This page documents the language specification for the aws package. If you're looking for help working with the inputs, outputs, or functions of aws resources in a Pulumi program, please see the resource documentation for examples and API reference.

Pulumi AWS¶

This provider is a derived work of the Terraform Provider distributed under MPL 2.0. If you encounter a bug or missing feature, first check the pulumi/pulumi-aws repo; however, if that doesn’t turn up anything, please consult the source terraform-providers/terraform-provider-aws repo.

class pulumi_aws.AwaitableGetAmiIdsResult(executable_users=None, filters=None, id=None, ids=None, name_regex=None, owners=None, sort_ascending=None)¶

class pulumi_aws.AwaitableGetAmiResult(architecture=None, arn=None, block_device_mappings=None, creation_date=None, description=None, executable_users=None, filters=None, hypervisor=None, id=None, image_id=None, image_location=None, image_owner_alias=None, image_type=None, kernel_id=None, most_recent=None, name=None, name_regex=None, owner_id=None, owners=None, platform=None, product_codes=None, public=None, ramdisk_id=None, root_device_name=None, root_device_type=None, root_snapshot_id=None, sriov_net_support=None, state=None, state_reason=None, tags=None, virtualization_type=None)¶

class pulumi_aws.AwaitableGetArnResult(account=None, arn=None, id=None, partition=None, region=None, resource=None, service=None)¶

class pulumi_aws.AwaitableGetAutoscalingGroupsResult(arns=None, filters=None, id=None, names=None)¶

class pulumi_aws.AwaitableGetAvailabilityZoneResult(all_availability_zones=None, filters=None, group_name=None, id=None, name=None, name_suffix=None, network_border_group=None, opt_in_status=None, region=None, state=None, zone_id=None)¶

class pulumi_aws.AwaitableGetAvailabilityZonesResult(all_availability_zones=None, blacklisted_names=None, blacklisted_zone_ids=None, exclude_names=None, exclude_zone_ids=None, filters=None, group_names=None, id=None, names=None, state=None, zone_ids=None)¶

class pulumi_aws.AwaitableGetBillingServiceAccountResult(arn=None, id=None)¶

class pulumi_aws.AwaitableGetCallerIdentityResult(account_id=None, arn=None, id=None, user_id=None)¶

class pulumi_aws.AwaitableGetCanonicalUserIdResult(display_name=None, id=None)¶

class pulumi_aws.AwaitableGetElasticIpResult(association_id=None, customer_owned_ip=None, customer_owned_ipv4_pool=None, domain=None, filters=None, id=None, instance_id=None, network_interface_id=None, network_interface_owner_id=None, private_dns=None, private_ip=None, public_dns=None, public_ip=None, public_ipv4_pool=None, tags=None)¶

class pulumi_aws.AwaitableGetIpRangesResult(cidr_blocks=None, create_date=None, id=None, ipv6_cidr_blocks=None, regions=None, services=None, sync_token=None, url=None)¶

class pulumi_aws.AwaitableGetPartitionResult(dns_suffix=None, id=None, partition=None)¶

class pulumi_aws.AwaitableGetPrefixListResult(cidr_blocks=None, filters=None, id=None, name=None, prefix_list_id=None)¶

class pulumi_aws.AwaitableGetRegionResult(description=None, endpoint=None, id=None, name=None)¶

class pulumi_aws.AwaitableGetRegionsResult(all_regions=None, filters=None, id=None, names=None)¶

class pulumi_aws.GetAmiIdsResult(executable_users=None, filters=None, id=None, ids=None, name_regex=None, owners=None, sort_ascending=None)¶

A collection of values returned by getAmiIds.

id = None¶: The provider-assigned unique ID for this managed resource.

class pulumi_aws.GetAmiResult(architecture=None, arn=None, block_device_mappings=None, creation_date=None, description=None, executable_users=None, filters=None, hypervisor=None, id=None, image_id=None, image_location=None, image_owner_alias=None, image_type=None, kernel_id=None, most_recent=None, name=None, name_regex=None, owner_id=None, owners=None, platform=None, product_codes=None, public=None, ramdisk_id=None, root_device_name=None, root_device_type=None, root_snapshot_id=None, sriov_net_support=None, state=None, state_reason=None, tags=None, virtualization_type=None)¶

A collection of values returned by getAmi.

architecture = None¶: The OS architecture of the AMI (ie: i386 or x86_64).

arn = None¶: The ARN of the AMI.

block_device_mappings = None¶

The block device mappings of the AMI.

block_device_mappings.#.device_name - The physical name of the device.
block_device_mappings.#.ebs.delete_on_termination - true if the EBS volume will be deleted on termination.
block_device_mappings.#.ebs.encrypted - true if the EBS volume is encrypted.
block_device_mappings.#.ebs.iops - 0 if the EBS volume is not a provisioned IOPS image, otherwise the supported IOPS count.
block_device_mappings.#.ebs.snapshot_id - The ID of the snapshot.
block_device_mappings.#.ebs.volume_size - The size of the volume, in GiB.
block_device_mappings.#.ebs.volume_type - The volume type.
block_device_mappings.#.no_device - Suppresses the specified device included in the block device mapping of the AMI.
block_device_mappings.#.virtual_name - The virtual device name (for instance stores).

