{ "description": "Instance is the Schema for the Instances API. Provides an EC2 instance resource. This allows instances to be created, updated, and deleted. Instances also support provisioning.", "properties": { "apiVersion": { "description": "APIVersion defines the versioned schema of this representation of an object.\nServers should convert recognized schemas to the latest internal value, and\nmay reject unrecognized values.\nMore info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", "type": "string" }, "kind": { "description": "Kind is a string value representing the REST resource this object represents.\nServers may infer this from the endpoint the client submits requests to.\nCannot be updated.\nIn CamelCase.\nMore info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", "type": "string" }, "metadata": { "type": "object" }, "spec": { "description": "InstanceSpec defines the desired state of Instance", "properties": { "deletionPolicy": { "default": "Delete", "description": "DeletionPolicy specifies what will happen to the underlying external\nwhen this managed resource is deleted - either \"Delete\" or \"Orphan\" the\nexternal resource.\nThis field is planned to be deprecated in favor of the ManagementPolicies\nfield in a future release. Currently, both could be set independently and\nnon-default values would be honored if the feature flag is enabled.\nSee the design doc for more information: https://github.com/crossplane/crossplane/blob/499895a25d1a1a0ba1604944ef98ac7a1a71f197/design/design-doc-observe-only-resources.md?plain=1#L223", "enum": [ "Orphan", "Delete" ], "type": "string" }, "forProvider": { "properties": { "ami": { "description": "AMI to use for the instance. Required unless launch_template is specified and the Launch Template specifes an AMI. If an AMI is specified in the Launch Template, setting ami will override the AMI specified in the Launch Template.", "type": "string" }, "associatePublicIpAddress": { "description": "Whether to associate a public IP address with an instance in a VPC.", "type": "boolean" }, "availabilityZone": { "description": "AZ to start the instance in.", "type": "string" }, "capacityReservationSpecification": { "description": "Describes an instance's Capacity Reservation targeting option. See Capacity Reservation Specification below for more details.", "items": { "properties": { "capacityReservationPreference": { "description": "Indicates the instance's Capacity Reservation preferences. Can be \"open\" or \"none\". (Default: \"open\").", "type": "string" }, "capacityReservationTarget": { "description": "Information about the target Capacity Reservation. See Capacity Reservation Target below for more details.", "items": { "properties": { "capacityReservationId": { "description": "ID of the Capacity Reservation in which to run the instance.", "type": "string" }, "capacityReservationResourceGroupArn": { "description": "ARN of the Capacity Reservation resource group in which to run the instance.", "type": "string" } }, "type": "object", "additionalProperties": false }, "type": "array" } }, "type": "object", "additionalProperties": false }, "type": "array" }, "cpuOptions": { "description": "The CPU options for the instance. See CPU Options below for more details.", "items": { "properties": { "amdSevSnp": { "description": "Indicates whether to enable the instance for AMD SEV-SNP. AMD SEV-SNP is supported with M6a, R6a, and C6a instance types only. Valid values are enabled and disabled.", "type": "string" }, "coreCount": { "description": "Sets the number of CPU cores for an instance. This option is only supported on creation of instance type that support CPU Options CPU Cores and Threads Per CPU Core Per Instance Type - specifying this option for unsupported instance types will return an error from the EC2 API.", "type": "number" }, "threadsPerCore": { "description": "If set to 1, hyperthreading is disabled on the launched instance. Defaults to 2 if not set. See Optimizing CPU Options for more information.", "type": "number" } }, "type": "object", "additionalProperties": false }, "type": "array" }, "creditSpecification": { "description": "Configuration block for customizing the credit specification of the instance. See Credit Specification below for more details. Removing this configuration on existing instances will only stop managing it. It will not change the configuration back to the default for the instance type.", "items": { "properties": { "cpuCredits": { "description": "Credit option for CPU usage. Valid values include standard or unlimited. T3 instances are launched as unlimited by default. T2 instances are launched as standard by default.", "type": "string" } }, "type": "object", "additionalProperties": false }, "type": "array" }, "disableApiStop": { "description": "If true, enables EC2 Instance Stop Protection.", "type": "boolean" }, "disableApiTermination": { "description": "If true, enables EC2 Instance Termination Protection.", "type": "boolean" }, "ebsBlockDevice": { "description": "One or more