aws.ec2.NetworkInterfaceSecurityGroupAttachment
Explore with Pulumi AI
This resource attaches a security group to an Elastic Network Interface (ENI). It can be used to attach a security group to any existing ENI, be it a secondary ENI or one attached as the primary interface on an instance.
NOTE on instances, interfaces, and security groups: This provider currently provides the capability to assign security groups via the [
aws.ec2.Instance
][1] and the [aws.ec2.NetworkInterface
][2] resources. Using this resource in conjunction with security groups provided in-line in those resources will cause conflicts, and will lead to spurious diffs and undefined behavior - please use one or the other.
Example Usage
The following provides a very basic example of setting up an instance (provided
by instance
) in the default security group, creating a security group
(provided by sg
) and then attaching the security group to the instance’s
primary network interface via the aws.ec2.NetworkInterfaceSecurityGroupAttachment
resource,
named sg_attachment
:
import * as pulumi from "@pulumi/pulumi";
import * as aws from "@pulumi/aws";
const ami = aws.ec2.getAmi({
mostRecent: true,
filters: [{
name: "name",
values: ["amzn-ami-hvm-*"],
}],
owners: ["amazon"],
});
const instance = new aws.ec2.Instance("instance", {
instanceType: aws.ec2.InstanceType.T2_Micro,
ami: ami.then(ami => ami.id),
tags: {
type: "test-instance",
},
});
const sg = new aws.ec2.SecurityGroup("sg", {tags: {
type: "test-security-group",
}});
const sgAttachment = new aws.ec2.NetworkInterfaceSecurityGroupAttachment("sg_attachment", {
securityGroupId: sg.id,
networkInterfaceId: instance.primaryNetworkInterfaceId,
});
import pulumi
import pulumi_aws as aws
ami = aws.ec2.get_ami(most_recent=True,
filters=[{
"name": "name",
"values": ["amzn-ami-hvm-*"],
}],
owners=["amazon"])
instance = aws.ec2.Instance("instance",
instance_type=aws.ec2.InstanceType.T2_MICRO,
ami=ami.id,
tags={
"type": "test-instance",
})
sg = aws.ec2.SecurityGroup("sg", tags={
"type": "test-security-group",
})
sg_attachment = aws.ec2.NetworkInterfaceSecurityGroupAttachment("sg_attachment",
security_group_id=sg.id,
network_interface_id=instance.primary_network_interface_id)
package main
import (
"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/ec2"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
ami, err := ec2.LookupAmi(ctx, &ec2.LookupAmiArgs{
MostRecent: pulumi.BoolRef(true),
Filters: []ec2.GetAmiFilter{
{
Name: "name",
Values: []string{
"amzn-ami-hvm-*",
},
},
},
Owners: []string{
"amazon",
},
}, nil)
if err != nil {
return err
}
instance, err := ec2.NewInstance(ctx, "instance", &ec2.InstanceArgs{
InstanceType: pulumi.String(ec2.InstanceType_T2_Micro),
Ami: pulumi.String(ami.Id),
Tags: pulumi.StringMap{
"type": pulumi.String("test-instance"),
},
})
if err != nil {
return err
}
sg, err := ec2.NewSecurityGroup(ctx, "sg", &ec2.SecurityGroupArgs{
Tags: pulumi.StringMap{
"type": pulumi.String("test-security-group"),
},
})
