tb_pulumi.network

Infrastructural patterns related to networking.

class tb_pulumi.network.MultiCidrVpc(name: str, project: ThunderbirdPulumiProject, cidr_block: str = '10.0.0.0/16', egress_via_internet_gateway: bool = False, egress_via_nat_gateway: bool = False, enable_dns_hostnames: bool = None, enable_internet_gateway: bool = False, enable_nat_gateway: bool = False, endpoint_gateways: list[str] = [], endpoint_interfaces: list[str] = [], subnets: dict = {}, opts: ResourceOptions = None, **kwargs)

Bases: ThunderbirdComponentResource

Pulumi Type: tb:network:MultiCidrVpc

Builds a VPC with configurable network space.

Produces the following resources:

• endpoint_sg - If the endpoint_interfaces or endpoint_gateways parameters are provided, this is a tb_pulumi.network.SecurityGroupWithRules used to define traffic through these endpoints.

• gateways - If there are any endpoint_gateways defined, this is a list of aws.ec2.VpcEndpoints with a vpc_endpoint_type of Gateway.

• interfaces - If there are any endpoint_interfaces defined, this is a list of aws.ec2.VpcEndpoints with a vpc_endpoint_type of Interface.

• internet_gateway - If enable_internet_gateway is True, this is the aws.ec2.InternetGateway.

• nat_eip - If enable_nat_gateway is True, this is the aws.ec2.Eip used for the NAT Gateway.

• nat_gateway - If enable_nat_gateway is True, this is the aws.ec2.NatGateway.

• route_table_subnet_associations - List of aws.ec2.RouteTableAssociations associating the subnets to the VPC’s default route table, enabling traffic among those subnets.

• subnets - List of aws.ec2.Subnets in this VPC.

• subnet_ig_route - If enable_internet_gateway and egress_via_internet_gateway are both True, this is the aws.ec2.Route that enables outbound traffic through the Internet Gateway.

• subnet_ng_route - If enable_nat_gateway and egress_via_nat_gateway are both True, this is the aws.ec2.Route that enables outbound traffic through the NAT Gateway.

• vpc - The aws.ec2.Vpc.

Parameters:

• name (str) – A string identifying this set of resources.

• project (tb_pulumi.ThunderbirdPulumiProject) – The ThunderbirdPulumiProject to add these resources to.

• cidr_block (str, optional) – A CIDR describing the IP space of this VPC. Defaults to ‘10.0.0.0/16’.

• egress_via_internet_gateway (bool, optional) – When True, establish an outbound route to the Internet via the Internet Gateway. Requires enable_internet_gateway=True. Conflicts with egress_via_nat_gateway=True. Defaults to False.

• egress_via_nat_gateway (bool, optional) – When True, establish an outbound route to the Internet via the NAT Gateway. Requires enable_nat_gateway=True. Conflicts with egress_via_internet_gateway=True. Defaults to False.

• enable_dns_hostnames (bool, optional) – When True, internal DNS mappings get built for IPs assigned within the VPC. This is required for the use of certain other services like load-balanced Fargate clusters. Defaults to None.

• enable_internet_gateway (bool, optional) – Build an IGW will to allow traffic outbond to the Internet. Defaults to False.

• enable_nat_gateway (bool, optional) – Build a NAT Gateway to route inbound traffic. Defaults to False.

• endpoint_gateways (list[str], optional) – List of public-facing AWS services (such as S3) to create VPC gateways to. Defaults to [].

• endpoint_interfaces (list[str], optional) – List of AWS services to create VPC Interface endpoints for. These must match service names listed here Do not list the full qualifying name, only the service name portion. f/ex, do not use com.amazonaws.us-east-1.secretsmanager, only use secretsmanager. Defaults to [].

• subnets (dict, optional) –

  A dict where the keys are the names of AWS Availability Zones in which to build subnets and the values are lists of CIDRs describing valid subsets of IPs in the VPC cidr_block to build in that AZ. f/ex:

  { 'us-east-1': ['10.0.100.0/24'],
    'us-east-2': ['10.0.101.0/24', '10.0.102.0/24'] }
  

  Defaults to {}.

• opts (pulumi.ResourceOptions, optional) – Additional pulumi.ResourceOptions to apply to these resources. Defaults to None.

• kwargs – Any other keyword arguments which will be passed as inputs to the ThunderbirdComponentResource superconstructor.

class tb_pulumi.network.SecurityGroupWithRules(name: str, project: ThunderbirdPulumiProject, rules: dict = {}, vpc_id: str = None, opts: ResourceOptions = None, **kwargs)

Bases: ThunderbirdComponentResource

Pulumi Type: tb:network:SecurityGroupWithRules

Builds a security group and sets rules for it.

Produces the following resources:

• egress_rules - List of aws.ec2.SecurityGroupRules describing outbound traffic.

• ingress_rules - List of aws.ec2.SecurityGroupRules describing inbound traffic.

• sg - The aws.ec2.SecurityGroup containing these rules.

Parameters:

• name (str) – A string identifying this set of resources.

• project (tb_pulumi.ThunderbirdPulumiProject) – The ThunderbirdPulumiProject to add these resources to.

• rules (dict, optional) –

  A dict describing in/egress rules of the following construction:

  {
      'ingress': [{
          # Valid inputs to the SecurityGroupRule resource go here. Ref:
          # https://www.pulumi.com/registry/packages/aws/api-docs/ec2/securitygrouprule/#inputs
      }],
      'egress': [{
          # The same inputs are valid here
      }]
  }
  

  Defaults to {}.

• vpc_id (str, optional) – ID of the VPC this security group should belong to. When not set, defaults to the region’s default VPC. Defaults to None.

• opts (pulumi.ResourceOptions, optional) – Additional pulumi.ResourceOptions to apply to these resources. Defaults to None.

• kwargs – Any other keyword arguments which will be passed as inputs to the ThunderbirdComponentResource superconstructor.