aws.emr.BlockPublicAccessConfiguration
Explore with Pulumi AI
Resource for managing an AWS EMR block public access configuration. This region level security configuration restricts the launch of EMR clusters that have associated security groups permitting public access on unspecified ports. See the EMR Block Public Access Configuration documentation for further information.
Example Usage
Basic Usage
import * as pulumi from "@pulumi/pulumi";
import * as aws from "@pulumi/aws";
const example = new aws.emr.BlockPublicAccessConfiguration("example", {blockPublicSecurityGroupRules: true});
import pulumi
import pulumi_aws as aws
example = aws.emr.BlockPublicAccessConfiguration("example", block_public_security_group_rules=True)
package main
import (
"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/emr"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
_, err := emr.NewBlockPublicAccessConfiguration(ctx, "example", &emr.BlockPublicAccessConfigurationArgs{
BlockPublicSecurityGroupRules: pulumi.Bool(true),
})
if err != nil {
return err
}
return nil
})
}
using System.Collections.Generic;
using System.Linq;
using Pulumi;
using Aws = Pulumi.Aws;
return await Deployment.RunAsync(() =>
{
var example = new Aws.Emr.BlockPublicAccessConfiguration("example", new()
{
BlockPublicSecurityGroupRules = true,
});
});
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.aws.emr.BlockPublicAccessConfiguration;
import com.pulumi.aws.emr.BlockPublicAccessConfigurationArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
var example = new BlockPublicAccessConfiguration("example", BlockPublicAccessConfigurationArgs.builder()
.blockPublicSecurityGroupRules(true)
.build());
}
}
resources:
example:
type: aws:emr:BlockPublicAccessConfiguration
properties:
blockPublicSecurityGroupRules: true
Default Configuration
By default, each AWS region is equipped with a block public access configuration that prevents EMR clusters from being launched if they have security group rules permitting public access on any port except for port 22. The default configuration can be managed using this resource.
import * as pulumi from "@pulumi/pulumi";
import * as aws from "@pulumi/aws";
const example = new aws.emr.BlockPublicAccessConfiguration("example", {
blockPublicSecurityGroupRules: true,
permittedPublicSecurityGroupRuleRanges: [{
minRange: 22,
maxRange: 22,
}],
});
import pulumi
import pulumi_aws as aws
example = aws.emr.BlockPublicAccessConfiguration("example",
block_public_security_group_rules=True,
permitted_public_security_group_rule_ranges=[{
"min_range": 22,
"max_range": 22,
}])
package main
import (
"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/emr"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
_, err := emr.NewBlockPublicAccessConfiguration(ctx, "example", &emr.BlockPublicAccessConfigurationArgs{
BlockPublicSecurityGroupRules: pulumi.Bool(true),
PermittedPublicSecurityGroupRuleRanges: emr.BlockPublicAccessConfigurationPermittedPublicSecurityGroupRuleRangeArray{
&emr.BlockPublicAccessConfigurationPermittedPublicSecurityGroupRuleRangeArgs{
MinRange: pulumi.Int(22),
MaxRange: pulumi.Int(22),
},
},
})
if err != nil {
return err
}
return nil
})
}
using System.Collections.Generic;
using System.Linq;
using Pulumi;
using Aws = Pulumi.Aws;
return await Deployment.RunAsync(() =>
{
var example = new Aws.Emr.BlockPublicAccessConfiguration("example", new()
{
BlockPublicSecurityGroupRules = true,
PermittedPublicSecurityGroupRuleRanges = new[]
{
new Aws.Emr.Inputs.BlockPublicAccessConfigurationPermittedPublicSecurityGroupRuleRangeArgs
{
MinRange = 22,
MaxRange = 22,
},
},
});
});
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.aws.emr.BlockPublicAccessConfiguration;
import com.pulumi.aws.emr.BlockPublicAccessConfigurationArgs;
import com.pulumi.aws.emr.inputs.BlockPublicAccessConfigurationPermittedPublicSecurityGroupRuleRangeArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
var example = new BlockPublicAccessConfiguration("example", BlockPublicAccessConfigurationArgs.builder()
.blockPublicSecurityGroupRules(true)
.permittedPublicSecurityGroupRuleRanges(BlockPublicAccessConfigurationPermittedPublicSecurityGroupRuleRangeArgs.builder()
.minRange(22)
.maxRange(22)
.build())
.build());
}
}
resources:
example:
type: aws:emr:BlockPublicAccessConfiguration
properties:
blockPublicSecurityGroupRules: true
permittedPublicSecurityGroupRuleRanges:
- minRange: 22
maxRange: 22
NOTE: If an
aws.emr.BlockPublicAccessConfiguration
resource is destroyed, the configuration will reset to this default configuration.
