-
Notifications
You must be signed in to change notification settings - Fork 151
/
securityGroup.go
421 lines (361 loc) · 17.9 KB
/
securityGroup.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
421
// *** WARNING: this file was generated by the Pulumi Terraform Bridge (tfgen) Tool. ***
// *** Do not edit by hand unless you're certain you know what you are doing! ***
package ec2
import (
"context"
"reflect"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
// Provides a security group resource.
//
// > **NOTE on Security Groups and Security Group Rules:** This provider currently
// provides both a standalone Security Group Rule resource (a single `ingress` or
// `egress` rule), and a Security Group resource with `ingress` and `egress` rules
// defined in-line. At this time you cannot use a Security Group with in-line rules
// in conjunction with any Security Group Rule resources. Doing so will cause
// a conflict of rule settings and will overwrite rules.
//
// > **NOTE:** Referencing Security Groups across VPC peering has certain restrictions. More information is available in the [VPC Peering User Guide](https://docs.aws.amazon.com/vpc/latest/peering/vpc-peering-security-groups.html).
//
// > **NOTE:** Due to [AWS Lambda improved VPC networking changes that began deploying in September 2019](https://aws.amazon.com/blogs/compute/announcing-improved-vpc-networking-for-aws-lambda-functions/), security groups associated with Lambda Functions can take up to 45 minutes to successfully delete.
//
// ## Example Usage
// ### Usage With Prefix List IDs
//
// Prefix Lists are either managed by AWS internally, or created by the customer using a
// Prefix List resource. Prefix Lists provided by
// AWS are associated with a prefix list name, or service name, that is linked to a specific region.
// Prefix list IDs are exported on VPC Endpoints, so you can use this format:
//
// ```go
// package main
//
// import (
// "github.com/pulumi/pulumi-aws/sdk/v4/go/aws/ec2"
// "github.com/pulumi/pulumi/sdk/v3/go/pulumi"
// )
//
// func main() {
// pulumi.Run(func(ctx *pulumi.Context) error {
// myEndpoint, err := ec2.NewVpcEndpoint(ctx, "myEndpoint", nil)
// if err != nil {
// return err
// }
// _, err = ec2.NewSecurityGroup(ctx, "example", &ec2.SecurityGroupArgs{
// Egress: ec2.SecurityGroupEgressArray{
// &ec2.SecurityGroupEgressArgs{
// FromPort: pulumi.Int(0),
// ToPort: pulumi.Int(0),
// Protocol: pulumi.String("-1"),
// PrefixListIds: pulumi.StringArray{
// myEndpoint.PrefixListId,
// },
// },
// },
// })
// if err != nil {
// return err
// }
// return nil
// })
// }
// ```
//
// You can also find a specific Prefix List using the `ec2.getPrefixList` data source.
//
// ## Import
//
// Security Groups can be imported using the `security group id`, e.g.
//
// ```sh
// $ pulumi import aws:ec2/securityGroup:SecurityGroup elb_sg sg-903004f8
// ```
type SecurityGroup struct {
pulumi.CustomResourceState
// ARN of the security group.
Arn pulumi.StringOutput `pulumi:"arn"`
// Description of this egress rule.
Description pulumi.StringOutput `pulumi:"description"`
// Configuration block for egress rules. Can be specified multiple times for each egress rule. Each egress block supports fields documented below.
Egress SecurityGroupEgressArrayOutput `pulumi:"egress"`
// Configuration block for egress rules. Can be specified multiple times for each ingress rule. Each ingress block supports fields documented below.
Ingress SecurityGroupIngressArrayOutput `pulumi:"ingress"`
// Name of the security group. If omitted, this provider will assign a random, unique name.
Name pulumi.StringOutput `pulumi:"name"`
// Creates a unique name beginning with the specified prefix. Conflicts with `name`.
NamePrefix pulumi.StringOutput `pulumi:"namePrefix"`
// Owner ID.