creation_date = None¶: The date and time the image was created.

description = None¶: The description of the AMI that was provided during image creation.

hypervisor = None¶: The hypervisor type of the image.

id = None¶: The provider-assigned unique ID for this managed resource.

image_id = None¶: The ID of the AMI. Should be the same as the resource id.

image_location = None¶: The location of the AMI.

image_owner_alias = None¶: The AWS account alias (for example, amazon, self) or the AWS account ID of the AMI owner.

image_type = None¶: The type of image.

kernel_id = None¶: The kernel associated with the image, if any. Only applicable for machine images.

name = None¶: The name of the AMI that was provided during image creation.

owner_id = None¶: The AWS account ID of the image owner.

platform = None¶: The value is Windows for Windows AMIs; otherwise blank.

product_codes = None¶

Any product codes associated with the AMI.

product_codes.#.product_code_id - The product code.
product_codes.#.product_code_type - The type of product code.

public = None¶: true if the image has public launch permissions.

ramdisk_id = None¶: The RAM disk associated with the image, if any. Only applicable for machine images.

root_device_name = None¶: The device name of the root device.

root_device_type = None¶: The type of root device (ie: ebs or instance-store).

root_snapshot_id = None¶: The snapshot id associated with the root device, if any (only applies to ebs root devices).

sriov_net_support = None¶: Specifies whether enhanced networking is enabled.

state = None¶: The current state of the AMI. If the state is available, the image is successfully registered and can be used to launch an instance.

state_reason = None¶

Describes a state change. Fields are UNSET if not available.

state_reason.code - The reason code for the state change.
state_reason.message - The message for the state change.

tags = None¶

Any tags assigned to the image.

tags.#.key - The key name of the tag.
tags.#.value - The value of the tag.

virtualization_type = None¶: The type of virtualization of the AMI (ie: hvm or paravirtual).

class pulumi_aws.GetArnResult(account=None, arn=None, id=None, partition=None, region=None, resource=None, service=None)¶

A collection of values returned by getArn.

account = None¶: The ID of the AWS account that owns the resource, without the hyphens.

id = None¶: The provider-assigned unique ID for this managed resource.

partition = None¶: The partition that the resource is in.

region = None¶: The region the resource resides in. Note that the ARNs for some resources do not require a region, so this component might be omitted.

resource = None¶: The content of this part of the ARN varies by service. It often includes an indicator of the type of resource—for example, an IAM user or Amazon RDS database —followed by a slash (/) or a colon (:), followed by the resource name itself.

service = None¶: The service namespace that identifies the AWS product.

class pulumi_aws.GetAutoscalingGroupsResult(arns=None, filters=None, id=None, names=None)¶

A collection of values returned by getAutoscalingGroups.

arns = None¶: A list of the Autoscaling Groups Arns in the current region.

id = None¶: The provider-assigned unique ID for this managed resource.

names = None¶: A list of the Autoscaling Groups in the current region.

class pulumi_aws.GetAvailabilityZoneResult(all_availability_zones=None, filters=None, group_name=None, id=None, name=None, name_suffix=None, network_border_group=None, opt_in_status=None, region=None, state=None, zone_id=None)¶

A collection of values returned by getAvailabilityZone.

group_name = None¶: For Availability Zones, this is the same value as the Region name. For Local Zones, the name of the associated group, for example us-west-2-lax-1.

id = None¶: The provider-assigned unique ID for this managed resource.

name_suffix = None¶: The part of the AZ name that appears after the region name, uniquely identifying the AZ within its region.

network_border_group = None¶: The name of the location from which the address is advertised.

opt_in_status = None¶: For Availability Zones, this always has the value of opt-in-not-required. For Local Zones, this is the opt in status. The possible values are opted-in and not-opted-in.

region = None¶: The region where the selected availability zone resides. This is always the region selected on the provider, since this data source searches only within that region.

class pulumi_aws.GetAvailabilityZonesResult(all_availability_zones=None, blacklisted_names=None, blacklisted_zone_ids=None, exclude_names=None, exclude_zone_ids=None, filters=None, group_names=None, id=None, names=None, state=None, zone_ids=None)¶

A collection of values returned by getAvailabilityZones.

id = None¶: The provider-assigned unique ID for this managed resource.

names = None¶: A list of the Availability Zone names available to the account.

zone_ids = None¶: A list of the Availability Zone IDs available to the account.

class pulumi_aws.GetBillingServiceAccountResult(arn=None, id=None)¶

A collection of values returned by getBillingServiceAccount.

arn = None¶: The ARN of the AWS billing service account.

id = None¶: The provider-assigned unique ID for this managed resource.

class pulumi_aws.GetCallerIdentityResult(account_id=None, arn=None, id=None, user_id=None)¶

A collection of values returned by getCallerIdentity.

account_id = None¶: The AWS Account ID number of the account that owns or contains the calling entity.

