Container
data class ContainerServiceArgs(val isDisabled: Output<Boolean>? = null, val name: Output<String>? = null, val power: Output<String>? = null, val privateRegistryAccess: Output<ContainerServicePrivateRegistryAccessArgs>? = null, val publicDomainNames: Output<ContainerServicePublicDomainNamesArgs>? = null, val scale: Output<Int>? = null, val tags: Output<Map<String, String>>? = null) : ConvertibleToJava<ContainerServiceArgs>
An Amazon Lightsail container service is a highly scalable compute and networking resource on which you can deploy, run, and manage containers. For more information, see Container services in Amazon Lightsail.
Note: For more information about the AWS Regions in which you can create Amazon Lightsail container services, see "Regions and Availability Zones in Amazon Lightsail".
Example Usage
Basic Usage
import * as pulumi from "@pulumi/pulumi";
import * as aws from "@pulumi/aws";
const myContainerService = new aws.lightsail.ContainerService("my_container_service", {
name: "container-service-1",
power: "nano",
scale: 1,
isDisabled: false,
tags: {
foo1: "bar1",
foo2: "",
},
});Content copied to clipboard
import pulumi
import pulumi_aws as aws
my_container_service = aws.lightsail.ContainerService("my_container_service",
name="container-service-1",
power="nano",
scale=1,
is_disabled=False,
tags={
"foo1": "bar1",
"foo2": "",
})Content copied to clipboard
using System.Collections.Generic;
using System.Linq;
using Pulumi;
using Aws = Pulumi.Aws;
return await Deployment.RunAsync(() =>
{
var myContainerService = new Aws.LightSail.ContainerService("my_container_service", new()
{
Name = "container-service-1",
Power = "nano",
Scale = 1,
IsDisabled = false,
Tags =
{
{ "foo1", "bar1" },
{ "foo2", "" },
},
});
});Content copied to clipboard
package main
import (
"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/lightsail"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
_, err := lightsail.NewContainerService(ctx, "my_container_service", &lightsail.ContainerServiceArgs{
Name: pulumi.String("container-service-1"),
Power: pulumi.String("nano"),
Scale: pulumi.Int(1),
IsDisabled: pulumi.Bool(false),
Tags: pulumi.StringMap{
"foo1": pulumi.String("bar1"),
"foo2": pulumi.String(""),
},
})
if err != nil {
return err
}
return nil
})
}Content copied to clipboard
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.aws.lightsail.ContainerService;
import com.pulumi.aws.lightsail.ContainerServiceArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
var myContainerService = new ContainerService("myContainerService", ContainerServiceArgs.builder()
.name("container-service-1")
.power("nano")
.scale(1)
.isDisabled(false)
.tags(Map.ofEntries(
Map.entry("foo1", "bar1"),
Map.entry("foo2", "")
))
.build());
}
}Content copied to clipboard
resources:
myContainerService:
type: aws:lightsail:ContainerService
name: my_container_service
properties:
name: container-service-1
power: nano
scale: 1
isDisabled: false
tags:
foo1: bar1
foo2: ""Content copied to clipboard
Public Domain Names
import * as pulumi from "@pulumi/pulumi";
import * as aws from "@pulumi/aws";
const myContainerService = new aws.lightsail.ContainerService("my_container_service", {publicDomainNames: {
certificates: [{
certificateName: "example-certificate",
domainNames: ["www.example.com"],
}],
}});Content copied to clipboard
import pulumi
import pulumi_aws as aws
my_container_service = aws.lightsail.ContainerService("my_container_service", public_domain_names={
"certificates": [{
"certificate_name": "example-certificate",
"domain_names": ["www.example.com"],
}],
})Content copied to clipboard
using System.Collections.Generic;
using System.Linq;
using Pulumi;
using Aws = Pulumi.Aws;
return await Deployment.RunAsync(() =>
{
var myContainerService = new Aws.LightSail.ContainerService("my_container_service", new()
{
PublicDomainNames = new Aws.LightSail.Inputs.ContainerServicePublicDomainNamesArgs
{
Certificates = new[]
{
new Aws.LightSail.Inputs.ContainerServicePublicDomainNamesCertificateArgs
{
CertificateName = "example-certificate",
DomainNames = new[]
{
"www.example.com",
},
},
},
},
});
});Content copied to clipboard
package main
import (
"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/lightsail"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
_, err := lightsail.NewContainerService(ctx, "my_container_service", &lightsail.ContainerServiceArgs{
PublicDomainNames: &lightsail.ContainerServicePublicDomainNamesArgs{
Certificates: lightsail.ContainerServicePublicDomainNamesCertificateArray{
&lightsail.ContainerServicePublicDomainNamesCertificateArgs{
CertificateName: pulumi.String("example-certificate"),