OwnerId pulumi.StringOutput `pulumi:"ownerId"`
// Instruct this provider to revoke all of the Security Groups attached ingress and egress rules before deleting the rule itself. This is normally not needed, however certain AWS services such as Elastic Map Reduce may automatically add required rules to security groups used with the service, and those rules may contain a cyclic dependency that prevent the security groups from being destroyed without removing the dependency first. Default `false`.
RevokeRulesOnDelete pulumi.BoolPtrOutput `pulumi:"revokeRulesOnDelete"`
// Map of tags to assign to the resource.
Tags pulumi.StringMapOutput `pulumi:"tags"`
// A map of tags assigned to the resource, including those inherited from the provider .
TagsAll pulumi.StringMapOutput `pulumi:"tagsAll"`
// VPC ID.
VpcId pulumi.StringOutput `pulumi:"vpcId"`
}
// NewSecurityGroup registers a new resource with the given unique name, arguments, and options.
func NewSecurityGroup(ctx *pulumi.Context,
name string, args *SecurityGroupArgs, opts ...pulumi.ResourceOption) (*SecurityGroup, error) {
if args == nil {
args = &SecurityGroupArgs{}
}
if args.Description == nil {
args.Description = pulumi.StringPtr("Managed by Pulumi")
}
var resource SecurityGroup
err := ctx.RegisterResource("aws:ec2/securityGroup:SecurityGroup", name, args, &resource, opts...)
if err != nil {
return nil, err
}
return &resource, nil
}
// GetSecurityGroup gets an existing SecurityGroup resource's state with the given name, ID, and optional
// state properties that are used to uniquely qualify the lookup (nil if not required).
func GetSecurityGroup(ctx *pulumi.Context,
name string, id pulumi.IDInput, state *SecurityGroupState, opts ...pulumi.ResourceOption) (*SecurityGroup, error) {
var resource SecurityGroup
err := ctx.ReadResource("aws:ec2/securityGroup:SecurityGroup", name, id, state, &resource, opts...)
if err != nil {
return nil, err
}
return &resource, nil
}
// Input properties used for looking up and filtering SecurityGroup resources.
type securityGroupState struct {
// ARN of the security group.
Arn *string `pulumi:"arn"`
// Description of this egress rule.
Description *string `pulumi:"description"`
// Configuration block for egress rules. Can be specified multiple times for each egress rule. Each egress block supports fields documented below.
Egress []SecurityGroupEgress `pulumi:"egress"`
// Configuration block for egress rules. Can be specified multiple times for each ingress rule. Each ingress block supports fields documented below.
Ingress []SecurityGroupIngress `pulumi:"ingress"`
// Name of the security group. If omitted, this provider will assign a random, unique name.
Name *string `pulumi:"name"`
// Creates a unique name beginning with the specified prefix. Conflicts with `name`.
NamePrefix *string `pulumi:"namePrefix"`
// Owner ID.
OwnerId *string `pulumi:"ownerId"`
// Instruct this provider to revoke all of the Security Groups attached ingress and egress rules before deleting the rule itself. This is normally not needed, however certain AWS services such as Elastic Map Reduce may automatically add required rules to security groups used with the service, and those rules may contain a cyclic dependency that prevent the security groups from being destroyed without removing the dependency first. Default `false`.
RevokeRulesOnDelete *bool `pulumi:"revokeRulesOnDelete"`
// Map of tags to assign to the resource.
Tags map[string]string `pulumi:"tags"`
// A map of tags assigned to the resource, including those inherited from the provider .
TagsAll map[string]string `pulumi:"tagsAll"`
// VPC ID.
VpcId *string `pulumi:"vpcId"`
}
type SecurityGroupState struct {
// ARN of the security group.
Arn pulumi.StringPtrInput
// Description of this egress rule.
Description pulumi.StringPtrInput
// Configuration block for egress rules. Can be specified multiple times for each egress rule. Each egress block supports fields documented below.
