tb_pulumi.ec2

Infrastructural patterns related to AWS EC2.

class tb_pulumi.ec2.NetworkLoadBalancer(name: str, project: ThunderbirdPulumiProject, listener_port: int, subnets: list[str], target_port: int, exclude_from_project: bool = False, ingress_cidrs: list[str] = None, internal: bool = True, ips: list[str] = [], security_group_description: str = None, opts: ResourceOptions = None, tags: dict = {}, **kwargs)

Bases: ThunderbirdComponentResource

Pulumi Type: tb:ec2:NetworkLoadBalancer

Construct a NetworkLoadBalancer to route TCP traffic to a collection of backends. This targets backend services by IP address, connecting a frontend listening port to a backend port on the round-robin load balanced targets.

Produces the following resources:

• security_group_with_rules - tb_pulumi.network.SecurityGroupWithRules defining ingress and egress rules for the NLB.

• nlb - aws.lb.LoadBalancer with a load_balancer_type of network.

• target_group - aws.lb.TargetGroup containing the IPs the NLB is balancing.

• target_group_attachments - List of aws.lb.TargetGroupAttachments, one for each IP address registered with the NLB.

• listener - aws.lb.Listener for the NLB.

Parameters:

• name (str) – A string identifying this set of resources.

• project (tb_pulumi.ThunderbirdPulumiProject) – The ThunderbirdPulumiProject to add these resources to.

• listener_port (int) – The port that the load balancer should accept traffic on.

• subnets (list[str]) – List of subnet resource outputs. The NLB will be built in these network spaces, and in the VPC of the first subnet listed. All subnets must reside in the same VPC.

• target_port (int) – The port to route to on the backends.

• ingress_cidrs (list[str], optional) – List of CIDR blocks to allow ingress to the NLB from. If not provided, traffic to the listener_port will be allowed from anywhere. Defaults to None.

• internal (bool, optional) – When True (default), ingress is restricted to traffic sourced within the VPC. When False, the NLB gets a public IP to listen on. Defaults to True.

• ips (list[str], optional) – List of IP addresses to balance load between. Defaults to [].

• security_group_description (str, optional) – Text to use for the security group’s description field. Defaults to None.

• opts (pulumi.ResourceOptions, optional) – Additional pulumi.ResourceOptions to apply to these resources. Defaults to None.

• tags (dict, optional) – Key/value pairs to merge with the default tags which get applied to all resources in this group. Defaults to {}.

• kwargs – Any other keyword arguments which will be passed as inputs to the LoadBalancer resource. A full listing of options is found here.

class tb_pulumi.ec2.SshKeyPair(name: str, project: ThunderbirdPulumiProject, key_size: int = 4096, public_key: str = None, secret_name: str = 'keypair', opts: ResourceOptions = None, **kwargs)

Bases: ThunderbirdComponentResource

Pulumi Type: tb:ec2:SshKeyPair

Builds an SSH keypair and stores its values in Secrets Manager.

You should usually specify the public_key when using this module. If you do not, Pulumi will generate a new key for you. However, at the moment, it appears there’s no way to have Pulumi generate a private key ONE TIME and ONLY ONE TIME. Each pulumi up/preview command generates a new keypair, which generates new secret versions (and if this is attached to an instance downstream, it triggers the recreation of that instance).

Produces the following resources:

• keypair - aws.ec2.KeyPair containing the keypair content.

• private_key_secret tb_pulumi.secrets.SecretsManagerSecret containing the private key data.

• public_key_secret tb_pulumi.secrets.SecretsManagerSecret containing the public key data.

Parameters:

• name (str) – A string identifying this set of resources.

• project (tb_pulumi.ThunderbirdPulumiProject) – The ThunderbirdPulumiProject to add these resources to.

• key_size (int, optional) – Byte length of the private key to generate. Only used if public_key is not supplied. Defaults to 4096.

• public_key (str, optional) – RSA public key to stash in the KeyPair. It is highly recommended that you always provide this. That is, you should usually generate a keypair on your local machine (ssh-keygen -t rsa -b 4096) and provide that public key to this resource. Defaults to None.

• secret_name (str, optional) – A slash (“/”) delimited name to give the Secrets Manager secret. If not supplied, one will be generated based on name. Only used if public_key is not provided. Defaults to ‘keypair’.

• opts (pulumi.ResourceOptions, optional) – Additional pulumi.ResourceOptions to apply to these resources. Defaults to None.

• kwargs – Any other keyword arguments which will be passed as inputs to the ThunderbirdComponentResource superconstructor.

class tb_pulumi.ec2.SshableInstance(name: str, project: ThunderbirdPulumiProject, subnet_id: str, ami: str = None, kms_key_id: str = None, public_key: str = None, source_cidrs: list[str] = ['0.0.0.0/0'], user_data: str = None, vpc_id: str = None, vpc_security_group_ids: list[str] = None, opts: ResourceOptions = None, **kwargs)

Bases: ThunderbirdComponentResource

Pulumi Type: tb:ec2:SshableInstance

Builds an EC2 instance which can be accessed with SSH from somewhere on the Internet.

Produces the following resources:

• instance - The aws.ec2.Instance.

• keypair - tb_pulumi.ec2.SshKeyPair used for authenticating to the instance.

• security_group - tb_pulumi.network.SecurityGroupWithRules defining network access to the instance.

Parameters:

• name (str) – A string identifying this set of resources.

• project (tb_pulumi.ThunderbirdPulumiProject) – The ThunderbirdPulumiProject to add these resources to.

• subnet_id (str) – The ID of the subnet to build the instance in.

• ami (str, optional) – ID of the AMI to build the instance with. Defaults to the latest image returned by tb_pulumi.ec2.get_latest_amazon_linux_ami().

• kms_key_id (str, optional) – ID of the KMS key for encrypting all database storage. Defaults to None.

• public_key (str, optional) – The RSA public key used for SSH authentication. Defaults to None.

• source_cidrs (list[str], optional) – List of CIDRs which should be allowed to open SSH connections to the instance. Defaults to [‘0.0.0.0/0’].

• user_data (str, optional) – Custom user data to launch the instance with. Defaults to None.

• vpc_id (str, optional) – The VPC to build this instance in. Defaults to None.

• vpc_security_group_ids (list[str], optional) – If provided, sets the security groups for the instance. Otherwise, a security group allowing only port 22 from the source_cidrs will be created and used. Defaults to None.

• opts (pulumi.ResourceOptions, optional) – Additional pulumi.ResourceOptions to apply to these resources. Defaults to None.

• kwargs – Any other keyword arguments which will be passed as inputs to the ThunderbirdComponentResource superconstructor.

tb_pulumi.ec2.generate_ssh_keypair(key_size: int = 4096) -> (<class 'str'>, <class 'str'>)

Returns plaintext representations of a private and public RSA key for use in SSH authentication.

Parameters:

key_size (int) – Byte length of the private key. Defaults to 4096.

Returns:

Tuple in this form: (private_key, public_key)

Return type:

tuple[str, str]