tb_pulumi.network

Infrastructural patterns related to networking.

class tb_pulumi.network.MultiCidrVpc(name: str, project: ThunderbirdPulumiProject, additional_routes: list[dict] = {}, cidr_block: str = '10.0.0.0/16', egress_via_internet_gateway: bool = False, egress_via_nat_gateway: bool = False, enable_dns_hostnames: bool = None, enable_internet_gateway: bool = False, enable_nat_gateway: bool = False, endpoint_gateways: list[str] = [], endpoint_interfaces: list[str] = [], peering_connections: dict = {}, peering_accepters: dict = {}, subnets: dict = {}, opts: ResourceOptions = None, **kwargs)

Bases: ThunderbirdComponentResource

Pulumi Type: tb:network:MultiCidrVpc

Builds a VPC with configurable network space.

Produces the following resources:

  • endpoint_sg - If the endpoint_interfaces or endpoint_gateways parameters are provided, this is a tb_pulumi.network.SecurityGroupWithRules used to define traffic through these endpoints.

  • gateways - If there are any endpoint_gateways defined, this is a list of aws.ec2.VpcEndpoints with a vpc_endpoint_type of Gateway.

  • interfaces - If there are any endpoint_interfaces defined, this is a list of aws.ec2.VpcEndpoints with a vpc_endpoint_type of Interface.

  • internet_gateway - If enable_internet_gateway is True, this is the aws.ec2.InternetGateway.

  • nat_eip - If enable_nat_gateway is True, this is the aws.ec2.Eip used for the NAT Gateway.

  • nat_gateway - If enable_nat_gateway is True, this is the aws.ec2.NatGateway.

  • peering_accepters - Dict of aws.ec2.VpcPeeringConnectionAcceptors.

  • peering_connections - Dict of aws.ec2.VpcPeeringConnections.

  • routes - List of all aws.ec2.Routes in the route table.

  • route_table_subnet_associations - List of aws.ec2.RouteTableAssociations associating the subnets to the VPC’s default route table, enabling traffic among those subnets.

  • subnets - List of aws.ec2.Subnets in this VPC.

  • subnet_ig_route - If enable_internet_gateway and egress_via_internet_gateway are both True, this is the aws.ec2.Route that enables outbound traffic through the Internet Gateway.

  • subnet_ng_route - If enable_nat_gateway and egress_via_nat_gateway are both True, this is the aws.ec2.Route that enables outbound traffic through the NAT Gateway.

  • vpc - The aws.ec2.Vpc.

Parameters:

  • name (str) – A string identifying this set of resources.

  • project (tb_pulumi.ThunderbirdPulumiProject) – The ThunderbirdPulumiProject to add these resources to.

  • additional_routes (list[dict]) –

    Many of the routes that wind up in the main route table are generated automatically due to necessity with endpoints, peered VPCs,e tc. If you need to define any additional routes beyond those, you can do so here, using docs for aws.ec2.Route. The route_table_id parameter will be populated for you automatically.

  • cidr_block (str, optional) – A CIDR describing the IP space of this VPC. Defaults to ‘10.0.0.0/16’.

  • egress_via_internet_gateway (bool, optional) – When True, establish an outbound route to the Internet via the Internet Gateway. Requires enable_internet_gateway=True. Conflicts with egress_via_nat_gateway=True. Defaults to False.

  • egress_via_nat_gateway (bool, optional) – When True, establish an outbound route to the Internet via the NAT Gateway. Requires enable_nat_gateway=True. Conflicts with egress_via_internet_gateway=True. Defaults to False.

  • enable_dns_hostnames (bool, optional) – When True, internal DNS mappings get built for IPs assigned within the VPC. This is required for the use of certain other services like load-balanced Fargate clusters. Defaults to None.

  • enable_internet_gateway (bool, optional) – Build an IGW will to allow traffic outbond to the Internet. Defaults to False.

  • enable_nat_gateway (bool, optional) – Build a NAT Gateway to route inbound traffic. Defaults to False.