configuration blocks with additional EBS block devices to attach to the instance. Block device configurations only apply on resource creation. See Block Devices below for details on attributes and drift detection. When accessing this as an attribute reference, it is a set of objects.", "items": { "properties": { "deleteOnTermination": { "description": "Whether the volume should be destroyed on instance termination. Defaults to true.", "type": "boolean" }, "deviceName": { "description": "Name of the device to mount.", "type": "string" }, "encrypted": { "description": "Enables EBS encryption on the volume. Defaults to false. Cannot be used with snapshot_id. Must be configured to perform drift detection.", "type": "boolean" }, "iops": { "description": "Amount of provisioned IOPS. Only valid for volume_type of io1, io2 or gp3.", "type": "number" }, "kmsKeyId": { "description": "Amazon Resource Name (ARN) of the KMS Key to use when encrypting the volume. Must be configured to perform drift detection.", "type": "string" }, "kmsKeyIdRef": { "description": "Reference to a Key in kms to populate kmsKeyId.", "properties": { "name": { "description": "Name of the referenced object.", "type": "string" }, "policy": { "description": "Policies for referencing.", "properties": { "resolution": { "default": "Required", "description": "Resolution specifies whether resolution of this reference is required.\nThe default is 'Required', which means the reconcile will fail if the\nreference cannot be resolved. 'Optional' means this reference will be\na no-op if it cannot be resolved.", "enum": [ "Required", "Optional" ], "type": "string" }, "resolve": { "description": "Resolve specifies when this reference should be resolved. The default\nis 'IfNotPresent', which will attempt to resolve the reference only when\nthe corresponding field is not present. Use 'Always' to resolve the\nreference on every reconcile.", "enum": [ "Always", "IfNotPresent" ], "type": "string" } }, "type": "object", "additionalProperties": false } }, "required": [ "name" ], "type": "object", "additionalProperties": false }, "kmsKeyIdSelector": { "description": "Selector for a Key in kms to populate kmsKeyId.", "properties": { "matchControllerRef": { "description": "MatchControllerRef ensures an object with the same controller reference\nas the selecting object is selected.", "type": "boolean" }, "matchLabels": { "additionalProperties": { "type": "string" }, "description": "MatchLabels ensures an object with matching labels is selected.", "type": "object" }, "policy": { "description": "Policies for selection.", "properties": { "resolution": { "default": "Required", "description": "Resolution specifies whether resolution of this reference is required.\nThe default is 'Required', which means the reconcile will fail if the\nreference cannot be resolved. 'Optional' means this reference will be\na no-op if it cannot be resolved.", "enum": [ "Required", "Optional" ], "type": "string" }, "resolve": { "description": "Resolve specifies when this reference should be resolved. The default\nis 'IfNotPresent', which will attempt to resolve the reference only when\nthe corresponding field is not present. Use 'Always' to resolve the\nreference on every reconcile.", "enum": [ "Always", "IfNotPresent" ], "type": "string" } }, "type": "object", "additionalProperties": false } }, "type": "object", "additionalProperties": false }, "snapshotId": { "description": "Snapshot ID to mount.", "type": "string" }, "tags": { "additionalProperties": { "type": "string" }, "description": "Map of tags to assign to the device.", "type": "object", "x-kubernetes-map-type": "granular" }, "tagsAll": { "additionalProperties": { "type": "string" }, "description": "Map of tags assigned to the resource, including those inherited from the provider default_tags configuration block.", "type": "object", "x-kubernetes-map-type": "granular" }, "throughput": { "description": "Throughput to provision for a volume in mebibytes per second (MiB/s). This is only valid for volume_type of gp3.", "type": "number" }, "volumeSize": { "description": "Size of the volume in gibibytes (GiB).", "type": "number" }, "volumeType": { "description": "Type of volume. Valid values include standard, gp2, gp3, io1, io2, sc1, or st1. Defaults to gp2.", "type": "string" } }, "type": "object", "additionalProperties": false }, "type": "array" }, "ebsOptimized": { "description": "If true, the launched EC2 instance will be EBS-optimized. Note that if this is not set on an instance type that is optimized by default then this will show as disabled but if the instance type is optimized by default then there is no need to set this and there is no effect to disabling it. See the EBS Optimized section of the AWS User Guide for more information.", "type": "boolean" }, "enablePrimaryIpv6": { "description": "Whether to assign a primary IPv6 Global Unicast Address (GUA) to the instance when launched in a dual-stack or IPv6-only subnet. A primary IPv6 address ensures a consistent IPv6 address for