3:*\"],\n resources=[\n \"arn:aws:s3:::somebucket\",\n \"arn:aws:s3:::somebucket/*\",\n ],\n ),\n ])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var @override = Aws.Iam.GetPolicyDocument.Invoke(new()\n {\n Statements = new[]\n {\n new Aws.Iam.Inputs.GetPolicyDocumentStatementInputArgs\n {\n Sid = \"SidToOverride\",\n Actions = new[]\n {\n \"s3:*\",\n },\n Resources = new[]\n {\n \"*\",\n },\n },\n },\n });\n\n var overridePolicyDocumentExample = Aws.Iam.GetPolicyDocument.Invoke(new()\n {\n OverridePolicyDocuments = new[]\n {\n @override.Apply(getPolicyDocumentResult =\u003e getPolicyDocumentResult.Json),\n },\n Statements = new[]\n {\n new Aws.Iam.Inputs.GetPolicyDocumentStatementInputArgs\n {\n Actions = new[]\n {\n \"ec2:*\",\n },\n Resources = new[]\n {\n \"*\",\n },\n },\n new Aws.Iam.Inputs.GetPolicyDocumentStatementInputArgs\n {\n Sid = \"SidToOverride\",\n Actions = new[]\n {\n \"s3:*\",\n },\n Resources = new[]\n {\n \"arn:aws:s3:::somebucket\",\n \"arn:aws:s3:::somebucket/*\",\n },\n },\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\n\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/iam\"\n)\nfunc main() {\npulumi.Run(func(ctx *pulumi.Context) error {\noverride, err := iam.GetPolicyDocument(ctx, \u0026iam.GetPolicyDocumentArgs{\nStatements: []iam.GetPolicyDocumentStatement{\n{\nSid: pulumi.StringRef(\"SidToOverride\"),\nActions: []string{\n\"s3:*\",\n},\nResources: []string{\n\"*\",\n},\n},\n},\n}, nil);\nif err != nil {\nreturn err\n}\n_, err = iam.GetPolicyDocument(ctx, \u0026iam.GetPolicyDocumentArgs{\nOverridePolicyDocuments: interface{}{\noverride.Json,\n},\nStatements: []iam.GetPolicyDocumentStatement{\n{\nActions: []string{\n\"ec2:*\",\n},\nResources: []string{\n\"*\",\n},\n},\n{\nSid: pulumi.StringRef(\"SidToOverride\"),\nActions: []string{\n\"s3:*\",\n},\nResources: []string{\n\"arn:aws:s3:::somebucket\",\n\"arn:aws:s3:::somebucket/*\",\n},\n},\n},\n}, nil);\nif err != nil {\nreturn err\n}\nreturn nil\n})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.aws.iam.IamFunctions;\nimport com.pulumi.aws.iam.inputs.GetPolicyDocumentArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var override = IamFunctions.getPolicyDocument(GetPolicyDocumentArgs.builder()\n .statements(GetPolicyDocumentStatementArgs.builder()\n .sid(\"SidToOverride\")\n .actions(\"s3:*\")\n .resources(\"*\")\n .build())\n .build());\n\n final var overridePolicyDocumentExample = IamFunctions.getPolicyDocument(GetPolicyDocumentArgs.builder()\n .overridePolicyDocuments(override.applyValue(getPolicyDocumentResult -\u003e getPolicyDocumentResult.json()))\n .statements( \n GetPolicyDocumentStatementArgs.builder()\n .actions(\"ec2:*\")\n .resources(\"*\")\n .build(),\n GetPolicyDocumentStatementArgs.builder()\n .sid(\"SidToOverride\")\n .actions(\"s3:*\")\n .resources( \n \"arn:aws:s3:::somebucket\",\n \"arn:aws:s3:::somebucket/*\")\n .build())\n .build());\n\n }\n}\n```\n```yaml\nvariables:\n override:\n fn::invoke:\n Function: aws:iam:getPolicyDocument\n Arguments:\n statements:\n - sid: SidToOverride\n actions:\n - s3:*\n resources:\n - '*'\n overridePolicyDocumentExample:\n fn::invoke:\n Function: aws:iam:getPolicyDocument\n Arguments:\n overridePolicyDocuments:\n - ${override.json}\n statements:\n - actions:\n - ec2:*\n resources:\n - '*'\n - sid: SidToOverride\n actions:\n - s3:*\n resources:\n - arn:aws:s3:::somebucket\n - arn:aws:s3:::somebucket/*\n```\n\n`data.aws_iam_policy_document.override_policy_document_example.json` will evaluate to:\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\n```\n```python\nimport pulumi\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n }\n}\n```\n```yaml\n{}\n```\n{{% /example %}}\n{{% example %}}\n### Example with Both Source and Override Documents\n\nYou can also combine `source_policy_documents` and `override_policy_documents` in the same document.\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst source = aws.iam.getPolicyDocument({\n statements: [{\n sid: \"OverridePlaceholder\",\n actions: [\"ec2:DescribeAccountAttributes\"],\n resources: [\"*\"],\n }],\n});\nconst override = aws.iam.getPolicyDocument({\n statements: [{\n sid: \"OverridePlaceholder\",\n actions: [\"s3:GetObject\"],\n resources: [\"*\"],\n }],\n});\nconst politik = Promise.all([source, override]).then(([source, override]) =\u003e aws.iam.getPolicyDocument({\n sourcePolicyDocuments: [source.json],\n overridePolicyDocuments: [override.json],\n}));\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nsource = aws.iam.get_policy_document(statements=[aws.iam.GetPolicyDocumentStatementArgs(\n sid=\"OverridePlaceholder\",\n actions=[\"ec2:DescribeAccountAttributes\"],\n resources=[\"*\"],\n)])\noverride = aws.iam.get_policy_document(statements=[aws.iam.GetPolicyDocumentStatementArgs(\n sid=\"OverridePlaceholder\",\n actions=[\"s3:GetObject\"],\n resources=[\"*\"],\n)])\npolitik = aws.iam.get_policy_document(source_policy_documents=[source.json],\n override_policy_documents=[override.json])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var source = Aws.Iam.GetPolicyDocument.Invoke(new()\n {\n Statements = new[]\n {\n new Aws.Iam.Inputs.GetPolicyDocumentStatementInputArgs\n {\n Sid = \"OverridePlaceholder\",\n Actions = new[]\n {\n \"ec2:DescribeAccountAttributes\",\n },\n Resources = new[]\n {\n \"*\",\n },\n },\n },\n });\n\n var @override = Aws.Iam.GetPolicyDocument.Invoke(new()\n {\n Statements = new[]\n {\n new Aws.Iam.Inputs.GetPolicyDocumentStatementInputArgs\n {\n Sid = \"OverridePlaceholder\",\n Actions = new[]\n {\n \"s3:GetObject\",\n },\n Resources = new[]\n {\n \"*\",\n },\n },\n },\n });\n\n var politik = Aws.Iam.GetPolicyDocument.Invoke(new()\n {\n SourcePolicyDocuments = new[]\n {\n source.Apply(getPolicyDocumentResult =\u003e getPolicyDocumentResult.Json),\n },\n OverridePolicyDocuments = new[]\n {\n @override.Apply(getPolicyDocumentResult =\u003e getPolicyDocumentResult.Json),\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\n\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/iam\"\n)\nfunc main() {\npulumi.Run(func(ctx *pulumi.Context) error {\nsource, err := iam.GetPolicyDocument(ctx, \u0026iam.GetPolicyDocumentArgs{\nStatements: []iam.GetPolicyDocumentStatement{\n{\nSid: pulumi.StringRef(\"OverridePlaceholder\"),\nActions: []string{\n\"ec2:DescribeAccountAttributes\",\n},\nResources: []string{\n\"*\",\n},\n},\n},\n}, nil);\nif err != nil {\nreturn err\n}\noverride, err := iam.GetPolicyDocument(ctx, \u0026iam.GetPolicyDocumentArgs{\nStatements: []iam.GetPolicyDocumentStatement{\n{\nSid: pulumi.StringRef(\"OverridePlaceholder\"),\nActions: []string{\n\"s3:GetObject\",\n},\nResources: []string{\n\"*\",\n},\n},\n},\n}, nil);\nif err != nil {\nreturn err\n}\n_, err = iam.GetPolicyDocument(ctx, \u0026iam.GetPolicyDocumentArgs{\nSourcePolicyDocuments: interface{}{\nsource.Json,\n},\nOverridePolicyDocuments: interface{}{\noverride.Json,\n},\n}, nil);\nif err != nil {\nreturn err\n}\nreturn nil\n})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.aws.iam.IamFunctions;\nimport com.pulumi.aws.iam.inputs.GetPolicyDocumentArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var source = IamFunctions.getPolicyDocument(GetPolicyDocumentArgs.builder()\n .statements(GetPolicyDocumentStatementArgs.builder()\n .sid(\"OverridePlaceholder\")\n .actions(\"ec2:DescribeAccountAttributes\")\n .resources(\"*\")\n .build())\n .build());\n\n final var override = IamFunctions.getPolicyDocument(GetPolicyDocumentArgs.builder()\n .statements(GetPolicyDocumentStatementArgs.builder()\n .sid(\"OverridePlaceholder\")\n .actions(\"s3:GetObject\")\n .resources(\"*\")\n .build())\n .build());\n\n final var politik = IamFunctions.getPolicyDocument(GetPolicyDocumentArgs.builder()\n .sourcePolicyDocuments(source.applyValue(getPolicyDocumentResult -\u003e getPolicyDocumentResult.json()))\n .overridePolicyDocuments(override.applyValue(getPolicyDocumentResult -\u003e getPolicyDocumentResult.json()))\n .build());\n\n }\n}\n```\n```yaml\nvariables:\n source:\n fn::invoke:\n Function: aws:iam:getPolicyDocument\n Arguments:\n statements:\n - sid: OverridePlaceholder\n actions:\n - ec2:DescribeAccountAttributes\n resources:\n - '*'\n override:\n fn::invoke:\n Function: aws:iam:getPolicyDocument\n Arguments:\n statements:\n - sid: OverridePlaceholder\n actions:\n - s3:GetObject\n resources:\n - '*'\n politik:\n fn::invoke:\n Function: aws:iam:getPolicyDocument\n Arguments:\n sourcePolicyDocuments:\n - ${source.json}\n overridePolicyDocuments:\n - ${override.json}\n```\n\n`data.aws_iam_policy_document.politik.json` will evaluate to:\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\n```\n```python\nimport pulumi\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n }\n}\n```\n```yaml\n{}\n```\n{{% /example %}}\n{{% example %}}\n### Example of Merging Source Documents\n\nMultiple documents can be combined using the `source_policy_documents` or `override_policy_documents` attributes. `source_policy_documents` requires that all documents have unique Sids, while `override_policy_documents` will iteratively override matching Sids.\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst sourceOne = aws.iam.getPolicyDocument({\n statements: [\n {\n actions: [\"ec2:*\"],\n resources: [\"*\"],\n },\n {\n sid: \"UniqueSidOne\",\n actions: [\"s3:*\"],\n resources: [\"*\"],\n },\n ],\n});\nconst sourceTwo = aws.iam.getPolicyDocument({\n statements: [\n {\n sid: \"UniqueSidTwo\",\n actions: [\"iam:*\"],\n resources: [\"*\"],\n },\n {\n actions: [\"lambda:*\"],\n resources: [\"*\"],\n },\n ],\n});\nconst combined = Promise.all([sourceOne, sourceTwo]).then(([sourceOne, sourceTwo]) =\u003e aws.iam.getPolicyDocument({\n sourcePolicyDocuments: [\n sourceOne.json,\n sourceTwo.json,\n ],\n}));\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nsource_one = aws.iam.get_policy_document(statements=[\n aws.iam.GetPolicyDocumentStatementArgs(\n actions=[\"ec2:*\"],\n resources=[\"*\"],\n ),\n aws.iam.GetPolicyDocumentStatementArgs(\n sid=\"UniqueSidOne\",\n actions=[\"s3:*\"],\n resources=[\"*\"],\n ),\n])\nsource_two = aws.iam.get_policy_document(statements=[\n aws.iam.GetPolicyDocumentStatementArgs(\n sid=\"UniqueSidTwo\",\n actions=[\"iam:*\"],\n resources=[\"*\"],\n ),\n aws.iam.GetPolicyDocumentStatementArgs(\n actions=[\"lambda:*\"],\n resources=[\"*\"],\n ),\n])\ncombined = aws.iam.get_policy_document(source_policy_documents=[\n source_one.json,\n source_two.json,\n])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var sourceOne = Aws.Iam.GetPolicyDocument.Invoke(new()\n {\n Statements = new[]\n {\n new Aws.Iam.Inputs.GetPolicyDocumentStatementInputArgs\n {\n Actions = new[]\n {\n \"ec2:*\",\n },\n Resources = new[]\n {\n \"*\",\n },\n },\n new Aws.Iam.Inputs.GetPolicyDocumentStatementInputArgs\n {\n Sid = \"UniqueSidOne\",\n Actions = new[]\n {\n \"s3:*\",\n },\n Resources = new[]\n {\n \"*\",\n },\n },\n },\n });\n\n var sourceTwo = Aws.Iam.GetPolicyDocument.Invoke(new()\n {\n Statements = new[]\n {\n new Aws.Iam.Inputs.GetPolicyDocumentStatementInputArgs\n {\n Sid = \"UniqueSidTwo\",\n Actions = new[]\n {\n \"iam:*\",\n },\n Resources = new[]\n {\n \"*\",\n },\n },\n new Aws.Iam.Inputs.GetPolicyDocumentStatementInputArgs\n {\n Actions = new[]\n {\n \"lambda:*\",\n },\n Resources = new[]\n {\n \"*\",\n },\n },\n },\n });\n\n var combined = Aws.Iam.GetPolicyDocument.Invoke(new()\n {\n SourcePolicyDocuments = new[]\n {\n sourceOne.Apply(getPolicyDocumentResult =\u003e getPolicyDocumentResult.Json),\n sourceTwo.Apply(getPolicyDocumentResult =\u003e getPolicyDocumentResult.Json),\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\n\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/iam\"\n)\nfunc main() {\npulumi.Run(func(ctx *pulumi.Context) error {\nsourceOne, err := iam.GetPolicyDocument(ctx, \u0026iam.GetPolicyDocumentArgs{\nStatements: []iam.GetPolicyDocumentStatement{\n{\nActions: []string{\n\"ec2:*\",\n},\nResources: []string{\n\"*\",\n},\n},\n{\nSid: pulumi.StringRef(\"UniqueSidOne\"),\nActions: []string{\n\"s3:*\",\n},\nResources: []string{\n\"*\",\n},\n},\n},\n}, nil);\nif err != nil {\nreturn err\n}\nsourceTwo, err := iam.GetPolicyDocument(ctx, \u0026iam.GetPolicyDocumentArgs{\nStatements: pulumi.Array{\niam.GetPolicyDocumentStatement{\nSid: pulumi.StringRef(\"UniqueSidTwo\"),\nActions: []string{\n\"iam:*\",\n},\nResources: []string{\n\"*\",\n},\n},\niam.GetPolicyDocumentStatement{\nActions: []string{\n\"lambda:*\",\n},\nResources: []string{\n\"*\",\n},\n},\n},\n}, nil);\nif err != nil {\nreturn err\n}\n_, err = iam.GetPolicyDocument(ctx, \u0026iam.GetPolicyDocumentArgs{\nSourcePolicyDocuments: interface{}{\nsourceOne.Json,\nsourceTwo.Json,\n},\n}, nil);\nif err != nil {\nreturn err\n}\nreturn nil\n})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.aws.iam.IamFunctions;\nimport com.pulumi.aws.iam.inputs.GetPolicyDocumentArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var sourceOne = IamFunctions.getPolicyDocument(GetPolicyDocumentArgs.builder()\n .statements( \n GetPolicyDocumentStatementArgs.builder()\n .actions(\"ec2:*\")\n .resources(\"*\")\n .build(),\n GetPolicyDocumentStatementArgs.builder()\n .sid(\"UniqueSidOne\")\n .actions(\"s3:*\")\n .resources(\"*\")\n .build())\n .build());\n\n final var sourceTwo = IamFunctions.getPolicyDocument(GetPolicyDocumentArgs.builder()\n .statements( \n GetPolicyDocumentStatementArgs.builder()\n .sid(\"UniqueSidTwo\")\n .actions(\"iam:*\")\n .resources(\"*\")\n .build(),\n GetPolicyDocumentStatementArgs.builder()\n .actions(\"lambda:*\")\n .resources(\"*\")\n .build())\n .build());\n\n final var combined = IamFunctions.getPolicyDocument(GetPolicyDocumentArgs.builder()\n .sourcePolicyDocuments( \n sourceOne.applyValue(getPolicyDocumentResult -\u003e getPolicyDocumentResult.json()),\n sourceTwo.applyValue(getPolicyDocumentResult -\u003e getPolicyDocumentResult.json()))\n .build());\n\n }\n}\n```\n```yaml\nvariables:\n sourceOne:\n fn::invoke:\n Function: aws:iam:getPolicyDocument\n Arguments:\n statements:\n - actions:\n - ec2:*\n resources:\n - '*'\n - sid: UniqueSidOne\n actions:\n - s3:*\n resources:\n - '*'\n sourceTwo:\n fn::invoke:\n Function: aws:iam:getPolicyDocument\n Arguments:\n statements:\n - sid: UniqueSidTwo\n actions:\n - iam:*\n resources:\n - '*'\n - actions:\n - lambda:*\n resources:\n - '*'\n combined:\n fn::invoke:\n Function: aws:iam:getPolicyDocument\n Arguments:\n sourcePolicyDocuments:\n - ${sourceOne.json}\n - ${sourceTwo.json}\n```\n\n`data.aws_iam_policy_document.combined.json` will evaluate to:\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\n```\n```python\nimport pulumi\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n }\n}\n```\n```yaml\n{}\n```\n{{% /example %}}\n{{% example %}}\n### Example of Merging Override Documents\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst policyOne = aws.iam.getPolicyDocument({\n statements: [{\n sid: \"OverridePlaceHolderOne\",\n effect: \"Allow\",\n actions: [\"s3:*\"],\n resources: [\"*\"],\n }],\n});\nconst policyTwo = aws.iam.getPolicyDocument({\n statements: [\n {\n effect: \"Allow\",\n actions: [\"ec2:*\"],\n resources: [\"*\"],\n },\n {\n sid: \"OverridePlaceHolderTwo\",\n effect: \"Allow\",\n actions: [\"iam:*\"],\n resources: [\"*\"],\n },\n ],\n});\nconst policyThree = aws.iam.getPolicyDocument({\n statements: [{\n sid: \"OverridePlaceHolderOne\",\n effect: \"Deny\",\n actions: [\"logs:*\"],\n resources: [\"*\"],\n }],\n});\nconst combined = Promise.all([policyOne, policyTwo, policyThree]).then(([policyOne, policyTwo, policyThree]) =\u003e aws.iam.getPolicyDocument({\n overridePolicyDocuments: [\n policyOne.json,\n policyTwo.json,\n policyThree.json,\n ],\n statements: [{\n sid: \"OverridePlaceHolderTwo\",\n effect: \"Deny\",\n actions: [\"*\"],\n resources: [\"*\"],\n }],\n}));\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\npolicy_one = aws.iam.get_policy_document(statements=[aws.iam.GetPolicyDocumentStatementArgs(\n sid=\"OverridePlaceHolderOne\",\n effect=\"Allow\",\n actions=[\"s3:*\"],\n resources=[\"*\"],\n)])\npolicy_two = aws.iam.get_policy_document(statements=[\n aws.iam.GetPolicyDocumentStatementArgs(\n effect=\"Allow\",\n actions=[\"ec2:*\"],\n resources=[\"*\"],\n ),\n aws.iam.GetPolicyDocumentStatementArgs(\n sid=\"OverridePlaceHolderTwo\",\n effect=\"Allow\",\n actions=[\"iam:*\"],\n resources=[\"*\"],\n ),\n])\npolicy_three = aws.iam.get_policy_document(statements=[aws.iam.GetPolicyDocumentStatementArgs(\n sid=\"OverridePlaceHolderOne\",\n effect=\"Deny\",\n actions=[\"logs:*\"],\n resources=[\"*\"],\n)])\ncombined = aws.iam.get_policy_document(override_policy_documents=[\n policy_one.json,\n policy_two.json,\n policy_three.json,\n ],\n statements=[aws.iam.GetPolicyDocumentStatementArgs(\n sid=\"OverridePlaceHolderTwo\",\n effect=\"Deny\",\n actions=[\"*\"],\n resources=[\"*\"],\n )])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var policyOne = Aws.Iam.GetPolicyDocument.Invoke(new()\n {\n Statements = new[]\n {\n new Aws.Iam.Inputs.GetPolicyDocumentStatementInputArgs\n {\n Sid = \"OverridePlaceHolderOne\",\n Effect = \"Allow\",\n Actions = new[]\n {\n \"s3:*\",\n },\n Resources = new[]\n {\n \"*\",\n },\n },\n },\n });\n\n var policyTwo = Aws.Iam.GetPolicyDocument.Invoke(new()\n {\n Statements = new[]\n {\n new Aws.Iam.Inputs.GetPolicyDocumentStatementInputArgs\n {\n Effect = \"Allow\",\n Actions = new[]\n {\n \"ec2:*\",\n },\n Resources = new[]\n {\n \"*\",\n },\n },\n new Aws.Iam.Inputs.GetPolicyDocumentStatementInputArgs\n {\n Sid = \"OverridePlaceHolderTwo\",\n Effect = \"Allow\",\n Actions = new[]\n {\n \"iam:*\",\n },\n Resources = new[]\n {\n \"*\",\n },\n },\n },\n });\n\n var policyThree = Aws.Iam.GetPolicyDocument.Invoke(new()\n {\n Statements = new[]\n {\n new Aws.Iam.Inputs.GetPolicyDocumentStatementInputArgs\n {\n Sid = \"OverridePlaceHolderOne\",\n Effect = \"Deny\",\n Actions = new[]\n {\n \"logs:*\",\n },\n Resources = new[]\n {\n \"*\",\n },\n },\n },\n });\n\n var combined = Aws.Iam.GetPolicyDocument.Invoke(new()\n {\n