DomainNames: pulumi.StringArray{
pulumi.String("www.example.com"),
},
},
},
},
})
if err != nil {
return err
}
return nil
})
}Content copied to clipboard
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.aws.lightsail.ContainerService;
import com.pulumi.aws.lightsail.ContainerServiceArgs;
import com.pulumi.aws.lightsail.inputs.ContainerServicePublicDomainNamesArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
var myContainerService = new ContainerService("myContainerService", ContainerServiceArgs.builder()
.publicDomainNames(ContainerServicePublicDomainNamesArgs.builder()
.certificates(ContainerServicePublicDomainNamesCertificateArgs.builder()
.certificateName("example-certificate")
.domainNames("www.example.com")
.build())
.build())
.build());
}
}Content copied to clipboard
resources:
myContainerService:
type: aws:lightsail:ContainerService
name: my_container_service
properties:
publicDomainNames:
certificates:
- certificateName: example-certificate
domainNames:
- www.example.comContent copied to clipboard
Private Registry Access
import * as pulumi from "@pulumi/pulumi";
import * as aws from "@pulumi/aws";
const defaultContainerService = new aws.lightsail.ContainerService("default", {privateRegistryAccess: {
ecrImagePullerRole: {
isActive: true,
},
}});
const _default = defaultContainerService.privateRegistryAccess.apply(privateRegistryAccess => aws.iam.getPolicyDocumentOutput({
statements: [{
effect: "Allow",
principals: [{
type: "AWS",
identifiers: [privateRegistryAccess.ecrImagePullerRole?.principalArn],
}],
actions: [
"ecr:BatchGetImage",
"ecr:GetDownloadUrlForLayer",
],
}],
}));
const defaultRepositoryPolicy = new aws.ecr.RepositoryPolicy("default", {
repository: defaultAwsEcrRepository.name,
policy: _default.apply(_default => _default.json),
});Content copied to clipboard
import pulumi
import pulumi_aws as aws
default_container_service = aws.lightsail.ContainerService("default", private_registry_access={
"ecr_image_puller_role": {
"is_active": True,
},
})
default = default_container_service.private_registry_access.apply(lambda private_registry_access: aws.iam.get_policy_document_output(statements=[{
"effect": "Allow",
"principals": [{
"type": "AWS",
"identifiers": [private_registry_access.ecr_image_puller_role.principal_arn],
}],
"actions": [
"ecr:BatchGetImage",
"ecr:GetDownloadUrlForLayer",
],
}]))
default_repository_policy = aws.ecr.RepositoryPolicy("default",
repository=default_aws_ecr_repository["name"],
policy=default.json)Content copied to clipboard
using System.Collections.Generic;
using System.Linq;
using Pulumi;
using Aws = Pulumi.Aws;
return await Deployment.RunAsync(() =>
{
var defaultContainerService = new Aws.LightSail.ContainerService("default", new()
{
PrivateRegistryAccess = new Aws.LightSail.Inputs.ContainerServicePrivateRegistryAccessArgs
{
EcrImagePullerRole = new Aws.LightSail.Inputs.ContainerServicePrivateRegistryAccessEcrImagePullerRoleArgs
{
IsActive = true,
},
},
});
var @default = Aws.Iam.GetPolicyDocument.Invoke(new()
{
Statements = new[]
{
new Aws.Iam.Inputs.GetPolicyDocumentStatementInputArgs
{
Effect = "Allow",
Principals = new[]
{
new Aws.Iam.Inputs.GetPolicyDocumentStatementPrincipalInputArgs
{
Type = "AWS",
Identifiers = new[]
{
defaultContainerService.PrivateRegistryAccess.EcrImagePullerRole?.PrincipalArn,
},
},
},
Actions = new[]
{
"ecr:BatchGetImage",
"ecr:GetDownloadUrlForLayer",
},
},
},
});
var defaultRepositoryPolicy = new Aws.Ecr.RepositoryPolicy("default", new()
{
Repository = defaultAwsEcrRepository.Name,
Policy = @default.Apply(@default => @default.Apply(getPolicyDocumentResult => getPolicyDocumentResult.Json)),
});
});Content copied to clipboard
package main
import (
"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/ecr"
"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/iam"
"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/lightsail"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
defaultContainerService, err := lightsail.NewContainerService(ctx, "default", &lightsail.ContainerServiceArgs{
PrivateRegistryAccess: &lightsail.ContainerServicePrivateRegistryAccessArgs{
EcrImagePullerRole: &lightsail.ContainerServicePrivateRegistryAccessEcrImagePullerRoleArgs{
IsActive: pulumi.Bool(true),
},
},
})
if err != nil {
return err
}
_default := defaultContainerService.PrivateRegistryAccess.ApplyT(func(privateRegistryAccess lightsail.ContainerServicePrivateRegistryAccess) (iam.GetPolicyDocumentResult, error) {
return iam.GetPolicyDocumentResult(interface{}(iam.GetPolicyDocumentOutput(ctx, iam.GetPolicyDocumentOutputArgs{
Statements: []iam.GetPolicyDocumentStatement{
{
Effect: "Allow",