arn = None¶: The AWS ARN associated with the calling entity.

id = None¶: The provider-assigned unique ID for this managed resource.

user_id = None¶: The unique identifier of the calling entity.

class pulumi_aws.GetCanonicalUserIdResult(display_name=None, id=None)¶

A collection of values returned by getCanonicalUserId.

display_name = None¶: The human-friendly name linked to the canonical user ID. The bucket owner’s display name. NOTE: This value is only included in the response in the US East (N. Virginia), US West (N. California), US West (Oregon), Asia Pacific (Singapore), Asia Pacific (Sydney), Asia Pacific (Tokyo), EU (Ireland), and South America (São Paulo) regions.

id = None¶: The provider-assigned unique ID for this managed resource.

class pulumi_aws.GetElasticIpResult(association_id=None, customer_owned_ip=None, customer_owned_ipv4_pool=None, domain=None, filters=None, id=None, instance_id=None, network_interface_id=None, network_interface_owner_id=None, private_dns=None, private_ip=None, public_dns=None, public_ip=None, public_ipv4_pool=None, tags=None)¶

A collection of values returned by getElasticIp.

association_id = None¶: The ID representing the association of the address with an instance in a VPC.

customer_owned_ip = None¶: Customer Owned IP.

customer_owned_ipv4_pool = None¶: The ID of a Customer Owned IP Pool. For more on customer owned IP addressed check out Customer-owned IP addresses guide

domain = None¶: Indicates whether the address is for use in EC2-Classic (standard) or in a VPC (vpc).

id = None¶: If VPC Elastic IP, the allocation identifier. If EC2-Classic Elastic IP, the public IP address.

instance_id = None¶: The ID of the instance that the address is associated with (if any).

network_interface_id = None¶: The ID of the network interface.

network_interface_owner_id = None¶: The ID of the AWS account that owns the network interface.

private_dns = None¶: The Private DNS associated with the Elastic IP address.

private_ip = None¶: The private IP address associated with the Elastic IP address.

public_dns = None¶: Public DNS associated with the Elastic IP address.

public_ip = None¶: Public IP address of Elastic IP.

public_ipv4_pool = None¶: The ID of an address pool.

tags = None¶: Key-value map of tags associated with Elastic IP.

class pulumi_aws.GetIpRangesResult(cidr_blocks=None, create_date=None, id=None, ipv6_cidr_blocks=None, regions=None, services=None, sync_token=None, url=None)¶

A collection of values returned by getIpRanges.

cidr_blocks = None¶: The lexically ordered list of CIDR blocks.

create_date = None¶: The publication time of the IP ranges (e.g. 2016-08-03-23-46-05).

id = None¶: The provider-assigned unique ID for this managed resource.

ipv6_cidr_blocks = None¶: The lexically ordered list of IPv6 CIDR blocks.

sync_token = None¶: The publication time of the IP ranges, in Unix epoch time format (e.g. 1470267965).

class pulumi_aws.GetPartitionResult(dns_suffix=None, id=None, partition=None)¶

A collection of values returned by getPartition.

id = None¶: The provider-assigned unique ID for this managed resource.

class pulumi_aws.GetPrefixListResult(cidr_blocks=None, filters=None, id=None, name=None, prefix_list_id=None)¶

A collection of values returned by getPrefixList.

cidr_blocks = None¶: The list of CIDR blocks for the AWS service associated with the prefix list.

id = None¶: The provider-assigned unique ID for this managed resource.

name = None¶: The name of the selected prefix list.

class pulumi_aws.GetRegionResult(description=None, endpoint=None, id=None, name=None)¶

A collection of values returned by getRegion.

description = None¶: The region’s description in this format: “Location (Region name)”.

endpoint = None¶: The EC2 endpoint for the selected region.

id = None¶: The provider-assigned unique ID for this managed resource.

name = None¶: The name of the selected region.

class pulumi_aws.GetRegionsResult(all_regions=None, filters=None, id=None, names=None)¶

A collection of values returned by getRegions.

id = None¶: The provider-assigned unique ID for this managed resource.

names = None¶: Names of regions that meets the criteria.

class pulumi_aws.Provider(resource_name, opts=None, access_key=None, allowed_account_ids=None, assume_role=None, endpoints=None, forbidden_account_ids=None, ignore_tags=None, insecure=None, max_retries=None, profile=None, region=None, s3_force_path_style=None, secret_key=None, shared_credentials_file=None, skip_credentials_validation=None, skip_get_ec2_platforms=None, skip_metadata_api_check=None, skip_region_validation=None, skip_requesting_account_id=None, token=None, __props__=None, __name__=None, __opts__=None)¶

The provider type for the aws package. By default, resources use package-wide configuration settings, however an explicit Provider instance may be created and passed during resource construction to achieve fine-grained programmatic control over provider settings. See the documentation for more information.

