pulumi-aws-kotlin/com.pulumi.aws.lightsail.kotlin/ContainerService

ContainerService

class ContainerService : KotlinCustomResource

An Amazon Lightsail container service is a highly scalable compute and networking resource on which you can deploy, run, and manage containers. For more information, see Container services in Amazon Lightsail.

Note: For more information about the AWS Regions in which you can create Amazon Lightsail container services, see "Regions and Availability Zones in Amazon Lightsail".

Example Usage

Basic Usage

import * as pulumi from "@pulumi/pulumi";
import * as aws from "@pulumi/aws";
const myContainerService = new aws.lightsail.ContainerService("my_container_service", {
    name: "container-service-1",
    power: "nano",
    scale: 1,
    isDisabled: false,
    tags: {
        foo1: "bar1",
        foo2: "",
    },
});

import pulumi
import pulumi_aws as aws
my_container_service = aws.lightsail.ContainerService("my_container_service",
    name="container-service-1",
    power="nano",
    scale=1,
    is_disabled=False,
    tags={
        "foo1": "bar1",
        "foo2": "",
    })

using System.Collections.Generic;
using System.Linq;
using Pulumi;
using Aws = Pulumi.Aws;
return await Deployment.RunAsync(() =>
{
    var myContainerService = new Aws.LightSail.ContainerService("my_container_service", new()
    {
        Name = "container-service-1",
        Power = "nano",
        Scale = 1,
        IsDisabled = false,
        Tags =
        {
            { "foo1", "bar1" },
            { "foo2", "" },
        },
    });
});

package main
import (
	"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/lightsail"
	"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		_, err := lightsail.NewContainerService(ctx, "my_container_service", &lightsail.ContainerServiceArgs{
			Name:       pulumi.String("container-service-1"),
			Power:      pulumi.String("nano"),
			Scale:      pulumi.Int(1),
			IsDisabled: pulumi.Bool(false),
			Tags: pulumi.StringMap{
				"foo1": pulumi.String("bar1"),
				"foo2": pulumi.String(""),
			},
		})
		if err != nil {
			return err
		}
		return nil
	})
}

package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.aws.lightsail.ContainerService;
import com.pulumi.aws.lightsail.ContainerServiceArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
    public static void main(String[] args) {
        Pulumi.run(App::stack);
    }
    public static void stack(Context ctx) {
        var myContainerService = new ContainerService("myContainerService", ContainerServiceArgs.builder()
            .name("container-service-1")
            .power("nano")
            .scale(1)
            .isDisabled(false)
            .tags(Map.ofEntries(
                Map.entry("foo1", "bar1"),
                Map.entry("foo2", "")
            ))
            .build());
    }
}

resources:
  myContainerService:
    type: aws:lightsail:ContainerService
    name: my_container_service
    properties:
      name: container-service-1
      power: nano
      scale: 1
      isDisabled: false
      tags:
        foo1: bar1
        foo2: ""

Public Domain Names

import * as pulumi from "@pulumi/pulumi";
import * as aws from "@pulumi/aws";
const myContainerService = new aws.lightsail.ContainerService("my_container_service", {publicDomainNames: {
    certificates: [{
        certificateName: "example-certificate",
        domainNames: ["www&#46;example&#46;com"],
    }],
}});

import pulumi
import pulumi_aws as aws
my_container_service = aws.lightsail.ContainerService("my_container_service", public_domain_names={
    "certificates": [{
        "certificate_name": "example-certificate",
        "domain_names": ["www&#46;example&#46;com"],
    }],
})

using System.Collections.Generic;
using System.Linq;
using Pulumi;
using Aws = Pulumi.Aws;
return await Deployment.RunAsync(() =>
{
    var myContainerService = new Aws.LightSail.ContainerService("my_container_service", new()
    {
        PublicDomainNames = new Aws.LightSail.Inputs.ContainerServicePublicDomainNamesArgs
        {
            Certificates = new[]
            {
                new Aws.LightSail.Inputs.ContainerServicePublicDomainNamesCertificateArgs
                {
                    CertificateName = "example-certificate",
                    DomainNames = new[]
                    {
                        "www.example.com",
                    },
                },
            },
        },
    });
});