  • endpoint_gateways (list[str], optional) – List of public-facing AWS services (such as S3) to create VPC gateways to. Defaults to [].

  • endpoint_interfaces (list[str], optional) – List of AWS services to create VPC Interface endpoints for. These must match service names listed here Do not list the full qualifying name, only the service name portion. f/ex, do not use com.amazonaws.us-east-1.secretsmanager, only use secretsmanager. Defaults to [].

  • peering_connections

    Dict of configurations of aws.ec2.VpcPeeringConnections. The keys become the names of the resources created. The vpc_id option will be automatically populated.

  • peering_accepters (list[dict]) – Dict of configurations of aws.ec2.VpcPeeringConnectionAccepters. The keys become the names of the resources created. The vpc_id option will be automatically populated.

  • subnets (dict, optional) –

    A dict where the keys are the names of AWS Availability Zones in which to build subnets and the values are lists of CIDRs describing valid subsets of IPs in the VPC cidr_block to build in that AZ. f/ex:

    { 'us-east-1': ['10.0.100.0/24'],
  'us-east-2': ['10.0.101.0/24', '10.0.102.0/24'] }

    Defaults to {}.

  • opts (pulumi.ResourceOptions, optional) – Additional pulumi.ResourceOptions to apply to these resources. Defaults to None.

  • kwargs – Any other keyword arguments which will be passed as inputs to the ThunderbirdComponentResource superconstructor.

class tb_pulumi.network.MultiTierVpc(name: str, project: ThunderbirdPulumiProject, additional_routes: list[dict] = {}, cidr_block: str = '10.0.0.0/16', egress_via_internet_gateway: bool = False, egress_via_nat_gateway: bool = False, enable_dns_hostnames: bool = None, enable_internet_gateway: bool = False, enable_nat_gateway: bool = False, nat_gateway_allocation_id: str = None, nat_gateway_secondary_allocation_ids: list[str] = None, endpoint_gateways: list[str] = [], endpoint_interfaces: list[str] = [], peering_accepters: dict = {}, peering_connections: dict = {}, private_subnets: dict = {}, public_subnets: dict = {}, opts: ResourceOptions = None, **kwargs)

Bases: ThunderbirdComponentResource

Pulumi Type: tb:network:MultiTierVpc

Builds a VPC with configurable network space broken across multiple private and public subnets.

Produces the following resources:

Parameters:

  • name (str) – A string identifying this set of resources.

  • project (tb_pulumi.ThunderbirdPulumiProject) – The ThunderbirdPulumiProject to add these resources to.

  • additional_routes (list[dict]) –

    Many of the routes that wind up in the main route table are generated automatically due to necessity with endpoints, peered VPCs, etc. If you need to define any additional routes beyond those, you can do so here, using docs for aws.ec2.Route. The route_table_id parameter will be populated for you automatically. These routes must apply to either the private or the public route table. As such, this field is a dict with ‘private’ and ‘public’ keys; each of those is a list of route configurations. f/ex:

    additional_routes:
    private:
        - destination_cidr_block: 10.0.0.0/16
          vpc_peering_connection_id: pcx-0123456789abcdef
    public: []

  • cidr_block (str, optional) – A CIDR describing the IP space of this VPC. Defaults to ‘10.0.0.0/16’.

  • egress_via_internet_gateway (bool, optional) – When True, establish an outbound route to the Internet via the Internet Gateway. Requires enable_internet_gateway=True. Conflicts with egress_via_nat_gateway=True. Defaults to False.

  • egress_via_nat_gateway (bool, optional) – When True, establish an outbound route to the Internet via the NAT Gateway. Requires enable_nat_gateway=True. Conflicts with egress_via_internet_gateway=True. Defaults to False.

  • enable_dns_hostnames (bool, optional) – When True, internal DNS mappings get built for IPs assigned within the VPC. This is required for the use of certain other services like load-balanced Fargate clusters. Defaults to None.