Egress SecurityGroupEgressArrayInput
// Configuration block for egress rules. Can be specified multiple times for each ingress rule. Each ingress block supports fields documented below.
Ingress SecurityGroupIngressArrayInput
// Name of the security group. If omitted, this provider will assign a random, unique name.
Name pulumi.StringPtrInput
// Creates a unique name beginning with the specified prefix. Conflicts with `name`.
NamePrefix pulumi.StringPtrInput
// Owner ID.
OwnerId pulumi.StringPtrInput
// Instruct this provider to revoke all of the Security Groups attached ingress and egress rules before deleting the rule itself. This is normally not needed, however certain AWS services such as Elastic Map Reduce may automatically add required rules to security groups used with the service, and those rules may contain a cyclic dependency that prevent the security groups from being destroyed without removing the dependency first. Default `false`.
RevokeRulesOnDelete pulumi.BoolPtrInput
// Map of tags to assign to the resource.
Tags pulumi.StringMapInput
// A map of tags assigned to the resource, including those inherited from the provider .
TagsAll pulumi.StringMapInput
// VPC ID.
VpcId pulumi.StringPtrInput
}
func (SecurityGroupState) ElementType() reflect.Type {
return reflect.TypeOf((*securityGroupState)(nil)).Elem()
}
type securityGroupArgs struct {
// Description of this egress rule.
Description *string `pulumi:"description"`
// Configuration block for egress rules. Can be specified multiple times for each egress rule. Each egress block supports fields documented below.
Egress []SecurityGroupEgress `pulumi:"egress"`
// Configuration block for egress rules. Can be specified multiple times for each ingress rule. Each ingress block supports fields documented below.
Ingress []SecurityGroupIngress `pulumi:"ingress"`
// Name of the security group. If omitted, this provider will assign a random, unique name.
Name *string `pulumi:"name"`
// Creates a unique name beginning with the specified prefix. Conflicts with `name`.
NamePrefix *string `pulumi:"namePrefix"`
// Instruct this provider to revoke all of the Security Groups attached ingress and egress rules before deleting the rule itself. This is normally not needed, however certain AWS services such as Elastic Map Reduce may automatically add required rules to security groups used with the service, and those rules may contain a cyclic dependency that prevent the security groups from being destroyed without removing the dependency first. Default `false`.
RevokeRulesOnDelete *bool `pulumi:"revokeRulesOnDelete"`
// Map of tags to assign to the resource.
Tags map[string]string `pulumi:"tags"`
// A map of tags assigned to the resource, including those inherited from the provider .
TagsAll map[string]string `pulumi:"tagsAll"`
// VPC ID.
VpcId *string `pulumi:"vpcId"`
}
// The set of arguments for constructing a SecurityGroup resource.
type SecurityGroupArgs struct {
// Description of this egress rule.
Description pulumi.StringPtrInput
// Configuration block for egress rules. Can be specified multiple times for each egress rule. Each egress block supports fields documented below.
Egress SecurityGroupEgressArrayInput
// Configuration block for egress rules. Can be specified multiple times for each ingress rule. Each ingress block supports fields documented below.
Ingress SecurityGroupIngressArrayInput
// Name of the security group. If omitted, this provider will assign a random, unique name.
Name pulumi.StringPtrInput
// Creates a unique name beginning with the specified prefix. Conflicts with `name`.
NamePrefix pulumi.StringPtrInput
// Instruct this provider to revoke all of the Security Groups attached ingress and egress rules before deleting the rule itself. This is normally not needed, however certain AWS services such as Elastic Map Reduce may automatically add required rules to security groups used with the service, and those rules may contain a cyclic dependency that prevent the security groups from being destroyed without removing the dependency first. Default `false`.
RevokeRulesOnDelete pulumi.BoolPtrInput
// Map of tags to assign to the resource.
Tags pulumi.StringMapInput
// A map of tags assigned to the resource, including those inherited from the provider .
TagsAll pulumi.StringMapInput
// VPC ID.