if err != nil {
return err
}
_, err = ec2.NewNetworkInterfaceSecurityGroupAttachment(ctx, "sg_attachment", &ec2.NetworkInterfaceSecurityGroupAttachmentArgs{
SecurityGroupId: sg.ID(),
NetworkInterfaceId: instance.PrimaryNetworkInterfaceId,
})
if err != nil {
return err
}
return nil
})
}
using System.Collections.Generic;
using System.Linq;
using Pulumi;
using Aws = Pulumi.Aws;
return await Deployment.RunAsync(() =>
{
var ami = Aws.Ec2.GetAmi.Invoke(new()
{
MostRecent = true,
Filters = new[]
{
new Aws.Ec2.Inputs.GetAmiFilterInputArgs
{
Name = "name",
Values = new[]
{
"amzn-ami-hvm-*",
},
},
},
Owners = new[]
{
"amazon",
},
});
var instance = new Aws.Ec2.Instance("instance", new()
{
InstanceType = Aws.Ec2.InstanceType.T2_Micro,
Ami = ami.Apply(getAmiResult => getAmiResult.Id),
Tags =
{
{ "type", "test-instance" },
},
});
var sg = new Aws.Ec2.SecurityGroup("sg", new()
{
Tags =
{
{ "type", "test-security-group" },
},
});
var sgAttachment = new Aws.Ec2.NetworkInterfaceSecurityGroupAttachment("sg_attachment", new()
{
SecurityGroupId = sg.Id,
NetworkInterfaceId = instance.PrimaryNetworkInterfaceId,
});
});
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.aws.ec2.Ec2Functions;
import com.pulumi.aws.ec2.inputs.GetAmiArgs;
import com.pulumi.aws.ec2.Instance;
import com.pulumi.aws.ec2.InstanceArgs;
import com.pulumi.aws.ec2.SecurityGroup;
import com.pulumi.aws.ec2.SecurityGroupArgs;
import com.pulumi.aws.ec2.NetworkInterfaceSecurityGroupAttachment;
import com.pulumi.aws.ec2.NetworkInterfaceSecurityGroupAttachmentArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
final var ami = Ec2Functions.getAmi(GetAmiArgs.builder()
.mostRecent(true)
.filters(GetAmiFilterArgs.builder()
.name("name")
.values("amzn-ami-hvm-*")
.build())
.owners("amazon")
.build());
var instance = new Instance("instance", InstanceArgs.builder()
.instanceType("t2.micro")
.ami(ami.applyValue(getAmiResult -> getAmiResult.id()))
.tags(Map.of("type", "test-instance"))
.build());
var sg = new SecurityGroup("sg", SecurityGroupArgs.builder()
.tags(Map.of("type", "test-security-group"))
.build());
var sgAttachment = new NetworkInterfaceSecurityGroupAttachment("sgAttachment", NetworkInterfaceSecurityGroupAttachmentArgs.builder()
.securityGroupId(sg.id())
.networkInterfaceId(instance.primaryNetworkInterfaceId())
.build());
}
}
resources:
instance:
type: aws:ec2:Instance
properties:
instanceType: t2.micro
ami: ${ami.id}
tags:
type: test-instance
sg:
type: aws:ec2:SecurityGroup
properties:
tags:
type: test-security-group
sgAttachment:
type: aws:ec2:NetworkInterfaceSecurityGroupAttachment
name: sg_attachment
properties:
securityGroupId: ${sg.id}
networkInterfaceId: ${instance.primaryNetworkInterfaceId}
variables:
ami:
fn::invoke:
Function: aws:ec2:getAmi
Arguments:
mostRecent: true
filters:
- name: name
values:
- amzn-ami-hvm-*
owners:
- amazon
In this example, instance
is provided by the aws.ec2.Instance
data source,
fetching an external instance, possibly not managed by this provider.
