@pulumi/aws
Advanced tools
A Pulumi package for creating and managing Amazon Web Services (AWS) cloud resources.
@pulumi/aws is an npm package that allows developers to define, deploy, and manage AWS cloud resources using Pulumi, a modern infrastructure as code platform. It provides a wide range of functionalities to interact with various AWS services programmatically.
Creating an S3 Bucket
This code sample demonstrates how to create an S3 bucket using the @pulumi/aws package. The bucket is created with a private ACL.
const pulumi = require('@pulumi/pulumi');
const aws = require('@pulumi/aws');
const bucket = new aws.s3.Bucket('my-bucket', {
acl: 'private',
});
exports.bucketName = bucket.id;Launching an EC2 Instance
This code sample demonstrates how to launch an EC2 instance using the @pulumi/aws package. The instance is created with a specified AMI and instance type.
const pulumi = require('@pulumi/pulumi');
const aws = require('@pulumi/aws');
const instance = new aws.ec2.Instance('my-instance', {
ami: 'ami-0c55b159cbfafe1f0',
instanceType: 't2.micro',
});
exports.instanceId = instance.id;Creating a Lambda Function
This code sample demonstrates how to create a Lambda function using the @pulumi/aws package. It includes creating an IAM role and the Lambda function itself.
const pulumi = require('@pulumi/pulumi');
const aws = require('@pulumi/aws');
const role = new aws.iam.Role('lambdaRole', {
assumeRolePolicy: aws.iam.assumeRolePolicyForPrincipal({ Service: 'lambda.amazonaws.com' }),
});
const lambda = new aws.lambda.Function('myFunction', {
runtime: aws.lambda.NodeJS12dXRuntime,
code: new pulumi.asset.AssetArchive({
'.': new pulumi.asset.FileArchive('./app'),
}),
handler: 'index.handler',
role: role.arn,
});
exports.functionName = lambda.name;Setting up a VPC
This code sample demonstrates how to set up a VPC using the @pulumi/aws package. The VPC is created with a specified CIDR block.
const pulumi = require('@pulumi/pulumi');
const aws = require('@pulumi/aws');
const vpc = new aws.ec2.Vpc('my-vpc', {
cidrBlock: '10.0.0.0/16',
});
exports.vpcId = vpc.id;The aws-sdk package is the official AWS SDK for JavaScript, allowing developers to interact with AWS services directly. Unlike @pulumi/aws, which focuses on infrastructure as code, aws-sdk is more about interacting with AWS services at runtime.
Terraform is an open-source infrastructure as code software tool created by HashiCorp. It allows users to define and provision data center infrastructure using a high-level configuration language. While @pulumi/aws uses JavaScript/TypeScript, Terraform uses its own HCL (HashiCorp Configuration Language).
The Serverless Framework is an open-source framework that allows developers to build and deploy serverless applications on AWS Lambda and other serverless computing platforms. It focuses on serverless architectures, whereas @pulumi/aws can manage a broader range of AWS resources.
The Amazon Web Services (AWS) resource provider for Pulumi lets you use AWS resources in your cloud programs. To use this package, install the Pulumi CLI. For a streamlined Pulumi walkthrough, including language runtime installation and AWS configuration, select "Get Started" below.
This package is available in many languages in the standard packaging formats.
To use from JavaScript or TypeScript in Node.js, install using either npm:
$ npm install @pulumi/aws
or yarn:
$ yarn add @pulumi/aws
To use from Python, install using pip:
$ pip install pulumi_aws
To use from Go, use go get to grab the latest version of the library
$ go get github.com/pulumi/pulumi-aws/sdk/v6
To use from .NET, install using dotnet add package:
$ dotnet add package Pulumi.Aws
The @pulumi/aws package provides a strongly-typed means to create cloud applications that create and interact closely
with AWS resources. Resources are exposed for the entirety of AWS resources and their properties, including (but not
limited to), 'apigateway', 'cloudformation', 'EC2', 'ECS', 'iam', 'lambda', etc. Many convenience APIs have also been
added to make development easier and to help avoid common mistakes, and to get stronger typing.
The aws.lambda.CallbackFunction class allows you to create an AWS lambda function directly out of a JavaScript/TypeScript
function object of the right signature. This allows a Pulumi program to simply define a lambda using a simple lambda in
the language of choice, while having Pulumi itself do the appropriate transformation into the final AWS Lambda resource.
This makes many APIs easier to use, such as defining a Lambda to execute when an S3 Bucket is manipulated,
or a CloudWatch timer is fired. To see some examples of this in action, please refer to the examples/ directory.