VpcId pulumi.StringPtrInput
}
func (SecurityGroupArgs) ElementType() reflect.Type {
return reflect.TypeOf((*securityGroupArgs)(nil)).Elem()
}
type SecurityGroupInput interface {
pulumi.Input
ToSecurityGroupOutput() SecurityGroupOutput
ToSecurityGroupOutputWithContext(ctx context.Context) SecurityGroupOutput
}
func (*SecurityGroup) ElementType() reflect.Type {
return reflect.TypeOf((*SecurityGroup)(nil))
}
func (i *SecurityGroup) ToSecurityGroupOutput() SecurityGroupOutput {
return i.ToSecurityGroupOutputWithContext(context.Background())
}
func (i *SecurityGroup) ToSecurityGroupOutputWithContext(ctx context.Context) SecurityGroupOutput {
return pulumi.ToOutputWithContext(ctx, i).(SecurityGroupOutput)
}
func (i *SecurityGroup) ToSecurityGroupPtrOutput() SecurityGroupPtrOutput {
return i.ToSecurityGroupPtrOutputWithContext(context.Background())
}
func (i *SecurityGroup) ToSecurityGroupPtrOutputWithContext(ctx context.Context) SecurityGroupPtrOutput {
return pulumi.ToOutputWithContext(ctx, i).(SecurityGroupPtrOutput)
}
type SecurityGroupPtrInput interface {
pulumi.Input
ToSecurityGroupPtrOutput() SecurityGroupPtrOutput
ToSecurityGroupPtrOutputWithContext(ctx context.Context) SecurityGroupPtrOutput
}
type securityGroupPtrType SecurityGroupArgs
func (*securityGroupPtrType) ElementType() reflect.Type {
return reflect.TypeOf((**SecurityGroup)(nil))
}
func (i *securityGroupPtrType) ToSecurityGroupPtrOutput() SecurityGroupPtrOutput {
return i.ToSecurityGroupPtrOutputWithContext(context.Background())
}
func (i *securityGroupPtrType) ToSecurityGroupPtrOutputWithContext(ctx context.Context) SecurityGroupPtrOutput {
return pulumi.ToOutputWithContext(ctx, i).(SecurityGroupPtrOutput)
}
// SecurityGroupArrayInput is an input type that accepts SecurityGroupArray and SecurityGroupArrayOutput values.
// You can construct a concrete instance of `SecurityGroupArrayInput` via:
//
// SecurityGroupArray{ SecurityGroupArgs{...} }
type SecurityGroupArrayInput interface {
pulumi.Input
ToSecurityGroupArrayOutput() SecurityGroupArrayOutput
ToSecurityGroupArrayOutputWithContext(context.Context) SecurityGroupArrayOutput
}
type SecurityGroupArray []SecurityGroupInput
func (SecurityGroupArray) ElementType() reflect.Type {
return reflect.TypeOf(([]*SecurityGroup)(nil))
}
func (i SecurityGroupArray) ToSecurityGroupArrayOutput() SecurityGroupArrayOutput {
return i.ToSecurityGroupArrayOutputWithContext(context.Background())
}
func (i SecurityGroupArray) ToSecurityGroupArrayOutputWithContext(ctx context.Context) SecurityGroupArrayOutput {
return pulumi.ToOutputWithContext(ctx, i).(SecurityGroupArrayOutput)
}
// SecurityGroupMapInput is an input type that accepts SecurityGroupMap and SecurityGroupMapOutput values.