sg_attachment
then attaches to the output instance’s network_interface_id
:
import * as pulumi from "@pulumi/pulumi";
import * as aws from "@pulumi/aws";
const instance = aws.ec2.getInstance({
instanceId: "i-1234567890abcdef0",
});
const sg = new aws.ec2.SecurityGroup("sg", {tags: {
type: "test-security-group",
}});
const sgAttachment = new aws.ec2.NetworkInterfaceSecurityGroupAttachment("sg_attachment", {
securityGroupId: sg.id,
networkInterfaceId: instance.then(instance => instance.networkInterfaceId),
});
import pulumi
import pulumi_aws as aws
instance = aws.ec2.get_instance(instance_id="i-1234567890abcdef0")
sg = aws.ec2.SecurityGroup("sg", tags={
"type": "test-security-group",
})
sg_attachment = aws.ec2.NetworkInterfaceSecurityGroupAttachment("sg_attachment",
security_group_id=sg.id,
network_interface_id=instance.network_interface_id)
package main
import (
"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/ec2"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
instance, err := ec2.LookupInstance(ctx, &ec2.LookupInstanceArgs{
InstanceId: pulumi.StringRef("i-1234567890abcdef0"),
}, nil)
if err != nil {
return err
}
sg, err := ec2.NewSecurityGroup(ctx, "sg", &ec2.SecurityGroupArgs{
Tags: pulumi.StringMap{
"type": pulumi.String("test-security-group"),
},
})
if err != nil {
return err
}
_, err = ec2.NewNetworkInterfaceSecurityGroupAttachment(ctx, "sg_attachment", &ec2.NetworkInterfaceSecurityGroupAttachmentArgs{
SecurityGroupId: sg.ID(),
NetworkInterfaceId: pulumi.String(instance.NetworkInterfaceId),
})
if err != nil {
return err
}
return nil
})
}
using System.Collections.Generic;
using System.Linq;
using Pulumi;
using Aws = Pulumi.Aws;
return await Deployment.RunAsync(() =>
{
var instance = Aws.Ec2.GetInstance.Invoke(new()
{
InstanceId = "i-1234567890abcdef0",
});
var sg = new Aws.Ec2.SecurityGroup("sg", new()
{
Tags =
{
{ "type", "test-security-group" },
},
});
var sgAttachment = new Aws.Ec2.NetworkInterfaceSecurityGroupAttachment("sg_attachment", new()
{
SecurityGroupId = sg.Id,
NetworkInterfaceId = instance.Apply(getInstanceResult => getInstanceResult.NetworkInterfaceId),
});
});
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.aws.ec2.Ec2Functions;
import com.pulumi.aws.ec2.inputs.GetInstanceArgs;
import com.pulumi.aws.ec2.SecurityGroup;
import com.pulumi.aws.ec2.SecurityGroupArgs;
import com.pulumi.aws.ec2.NetworkInterfaceSecurityGroupAttachment;
import com.pulumi.aws.ec2.NetworkInterfaceSecurityGroupAttachmentArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
final var instance = Ec2Functions.getInstance(GetInstanceArgs.builder()
.instanceId("i-1234567890abcdef0")
.build());
var sg = new SecurityGroup("sg", SecurityGroupArgs.builder()
.tags(Map.of("type", "test-security-group"))
.build());
var sgAttachment = new NetworkInterfaceSecurityGroupAttachment("sgAttachment", NetworkInterfaceSecurityGroupAttachmentArgs.builder()
.securityGroupId(sg.id())
.networkInterfaceId(instance.applyValue(getInstanceResult -> getInstanceResult.networkInterfaceId()))
.build());
}
}
resources:
sg:
type: aws:ec2:SecurityGroup
properties:
tags:
type: test-security-group
sgAttachment:
type: aws:ec2:NetworkInterfaceSecurityGroupAttachment
name: sg_attachment
properties:
securityGroupId: ${sg.id}
networkInterfaceId: ${instance.networkInterfaceId}
variables:
instance:
fn::invoke:
Function: aws:ec2:getInstance
Arguments:
instanceId: i-1234567890abcdef0
Create NetworkInterfaceSecurityGroupAttachment Resource
Resources are created with functions called constructors. To learn more about declaring and configuring resources, see Resources.