package main
import (
	"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/lightsail"
	"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		_, err := lightsail.NewContainerService(ctx, "my_container_service", &lightsail.ContainerServiceArgs{
			PublicDomainNames: &lightsail.ContainerServicePublicDomainNamesArgs{
				Certificates: lightsail.ContainerServicePublicDomainNamesCertificateArray{
					&lightsail.ContainerServicePublicDomainNamesCertificateArgs{
						CertificateName: pulumi.String("example-certificate"),
						DomainNames: pulumi.StringArray{
							pulumi.String("www.example.com"),
						},
					},
				},
			},
		})
		if err != nil {
			return err
		}
		return nil
	})
}

package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.aws.lightsail.ContainerService;
import com.pulumi.aws.lightsail.ContainerServiceArgs;
import com.pulumi.aws.lightsail.inputs.ContainerServicePublicDomainNamesArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
    public static void main(String[] args) {
        Pulumi.run(App::stack);
    }
    public static void stack(Context ctx) {
        var myContainerService = new ContainerService("myContainerService", ContainerServiceArgs.builder()
            .publicDomainNames(ContainerServicePublicDomainNamesArgs.builder()
                .certificates(ContainerServicePublicDomainNamesCertificateArgs.builder()
                    .certificateName("example-certificate")
                    .domainNames("www.example.com")
                    .build())
                .build())
            .build());
    }
}

resources:
  myContainerService:
    type: aws:lightsail:ContainerService
    name: my_container_service
    properties:
      publicDomainNames:
        certificates:
          - certificateName: example-certificate
            domainNames:
              - www.example.com

Private Registry Access

import * as pulumi from "@pulumi/pulumi";
import * as aws from "@pulumi/aws";
const defaultContainerService = new aws.lightsail.ContainerService("default", {privateRegistryAccess: {
    ecrImagePullerRole: {
        isActive: true,
    },
}});
const _default = defaultContainerService.privateRegistryAccess.apply(privateRegistryAccess => aws.iam.getPolicyDocumentOutput({
    statements: [{
        effect: "Allow",
        principals: [{
            type: "AWS",
            identifiers: [privateRegistryAccess&#46;ecrImagePullerRole?&#46;principalArn],
        }],
        actions: [
            "ecr:BatchGetImage",
            "ecr:GetDownloadUrlForLayer",
        ],
    }],
}));
const defaultRepositoryPolicy = new aws.ecr.RepositoryPolicy("default", {
    repository: defaultAwsEcrRepository.name,
    policy: _default.apply(_default => _default.json),
});

import pulumi
import pulumi_aws as aws
default_container_service = aws.lightsail.ContainerService("default", private_registry_access={
    "ecr_image_puller_role": {
        "is_active": True,
    },
})
default = default_container_service.private_registry_access.apply(lambda private_registry_access: aws.iam.get_policy_document_output(statements=[{
    "effect": "Allow",
    "principals": [{
        "type": "AWS",
        "identifiers": [private_registry_access&#46;ecr_image_puller_role&#46;principal_arn],
    }],
    "actions": [
        "ecr:BatchGetImage",
        "ecr:GetDownloadUrlForLayer",
    ],
}]))
default_repository_policy = aws.ecr.RepositoryPolicy("default",
    repository=default_aws_ecr_repository["name"],
    policy=default.json)