Multiple Permitted Public Security Group Rule Ranges
The resource permits specification of multiple permitted_public_security_group_rule_range
blocks.
import * as pulumi from "@pulumi/pulumi";
import * as aws from "@pulumi/aws";
const example = new aws.emr.BlockPublicAccessConfiguration("example", {
blockPublicSecurityGroupRules: true,
permittedPublicSecurityGroupRuleRanges: [
{
minRange: 22,
maxRange: 22,
},
{
minRange: 100,
maxRange: 101,
},
],
});
import pulumi
import pulumi_aws as aws
example = aws.emr.BlockPublicAccessConfiguration("example",
block_public_security_group_rules=True,
permitted_public_security_group_rule_ranges=[
{
"min_range": 22,
"max_range": 22,
},
{
"min_range": 100,
"max_range": 101,
},
])
package main
import (
"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/emr"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
_, err := emr.NewBlockPublicAccessConfiguration(ctx, "example", &emr.BlockPublicAccessConfigurationArgs{
BlockPublicSecurityGroupRules: pulumi.Bool(true),
PermittedPublicSecurityGroupRuleRanges: emr.BlockPublicAccessConfigurationPermittedPublicSecurityGroupRuleRangeArray{
&emr.BlockPublicAccessConfigurationPermittedPublicSecurityGroupRuleRangeArgs{
MinRange: pulumi.Int(22),
MaxRange: pulumi.Int(22),
},
&emr.BlockPublicAccessConfigurationPermittedPublicSecurityGroupRuleRangeArgs{
MinRange: pulumi.Int(100),
MaxRange: pulumi.Int(101),
},
},
})
if err != nil {
return err
}
return nil
})
}
using System.Collections.Generic;
using System.Linq;
using Pulumi;
using Aws = Pulumi.Aws;
return await Deployment.RunAsync(() =>
{
var example = new Aws.Emr.BlockPublicAccessConfiguration("example", new()
{
BlockPublicSecurityGroupRules = true,
PermittedPublicSecurityGroupRuleRanges = new[]
{
new Aws.Emr.Inputs.BlockPublicAccessConfigurationPermittedPublicSecurityGroupRuleRangeArgs
{
MinRange = 22,
MaxRange = 22,
},
new Aws.Emr.Inputs.BlockPublicAccessConfigurationPermittedPublicSecurityGroupRuleRangeArgs
{
MinRange = 100,
MaxRange = 101,
},
},
});
});
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.aws.emr.BlockPublicAccessConfiguration;
import com.pulumi.aws.emr.BlockPublicAccessConfigurationArgs;
import com.pulumi.aws.emr.inputs.BlockPublicAccessConfigurationPermittedPublicSecurityGroupRuleRangeArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
var example = new BlockPublicAccessConfiguration("example", BlockPublicAccessConfigurationArgs.builder()
.blockPublicSecurityGroupRules(true)
.permittedPublicSecurityGroupRuleRanges(
BlockPublicAccessConfigurationPermittedPublicSecurityGroupRuleRangeArgs.builder()
.minRange(22)
.maxRange(22)
.build(),
BlockPublicAccessConfigurationPermittedPublicSecurityGroupRuleRangeArgs.builder()
.minRange(100)
.maxRange(101)
.build())
.build());
}
}
resources:
example:
type: aws:emr:BlockPublicAccessConfiguration
properties:
blockPublicSecurityGroupRules: true
permittedPublicSecurityGroupRuleRanges:
- minRange: 22
maxRange: 22
- minRange: 100
maxRange: 101
Disabling Block Public Access
To permit EMR clusters to be launched in the configured region regardless of associated security group rules, the Block Public Access feature can be disabled using this resource.