Constructor syntax
new NetworkInterfaceSecurityGroupAttachment(name: string, args: NetworkInterfaceSecurityGroupAttachmentArgs, opts?: CustomResourceOptions);
@overload
def NetworkInterfaceSecurityGroupAttachment(resource_name: str,
args: NetworkInterfaceSecurityGroupAttachmentArgs,
opts: Optional[ResourceOptions] = None)
@overload
def NetworkInterfaceSecurityGroupAttachment(resource_name: str,
opts: Optional[ResourceOptions] = None,
network_interface_id: Optional[str] = None,
security_group_id: Optional[str] = None)
func NewNetworkInterfaceSecurityGroupAttachment(ctx *Context, name string, args NetworkInterfaceSecurityGroupAttachmentArgs, opts ...ResourceOption) (*NetworkInterfaceSecurityGroupAttachment, error)
public NetworkInterfaceSecurityGroupAttachment(string name, NetworkInterfaceSecurityGroupAttachmentArgs args, CustomResourceOptions? opts = null)
public NetworkInterfaceSecurityGroupAttachment(String name, NetworkInterfaceSecurityGroupAttachmentArgs args)
public NetworkInterfaceSecurityGroupAttachment(String name, NetworkInterfaceSecurityGroupAttachmentArgs args, CustomResourceOptions options)
type: aws:ec2:NetworkInterfaceSecurityGroupAttachment
properties: # The arguments to resource properties.
options: # Bag of options to control resource's behavior.
Parameters
- name string
- The unique name of the resource.
- args NetworkInterfaceSecurityGroupAttachmentArgs
- The arguments to resource properties.
- opts CustomResourceOptions
- Bag of options to control resource's behavior.
- resource_name str
- The unique name of the resource.
- args NetworkInterfaceSecurityGroupAttachmentArgs
- The arguments to resource properties.
- opts ResourceOptions
- Bag of options to control resource's behavior.
- ctx Context
- Context object for the current deployment.
- name string
- The unique name of the resource.
- args NetworkInterfaceSecurityGroupAttachmentArgs
- The arguments to resource properties.
- opts ResourceOption
- Bag of options to control resource's behavior.
- name string
- The unique name of the resource.
- args NetworkInterfaceSecurityGroupAttachmentArgs
- The arguments to resource properties.
- opts CustomResourceOptions
- Bag of options to control resource's behavior.
- name String
- The unique name of the resource.
- args NetworkInterfaceSecurityGroupAttachmentArgs
- The arguments to resource properties.
- options CustomResourceOptions
- Bag of options to control resource's behavior.
Constructor example
The following reference example uses placeholder values for all input properties.
var networkInterfaceSecurityGroupAttachmentResource = new Aws.Ec2.NetworkInterfaceSecurityGroupAttachment("networkInterfaceSecurityGroupAttachmentResource", new()
{
NetworkInterfaceId = "string",
SecurityGroupId = "string",
});
example, err := ec2.NewNetworkInterfaceSecurityGroupAttachment(ctx, "networkInterfaceSecurityGroupAttachmentResource", &ec2.NetworkInterfaceSecurityGroupAttachmentArgs{
NetworkInterfaceId: pulumi.String("string"),
SecurityGroupId: pulumi.String("string"),
})
var networkInterfaceSecurityGroupAttachmentResource = new NetworkInterfaceSecurityGroupAttachment("networkInterfaceSecurityGroupAttachmentResource", NetworkInterfaceSecurityGroupAttachmentArgs.builder()
.networkInterfaceId("string")
.securityGroupId("string")
.build());
network_interface_security_group_attachment_resource = aws.ec2.NetworkInterfaceSecurityGroupAttachment("networkInterfaceSecurityGroupAttachmentResource",
network_interface_id="string",
security_group_id="string")
const networkInterfaceSecurityGroupAttachmentResource = new aws.ec2.NetworkInterfaceSecurityGroupAttachment("networkInterfaceSecurityGroupAttachmentResource", {
networkInterfaceId: "string",
securityGroupId: "string",
});
type: aws:ec2:NetworkInterfaceSecurityGroupAttachment
properties:
networkInterfaceId: string
securityGroupId: string
NetworkInterfaceSecurityGroupAttachment Resource Properties
To learn more about resource properties and how to use them, see Inputs and Outputs in the Architecture and Concepts docs.