OverridePolicyDocuments = new[]\n {\n policyOne.Apply(getPolicyDocumentResult =\u003e getPolicyDocumentResult.Json),\n policyTwo.Apply(getPolicyDocumentResult =\u003e getPolicyDocumentResult.Json),\n policyThree.Apply(getPolicyDocumentResult =\u003e getPolicyDocumentResult.Json),\n },\n Statements = new[]\n {\n new Aws.Iam.Inputs.GetPolicyDocumentStatementInputArgs\n {\n Sid = \"OverridePlaceHolderTwo\",\n Effect = \"Deny\",\n Actions = new[]\n {\n \"*\",\n },\n Resources = new[]\n {\n \"*\",\n },\n },\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\n\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/iam\"\n)\nfunc main() {\npulumi.Run(func(ctx *pulumi.Context) error {\npolicyOne, err := iam.GetPolicyDocument(ctx, \u0026iam.GetPolicyDocumentArgs{\nStatements: []iam.GetPolicyDocumentStatement{\n{\nSid: pulumi.StringRef(\"OverridePlaceHolderOne\"),\nEffect: pulumi.StringRef(\"Allow\"),\nActions: []string{\n\"s3:*\",\n},\nResources: []string{\n\"*\",\n},\n},\n},\n}, nil);\nif err != nil {\nreturn err\n}\npolicyTwo, err := iam.GetPolicyDocument(ctx, \u0026iam.GetPolicyDocumentArgs{\nStatements: []iam.GetPolicyDocumentStatement{\n{\nEffect: pulumi.StringRef(\"Allow\"),\nActions: []string{\n\"ec2:*\",\n},\nResources: []string{\n\"*\",\n},\n},\n{\nSid: pulumi.StringRef(\"OverridePlaceHolderTwo\"),\nEffect: pulumi.StringRef(\"Allow\"),\nActions: []string{\n\"iam:*\",\n},\nResources: []string{\n\"*\",\n},\n},\n},\n}, nil);\nif err != nil {\nreturn err\n}\npolicyThree, err := iam.GetPolicyDocument(ctx, \u0026iam.GetPolicyDocumentArgs{\nStatements: []iam.GetPolicyDocumentStatement{\n{\nSid: pulumi.StringRef(\"OverridePlaceHolderOne\"),\nEffect: pulumi.StringRef(\"Deny\"),\nActions: []string{\n\"logs:*\",\n},\nResources: []string{\n\"*\",\n},\n},\n},\n}, nil);\nif err != nil {\nreturn err\n}\n_, err = iam.GetPolicyDocument(ctx, \u0026iam.GetPolicyDocumentArgs{\nOverridePolicyDocuments: interface{}{\npolicyOne.Json,\npolicyTwo.Json,\npolicyThree.Json,\n},\nStatements: []iam.GetPolicyDocumentStatement{\n{\nSid: pulumi.StringRef(\"OverridePlaceHolderTwo\"),\nEffect: pulumi.StringRef(\"Deny\"),\nActions: []string{\n\"*\",\n},\nResources: []string{\n\"*\",\n},\n},\n},\n}, nil);\nif err != nil {\nreturn err\n}\nreturn nil\n})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.aws.iam.IamFunctions;\nimport com.pulumi.aws.iam.inputs.GetPolicyDocumentArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var policyOne = IamFunctions.getPolicyDocument(GetPolicyDocumentArgs.builder()\n .statements(GetPolicyDocumentStatementArgs.builder()\n .sid(\"OverridePlaceHolderOne\")\n .effect(\"Allow\")\n .actions(\"s3:*\")\n .resources(\"*\")\n .build())\n .build());\n\n final var policyTwo = IamFunctions.getPolicyDocument(GetPolicyDocumentArgs.builder()\n .statements( \n GetPolicyDocumentStatementArgs.builder()\n .effect(\"Allow\")\n .actions(\"ec2:*\")\n .resources(\"*\")\n .build(),\n GetPolicyDocumentStatementArgs.builder()\n .sid(\"OverridePlaceHolderTwo\")\n .effect(\"Allow\")\n .actions(\"iam:*\")\n .resources(\"*\")\n .build())\n .build());\n\n final var policyThree = IamFunctions.getPolicyDocument(GetPolicyDocumentArgs.builder()\n .statements(GetPolicyDocumentStatementArgs.builder()\n .sid(\"OverridePlaceHolderOne\")\n .effect(\"Deny\")\n .actions(\"logs:*\")\n .resources(\"*\")\n .build())\n .build());\n\n final var combined = IamFunctions.getPolicyDocument(GetPolicyDocumentArgs.builder()\n .overridePolicyDocuments( \n policyOne.applyValue(getPolicyDocumentResult -\u003e getPolicyDocumentResult.json()),\n policyTwo.applyValue(getPolicyDocumentResult -\u003e getPolicyDocumentResult.json()),\n policyThree.applyValue(getPolicyDocumentResult -\u003e getPolicyDocumentResult.json()))\n .statements(GetPolicyDocumentStatementArgs.builder()\n .sid(\"OverridePlaceHolderTwo\")\n .effect(\"Deny\")\n .actions(\"*\")\n .resources(\"*\")\n .build())\n .build());\n\n }\n}\n```\n```yaml\nvariables:\n policyOne:\n fn::invoke:\n Function: aws:iam:getPolicyDocument\n Arguments:\n statements:\n - sid: OverridePlaceHolderOne\n effect: Allow\n actions:\n - s3:*\n resources:\n - '*'\n policyTwo:\n fn::invoke:\n Function: aws:iam:getPolicyDocument\n Arguments:\n statements:\n - effect: Allow\n actions:\n - ec2:*\n resources:\n - '*'\n - sid: OverridePlaceHolderTwo\n effect: Allow\n actions:\n - iam:*\n resources:\n - '*'\n policyThree:\n fn::invoke:\n Function: aws:iam:getPolicyDocument\n Arguments:\n statements:\n - sid: OverridePlaceHolderOne\n effect: Deny\n actions:\n - logs:*\n resources:\n - '*'\n combined:\n fn::invoke:\n Function: aws:iam:getPolicyDocument\n Arguments:\n overridePolicyDocuments:\n - ${policyOne.json}\n - ${policyTwo.json}\n - ${policyThree.json}\n statements:\n - sid: OverridePlaceHolderTwo\n effect: Deny\n actions:\n - '*'\n resources:\n - '*'\n```\n\n`data.aws_iam_policy_document.combined.json` will evaluate to:\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\n```\n```python\nimport pulumi\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n }\n}\n```\n```yaml\n{}\n```\n{{% /example %}}\n{{% /examples %}}", + "description": "Generates an IAM policy document in JSON format for use with resources that expect policy documents such as `aws.iam.Policy`.\n\nUsing this data source to generate policy documents is *optional*. It is also valid to use literal JSON strings in your configuration or to use the `file` interpolation function to read a raw JSON policy document from a file.\n\n{{% examples %}}\n## Example Usage\n{{% example %}}\n### Basic Example\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst examplePolicyDocument = aws.iam.getPolicyDocument({\n statements: [\n {\n sid: \"1\",\n actions: [\n \"s3:ListAllMyBuckets\",\n \"s3:GetBucketLocation\",\n ],\n resources: [\"arn:aws:s3:::*\"],\n },\n {\n actions: [\"s3:ListBucket\"],\n resources: [`arn:aws:s3:::${_var.s3_bucket_name}`],\n conditions: [{\n test: \"StringLike\",\n variable: \"s3:prefix\",\n values: [\n \"\",\n \"home/\",\n \"home/\u0026{aws:username}/\",\n ],\n }],\n },\n {\n actions: [\"s3:*\"],\n resources: [\n `arn:aws:s3:::${_var.s3_bucket_name}/home/\u0026{aws:username}`,\n `arn:aws:s3:::${_var.s3_bucket_name}/home/\u0026{aws:username}/*`,\n ],\n },\n ],\n});\nconst examplePolicy = new aws.iam.Policy(\"examplePolicy\", {\n path: \"/\",\n policy: examplePolicyDocument.then(examplePolicyDocument =\u003e examplePolicyDocument.json),\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nexample_policy_document = aws.iam.get_policy_document(statements=[\n aws.iam.GetPolicyDocumentStatementArgs(\n sid=\"1\",\n actions=[\n \"s3:ListAllMyBuckets\",\n \"s3:GetBucketLocation\",\n ],\n resources=[\"arn:aws:s3:::*\"],\n ),\n aws.iam.GetPolicyDocumentStatementArgs(\n actions=[\"s3:ListBucket\"],\n resources=[f\"arn:aws:s3:::{var['s3_bucket_name']}\"],\n conditions=[aws.iam.GetPolicyDocumentStatementConditionArgs(\n test=\"StringLike\",\n variable=\"s3:prefix\",\n values=[\n \"\",\n \"home/\",\n \"home/\u0026{aws:username}/\",\n ],\n )],\n ),\n aws.iam.GetPolicyDocumentStatementArgs(\n actions=[\"s3:*\"],\n resources=[\n f\"arn:aws:s3:::{var['s3_bucket_name']}/home/\u0026{{aws:username}}\",\n f\"arn:aws:s3:::{var['s3_bucket_name']}/home/\u0026{{aws:username}}/*\",\n ],\n ),\n])\nexample_policy = aws.iam.Policy(\"examplePolicy\",\n path=\"/\",\n policy=example_policy_document.json)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var examplePolicyDocument = Aws.Iam.GetPolicyDocument.Invoke(new()\n {\n Statements = new[]\n {\n new Aws.Iam.Inputs.GetPolicyDocumentStatementInputArgs\n {\n Sid = \"1\",\n Actions = new[]\n {\n \"s3:ListAllMyBuckets\",\n \"s3:GetBucketLocation\",\n },\n Resources = new[]\n {\n \"arn:aws:s3:::*\",\n },\n },\n new Aws.Iam.Inputs.GetPolicyDocumentStatementInputArgs\n {\n Actions = new[]\n {\n \"s3:ListBucket\",\n },\n Resources = new[]\n {\n $\"arn:aws:s3:::{@var.S3_bucket_name}\",\n },\n Conditions = new[]\n {\n new Aws.Iam.Inputs.GetPolicyDocumentStatementConditionInputArgs\n {\n Test = \"StringLike\",\n Variable = \"s3:prefix\",\n Values = new[]\n {\n \"\",\n \"home/\",\n \"home/\u0026{aws:username}/\",\n },\n },\n },\n },\n new Aws.Iam.Inputs.GetPolicyDocumentStatementInputArgs\n {\n Actions = new[]\n {\n \"s3:*\",\n },\n Resources = new[]\n {\n $\"arn:aws:s3:::{@var.S3_bucket_name}/home/\u0026{{aws:username}}\",\n $\"arn:aws:s3:::{@var.S3_bucket_name}/home/\u0026{{aws:username}}/*\",\n },\n },\n },\n });\n\n var examplePolicy = new Aws.Iam.Policy(\"examplePolicy\", new()\n {\n Path = \"/\",\n PolicyDocument = examplePolicyDocument.Apply(getPolicyDocumentResult =\u003e getPolicyDocumentResult.Json),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"fmt\"\n\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/iam\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\texamplePolicyDocument, err := iam.GetPolicyDocument(ctx, \u0026iam.GetPolicyDocumentArgs{\n\t\t\tStatements: pulumi.Array{\n\t\t\t\tiam.GetPolicyDocumentStatement{\n\t\t\t\t\tSid: pulumi.StringRef(\"1\"),\n\t\t\t\t\tActions: []string{\n\t\t\t\t\t\t\"s3:ListAllMyBuckets\",\n\t\t\t\t\t\t\"s3:GetBucketLocation\",\n\t\t\t\t\t},\n\t\t\t\t\tResources: []string{\n\t\t\t\t\t\t\"arn:aws:s3:::*\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t\tiam.GetPolicyDocumentStatement{\n\t\t\t\t\tActions: []string{\n\t\t\t\t\t\t\"s3:ListBucket\",\n\t\t\t\t\t},\n\t\t\t\t\tResources: []string{\n\t\t\t\t\t\tfmt.Sprintf(\"arn:aws:s3:::%v\", _var.S3_bucket_name),\n\t\t\t\t\t},\n\t\t\t\t\tConditions: []iam.GetPolicyDocumentStatementCondition{\n\t\t\t\t\t\t{\n\t\t\t\t\t\t\tTest: \"StringLike\",\n\t\t\t\t\t\t\tVariable: \"s3:prefix\",\n\t\t\t\t\t\t\tValues: []string{\n\t\t\t\t\t\t\t\t\"\",\n\t\t\t\t\t\t\t\t\"home/\",\n\t\t\t\t\t\t\t\t\"home/\u0026{aws:username}/\",\n\t\t\t\t\t\t\t},\n\t\t\t\t\t\t},\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t\tiam.GetPolicyDocumentStatement{\n\t\t\t\t\tActions: []string{\n\t\t\t\t\t\t\"s3:*\",\n\t\t\t\t\t},\n\t\t\t\t\tResources: []string{\n\t\t\t\t\t\tfmt.Sprintf(\"arn:aws:s3:::%v/home/\u0026{aws:username}\", _var.S3_bucket_name),\n\t\t\t\t\t\tfmt.Sprintf(\"arn:aws:s3:::%v/home/\u0026{aws:username}/*\", _var.S3_bucket_name),\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = iam.NewPolicy(ctx, \"examplePolicy\", \u0026iam.PolicyArgs{\n\t\t\tPath: pulumi.String(\"/\"),\n\t\t\tPolicy: *pulumi.String(examplePolicyDocument.Json),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.aws.iam.IamFunctions;\nimport com.pulumi.aws.iam.inputs.GetPolicyDocumentArgs;\nimport com.pulumi.aws.iam.Policy;\nimport com.pulumi.aws.iam.PolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var examplePolicyDocument = IamFunctions.getPolicyDocument(GetPolicyDocumentArgs.builder()\n .statements( \n GetPolicyDocumentStatementArgs.builder()\n .sid(\"1\")\n .actions( \n \"s3:ListAllMyBuckets\",\n \"s3:GetBucketLocation\")\n .resources(\"arn:aws:s3:::*\")\n .build(),\n GetPolicyDocumentStatementArgs.builder()\n .actions(\"s3:ListBucket\")\n .resources(String.format(\"arn:aws:s3:::%s\", var_.s3_bucket_name()))\n .conditions(GetPolicyDocumentStatementConditionArgs.builder()\n .test(\"StringLike\")\n .variable(\"s3:prefix\")\n .values( \n \"\",\n \"home/\",\n \"home/\u0026{aws:username}/\")\n .build())\n .build(),\n GetPolicyDocumentStatementArgs.builder()\n .actions(\"s3:*\")\n .resources( \n String.format(\"arn:aws:s3:::%s/home/\u0026{{aws:username}}\", var_.s3_bucket_name()),\n String.format(\"arn:aws:s3:::%s/home/\u0026{{aws:username}}/*\", var_.s3_bucket_name()))\n .build())\n .build());\n\n var examplePolicy = new Policy(\"examplePolicy\", PolicyArgs.builder() \n .path(\"/\")\n .policy(examplePolicyDocument.applyValue(getPolicyDocumentResult -\u003e getPolicyDocumentResult.json()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n examplePolicy:\n type: aws:iam:Policy\n properties:\n path: /\n policy: ${examplePolicyDocument.json}\nvariables:\n examplePolicyDocument:\n fn::invoke:\n Function: aws:iam:getPolicyDocument\n Arguments:\n statements:\n - sid: '1'\n actions:\n - s3:ListAllMyBuckets\n - s3:GetBucketLocation\n resources:\n - arn:aws:s3:::*\n - actions:\n - s3:ListBucket\n resources:\n - arn:aws:s3:::${var.s3_bucket_name}\n conditions:\n - test: StringLike\n variable: s3:prefix\n values:\n -\n - home/\n - home/\u0026{aws:username}/\n - actions:\n - s3:*\n resources:\n - arn:aws:s3:::${var.s3_bucket_name}/home/\u0026{aws:username}\n - arn:aws:s3:::${var.s3_bucket_name}/home/\u0026{aws:username}/*\n```\n{{% /example %}}\n{{% example %}}\n### Example Multiple Condition Keys and Values\n\nYou can specify a [condition with multiple keys and values](https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_multi-value-conditions.html) by supplying multiple `condition` blocks with the same `test` value, but differing `variable` and `values` values.\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst exampleMultipleConditionKeysAndValues = aws.iam.getPolicyDocument({\n statements: [{\n actions: [\n \"kms:Decrypt\",\n \"kms:GenerateDataKey\",\n ],\n conditions: [\n {\n test: \"ForAnyValue:StringEquals\",\n values: [\"pi\"],\n variable: \"kms:EncryptionContext:service\",\n },\n {\n test: \"ForAnyValue:StringEquals\",\n values: [\"rds\"],\n variable: \"kms:EncryptionContext:aws:pi:service\",\n },\n {\n test: \"ForAnyValue:StringEquals\",\n values: [\n \"db-AAAAABBBBBCCCCCDDDDDEEEEE\",\n \"db-EEEEEDDDDDCCCCCBBBBBAAAAA\",\n ],\n variable: \"kms:EncryptionContext:aws:rds:db-id\",\n },\n ],\n resources: [\"*\"],\n }],\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nexample_multiple_condition_keys_and_values = aws.iam.get_policy_document(statements=[aws.iam.GetPolicyDocumentStatementArgs(\n actions=[\n \"kms:Decrypt\",\n \"kms:GenerateDataKey\",\n ],\n conditions=[\n aws.iam.GetPolicyDocumentStatementConditionArgs(\n test=\"ForAnyValue:StringEquals\",\n values=[\"pi\"],\n variable=\"kms:EncryptionContext:service\",\n ),\n aws.iam.GetPolicyDocumentStatementConditionArgs(\n test=\"ForAnyValue:StringEquals\",\n values=[\"rds\"],\n variable=\"kms:EncryptionContext:aws:pi:service\",\n ),\n aws.iam.GetPolicyDocumentStatementConditionArgs(\n test=\"ForAnyValue:StringEquals\",\n values=[\n \"db-AAAAABBBBBCCCCCDDDDDEEEEE\",\n \"db-EEEEEDDDDDCCCCCBBBBBAAAAA\",\n ],\n variable=\"kms:EncryptionContext:aws:rds:db-id\",\n ),\n ],\n resources=[\"*\"],\n)])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var exampleMultipleConditionKeysAndValues = Aws.Iam.GetPolicyDocument.Invoke(new()\n {\n Statements = new[]\n {\n new Aws.Iam.Inputs.GetPolicyDocumentStatementInputArgs\n {\n Actions = new[]\n {\n \"kms:Decrypt\",\n \"kms:GenerateDataKey\",\n },\n Conditions = new[]\n {\n new Aws.Iam.Inputs.GetPolicyDocumentStatementConditionInputArgs\n {\n Test = \"ForAnyValue:StringEquals\",\n Values = new[]\n {\n \"pi\",\n },\n Variable = \"kms:EncryptionContext:service\",\n },\n new Aws.Iam.Inputs.GetPolicyDocumentStatementConditionInputArgs\n {\n Test = \"ForAnyValue:StringEquals\",\n Values = new[]\n {\n \"rds\",\n },\n Variable = \"kms:EncryptionContext:aws:pi:service\",\n },\n new Aws.Iam.Inputs.GetPolicyDocumentStatementConditionInputArgs\n {\n Test = \"ForAnyValue:StringEquals\",\n Values = new[]\n {\n \"db-AAAAABBBBBCCCCCDDDDDEEEEE\",\n \"db-EEEEEDDDDDCCCCCBBBBBAAAAA\",\n },\n Variable = \"kms:EncryptionContext:aws:rds:db-id\",\n },\n },\n Resources = new[]\n {\n \"*\",\n },\n },\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/iam\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := iam.GetPolicyDocument(ctx, \u0026iam.GetPolicyDocumentArgs{\n\t\t\tStatements: []iam.GetPolicyDocumentStatement{\n\t\t\t\t{\n\t\t\t\t\tActions: []string{\n\t\t\t\t\t\t\"kms:Decrypt\",\n\t\t\t\t\t\t\"kms:GenerateDataKey\",\n\t\t\t\t\t},\n\t\t\t\t\tConditions: []iam.GetPolicyDocumentStatementCondition{\n\t\t\t\t\t\t{\n\t\t\t\t\t\t\tTest: \"ForAnyValue:StringEquals\",\n\t\t\t\t\t\t\tValues: []string{\n\t\t\t\t\t\t\t\t\"pi\",\n\t\t\t\t\t\t\t},\n\t\t\t\t\t\t\tVariable: \"kms:EncryptionContext:service\",\n\t\t\t\t\t\t},\n\t\t\t\t\t\t{\n\t\t\t\t\t\t\tTest: \"ForAnyValue:StringEquals\",\n\t\t\t\t\t\t\tValues: []string{\n\t\t\t\t\t\t\t\t\"rds\",\n\t\t\t\t\t\t\t},\n\t\t\t\t\t\t\tVariable: \"kms:EncryptionContext:aws:pi:service\",\n\t\t\t\t\t\t},\n\t\t\t\t\t\t{\n\t\t\t\t\t\t\tTest: \"ForAnyValue:StringEquals\",\n\t\t\t\t\t\t\tValues: []string{\n\t\t\t\t\t\t\t\t\"db-AAAAABBBBBCCCCCDDDDDEEEEE\",\n\t\t\t\t\t\t\t\t\"db-EEEEEDDDDDCCCCCBBBBBAAAAA\",\n\t\t\t\t\t\t\t},\n\t\t\t\t\t\t\tVariable: \"kms:EncryptionContext:aws:rds:db-id\",\n\t\t\t\t\t\t},\n\t\t\t\t\t},\n\t\t\t\t\tResources: []string{\n\t\t\t\t\t\t\"*\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.aws.iam.IamFunctions;\nimport com.pulumi.aws.iam.inputs.GetPolicyDocumentArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var exampleMultipleConditionKeysAndValues = IamFunctions.getPolicyDocument(GetPolicyDocumentArgs.builder()\n .statements(GetPolicyDocumentStatementArgs.builder()\n .actions( \n \"kms:Decrypt\",\n \"kms:GenerateDataKey\")\n .conditions( \n GetPolicyDocumentStatementConditionArgs.builder()\n .test(\"ForAnyValue:StringEquals\")\n .values(\"pi\")\n .variable(\"kms:EncryptionContext:service\")\n .build(),\n GetPolicyDocumentStatementConditionArgs.builder()\n .test(\"ForAnyValue:StringEquals\")\n .values(\"rds\")\n .variable(\"kms:EncryptionContext:aws:pi:service\")\n .build(),\n GetPolicyDocumentStatementConditionArgs.builder()\n .test(\"ForAnyValue:StringEquals\")\n .values( \n \"db-AAAAABBBBBCCCCCDDDDDEEEEE\",\n \"db-EEEEEDDDDDCCCCCBBBBBAAAAA\")\n .variable(\"kms:EncryptionContext:aws:rds:db-id\")\n .build())\n .resources(\"*\")\n .build())\n .build());\n\n }\n}\n```\n```yaml\nvariables:\n exampleMultipleConditionKeysAndValues:\n fn::invoke:\n Function: aws:iam:getPolicyDocument\n Arguments:\n statements:\n - actions:\n - kms:Decrypt\n - kms:GenerateDataKey\n conditions:\n - test: ForAnyValue:StringEquals\n values:\n - pi\n variable: kms:EncryptionContext:service\n - test: ForAnyValue:StringEquals\n values:\n - rds\n variable: kms:EncryptionContext:aws:pi:service\n - test: ForAnyValue:StringEquals\n values:\n - db-AAAAABBBBBCCCCCDDDDDEEEEE\n - db-EEEEEDDDDDCCCCCBBBBBAAAAA\n variable: kms:EncryptionContext:aws:rds:db-id\n resources:\n - '*'\n```\n\n`data.aws_iam_policy_document.example_multiple_condition_keys_and_values.json` will evaluate to:\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\n```\n```python\nimport pulumi\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n }\n}\n```\n```yaml\n{}\n```\n{{% /example %}}\n{{% example %}}\n### Example Assume-Role Policy with Multiple Principals\n\nYou can specify multiple principal blocks with different types. You can also use this data source to generate an assume-role policy.