Amazon Web Services (AWS) providerAmazon Web Services (AWS) provider

Overview

Actions Status Slack NPM version Python version NuGet version PkgGoDev License

Amazon Web Services (AWS) provider

The Amazon Web Services (AWS) resource provider for Pulumi lets you use AWS resources in your cloud programs. To use this package, please install the Pulumi CLI first. For a streamlined Pulumi walkthrough, including language runtime installation and AWS configuration, click "Get Started" below.

Installing

This package is available in many languages in the standard packaging formats.

Node.js (Java/TypeScript)

To use from JavaScript or TypeScript in Node.js, install using either npm:

$ npm install @pulumi/aws

or yarn:

$ yarn add @pulumi/aws

Python

To use from Python, install using pip:

$ pip install pulumi_aws

Go

To use from Go, use go get to grab the latest version of the library

$ go get github.com/pulumi/pulumi-aws/sdk/v4

.NET

To use from .NET, install using dotnet add package:

$ dotnet add package Pulumi.Aws

Concepts

The @pulumi/aws package provides a strongly-typed means to create cloud applications that create and interact closely with AWS resources. Resources are exposed for the entirety of AWS resources and their properties, including (but not limited to), 'apigateway', 'cloudformation', 'EC2', 'ECS', 'iam', 'lambda', etc. Many convenience APIs have also been added to make development easier and to help avoid common mistakes, and to get stronger typing.

Serverless Functions

The aws.lambda.CallbackFunction class allows you to create an AWS lambda function directly out of a JavaScript/TypeScript function object of the right signature. This allows a Pulumi program to simply define a lambda using a simple lambda in the language of choice, while having Pulumi itself do the appropriate transformation into the final AWS Lambda resource.

This makes many APIs easier to use, such as defining a Lambda to execute when an S3 Bucket is manipulated, or a CloudWatch timer is fired. To see some examples of this in action, please refer to the examples/ directory.

The pulumi/pulumi-cloud repo offer higher level abstractions that build on top of this underlying capability.

Configuration

The following configuration points are available:

  • aws:region - (Required) This is the AWS region.

  • aws:accessKey - (Optional) This is the AWS access key. It can also be sourced from the AWS_ACCESS_KEY_ID environment variable, or via a shared credentials file if aws:profile is specified.

  • aws:secretKey - (Optional) This is the AWS secret key. It can also be sourced from the AWS_SECRET_ACCESS_KEY environment variable, or via a shared credentials file if aws:profile is specified.

  • aws:profile - (Optional) This is the AWS profile name as set in the shared credentials file.

  • aws:sharedCredentialsFile - (Optional) This is the path to the shared credentials file. If this is not set and aws:profile is specified, ~/.aws/credentials will be used.

  • aws:token - (Optional) Session token for validating temporary credentials. Typically provided after successful identity federation or Multi-Factor Authentication (MFA) login. With MFA login, this is the session token provided afterward, not the 6 digit MFA code used to get temporary credentials. It can also be sourced from the AWS_SESSION_TOKEN environment variable.

  • aws:maxRetries - (Optional) This is the maximum number of times an API call is retried, in the case where requests are being throttled or experiencing transient failures. The delay between the subsequent API calls increases exponentially. If omitted, the default value is 25.

  • aws:allowedAccountIds - (Optional) List of allowed AWS account IDs to prevent you from mistakenly using an incorrect one. Conflicts with aws:forbiddenAccountIds.

  • aws:forbiddenAccountIds - (Optional) List of forbidden AWS account IDs to prevent you from mistakenly using the wrong one. Conflicts with aws:allowedAccountIds.

  • aws:assumeRole - (Optional) Supports the following (optional) arguments: durationSections: Number of seconds to restrict the assume role session duration. externalId: External identifier to use when assuming the role. policy: IAM Policy JSON describing further restricting permissions for the IAM Role being assumed. policyArns: Set of Amazon Resource Names (ARNs) of IAM Policies describing further restricting permissions for the role. roleArn: Amazon Resource Name (ARN) of the IAM Role to assume. sessionName: Session name to use when assuming the role. tags: Map of assume role session tags.

  • aws:insecure - (Optional) Explicitly allow the provider to perform "insecure" SSL requests. If omitted, the default value is false.

  • aws:skipCredentialsValidation - (Optional) Skip the credentials validation via the STS API. Useful for AWS API implementations that do not have STS available or implemented. Default value is true.

  • aws:skipGetEc2Platforms - (Optional) Skip getting the supported EC2 platforms. Used by users that don't have ec2:DescribeAccountAttributes permissions. Default value is true.

  • aws:skipRegionValidation - (Optional) Skip validation of provided region name. Useful for AWS-like implementations that use their own region names or to bypass the validation for regions that aren't publicly available yet. Default value is true.

  • aws:skipRequestionAccountId - (Optional) Skip requesting the account ID. Useful for AWS API implementations that do not have the IAM, STS API, or metadata API. Default value is false. When specified, the use of ARNs is compromised as there is no accountID available to construct the ARN.

  • aws:skipMetadataApiCheck - (Optional) Skip the AWS Metadata API check. Useful for AWS API implementations that do not have a metadata API endpoint. This provider from authenticating via the Metadata API by default. You may need to use other authentication methods like static credentials, configuration variables, or environment variables. Default is true.

  • aws:s3ForcePathStyle - (Optional) Set this to true to force the request to use path-style addressing, i.e., http://s3.amazonaws.com/BUCKET/KEY. By default, the S3 client will use virtual hosted bucket addressing, http://BUCKET.s3.amazonaws.com/KEY, when possible. Specific to the Amazon S3 service. Default is false.