the instance and is automatically assigned by AWS to the ENI. Once enabled, the first IPv6 GUA becomes the primary IPv6 address and cannot be disabled. The primary IPv6 address remains until the instance is terminated or the ENI is detached. Disabling enable_primary_ipv6 after it has been enabled forces recreation of the instance.", "type": "boolean" }, "enclaveOptions": { "description": "Enable Nitro Enclaves on launched instances. See Enclave Options below for more details.", "items": { "properties": { "enabled": { "description": "Whether Nitro Enclaves will be enabled on the instance. Defaults to false.", "type": "boolean" } }, "type": "object", "additionalProperties": false }, "type": "array" }, "ephemeralBlockDevice": { "description": "One or more configuration blocks to customize Ephemeral (also known as \"Instance Store\") volumes on the instance. See Block Devices below for details. When accessing this as an attribute reference, it is a set of objects.", "items": { "properties": { "deviceName": { "description": "Name of the block device to mount on the instance.", "type": "string" }, "noDevice": { "description": "Suppresses the specified device included in the AMI's block device mapping.", "type": "boolean" }, "virtualName": { "description": "Instance Store Device Name (e.g., ephemeral0).", "type": "string" } }, "type": "object", "additionalProperties": false }, "type": "array" }, "forceDestroy": { "description": "Destroys instance even if disable_api_termination or disable_api_stop is set to true. Defaults to false. If setting this field in the same operation that would require replacing the instance or destroying the instance, this flag will not work.", "type": "boolean" }, "getPasswordData": { "description": "If true, wait for password data to become available and retrieve it. Useful for getting the administrator password for instances running Microsoft Windows. The password data is exported to the password_data attribute. See GetPasswordData for more information.", "type": "boolean" }, "hibernation": { "description": "If true, the launched EC2 instance will support hibernation.", "type": "boolean" }, "hostId": { "description": "ID of a dedicated host that the instance will be assigned to. Use when an instance is to be launched on a specific dedicated host.", "type": "string" }, "hostResourceGroupArn": { "description": "ARN of the host resource group in which to launch the instances. If you specify an ARN, omit the tenancy parameter or set it to host.", "type": "string" }, "iamInstanceProfile": { "description": "IAM Instance Profile to launch the instance with. Specified as the name of the Instance Profile. Ensure your credentials have the correct permission to assign the instance profile according to the EC2 documentation, notably iam:PassRole.", "type": "string" }, "instanceInitiatedShutdownBehavior": { "description": "Shutdown behavior for the instance. Amazon defaults this to stop for EBS-backed instances and terminate for instance-store instances. Cannot be set on instance-store instances. See Shutdown Behavior for more information.", "type": "string" }, "instanceMarketOptions": { "description": "Describes the market (purchasing) option for the instances. See Market Options below for details on attributes.", "items": { "properties": { "marketType": { "description": "Type of market for the instance. Valid values are spot and capacity-block. Defaults to spot. Required if spot_options is specified.", "type": "string" }, "spotOptions": { "description": "Block to configure the options for Spot Instances. See Spot Options below for details on attributes.", "items": { "properties": { "instanceInterruptionBehavior": { "description": "The behavior when a Spot Instance is interrupted. Valid values include hibernate, stop, terminate . The default is terminate.", "type": "string" }, "maxPrice": { "description": "The maximum hourly price that you're willing to pay for a Spot Instance.", "type": "string" }, "spotInstanceType": { "description": "The Spot Instance request type. Valid values include one-time, persistent. Persistent Spot Instance requests are only supported when the instance interruption behavior is either hibernate or stop. The default is one-time.", "type": "string" }, "validUntil": { "description": "The end date of the request, in UTC format (YYYY-MM-DDTHH:MM:SSZ). Supported only for persistent requests.", "type": "string" } }, "type": "object", "additionalProperties": false }, "type": "array" } }, "type": "object", "additionalProperties": false }, "type": "array" }, "instanceType": { "description": "Instance type to use for the instance. Required unless launch_template is specified and the Launch Template specifies an instance type. If an instance type is specified in the Launch Template, setting instance_type will override the instance type specified in the Launch Template. Updates to this field will trigger a stop/start of the EC2 instance.", "type": "string" }, "ipv6AddressCount": { "description": "Number of IPv6 addresses to associate