\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst eventStreamBucketRoleAssumeRolePolicy = aws.iam.getPolicyDocument({\n statements: [{\n actions: [\"sts:AssumeRole\"],\n principals: [\n {\n type: \"Service\",\n identifiers: [\"firehose.amazonaws.com\"],\n },\n {\n type: \"AWS\",\n identifiers: [_var.trusted_role_arn],\n },\n {\n type: \"Federated\",\n identifiers: [\n `arn:aws:iam::${_var.account_id}:saml-provider/${_var.provider_name}`,\n \"cognito-identity.amazonaws.com\",\n ],\n },\n ],\n }],\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nevent_stream_bucket_role_assume_role_policy = aws.iam.get_policy_document(statements=[aws.iam.GetPolicyDocumentStatementArgs(\n actions=[\"sts:AssumeRole\"],\n principals=[\n aws.iam.GetPolicyDocumentStatementPrincipalArgs(\n type=\"Service\",\n identifiers=[\"firehose.amazonaws.com\"],\n ),\n aws.iam.GetPolicyDocumentStatementPrincipalArgs(\n type=\"AWS\",\n identifiers=[var[\"trusted_role_arn\"]],\n ),\n aws.iam.GetPolicyDocumentStatementPrincipalArgs(\n type=\"Federated\",\n identifiers=[\n f\"arn:aws:iam::{var['account_id']}:saml-provider/{var['provider_name']}\",\n \"cognito-identity.amazonaws.com\",\n ],\n ),\n ],\n)])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var eventStreamBucketRoleAssumeRolePolicy = Aws.Iam.GetPolicyDocument.Invoke(new()\n {\n Statements = new[]\n {\n new Aws.Iam.Inputs.GetPolicyDocumentStatementInputArgs\n {\n Actions = new[]\n {\n \"sts:AssumeRole\",\n },\n Principals = new[]\n {\n new Aws.Iam.Inputs.GetPolicyDocumentStatementPrincipalInputArgs\n {\n Type = \"Service\",\n Identifiers = new[]\n {\n \"firehose.amazonaws.com\",\n },\n },\n new Aws.Iam.Inputs.GetPolicyDocumentStatementPrincipalInputArgs\n {\n Type = \"AWS\",\n Identifiers = new[]\n {\n @var.Trusted_role_arn,\n },\n },\n new Aws.Iam.Inputs.GetPolicyDocumentStatementPrincipalInputArgs\n {\n Type = \"Federated\",\n Identifiers = new[]\n {\n $\"arn:aws:iam::{@var.Account_id}:saml-provider/{@var.Provider_name}\",\n \"cognito-identity.amazonaws.com\",\n },\n },\n },\n },\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"fmt\"\n\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/iam\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\nfunc main() {\npulumi.Run(func(ctx *pulumi.Context) error {\n_, err := iam.GetPolicyDocument(ctx, \u0026iam.GetPolicyDocumentArgs{\nStatements: []iam.GetPolicyDocumentStatement{\n{\nActions: []string{\n\"sts:AssumeRole\",\n},\nPrincipals: []iam.GetPolicyDocumentStatementPrincipal{\n{\nType: \"Service\",\nIdentifiers: []string{\n\"firehose.amazonaws.com\",\n},\n},\n{\nType: \"AWS\",\nIdentifiers: interface{}{\n_var.Trusted_role_arn,\n},\n},\n{\nType: \"Federated\",\nIdentifiers: []string{\nfmt.Sprintf(\"arn:aws:iam::%v:saml-provider/%v\", _var.Account_id, _var.Provider_name),\n\"cognito-identity.amazonaws.com\",\n},\n},\n},\n},\n},\n}, nil);\nif err != nil {\nreturn err\n}\nreturn nil\n})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.aws.iam.IamFunctions;\nimport com.pulumi.aws.iam.inputs.GetPolicyDocumentArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var eventStreamBucketRoleAssumeRolePolicy = IamFunctions.getPolicyDocument(GetPolicyDocumentArgs.builder()\n .statements(GetPolicyDocumentStatementArgs.builder()\n .actions(\"sts:AssumeRole\")\n .principals( \n GetPolicyDocumentStatementPrincipalArgs.builder()\n .type(\"Service\")\n .identifiers(\"firehose.amazonaws.com\")\n .build(),\n GetPolicyDocumentStatementPrincipalArgs.builder()\n .type(\"AWS\")\n .identifiers(var_.trusted_role_arn())\n .build(),\n GetPolicyDocumentStatementPrincipalArgs.builder()\n .type(\"Federated\")\n .identifiers( \n String.format(\"arn:aws:iam::%s:saml-provider/%s\", var_.account_id(),var_.provider_name()),\n \"cognito-identity.amazonaws.com\")\n .build())\n .build())\n .build());\n\n }\n}\n```\n```yaml\nvariables:\n eventStreamBucketRoleAssumeRolePolicy:\n fn::invoke:\n Function: aws:iam:getPolicyDocument\n Arguments:\n statements:\n - actions:\n - sts:AssumeRole\n principals:\n - type: Service\n identifiers:\n - firehose.amazonaws.com\n - type: AWS\n identifiers:\n - ${var.trusted_role_arn}\n - type: Federated\n identifiers:\n - arn:aws:iam::${var.account_id}:saml-provider/${var.provider_name}\n - cognito-identity.amazonaws.com\n```\n{{% /example %}}\n{{% example %}}\n### Example Using A Source Document\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst source = aws.iam.getPolicyDocument({\n statements: [\n {\n actions: [\"ec2:*\"],\n resources: [\"*\"],\n },\n {\n sid: \"SidToOverride\",\n actions: [\"s3:*\"],\n resources: [\"*\"],\n },\n ],\n});\nconst sourceDocumentExample = source.then(source =\u003e aws.iam.getPolicyDocument({\n sourcePolicyDocuments: [source.json],\n statements: [{\n sid: \"SidToOverride\",\n actions: [\"s3:*\"],\n resources: [\n \"arn:aws:s3:::somebucket\",\n \"arn:aws:s3:::somebucket/*\",\n ],\n }],\n}));\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nsource = aws.iam.get_policy_document(statements=[\n aws.iam.GetPolicyDocumentStatementArgs(\n actions=[\"ec2:*\"],\n resources=[\"*\"],\n ),\n aws.iam.GetPolicyDocumentStatementArgs(\n sid=\"SidToOverride\",\n actions=[\"s3:*\"],\n resources=[\"*\"],\n ),\n])\nsource_document_example = aws.iam.get_policy_document(source_policy_documents=[source.json],\n statements=[aws.iam.GetPolicyDocumentStatementArgs(\n sid=\"SidToOverride\",\n actions=[\"s3:*\"],\n resources=[\n \"arn:aws:s3:::somebucket\",\n \"arn:aws:s3:::somebucket/*\",\n ],\n )])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var source = Aws.Iam.GetPolicyDocument.Invoke(new()\n {\n Statements = new[]\n {\n new Aws.Iam.Inputs.GetPolicyDocumentStatementInputArgs\n {\n Actions = new[]\n {\n \"ec2:*\",\n },\n Resources = new[]\n {\n \"*\",\n },\n },\n new Aws.Iam.Inputs.GetPolicyDocumentStatementInputArgs\n {\n Sid = \"SidToOverride\",\n Actions = new[]\n {\n \"s3:*\",\n },\n Resources = new[]\n {\n \"*\",\n },\n },\n },\n });\n\n var sourceDocumentExample = Aws.Iam.GetPolicyDocument.Invoke(new()\n {\n SourcePolicyDocuments = new[]\n {\n source.Apply(getPolicyDocumentResult =\u003e getPolicyDocumentResult.Json),\n },\n Statements = new[]\n {\n new Aws.Iam.Inputs.GetPolicyDocumentStatementInputArgs\n {\n Sid = \"SidToOverride\",\n Actions = new[]\n {\n \"s3:*\",\n },\n Resources = new[]\n {\n \"arn:aws:s3:::somebucket\",\n \"arn:aws:s3:::somebucket/*\",\n },\n },\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/iam\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\nfunc main() {\npulumi.Run(func(ctx *pulumi.Context) error {\nsource, err := iam.GetPolicyDocument(ctx, \u0026iam.GetPolicyDocumentArgs{\nStatements: []iam.GetPolicyDocumentStatement{\n{\nActions: []string{\n\"ec2:*\",\n},\nResources: []string{\n\"*\",\n},\n},\n{\nSid: pulumi.StringRef(\"SidToOverride\"),\nActions: []string{\n\"s3:*\",\n},\nResources: []string{\n\"*\",\n},\n},\n},\n}, nil);\nif err != nil {\nreturn err\n}\n_, err = iam.GetPolicyDocument(ctx, \u0026iam.GetPolicyDocumentArgs{\nSourcePolicyDocuments: interface{}{\nsource.Json,\n},\nStatements: []iam.GetPolicyDocumentStatement{\n{\nSid: pulumi.StringRef(\"SidToOverride\"),\nActions: []string{\n\"s3:*\",\n},\nResources: []string{\n\"arn:aws:s3:::somebucket\",\n\"arn:aws:s3:::somebucket/*\",\n},\n},\n},\n}, nil);\nif err != nil {\nreturn err\n}\nreturn nil\n})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.aws.iam.IamFunctions;\nimport com.pulumi.aws.iam.inputs.GetPolicyDocumentArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var source = IamFunctions.getPolicyDocument(GetPolicyDocumentArgs.builder()\n .statements( \n GetPolicyDocumentStatementArgs.builder()\n .actions(\"ec2:*\")\n .resources(\"*\")\n .build(),\n GetPolicyDocumentStatementArgs.builder()\n .sid(\"SidToOverride\")\n .actions(\"s3:*\")\n .resources(\"*\")\n .build())\n .build());\n\n final var sourceDocumentExample = IamFunctions.getPolicyDocument(GetPolicyDocumentArgs.builder()\n .sourcePolicyDocuments(source.applyValue(getPolicyDocumentResult -\u003e getPolicyDocumentResult.json()))\n .statements(GetPolicyDocumentStatementArgs.builder()\n .sid(\"SidToOverride\")\n .actions(\"s3:*\")\n .resources( \n \"arn:aws:s3:::somebucket\",\n \"arn:aws:s3:::somebucket/*\")\n .build())\n .build());\n\n }\n}\n```\n```yaml\nvariables:\n source:\n fn::invoke:\n Function: aws:iam:getPolicyDocument\n Arguments:\n statements:\n - actions:\n - ec2:*\n resources:\n - '*'\n - sid: SidToOverride\n actions:\n - s3:*\n resources:\n - '*'\n sourceDocumentExample:\n fn::invoke:\n Function: aws:iam:getPolicyDocument\n Arguments:\n sourcePolicyDocuments:\n - ${source.json}\n statements:\n - sid: SidToOverride\n actions:\n - s3:*\n resources:\n - arn:aws:s3:::somebucket\n - arn:aws:s3:::somebucket/*\n```\n\n`data.aws_iam_policy_document.source_document_example.json` will evaluate to:\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\n```\n```python\nimport pulumi\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n }\n}\n```\n```yaml\n{}\n```\n{{% /example %}}\n{{% example %}}\n### Example Using An Override Document\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst override = aws.iam.getPolicyDocument({\n statements: [{\n sid: \"SidToOverride\",\n actions: [\"s3:*\"],\n resources: [\"*\"],\n }],\n});\nconst overridePolicyDocumentExample = override.then(override =\u003e aws.iam.getPolicyDocument({\n overridePolicyDocuments: [override.json],\n statements: [\n {\n actions: [\"ec2:*\"],\n resources: [\"*\"],\n },\n {\n sid: \"SidToOverride\",\n actions: [\"s3:*\"],\n resources: [\n \"arn:aws:s3:::somebucket\",\n \"arn:aws:s3:::somebucket/*\",\n ],\n },\n ],\n}));\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\noverride = aws.iam.get_policy_document(statements=[aws.iam.GetPolicyDocumentStatementArgs(\n sid=\"SidToOverride\",\n actions=[\"s3:*\"],\n resources=[\"*\"],\n)])\noverride_policy_document_example = aws.iam.get_policy_document(override_policy_documents=[override.json],\n statements=[\n aws.iam.GetPolicyDocumentStatementArgs(\n actions=[\"ec2:*\"],\n resources=[\"*\"],\n ),\n aws.iam.GetPolicyDocumentStatementArgs(\n sid=\"SidToOverride\",\n actions=[\"s3:*\"],\n resources=[\n \"arn:aws:s3:::somebucket\",\n \"arn:aws:s3:::somebucket/*\",\n ],\n ),\n ])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var @override = Aws.Iam.GetPolicyDocument.Invoke(new()\n {\n Statements = new[]\n {\n new Aws.Iam.Inputs.GetPolicyDocumentStatementInputArgs\n {\n Sid = \"SidToOverride\",\n Actions = new[]\n {\n \"s3:*\",\n },\n Resources = new[]\n {\n \"*\",\n },\n },\n },\n });\n\n var overridePolicyDocumentExample = Aws.Iam.GetPolicyDocument.Invoke(new()\n {\n OverridePolicyDocuments = new[]\n {\n @override.Apply(getPolicyDocumentResult =\u003e getPolicyDocumentResult.Json),\n },\n Statements = new[]\n {\n new Aws.Iam.Inputs.GetPolicyDocumentStatementInputArgs\n {\n Actions = new[]\n {\n \"ec2:*\",\n },\n Resources = new[]\n {\n \"*\",\n },\n },\n new Aws.Iam.Inputs.GetPolicyDocumentStatementInputArgs\n {\n Sid = \"SidToOverride\",\n Actions = new[]\n {\n \"s3:*\",\n },\n Resources = new[]\n {\n \"arn:aws:s3:::somebucket\",\n \"arn:aws:s3:::somebucket/*\",\n },\n },\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/iam\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\nfunc main() {\npulumi.Run(func(ctx *pulumi.Context) error {\noverride, err := iam.GetPolicyDocument(ctx, \u0026iam.GetPolicyDocumentArgs{\nStatements: []iam.GetPolicyDocumentStatement{\n{\nSid: pulumi.StringRef(\"SidToOverride\"),\nActions: []string{\n\"s3:*\",\n},\nResources: []string{\n\"*\",\n},\n},\n},\n}, nil);\nif err != nil {\nreturn err\n}\n_, err = iam.GetPolicyDocument(ctx, \u0026iam.GetPolicyDocumentArgs{\nOverridePolicyDocuments: interface{}{\noverride.Json,\n},\nStatements: []iam.GetPolicyDocumentStatement{\n{\nActions: []string{\n\"ec2:*\",\n},\nResources: []string{\n\"*\",\n},\n},\n{\nSid: pulumi.StringRef(\"SidToOverride\"),\nActions: []string{\n\"s3:*\",\n},\nResources: []string{\n\"arn:aws:s3:::somebucket\",\n\"arn:aws:s3:::somebucket/*\",\n},\n},\n},\n}, nil);\nif err != nil {\nreturn err\n}\nreturn nil\n})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.aws.iam.IamFunctions;\nimport com.pulumi.aws.iam.inputs.GetPolicyDocumentArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var override = IamFunctions.getPolicyDocument(GetPolicyDocumentArgs.builder()\n .statements(GetPolicyDocumentStatementArgs.builder()\n .sid(\"SidToOverride\")\n .actions(\"s3:*\")\n .resources(\"*\")\n .build())\n .build());\n\n final var overridePolicyDocumentExample = IamFunctions.getPolicyDocument(GetPolicyDocumentArgs.builder()\n .overridePolicyDocuments(override.applyValue(getPolicyDocumentResult -\u003e getPolicyDocumentResult.json()))\n .statements( \n GetPolicyDocumentStatementArgs.builder()\n .actions(\"ec2:*\")\n .resources(\"*\")\n .build(),\n GetPolicyDocumentStatementArgs.builder()\n .sid(\"SidToOverride\")\n .actions(\"s3:*\")\n .resources( \n \"arn:aws:s3:::somebucket\",\n \"arn:aws:s3:::somebucket/*\")\n .build())\n .build());\n\n }\n}\n```\n```yaml\nvariables:\n override:\n fn::invoke:\n Function: aws:iam:getPolicyDocument\n Arguments:\n statements:\n - sid: SidToOverride\n actions:\n - s3:*\n resources:\n - '*'\n overridePolicyDocumentExample:\n fn::invoke:\n Function: aws:iam:getPolicyDocument\n Arguments:\n overridePolicyDocuments:\n - ${override.json}\n statements:\n - actions:\n - ec2:*\n resources:\n - '*'\n - sid: SidToOverride\n actions:\n - s3:*\n resources:\n - arn:aws:s3:::somebucket\n - arn:aws:s3:::somebucket/*\n```\n\n`data.aws_iam_policy_document.override_policy_document_example.json` will evaluate to:\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\n```\n```python\nimport pulumi\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n }\n}\n```\n```yaml\n{}\n```\n{{% /example %}}\n{{% example %}}\n### Example with Both Source and Override Documents\n\nYou can also combine `source_policy_documents` and `override_policy_documents` in the same document.\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst source = aws.iam.getPolicyDocument({\n statements: [{\n sid: \"OverridePlaceholder\",\n actions: [\"ec2:DescribeAccountAttributes\"],\n resources: [\"*\"],\n }],\n});\nconst override = aws.iam.getPolicyDocument({\n statements: [{\n sid: \"OverridePlaceholder\",\n actions: [\"s3:GetObject\"],\n resources: [\"*\"],\n }],\n});\nconst politik = Promise.all([source, override]).then(([source, override]) =\u003e aws.iam.getPolicyDocument({\n sourcePolicyDocuments: [source.json],\n overridePolicyDocuments: [override.json],\n}));\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nsource = aws.iam.get_policy_document(statements=[aws.iam.GetPolicyDocumentStatementArgs(\n sid=\"OverridePlaceholder\",\n actions=[\"ec2:DescribeAccountAttributes\"],\n resources=[\"*\"],\n)])\noverride = aws.iam.get_policy_document(statements=[aws.iam.GetPolicyDocumentStatementArgs(\n sid=\"OverridePlaceholder\",\n actions=[\"s3:GetObject\"],\n resources=[\"*\"],\n)])\npolitik = aws.iam.get_policy_document(source_policy_documents=[source.json],\n override_policy_documents=[override.json])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var source = Aws.Iam.GetPolicyDocument.Invoke(new()\n {\n Statements = new[]\n {\n new Aws.Iam.Inputs.GetPolicyDocumentStatementInputArgs\n {\n Sid = \"OverridePlaceholder\",\n Actions = new[]\n {\n \"ec2:DescribeAccountAttributes\",\n },\n Resources = new[]\n {\n \"*\",\n },\n },\n },\n });\n\n var @override = Aws.Iam.GetPolicyDocument.Invoke(new()\n {\n Statements = new[]\n {\n new Aws.Iam.Inputs.GetPolicyDocumentStatementInputArgs\n {\n Sid = \"OverridePlaceholder\",\n Actions = new[]\n {\n \"s3:GetObject\",\n },\n Resources = new[]\n {\n \"*\",\n },\n },\n },\n });\n\n var politik = Aws.Iam.GetPolicyDocument.Invoke(new()\n {\n SourcePolicyDocuments = new[]\n {\n source.Apply(getPolicyDocumentResult =\u003e getPolicyDocumentResult.Json),\n },\n OverridePolicyDocuments = new[]\n {\n @override.Apply(getPolicyDocumentResult =\u003e getPolicyDocumentResult.Json),\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/iam\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\nfunc main() {\npulumi.Run(func(ctx *pulumi.Context) error {\nsource, err := iam.GetPolicyDocument(ctx, \u0026iam.GetPolicyDocumentArgs{\nStatements: []iam.GetPolicyDocumentStatement{\n{\nSid: pulumi.StringRef(\"OverridePlaceholder\"),\nActions: []string{\n\"ec2:DescribeAccountAttributes\",\n},\nResources: []string{\n\"*\",\n},\n},\n},\n}, nil);\nif err != nil {\nreturn err\n}\noverride, err := iam.GetPolicyDocument(ctx, \u0026iam.GetPolicyDocumentArgs{\nStatements: []iam.GetPolicyDocumentStatement{\n{\nSid: pulumi.StringRef(\"OverridePlaceholder\"),\nActions: []string{\n\"s3:GetObject\",\n},\nResources: []string{\n\"*\",\n},\n},\n},\n}, nil);\nif err != nil {\nreturn err\n}\n_, err = iam.GetPolicyDocument(ctx, \u0026iam.GetPolicyDocumentArgs{\nSourcePolicyDocuments: interface{}{\nsource.Json,\n},\nOverridePolicyDocuments: interface{}{\noverride.Json,\n},\n}, nil);\nif err != nil {\nreturn err\n}\nreturn nil\n})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.aws.iam.IamFunctions;\nimport com.pulumi.aws.iam.inputs.GetPolicyDocumentArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var source = IamFunctions.getPolicyDocument(GetPolicyDocumentArgs.builder()\n .statements(GetPolicyDocumentStatementArgs.builder()\n .sid(\"OverridePlaceholder\")\n .actions(\"ec2:DescribeAccountAttributes\")\n .resources(\"*\")\n .build())\n .build());\n\n final var override = IamFunctions.getPolicyDocument(GetPolicyDocumentArgs.builder()\n .statements(GetPolicyDocumentStatementArgs.builder()\n .sid(\"OverridePlaceholder\")\n .actions(\"s3:GetObject\")\n .resources(\"*\")\n .build())\n .build());\n\n final var politik = IamFunctions.getPolicyDocument(GetPolicyDocumentArgs.builder()\n .sourcePolicyDocuments(source.applyValue(getPolicyDocumentResult -\u003e getPolicyDocumentResult.json()))\n .overridePolicyDocuments(override.applyValue(getPolicyDocumentResult -\u003e getPolicyDocumentResult.json()))\n .build());\n\n }\n}\n```\n```yaml\nvariables:\n source:\n fn::invoke:\n Function: aws:iam:getPolicyDocument\n Arguments:\n statements:\n - sid: OverridePlaceholder\n actions:\n - ec2:DescribeAccountAttributes\n resources:\n - '*'\n override:\n fn::invoke:\n Function: aws:iam:getPolicyDocument\n Arguments:\n statements:\n - sid: OverridePlaceholder\n actions:\n - s3:GetObject\n resources:\n - '*'\n politik:\n fn::invoke:\n Function: aws:iam:getPolicyDocument\n Arguments:\n sourcePolicyDocuments:\n - ${source.json}\n overridePolicyDocuments:\n - ${override.json}\n```\n\n`data.aws_iam_policy_document.politik.json` will evaluate to:\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\n```\n```python\nimport pulumi\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n }\n}\n```\n```yaml\n{}\n```\n{{% /example %}}\n{{% example %}}\n### Example of Merging Source Documents\n\nMultiple documents can be combined using the `source_policy_documents` or `override_policy_documents` attributes. `source_policy_documents` requires that all documents have unique Sids, while `override_policy_documents` will iteratively override matching Sids.