NetworkInterfaceSecurityGroupAttachment

This resource attaches a security group to an Elastic Network Interface (ENI). It can be used to attach a security group to any existing ENI, be it a secondary ENI or one attached as the primary interface on an instance.

NOTE on instances, interfaces, and security groups: This provider currently provides the capability to assign security groups via the aws.ec2.Instance and the aws.ec2.NetworkInterface resources. Using this resource in conjunction with security groups provided in-line in those resources will cause conflicts, and will lead to spurious diffs and undefined behavior - please use one or the other.

Output Reference

There are no outputs for this resource.

Example Usage

using Pulumi;
using Aws = Pulumi.Aws;

class MyStack : Stack
{
    public MyStack()
    {
        var ami = Output.Create(Aws.GetAmi.InvokeAsync(new Aws.GetAmiArgs
        {
            Filters = 
            {
                new Aws.Inputs.GetAmiFilterArgs
                {
                    Name = "name",
                    Values = 
                    {
                        "amzn-ami-hvm-*",
                    },
                },
            },
            MostRecent = true,
            Owners = 
            {
                "amazon",
            },
        }));
        var instance = new Aws.Ec2.Instance("instance", new Aws.Ec2.InstanceArgs
        {
            Ami = ami.Apply(ami => ami.Id),
            InstanceType = "t2.micro",
            Tags = 
            {
                { "type", "test-instance" },
            },
        });
        var sg = new Aws.Ec2.SecurityGroup("sg", new Aws.Ec2.SecurityGroupArgs
        {
            Tags = 
            {
                { "type", "test-security-group" },
            },
        });
        var sgAttachment = new Aws.Ec2.NetworkInterfaceSecurityGroupAttachment("sgAttachment", new Aws.Ec2.NetworkInterfaceSecurityGroupAttachmentArgs
        {
            NetworkInterfaceId = instance.PrimaryNetworkInterfaceId,
            SecurityGroupId = sg.Id,
        });
    }

}

package main

import (
    "github.com/pulumi/pulumi-aws/sdk/v2/go/aws"
    "github.com/pulumi/pulumi-aws/sdk/v2/go/aws/ec2"
    "github.com/pulumi/pulumi/sdk/v2/go/pulumi"
)

func main() {
    pulumi.Run(func(ctx *pulumi.Context) error {
        opt0 := true
        ami, err := aws.GetAmi(ctx, &aws.GetAmiArgs{
            Filters: []aws.GetAmiFilter{
                aws.GetAmiFilter{
                    Name: "name",
                    Values: []string{
                        "amzn-ami-hvm-*",
                    },
                },
            },
            MostRecent: &opt0,
            Owners: []string{
                "amazon",
            },
        }, nil)
        if err != nil {
            return err
        }
        instance, err := ec2.NewInstance(ctx, "instance", &ec2.InstanceArgs{
            Ami:          pulumi.String(ami.Id),
            InstanceType: pulumi.String("t2.micro"),
            Tags: pulumi.StringMap{
                "type": pulumi.String("test-instance"),
            },
        })
        if err != nil {
            return err
        }
        sg, err := ec2.NewSecurityGroup(ctx, "sg", &ec2.SecurityGroupArgs{
            Tags: pulumi.StringMap{
                "type": pulumi.String("test-security-group"),
            },
        })
        if err != nil {
            return err
        }
        _, err = ec2.NewNetworkInterfaceSecurityGroupAttachment(ctx, "sgAttachment", &ec2.NetworkInterfaceSecurityGroupAttachmentArgs{
            NetworkInterfaceId: instance.PrimaryNetworkInterfaceId,
            SecurityGroupId:    sg.ID(),
        })
        if err != nil {
            return err
        }
        return nil
    })
}

import pulumi
import pulumi_aws as aws

ami = aws.get_ami(filters=[{
        "name": "name",
        "values": ["amzn-ami-hvm-*"],
    }],
    most_recent=True,
    owners=["amazon"])
instance = aws.ec2.Instance("instance",
    ami=ami.id,
    instance_type="t2.micro",
    tags={
        "type": "test-instance",
    })
sg = aws.ec2.SecurityGroup("sg", tags={
    "type": "test-security-group",
})
sg_attachment = aws.ec2.NetworkInterfaceSecurityGroupAttachment("sgAttachment",
    network_interface_id=instance.primary_network_interface_id,
    security_group_id=sg.id)

import * as pulumi from "@pulumi/pulumi";
import * as aws from "@pulumi/aws";

const ami = pulumi.output(aws.getAmi({
    filters: [{
        name: "name",
        values: ["amzn-ami-hvm-*"],
    }],
    mostRecent: true,
    owners: ["amazon"],
}, { async: true }));
const instance = new aws.ec2.Instance("instance", {
    ami: ami.id,
    instanceType: "t2.micro",
    tags: {
        type: "test-instance",
    },
});
const sg = new aws.ec2.SecurityGroup("sg", {
    tags: {
        type: "test-security-group",
    },
});
const sgAttachment = new aws.ec2.NetworkInterfaceSecurityGroupAttachment("sg_attachment", {
    networkInterfaceId: instance.primaryNetworkInterfaceId,
    securityGroupId: sg.id,
});