Parameters

resource_name (str) – The name of the resource.
opts (pulumi.ResourceOptions) – Options for the resource.
access_key (pulumi.Input[str]) – The access key for API operations. You can retrieve this from the ‘Security & Credentials’ section of the AWS console.
ignore_tags (pulumi.Input[dict]) – Configuration block with settings to ignore resource tags across all resources.
insecure (pulumi.Input[bool]) – Explicitly allow the provider to perform “insecure” SSL requests. If omitted,default value is false
max_retries (pulumi.Input[float]) – The maximum number of times an AWS API request is being executed. If the API request still fails, an error is thrown.
profile (pulumi.Input[str]) – The profile for API operations. If not set, the default profile created with aws configure will be used.
region (pulumi.Input[str]) – The region where AWS operations will take place. Examples are us-east-1, us-west-2, etc.
s3_force_path_style (pulumi.Input[bool]) – Set this to true to force the request to use path-style addressing, i.e., http://s3.amazonaws.com/BUCKET/KEY. By default, the S3 client will use virtual hosted bucket addressing when possible (http://BUCKET.s3.amazonaws.com/KEY). Specific to the Amazon S3 service.
secret_key (pulumi.Input[str]) – The secret key for API operations. You can retrieve this from the ‘Security & Credentials’ section of the AWS console.
shared_credentials_file (pulumi.Input[str]) – The path to the shared credentials file. If not set this defaults to ~/.aws/credentials.
skip_credentials_validation (pulumi.Input[bool]) – Skip the credentials validation via STS API. Used for AWS API implementations that do not have STS available/implemented.
skip_get_ec2_platforms (pulumi.Input[bool]) – Skip getting the supported EC2 platforms. Used by users that don’t have ec2:DescribeAccountAttributes permissions.
skip_region_validation (pulumi.Input[bool]) – Skip static validation of region name. Used by users of alternative AWS-like APIs or users w/ access to regions that are not public (yet).
skip_requesting_account_id (pulumi.Input[bool]) – Skip requesting the account ID. Used for AWS API implementations that do not have IAM/STS API and/or metadata API.
token (pulumi.Input[str]) – session token. A session token is only required if you are using temporary security credentials.

The assume_role object supports the following:

external_id (pulumi.Input[str])
policy (pulumi.Input[str])
role_arn (pulumi.Input[str])
session_name (pulumi.Input[str])

The endpoints object supports the following:

accessanalyzer (pulumi.Input[str])
acm (pulumi.Input[str])
acmpca (pulumi.Input[str])
amplify (pulumi.Input[str])
apigateway (pulumi.Input[str])
applicationautoscaling (pulumi.Input[str])
applicationinsights (pulumi.Input[str])
appmesh (pulumi.Input[str])
appstream (pulumi.Input[str])
appsync (pulumi.Input[str])
athena (pulumi.Input[str])
autoscaling (pulumi.Input[str])
autoscalingplans (pulumi.Input[str])
backup (pulumi.Input[str])
batch (pulumi.Input[str])
budgets (pulumi.Input[str])
cloud9 (pulumi.Input[str])
cloudformation (pulumi.Input[str])
cloudfront (pulumi.Input[str])
cloudhsm (pulumi.Input[str])
cloudsearch (pulumi.Input[str])
cloudtrail (pulumi.Input[str])
cloudwatch (pulumi.Input[str])
cloudwatchevents (pulumi.Input[str])
cloudwatchlogs (pulumi.Input[str])
codeartifact (pulumi.Input[str])
codebuild (pulumi.Input[str])
codecommit (pulumi.Input[str])
codedeploy (pulumi.Input[str])
codepipeline (pulumi.Input[str])
cognitoidentity (pulumi.Input[str])
cognitoidp (pulumi.Input[str])
configservice (pulumi.Input[str])
cur (pulumi.Input[str])
dataexchange (pulumi.Input[str])
datapipeline (pulumi.Input[str])
datasync (pulumi.Input[str])
dax (pulumi.Input[str])
devicefarm (pulumi.Input[str])
directconnect (pulumi.Input[str])
dlm (pulumi.Input[str])
dms (pulumi.Input[str])
docdb (pulumi.Input[str])
ds (pulumi.Input[str])
dynamodb (pulumi.Input[str])
ec2 (pulumi.Input[str])
ecr (pulumi.Input[str])
ecs (pulumi.Input[str])
efs (pulumi.Input[str])
eks (pulumi.Input[str])
elasticache (pulumi.Input[str])
elasticbeanstalk (pulumi.Input[str])
elastictranscoder (pulumi.Input[str])
elb (pulumi.Input[str])
emr (pulumi.Input[str])
es (pulumi.Input[str])
firehose (pulumi.Input[str])
fms (pulumi.Input[str])
forecast (pulumi.Input[str])
fsx (pulumi.Input[str])
gamelift (pulumi.Input[str])
glacier (pulumi.Input[str])
globalaccelerator (pulumi.Input[str])
glue (pulumi.Input[str])
greengrass (pulumi.Input[str])
guardduty (pulumi.Input[str])
iam (pulumi.Input[str])
imagebuilder (pulumi.Input[str])
inspector (pulumi.Input[str])
iot (pulumi.Input[str])
iotanalytics (pulumi.Input[str])
iotevents (pulumi.Input[str])
kafka (pulumi.Input[str])
kinesis (pulumi.Input[str])
kinesis_analytics (pulumi.Input[str])
kinesisanalytics (pulumi.Input[str])
kinesisanalyticsv2 (pulumi.Input[str])
kinesisvideo (pulumi.Input[str])
kms (pulumi.Input[str])
lakeformation (pulumi.Input[str])
lambda (pulumi.Input[str])
lexmodels (pulumi.Input[str])
licensemanager (pulumi.Input[str])
lightsail (pulumi.Input[str])
macie (pulumi.Input[str])
managedblockchain (pulumi.Input[str])
marketplacecatalog (pulumi.Input[str])
mediaconnect (pulumi.Input[str])
mediaconvert (pulumi.Input[str])
medialive (pulumi.Input[str])
mediapackage (pulumi.Input[str])
mediastore (pulumi.Input[str])
mediastoredata (pulumi.Input[str])
mq (pulumi.Input[str])
neptune (pulumi.Input[str])
networkmanager (pulumi.Input[str])
opsworks (pulumi.Input[str])
organizations (pulumi.Input[str])
outposts (pulumi.Input[str])
personalize (pulumi.Input[str])
pinpoint (pulumi.Input[str])
pricing (pulumi.Input[str])
qldb (pulumi.Input[str])
quicksight (pulumi.Input[str])
r53 (pulumi.Input[str])
ram (pulumi.Input[str])
rds (pulumi.Input[str])
redshift (pulumi.Input[str])
resourcegroups (pulumi.Input[str])
resourcegroupstaggingapi (pulumi.Input[str])
route53 (pulumi.Input[str])
route53domains (pulumi.Input[str])
route53resolver (pulumi.Input[str])
s3 (pulumi.Input[str])
s3control (pulumi.Input[str])
sagemaker (pulumi.Input[str])
sdb (pulumi.Input[str])
secretsmanager (pulumi.Input[str])
securityhub (pulumi.Input[str])
serverlessrepo (pulumi.Input[str])
servicecatalog (pulumi.Input[str])
servicediscovery (pulumi.Input[str])
servicequotas (pulumi.Input[str])
ses (pulumi.Input[str])
shield (pulumi.Input[str])
sns (pulumi.Input[str])
sqs (pulumi.Input[str])
ssm (pulumi.Input[str])
stepfunctions (pulumi.Input[str])
storagegateway (pulumi.Input[str])
sts (pulumi.Input[str])
swf (pulumi.Input[str])
synthetics (pulumi.Input[str])
transfer (pulumi.Input[str])
waf (pulumi.Input[str])
wafregional (pulumi.Input[str])
wafv2 (pulumi.Input[str])
worklink (pulumi.Input[str])
workmail (pulumi.Input[str])
workspaces (pulumi.Input[str])
xray (pulumi.Input[str])

The ignore_tags object supports the following:

key_prefixes (pulumi.Input[list])
keys (pulumi.Input[list])

translate_output_property(prop)¶

Provides subclasses of Resource an opportunity to translate names of output properties into a format of their choosing before writing those properties to the resource object.

Parameters: prop (str) – A property name.
Returns: A potentially transformed property name.
Return type: str

translate_input_property(prop)¶

Provides subclasses of Resource an opportunity to translate names of input properties into a format of their choosing before sending those properties to the Pulumi engine.

Parameters: prop (str) – A property name.
Returns: A potentially transformed property name.
Return type: str

pulumi_aws.get_ami(executable_users=None, filters=None, most_recent=None, name_regex=None, owners=None, tags=None, opts=None)¶

Use this data source to get the ID of a registered AMI for use in other resources.

import pulumi
import pulumi_aws as aws

example = aws.get_ami(executable_users=["self"],
    filters=[
        {
            "name": "name",
            "values": ["myami-*"],
        },
        {
            "name": "root-device-type",
            "values": ["ebs"],
        },
        {
            "name": "virtualization-type",
            "values": ["hvm"],
        },
    ],
    most_recent=True,
    name_regex="^myami-\d{3}",
    owners=["self"])

Parameters

executable_users (list) – Limit search to users with explicit launch permission on the image. Valid items are the numeric account ID or self.
filters (list) – One or more name/value pairs to filter off of. There are several valid keys, for a full reference, check out [describe-images in the AWS CLI reference][1].
most_recent (bool) – If more than one result is returned, use the most recent AMI.
name_regex (str) – A regex string to apply to the AMI list returned by AWS. This allows more advanced filtering not supported from the AWS API. This filtering is done locally on what AWS returns, and could have a performance impact if the result is large. It is recommended to combine this with other options to narrow down the list AWS returns.
owners (list) – List of AMI owners to limit search. At least 1 value must be specified. Valid values: an AWS account ID, self (the current account), or an AWS owner alias (e.g. amazon, aws-marketplace, microsoft).
tags (dict) – Any tags assigned to the image.

* `tags.#.key` - The key name of the tag.
* `tags.#.value` - The value of the tag.