using System.Collections.Generic;
using System.Linq;
using Pulumi;
using Aws = Pulumi.Aws;
return await Deployment.RunAsync(() =>
{
    var defaultContainerService = new Aws.LightSail.ContainerService("default", new()
    {
        PrivateRegistryAccess = new Aws.LightSail.Inputs.ContainerServicePrivateRegistryAccessArgs
        {
            EcrImagePullerRole = new Aws.LightSail.Inputs.ContainerServicePrivateRegistryAccessEcrImagePullerRoleArgs
            {
                IsActive = true,
            },
        },
    });
    var @default = Aws.Iam.GetPolicyDocument.Invoke(new()
    {
        Statements = new[]
        {
            new Aws.Iam.Inputs.GetPolicyDocumentStatementInputArgs
            {
                Effect = "Allow",
                Principals = new[]
                {
                    new Aws.Iam.Inputs.GetPolicyDocumentStatementPrincipalInputArgs
                    {
                        Type = "AWS",
                        Identifiers = new[]
                        {
                            defaultContainerService.PrivateRegistryAccess.EcrImagePullerRole?.PrincipalArn,
                        },
                    },
                },
                Actions = new[]
                {
                    "ecr:BatchGetImage",
                    "ecr:GetDownloadUrlForLayer",
                },
            },
        },
    });
    var defaultRepositoryPolicy = new Aws.Ecr.RepositoryPolicy("default", new()
    {
        Repository = defaultAwsEcrRepository.Name,
        Policy = @default.Apply(@default => @default.Apply(getPolicyDocumentResult => getPolicyDocumentResult.Json)),
    });
});

package main
import (
	"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/ecr"
	"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/iam"
	"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/lightsail"
	"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
defaultContainerService, err := lightsail.NewContainerService(ctx, "default", &lightsail.ContainerServiceArgs{
PrivateRegistryAccess: &lightsail.ContainerServicePrivateRegistryAccessArgs{
EcrImagePullerRole: &lightsail.ContainerServicePrivateRegistryAccessEcrImagePullerRoleArgs{
IsActive: pulumi.Bool(true),
},
},
})
if err != nil {
return err
}
_default := defaultContainerService.PrivateRegistryAccess.ApplyT(func(privateRegistryAccess lightsail.ContainerServicePrivateRegistryAccess) (iam.GetPolicyDocumentResult, error) {
return iam.GetPolicyDocumentResult(interface{}(iam.GetPolicyDocumentOutput(ctx, iam.GetPolicyDocumentOutputArgs{
Statements: []iam.GetPolicyDocumentStatement{
{
Effect: "Allow",
Principals: []iam.GetPolicyDocumentStatementPrincipal{
{
Type: "AWS",
Identifiers: interface{}{
privateRegistryAccess.EcrImagePullerRole.PrincipalArn,
},
},
},
Actions: []string{
"ecr:BatchGetImage",
"ecr:GetDownloadUrlForLayer",
},
},
},
}, nil))), nil
}).(iam.GetPolicyDocumentResultOutput)
_, err = ecr.NewRepositoryPolicy(ctx, "default", &ecr.RepositoryPolicyArgs{
Repository: pulumi.Any(defaultAwsEcrRepository.Name),
Policy: pulumi.String(_default.ApplyT(func(_default iam.GetPolicyDocumentResult) (*string, error) {
return &default.Json, nil
}).(pulumi.StringPtrOutput)),
})
if err != nil {
return err
}
return nil
})
}

package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.aws.lightsail.ContainerService;
import com.pulumi.aws.lightsail.ContainerServiceArgs;
import com.pulumi.aws.lightsail.inputs.ContainerServicePrivateRegistryAccessArgs;
import com.pulumi.aws.lightsail.inputs.ContainerServicePrivateRegistryAccessEcrImagePullerRoleArgs;
import com.pulumi.aws.iam.IamFunctions;
import com.pulumi.aws.iam.inputs.GetPolicyDocumentArgs;
import com.pulumi.aws.ecr.RepositoryPolicy;
import com.pulumi.aws.ecr.RepositoryPolicyArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
    public static void main(String[] args) {
        Pulumi.run(App::stack);
    }
    public static void stack(Context ctx) {
        var defaultContainerService = new ContainerService("defaultContainerService", ContainerServiceArgs.builder()
            .privateRegistryAccess(ContainerServicePrivateRegistryAccessArgs.builder()
                .ecrImagePullerRole(ContainerServicePrivateRegistryAccessEcrImagePullerRoleArgs.builder()
                    .isActive(true)
                    .build())
                .build())
            .build());
        final var default = IamFunctions.getPolicyDocument(GetPolicyDocumentArgs.builder()
            .statements(GetPolicyDocumentStatementArgs.builder()
                .effect("Allow")
                .principals(GetPolicyDocumentStatementPrincipalArgs.builder()
                    .type("AWS")
                    .identifiers(defaultContainerService.privateRegistryAccess().applyValue(privateRegistryAccess -> privateRegistryAccess.ecrImagePullerRole().principalArn()))
                    .build())
                .actions(
                    "ecr:BatchGetImage",
                    "ecr:GetDownloadUrlForLayer")
                .build())
            .build());
        var defaultRepositoryPolicy = new RepositoryPolicy("defaultRepositoryPolicy", RepositoryPolicyArgs.builder()
            .repository(defaultAwsEcrRepository.name())
            .policy(default_.applyValue(default_ -> default_.json()))
            .build());
    }
}