Create a NetworkInterfaceSecurityGroupAttachment Resource

new NetworkInterfaceSecurityGroupAttachment(name: string, args: NetworkInterfaceSecurityGroupAttachmentArgs, opts?: CustomResourceOptions);

def NetworkInterfaceSecurityGroupAttachment(resource_name, opts=None, network_interface_id=None, security_group_id=None, __props__=None);

func NewNetworkInterfaceSecurityGroupAttachment(ctx *Context, name string, args NetworkInterfaceSecurityGroupAttachmentArgs, opts ...ResourceOption) (*NetworkInterfaceSecurityGroupAttachment, error)

public NetworkInterfaceSecurityGroupAttachment(string name, NetworkInterfaceSecurityGroupAttachmentArgs args, CustomResourceOptions? opts = null)

name string: The unique name of the resource.
args NetworkInterfaceSecurityGroupAttachmentArgs: The arguments to resource properties.
opts CustomResourceOptions: Bag of options to control resource's behavior.

resource_name str: The unique name of the resource.
opts ResourceOptions: A bag of options that control this resource's behavior.

ctx Context: Context object for the current deployment.
name string: The unique name of the resource.
args NetworkInterfaceSecurityGroupAttachmentArgs: The arguments to resource properties.
opts ResourceOption: Bag of options to control resource's behavior.

name string: The unique name of the resource.
args NetworkInterfaceSecurityGroupAttachmentArgs: The arguments to resource properties.
opts CustomResourceOptions: Bag of options to control resource's behavior.

NetworkInterfaceSecurityGroupAttachment Resource Properties

To learn more about resource properties and how to use them, see Inputs and Outputs in the Programming Model docs.

Inputs

The NetworkInterfaceSecurityGroupAttachment resource accepts the following input properties:

NetworkInterfaceId string: The ID of the network interface to attach to.
SecurityGroupId string: The ID of the security group.

NetworkInterfaceId string: The ID of the network interface to attach to.
SecurityGroupId string: The ID of the security group.

networkInterfaceId string: The ID of the network interface to attach to.
securityGroupId string: The ID of the security group.

network_interface_id str: The ID of the network interface to attach to.
security_group_id str: The ID of the security group.

Outputs

All input properties are implicitly available as output properties. Additionally, the NetworkInterfaceSecurityGroupAttachment resource produces the following output properties:

Id string: The provider-assigned unique ID for this managed resource.

Id string: The provider-assigned unique ID for this managed resource.

id string: The provider-assigned unique ID for this managed resource.

id str: The provider-assigned unique ID for this managed resource.

Look up an Existing NetworkInterfaceSecurityGroupAttachment Resource

Get an existing NetworkInterfaceSecurityGroupAttachment resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.

public static get(name: string, id: Input<ID>, state?: NetworkInterfaceSecurityGroupAttachmentState, opts?: CustomResourceOptions): NetworkInterfaceSecurityGroupAttachment

static get(resource_name, id, opts=None, network_interface_id=None, security_group_id=None, __props__=None);

func GetNetworkInterfaceSecurityGroupAttachment(ctx *Context, name string, id IDInput, state *NetworkInterfaceSecurityGroupAttachmentState, opts ...ResourceOption) (*NetworkInterfaceSecurityGroupAttachment, error)

public static NetworkInterfaceSecurityGroupAttachment Get(string name, Input<string> id, NetworkInterfaceSecurityGroupAttachmentState? state, CustomResourceOptions? opts = null)

name: The unique name of the resulting resource.
id: The unique provider ID of the resource to lookup.
state: Any extra arguments used during the lookup.
opts: A bag of options that control this resource's behavior.

resource_name: The unique name of the resulting resource.
id: The unique provider ID of the resource to lookup.

name: The unique name of the resulting resource.
id: The unique provider ID of the resource to lookup.
state: Any extra arguments used during the lookup.
opts: A bag of options that control this resource's behavior.

name: The unique name of the resulting resource.
id: The unique provider ID of the resource to lookup.
state: Any extra arguments used during the lookup.
opts: A bag of options that control this resource's behavior.

The following state arguments are supported:

NetworkInterfaceId string: The ID of the network interface to attach to.
SecurityGroupId string: The ID of the security group.

NetworkInterfaceId string: The ID of the network interface to attach to.
SecurityGroupId string: The ID of the security group.

networkInterfaceId string: The ID of the network interface to attach to.
securityGroupId string: The ID of the security group.

network_interface_id str: The ID of the network interface to attach to.
security_group_id str: The ID of the security group.

Package Details

Repository: https://github.com/pulumi/pulumi-aws
License: Apache-2.0
Notes: This Pulumi package is based on the aws Terraform Provider.

The Pulumi Platform

Get Started

Migrate to Pulumi

Solutions for All Teams and Engineers

Any Code

Any Cloud