The filters object supports the following:

name (str) - The name of the AMI that was provided during image creation.
values (list)

pulumi_aws.get_ami_ids(executable_users=None, filters=None, name_regex=None, owners=None, sort_ascending=None, opts=None)¶

Use this data source to get a list of AMI IDs matching the specified criteria.

import pulumi
import pulumi_aws as aws

ubuntu = aws.get_ami_ids(filters=[{
        "name": "name",
        "values": ["ubuntu/images/ubuntu-*-*-amd64-server-*"],
    }],
    owners=["099720109477"])

Parameters

executable_users (list) – Limit search to users with explicit launch permission on the image. Valid items are the numeric account ID or self.
filters (list) – One or more name/value pairs to filter off of. There are several valid keys, for a full reference, check out [describe-images in the AWS CLI reference][1].
name_regex (str) – A regex string to apply to the AMI list returned by AWS. This allows more advanced filtering not supported from the AWS API. This filtering is done locally on what AWS returns, and could have a performance impact if the result is large. It is recommended to combine this with other options to narrow down the list AWS returns.
owners (list) – List of AMI owners to limit search. At least 1 value must be specified. Valid values: an AWS account ID, self (the current account), or an AWS owner alias (e.g. amazon, aws-marketplace, microsoft).
sort_ascending (bool) – Used to sort AMIs by creation time.

The filters object supports the following:

name (str)
values (list)

pulumi_aws.get_arn(arn=None, opts=None)¶

Parses an Amazon Resource Name (ARN) into its constituent parts.

import pulumi
import pulumi_aws as aws

db_instance = aws.get_arn(arn="arn:aws:rds:eu-west-1:123456789012:db:mysql-db")

Parameters: arn (str) – The ARN to parse.

pulumi_aws.get_autoscaling_groups(filters=None, opts=None)¶

The Autoscaling Groups data source allows access to the list of AWS ASGs within a specific region. This will allow you to pass a list of AutoScaling Groups to other resources.

import pulumi
import pulumi_aws as aws

groups = aws.get_autoscaling_groups(filters=[
    {
        "name": "key",
        "values": ["Team"],
    },
    {
        "name": "value",
        "values": ["Pets"],
    },
])
slack_notifications = aws.autoscaling.Notification("slackNotifications",
    group_names=groups.names,
    notifications=[
        "autoscaling:EC2_INSTANCE_LAUNCH",
        "autoscaling:EC2_INSTANCE_TERMINATE",
        "autoscaling:EC2_INSTANCE_LAUNCH_ERROR",
        "autoscaling:EC2_INSTANCE_TERMINATE_ERROR",
    ],
    topic_arn="TOPIC ARN")

Parameters: filters (list) – A filter used to scope the list e.g. by tags. See related docs.

The filters object supports the following:

name (str) - The name of the filter. The valid values are: auto-scaling-group, key, value, and propagate-at-launch.
values (list) - The value of the filter.

pulumi_aws.get_availability_zone(all_availability_zones=None, filters=None, name=None, state=None, zone_id=None, opts=None)¶

getAvailabilityZone provides details about a specific availability zone (AZ) in the current region.

This can be used both to validate an availability zone given in a variable and to split the AZ name into its component parts of an AWS region and an AZ identifier letter. The latter may be useful e.g. for implementing a consistent subnet numbering scheme across several regions by mapping both the region and the subnet letter to network numbers.

This is different from the getAvailabilityZones (plural) data source, which provides a list of the available zones.

Parameters

all_availability_zones (bool) – Set to true to include all Availability Zones and Local Zones regardless of your opt in status.
filters (list) – Configuration block(s) for filtering. Detailed below.
name (str) – The name of the filter field. Valid values can be found in the EC2 DescribeAvailabilityZones API Reference.
state (str) – A specific availability zone state to require. May be any of "available", "information" or "impaired".
zone_id (str) – The zone ID of the availability zone to select.

The filters object supports the following:

name (str) - The name of the filter field. Valid values can be found in the EC2 DescribeAvailabilityZones API Reference.
values (list) - Set of values that are accepted for the given filter field. Results will be selected if any given value matches.

pulumi_aws.get_availability_zones(all_availability_zones=None, blacklisted_names=None, blacklisted_zone_ids=None, exclude_names=None, exclude_zone_ids=None, filters=None, group_names=None, state=None, opts=None)¶

The Availability Zones data source allows access to the list of AWS Availability Zones which can be accessed by an AWS account within the region configured in the provider.

This is different from the getAvailabilityZone (singular) data source, which provides some details about a specific availability zone.

When Local Zones are enabled in a region, by default the API and this data source include both Local Zones and Availability Zones. To return only Availability Zones, see the example section below.

import pulumi
import pulumi_aws as aws

available = aws.get_availability_zones(state="available")
primary = aws.ec2.Subnet("primary", availability_zone=available.names[0])
# ...
secondary = aws.ec2.Subnet("secondary", availability_zone=available.names[1])
# ...