Inputs
In Python, inputs that are objects can be passed either as argument classes or as dictionary literals.
The NetworkInterfaceSecurityGroupAttachment resource accepts the following input properties:
- Network
Interface stringId - The ID of the network interface to attach to.
- Security
Group stringId - The ID of the security group.
- Network
Interface stringId - The ID of the network interface to attach to.
- Security
Group stringId - The ID of the security group.
- network
Interface StringId - The ID of the network interface to attach to.
- security
Group StringId - The ID of the security group.
- network
Interface stringId - The ID of the network interface to attach to.
- security
Group stringId - The ID of the security group.
- network_
interface_ strid - The ID of the network interface to attach to.
- security_
group_ strid - The ID of the security group.
- network
Interface StringId - The ID of the network interface to attach to.
- security
Group StringId - The ID of the security group.
Outputs
All input properties are implicitly available as output properties. Additionally, the NetworkInterfaceSecurityGroupAttachment resource produces the following output properties:
- Id string
- The provider-assigned unique ID for this managed resource.
- Id string
- The provider-assigned unique ID for this managed resource.
- id String
- The provider-assigned unique ID for this managed resource.
- id string
- The provider-assigned unique ID for this managed resource.
- id str
- The provider-assigned unique ID for this managed resource.
- id String
- The provider-assigned unique ID for this managed resource.
Look up Existing NetworkInterfaceSecurityGroupAttachment Resource
Get an existing NetworkInterfaceSecurityGroupAttachment resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.
public static get(name: string, id: Input<ID>, state?: NetworkInterfaceSecurityGroupAttachmentState, opts?: CustomResourceOptions): NetworkInterfaceSecurityGroupAttachment
@staticmethod
def get(resource_name: str,
id: str,
opts: Optional[ResourceOptions] = None,
network_interface_id: Optional[str] = None,
security_group_id: Optional[str] = None) -> NetworkInterfaceSecurityGroupAttachment
func GetNetworkInterfaceSecurityGroupAttachment(ctx *Context, name string, id IDInput, state *NetworkInterfaceSecurityGroupAttachmentState, opts ...ResourceOption) (*NetworkInterfaceSecurityGroupAttachment, error)
public static NetworkInterfaceSecurityGroupAttachment Get(string name, Input<string> id, NetworkInterfaceSecurityGroupAttachmentState? state, CustomResourceOptions? opts = null)
public static NetworkInterfaceSecurityGroupAttachment get(String name, Output<String> id, NetworkInterfaceSecurityGroupAttachmentState state, CustomResourceOptions options)
Resource lookup is not supported in YAML
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- resource_name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- Network
Interface stringId - The ID of the network interface to attach to.
- Security
Group stringId - The ID of the security group.
- Network
Interface stringId - The ID of the network interface to attach to.
- Security
Group stringId - The ID of the security group.
- network
Interface StringId - The ID of the network interface to attach to.
- security
Group StringId - The ID of the security group.
- network
Interface stringId - The ID of the network interface to attach to.
- security
Group stringId - The ID of the security group.
- network_
interface_ strid - The ID of the network interface to attach to.
- security_
group_ strid - The ID of the security group.
- network
Interface StringId - The ID of the network interface to attach to.
- security
Group StringId - The ID of the security group.
Import
Using pulumi import
, import Network Interface Security Group attachments using the associated network interface ID and security group ID, separated by an underscore (_
). For example:
$ pulumi import aws:ec2/networkInterfaceSecurityGroupAttachment:NetworkInterfaceSecurityGroupAttachment sg_attachment eni-1234567890abcdef0_sg-1234567890abcdef0
To learn more about importing existing cloud resources, see Importing resources.
Package Details
- Repository
- AWS Classic pulumi/pulumi-aws
- License
- Apache-2.0
- Notes
- This Pulumi package is based on the
aws
Terraform Provider.