\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst sourceOne = aws.iam.getPolicyDocument({\n statements: [\n {\n actions: [\"ec2:*\"],\n resources: [\"*\"],\n },\n {\n sid: \"UniqueSidOne\",\n actions: [\"s3:*\"],\n resources: [\"*\"],\n },\n ],\n});\nconst sourceTwo = aws.iam.getPolicyDocument({\n statements: [\n {\n sid: \"UniqueSidTwo\",\n actions: [\"iam:*\"],\n resources: [\"*\"],\n },\n {\n actions: [\"lambda:*\"],\n resources: [\"*\"],\n },\n ],\n});\nconst combined = Promise.all([sourceOne, sourceTwo]).then(([sourceOne, sourceTwo]) =\u003e aws.iam.getPolicyDocument({\n sourcePolicyDocuments: [\n sourceOne.json,\n sourceTwo.json,\n ],\n}));\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nsource_one = aws.iam.get_policy_document(statements=[\n aws.iam.GetPolicyDocumentStatementArgs(\n actions=[\"ec2:*\"],\n resources=[\"*\"],\n ),\n aws.iam.GetPolicyDocumentStatementArgs(\n sid=\"UniqueSidOne\",\n actions=[\"s3:*\"],\n resources=[\"*\"],\n ),\n])\nsource_two = aws.iam.get_policy_document(statements=[\n aws.iam.GetPolicyDocumentStatementArgs(\n sid=\"UniqueSidTwo\",\n actions=[\"iam:*\"],\n resources=[\"*\"],\n ),\n aws.iam.GetPolicyDocumentStatementArgs(\n actions=[\"lambda:*\"],\n resources=[\"*\"],\n ),\n])\ncombined = aws.iam.get_policy_document(source_policy_documents=[\n source_one.json,\n source_two.json,\n])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var sourceOne = Aws.Iam.GetPolicyDocument.Invoke(new()\n {\n Statements = new[]\n {\n new Aws.Iam.Inputs.GetPolicyDocumentStatementInputArgs\n {\n Actions = new[]\n {\n \"ec2:*\",\n },\n Resources = new[]\n {\n \"*\",\n },\n },\n new Aws.Iam.Inputs.GetPolicyDocumentStatementInputArgs\n {\n Sid = \"UniqueSidOne\",\n Actions = new[]\n {\n \"s3:*\",\n },\n Resources = new[]\n {\n \"*\",\n },\n },\n },\n });\n\n var sourceTwo = Aws.Iam.GetPolicyDocument.Invoke(new()\n {\n Statements = new[]\n {\n new Aws.Iam.Inputs.GetPolicyDocumentStatementInputArgs\n {\n Sid = \"UniqueSidTwo\",\n Actions = new[]\n {\n \"iam:*\",\n },\n Resources = new[]\n {\n \"*\",\n },\n },\n new Aws.Iam.Inputs.GetPolicyDocumentStatementInputArgs\n {\n Actions = new[]\n {\n \"lambda:*\",\n },\n Resources = new[]\n {\n \"*\",\n },\n },\n },\n });\n\n var combined = Aws.Iam.GetPolicyDocument.Invoke(new()\n {\n SourcePolicyDocuments = new[]\n {\n sourceOne.Apply(getPolicyDocumentResult =\u003e getPolicyDocumentResult.Json),\n sourceTwo.Apply(getPolicyDocumentResult =\u003e getPolicyDocumentResult.Json),\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/iam\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\nfunc main() {\npulumi.Run(func(ctx *pulumi.Context) error {\nsourceOne, err := iam.GetPolicyDocument(ctx, \u0026iam.GetPolicyDocumentArgs{\nStatements: []iam.GetPolicyDocumentStatement{\n{\nActions: []string{\n\"ec2:*\",\n},\nResources: []string{\n\"*\",\n},\n},\n{\nSid: pulumi.StringRef(\"UniqueSidOne\"),\nActions: []string{\n\"s3:*\",\n},\nResources: []string{\n\"*\",\n},\n},\n},\n}, nil);\nif err != nil {\nreturn err\n}\nsourceTwo, err := iam.GetPolicyDocument(ctx, \u0026iam.GetPolicyDocumentArgs{\nStatements: pulumi.Array{\niam.GetPolicyDocumentStatement{\nSid: pulumi.StringRef(\"UniqueSidTwo\"),\nActions: []string{\n\"iam:*\",\n},\nResources: []string{\n\"*\",\n},\n},\niam.GetPolicyDocumentStatement{\nActions: []string{\n\"lambda:*\",\n},\nResources: []string{\n\"*\",\n},\n},\n},\n}, nil);\nif err != nil {\nreturn err\n}\n_, err = iam.GetPolicyDocument(ctx, \u0026iam.GetPolicyDocumentArgs{\nSourcePolicyDocuments: interface{}{\nsourceOne.Json,\nsourceTwo.Json,\n},\n}, nil);\nif err != nil {\nreturn err\n}\nreturn nil\n})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.aws.iam.IamFunctions;\nimport com.pulumi.aws.iam.inputs.GetPolicyDocumentArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var sourceOne = IamFunctions.getPolicyDocument(GetPolicyDocumentArgs.builder()\n .statements( \n GetPolicyDocumentStatementArgs.builder()\n .actions(\"ec2:*\")\n .resources(\"*\")\n .build(),\n GetPolicyDocumentStatementArgs.builder()\n .sid(\"UniqueSidOne\")\n .actions(\"s3:*\")\n .resources(\"*\")\n .build())\n .build());\n\n final var sourceTwo = IamFunctions.getPolicyDocument(GetPolicyDocumentArgs.builder()\n .statements( \n GetPolicyDocumentStatementArgs.builder()\n .sid(\"UniqueSidTwo\")\n .actions(\"iam:*\")\n .resources(\"*\")\n .build(),\n GetPolicyDocumentStatementArgs.builder()\n .actions(\"lambda:*\")\n .resources(\"*\")\n .build())\n .build());\n\n final var combined = IamFunctions.getPolicyDocument(GetPolicyDocumentArgs.builder()\n .sourcePolicyDocuments( \n sourceOne.applyValue(getPolicyDocumentResult -\u003e getPolicyDocumentResult.json()),\n sourceTwo.applyValue(getPolicyDocumentResult -\u003e getPolicyDocumentResult.json()))\n .build());\n\n }\n}\n```\n```yaml\nvariables:\n sourceOne:\n fn::invoke:\n Function: aws:iam:getPolicyDocument\n Arguments:\n statements:\n - actions:\n - ec2:*\n resources:\n - '*'\n - sid: UniqueSidOne\n actions:\n - s3:*\n resources:\n - '*'\n sourceTwo:\n fn::invoke:\n Function: aws:iam:getPolicyDocument\n Arguments:\n statements:\n - sid: UniqueSidTwo\n actions:\n - iam:*\n resources:\n - '*'\n - actions:\n - lambda:*\n resources:\n - '*'\n combined:\n fn::invoke:\n Function: aws:iam:getPolicyDocument\n Arguments:\n sourcePolicyDocuments:\n - ${sourceOne.json}\n - ${sourceTwo.json}\n```\n\n`data.aws_iam_policy_document.combined.json` will evaluate to:\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\n```\n```python\nimport pulumi\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n }\n}\n```\n```yaml\n{}\n```\n{{% /example %}}\n{{% example %}}\n### Example of Merging Override Documents\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst policyOne = aws.iam.getPolicyDocument({\n statements: [{\n sid: \"OverridePlaceHolderOne\",\n effect: \"Allow\",\n actions: [\"s3:*\"],\n resources: [\"*\"],\n }],\n});\nconst policyTwo = aws.iam.getPolicyDocument({\n statements: [\n {\n effect: \"Allow\",\n actions: [\"ec2:*\"],\n resources: [\"*\"],\n },\n {\n sid: \"OverridePlaceHolderTwo\",\n effect: \"Allow\",\n actions: [\"iam:*\"],\n resources: [\"*\"],\n },\n ],\n});\nconst policyThree = aws.iam.getPolicyDocument({\n statements: [{\n sid: \"OverridePlaceHolderOne\",\n effect: \"Deny\",\n actions: [\"logs:*\"],\n resources: [\"*\"],\n }],\n});\nconst combined = Promise.all([policyOne, policyTwo, policyThree]).then(([policyOne, policyTwo, policyThree]) =\u003e aws.iam.getPolicyDocument({\n overridePolicyDocuments: [\n policyOne.json,\n policyTwo.json,\n policyThree.json,\n ],\n statements: [{\n sid: \"OverridePlaceHolderTwo\",\n effect: \"Deny\",\n actions: [\"*\"],\n resources: [\"*\"],\n }],\n}));\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\npolicy_one = aws.iam.get_policy_document(statements=[aws.iam.GetPolicyDocumentStatementArgs(\n sid=\"OverridePlaceHolderOne\",\n effect=\"Allow\",\n actions=[\"s3:*\"],\n resources=[\"*\"],\n)])\npolicy_two = aws.iam.get_policy_document(statements=[\n aws.iam.GetPolicyDocumentStatementArgs(\n effect=\"Allow\",\n actions=[\"ec2:*\"],\n resources=[\"*\"],\n ),\n aws.iam.GetPolicyDocumentStatementArgs(\n sid=\"OverridePlaceHolderTwo\",\n effect=\"Allow\",\n actions=[\"iam:*\"],\n resources=[\"*\"],\n ),\n])\npolicy_three = aws.iam.get_policy_document(statements=[aws.iam.GetPolicyDocumentStatementArgs(\n sid=\"OverridePlaceHolderOne\",\n effect=\"Deny\",\n actions=[\"logs:*\"],\n resources=[\"*\"],\n)])\ncombined = aws.iam.get_policy_document(override_policy_documents=[\n policy_one.json,\n policy_two.json,\n policy_three.json,\n ],\n statements=[aws.iam.GetPolicyDocumentStatementArgs(\n sid=\"OverridePlaceHolderTwo\",\n effect=\"Deny\",\n actions=[\"*\"],\n resources=[\"*\"],\n )])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var policyOne = Aws.Iam.GetPolicyDocument.Invoke(new()\n {\n Statements = new[]\n {\n new Aws.Iam.Inputs.GetPolicyDocumentStatementInputArgs\n {\n Sid = \"OverridePlaceHolderOne\",\n Effect = \"Allow\",\n Actions = new[]\n {\n \"s3:*\",\n },\n Resources = new[]\n {\n \"*\",\n },\n },\n },\n });\n\n var policyTwo = Aws.Iam.GetPolicyDocument.Invoke(new()\n {\n Statements = new[]\n {\n new Aws.Iam.Inputs.GetPolicyDocumentStatementInputArgs\n {\n Effect = \"Allow\",\n Actions = new[]\n {\n \"ec2:*\",\n },\n Resources = new[]\n {\n \"*\",\n },\n },\n new Aws.Iam.Inputs.GetPolicyDocumentStatementInputArgs\n {\n Sid = \"OverridePlaceHolderTwo\",\n Effect = \"Allow\",\n Actions = new[]\n {\n \"iam:*\",\n },\n Resources = new[]\n {\n \"*\",\n },\n },\n },\n });\n\n var policyThree = Aws.Iam.GetPolicyDocument.Invoke(new()\n {\n Statements = new[]\n {\n new Aws.Iam.Inputs.GetPolicyDocumentStatementInputArgs\n {\n Sid = \"OverridePlaceHolderOne\",\n Effect = \"Deny\",\n Actions = new[]\n {\n \"logs:*\",\n },\n Resources = new[]\n {\n \"*\",\n },\n },\n },\n });\n\n var combined = Aws.Iam.GetPolicyDocument.Invoke(new()\n {\n OverridePolicyDocuments = new[]\n {\n policyOne.Apply(getPolicyDocumentResult =\u003e getPolicyDocumentResult.Json),\n policyTwo.Apply(getPolicyDocumentResult =\u003e getPolicyDocumentResult.Json),\n policyThree.Apply(getPolicyDocumentResult =\u003e getPolicyDocumentResult.Json),\n },\n Statements = new[]\n {\n new Aws.Iam.Inputs.GetPolicyDocumentStatementInputArgs\n {\n Sid = \"OverridePlaceHolderTwo\",\n Effect = \"Deny\",\n Actions = new[]\n {\n \"*\",\n },\n Resources = new[]\n {\n \"*\",\n },\n },\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/iam\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\nfunc main() {\npulumi.Run(func(ctx *pulumi.Context) error {\npolicyOne, err := iam.GetPolicyDocument(ctx, \u0026iam.GetPolicyDocumentArgs{\nStatements: []iam.GetPolicyDocumentStatement{\n{\nSid: pulumi.StringRef(\"OverridePlaceHolderOne\"),\nEffect: pulumi.StringRef(\"Allow\"),\nActions: []string{\n\"s3:*\",\n},\nResources: []string{\n\"*\",\n},\n},\n},\n}, nil);\nif err != nil {\nreturn err\n}\npolicyTwo, err := iam.GetPolicyDocument(ctx, \u0026iam.GetPolicyDocumentArgs{\nStatements: []iam.GetPolicyDocumentStatement{\n{\nEffect: pulumi.StringRef(\"Allow\"),\nActions: []string{\n\"ec2:*\",\n},\nResources: []string{\n\"*\",\n},\n},\n{\nSid: pulumi.StringRef(\"OverridePlaceHolderTwo\"),\nEffect: pulumi.StringRef(\"Allow\"),\nActions: []string{\n\"iam:*\",\n},\nResources: []string{\n\"*\",\n},\n},\n},\n}, nil);\nif err != nil {\nreturn err\n}\npolicyThree, err := iam.GetPolicyDocument(ctx, \u0026iam.GetPolicyDocumentArgs{\nStatements: []iam.GetPolicyDocumentStatement{\n{\nSid: pulumi.StringRef(\"OverridePlaceHolderOne\"),\nEffect: pulumi.StringRef(\"Deny\"),\nActions: []string{\n\"logs:*\",\n},\nResources: []string{\n\"*\",\n},\n},\n},\n}, nil);\nif err != nil {\nreturn err\n}\n_, err = iam.GetPolicyDocument(ctx, \u0026iam.GetPolicyDocumentArgs{\nOverridePolicyDocuments: interface{}{\npolicyOne.Json,\npolicyTwo.Json,\npolicyThree.Json,\n},\nStatements: []iam.GetPolicyDocumentStatement{\n{\nSid: pulumi.StringRef(\"OverridePlaceHolderTwo\"),\nEffect: pulumi.StringRef(\"Deny\"),\nActions: []string{\n\"*\",\n},\nResources: []string{\n\"*\",\n},\n},\n},\n}, nil);\nif err != nil {\nreturn err\n}\nreturn nil\n})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.aws.iam.IamFunctions;\nimport com.pulumi.aws.iam.inputs.GetPolicyDocumentArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var policyOne = IamFunctions.getPolicyDocument(GetPolicyDocumentArgs.builder()\n .statements(GetPolicyDocumentStatementArgs.builder()\n .sid(\"OverridePlaceHolderOne\")\n .effect(\"Allow\")\n .actions(\"s3:*\")\n .resources(\"*\")\n .build())\n .build());\n\n final var policyTwo = IamFunctions.getPolicyDocument(GetPolicyDocumentArgs.builder()\n .statements( \n GetPolicyDocumentStatementArgs.builder()\n .effect(\"Allow\")\n .actions(\"ec2:*\")\n .resources(\"*\")\n .build(),\n GetPolicyDocumentStatementArgs.builder()\n .sid(\"OverridePlaceHolderTwo\")\n .effect(\"Allow\")\n .actions(\"iam:*\")\n .resources(\"*\")\n .build())\n .build());\n\n final var policyThree = IamFunctions.getPolicyDocument(GetPolicyDocumentArgs.builder()\n .statements(GetPolicyDocumentStatementArgs.builder()\n .sid(\"OverridePlaceHolderOne\")\n .effect(\"Deny\")\n .actions(\"logs:*\")\n .resources(\"*\")\n .build())\n .build());\n\n final var combined = IamFunctions.getPolicyDocument(GetPolicyDocumentArgs.builder()\n .overridePolicyDocuments( \n policyOne.applyValue(getPolicyDocumentResult -\u003e getPolicyDocumentResult.json()),\n policyTwo.applyValue(getPolicyDocumentResult -\u003e getPolicyDocumentResult.json()),\n policyThree.applyValue(getPolicyDocumentResult -\u003e getPolicyDocumentResult.json()))\n .statements(GetPolicyDocumentStatementArgs.builder()\n .sid(\"OverridePlaceHolderTwo\")\n .effect(\"Deny\")\n .actions(\"*\")\n .resources(\"*\")\n .build())\n .build());\n\n }\n}\n```\n```yaml\nvariables:\n policyOne:\n fn::invoke:\n Function: aws:iam:getPolicyDocument\n Arguments:\n statements:\n - sid: OverridePlaceHolderOne\n effect: Allow\n actions:\n - s3:*\n resources:\n - '*'\n policyTwo:\n fn::invoke:\n Function: aws:iam:getPolicyDocument\n Arguments:\n statements:\n - effect: Allow\n actions:\n - ec2:*\n resources:\n - '*'\n - sid: OverridePlaceHolderTwo\n effect: Allow\n actions:\n - iam:*\n resources:\n - '*'\n policyThree:\n fn::invoke:\n Function: aws:iam:getPolicyDocument\n Arguments:\n statements:\n - sid: OverridePlaceHolderOne\n effect: Deny\n actions:\n - logs:*\n resources:\n - '*'\n combined:\n fn::invoke:\n Function: aws:iam:getPolicyDocument\n Arguments:\n overridePolicyDocuments:\n - ${policyOne.json}\n - ${policyTwo.json}\n - ${policyThree.json}\n statements:\n - sid: OverridePlaceHolderTwo\n effect: Deny\n actions:\n - '*'\n resources:\n - '*'\n```\n\n`data.aws_iam_policy_document.combined.json` will evaluate to:\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\n```\n```python\nimport pulumi\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n }\n}\n```\n```yaml\n{}\n```\n{{% /example %}}\n{{% /examples %}}", "inputs": { "description": "A collection of arguments for invoking getPolicyDocument.\n", "properties": { @@ -324408,7 +324405,7 @@ } }, "aws:index/getBillingServiceAccount:getBillingServiceAccount": { - "description": "Use this data source to get the Account ID of the [AWS Billing and Cost Management Service Account](http://docs.aws.amazon.com/awsaccountbilling/latest/aboutv2/billing-getting-started.html#step-2) for the purpose of permitting in S3 bucket policy.