Vpc
data class VpcIpamPoolCidrArgs(val cidr: Output<String>? = null, val cidrAuthorizationContext: Output<VpcIpamPoolCidrCidrAuthorizationContextArgs>? = null, val ipamPoolId: Output<String>? = null, val netmaskLength: Output<Int>? = null) : ConvertibleToJava<VpcIpamPoolCidrArgs>
Provisions a CIDR from an IPAM address pool.
NOTE: Provisioning Public IPv4 or Public IPv6 require steps outside the scope of this resource. The resource accepts
messageandsignatureas part of thecidr_authorization_contextattribute but those must be generated ahead of time. Public IPv6 CIDRs that are provisioned into a Pool withpublicly_advertisable = trueand all public IPv4 CIDRs also require creating a Route Origin Authorization (ROA) object in your Regional Internet Registry (RIR). NOTE: In order to deprovision CIDRs all Allocations must be released. Allocations created by a VPC take up to 30 minutes to be released. However, for IPAM to properly manage the removal of allocation records created by VPCs and other resources, you must grant it permissions in either a single account or organizationally. If you are unable to deprovision a cidr after waiting over 30 minutes, you may be missing the Service Linked Role.
Example Usage
Basic usage:
import * as pulumi from "@pulumi/pulumi";
import * as aws from "@pulumi/aws";
const current = aws.getRegion({});
const example = new aws.ec2.VpcIpam("example", {operatingRegions: [{
regionName: current.then(current => current.name),
}]});
const exampleVpcIpamPool = new aws.ec2.VpcIpamPool("example", {
addressFamily: "ipv4",
ipamScopeId: example.privateDefaultScopeId,
locale: current.then(current => current.name),
});
const exampleVpcIpamPoolCidr = new aws.ec2.VpcIpamPoolCidr("example", {
ipamPoolId: exampleVpcIpamPool.id,
cidr: "172.20.0.0/16",
});Content copied to clipboard
import pulumi
import pulumi_aws as aws
current = aws.get_region()
example = aws.ec2.VpcIpam("example", operating_regions=[{
"region_name": current.name,
}])
example_vpc_ipam_pool = aws.ec2.VpcIpamPool("example",
address_family="ipv4",
ipam_scope_id=example.private_default_scope_id,
locale=current.name)
example_vpc_ipam_pool_cidr = aws.ec2.VpcIpamPoolCidr("example",
ipam_pool_id=example_vpc_ipam_pool.id,
cidr="172.20.0.0/16")Content copied to clipboard
using System.Collections.Generic;
using System.Linq;
using Pulumi;
using Aws = Pulumi.Aws;
return await Deployment.RunAsync(() =>
{
var current = Aws.GetRegion.Invoke();
var example = new Aws.Ec2.VpcIpam("example", new()
{
OperatingRegions = new[]
{
new Aws.Ec2.Inputs.VpcIpamOperatingRegionArgs
{
RegionName = current.Apply(getRegionResult => getRegionResult.Name),
},
},
});
var exampleVpcIpamPool = new Aws.Ec2.VpcIpamPool("example", new()
{
AddressFamily = "ipv4",
IpamScopeId = example.PrivateDefaultScopeId,
Locale = current.Apply(getRegionResult => getRegionResult.Name),
});
var exampleVpcIpamPoolCidr = new Aws.Ec2.VpcIpamPoolCidr("example", new()
{
IpamPoolId = exampleVpcIpamPool.Id,
Cidr = "172.20.0.0/16",
});
});Content copied to clipboard
package main
import (
"github.com/pulumi/pulumi-aws/sdk/v6/go/aws"
"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/ec2"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
current, err := aws.GetRegion(ctx, &aws.GetRegionArgs{}, nil)
if err != nil {
return err
}
example, err := ec2.NewVpcIpam(ctx, "example", &ec2.VpcIpamArgs{
OperatingRegions: ec2.VpcIpamOperatingRegionArray{
&ec2.VpcIpamOperatingRegionArgs{
RegionName: pulumi.String(current.Name),
},
},
})
if err != nil {
return err
}
exampleVpcIpamPool, err := ec2.NewVpcIpamPool(ctx, "example", &ec2.VpcIpamPoolArgs{
AddressFamily: pulumi.String("ipv4"),
IpamScopeId: example.PrivateDefaultScopeId,
Locale: pulumi.String(current.Name),
})
if err != nil {
return err
}
_, err = ec2.NewVpcIpamPoolCidr(ctx, "example", &ec2.VpcIpamPoolCidrArgs{
IpamPoolId: exampleVpcIpamPool.ID(),
Cidr: pulumi.String("172.20.0.0/16"),
})