with the primary network interface. Amazon EC2 chooses the IPv6 addresses from the range of your subnet.", "type": "number" }, "ipv6Addresses": { "description": "Specify one or more IPv6 addresses from the range of the subnet to associate with the primary network interface", "items": { "type": "string" }, "type": "array" }, "keyName": { "description": "Key name of the Key Pair to use for the instance; which can be managed using the .", "type": "string" }, "launchTemplate": { "description": "Specifies a Launch Template to configure the instance. Parameters configured on this resource will override the corresponding parameters in the Launch Template. See Launch Template Specification below for more details.", "items": { "properties": { "id": { "description": "ID of the launch template. Conflicts with name.", "type": "string" }, "name": { "description": "Name of the launch template. Conflicts with id.", "type": "string" }, "version": { "description": "Template version. Can be a specific version number, $Latest or $Default. The default value is $Default.", "type": "string" } }, "type": "object", "additionalProperties": false }, "type": "array" }, "maintenanceOptions": { "description": "Maintenance and recovery options for the instance. See Maintenance Options below for more details.", "items": { "properties": { "autoRecovery": { "description": "Automatic recovery behavior of the Instance. Can be \"default\" or \"disabled\". See Recover your instance for more details.", "type": "string" } }, "type": "object", "additionalProperties": false }, "type": "array" }, "metadataOptions": { "description": "Customize the metadata options of the instance. See Metadata Options below for more details.", "items": { "properties": { "httpEndpoint": { "description": "Whether the metadata service is available. Valid values include enabled or disabled. Defaults to enabled.", "type": "string" }, "httpProtocolIpv6": { "description": "Whether the IPv6 endpoint for the instance metadata service is enabled. Defaults to disabled.", "type": "string" }, "httpPutResponseHopLimit": { "description": "Desired HTTP PUT response hop limit for instance metadata requests. The larger the number, the further instance metadata requests can travel. Valid values are integer from 1 to 64. Defaults to 1.", "type": "number" }, "httpTokens": { "description": "Whether or not the metadata service requires session tokens, also referred to as Instance Metadata Service Version 2 (IMDSv2). Valid values include optional or required.", "type": "string" }, "instanceMetadataTags": { "description": "Enables or disables access to instance tags from the instance metadata service. Valid values include enabled or disabled. Defaults to disabled.", "type": "string" } }, "type": "object", "additionalProperties": false }, "type": "array" }, "monitoring": { "description": "If true, the launched EC2 instance will have detailed monitoring enabled. (Available since v0.6.0)", "type": "boolean" }, "networkInterface": { "description": "Customize network interfaces to be attached at instance boot time. See Network Interfaces below for more details.", "items": { "properties": { "deleteOnTermination": { "description": "Whether or not to delete the network interface on instance termination. Defaults to false. Currently, the only valid value is false, as this is only supported when creating new network interfaces when launching an instance.", "type": "boolean" }, "deviceIndex": { "description": "Integer index of the network interface attachment. Limited by instance type.", "type": "number" }, "networkCardIndex": { "description": "Integer index of the network card. Limited by instance type. The default index is 0.", "type": "number" }, "networkInterfaceId": { "description": "ID of the network interface to attach.", "type": "string" }, "networkInterfaceIdRef": { "description": "Reference to a NetworkInterface in ec2 to populate networkInterfaceId.", "properties": { "name": { "description": "Name of the referenced object.", "type": "string" }, "policy": { "description": "Policies for referencing.", "properties": { "resolution": { "default": "Required", "description": "Resolution specifies whether resolution of this reference is required.\nThe default is 'Required', which means the reconcile will fail if the\nreference cannot be resolved. 'Optional' means this reference will be\na no-op if it cannot be resolved.", "enum": [ "Required", "Optional" ], "type": "string" }, "resolve": { "description": "Resolve specifies when this reference should be resolved. The default\nis 'IfNotPresent', which will attempt to resolve the reference only when\nthe corresponding field is not present. Use 'Always' to resolve the\nreference on every reconcile.", "enum": [ "Always", "IfNotPresent" ], "type": "string" } }, "type": "object", "additionalProperties": false } }, "required": [ "name" ], "type": "object", "additionalProperties": false }, "networkInterfaceIdSelector": { "description": "Selector for a NetworkInterface in ec2 to populate networkInterfaceId.", "properties": { "matchControllerRef": { "description": "MatchControllerRef ensures an object with the same controller reference\nas the selecting object is selected.", "type": "boolean" }, "matchLabels": { "additionalProperties": { "type": "string" }, "description": "MatchLabels ensures an object with matching labels is selected.", "type": "object" }, "policy": { "description": "Policies for selection.", "properties": { "resolution": { "default": "Required", "description": "Resolution specifies whether resolution of this reference is required.