\n\n{{% examples %}}\n## Example Usage\n{{% example %}}\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst main = aws.getBillingServiceAccount({});\nconst billingLogs = new aws.s3.BucketV2(\"billingLogs\", {});\nconst billingLogsAcl = new aws.s3.BucketAclV2(\"billingLogsAcl\", {\n bucket: billingLogs.id,\n acl: \"private\",\n});\nconst allowBillingLoggingPolicyDocument = pulumi.all([main, billingLogs.arn, main, billingLogs.arn]).apply(([main, billingLogsArn, main1, billingLogsArn1]) =\u003e aws.iam.getPolicyDocumentOutput({\n statements: [\n {\n effect: \"Allow\",\n principals: [{\n type: \"AWS\",\n identifiers: [main.arn],\n }],\n actions: [\n \"s3:GetBucketAcl\",\n \"s3:GetBucketPolicy\",\n ],\n resources: [billingLogsArn],\n },\n {\n effect: \"Allow\",\n principals: [{\n type: \"AWS\",\n identifiers: [main1.arn],\n }],\n actions: [\"s3:PutObject\"],\n resources: [`${billingLogsArn1}/*`],\n },\n ],\n}));\nconst allowBillingLoggingBucketPolicy = new aws.s3.BucketPolicy(\"allowBillingLoggingBucketPolicy\", {\n bucket: billingLogs.id,\n policy: allowBillingLoggingPolicyDocument.apply(allowBillingLoggingPolicyDocument =\u003e allowBillingLoggingPolicyDocument.json),\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nmain = aws.get_billing_service_account()\nbilling_logs = aws.s3.BucketV2(\"billingLogs\")\nbilling_logs_acl = aws.s3.BucketAclV2(\"billingLogsAcl\",\n bucket=billing_logs.id,\n acl=\"private\")\nallow_billing_logging_policy_document = pulumi.Output.all(billing_logs.arn, billing_logs.arn).apply(lambda billingLogsArn, billingLogsArn1: aws.iam.get_policy_document_output(statements=[\n aws.iam.GetPolicyDocumentStatementArgs(\n effect=\"Allow\",\n principals=[aws.iam.GetPolicyDocumentStatementPrincipalArgs(\n type=\"AWS\",\n identifiers=[main.arn],\n )],\n actions=[\n \"s3:GetBucketAcl\",\n \"s3:GetBucketPolicy\",\n ],\n resources=[billing_logs_arn],\n ),\n aws.iam.GetPolicyDocumentStatementArgs(\n effect=\"Allow\",\n principals=[aws.iam.GetPolicyDocumentStatementPrincipalArgs(\n type=\"AWS\",\n identifiers=[main.arn],\n )],\n actions=[\"s3:PutObject\"],\n resources=[f\"{billing_logs_arn1}/*\"],\n ),\n]))\nallow_billing_logging_bucket_policy = aws.s3.BucketPolicy(\"allowBillingLoggingBucketPolicy\",\n bucket=billing_logs.id,\n policy=allow_billing_logging_policy_document.json)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var main = Aws.GetBillingServiceAccount.Invoke();\n\n var billingLogs = new Aws.S3.BucketV2(\"billingLogs\");\n\n var billingLogsAcl = new Aws.S3.BucketAclV2(\"billingLogsAcl\", new()\n {\n Bucket = billingLogs.Id,\n Acl = \"private\",\n });\n\n var allowBillingLoggingPolicyDocument = Aws.Iam.GetPolicyDocument.Invoke(new()\n {\n Statements = new[]\n {\n new Aws.Iam.Inputs.GetPolicyDocumentStatementInputArgs\n {\n Effect = \"Allow\",\n Principals = new[]\n {\n new Aws.Iam.Inputs.GetPolicyDocumentStatementPrincipalInputArgs\n {\n Type = \"AWS\",\n Identifiers = new[]\n {\n main.Apply(getBillingServiceAccountResult =\u003e getBillingServiceAccountResult.Arn),\n },\n },\n },\n Actions = new[]\n {\n \"s3:GetBucketAcl\",\n \"s3:GetBucketPolicy\",\n },\n Resources = new[]\n {\n billingLogs.Arn,\n },\n },\n new Aws.Iam.Inputs.GetPolicyDocumentStatementInputArgs\n {\n Effect = \"Allow\",\n Principals = new[]\n {\n new Aws.Iam.Inputs.GetPolicyDocumentStatementPrincipalInputArgs\n {\n Type = \"AWS\",\n Identifiers = new[]\n {\n main.Apply(getBillingServiceAccountResult =\u003e getBillingServiceAccountResult.Arn),\n },\n },\n },\n Actions = new[]\n {\n \"s3:PutObject\",\n },\n Resources = new[]\n {\n $\"{billingLogs.Arn}/*\",\n },\n },\n },\n });\n\n var allowBillingLoggingBucketPolicy = new Aws.S3.BucketPolicy(\"allowBillingLoggingBucketPolicy\", new()\n {\n Bucket = billingLogs.Id,\n Policy = allowBillingLoggingPolicyDocument.Apply(getPolicyDocumentResult =\u003e getPolicyDocumentResult.Json),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\"fmt\"\n\n\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws\"\n\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/iam\"\n\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/s3\"\n)\nfunc main() {\npulumi.Run(func(ctx *pulumi.Context) error {\nmain, err := aws.GetBillingServiceAccount(ctx, nil, nil);\nif err != nil {\nreturn err\n}\nbillingLogs, err := s3.NewBucketV2(ctx, \"billingLogs\", nil)\nif err != nil {\nreturn err\n}\n_, err = s3.NewBucketAclV2(ctx, \"billingLogsAcl\", \u0026s3.BucketAclV2Args{\nBucket: billingLogs.ID(),\nAcl: pulumi.String(\"private\"),\n})\nif err != nil {\nreturn err\n}\nallowBillingLoggingPolicyDocument := pulumi.All(billingLogs.Arn,billingLogs.Arn).ApplyT(func(_args []interface{}) (iam.GetPolicyDocumentResult, error) {\nbillingLogsArn := _args[0].(string)\nbillingLogsArn1 := _args[1].(string)\nreturn iam.GetPolicyDocumentOutput(ctx, iam.GetPolicyDocumentOutputArgs{\nStatements: []iam.GetPolicyDocumentStatement{\n{\nEffect: \"Allow\",\nPrincipals: []iam.GetPolicyDocumentStatementPrincipal{\n{\nType: \"AWS\",\nIdentifiers: interface{}{\nmain.Arn,\n},\n},\n},\nActions: []string{\n\"s3:GetBucketAcl\",\n\"s3:GetBucketPolicy\",\n},\nResources: []string{\nbillingLogsArn,\n},\n},\n{\nEffect: \"Allow\",\nPrincipals: []iam.GetPolicyDocumentStatementPrincipal{\n{\nType: \"AWS\",\nIdentifiers: interface{}{\nmain.Arn,\n},\n},\n},\nActions: []string{\n\"s3:PutObject\",\n},\nResources: []string{\nfmt.Sprintf(\"%v/*\", billingLogsArn1),\n},\n},\n},\n}, nil), nil\n}).(iam.GetPolicyDocumentResultOutput)\n_, err = s3.NewBucketPolicy(ctx, \"allowBillingLoggingBucketPolicy\", \u0026s3.BucketPolicyArgs{\nBucket: billingLogs.ID(),\nPolicy: allowBillingLoggingPolicyDocument.ApplyT(func(allowBillingLoggingPolicyDocument iam.GetPolicyDocumentResult) (*string, error) {\nreturn \u0026allowBillingLoggingPolicyDocument.Json, nil\n}).(pulumi.StringPtrOutput),\n})\nif err != nil {\nreturn err\n}\nreturn nil\n})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.aws.AwsFunctions;\nimport com.pulumi.aws.inputs.GetBillingServiceAccountArgs;\nimport com.pulumi.aws.s3.BucketV2;\nimport com.pulumi.aws.s3.BucketAclV2;\nimport com.pulumi.aws.s3.BucketAclV2Args;\nimport com.pulumi.aws.iam.IamFunctions;\nimport com.pulumi.aws.iam.inputs.GetPolicyDocumentArgs;\nimport com.pulumi.aws.s3.BucketPolicy;\nimport com.pulumi.aws.s3.BucketPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var main = AwsFunctions.getBillingServiceAccount();\n\n var billingLogs = new BucketV2(\"billingLogs\");\n\n var billingLogsAcl = new BucketAclV2(\"billingLogsAcl\", BucketAclV2Args.builder() \n .bucket(billingLogs.id())\n .acl(\"private\")\n .build());\n\n final var allowBillingLoggingPolicyDocument = IamFunctions.getPolicyDocument(GetPolicyDocumentArgs.builder()\n .statements( \n GetPolicyDocumentStatementArgs.builder()\n .effect(\"Allow\")\n .principals(GetPolicyDocumentStatementPrincipalArgs.builder()\n .type(\"AWS\")\n .identifiers(main.applyValue(getBillingServiceAccountResult -\u003e getBillingServiceAccountResult.arn()))\n .build())\n .actions( \n \"s3:GetBucketAcl\",\n \"s3:GetBucketPolicy\")\n .resources(billingLogs.arn())\n .build(),\n GetPolicyDocumentStatementArgs.builder()\n .effect(\"Allow\")\n .principals(GetPolicyDocumentStatementPrincipalArgs.builder()\n .type(\"AWS\")\n .identifiers(main.applyValue(getBillingServiceAccountResult -\u003e getBillingServiceAccountResult.arn()))\n .build())\n .actions(\"s3:PutObject\")\n .resources(billingLogs.arn().applyValue(arn -\u003e String.format(\"%s/*\", arn)))\n .build())\n .build());\n\n var allowBillingLoggingBucketPolicy = new BucketPolicy(\"allowBillingLoggingBucketPolicy\", BucketPolicyArgs.builder() \n .bucket(billingLogs.id())\n .policy(allowBillingLoggingPolicyDocument.applyValue(getPolicyDocumentResult -\u003e getPolicyDocumentResult).applyValue(allowBillingLoggingPolicyDocument -\u003e allowBillingLoggingPolicyDocument.applyValue(getPolicyDocumentResult -\u003e getPolicyDocumentResult.json())))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n billingLogs:\n type: aws:s3:BucketV2\n billingLogsAcl:\n type: aws:s3:BucketAclV2\n properties:\n bucket: ${billingLogs.id}\n acl: private\n allowBillingLoggingBucketPolicy:\n type: aws:s3:BucketPolicy\n properties:\n bucket: ${billingLogs.id}\n policy: ${allowBillingLoggingPolicyDocument.json}\nvariables:\n main:\n fn::invoke:\n Function: aws:getBillingServiceAccount\n Arguments: {}\n allowBillingLoggingPolicyDocument:\n fn::invoke:\n Function: aws:iam:getPolicyDocument\n Arguments:\n statements:\n - effect: Allow\n principals:\n - type: AWS\n identifiers:\n - ${main.arn}\n actions:\n - s3:GetBucketAcl\n - s3:GetBucketPolicy\n resources:\n - ${billingLogs.arn}\n - effect: Allow\n principals:\n - type: AWS\n identifiers:\n - ${main.arn}\n actions:\n - s3:PutObject\n resources:\n - ${billingLogs.arn}/*\n```\n{{% /example %}}\n{{% /examples %}}", + "description": "Use this data source to get the Account ID of the [AWS Billing and Cost Management Service Account](http://docs.aws.amazon.com/awsaccountbilling/latest/aboutv2/billing-getting-started.html#step-2) for the purpose of permitting in S3 bucket policy.\n\n{{% examples %}}\n## Example Usage\n{{% example %}}\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst main = aws.getBillingServiceAccount({});\nconst billingLogs = new aws.s3.BucketV2(\"billingLogs\", {});\nconst billingLogsAcl = new aws.s3.BucketAclV2(\"billingLogsAcl\", {\n bucket: billingLogs.id,\n acl: \"private\",\n});\nconst allowBillingLoggingPolicyDocument = pulumi.all([main, billingLogs.arn, main, billingLogs.arn]).apply(([main, billingLogsArn, main1, billingLogsArn1]) =\u003e aws.iam.getPolicyDocumentOutput({\n statements: [\n {\n effect: \"Allow\",\n principals: [{\n type: \"AWS\",\n identifiers: [main.arn],\n }],\n actions: [\n \"s3:GetBucketAcl\",\n \"s3:GetBucketPolicy\",\n ],\n resources: [billingLogsArn],\n },\n {\n effect: \"Allow\",\n principals: [{\n type: \"AWS\",\n identifiers: [main1.arn],\n }],\n actions: [\"s3:PutObject\"],\n resources: [`${billingLogsArn1}/*`],\n },\n ],\n}));\nconst allowBillingLoggingBucketPolicy = new aws.s3.BucketPolicy(\"allowBillingLoggingBucketPolicy\", {\n bucket: billingLogs.id,\n policy: allowBillingLoggingPolicyDocument.apply(allowBillingLoggingPolicyDocument =\u003e allowBillingLoggingPolicyDocument.json),\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nmain = aws.get_billing_service_account()\nbilling_logs = aws.s3.BucketV2(\"billingLogs\")\nbilling_logs_acl = aws.s3.BucketAclV2(\"billingLogsAcl\",\n bucket=billing_logs.id,\n acl=\"private\")\nallow_billing_logging_policy_document = pulumi.Output.all(billing_logs.arn, billing_logs.arn).apply(lambda billingLogsArn, billingLogsArn1: aws.iam.get_policy_document_output(statements=[\n aws.iam.GetPolicyDocumentStatementArgs(\n effect=\"Allow\",\n principals=[aws.iam.GetPolicyDocumentStatementPrincipalArgs(\n type=\"AWS\",\n identifiers=[main.arn],\n )],\n actions=[\n \"s3:GetBucketAcl\",\n \"s3:GetBucketPolicy\",\n ],\n resources=[billing_logs_arn],\n ),\n aws.iam.GetPolicyDocumentStatementArgs(\n effect=\"Allow\",\n principals=[aws.iam.GetPolicyDocumentStatementPrincipalArgs(\n type=\"AWS\",\n identifiers=[main.arn],\n )],\n actions=[\"s3:PutObject\"],\n resources=[f\"{billing_logs_arn1}/*\"],\n ),\n]))\nallow_billing_logging_bucket_policy = aws.s3.BucketPolicy(\"allowBillingLoggingBucketPolicy\",\n bucket=billing_logs.id,\n policy=allow_billing_logging_policy_document.json)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var main = Aws.GetBillingServiceAccount.Invoke();\n\n var billingLogs = new Aws.S3.BucketV2(\"billingLogs\");\n\n var billingLogsAcl = new Aws.S3.BucketAclV2(\"billingLogsAcl\", new()\n {\n Bucket = billingLogs.Id,\n Acl = \"private\",\n });\n\n var allowBillingLoggingPolicyDocument = Aws.Iam.GetPolicyDocument.Invoke(new()\n {\n Statements = new[]\n {\n new Aws.Iam.Inputs.GetPolicyDocumentStatementInputArgs\n {\n Effect = \"Allow\",\n Principals = new[]\n {\n new Aws.Iam.Inputs.GetPolicyDocumentStatementPrincipalInputArgs\n {\n Type = \"AWS\",\n Identifiers = new[]\n {\n main.Apply(getBillingServiceAccountResult =\u003e getBillingServiceAccountResult.Arn),\n },\n },\n },\n Actions = new[]\n {\n \"s3:GetBucketAcl\",\n \"s3:GetBucketPolicy\",\n },\n Resources = new[]\n {\n billingLogs.Arn,\n },\n },\n new Aws.Iam.Inputs.GetPolicyDocumentStatementInputArgs\n {\n Effect = \"Allow\",\n Principals = new[]\n {\n new Aws.Iam.Inputs.GetPolicyDocumentStatementPrincipalInputArgs\n {\n Type = \"AWS\",\n Identifiers = new[]\n {\n main.Apply(getBillingServiceAccountResult =\u003e getBillingServiceAccountResult.Arn),\n },\n },\n },\n Actions = new[]\n {\n \"s3:PutObject\",\n },\n Resources = new[]\n {\n $\"{billingLogs.Arn}/*\",\n },\n },\n },\n });\n\n var allowBillingLoggingBucketPolicy = new Aws.S3.BucketPolicy(\"allowBillingLoggingBucketPolicy\", new()\n {\n Bucket = billingLogs.Id,\n Policy = allowBillingLoggingPolicyDocument.Apply(getPolicyDocumentResult =\u003e getPolicyDocumentResult.Json),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"fmt\"\n\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws\"\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/iam\"\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/s3\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\nfunc main() {\npulumi.Run(func(ctx *pulumi.Context) error {\nmain, err := aws.GetBillingServiceAccount(ctx, nil, nil);\nif err != nil {\nreturn err\n}\nbillingLogs, err := s3.NewBucketV2(ctx, \"billingLogs\", nil)\nif err != nil {\nreturn err\n}\n_, err = s3.NewBucketAclV2(ctx, \"billingLogsAcl\", \u0026s3.BucketAclV2Args{\nBucket: billingLogs.ID(),\nAcl: pulumi.String(\"private\"),\n})\nif err != nil {\nreturn err\n}\nallowBillingLoggingPolicyDocument := pulumi.All(billingLogs.Arn,billingLogs.Arn).ApplyT(func(_args []interface{}) (iam.GetPolicyDocumentResult, error) {\nbillingLogsArn := _args[0].(string)\nbillingLogsArn1 := _args[1].(string)\nreturn iam.GetPolicyDocumentOutput(ctx, iam.GetPolicyDocumentOutputArgs{\nStatements: []iam.GetPolicyDocumentStatement{\n{\nEffect: \"Allow\",\nPrincipals: []iam.GetPolicyDocumentStatementPrincipal{\n{\nType: \"AWS\",\nIdentifiers: interface{}{\nmain.Arn,\n},\n},\n},\nActions: []string{\n\"s3:GetBucketAcl\",\n\"s3:GetBucketPolicy\",\n},\nResources: []string{\nbillingLogsArn,\n},\n},\n{\nEffect: \"Allow\",\nPrincipals: []iam.GetPolicyDocumentStatementPrincipal{\n{\nType: \"AWS\",\nIdentifiers: interface{}{\nmain.Arn,\n},\n},\n},\nActions: []string{\n\"s3:PutObject\",\n},\nResources: []string{\nfmt.Sprintf(\"%v/*\", billingLogsArn1),\n},\n},\n},\n}, nil), nil\n}).(iam.GetPolicyDocumentResultOutput)\n_, err = s3.NewBucketPolicy(ctx, \"allowBillingLoggingBucketPolicy\", \u0026s3.BucketPolicyArgs{\nBucket: billingLogs.ID(),\nPolicy: allowBillingLoggingPolicyDocument.ApplyT(func(allowBillingLoggingPolicyDocument iam.GetPolicyDocumentResult) (*string, error) {\nreturn \u0026allowBillingLoggingPolicyDocument.Json, nil\n}).(pulumi.StringPtrOutput),\n})\nif err != nil {\nreturn err\n}\nreturn nil\n})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.aws.AwsFunctions;\nimport com.pulumi.aws.inputs.GetBillingServiceAccountArgs;\nimport com.pulumi.aws.s3.BucketV2;\nimport com.pulumi.aws.s3.BucketAclV2;\nimport com.pulumi.aws.s3.BucketAclV2Args;\nimport com.pulumi.aws.iam.IamFunctions;\nimport com.pulumi.aws.iam.inputs.GetPolicyDocumentArgs;\nimport com.pulumi.aws.s3.BucketPolicy;\nimport com.pulumi.aws.s3.BucketPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var main = AwsFunctions.getBillingServiceAccount();\n\n var billingLogs = new BucketV2(\"billingLogs\");\n\n var billingLogsAcl = new BucketAclV2(\"billingLogsAcl\", BucketAclV2Args.builder() \n .bucket(billingLogs.id())\n .acl(\"private\")\n .build());\n\n final var allowBillingLoggingPolicyDocument = IamFunctions.getPolicyDocument(GetPolicyDocumentArgs.builder()\n .statements( \n GetPolicyDocumentStatementArgs.builder()\n .effect(\"Allow\")\n .principals(GetPolicyDocumentStatementPrincipalArgs.builder()\n .type(\"AWS\")\n .identifiers(main.applyValue(getBillingServiceAccountResult -\u003e getBillingServiceAccountResult.arn()))\n .build())\n .actions( \n \"s3:GetBucketAcl\",\n \"s3:GetBucketPolicy\")\n .resources(billingLogs.arn())\n .build(),\n GetPolicyDocumentStatementArgs.builder()\n .effect(\"Allow\")\n .principals(GetPolicyDocumentStatementPrincipalArgs.builder()\n .type(\"AWS\")\n .identifiers(main.applyValue(getBillingServiceAccountResult -\u003e getBillingServiceAccountResult.arn()))\n .build())\n .actions(\"s3:PutObject\")\n .resources(billingLogs.arn().applyValue(arn -\u003e String.format(\"%s/*\", arn)))\n .build())\n .build());\n\n var allowBillingLoggingBucketPolicy = new BucketPolicy(\"allowBillingLoggingBucketPolicy\", BucketPolicyArgs.builder() \n .bucket(billingLogs.id())\n .policy(allowBillingLoggingPolicyDocument.applyValue(getPolicyDocumentResult -\u003e getPolicyDocumentResult).applyValue(allowBillingLoggingPolicyDocument -\u003e allowBillingLoggingPolicyDocument.applyValue(getPolicyDocumentResult -\u003e getPolicyDocumentResult.json())))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n billingLogs:\n type: aws:s3:BucketV2\n billingLogsAcl:\n type: aws:s3:BucketAclV2\n properties:\n bucket: ${billingLogs.id}\n acl: private\n allowBillingLoggingBucketPolicy:\n type: aws:s3:BucketPolicy\n properties:\n bucket: ${billingLogs.id}\n policy: ${allowBillingLoggingPolicyDocument.json}\nvariables:\n main:\n fn::invoke:\n Function: aws:getBillingServiceAccount\n Arguments: {}\n allowBillingLoggingPolicyDocument:\n fn::invoke:\n Function: aws:iam:getPolicyDocument\n Arguments:\n statements:\n - effect: Allow\n principals:\n - type: AWS\n identifiers:\n - ${main.arn}\n actions:\n - s3:GetBucketAcl\n - s3:GetBucketPolicy\n resources:\n - ${billingLogs.arn}\n - effect: Allow\n principals:\n - type: AWS\n identifiers:\n - ${main.arn}\n actions:\n - s3:PutObject\n resources:\n - ${billingLogs.arn}/*\n```\n{{% /example %}}\n{{% /examples %}}", "inputs": { "description": "A collection of arguments for invoking getBillingServiceAccount.\n", "properties": { @@ -331703,7 +331700,7 @@ } }, "aws:organizations/getOrganization:getOrganization": { - "description": "Get information about the organization that the user's account belongs to\n\n{{% examples %}}\n## Example Usage\n{{% example %}}\n### List all account IDs for the organization\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst example = aws.organizations.getOrganization({});\nexport const accountIds = example.then(example =\u003e example.accounts.map(__item =\u003e __item.id));\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nexample = aws.organizations.get_organization()\npulumi.export(\"accountIds\", [__item.id for __item in example.accounts])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var example = Aws.Organizations.GetOrganization.Invoke();\n\n return new Dictionary\u003cstring, object?