if err != nil {
return err
}
return nil
})
}Content copied to clipboard
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.aws.AwsFunctions;
import com.pulumi.aws.inputs.GetRegionArgs;
import com.pulumi.aws.ec2.VpcIpam;
import com.pulumi.aws.ec2.VpcIpamArgs;
import com.pulumi.aws.ec2.inputs.VpcIpamOperatingRegionArgs;
import com.pulumi.aws.ec2.VpcIpamPool;
import com.pulumi.aws.ec2.VpcIpamPoolArgs;
import com.pulumi.aws.ec2.VpcIpamPoolCidr;
import com.pulumi.aws.ec2.VpcIpamPoolCidrArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
final var current = AwsFunctions.getRegion();
var example = new VpcIpam("example", VpcIpamArgs.builder()
.operatingRegions(VpcIpamOperatingRegionArgs.builder()
.regionName(current.applyValue(getRegionResult -> getRegionResult.name()))
.build())
.build());
var exampleVpcIpamPool = new VpcIpamPool("exampleVpcIpamPool", VpcIpamPoolArgs.builder()
.addressFamily("ipv4")
.ipamScopeId(example.privateDefaultScopeId())
.locale(current.applyValue(getRegionResult -> getRegionResult.name()))
.build());
var exampleVpcIpamPoolCidr = new VpcIpamPoolCidr("exampleVpcIpamPoolCidr", VpcIpamPoolCidrArgs.builder()
.ipamPoolId(exampleVpcIpamPool.id())
.cidr("172.20.0.0/16")
.build());
}
}Content copied to clipboard
resources:
example:
type: aws:ec2:VpcIpam
properties:
operatingRegions:
- regionName: ${current.name}
exampleVpcIpamPool:
type: aws:ec2:VpcIpamPool
name: example
properties:
addressFamily: ipv4
ipamScopeId: ${example.privateDefaultScopeId}
locale: ${current.name}
exampleVpcIpamPoolCidr:
type: aws:ec2:VpcIpamPoolCidr
name: example
properties:
ipamPoolId: ${exampleVpcIpamPool.id}
cidr: 172.20.0.0/16
variables:
current:
fn::invoke:
function: aws:getRegion
arguments: {}Content copied to clipboard
Provision Public IPv6 Pool CIDRs:
import * as pulumi from "@pulumi/pulumi";
import * as aws from "@pulumi/aws";
const current = aws.getRegion({});
const example = new aws.ec2.VpcIpam("example", {operatingRegions: [{
regionName: current.then(current => current.name),
}]});
const ipv6TestPublic = new aws.ec2.VpcIpamPool("ipv6_test_public", {
addressFamily: "ipv6",
ipamScopeId: example.publicDefaultScopeId,
locale: "us-east-1",
description: "public ipv6",
publiclyAdvertisable: false,
publicIpSource: "amazon",
awsService: "ec2",
});
const ipv6TestPublicVpcIpamPoolCidr = new aws.ec2.VpcIpamPoolCidr("ipv6_test_public", {
ipamPoolId: ipv6TestPublic.id,
netmaskLength: 52,
});Content copied to clipboard
import pulumi
import pulumi_aws as aws
current = aws.get_region()
example = aws.ec2.VpcIpam("example", operating_regions=[{
"region_name": current.name,
}])
ipv6_test_public = aws.ec2.VpcIpamPool("ipv6_test_public",
address_family="ipv6",
ipam_scope_id=example.public_default_scope_id,
locale="us-east-1",
description="public ipv6",
publicly_advertisable=False,
public_ip_source="amazon",
aws_service="ec2")
ipv6_test_public_vpc_ipam_pool_cidr = aws.ec2.VpcIpamPoolCidr("ipv6_test_public",
ipam_pool_id=ipv6_test_public.id,
netmask_length=52)Content copied to clipboard
using System.Collections.Generic;
using System.Linq;
using Pulumi;
using Aws = Pulumi.Aws;
return await Deployment.RunAsync(() =>
{
var current = Aws.GetRegion.Invoke();
var example = new Aws.Ec2.VpcIpam("example", new()
{
OperatingRegions = new[]
{
new Aws.Ec2.Inputs.VpcIpamOperatingRegionArgs
{
RegionName = current.Apply(getRegionResult => getRegionResult.Name),
},
},
});
var ipv6TestPublic = new Aws.Ec2.VpcIpamPool("ipv6_test_public", new()
{
AddressFamily = "ipv6",
IpamScopeId = example.PublicDefaultScopeId,
Locale = "us-east-1",
Description = "public ipv6",
PubliclyAdvertisable = false,
PublicIpSource = "amazon",
AwsService = "ec2",
});
var ipv6TestPublicVpcIpamPoolCidr = new Aws.Ec2.VpcIpamPoolCidr("ipv6_test_public", new()
{
IpamPoolId = ipv6TestPublic.Id,
NetmaskLength = 52,
});
});Content copied to clipboard
package main
import (
"github.com/pulumi/pulumi-aws/sdk/v6/go/aws"