import * as pulumi from "@pulumi/pulumi";
import * as aws from "@pulumi/aws";
const example = new aws.emr.BlockPublicAccessConfiguration("example", {blockPublicSecurityGroupRules: false});
import pulumi
import pulumi_aws as aws
example = aws.emr.BlockPublicAccessConfiguration("example", block_public_security_group_rules=False)
package main
import (
"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/emr"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
_, err := emr.NewBlockPublicAccessConfiguration(ctx, "example", &emr.BlockPublicAccessConfigurationArgs{
BlockPublicSecurityGroupRules: pulumi.Bool(false),
})
if err != nil {
return err
}
return nil
})
}
using System.Collections.Generic;
using System.Linq;
using Pulumi;
using Aws = Pulumi.Aws;
return await Deployment.RunAsync(() =>
{
var example = new Aws.Emr.BlockPublicAccessConfiguration("example", new()
{
BlockPublicSecurityGroupRules = false,
});
});
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.aws.emr.BlockPublicAccessConfiguration;
import com.pulumi.aws.emr.BlockPublicAccessConfigurationArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
var example = new BlockPublicAccessConfiguration("example", BlockPublicAccessConfigurationArgs.builder()
.blockPublicSecurityGroupRules(false)
.build());
}
}
resources:
example:
type: aws:emr:BlockPublicAccessConfiguration
properties:
blockPublicSecurityGroupRules: false
Create BlockPublicAccessConfiguration Resource
Resources are created with functions called constructors. To learn more about declaring and configuring resources, see Resources.
Constructor syntax
new BlockPublicAccessConfiguration(name: string, args: BlockPublicAccessConfigurationArgs, opts?: CustomResourceOptions);
@overload
def BlockPublicAccessConfiguration(resource_name: str,
args: BlockPublicAccessConfigurationArgs,
opts: Optional[ResourceOptions] = None)
@overload
def BlockPublicAccessConfiguration(resource_name: str,
opts: Optional[ResourceOptions] = None,
block_public_security_group_rules: Optional[bool] = None,
permitted_public_security_group_rule_ranges: Optional[Sequence[BlockPublicAccessConfigurationPermittedPublicSecurityGroupRuleRangeArgs]] = None)
func NewBlockPublicAccessConfiguration(ctx *Context, name string, args BlockPublicAccessConfigurationArgs, opts ...ResourceOption) (*BlockPublicAccessConfiguration, error)
public BlockPublicAccessConfiguration(string name, BlockPublicAccessConfigurationArgs args, CustomResourceOptions? opts = null)
public BlockPublicAccessConfiguration(String name, BlockPublicAccessConfigurationArgs args)
public BlockPublicAccessConfiguration(String name, BlockPublicAccessConfigurationArgs args, CustomResourceOptions options)
type: aws:emr:BlockPublicAccessConfiguration
properties: # The arguments to resource properties.
options: # Bag of options to control resource's behavior.
Parameters
- name string
- The unique name of the resource.
- args BlockPublicAccessConfigurationArgs
- The arguments to resource properties.
- opts CustomResourceOptions
- Bag of options to control resource's behavior.
- resource_name str
- The unique name of the resource.
- args BlockPublicAccessConfigurationArgs
- The arguments to resource properties.
- opts ResourceOptions
- Bag of options to control resource's behavior.
- ctx Context
- Context object for the current deployment.
- name string
- The unique name of the resource.
- args BlockPublicAccessConfigurationArgs
- The arguments to resource properties.
- opts ResourceOption
- Bag of options to control resource's behavior.
- name string
- The unique name of the resource.
- args BlockPublicAccessConfigurationArgs
- The arguments to resource properties.
- opts CustomResourceOptions
- Bag of options to control resource's behavior.
- name String
- The unique name of the resource.
- args BlockPublicAccessConfigurationArgs
- The arguments to resource properties.
- options CustomResourceOptions
- Bag of options to control resource's behavior.
Constructor example
The following reference example uses placeholder values for all input properties.