  • enable_internet_gateway (bool, optional) – Build an IGW will to allow traffic outbond to the Internet. Defaults to False.

  • enable_nat_gateway (bool, optional) – Build a NAT Gateway to route inbound traffic. Defaults to False.

  • nat_gateway_allocation_id (str, optional) – If you want to use an existing EIP for the NAT Gateway, provide its allocation ID here. If not provided, a new EIP will be created. Defaults to None.

  • nat_gateway_secondary_allocation_ids (list[str], optional) – A list of allocation IDs of existing EIPs to associate as secondary IPs for the NAT Gateway. A maximum of 7 secondary EIPs can be associated with a NAT Gateway. Defaults to None.

  • endpoint_gateways (list[str], optional) – List of public-facing AWS services (such as S3) to create VPC gateways to. Defaults to [].

  • endpoint_interfaces (list[str], optional) –

    List of AWS services to create VPC Interface endpoints for. These must match service names listed here Do not list the full qualifying name, only the service name portion. f/ex, do not use com.amazonaws.us-east-1.secretsmanager, only use secretsmanager. Defaults to [].

  • peering_accepters (list[dict]) –

    Dict of configurations of aws.ec2.VpcPeeringConnectionAccepters. The keys become the names of the resources created. The vpc_id option will be automatically populated.

  • peering_connections

    Dict of configurations of aws.ec2.VpcPeeringConnections. The keys become the names of the resources created. The vpc_id option will be automatically populated.

  • private_subnets (dict, optional) –

    A dict where the keys are the names of AWS Availability Zones in which to build private subnets and the values are lists of CIDRs describing valid subsets of IPs in the VPC cidr_block to build in that AZ. f/ex:

    { 'us-east-1': ['10.0.100.0/24'],
  'us-east-2': ['10.0.101.0/24', '10.0.102.0/24'] }

    Defaults to {}.

  • public_subnets (dict, optional) –

    A dict where the keys are the names of AWS Availability Zones in which to build public subnets and the values are lists of CIDRs describing valid subsets of IPs in the VPC cidr_block to build in that AZ. f/ex:

    { 'us-east-1': ['10.0.100.0/24'],
  'us-east-2': ['10.0.101.0/24', '10.0.102.0/24'] }

    Defaults to {}.

  • opts (pulumi.ResourceOptions, optional) – Additional pulumi.ResourceOptions to apply to these resources. Defaults to None.

  • kwargs – Any other keyword arguments which will be passed as inputs to the ThunderbirdComponentResource superconstructor.

class tb_pulumi.network.SecurityGroupWithRules(name: str, project: ThunderbirdPulumiProject, description: str = None, rules: dict = {}, vpc_id: str = None, opts: ResourceOptions = None, **kwargs)

Bases: ThunderbirdComponentResource

Pulumi Type: tb:network:SecurityGroupWithRules

Builds a security group and sets rules for it.

Produces the following resources:

Parameters:

  • name (str) – A string identifying this set of resources.

  • project (tb_pulumi.ThunderbirdPulumiProject) – The ThunderbirdPulumiProject to add these resources to.

  • description (str) – Description of the security group

  • rules (dict, optional) –

    A dict describing in/egress rules of the following construction:

    {
    'ingress': [{
        # Valid inputs to the SecurityGroupRule resource go here. Ref:
        # https://www.pulumi.com/registry/packages/aws/api-docs/ec2/securitygrouprule/#inputs
    }],
    'egress': [{
        # The same inputs are valid here
    }]
}

    Defaults to {}.

  • vpc_id (str, optional) – ID of the VPC this security group should belong to. When not set, defaults to the region’s default VPC. Defaults to None.

  • opts (pulumi.ResourceOptions, optional) – Additional pulumi.ResourceOptions to apply to these resources. Defaults to None.

  • kwargs – Any other keyword arguments which will be passed as inputs to the ThunderbirdComponentResource superconstructor.