The following configuration points are available:
aws:region - (Required) This is the AWS region.
aws:accessKey - (Optional) This is the AWS access key. It can also be sourced from the
AWS_ACCESS_KEY_ID environment variable, or via a shared credentials file if aws:profile is specified.
aws:secretKey - (Optional) This is the AWS secret key. It can also be sourced from the
AWS_SECRET_ACCESS_KEY environment variable, or via a shared credentials file if aws:profile is specified.
aws:profile - (Optional) This is the AWS profile name as set in the shared credentials file.
aws:sharedCredentialsFiles - (Optional) List of paths to the shared credentials file. If not set and a profile
is used, the default value is [~/.aws/credentials]. A single value can also be set with the
AWS_SHARED_CREDENTIALS_FILE environment variable.
aws:token - (Optional) Session token for validating temporary credentials. Typically provided after successful
identity federation or Multi-Factor Authentication (MFA) login. With MFA login, this is the session token provided
afterward, not the 6 digit MFA code used to get temporary credentials. It can also be sourced from the
AWS_SESSION_TOKEN environment variable.
aws:maxRetries - (Optional) This is the maximum number of times an API call is retried, in the case where requests
are being throttled or experiencing transient failures. The delay between the subsequent API calls increases
exponentially. If omitted, the default value is 25.
aws:allowedAccountIds - (Optional) List of allowed AWS account IDs to prevent you from mistakenly using an incorrect
one. Conflicts with aws:forbiddenAccountIds.
aws:endpoints - (Optional) Configuration block for customizing service endpoints. See the Custom Service Endpoints Guide for more information about connecting to alternate AWS endpoints or AWS compatible solutions. See also aws:useFipsEndpoint.
aws:forbiddenAccountIds - (Optional) List of forbidden AWS account IDs to prevent you from mistakenly using the wrong
one. Conflicts with aws:allowedAccountIds.
aws:assumeRole - (Optional) Supports the following (optional) arguments:
durationSections: Number of seconds to restrict the assume role session duration.
externalId: External identifier to use when assuming the role.
policy: IAM Policy JSON describing further restricting permissions for the IAM Role being assumed.
policyArns: Set of Amazon Resource Names (ARNs) of IAM Policies describing further restricting permissions for the role.
roleArn: Amazon Resource Name (ARN) of the IAM Role to assume.
sessionName: Session name to use when assuming the role.
tags: Map of assume role session tags.
aws:insecure - (Optional) Explicitly allow the provider to perform "insecure" SSL requests. If omitted, the default value is false.
aws:skipCredentialsValidation - (Optional) Skip the credentials validation via the STS API. Useful for AWS API implementations that do not have STS available or implemented. Default value is false. Can be set via the environment variable AWS_SKIP_CREDENTIALS_VALIDATION.
aws:skipRegionValidation - (Optional) Skip validation of provided region name. Useful for AWS-like implementations that use their own region names or to bypass the validation for regions that aren't publicly available yet. Default value is true.
aws:skipRequestionAccountId - (Optional) Skip requesting the account ID. Useful for AWS API implementations that do not have the IAM, STS API, or metadata API. Default value is false. When specified, the use of ARNs is compromised as there is no accountID available to construct the ARN.
aws:skipMetadataApiCheck - (Optional) Skip the AWS Metadata API check. Useful for AWS API implementations that do not have a metadata API endpoint. This provider from authenticating via the Metadata API by default. You may need to use other authentication methods like static credentials, configuration variables, or environment variables. Can be set via the environment variable AWS_SKIP_METADATA_API_CHECK.
aws:s3UsePathStyle - (Optional) Set this to true to force the request to use path-style addressing, i.e., http://s3.amazonaws.com/BUCKET/KEY. By default, the S3 client will use virtual hosted bucket addressing, http://BUCKET.s3.amazonaws.com/KEY, when possible. Specific to the Amazon S3 service. Default is false.
aws:useFipsEndpoint - (Optional) Force the provider to resolve endpoints with FIPS capability. Can also be set with the AWS_USE_FIPS_ENDPOINT environment variable.
For further information, visit AWS in the Pulumi Registry or for detailed API reference documentation, visit AWS API Docs in the Pulumi Registry.
Delve deeper into our project with additional resources:
Review the planned work for the upcoming quarter and a selected backlog of issues that are on our mind but not yet scheduled on the Pulumi Roadmap.
FAQs
A Pulumi package for creating and managing Amazon Web Services (AWS) cloud resources.
The npm package @pulumi/aws receives a total of 270,461 weekly downloads. As such, @pulumi/aws popularity was classified as popular.
We found that @pulumi/aws demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 2 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Security News
Research
The Socket Research Team breaks down a malicious wrapper package that uses obfuscation to harvest credentials and exfiltrate sensitive data.
Research
Security News
Attackers used a malicious npm package typosquatting a popular ESLint plugin to steal sensitive data, execute commands, and exploit developer systems.
Security News
The Ultralytics' PyPI Package was compromised four times in one weekend through GitHub Actions cache poisoning and failure to rotate previously compromised API tokens.