var blockPublicAccessConfigurationResource = new Aws.Emr.BlockPublicAccessConfiguration("blockPublicAccessConfigurationResource", new()
{
BlockPublicSecurityGroupRules = false,
PermittedPublicSecurityGroupRuleRanges = new[]
{
new Aws.Emr.Inputs.BlockPublicAccessConfigurationPermittedPublicSecurityGroupRuleRangeArgs
{
MaxRange = 0,
MinRange = 0,
},
},
});
example, err := emr.NewBlockPublicAccessConfiguration(ctx, "blockPublicAccessConfigurationResource", &emr.BlockPublicAccessConfigurationArgs{
BlockPublicSecurityGroupRules: pulumi.Bool(false),
PermittedPublicSecurityGroupRuleRanges: emr.BlockPublicAccessConfigurationPermittedPublicSecurityGroupRuleRangeArray{
&emr.BlockPublicAccessConfigurationPermittedPublicSecurityGroupRuleRangeArgs{
MaxRange: pulumi.Int(0),
MinRange: pulumi.Int(0),
},
},
})
var blockPublicAccessConfigurationResource = new BlockPublicAccessConfiguration("blockPublicAccessConfigurationResource", BlockPublicAccessConfigurationArgs.builder()
.blockPublicSecurityGroupRules(false)
.permittedPublicSecurityGroupRuleRanges(BlockPublicAccessConfigurationPermittedPublicSecurityGroupRuleRangeArgs.builder()
.maxRange(0)
.minRange(0)
.build())
.build());
block_public_access_configuration_resource = aws.emr.BlockPublicAccessConfiguration("blockPublicAccessConfigurationResource",
block_public_security_group_rules=False,
permitted_public_security_group_rule_ranges=[{
"max_range": 0,
"min_range": 0,
}])
const blockPublicAccessConfigurationResource = new aws.emr.BlockPublicAccessConfiguration("blockPublicAccessConfigurationResource", {
blockPublicSecurityGroupRules: false,
permittedPublicSecurityGroupRuleRanges: [{
maxRange: 0,
minRange: 0,
}],
});
type: aws:emr:BlockPublicAccessConfiguration
properties:
blockPublicSecurityGroupRules: false
permittedPublicSecurityGroupRuleRanges:
- maxRange: 0
minRange: 0
BlockPublicAccessConfiguration Resource Properties
To learn more about resource properties and how to use them, see Inputs and Outputs in the Architecture and Concepts docs.
Inputs
In Python, inputs that are objects can be passed either as argument classes or as dictionary literals.
The BlockPublicAccessConfiguration resource accepts the following input properties:
- Block
Public boolSecurity Group Rules Enable or disable EMR Block Public Access.
The following arguments are optional:
- Permitted
Public List<BlockSecurity Group Rule Ranges Public Access Configuration Permitted Public Security Group Rule Range> - Configuration block for defining permitted public security group rule port ranges. Can be defined multiple times per resource. Only valid if
block_public_security_group_rules
is set totrue
.
- Block
Public boolSecurity Group Rules Enable or disable EMR Block Public Access.
The following arguments are optional:
- Permitted
Public []BlockSecurity Group Rule Ranges Public Access Configuration Permitted Public Security Group Rule Range Args - Configuration block for defining permitted public security group rule port ranges. Can be defined multiple times per resource. Only valid if
block_public_security_group_rules
is set totrue
.
- block
Public BooleanSecurity Group Rules Enable or disable EMR Block Public Access.
The following arguments are optional:
- permitted
Public List<BlockSecurity Group Rule Ranges Public Access Configuration Permitted Public Security Group Rule Range> - Configuration block for defining permitted public security group rule port ranges. Can be defined multiple times per resource. Only valid if
block_public_security_group_rules
is set totrue
.
- block
Public booleanSecurity Group Rules Enable or disable EMR Block Public Access.
The following arguments are optional:
- permitted
Public BlockSecurity Group Rule Ranges Public Access Configuration Permitted Public Security Group Rule Range[] - Configuration block for defining permitted public security group rule port ranges. Can be defined multiple times per resource. Only valid if
block_public_security_group_rules
is set totrue
.
- block_
public_ boolsecurity_ group_ rules Enable or disable EMR Block Public Access.
The following arguments are optional:
- permitted_
public_ Sequence[Blocksecurity_ group_ rule_ ranges Public Access Configuration Permitted Public Security Group Rule Range Args] - Configuration block for defining permitted public security group rule port ranges. Can be defined multiple times per resource. Only valid if
block_public_security_group_rules
is set totrue
.
- block
Public BooleanSecurity Group Rules Enable or disable EMR Block Public Access.
The following arguments are optional:
- permitted
Public List<Property Map>Security Group Rule Ranges - Configuration block for defining permitted public security group rule port ranges. Can be defined multiple times per resource. Only valid if
block_public_security_group_rules
is set totrue
.
Outputs
All input properties are implicitly available as output properties. Additionally, the BlockPublicAccessConfiguration resource produces the following output properties:
- Id string
- The provider-assigned unique ID for this managed resource.
- Id string
- The provider-assigned unique ID for this managed resource.