// You can construct a concrete instance of `SecurityGroupMapInput` via:
//
// SecurityGroupMap{ "key": SecurityGroupArgs{...} }
type SecurityGroupMapInput interface {
pulumi.Input
ToSecurityGroupMapOutput() SecurityGroupMapOutput
ToSecurityGroupMapOutputWithContext(context.Context) SecurityGroupMapOutput
}
type SecurityGroupMap map[string]SecurityGroupInput
func (SecurityGroupMap) ElementType() reflect.Type {
return reflect.TypeOf((map[string]*SecurityGroup)(nil))
}
func (i SecurityGroupMap) ToSecurityGroupMapOutput() SecurityGroupMapOutput {
return i.ToSecurityGroupMapOutputWithContext(context.Background())
}
func (i SecurityGroupMap) ToSecurityGroupMapOutputWithContext(ctx context.Context) SecurityGroupMapOutput {
return pulumi.ToOutputWithContext(ctx, i).(SecurityGroupMapOutput)
}
type SecurityGroupOutput struct {
*pulumi.OutputState
}
func (SecurityGroupOutput) ElementType() reflect.Type {
return reflect.TypeOf((*SecurityGroup)(nil))
}
func (o SecurityGroupOutput) ToSecurityGroupOutput() SecurityGroupOutput {
return o
}
func (o SecurityGroupOutput) ToSecurityGroupOutputWithContext(ctx context.Context) SecurityGroupOutput {
return o
}
func (o SecurityGroupOutput) ToSecurityGroupPtrOutput() SecurityGroupPtrOutput {
return o.ToSecurityGroupPtrOutputWithContext(context.Background())
}
func (o SecurityGroupOutput) ToSecurityGroupPtrOutputWithContext(ctx context.Context) SecurityGroupPtrOutput {
return o.ApplyT(func(v SecurityGroup) *SecurityGroup {
return &v
}).(SecurityGroupPtrOutput)
}
type SecurityGroupPtrOutput struct {
*pulumi.OutputState
}
func (SecurityGroupPtrOutput) ElementType() reflect.Type {
return reflect.TypeOf((**SecurityGroup)(nil))
}
func (o SecurityGroupPtrOutput) ToSecurityGroupPtrOutput() SecurityGroupPtrOutput {
return o
}
func (o SecurityGroupPtrOutput) ToSecurityGroupPtrOutputWithContext(ctx context.Context) SecurityGroupPtrOutput {
return o
}
type SecurityGroupArrayOutput struct{ *pulumi.OutputState }
func (SecurityGroupArrayOutput) ElementType() reflect.Type {
return reflect.TypeOf((*[]SecurityGroup)(nil))
}
func (o SecurityGroupArrayOutput) ToSecurityGroupArrayOutput() SecurityGroupArrayOutput {
return o
}
func (o SecurityGroupArrayOutput) ToSecurityGroupArrayOutputWithContext(ctx context.Context) SecurityGroupArrayOutput {
return o
}
func (o SecurityGroupArrayOutput) Index(i pulumi.IntInput) SecurityGroupOutput {
return pulumi.All(o, i).ApplyT(func(vs []interface{}) SecurityGroup {
return vs[0].([]SecurityGroup)[vs[1].(int)]
}).(SecurityGroupOutput)
}
type SecurityGroupMapOutput struct{ *pulumi.OutputState }
func (SecurityGroupMapOutput) ElementType() reflect.Type {
return reflect.TypeOf((*map[string]SecurityGroup)(nil))
}
func (o SecurityGroupMapOutput) ToSecurityGroupMapOutput() SecurityGroupMapOutput {
return o
}
func (o SecurityGroupMapOutput) ToSecurityGroupMapOutputWithContext(ctx context.Context) SecurityGroupMapOutput {
return o
}
func (o SecurityGroupMapOutput) MapIndex(k pulumi.StringInput) SecurityGroupOutput {
return pulumi.All(o, k).ApplyT(func(vs []interface{}) SecurityGroup {
return vs[0].(map[string]SecurityGroup)[vs[1].(string)]
}).(SecurityGroupOutput)
}
func init() {
pulumi.RegisterOutputType(SecurityGroupOutput{})
pulumi.RegisterOutputType(SecurityGroupPtrOutput{})
pulumi.RegisterOutputType(SecurityGroupArrayOutput{})
pulumi.RegisterOutputType(SecurityGroupMapOutput{})
}