\u003e\n {\n [\"accountIds\"] = example.Apply(getOrganizationResult =\u003e getOrganizationResult.Accounts).Select(__item =\u003e __item.Id).ToList(),\n };\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\texample, err := organizations.LookupOrganization(ctx, nil, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tvar splat0 []*string\n\t\tfor _, val0 := range example.Accounts {\n\t\t\tsplat0 = append(splat0, val0.Id)\n\t\t}\n\t\tctx.Export(\"accountIds\", splat0)\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.aws.organizations.OrganizationsFunctions;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var example = OrganizationsFunctions.getOrganization();\n\n ctx.export(\"accountIds\", example.applyValue(getOrganizationResult -\u003e getOrganizationResult.accounts()).stream().map(element -\u003e element.id()).collect(toList()));\n }\n}\n```\n{{% /example %}}\n{{% example %}}\n### SNS topic that can be interacted by the organization only\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst example = aws.organizations.getOrganization({});\nconst snsTopic = new aws.sns.Topic(\"snsTopic\", {});\nconst snsTopicPolicyPolicyDocument = pulumi.all([example, snsTopic.arn]).apply(([example, arn]) =\u003e aws.iam.getPolicyDocumentOutput({\n statements: [{\n effect: \"Allow\",\n actions: [\n \"SNS:Subscribe\",\n \"SNS:Publish\",\n ],\n conditions: [{\n test: \"StringEquals\",\n variable: \"aws:PrincipalOrgID\",\n values: [example.id],\n }],\n principals: [{\n type: \"AWS\",\n identifiers: [\"*\"],\n }],\n resources: [arn],\n }],\n}));\nconst snsTopicPolicyTopicPolicy = new aws.sns.TopicPolicy(\"snsTopicPolicyTopicPolicy\", {\n arn: snsTopic.arn,\n policy: snsTopicPolicyPolicyDocument.apply(snsTopicPolicyPolicyDocument =\u003e snsTopicPolicyPolicyDocument.json),\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nexample = aws.organizations.get_organization()\nsns_topic = aws.sns.Topic(\"snsTopic\")\nsns_topic_policy_policy_document = sns_topic.arn.apply(lambda arn: aws.iam.get_policy_document_output(statements=[aws.iam.GetPolicyDocumentStatementArgs(\n effect=\"Allow\",\n actions=[\n \"SNS:Subscribe\",\n \"SNS:Publish\",\n ],\n conditions=[aws.iam.GetPolicyDocumentStatementConditionArgs(\n test=\"StringEquals\",\n variable=\"aws:PrincipalOrgID\",\n values=[example.id],\n )],\n principals=[aws.iam.GetPolicyDocumentStatementPrincipalArgs(\n type=\"AWS\",\n identifiers=[\"*\"],\n )],\n resources=[arn],\n)]))\nsns_topic_policy_topic_policy = aws.sns.TopicPolicy(\"snsTopicPolicyTopicPolicy\",\n arn=sns_topic.arn,\n policy=sns_topic_policy_policy_document.json)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var example = Aws.Organizations.GetOrganization.Invoke();\n\n var snsTopic = new Aws.Sns.Topic(\"snsTopic\");\n\n var snsTopicPolicyPolicyDocument = Aws.Iam.GetPolicyDocument.Invoke(new()\n {\n Statements = new[]\n {\n new Aws.Iam.Inputs.GetPolicyDocumentStatementInputArgs\n {\n Effect = \"Allow\",\n Actions = new[]\n {\n \"SNS:Subscribe\",\n \"SNS:Publish\",\n },\n Conditions = new[]\n {\n new Aws.Iam.Inputs.GetPolicyDocumentStatementConditionInputArgs\n {\n Test = \"StringEquals\",\n Variable = \"aws:PrincipalOrgID\",\n Values = new[]\n {\n example.Apply(getOrganizationResult =\u003e getOrganizationResult.Id),\n },\n },\n },\n Principals = new[]\n {\n new Aws.Iam.Inputs.GetPolicyDocumentStatementPrincipalInputArgs\n {\n Type = \"AWS\",\n Identifiers = new[]\n {\n \"*\",\n },\n },\n },\n Resources = new[]\n {\n snsTopic.Arn,\n },\n },\n },\n });\n\n var snsTopicPolicyTopicPolicy = new Aws.Sns.TopicPolicy(\"snsTopicPolicyTopicPolicy\", new()\n {\n Arn = snsTopic.Arn,\n Policy = snsTopicPolicyPolicyDocument.Apply(getPolicyDocumentResult =\u003e getPolicyDocumentResult.Json),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\n\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/iam\"\n\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/organizations\"\n\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/sns\"\n)\nfunc main() {\npulumi.Run(func(ctx *pulumi.Context) error {\nexample, err := organizations.LookupOrganization(ctx, nil, nil);\nif err != nil {\nreturn err\n}\nsnsTopic, err := sns.NewTopic(ctx, \"snsTopic\", nil)\nif err != nil {\nreturn err\n}\nsnsTopicPolicyPolicyDocument := snsTopic.Arn.ApplyT(func(arn string) (iam.GetPolicyDocumentResult, error) {\nreturn iam.GetPolicyDocumentOutput(ctx, iam.GetPolicyDocumentOutputArgs{\nStatements: []iam.GetPolicyDocumentStatement{\n{\nEffect: \"Allow\",\nActions: []string{\n\"SNS:Subscribe\",\n\"SNS:Publish\",\n},\nConditions: []iam.GetPolicyDocumentStatementCondition{\n{\nTest: \"StringEquals\",\nVariable: \"aws:PrincipalOrgID\",\nValues: interface{}{\nexample.Id,\n},\n},\n},\nPrincipals: []iam.GetPolicyDocumentStatementPrincipal{\n{\nType: \"AWS\",\nIdentifiers: []string{\n\"*\",\n},\n},\n},\nResources: interface{}{\narn,\n},\n},\n},\n}, nil), nil\n}).(iam.GetPolicyDocumentResultOutput)\n_, err = sns.NewTopicPolicy(ctx, \"snsTopicPolicyTopicPolicy\", \u0026sns.TopicPolicyArgs{\nArn: snsTopic.Arn,\nPolicy: snsTopicPolicyPolicyDocument.ApplyT(func(snsTopicPolicyPolicyDocument iam.GetPolicyDocumentResult) (*string, error) {\nreturn \u0026snsTopicPolicyPolicyDocument.Json, nil\n}).(pulumi.StringPtrOutput),\n})\nif err != nil {\nreturn err\n}\nreturn nil\n})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.aws.organizations.OrganizationsFunctions;\nimport com.pulumi.aws.sns.Topic;\nimport com.pulumi.aws.iam.IamFunctions;\nimport com.pulumi.aws.iam.inputs.GetPolicyDocumentArgs;\nimport com.pulumi.aws.sns.TopicPolicy;\nimport com.pulumi.aws.sns.TopicPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var example = OrganizationsFunctions.getOrganization();\n\n var snsTopic = new Topic(\"snsTopic\");\n\n final var snsTopicPolicyPolicyDocument = IamFunctions.getPolicyDocument(GetPolicyDocumentArgs.builder()\n .statements(GetPolicyDocumentStatementArgs.builder()\n .effect(\"Allow\")\n .actions( \n \"SNS:Subscribe\",\n \"SNS:Publish\")\n .conditions(GetPolicyDocumentStatementConditionArgs.builder()\n .test(\"StringEquals\")\n .variable(\"aws:PrincipalOrgID\")\n .values(example.applyValue(getOrganizationResult -\u003e getOrganizationResult.id()))\n .build())\n .principals(GetPolicyDocumentStatementPrincipalArgs.builder()\n .type(\"AWS\")\n .identifiers(\"*\")\n .build())\n .resources(snsTopic.arn())\n .build())\n .build());\n\n var snsTopicPolicyTopicPolicy = new TopicPolicy(\"snsTopicPolicyTopicPolicy\", TopicPolicyArgs.builder() \n .arn(snsTopic.arn())\n .policy(snsTopicPolicyPolicyDocument.applyValue(getPolicyDocumentResult -\u003e getPolicyDocumentResult).applyValue(snsTopicPolicyPolicyDocument -\u003e snsTopicPolicyPolicyDocument.applyValue(getPolicyDocumentResult -\u003e getPolicyDocumentResult.json())))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n snsTopic:\n type: aws:sns:Topic\n snsTopicPolicyTopicPolicy:\n type: aws:sns:TopicPolicy\n properties:\n arn: ${snsTopic.arn}\n policy: ${snsTopicPolicyPolicyDocument.json}\nvariables:\n example:\n fn::invoke:\n Function: aws:organizations:getOrganization\n Arguments: {}\n snsTopicPolicyPolicyDocument:\n fn::invoke:\n Function: aws:iam:getPolicyDocument\n Arguments:\n statements:\n - effect: Allow\n actions:\n - SNS:Subscribe\n - SNS:Publish\n conditions:\n - test: StringEquals\n variable: aws:PrincipalOrgID\n values:\n - ${example.id}\n principals:\n - type: AWS\n identifiers:\n - '*'\n resources:\n - ${snsTopic.arn}\n```\n{{% /example %}}\n{{% /examples %}}", + "description": "Get information about the organization that the user's account belongs to\n\n{{% examples %}}\n## Example Usage\n{{% example %}}\n### List all account IDs for the organization\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst example = aws.organizations.getOrganization({});\nexport const accountIds = example.then(example =\u003e example.accounts.map(__item =\u003e __item.id));\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nexample = aws.organizations.get_organization()\npulumi.export(\"accountIds\", [__item.id for __item in example.accounts])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var example = Aws.Organizations.GetOrganization.Invoke();\n\n return new Dictionary\u003cstring, object?\u003e\n {\n [\"accountIds\"] = example.Apply(getOrganizationResult =\u003e getOrganizationResult.Accounts).Select(__item =\u003e __item.Id).ToList(),\n };\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\texample, err := organizations.LookupOrganization(ctx, nil, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tvar splat0 []*string\n\t\tfor _, val0 := range example.Accounts {\n\t\t\tsplat0 = append(splat0, val0.Id)\n\t\t}\n\t\tctx.Export(\"accountIds\", splat0)\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.aws.organizations.OrganizationsFunctions;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var example = OrganizationsFunctions.getOrganization();\n\n ctx.export(\"accountIds\", example.applyValue(getOrganizationResult -\u003e getOrganizationResult.accounts()).stream().map(element -\u003e element.id()).collect(toList()));\n }\n}\n```\n{{% /example %}}\n{{% example %}}\n### SNS topic that can be interacted by the organization only\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst example = aws.organizations.getOrganization({});\nconst snsTopic = new aws.sns.Topic(\"snsTopic\", {});\nconst snsTopicPolicyPolicyDocument = pulumi.all([example, snsTopic.arn]).apply(([example, arn]) =\u003e aws.iam.getPolicyDocumentOutput({\n statements: [{\n effect: \"Allow\",\n actions: [\n \"SNS:Subscribe\",\n \"SNS:Publish\",\n ],\n conditions: [{\n test: \"StringEquals\",\n variable: \"aws:PrincipalOrgID\",\n values: [example.id],\n }],\n principals: [{\n type: \"AWS\",\n identifiers: [\"*\"],\n }],\n resources: [arn],\n }],\n}));\nconst snsTopicPolicyTopicPolicy = new aws.sns.TopicPolicy(\"snsTopicPolicyTopicPolicy\", {\n arn: snsTopic.arn,\n policy: snsTopicPolicyPolicyDocument.apply(snsTopicPolicyPolicyDocument =\u003e snsTopicPolicyPolicyDocument.json),\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nexample = aws.organizations.get_organization()\nsns_topic = aws.sns.Topic(\"snsTopic\")\nsns_topic_policy_policy_document = sns_topic.arn.apply(lambda arn: aws.iam.get_policy_document_output(statements=[aws.iam.GetPolicyDocumentStatementArgs(\n effect=\"Allow\",\n actions=[\n \"SNS:Subscribe\",\n \"SNS:Publish\",\n ],\n conditions=[aws.iam.GetPolicyDocumentStatementConditionArgs(\n test=\"StringEquals\",\n variable=\"aws:PrincipalOrgID\",\n values=[example.id],\n )],\n principals=[aws.iam.GetPolicyDocumentStatementPrincipalArgs(\n type=\"AWS\",\n identifiers=[\"*\"],\n )],\n resources=[arn],\n)]))\nsns_topic_policy_topic_policy = aws.sns.TopicPolicy(\"snsTopicPolicyTopicPolicy\",\n arn=sns_topic.arn,\n policy=sns_topic_policy_policy_document.json)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var example = Aws.Organizations.GetOrganization.Invoke();\n\n var snsTopic = new Aws.Sns.Topic(\"snsTopic\");\n\n var snsTopicPolicyPolicyDocument = Aws.Iam.GetPolicyDocument.Invoke(new()\n {\n Statements = new[]\n {\n new Aws.Iam.Inputs.GetPolicyDocumentStatementInputArgs\n {\n Effect = \"Allow\",\n Actions = new[]\n {\n \"SNS:Subscribe\",\n \"SNS:Publish\",\n },\n Conditions = new[]\n {\n new Aws.Iam.Inputs.GetPolicyDocumentStatementConditionInputArgs\n {\n Test = \"StringEquals\",\n Variable = \"aws:PrincipalOrgID\",\n Values = new[]\n {\n example.Apply(getOrganizationResult =\u003e getOrganizationResult.Id),\n },\n },\n },\n Principals = new[]\n {\n new Aws.Iam.Inputs.GetPolicyDocumentStatementPrincipalInputArgs\n {\n Type = \"AWS\",\n Identifiers = new[]\n {\n \"*\",\n },\n },\n },\n Resources = new[]\n {\n snsTopic.Arn,\n },\n },\n },\n });\n\n var snsTopicPolicyTopicPolicy = new Aws.Sns.TopicPolicy(\"snsTopicPolicyTopicPolicy\", new()\n {\n Arn = snsTopic.Arn,\n Policy = snsTopicPolicyPolicyDocument.Apply(getPolicyDocumentResult =\u003e getPolicyDocumentResult.Json),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/iam\"\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/organizations\"\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/sns\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\nfunc main() {\npulumi.Run(func(ctx *pulumi.Context) error {\nexample, err := organizations.LookupOrganization(ctx, nil, nil);\nif err != nil {\nreturn err\n}\nsnsTopic, err := sns.NewTopic(ctx, \"snsTopic\", nil)\nif err != nil {\nreturn err\n}\nsnsTopicPolicyPolicyDocument := snsTopic.Arn.ApplyT(func(arn string) (iam.GetPolicyDocumentResult, error) {\nreturn iam.GetPolicyDocumentOutput(ctx, iam.GetPolicyDocumentOutputArgs{\nStatements: []iam.GetPolicyDocumentStatement{\n{\nEffect: \"Allow\",\nActions: []string{\n\"SNS:Subscribe\",\n\"SNS:Publish\",\n},\nConditions: []iam.GetPolicyDocumentStatementCondition{\n{\nTest: \"StringEquals\",\nVariable: \"aws:PrincipalOrgID\",\nValues: interface{}{\nexample.Id,\n},\n},\n},\nPrincipals: []iam.GetPolicyDocumentStatementPrincipal{\n{\nType: \"AWS\",\nIdentifiers: []string{\n\"*\",\n},\n},\n},\nResources: interface{}{\narn,\n},\n},\n},\n}, nil), nil\n}).(iam.GetPolicyDocumentResultOutput)\n_, err = sns.NewTopicPolicy(ctx, \"snsTopicPolicyTopicPolicy\", \u0026sns.TopicPolicyArgs{\nArn: snsTopic.Arn,\nPolicy: snsTopicPolicyPolicyDocument.ApplyT(func(snsTopicPolicyPolicyDocument iam.GetPolicyDocumentResult) (*string, error) {\nreturn \u0026snsTopicPolicyPolicyDocument.Json, nil\n}).(pulumi.StringPtrOutput),\n})\nif err != nil {\nreturn err\n}\nreturn nil\n})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.aws.organizations.OrganizationsFunctions;\nimport com.pulumi.aws.sns.Topic;\nimport com.pulumi.aws.iam.IamFunctions;\nimport com.pulumi.aws.iam.inputs.GetPolicyDocumentArgs;\nimport com.pulumi.aws.sns.TopicPolicy;\nimport com.pulumi.aws.sns.TopicPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var example = OrganizationsFunctions.getOrganization();\n\n var snsTopic = new Topic(\"snsTopic\");\n\n final var snsTopicPolicyPolicyDocument = IamFunctions.getPolicyDocument(GetPolicyDocumentArgs.builder()\n .statements(GetPolicyDocumentStatementArgs.builder()\n .effect(\"Allow\")\n .actions( \n \"SNS:Subscribe\",\n \"SNS:Publish\")\n .conditions(GetPolicyDocumentStatementConditionArgs.builder()\n .test(\"StringEquals\")\n .variable(\"aws:PrincipalOrgID\")\n .values(example.applyValue(getOrganizationResult -\u003e getOrganizationResult.id()))\n .build())\n .principals(GetPolicyDocumentStatementPrincipalArgs.builder()\n .type(\"AWS\")\n .identifiers(\"*\")\n .build())\n .resources(snsTopic.arn())\n .build())\n .build());\n\n var snsTopicPolicyTopicPolicy = new TopicPolicy(\"snsTopicPolicyTopicPolicy\", TopicPolicyArgs.builder() \n .arn(snsTopic.arn())\n .policy(snsTopicPolicyPolicyDocument.applyValue(getPolicyDocumentResult -\u003e getPolicyDocumentResult).applyValue(snsTopicPolicyPolicyDocument -\u003e snsTopicPolicyPolicyDocument.applyValue(getPolicyDocumentResult -\u003e getPolicyDocumentResult.json())))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n snsTopic:\n type: aws:sns:Topic\n snsTopicPolicyTopicPolicy:\n type: aws:sns:TopicPolicy\n properties:\n arn: ${snsTopic.arn}\n policy: ${snsTopicPolicyPolicyDocument.json}\nvariables:\n example:\n fn::invoke:\n Function: aws:organizations:getOrganization\n Arguments: {}\n snsTopicPolicyPolicyDocument:\n fn::invoke:\n Function: aws:iam:getPolicyDocument\n Arguments:\n statements:\n - effect: Allow\n actions:\n - SNS:Subscribe\n - SNS:Publish\n conditions:\n - test: StringEquals\n variable: aws:PrincipalOrgID\n values:\n - ${example.id}\n principals:\n - type: AWS\n identifiers:\n - '*'\n resources:\n - ${snsTopic.arn}\n```\n{{% /example %}}\n{{% /examples %}}", "outputs": { "description": "A collection of values returned by getOrganization.\n", "properties": { @@ -340553,7 +340550,7 @@ } }, "aws:vpc/getSecurityGroupRules:getSecurityGroupRules": { - "description": "This resource can be useful for getting back a set of security group rule IDs.\n\n{{% examples %}}\n## Example Usage\n{{% example %}}\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst example = aws.vpc.getSecurityGroupRules({\n filters: [{\n name: \"group-id\",\n values: [_var.security_group_id],\n }],\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nexample = aws.vpc.get_security_group_rules(filters=[aws.vpc.GetSecurityGroupRulesFilterArgs(\n name=\"group-id\",\n values=[var[\"security_group_id\"]],\n)])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var example = Aws.Vpc.GetSecurityGroupRules.Invoke(new()\n {\n Filters = new[]\n {\n new Aws.Vpc.Inputs.GetSecurityGroupRulesFilterInputArgs\n {\n Name = \"group-id\",\n Values = new[]\n {\n @var.Security_group_id,\n },\n },\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\n\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/vpc\"\n)\nfunc main() {\npulumi.Run(func(ctx *pulumi.Context) error {\n_, err := vpc.GetSecurityGroupRules(ctx, \u0026vpc.GetSecurityGroupRulesArgs{\nFilters: []vpc.GetSecurityGroupRulesFilter{\n{\nName: \"group-id\",\nValues: interface{}{\n_var.Security_group_id,\n},\n},\n},\n}, nil);\nif err != nil {\nreturn err\n}\nreturn nil\n})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.aws.vpc.VpcFunctions;\nimport com.pulumi.aws.vpc.inputs.GetSecurityGroupRulesArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var example = VpcFunctions.getSecurityGroupRules(GetSecurityGroupRulesArgs.builder()\n .filters(GetSecurityGroupRulesFilterArgs.builder()\n .name(\"group-id\")\n .values(var_.security_group_id())\n .build())\n .build());\n\n }\n}\n```\n```yaml\nvariables:\n example:\n fn::invoke:\n Function: aws:vpc:getSecurityGroupRules\n Arguments:\n filters:\n - name: group-id\n values:\n - ${var.security_group_id}\n```\n{{% /example %}}\n{{% /examples %}}", + "description": "This resource can be useful for getting back a set of security group rule IDs.