- id String
- The provider-assigned unique ID for this managed resource.
- id string
- The provider-assigned unique ID for this managed resource.
- id str
- The provider-assigned unique ID for this managed resource.
- id String
- The provider-assigned unique ID for this managed resource.
Look up Existing BlockPublicAccessConfiguration Resource
Get an existing BlockPublicAccessConfiguration resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.
public static get(name: string, id: Input<ID>, state?: BlockPublicAccessConfigurationState, opts?: CustomResourceOptions): BlockPublicAccessConfiguration
@staticmethod
def get(resource_name: str,
id: str,
opts: Optional[ResourceOptions] = None,
block_public_security_group_rules: Optional[bool] = None,
permitted_public_security_group_rule_ranges: Optional[Sequence[BlockPublicAccessConfigurationPermittedPublicSecurityGroupRuleRangeArgs]] = None) -> BlockPublicAccessConfiguration
func GetBlockPublicAccessConfiguration(ctx *Context, name string, id IDInput, state *BlockPublicAccessConfigurationState, opts ...ResourceOption) (*BlockPublicAccessConfiguration, error)
public static BlockPublicAccessConfiguration Get(string name, Input<string> id, BlockPublicAccessConfigurationState? state, CustomResourceOptions? opts = null)
public static BlockPublicAccessConfiguration get(String name, Output<String> id, BlockPublicAccessConfigurationState state, CustomResourceOptions options)
Resource lookup is not supported in YAML
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- resource_name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- Block
Public boolSecurity Group Rules Enable or disable EMR Block Public Access.
The following arguments are optional:
- Permitted
Public List<BlockSecurity Group Rule Ranges Public Access Configuration Permitted Public Security Group Rule Range> - Configuration block for defining permitted public security group rule port ranges. Can be defined multiple times per resource. Only valid if
block_public_security_group_rules
is set totrue
.
- Block
Public boolSecurity Group Rules Enable or disable EMR Block Public Access.
The following arguments are optional:
- Permitted
Public []BlockSecurity Group Rule Ranges Public Access Configuration Permitted Public Security Group Rule Range Args - Configuration block for defining permitted public security group rule port ranges. Can be defined multiple times per resource. Only valid if
block_public_security_group_rules
is set totrue
.
- block
Public BooleanSecurity Group Rules Enable or disable EMR Block Public Access.
The following arguments are optional:
- permitted
Public List<BlockSecurity Group Rule Ranges Public Access Configuration Permitted Public Security Group Rule Range> - Configuration block for defining permitted public security group rule port ranges. Can be defined multiple times per resource. Only valid if
block_public_security_group_rules
is set totrue
.
- block
Public booleanSecurity Group Rules Enable or disable EMR Block Public Access.
The following arguments are optional:
- permitted
Public BlockSecurity Group Rule Ranges Public Access Configuration Permitted Public Security Group Rule Range[] - Configuration block for defining permitted public security group rule port ranges. Can be defined multiple times per resource. Only valid if
block_public_security_group_rules
is set totrue
.
- block_
public_ boolsecurity_ group_ rules Enable or disable EMR Block Public Access.
The following arguments are optional:
- permitted_
public_ Sequence[Blocksecurity_ group_ rule_ ranges Public Access Configuration Permitted Public Security Group Rule Range Args] - Configuration block for defining permitted public security group rule port ranges. Can be defined multiple times per resource. Only valid if
block_public_security_group_rules
is set totrue
.
- block
Public BooleanSecurity Group Rules Enable or disable EMR Block Public Access.
The following arguments are optional:
- permitted
Public List<Property Map>Security Group Rule Ranges - Configuration block for defining permitted public security group rule port ranges. Can be defined multiple times per resource. Only valid if
block_public_security_group_rules
is set totrue
.
Supporting Types
BlockPublicAccessConfigurationPermittedPublicSecurityGroupRuleRange, BlockPublicAccessConfigurationPermittedPublicSecurityGroupRuleRangeArgs
Import
Using pulumi import
, import the current EMR Block Public Access Configuration. For example:
$ pulumi import aws:emr/blockPublicAccessConfiguration:BlockPublicAccessConfiguration example current
To learn more about importing existing cloud resources, see Importing resources.
Package Details
- Repository
- AWS Classic pulumi/pulumi-aws
- License
- Apache-2.0
- Notes
- This Pulumi package is based on the
aws
Terraform Provider.