resources:
  defaultContainerService:
    type: aws:lightsail:ContainerService
    name: default
    properties:
      privateRegistryAccess:
        ecrImagePullerRole:
          isActive: true
  defaultRepositoryPolicy:
    type: aws:ecr:RepositoryPolicy
    name: default
    properties:
      repository: ${defaultAwsEcrRepository.name}
      policy: ${default.json}
variables:
  default:
    fn::invoke:
      function: aws:iam:getPolicyDocument
      arguments:
        statements:
          - effect: Allow
            principals:
              - type: AWS
                identifiers:
                  - ${defaultContainerService.privateRegistryAccess.ecrImagePullerRole.principalArn}
            actions:
              - ecr:BatchGetImage
              - ecr:GetDownloadUrlForLayer

Import

Using pulumi import, import Lightsail Container Service using the name. For example:

$ pulumi import aws:lightsail/containerService:ContainerService my_container_service container-service-1

Properties

arn

val arn: Output<String>

The Amazon Resource Name (ARN) of the container service.

availabilityZone

val availabilityZone: Output<String>

The Availability Zone. Follows the format us-east-2a (case-sensitive).

createdAt

val createdAt: Output<String>

val id: Output<String>

isDisabled

val isDisabled: Output<Boolean>?

A Boolean value indicating whether the container service is disabled. Defaults to false.

name

val name: Output<String>

The name for the container service. Names must be of length 1 to 63, and be unique within each AWS Region in your Lightsail account.

power

val power: Output<String>

The power specification for the container service. The power specifies the amount of memory, the number of vCPUs, and the monthly price of each node of the container service. Possible values: nano, micro, small, medium, large, xlarge.

powerId

val powerId: Output<String>

The ID of the power of the container service.

principalArn

val principalArn: Output<String>

The principal ARN of the container service. The principal ARN can be used to create a trust relationship between your standard AWS account and your Lightsail container service. This allows you to give your service permission to access resources in your standard AWS account.

privateDomainName

val privateDomainName: Output<String>

The private domain name of the container service. The private domain name is accessible only by other resources within the default virtual private cloud (VPC) of your Lightsail account.

privateRegistryAccess

val privateRegistryAccess: Output<ContainerServicePrivateRegistryAccess>

An object to describe the configuration for the container service to access private container image repositories, such as Amazon Elastic Container Registry (Amazon ECR) private repositories. See Private Registry Access below for more details.

publicDomainNames

val publicDomainNames: Output<ContainerServicePublicDomainNames>?

The public domain names to use with the container service, such as example.com and www.example.com. You can specify up to four public domain names for a container service. The domain names that you specify are used when you create a deployment with a container configured as the public endpoint of your container service. If you don't specify public domain names, then you can use the default domain of the container service. Defined below.

pulumiChildResources

val pulumiChildResources: Set<KotlinResource>

pulumiResourceName

val pulumiResourceName: String

pulumiResourceType

val pulumiResourceType: String

resourceType

val resourceType: Output<String>

The Lightsail resource type of the container service (i.e., ContainerService).

scale

val scale: Output<Int>

The scale specification for the container service. The scale specifies the allocated compute nodes of the container service.

state

val state: Output<String>

The current state of the container service.