Authenticating pulumi-aws via EC2 Instance Metadata?

As of pulumi-aws v3.28.1, the default behaviour for the provider was changed to disable MetadataApiCheck by default. This means, you need to do either of the following

  1. When using the default provider:
pulumi config set aws:skipMetadataApiCheck false
  1. When using a named provider
const myProvider = new aws.Provider("named-provider", {
  // other config
  skipMetadataApiCheck: false,
});
var provider = new Aws.Provider("named-provider", new Aws.ProviderArgs
{
  // other config
  SkipMetadataApiCheck = false,
});
provider, err := aws.NewProvider(ctx, "named-provider", &aws.ProviderArgs{
    // other config
    SkipMetadataApiCheck: pulumi.Bool(false),
})
provider = pulumi_aws.Provider('named-provider', skip_metadata_api_check=False)

Reference

For further information, please visit the AWS provider docs or for detailed reference documentation, please visit the API docs.

You might also like...
Terraform-provider-age - Age Terraform Provider with golang

Age Terraform Provider This provider lets you generate an Age key pair. Using th

Terraform-equinix-migration-tool - Tool to migrate code from Equinix Metal terraform provider to Equinix terraform provider

Equinix Terraform Provider Migration Tool This tool targets a terraform working

Fast, concurrent, streaming access to Amazon S3, including gof3r, a CLI. http://godoc.org/github.com/rlmcpherson/s3gof3r

s3gof3r s3gof3r provides fast, parallelized, pipelined streaming access to Amazon S3. It includes a command-line interface: gof3r. It is optimized for

ecsk is a CLI tool to interactively use frequently used functions of docker command in Amazon ECS. (docker run, exec, cp, logs, stop)
ecsk is a CLI tool to interactively use frequently used functions of docker command in Amazon ECS. (docker run, exec, cp, logs, stop)

English / 日本語 ecsk ECS + Task = ecsk 😆 ecsk is a CLI tool to interactively use frequently used functions of docker command in Amazon ECS. (docker run

This repository contains Prowjob configurations for Amazon EKS Anywhere.

Amazon EKS Anywhere Prow Jobs This repository contains Prowjob configuration for the Amazon EKS Anywhere project, which includes the eks-anywhere and

Run Amazon EKS on your own infrastructure 🚀

Amazon EKS Anywhere Conformance test status: Amazon EKS Anywhere is a new deployment option for Amazon EKS that enables you to easily create and opera

Prometheus exporter for Amazon Elastic Container Service (ECS)

ecs_exporter 🚧 🚧 🚧 This repo is still work in progress and is subject to change. This repo contains a Prometheus exporter for Amazon Elastic Contai

Amazon Elastic Container Service Agent
Amazon Elastic Container Service Agent

Amazon ECS Container Agent The Amazon ECS Container Agent is a component of Amazon Elastic Container Service (Amazon ECS) and is responsible for manag

Test-csi-driver - Amazon Elastic Block Store (EBS) CSI driver

Amazon Elastic Block Store (EBS) CSI driver Overview The Amazon Elastic Block St

Owner
William Garcia Jacobo
William Garcia Jacobo
Terraform provider to help with various AWS automation tasks (mostly all that stuff we cannot accomplish with the official AWS terraform provider)

terraform-provider-awsutils Terraform provider for performing various tasks that cannot be performed with the official AWS Terraform Provider from Has

Cloud Posse 25 Dec 8, 2022
OpenAPI Terraform Provider that configures itself at runtime with the resources exposed by the service provider (defined in a swagger file)

Terraform Provider OpenAPI This terraform provider aims to minimise as much as possible the efforts needed from service providers to create and mainta

Daniel I. Khan Ramiro 228 Dec 26, 2022
Terraform Provider for Azure (Resource Manager)Terraform Provider for Azure (Resource Manager)

Terraform Provider for Azure (Resource Manager) Version 2.x of the AzureRM Provider requires Terraform 0.12.x and later, but 1.0 is recommended. Terra

null 0 Oct 16, 2021
provider-kubernetes is a Crossplane Provider that enables deployment and management of arbitrary Kubernetes objects on clusters

provider-kubernetes provider-kubernetes is a Crossplane Provider that enables deployment and management of arbitrary Kubernetes objects on clusters ty

International Business Machines 2 Dec 14, 2022
Terraform-provider-mailcow - Terraform provider for Mailcow

Terraform Provider Scaffolding (Terraform Plugin SDK) This template repository i

Owen Valentine 0 Dec 31, 2021
Provider-generic-workflows - A generic provider which uses argo workflows to define the backend actions.

provider-generic-workflows provider-generic-workflows is a generic provider which uses argo workflows for managing the external resource. This will re

Shailendra Sirohi 0 Jan 1, 2022
Terraform-provider-buddy - Terraform Buddy provider For golang

Terraform Provider for Buddy Documentation Requirements Terraform >= 1.0.11 Go >

Buddy 1 Jan 5, 2022
Hashicups-tf-provider - HashiCups Terraform Provider Tutorial

Terraform Provider HashiCups Run the following command to build the provider go

Andrew Xie 1 Jan 10, 2022
Terraform-provider-vercel - Terraform Vercel Provider With Golang

Vercel Terraform Provider Website: https://www.terraform.io Documentation: https

Vercel 80 Dec 14, 2022
Provider-milvus - Milvus provider for crossplane

provider-milvus provider-milvus is a minimal Crossplane Provider that is meant t

The Milvus Project 2 Feb 9, 2022