\n\n{{% examples %}}\n## Example Usage\n{{% example %}}\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst example = aws.vpc.getSecurityGroupRules({\n filters: [{\n name: \"group-id\",\n values: [_var.security_group_id],\n }],\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nexample = aws.vpc.get_security_group_rules(filters=[aws.vpc.GetSecurityGroupRulesFilterArgs(\n name=\"group-id\",\n values=[var[\"security_group_id\"]],\n)])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var example = Aws.Vpc.GetSecurityGroupRules.Invoke(new()\n {\n Filters = new[]\n {\n new Aws.Vpc.Inputs.GetSecurityGroupRulesFilterInputArgs\n {\n Name = \"group-id\",\n Values = new[]\n {\n @var.Security_group_id,\n },\n },\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/vpc\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\nfunc main() {\npulumi.Run(func(ctx *pulumi.Context) error {\n_, err := vpc.GetSecurityGroupRules(ctx, \u0026vpc.GetSecurityGroupRulesArgs{\nFilters: []vpc.GetSecurityGroupRulesFilter{\n{\nName: \"group-id\",\nValues: interface{}{\n_var.Security_group_id,\n},\n},\n},\n}, nil);\nif err != nil {\nreturn err\n}\nreturn nil\n})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.aws.vpc.VpcFunctions;\nimport com.pulumi.aws.vpc.inputs.GetSecurityGroupRulesArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var example = VpcFunctions.getSecurityGroupRules(GetSecurityGroupRulesArgs.builder()\n .filters(GetSecurityGroupRulesFilterArgs.builder()\n .name(\"group-id\")\n .values(var_.security_group_id())\n .build())\n .build());\n\n }\n}\n```\n```yaml\nvariables:\n example:\n fn::invoke:\n Function: aws:vpc:getSecurityGroupRules\n Arguments:\n filters:\n - name: group-id\n values:\n - ${var.security_group_id}\n```\n{{% /example %}}\n{{% /examples %}}", "inputs": { "description": "A collection of arguments for invoking getSecurityGroupRules.\n", "properties": { diff --git a/provider/go.mod b/provider/go.mod index 636c500a38d..fdaa7e3f9e5 100644 --- a/provider/go.mod +++ b/provider/go.mod @@ -8,9 +8,9 @@ require ( github.com/hashicorp/terraform-provider-aws/shim v0.0.0 github.com/mitchellh/go-homedir v1.1.0 github.com/pulumi/pulumi-terraform-bridge/pf v0.14.1 - github.com/pulumi/pulumi-terraform-bridge/v3 v3.54.1 - github.com/pulumi/pulumi/pkg/v3 v3.75.0 - github.com/pulumi/pulumi/sdk/v3 v3.75.0 + github.com/pulumi/pulumi-terraform-bridge/v3 v3.55.0 + github.com/pulumi/pulumi/pkg/v3 v3.76.1 + github.com/pulumi/pulumi/sdk/v3 v3.76.1 github.com/stretchr/testify v1.8.4 ) @@ -227,7 +227,7 @@ require ( github.com/kylelemons/godebug v1.1.0 // indirect github.com/mattbaird/jsonpatch v0.0.0-20200820163806-098863c1fc24 // indirect github.com/mattn/go-colorable v0.1.13 // indirect - github.com/mattn/go-isatty v0.0.17 // indirect + github.com/mattn/go-isatty v0.0.18 // indirect github.com/mattn/go-runewidth v0.0.13 // indirect github.com/mgutz/ansi v0.0.0-20170206155736-9520e82c474b // indirect github.com/mitchellh/cli v1.1.5 // indirect @@ -266,7 +266,7 @@ require ( github.com/santhosh-tekuri/jsonschema/v5 v5.0.0 // indirect github.com/segmentio/asm v1.1.3 // indirect github.com/segmentio/encoding v0.3.5 // indirect - github.com/sergi/go-diff v1.2.0 // indirect + github.com/sergi/go-diff v1.3.1 // indirect github.com/shopspring/decimal v1.3.1 // indirect github.com/skeema/knownhosts v1.1.0 // indirect github.com/spf13/afero v1.9.5 // indirect @@ -297,7 +297,7 @@ require ( golang.org/x/mod v0.10.0 // indirect golang.org/x/net v0.11.0 // indirect golang.org/x/oauth2 v0.7.0 // indirect - golang.org/x/sync v0.1.0 // indirect + golang.org/x/sync v0.2.0 // indirect golang.org/x/sys v0.10.0 // indirect golang.org/x/term v0.10.0 // indirect golang.org/x/text v0.11.0 // indirect diff --git a/provider/go.sum b/provider/go.sum index ba94aa8a6d2..3432fdc5c0f 100644 --- a/provider/go.sum +++ b/provider/go.sum @@ -1996,8 +1996,8 @@ github.com/mattn/go-isatty v0.0.11/go.mod h1:PhnuNfih5lzO57/f3n+odYbM4JtupLOxQOA github.com/mattn/go-isatty v0.0.12/go.mod h1:cbi8OIDigv2wuxKPP5vlRcQ1OAZbq2CE4Kysco4FUpU= github.com/mattn/go-isatty v0.0.14/go.mod h1:7GGIvUiUoEMVVmxf/4nioHXj79iQHKdU27kJ6hsGG94= github.com/mattn/go-isatty v0.0.16/go.mod h1:kYGgaQfpe5nmfYZH+SKPsOc2e4SrIfOl2e/yFXSvRLM= -github.com/mattn/go-isatty v0.0.17 h1:BTarxUcIeDqL27Mc+vyvdWYSL28zpIhv3RoTdsLMPng= -github.com/mattn/go-isatty v0.0.17/go.mod h1:kYGgaQfpe5nmfYZH+SKPsOc2e4SrIfOl2e/yFXSvRLM= +github.com/mattn/go-isatty v0.0.18 h1:DOKFKCQ7FNG2L1rbrmstDN4QVRdS89Nkh85u68Uwp98= +github.com/mattn/go-isatty v0.0.18/go.mod h1:W+V8PltTTMOvKvAeJH7IuucS94S2C6jfK/D7dTCTo3Y= github.com/mattn/go-runewidth v0.0.2/go.mod h1:LwmH8dsx7+W8Uxz3IHJYH5QSwggIsqBzpuz5H//U1FU= github.com/mattn/go-runewidth v0.0.4/go.mod h1:LwmH8dsx7+W8Uxz3IHJYH5QSwggIsqBzpuz5H//U1FU= github.com/mattn/go-runewidth v0.0.13 h1:lTGmDsbAYt5DmK6OnoV7EuIF1wEIFAcxld6ypU4OSgU= @@ -2281,16 +2281,16 @@ github.com/pulumi/pulumi-java/pkg v0.9.4/go.mod h1:c6rSw/+q4O0IImgJ9axxoC6QesbPY github.com/pulumi/pulumi-terraform-bridge/pf v0.14.1 h1:5rUx8yFHic576DVHVGOqpYxEcoDyjuokuh8324aFP4c= github.com/pulumi/pulumi-terraform-bridge/pf v0.14.1/go.mod h1:JnLxW6/U/BGCVdOqsPtPxnIumHp26wqsZv3Ywtgbdl8= github.com/pulumi/pulumi-terraform-bridge/testing v0.0.1 h1:SCg1gjfY9N4yn8U8peIUYATifjoDABkyR7H9lmefsfc= -github.com/pulumi/pulumi-terraform-bridge/v3 v3.54.1 h1:vTu0+el9A3AH9klQKdxloOCuvLONHZPDVFDC6cFor+g= -github.com/pulumi/pulumi-terraform-bridge/v3 v3.54.1/go.mod h1:OgOp9PzeKBBqWRZ87VX+amwG8Jt1V1pI+/WZ5dGkYG8= +github.com/pulumi/pulumi-terraform-bridge/v3 v3.55.0 h1:A33Ji/QSCYy2Jk5+1BzA5vFmK7Rvq6XFo8jS69QahVo= +github.com/pulumi/pulumi-terraform-bridge/v3 v3.55.0/go.mod h1:ykaml8e6XS/yI9JOcNZ+6gLirs6EWTB0FmjbT+JyEdU= github.com/pulumi/pulumi-terraform-bridge/x/muxer v0.0.6 h1:uy8P3aaAbrOrGvytvCb2KsYqZMA9TJiY8IKeVQgNAJo= github.com/pulumi/pulumi-terraform-bridge/x/muxer v0.0.6/go.mod h1:uw1IN0Mlvi5SL0cmWzmKqZ+ZDNueRIXkr9aE+XQkrug= github.com/pulumi/pulumi-yaml v1.1.1 h1:8pyBNIU8+ym0wYpjhsCqN+cutygfK1XbhY2YEeNfyXY= github.com/pulumi/pulumi-yaml v1.1.1/go.mod h1:GhpdS6rFpwqvUtKdA+fQy8P28iNvncng39IXh5q68vE= -github.com/pulumi/pulumi/pkg/v3 v3.75.0 h1:oBJ+Ft5VokKJGZHtX5ytyKenMCBH/d1+rsVL5MOGmHo= -github.com/pulumi/pulumi/pkg/v3 v3.75.0/go.mod h1:jzU1sKjOoDMFxxISb4hEK/C1mQsHVheYkWfZPLQRC9c= -github.com/pulumi/pulumi/sdk/v3 v3.75.0 h1:+5V5UOwgHKAaqSD8DKhuTU+RTObqkH3yp/p2EJQYYQk= -github.com/pulumi/pulumi/sdk/v3 v3.75.0/go.mod h1:HiE9Wf+DVrg8Em1D6bxRCdDMsNkj8//vLCST73xH2Hc= +github.com/pulumi/pulumi/pkg/v3 v3.76.1 h1:OdQHwI2oB8Q1Es13by63QhDqIdk7Kl4w39UTrX3M44Y= +github.com/pulumi/pulumi/pkg/v3 v3.76.1/go.mod h1:DnDxyPUhLJv334MdPIIGYD0V7i7fVb7j9AvYf18MI6w= +github.com/pulumi/pulumi/sdk/v3 v3.76.1 h1:ItfwcLvxAyX+Pl+BPgx+J5mhKF3/LWOMls/vneTXp9o= +github.com/pulumi/pulumi/sdk/v3 v3.76.1/go.mod h1:HiE9Wf+DVrg8Em1D6bxRCdDMsNkj8//vLCST73xH2Hc= github.com/pulumi/schema-tools v0.1.2 h1:Fd9xvUjgck4NA+7/jSk7InqCUT4Kj940+EcnbQKpfZo= github.com/pulumi/schema-tools v0.1.2/go.mod h1:62lgj52Tzq11eqWTIaKd+EVyYAu5dEcDJxMhTjvMO/k= github.com/pulumi/terraform-diff-reader v0.0.2 h1:kTE4nEXU3/SYXESvAIem+wyHMI3abqkI3OhJ0G04LLI= @@ -2345,8 +2345,9 @@ github.com/segmentio/encoding v0.3.5 h1:UZEiaZ55nlXGDL92scoVuw00RmiRCazIEmvPSbSv github.com/segmentio/encoding v0.3.5/go.mod h1:n0JeuIqEQrQoPDGsjo8UNd1iA0U8d8+oHAA4E3G3OxM= github.com/sergi/go-diff v1.0.0/go.mod h1:0CfEIISq7TuYL3j771MWULgwwjU+GofnZX9QAmXWZgo= github.com/sergi/go-diff v1.1.0/go.mod h1:STckp+ISIX8hZLjrqAeVduY0gWCT9IjLuqbuNXdaHfM= -github.com/sergi/go-diff v1.2.0 h1:XU+rvMAioB0UC3q1MFrIQy4Vo5/4VsRDQQXHsEya6xQ= github.com/sergi/go-diff v1.2.0/go.mod h1:STckp+ISIX8hZLjrqAeVduY0gWCT9IjLuqbuNXdaHfM= +github.com/sergi/go-diff v1.3.1 h1:xkr+Oxo4BOQKmkn/B9eMK0g5Kg/983T9DqqPHwYqD+8= +github.com/sergi/go-diff v1.3.1/go.mod h1:aMJSSKb2lpPvRNec0+w3fl7LP9IOFzdc9Pa4NFbPK1I= github.com/shopspring/decimal v0.0.0-20180709203117-cd690d0c9e24/go.mod h1:M+9NzErvs504Cn4c5DxATwIqPbtswREoFCre64PpcG4= github.com/shopspring/decimal v1.2.0/go.mod h1:DKyhrW/HYNuLGql+MJL6WCR6knT2jwCFRcu2hWCYk4o= github.com/shopspring/decimal v1.3.1 h1:2Usl1nmF/WZucqkFZhnfFYxxxu8LG21F6nPQBE5gKV8= @@ -2890,8 +2891,9 @@ golang.org/x/sync v0.0.0-20220601150217-0de741cfad7f/go.mod h1:RxMgew5VJxzue5/jJ golang.org/x/sync v0.0.0-20220722155255-886fb9371eb4/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= golang.org/x/sync v0.0.0-20220819030929-7fc1605a5dde/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= golang.org/x/sync v0.0.0-20220929204114-8fcdb60fdcc0/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= -golang.org/x/sync v0.1.0 h1:wsuoTGHzEhffawBOhz5CYhcrV4IdKZbEyZjBMuTp12o= golang.org/x/sync v0.1.0/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= +golang.org/x/sync v0.2.0 h1:PUR+T4wwASmuSTYdKjYHI5TD22Wy5ogLU5qZCOLxBrI= +golang.org/x/sync v0.2.0/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= golang.org/x/sys v0.0.0-20180823144017-11551d06cbcc/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= golang.org/x/sys v0.0.0-20180830151530-49385e6e1522/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= golang.org/x/sys v0.0.0-20180905080454-ebe1bf3edb33/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= @@ -3198,8 +3200,8 @@ golang.org/x/tools v0.1.12/go.mod h1:hNGJHUnrk76NpqgfD5Aqm5Crs+Hm0VOH/i9J2+nxYbc golang.org/x/tools v0.2.0/go.mod h1:y4OqIKeOV/fWJetJ8bXPU1sEVniLMIyDAZWeHdV+NTA= golang.org/x/tools v0.3.0/go.mod h1:/rWhSS2+zyEVwoJf8YAX6L2f0ntZ7Kn/mGgAWcipA5k= golang.org/x/tools v0.6.0/go.mod h1:Xwgl3UAJ/d3gWutnCtw505GrjyAbvKui8lOU390QaIU= -golang.org/x/tools v0.7.0 h1:W4OVu8VVOaIO0yzWMNdepAulS7YfoS3Zabrm8DOXXU4= golang.org/x/tools v0.7.0/go.mod h1:4pg6aUX35JBAogB10C9AtvVL+qowtN4pT3CGSQex14s= +golang.org/x/tools v0.9.3 h1:Gn1I8+64MsuTb/HpH+LmQtNas23LhUVr3rYZ0eKuaMM= golang.org/x/xerrors v0.0.0-20190410155217-1f06c39b4373/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= golang.org/x/xerrors v0.0.0-20190513163551-3ee3066db522/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= golang.org/x/xerrors v0.0.0-20190717185122-a985d3407aa7/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= diff --git a/sdk/go/aws/acmpca/policy.go b/sdk/go/aws/acmpca/policy.go index 87cfb5fd801..dbbc75e4fb9 100644 --- a/sdk/go/aws/acmpca/policy.go +++ b/sdk/go/aws/acmpca/policy.go @@ -22,9 +22,10 @@ import ( // // import ( // -// "github.com/pulumi/pulumi/sdk/v3/go/pulumi" -// "github.com/pulumi/pulumi-aws/sdk/v6/go/aws/acmpca" -// "github.com/pulumi/pulumi-aws/sdk/v6/go/aws/iam" +// "github.com/pulumi/pulumi-aws/sdk/v6/go/aws/acmpca" +// "github.com/pulumi/pulumi-aws/sdk/v6/go/aws/iam" +// "github.com/pulumi/pulumi/sdk/v3/go/pulumi" +// // ) // func main() { // pulumi.Run(func(ctx *pulumi.Context) error { diff --git a/sdk/go/aws/amplify/branch.go b/sdk/go/aws/amplify/branch.go index ec6ee540946..1bc4e8392a5 100644 --- a/sdk/go/aws/amplify/branch.go +++ b/sdk/go/aws/amplify/branch.go @@ -57,14 +57,16 @@ import ( // package main // // import ( -// "encoding/json" -// "fmt" // -// "github.com/pulumi/pulumi/sdk/v3/go/pulumi" -// "github.com/pulumi/pulumi-aws/sdk/v6/go/aws/amplify" -// "github.com/pulumi/pulumi-aws/sdk/v6/go/aws/cloudwatch" -// "github.com/pulumi/pulumi-aws/sdk/v6/go/aws/iam" -// "github.com/pulumi/pulumi-aws/sdk/v6/go/aws/sns" +// "encoding/json" +// "fmt" +// +// "github.com/pulumi/pulumi-aws/sdk/v6/go/aws/amplify" +// "github.com/pulumi/pulumi-aws/sdk/v6/go/aws/cloudwatch" +// "github.com/pulumi/pulumi-aws/sdk/v6/go/aws/iam" +// "github.com/pulumi/pulumi-aws/sdk/v6/go/aws/sns" +// "github.com/pulumi/pulumi/sdk/v3/go/pulumi" +// // ) // func main() { // pulumi.Run(func(ctx *pulumi.Context) error { diff --git a/sdk/go/aws/backup/vaultNotifications.go b/sdk/go/aws/backup/vaultNotifications.go index 5742464a6c0..558c25c8cfa 100644 --- a/sdk/go/aws/backup/vaultNotifications.go +++ b/sdk/go/aws/backup/vaultNotifications.go @@ -21,10 +21,11 @@ import ( // // import ( // -// "github.com/pulumi/pulumi/sdk/v3/go/pulumi" -// "github.com/pulumi/pulumi-aws/sdk/v6/go/aws/backup" -// "github.com/pulumi/pulumi-aws/sdk/v6/go/aws/iam" -// "github.com/pulumi/pulumi-aws/sdk/v6/go/aws/sns" +// "github.com/pulumi/pulumi-aws/sdk/v6/go/aws/backup" +// "github.com/pulumi/pulumi-aws/sdk/v6/go/aws/iam" +// "github.com/pulumi/pulumi-aws/sdk/v6/go/aws/sns" +// "github.com/pulumi/pulumi/sdk/v3/go/pulumi" +// // ) // func main() { // pulumi.Run(func(ctx *pulumi.Context) error { diff --git a/sdk/go/aws/cloudformation/stackSetInstance.go b/sdk/go/aws/cloudformation/stackSetInstance.go index b4930c9369a..d3f7f2cdf24 100644 --- a/sdk/go/aws/cloudformation/stackSetInstance.go +++ b/sdk/go/aws/cloudformation/stackSetInstance.go @@ -53,8 +53,9 @@ import ( // // import ( // -// "github.com/pulumi/pulumi/sdk/v3/go/pulumi" -// "github.com/pulumi/pulumi-aws/sdk/v6/go/aws/iam" +// "github.com/pulumi/pulumi-aws/sdk/v6/go/aws/iam" +// "github.com/pulumi/pulumi/sdk/v3/go/pulumi" +// // ) // func main() { // pulumi.Run(func(ctx *pulumi.Context) error { diff --git a/sdk/go/aws/cloudfront/originAccessIdentity.go b/sdk/go/aws/cloudfront/originAccessIdentity.go index edf4aef05be..6afa2285deb 100644 --- a/sdk/go/aws/cloudfront/originAccessIdentity.go +++ b/sdk/go/aws/cloudfront/originAccessIdentity.go @@ -94,11 +94,13 @@ import ( // package main // // import ( -// "fmt" // -// "github.com/pulumi/pulumi/sdk/v3/go/pulumi" -// "github.com/pulumi/pulumi-aws/sdk/v6/go/aws/iam" -// "github.com/pulumi/pulumi-aws/sdk/v6/go/aws/s3" +// "fmt" +// +// "github.com/pulumi/pulumi-aws/sdk/v6/go/aws/iam" +// "github.com/pulumi/pulumi-aws/sdk/v6/go/aws/s3" +// "github.com/pulumi/pulumi/sdk/v3/go/pulumi" +// // ) // func main() { // pulumi.Run(func(ctx *pulumi.Context) error { diff --git a/sdk/go/aws/cloudfront/realtimeLogConfig.go b/sdk/go/aws/cloudfront/realtimeLogConfig.go index 3ced971f5e9..c7a9c9bc986 100644 --- a/sdk/go/aws/cloudfront/realtimeLogConfig.go +++ b/sdk/go/aws/cloudfront/realtimeLogConfig.go @@ -21,9 +21,10 @@ import ( // // import ( // -// "github.com/pulumi/pulumi/sdk/v3/go/pulumi" -// "github.com/pulumi/pulumi-aws/sdk/v6/go/aws/cloudfront" -// "github.com/pulumi/pulumi-aws/sdk/v6/go/aws/iam" +// "github.com/pulumi/pulumi-aws/sdk/v6/go/aws/cloudfront" +// "github.com/pulumi/pulumi-aws/sdk/v6/go/aws/iam" +// "github.com/pulumi/pulumi/sdk/v3/go/pulumi" +// // ) // func main() { // pulumi.Run(func(ctx *pulumi.Context) error { diff --git a/sdk/go/aws/cloudtrail/getServiceAccount.go b/sdk/go/aws/cloudtrail/getServiceAccount.go index 6f031a49ad3..e893f6fdaac 100644 --- a/sdk/go/aws/cloudtrail/getServiceAccount.go +++ b/sdk/go/aws/cloudtrail/getServiceAccount.go @@ -20,12 +20,14 @@ import ( // package main // // import ( -// "fmt" // -// "github.com/pulumi/pulumi/sdk/v3/go/pulumi" -// "github.com/pulumi/pulumi-aws/sdk/v6/go/aws/cloudtrail" -// "github.com/pulumi/pulumi-aws/sdk/v6/go/aws/iam" -// "github.com/pulumi/pulumi-aws/sdk/v6/go/aws/s3" +// "fmt" +// +// "github.com/pulumi/pulumi-aws/sdk/v6/go/aws/cloudtrail" +// "github.com/pulumi/pulumi-aws/sdk/v6/go/aws/iam" +// "github.com/pulumi/pulumi-aws/sdk/v6/go/aws/s3" +// "github.com/pulumi/pulumi/sdk/v3/go/pulumi" +// // ) // func main() { // pulumi.Run(func(ctx *pulumi.Context) error { diff --git a/sdk/go/aws/cloudwatch/eventBusPolicy.go b/sdk/go/aws/cloudwatch/eventBusPolicy.go index 86d45b05f2e..1fa6d6ddf22 100644 --- a/sdk/go/aws/cloudwatch/eventBusPolicy.go +++ b/sdk/go/aws/cloudwatch/eventBusPolicy.go @@ -78,9 +78,10 @@ import ( // // import ( // -// "github.com/pulumi/pulumi/sdk/v3/go/pulumi" -// "github.com/pulumi/pulumi-aws/sdk/v6/go/aws/cloudwatch" -// "github.com/pulumi/pulumi-aws/sdk/v6/go/aws/iam" +// "github.com/pulumi/pulumi-aws/sdk/v6/go/aws/cloudwatch" +// "github.com/pulumi/pulumi-aws/sdk/v6/go/aws/iam" +// "github.com/pulumi/pulumi/sdk/v3/go/pulumi" +// // ) // func main() { // pulumi.Run(func(ctx *pulumi.Context) error { @@ -140,9 +141,10 @@ import ( // // import ( // -// "github.com/pulumi/pulumi/sdk/v3/go/pulumi" -// "github.com/pulumi/pulumi-aws/sdk/v6/go/aws/cloudwatch" -// "github.com/pulumi/pulumi-aws/sdk/v6/go/aws/iam" +// "github.com/pulumi/pulumi-aws/sdk/v6/go/aws/cloudwatch" +// "github.com/pulumi/pulumi-aws/sdk/v6/go/aws/iam" +// "github.com/pulumi/pulumi/sdk/v3/go/pulumi" +// // ) // func main() { // pulumi.Run(func(ctx *pulumi.Context) error { diff --git a/sdk/go/aws/cloudwatch/eventRule.go b/sdk/go/aws/cloudwatch/eventRule.go index f1a1ce7047d..67bd94b5762 100644 --- a/sdk/go/aws/cloudwatch/eventRule.go +++ b/sdk/go/aws/cloudwatch/eventRule.go @@ -21,12 +21,14 @@ import ( // package main // // import ( -// "encoding/json" // -// "github.com/pulumi/pulumi/sdk/v3/go/pulumi" -// "github.com/pulumi/pulumi-aws/sdk/v6/go/aws/cloudwatch" -// "github.com/pulumi/pulumi-aws/sdk/v6/go/aws/iam" -// "github.com/pulumi/pulumi-aws/sdk/v6/go/aws/sns" +// "encoding/json" +// +// "github.com/pulumi/pulumi-aws/sdk/v6/go/aws/cloudwatch" +// "github.com/pulumi/pulumi-aws/sdk/v6/go/aws/iam" +// "github.com/pulumi/pulumi-aws/sdk/v6/go/aws/sns" +// "github.com/pulumi/pulumi/sdk/v3/go/pulumi" +// // ) // func main() { // pulumi.Run(func(ctx *pulumi.Context) error { diff --git a/sdk/go/aws/codebuild/project.go b/sdk/go/aws/codebuild/project.go index f5f1e037d78..2e01b8baad6 100644 --- a/sdk/go/aws/codebuild/project.go +++ b/sdk/go/aws/codebuild/project.go @@ -20,12 +20,14 @@ import ( // package main // // import ( -// "fmt" // -// "github.com/pulumi/pulumi/sdk/v3/go/pulumi" -// "github.com/pulumi/pulumi-aws/sdk/v6/go/aws/codebuild" -// "github.com/pulumi/pulumi-aws/sdk/v6/go/aws/iam" -// "github.com/pulumi/pulumi-aws/sdk/v6/go/aws/s3" +// "fmt" +// +// "github.com/pulumi/pulumi-aws/sdk/v6/go/aws/codebuild" +// "github.com/pulumi/pulumi-aws/sdk/v6/go/aws/iam" +// "github.com/pulumi/pulumi-aws/sdk/v6/go/aws/s3" +// "github.com/pulumi/pulumi/sdk/v3/go/pulumi" +// // ) // func main() { // pulumi.Run(func(ctx *pulumi.Context) error { diff --git a/sdk/go/aws/codestarnotifications/notificationRule.go b/sdk/go/aws/codestarnotifications/notificationRule.go index 730656701d2..c322d0cb187 100644 --- a/sdk/go/aws/codestarnotifications/notificationRule.go +++ b/sdk/go/aws/codestarnotifications/notificationRule.go @@ -21,11 +21,12 @@ import ( // // import ( // -// "github.com/pulumi/pulumi/sdk/v3/go/pulumi" -// "github.com/pulumi/pulumi-aws/sdk/v6/go/aws/codecommit" -// "github.com/pulumi/pulumi-aws/sdk/v6/go/aws/codestarnotifications" -// "github.com/pulumi/pulumi-aws/sdk/v6/go/aws/iam" -// "github.com/pulumi/pulumi-aws/sdk/v6/go/aws/sns" +// "github.com/pulumi/pulumi-aws/sdk/v6/go/aws/codecommit" +// "github.com/pulumi/pulumi-aws/sdk/v6/go/aws/codestarnotifications" +// "github.com/pulumi/pulumi-aws/sdk/v6/go/aws/iam" +// "github.com/pulumi/pulumi-aws/sdk/v6/go/aws/sns" +// "github.com/pulumi/pulumi/sdk/v3/go/pulumi" +// // ) // func main() { // pulumi.Run(func(ctx *pulumi.Context) error { diff --git a/sdk/go/aws/directoryservice/sharedDirectory.go b/sdk/go/aws/directoryservice/sharedDirectory.go index 12929cd8efd..2f82e2ff914 100644 --- a/sdk/go/aws/directoryservice/sharedDirectory.go +++ b/sdk/go/aws/directoryservice/sharedDirectory.go @@ -21,8 +21,9 @@ import ( // // import ( // -// "github.com/pulumi/pulumi/sdk/v3/go/pulumi" -// "github.com/pulumi/pulumi-aws/sdk/v6/go/aws/directoryservice" +// "github.com/pulumi/pulumi-aws/sdk/v6/go/aws/directoryservice" +// "github.com/pulumi/pulumi/sdk/v3/go/pulumi" +// // ) // func main() { // pulumi.Run(func(ctx *pulumi.Context) error { diff --git a/sdk/go/aws/ec2/getInternetGateway.go b/sdk/go/aws/ec2/getInternetGateway.go index ecb31b66276..2bdd1cdff84 100644 --- a/sdk/go/aws/ec2/getInternetGateway.go +++ b/sdk/go/aws/ec2/getInternetGateway.go @@ -20,9 +20,10 @@ import ( // // import ( // -// "github.com/pulumi/pulumi/sdk/v3/go/pulumi" -// "github.com/pulumi/pulumi-aws/sdk/v6/go/aws/ec2" -// "github.com/pulumi/pulumi/sdk/v3/go/pulumi/config" +// "github.com/pulumi/pulumi-aws/sdk/v6/go/aws/ec2" +// "github.com/pulumi/pulumi/sdk/v3/go/pulumi" +// "github.com/pulumi/pulumi/sdk/v3/go/pulumi/config" +// // ) // func main() { // pulumi.Run(func(ctx *pulumi.Context) error { diff --git a/sdk/go/aws/ec2/getNetworkAcls.go b/sdk/go/aws/ec2/getNetworkAcls.go index a1d0e6cb670..d187e5dd8f8 100644 --- a/sdk/go/aws/ec2/getNetworkAcls.go +++ b/sdk/go/aws/ec2/getNetworkAcls.go @@ -78,8 +78,9 @@ import ( // // import ( // -// "github.com/pulumi/pulumi/sdk/v3/go/pulumi" -// "github.com/pulumi/pulumi-aws/sdk/v6/go/aws/ec2" +// "github.com/pulumi/pulumi-aws/sdk/v6/go/aws/ec2" +// "github.com/pulumi/pulumi/sdk/v3/go/pulumi" +// // ) // func main() { // pulumi.Run(func(ctx *pulumi.Context) error { diff --git a/sdk/go/aws/ec2/getNetworkInterfaces.go b/sdk/go/aws/ec2/getNetworkInterfaces.go index f4bc2d9215b..74250c5f22b 100644 --- a/sdk/go/aws/ec2/getNetworkInterfaces.go +++ b/sdk/go/aws/ec2/getNetworkInterfaces.go @@ -75,8 +75,9 @@ import ( // // import ( // -// "github.com/pulumi/pulumi/sdk/v3/go/pulumi" -// "github.com/pulumi/pulumi-aws/sdk/v6/go/aws/ec2" +// "github.com/pulumi/pulumi-aws/sdk/v6/go/aws/ec2" +// "github.com/pulumi/pulumi/sdk/v3/go/pulumi" +// // ) // func main() { // pulumi.Run(func(ctx *pulumi.Context) error { diff --git a/sdk/go/aws/ec2/getSecurityGroups.go b/sdk/go/aws/ec2/getSecurityGroups.go index 6bdac76be83..7edeb945baf 100644 --- a/sdk/go/aws/ec2/getSecurityGroups.go +++ b/sdk/go/aws/ec2/getSecurityGroups.go @@ -47,8 +47,9 @@ import ( // // import ( // -// "github.com/pulumi/pulumi/sdk/v3/go/pulumi" -// "github.com/pulumi/pulumi-aws/sdk/v6/go/aws/ec2" +// "github.com/pulumi/pulumi-aws/sdk/v6/go/aws/ec2" +// "github.com/pulumi/pulumi/sdk/v3/go/pulumi" +// // ) // func main() { // pulumi.Run(func(ctx *pulumi.Context) error { diff --git a/sdk/go/aws/ec2/getVpcPeeringConnections.go b/sdk/go/aws/ec2/getVpcPeeringConnections.go index 7c6e1bafebe..964b1a695a2 100644 --- a/sdk/go/aws/ec2/getVpcPeeringConnections.go +++ b/sdk/go/aws/ec2/getVpcPeeringConnections.go @@ -24,8 +24,9 @@ import ( // // import ( // -// "github.com/pulumi/pulumi/sdk/v3/go/pulumi" -// "github.com/pulumi/pulumi-aws/sdk/v6/go/aws/ec2" +// "github.com/pulumi/pulumi-aws/sdk/v6/go/aws/ec2" +// "github.com/pulumi/pulumi/sdk/v3/go/pulumi" +// // ) // func main() { // pulumi.Run(func(ctx *pulumi.Context) error { diff --git a/sdk/go/aws/ec2/spotFleetRequest.go b/sdk/go/aws/ec2/spotFleetRequest.go index 35286c0112f..11afa15be71 100644 --- a/sdk/go/aws/ec2/spotFleetRequest.go +++ b/sdk/go/aws/ec2/spotFleetRequest.go @@ -132,8 +132,9 @@ import ( // // import ( // -// "github.com/pulumi/pulumi/sdk/v3/go/pulumi" -// "github.com/pulumi/pulumi-aws/sdk/v6/go/aws/ec2" +// "github.com/pulumi/pulumi-aws/sdk/v6/go/aws/ec2" +// "github.com/pulumi/pulumi/sdk/v3/go/pulumi" +// // ) // func main() { // pulumi.Run(func(ctx *pulumi.Context) error { diff --git a/sdk/go/aws/ec2transitgateway/getAttachment.go b/sdk/go/aws/ec2transitgateway/getAttachment.go index 4c441caffd6..320e1c0b4ab 100644 --- a/sdk/go/aws/ec2transitgateway/getAttachment.go +++ b/sdk/go/aws/ec2transitgateway/getAttachment.go @@ -20,8 +20,9 @@ import ( // // import ( // -// "github.com/pulumi/pulumi/sdk/v3/go/pulumi" -// "github.com/pulumi/pulumi-aws/sdk/v6/go/aws/ec2transitgateway" +// "github.com/pulumi/pulumi-aws/sdk/v6/go/aws/ec2transitgateway" +// "github.com/pulumi/pulumi/sdk/v3/go/pulumi" +// // ) // func main() { // pulumi.Run(func(ctx *pulumi.Context) error { diff --git a/sdk/go/aws/elasticsearch/domain.go b/sdk/go/aws/elasticsearch/domain.go index 8ded3d56d38..c7f8bbd52db 100644 --- a/sdk/go/aws/elasticsearch/domain.go +++ b/sdk/go/aws/elasticsearch/domain.go @@ -180,14 +180,16 @@ import ( // package main // // import ( -// "fmt" -// -// "github.com/pulumi/pulumi/sdk/v3/go/pulumi" -// "github.com/pulumi/pulumi-aws/sdk/v6/go/aws" -// "github.com/pulumi/pulumi-aws/sdk/v6/go/aws/ec2" -// "github.com/pulumi/pulumi-aws/sdk/v6/go/aws/elasticsearch" -// "github.com/pulumi/pulumi-aws/sdk/v6/go/aws/iam" -// "github.com/pulumi/pulumi/sdk/v3/go/pulumi/config" +// +// "fmt" +// +// "github.com/pulumi/pulumi-aws/sdk/v6/go/aws" +// "github.com/pulumi/pulumi-aws/sdk/v6/go/aws/ec2" +// "github.com/pulumi/pulumi-aws/sdk/v6/go/aws/elasticsearch" +// "github.com/pulumi/pulumi-aws/sdk/v6/go/aws/iam" +// "github.com/pulumi/pulumi/sdk/v3/go/pulumi" +// "github.com/pulumi/pulumi/sdk/v3/go/pulumi/config" +// // ) // func main() { // pulumi.Run(func(ctx *pulumi.Context) error { diff --git a/sdk/go/aws/elb/getServiceAccount.go b/sdk/go/aws/elb/getServiceAccount.go index b8e66b7c39e..233c9919bd2 100644 --- a/sdk/go/aws/elb/getServiceAccount.go +++ b/sdk/go/aws/elb/getServiceAccount.go @@ -22,12 +22,14 @@ import ( // package main // // import ( -// "fmt" // -// "github.com/pulumi/pulumi/sdk/v3/go/pulumi" -// "github.com/pulumi/pulumi-aws/sdk/v6/go/aws/elb" -// "github.com/pulumi/pulumi-aws/sdk/v6/go/aws/iam" -// "github.com/pulumi/pulumi-aws/sdk/v6/go/aws/s3" +// "fmt" +// +// "github.com/pulumi/pulumi-aws/sdk/v6/go/aws/elb" +// "github.com/pulumi/pulumi-aws/sdk/v6/go/aws/iam" +// "github.com/pulumi/pulumi-aws/sdk/v6/go/aws/s3" +// "github.com/pulumi/pulumi/sdk/v3/go/pulumi" +// // ) // func main() { // pulumi.Run(func(ctx *pulumi.Context) error { diff --git a/sdk/go/aws/getBillingServiceAccount.go b/sdk/go/aws/getBillingServiceAccount.go index 3e6b69d19bb..8c2d0e572d6 100644 --- a/sdk/go/aws/getBillingServiceAccount.go +++ b/sdk/go/aws/getBillingServiceAccount.go @@ -19,12 +19,14 @@ import ( // package main // // import ( -// "fmt" // -// "github.com/pulumi/pulumi/sdk/v3/go/pulumi" -// "github.com/pulumi/pulumi-aws/sdk/v6/go/aws" -// "github.com/pulumi/pulumi-aws/sdk/v6/go/aws/iam" -// "github.com/pulumi/pulumi-aws/sdk/v6/go/aws/s3" +// "fmt" +// +// "github.com/pulumi/pulumi-aws/sdk/v6/go/aws" +// "github.com/pulumi/pulumi-aws/sdk/v6/go/aws/iam" +// "github.com/pulumi/pulumi-aws/sdk/v6/go/aws/s3" +// "github.com/pulumi/pulumi/sdk/v3/go/pulumi" +// // ) // func main() { // pulumi.Run(func(ctx *pulumi.Context) error { diff --git a/sdk/go/aws/iam/getPolicyDocument.go b/sdk/go/aws/iam/getPolicyDocument.go index 887a6a357b4..b9a44c8df3a 100644 --- a/sdk/go/aws/iam/getPolicyDocument.go +++ b/sdk/go/aws/iam/getPolicyDocument.go @@ -177,10 +177,12 @@ import ( // package main // // import ( -// "fmt" // -// "github.com/pulumi/pulumi/sdk/v3/go/pulumi" -// "github.com/pulumi/pulumi-aws/sdk/v6/go/aws/iam" +// "fmt" +// +// "github.com/pulumi/pulumi-aws/sdk/v6/go/aws/iam" +// "github.com/pulumi/pulumi/sdk/v3/go/pulumi" +// // ) // func main() { // pulumi.Run(func(ctx *pulumi.Context) error { @@ -228,8 +230,9 @@ import ( // // import ( // -// "github.com/pulumi/pulumi/sdk/v3/go/pulumi" -// "github.com/pulumi/pulumi-aws/sdk/v6/go/aws/iam" +// "github.com/pulumi/pulumi-aws/sdk/v6/go/aws/iam" +// "github.com/pulumi/pulumi/sdk/v3/go/pulumi" +// // ) // func main() { // pulumi.Run(func(ctx *pulumi.Context) error { @@ -307,8 +310,9 @@ import ( // // import ( // -// "github.com/pulumi/pulumi/sdk/v3/go/pulumi" -// "github.com/pulumi/pulumi-aws/sdk/v6/go/aws/iam" +// "github.com/pulumi/pulumi-aws/sdk/v6/go/aws/iam" +// "github.com/pulumi/pulumi/sdk/v3/go/pulumi" +// // ) // func main() { // pulumi.Run(func(ctx *pulumi.Context) error { @@ -388,8 +392,9 @@ import ( // // import ( // -// "github.com/pulumi/pulumi/sdk/v3/go/pulumi" -// "github.com/pulumi/pulumi-aws/sdk/v6/go/aws/iam" +// "github.com/pulumi/pulumi-aws/sdk/v6/go/aws/iam" +// "github.com/pulumi/pulumi/sdk/v3/go/pulumi" +// // ) // func main() { // pulumi.Run(func(ctx *pulumi.Context) error { @@ -468,8 +473,9 @@ import ( // // import ( // -// "github.com/pulumi/pulumi/sdk/v3/go/pulumi" -// "github.com/pulumi/pulumi-aws/sdk/v6/go/aws/iam" +// "github.com/pulumi/pulumi-aws/sdk/v6/go/aws/iam" +// "github.com/pulumi/pulumi/sdk/v3/go/pulumi" +// // ) // func main() { // pulumi.Run(func(ctx *pulumi.Context) error { @@ -560,8 +566,9 @@ import ( // // import ( // -// "github.com/pulumi/pulumi/sdk/v3/go/pulumi" -// "github.com/pulumi/pulumi-aws/sdk/v6/go/aws/iam" +// "github.com/pulumi/pulumi-aws/sdk/v6/go/aws/iam" +// "github.com/pulumi/pulumi/sdk/v3/go/pulumi" +// // ) // func main() { // pulumi.Run(func(ctx *pulumi.Context) error { diff --git a/sdk/go/aws/iot/topicRule.go b/sdk/go/aws/iot/topicRule.go index d69932ead19..a4cd28ea9ca 100644 --- a/sdk/go/aws/iot/topicRule.go +++ b/sdk/go/aws/iot/topicRule.go @@ -19,10 +19,11 @@ import ( // // import ( // -// "github.com/pulumi/pulumi/sdk/v3/go/pulumi" -// "github.com/pulumi/pulumi-aws/sdk/v6/go/aws/iam" -// "github.com/pulumi/pulumi-aws/sdk/v6/go/aws/iot" -// "github.com/pulumi/pulumi-aws/sdk/v6/go/aws/sns" +// "github.com/pulumi/pulumi-aws/sdk/v6/go/aws/iam" +// "github.com/pulumi/pulumi-aws/sdk/v6/go/aws/iot" +// "github.com/pulumi/pulumi-aws/sdk/v6/go/aws/sns" +// "github.com/pulumi/pulumi/sdk/v3/go/pulumi" +// // ) // func main() { // pulumi.Run(func(ctx *pulumi.Context) error { diff --git a/sdk/go/aws/lightsail/containerService.go b/sdk/go/aws/lightsail/containerService.go index 31364dd9436..6bf529d527f 100644 --- a/sdk/go/aws/lightsail/containerService.go +++ b/sdk/go/aws/lightsail/containerService.go @@ -92,10 +92,11 @@ import ( // // import ( // -// "github.com/pulumi/pulumi/sdk/v3/go/pulumi" -// "github.com/pulumi/pulumi-aws/sdk/v6/go/aws/ecr" -// "github.com/pulumi/pulumi-aws/sdk/v6/go/aws/iam" -// "github.com/pulumi/pulumi-aws/sdk/v6/go/aws/lightsail" +// "github.com/pulumi/pulumi-aws/sdk/v6/go/aws/ecr" +// "github.com/pulumi/pulumi-aws/sdk/v6/go/aws/iam" +// "github.com/pulumi/pulumi-aws/sdk/v6/go/aws/lightsail" +// "github.com/pulumi/pulumi/sdk/v3/go/pulumi" +// // ) // func main() { // pulumi.Run(func(ctx *pulumi.Context) error { diff --git a/sdk/go/aws/mwaa/environment.go b/sdk/go/aws/mwaa/environment.go index 0aa98bed835..802db4b9f77 100644 --- a/sdk/go/aws/mwaa/environment.go +++ b/sdk/go/aws/mwaa/environment.go @@ -24,8 +24,9 @@ import ( // // import ( // -// "github.com/pulumi/pulumi/sdk/v3/go/pulumi" -// "github.com/pulumi/pulumi-aws/sdk/v6/go/aws/mwaa" +// "github.com/pulumi/pulumi-aws/sdk/v6/go/aws/mwaa" +// "github.com/pulumi/pulumi/sdk/v3/go/pulumi" +// // ) // func main() { // pulumi.Run(func(ctx *pulumi.Context) error { @@ -54,8 +55,9 @@ import ( // // import ( // -// "github.com/pulumi/pulumi/sdk/v3/go/pulumi" -// "github.com/pulumi/pulumi-aws/sdk/v6/go/aws/mwaa" +// "github.com/pulumi/pulumi-aws/sdk/v6/go/aws/mwaa" +// "github.com/pulumi/pulumi/sdk/v3/go/pulumi" +// // ) // func main() { // pulumi.Run(func(ctx *pulumi.Context) error { @@ -90,8 +92,9 @@ import ( // // import ( // -// "github.com/pulumi/pulumi/sdk/v3/go/pulumi" -// "github.com/pulumi/pulumi-aws/sdk/v6/go/aws/mwaa" +// "github.com/pulumi/pulumi-aws/sdk/v6/go/aws/mwaa" +// "github.com/pulumi/pulumi/sdk/v3/go/pulumi" +// // ) // func main() { // pulumi.Run(func(ctx *pulumi.Context) error { @@ -142,8 +145,9 @@ import ( // // import ( // -// "github.com/pulumi/pulumi/sdk/v3/go/pulumi" -// "github.com/pulumi/pulumi-aws/sdk/v6/go/aws/mwaa" +// "github.com/pulumi/pulumi-aws/sdk/v6/go/aws/mwaa" +// "github.com/pulumi/pulumi/sdk/v3/go/pulumi" +// // ) // func main() { // pulumi.Run(func(ctx *pulumi.Context) error { diff --git a/sdk/go/aws/opensearch/domain.go b/sdk/go/aws/opensearch/domain.go index 2bc85b51a28..79174aa732f 100644 --- a/sdk/go/aws/opensearch/domain.go +++ b/sdk/go/aws/opensearch/domain.go @@ -215,14 +215,16 @@ import ( // package main // // import ( -// "fmt" -// -// "github.com/pulumi/pulumi/sdk/v3/go/pulumi" -// "github.com/pulumi/pulumi-aws/sdk/v6/go/aws" -// "github.com/pulumi/pulumi-aws/sdk/v6/go/aws/ec2" -// "github.com/pulumi/pulumi-aws/sdk/v6/go/aws/iam" -// "github.com/pulumi/pulumi-aws/sdk/v6/go/aws/opensearch" -// "github.com/pulumi/pulumi/sdk/v3/go/pulumi/config" +// +// "fmt" +// +// "github.com/pulumi/pulumi-aws/sdk/v6/go/aws" +// "github.com/pulumi/pulumi-aws/sdk/v6/go/aws/ec2" +// "github.com/pulumi/pulumi-aws/sdk/v6/go/aws/iam" +// "github.com/pulumi/pulumi-aws/sdk/v6/go/aws/opensearch" +// "github.com/pulumi/pulumi/sdk/v3/go/pulumi" +// "github.com/pulumi/pulumi/sdk/v3/go/pulumi/config" +// // ) // func main() { // pulumi.Run(func(ctx *pulumi.Context) error { diff --git a/sdk/go/aws/organizations/getOrganization.go b/sdk/go/aws/organizations/getOrganization.go index 2d4bbd0608f..087d654955c 100644 --- a/sdk/go/aws/organizations/getOrganization.go +++ b/sdk/go/aws/organizations/getOrganization.go @@ -46,10 +46,11 @@ import ( // // import ( // -// "github.com/pulumi/pulumi/sdk/v3/go/pulumi" -// "github.com/pulumi/pulumi-aws/sdk/v6/go/aws/iam" -// "github.com/pulumi/pulumi-aws/sdk/v6/go/aws/organizations" -// "github.com/pulumi/pulumi-aws/sdk/v6/go/aws/sns" +// "github.com/pulumi/pulumi-aws/sdk/v6/go/aws/iam" +// "github.com/pulumi/pulumi-aws/sdk/v6/go/aws/organizations" +// "github.com/pulumi/pulumi-aws/sdk/v6/go/aws/sns" +// "github.com/pulumi/pulumi/sdk/v3/go/pulumi" +// // ) // func main() { // pulumi.Run(func(ctx *pulumi.Context) error { diff --git a/sdk/go/aws/sns/topicPolicy.go b/sdk/go/aws/sns/topicPolicy.go index 1cf588a6b2b..3371ca0c9e7 100644 --- a/sdk/go/aws/sns/topicPolicy.go +++ b/sdk/go/aws/sns/topicPolicy.go @@ -23,9 +23,10 @@ import ( // // import ( // -// "github.com/pulumi/pulumi/sdk/v3/go/pulumi" -// "github.com/pulumi/pulumi-aws/sdk/v6/go/aws/iam" -// "github.com/pulumi/pulumi-aws/sdk/v6/go/aws/sns" +// "github.com/pulumi/pulumi-aws/sdk/v6/go/aws/iam" +// "github.com/pulumi/pulumi-aws/sdk/v6/go/aws/sns" +// "github.com/pulumi/pulumi/sdk/v3/go/pulumi" +// // ) // func main() { // pulumi.Run(func(ctx *pulumi.Context) error { diff --git a/sdk/go/aws/sns/topicSubscription.go b/sdk/go/aws/sns/topicSubscription.go index dfe060335cc..10d587c3309 100644 --- a/sdk/go/aws/sns/topicSubscription.go +++ b/sdk/go/aws/sns/topicSubscription.go @@ -97,14 +97,16 @@ import ( // package main // // import ( -// "fmt" -// -// "github.com/pulumi/pulumi/sdk/v3/go/pulumi" -// "github.com/pulumi/pulumi-aws/sdk/v6/go/aws" -// "github.com/pulumi/pulumi-aws/sdk/v6/go/aws/iam" -// "github.com/pulumi/pulumi-aws/sdk/v6/go/aws/sns" -// "github.com/pulumi/pulumi-aws/sdk/v6/go/aws/sqs" -// "github.com/pulumi/pulumi/sdk/v3/go/pulumi/config" +// +// "fmt" +// +// "github.com/pulumi/pulumi-aws/sdk/v6/go/aws" +// "github.com/pulumi/pulumi-aws/sdk/v6/go/aws/iam" +// "github.com/pulumi/pulumi-aws/sdk/v6/go/aws/sns" +// "github.com/pulumi/pulumi-aws/sdk/v6/go/aws/sqs" +// "github.com/pulumi/pulumi/sdk/v3/go/pulumi" +// "github.com/pulumi/pulumi/sdk/v3/go/pulumi/config" +// // ) // func main() { // pulumi.Run(func(ctx *pulumi.Context) error { diff --git a/sdk/go/aws/sqs/queuePolicy.go b/sdk/go/aws/sqs/queuePolicy.go index a8fd0d0af4a..42194762f64 100644 --- a/sdk/go/aws/sqs/queuePolicy.go +++ b/sdk/go/aws/sqs/queuePolicy.go @@ -22,9 +22,10 @@ import ( // // import ( // -// "github.com/pulumi/pulumi/sdk/v3/go/pulumi" -// "github.com/pulumi/pulumi-aws/sdk/v6/go/aws/iam" -// "github.com/pulumi/pulumi-aws/sdk/v6/go/aws/sqs" +// "github.com/pulumi/pulumi-aws/sdk/v6/go/aws/iam" +// "github.com/pulumi/pulumi-aws/sdk/v6/go/aws/sqs" +// "github.com/pulumi/pulumi/sdk/v3/go/pulumi" +// // ) // func main() { // pulumi.Run(func(ctx *pulumi.Context) error { diff --git a/sdk/go/aws/vpc/getSecurityGroupRules.go b/sdk/go/aws/vpc/getSecurityGroupRules.go index f50a594fc43..a79b6fc1c21 100644 --- a/sdk/go/aws/vpc/getSecurityGroupRules.go +++ b/sdk/go/aws/vpc/getSecurityGroupRules.go @@ -20,8 +20,9 @@ import ( // // import ( // -// "github.com/pulumi/pulumi/sdk/v3/go/pulumi" -// "github.com/pulumi/pulumi-aws/sdk/v6/go/aws/vpc" +// "github.com/pulumi/pulumi-aws/sdk/v6/go/aws/vpc" +// "github.com/pulumi/pulumi/sdk/v3/go/pulumi" +// // ) // func main() { // pulumi.Run(func(ctx *pulumi.Context) error { diff --git a/sdk/go/aws/worklink/fleet.go b/sdk/go/aws/worklink/fleet.go index d51ec6ded49..d81f1f1432a 100644 --- a/sdk/go/aws/worklink/fleet.go +++ b/sdk/go/aws/worklink/fleet.go @@ -44,8 +44,9 @@ import ( // // import ( // -// "github.com/pulumi/pulumi/sdk/v3/go/pulumi" -// "github.com/pulumi/pulumi-aws/sdk/v6/go/aws/worklink" +// "github.com/pulumi/pulumi-aws/sdk/v6/go/aws/worklink" +// "github.com/pulumi/pulumi/sdk/v3/go/pulumi" +// // ) // func main() { // pulumi.Run(func(ctx *pulumi.Context) error { diff --git a/sdk/nodejs/sns/topicSubscription.ts b/sdk/nodejs/sns/topicSubscription.ts index 2cf1b83deab..50f7c885d3e 100644 --- a/sdk/nodejs/sns/topicSubscription.ts +++ b/sdk/nodejs/sns/topicSubscription.ts @@ -56,14 +56,14 @@ import {Topic} from "./index"; * import * as aws from "@pulumi/aws"; * * const config = new pulumi.Config(); - * const sns = config.getObject("sns") || { + * const sns = config.getObject<{account-id?: string, display_name?: string, name?: string, region?: string, role-name?: string}>("sns") || { * "account-id": "111111111111", * "role-name": "service/service", * name: "example-sns-topic", * display_name: "example", * region: "us-west-1", * }; - * const sqs = config.getObject("sqs") || { + * const sqs = config.getObject<{account-id?: string, name?: string, region?: string, role-name?: string}>("sqs") || { * "account-id": "222222222222", * "role-name": "service/service", * name: "example-sqs-queue",