Principals: []iam.GetPolicyDocumentStatementPrincipal{
{
Type: "AWS",
Identifiers: interface{}{
privateRegistryAccess.EcrImagePullerRole.PrincipalArn,
},
},
},
Actions: []string{
"ecr:BatchGetImage",
"ecr:GetDownloadUrlForLayer",
},
},
},
}, nil))), nil
}).(iam.GetPolicyDocumentResultOutput)
_, err = ecr.NewRepositoryPolicy(ctx, "default", &ecr.RepositoryPolicyArgs{
Repository: pulumi.Any(defaultAwsEcrRepository.Name),
Policy: pulumi.String(_default.ApplyT(func(_default iam.GetPolicyDocumentResult) (*string, error) {
return &default.Json, nil
}).(pulumi.StringPtrOutput)),
})
if err != nil {
return err
}
return nil
})
}Content copied to clipboard
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.aws.lightsail.ContainerService;
import com.pulumi.aws.lightsail.ContainerServiceArgs;
import com.pulumi.aws.lightsail.inputs.ContainerServicePrivateRegistryAccessArgs;
import com.pulumi.aws.lightsail.inputs.ContainerServicePrivateRegistryAccessEcrImagePullerRoleArgs;
import com.pulumi.aws.iam.IamFunctions;
import com.pulumi.aws.iam.inputs.GetPolicyDocumentArgs;
import com.pulumi.aws.ecr.RepositoryPolicy;
import com.pulumi.aws.ecr.RepositoryPolicyArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
var defaultContainerService = new ContainerService("defaultContainerService", ContainerServiceArgs.builder()
.privateRegistryAccess(ContainerServicePrivateRegistryAccessArgs.builder()
.ecrImagePullerRole(ContainerServicePrivateRegistryAccessEcrImagePullerRoleArgs.builder()
.isActive(true)
.build())
.build())
.build());
final var default = defaultContainerService.privateRegistryAccess().applyValue(_privateRegistryAccess -> IamFunctions.getPolicyDocument(GetPolicyDocumentArgs.builder()
.statements(GetPolicyDocumentStatementArgs.builder()
.effect("Allow")
.principals(GetPolicyDocumentStatementPrincipalArgs.builder()
.type("AWS")
.identifiers(_privateRegistryAccess.ecrImagePullerRole().principalArn())
.build())
.actions(
"ecr:BatchGetImage",
"ecr:GetDownloadUrlForLayer")
.build())
.build()));
var defaultRepositoryPolicy = new RepositoryPolicy("defaultRepositoryPolicy", RepositoryPolicyArgs.builder()
.repository(defaultAwsEcrRepository.name())
.policy(default_.applyValue(_default_ -> _default_.json()))
.build());
}
}Content copied to clipboard
resources:
defaultContainerService:
type: aws:lightsail:ContainerService
name: default
properties:
privateRegistryAccess:
ecrImagePullerRole:
isActive: true
defaultRepositoryPolicy:
type: aws:ecr:RepositoryPolicy
name: default
properties:
repository: ${defaultAwsEcrRepository.name}
policy: ${default.json}
variables:
default:
fn::invoke:
function: aws:iam:getPolicyDocument
arguments:
statements:
- effect: Allow
principals:
- type: AWS
identifiers:
- ${defaultContainerService.privateRegistryAccess.ecrImagePullerRole.principalArn}
actions:
- ecr:BatchGetImage
- ecr:GetDownloadUrlForLayerContent copied to clipboard
Import
Using pulumi import, import Lightsail Container Service using the name. For example:
$ pulumi import aws:lightsail/containerService:ContainerService my_container_service container-service-1Content copied to clipboard
Constructors
Link copied to clipboard
constructor(isDisabled: Output<Boolean>? = null, name: Output<String>? = null, power: Output<String>? = null, privateRegistryAccess: Output<ContainerServicePrivateRegistryAccessArgs>? = null, publicDomainNames: Output<ContainerServicePublicDomainNamesArgs>? = null, scale: Output<Int>? = null, tags: Output<Map<String, String>>? = null)
Properties
Link copied to clipboard
A Boolean value indicating whether the container service is disabled. Defaults to false.
Link copied to clipboard
An object to describe the configuration for the container service to access private container image repositories, such as Amazon Elastic Container Registry (Amazon ECR) private repositories. See Private Registry Access below for more details.
Link copied to clipboard
The public domain names to use with the container service, such as example.com and www.example.com. You can specify up to four public domain names for a container service. The domain names that you specify are used when you create a deployment with a container configured as the public endpoint of your container service. If you don't specify public domain names, then you can use the default domain of the container service. Defined below.
Link copied to clipboard
Map of container service tags. To create a key-only tag, use an empty string as the value. To tag at launch, specify the tags in the Launch Template. If configured with a provider default_tags configuration block present, tags with matching keys will overwrite those defined at the provider-level.