All Local Zones (regardless of opt-in status):

import pulumi
import pulumi_aws as aws

example = aws.get_availability_zones(all_availability_zones=True,
    filters=[{
        "name": "opt-in-status",
        "values": [
            "not-opted-in",
            "opted-in",
        ],
    }])

Only Availability Zones (no Local Zones):

import pulumi
import pulumi_aws as aws

example = aws.get_availability_zones(filters=[{
    "name": "opt-in-status",
    "values": ["opt-in-not-required"],
}])

Parameters

all_availability_zones (bool) – Set to true to include all Availability Zones and Local Zones regardless of your opt in status.
blacklisted_names (list) – List of Availability Zone names to exclude. Use exclude_names instead.
blacklisted_zone_ids (list) – List of Availability Zone IDs to exclude. Use exclude_zone_ids instead.
exclude_names (list) – List of Availability Zone names to exclude.
exclude_zone_ids (list) – List of Availability Zone IDs to exclude.
filters (list) – Configuration block(s) for filtering. Detailed below.
state (str) – Allows to filter list of Availability Zones based on their current state. Can be either "available", "information", "impaired" or "unavailable". By default the list includes a complete set of Availability Zones to which the underlying AWS account has access, regardless of their state.

The filters object supports the following:

name (str) - The name of the filter field. Valid values can be found in the EC2 DescribeAvailabilityZones API Reference.
values (list) - Set of values that are accepted for the given filter field. Results will be selected if any given value matches.

pulumi_aws.get_billing_service_account(opts=None)¶

Use this data source to get the Account ID of the AWS Billing and Cost Management Service Account for the purpose of permitting in S3 bucket policy.

import pulumi
import pulumi_aws as aws

main = aws.get_billing_service_account()
billing_logs = aws.s3.Bucket("billingLogs",
    acl="private",
    policy=f"""{{
  "Id": "Policy",
  "Version": "2012-10-17",
  "Statement": [
    {{
      "Action": [
        "s3:GetBucketAcl", "s3:GetBucketPolicy"
      ],
      "Effect": "Allow",
      "Resource": "arn:aws:s3:::my-billing-tf-test-bucket",
      "Principal": {{
        "AWS": [
          "{main.arn}"
        ]
      }}
    }},
    {{
      "Action": [
        "s3:PutObject"
      ],
      "Effect": "Allow",
      "Resource": "arn:aws:s3:::my-billing-tf-test-bucket/*",
      "Principal": {{
        "AWS": [
          "{main.arn}"
        ]
      }}
    }}
  ]
}}

""")

pulumi_aws.get_caller_identity(opts=None)¶

Use this data source to get the access to the effective Account ID, User ID, and ARN in which this provider is authorized.

import pulumi
import pulumi_aws as aws

current = aws.get_caller_identity()
pulumi.export("accountId", current.account_id)
pulumi.export("callerArn", current.arn)
pulumi.export("callerUser", current.user_id)

pulumi_aws.get_canonical_user_id(opts=None)¶

The Canonical User ID data source allows access to the canonical user ID for the effective account in which this provider is working.

import pulumi
import pulumi_aws as aws

current = aws.get_canonical_user_id()
pulumi.export("canonicalUserId", current.id)

pulumi_aws.get_elastic_ip(filters=None, id=None, public_ip=None, tags=None, opts=None)¶

ec2.Eip provides details about a specific Elastic IP.

import pulumi
import pulumi_aws as aws

by_allocation_id = aws.get_elastic_ip(id="eipalloc-12345678")

import pulumi
import pulumi_aws as aws

by_filter = aws.get_elastic_ip(filters=[{
    "name": "tag:Name",
    "values": ["exampleNameTagValue"],
}])

import pulumi
import pulumi_aws as aws

by_public_ip = aws.get_elastic_ip(public_ip="1.2.3.4")

import pulumi
import pulumi_aws as aws

by_tags = aws.get_elastic_ip(tags={
    "Name": "exampleNameTagValue",
})

Parameters

filters (list) – One or more name/value pairs to use as filters. There are several valid keys, for a full reference, check out the EC2 API Reference.
id (str) – The allocation id of the specific VPC EIP to retrieve. If a classic EIP is required, do NOT set id, only set public_ip
public_ip (str) – The public IP of the specific EIP to retrieve.
tags (dict) – A map of tags, each pair of which must exactly match a pair on the desired Elastic IP

The filters object supports the following:

name (str)
values (list)

pulumi_aws.get_ip_ranges(regions=None, services=None, url=None, opts=None)¶

Use this data source to get the IP ranges of various AWS products and services. For more information about the contents of this data source and required JSON syntax if referencing a custom URL, see the AWS IP Address Ranges documention.

import pulumi
import pulumi_aws as aws

european_ec2 = aws.get_ip_ranges(regions=[
        "eu-west-1",
        "eu-central-1",
    ],
    services=["ec2"])
from_europe = aws.ec2.SecurityGroup("fromEurope",
    ingress=[{
        "from_port": "443",
        "to_port": "443",
        "protocol": "tcp",
        "cidr_blocks": european_ec2.cidr_blocks,
        "ipv6_cidr_blocks": european_ec2.ipv6_cidr_blocks,
    }],
    tags={
        "CreateDate": european_ec2.create_date,
        "SyncToken": european_ec2.sync_token,
    })