"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/ec2"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
current, err := aws.GetRegion(ctx, &aws.GetRegionArgs{}, nil)
if err != nil {
return err
}
example, err := ec2.NewVpcIpam(ctx, "example", &ec2.VpcIpamArgs{
OperatingRegions: ec2.VpcIpamOperatingRegionArray{
&ec2.VpcIpamOperatingRegionArgs{
RegionName: pulumi.String(current.Name),
},
},
})
if err != nil {
return err
}
ipv6TestPublic, err := ec2.NewVpcIpamPool(ctx, "ipv6_test_public", &ec2.VpcIpamPoolArgs{
AddressFamily: pulumi.String("ipv6"),
IpamScopeId: example.PublicDefaultScopeId,
Locale: pulumi.String("us-east-1"),
Description: pulumi.String("public ipv6"),
PubliclyAdvertisable: pulumi.Bool(false),
PublicIpSource: pulumi.String("amazon"),
AwsService: pulumi.String("ec2"),
})
if err != nil {
return err
}
_, err = ec2.NewVpcIpamPoolCidr(ctx, "ipv6_test_public", &ec2.VpcIpamPoolCidrArgs{
IpamPoolId: ipv6TestPublic.ID(),
NetmaskLength: pulumi.Int(52),
})
if err != nil {
return err
}
return nil
})
}Content copied to clipboard
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.aws.AwsFunctions;
import com.pulumi.aws.inputs.GetRegionArgs;
import com.pulumi.aws.ec2.VpcIpam;
import com.pulumi.aws.ec2.VpcIpamArgs;
import com.pulumi.aws.ec2.inputs.VpcIpamOperatingRegionArgs;
import com.pulumi.aws.ec2.VpcIpamPool;
import com.pulumi.aws.ec2.VpcIpamPoolArgs;
import com.pulumi.aws.ec2.VpcIpamPoolCidr;
import com.pulumi.aws.ec2.VpcIpamPoolCidrArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
final var current = AwsFunctions.getRegion();
var example = new VpcIpam("example", VpcIpamArgs.builder()
.operatingRegions(VpcIpamOperatingRegionArgs.builder()
.regionName(current.applyValue(getRegionResult -> getRegionResult.name()))
.build())
.build());
var ipv6TestPublic = new VpcIpamPool("ipv6TestPublic", VpcIpamPoolArgs.builder()
.addressFamily("ipv6")
.ipamScopeId(example.publicDefaultScopeId())
.locale("us-east-1")
.description("public ipv6")
.publiclyAdvertisable(false)
.publicIpSource("amazon")
.awsService("ec2")
.build());
var ipv6TestPublicVpcIpamPoolCidr = new VpcIpamPoolCidr("ipv6TestPublicVpcIpamPoolCidr", VpcIpamPoolCidrArgs.builder()
.ipamPoolId(ipv6TestPublic.id())
.netmaskLength(52)
.build());
}
}Content copied to clipboard
resources:
example:
type: aws:ec2:VpcIpam
properties:
operatingRegions:
- regionName: ${current.name}
ipv6TestPublic:
type: aws:ec2:VpcIpamPool
name: ipv6_test_public
properties:
addressFamily: ipv6
ipamScopeId: ${example.publicDefaultScopeId}
locale: us-east-1
description: public ipv6
publiclyAdvertisable: false
publicIpSource: amazon
awsService: ec2
ipv6TestPublicVpcIpamPoolCidr:
type: aws:ec2:VpcIpamPoolCidr
name: ipv6_test_public
properties:
ipamPoolId: ${ipv6TestPublic.id}
netmaskLength: 52
variables:
current:
fn::invoke:
function: aws:getRegion
arguments: {}Content copied to clipboard
Import
Using pulumi import, import IPAMs using the <cidr>_<ipam-pool-id>. For example: NOTE: Do not use the IPAM Pool Cidr ID as this was introduced after the resource already existed.
$ pulumi import aws:ec2/vpcIpamPoolCidr:VpcIpamPoolCidr example 172.20.0.0/24_ipam-pool-0e634f5a1517cccdcContent copied to clipboard
Constructors
Link copied to clipboard
constructor(cidr: Output<String>? = null, cidrAuthorizationContext: Output<VpcIpamPoolCidrCidrAuthorizationContextArgs>? = null, ipamPoolId: Output<String>? = null, netmaskLength: Output<Int>? = null)
Properties
Link copied to clipboard
A signed document that proves that you are authorized to bring the specified IP address range to Amazon using BYOIP. This is not stored in the state file. See cidr_authorization_context for more information.
Link copied to clipboard
The ID of the pool to which you want to assign a CIDR.
Link copied to clipboard
If provided, the cidr provisioned into the specified pool will be the next available cidr given this declared netmask length. Conflicts with cidr.