Parameters

regions (list) – Filter IP ranges by regions (or include all regions, if omitted). Valid items are global (for cloudfront) as well as all AWS regions (e.g. eu-central-1)
services (list) – Filter IP ranges by services. Valid items are amazon (for amazon.com), amazon_connect, api_gateway, cloud9, cloudfront, codebuild, dynamodb, ec2, ec2_instance_connect, globalaccelerator, route53, route53_healthchecks, s3 and workspaces_gateways. See the [service attribute][2] documentation for other possible values.
url (str) –
Custom URL for source JSON file. Syntax must match AWS IP Address Ranges documention. Defaults to https://ip-ranges.amazonaws.com/ip-ranges.json.

pulumi_aws.get_partition(opts=None)¶

Use this data source to lookup current AWS partition in which this provider is working

import pulumi
import pulumi_aws as aws

current = aws.get_partition()
s3_policy = aws.iam.get_policy_document(statements=[{
    "actions": ["s3:ListBucket"],
    "resources": [f"arn:{current.partition}:s3:::my-bucket"],
    "sid": "1",
}])

pulumi_aws.get_prefix_list(filters=None, name=None, prefix_list_id=None, opts=None)¶

getPrefixList provides details about a specific prefix list (PL) in the current region.

This can be used both to validate a prefix list given in a variable and to obtain the CIDR blocks (IP address ranges) for the associated AWS service. The latter may be useful e.g. for adding network ACL rules.

import pulumi
import pulumi_aws as aws

private_s3_vpc_endpoint = aws.ec2.VpcEndpoint("privateS3VpcEndpoint",
    service_name="com.amazonaws.us-west-2.s3",
    vpc_id=aws_vpc["foo"]["id"])
private_s3_prefix_list = private_s3_vpc_endpoint.prefix_list_id.apply(lambda prefix_list_id: aws.get_prefix_list(prefix_list_id=prefix_list_id))
bar = aws.ec2.NetworkAcl("bar", vpc_id=aws_vpc["foo"]["id"])
private_s3_network_acl_rule = aws.ec2.NetworkAclRule("privateS3NetworkAclRule",
    cidr_block=private_s3_prefix_list.cidr_blocks[0],
    egress=False,
    from_port=443,
    network_acl_id=bar.id,
    protocol="tcp",
    rule_action="allow",
    rule_number=200,
    to_port=443)

import pulumi
import pulumi_aws as aws

test = aws.get_prefix_list(filters=[{
    "name": "prefix-list-id",
    "values": ["pl-68a54001"],
}])

Parameters

filters (list) – Configuration block(s) for filtering. Detailed below.
name (str) – The name of the filter field. Valid values can be found in the EC2 DescribePrefixLists API Reference.
prefix_list_id (str) – The ID of the prefix list to select.

The filters object supports the following:

name (str) - The name of the filter field. Valid values can be found in the EC2 DescribePrefixLists API Reference.
values (list) - Set of values that are accepted for the given filter field. Results will be selected if any given value matches.

pulumi_aws.get_region(endpoint=None, name=None, opts=None)¶

getRegion provides details about a specific AWS region.

As well as validating a given region name this resource can be used to discover the name of the region configured within the provider. The latter can be useful in a child module which is inheriting an AWS provider configuration from its parent module.

The following example shows how the resource might be used to obtain the name of the AWS region configured on the provider.

import pulumi
import pulumi_aws as aws

current = aws.get_region()

Parameters

endpoint (str) – The EC2 endpoint of the region to select.
name (str) – The full name of the region to select.

pulumi_aws.get_regions(all_regions=None, filters=None, opts=None)¶

Provides information about AWS Regions. Can be used to filter regions i.e. by Opt-In status or only regions enabled for current account. To get details like endpoint and description of each region the data source can be combined with the getRegion data source.

Enabled AWS Regions:

import pulumi
import pulumi_aws as aws

current = aws.get_regions()

All the regions regardless of the availability

import pulumi
import pulumi_aws as aws

current = aws.get_regions(all_regions=True)

To see regions that are filtered by "not-opted-in", the all_regions argument needs to be set to true or no results will be returned.

import pulumi
import pulumi_aws as aws

current = aws.get_regions(all_regions=True,
    filters=[{
        "name": "opt-in-status",
        "values": ["not-opted-in"],
    }])

Parameters

all_regions (bool) – If true the source will query all regions regardless of availability.
filters (list) – Configuration block(s) to use as filters. Detailed below.

The filters object supports the following:

name (str) - The name of the filter field. Valid values can be found in the [describe-regions AWS CLI Reference][1].
values (list) - Set of values that are accepted for the given filter field. Results will be selected if any given value matches.

The Pulumi Platform

Get Started

Migrate to Pulumi

Solutions for All Teams and Engineers

Any Code

Any Cloud

Pulumi AWS¶

On This Page