\nThe default is 'Required', which means the reconcile will fail if the\nreference cannot be resolved. 'Optional' means this reference will be\na no-op if it cannot be resolved.", "enum": [ "Required", "Optional" ], "type": "string" }, "resolve": { "description": "Resolve specifies when this reference should be resolved. The default\nis 'IfNotPresent', which will attempt to resolve the reference only when\nthe corresponding field is not present. Use 'Always' to resolve the\nreference on every reconcile.", "enum": [ "Always", "IfNotPresent" ], "type": "string" } }, "type": "object", "additionalProperties": false } }, "type": "object", "additionalProperties": false } }, "type": "object", "additionalProperties": false }, "type": "array" }, "placementGroup": { "description": "Placement Group to start the instance in. Conflicts with placement_group_id.", "type": "string" }, "placementGroupId": { "description": "Placement Group ID to start the instance in. Conflicts with placement_group.", "type": "string" }, "placementPartitionNumber": { "description": "Number of the partition the instance is in. Valid only if the strategy argument is set to \"partition\".", "type": "number" }, "primaryNetworkInterface": { "description": "The primary network interface. See Primary Network Interface below.", "items": { "properties": { "networkInterfaceId": { "description": "ID of the network interface to attach.", "type": "string" }, "networkInterfaceIdRef": { "description": "Reference to a NetworkInterface in ec2 to populate networkInterfaceId.", "properties": { "name": { "description": "Name of the referenced object.", "type": "string" }, "policy": { "description": "Policies for referencing.", "properties": { "resolution": { "default": "Required", "description": "Resolution specifies whether resolution of this reference is required.\nThe default is 'Required', which means the reconcile will fail if the\nreference cannot be resolved. 'Optional' means this reference will be\na no-op if it cannot be resolved.", "enum": [ "Required", "Optional" ], "type": "string" }, "resolve": { "description": "Resolve specifies when this reference should be resolved. The default\nis 'IfNotPresent', which will attempt to resolve the reference only when\nthe corresponding field is not present. Use 'Always' to resolve the\nreference on every reconcile.", "enum": [ "Always", "IfNotPresent" ], "type": "string" } }, "type": "object", "additionalProperties": false } }, "required": [ "name" ], "type": "object", "additionalProperties": false }, "networkInterfaceIdSelector": { "description": "Selector for a NetworkInterface in ec2 to populate networkInterfaceId.", "properties": { "matchControllerRef": { "description": "MatchControllerRef ensures an object with the same controller reference\nas the selecting object is selected.", "type": "boolean" }, "matchLabels": { "additionalProperties": { "type": "string" }, "description": "MatchLabels ensures an object with matching labels is selected.", "type": "object" }, "policy": { "description": "Policies for selection.", "properties": { "resolution": { "default": "Required", "description": "Resolution specifies whether resolution of this reference is required.\nThe default is 'Required', which means the reconcile will fail if the\nreference cannot be resolved. 'Optional' means this reference will be\na no-op if it cannot be resolved.", "enum": [ "Required", "Optional" ], "type": "string" }, "resolve": { "description": "Resolve specifies when this reference should be resolved. The default\nis 'IfNotPresent', which will attempt to resolve the reference only when\nthe corresponding field is not present. Use 'Always' to resolve the\nreference on every reconcile.", "enum": [ "Always", "IfNotPresent" ], "type": "string" } }, "type": "object", "additionalProperties": false } }, "type": "object", "additionalProperties": false } }, "type": "object", "additionalProperties": false }, "type": "array" }, "privateDnsNameOptions": { "description": "Options for the instance hostname. The default values are inherited from the subnet. See Private DNS Name Options below for more details.", "items": { "properties": { "enableResourceNameDnsARecord": { "description": "Indicates whether to respond to DNS queries for instance hostnames with DNS A records.", "type": "boolean" }, "enableResourceNameDnsAaaaRecord": { "description": "Indicates whether to respond to DNS queries for instance hostnames with DNS AAAA records.", "type": "boolean" }, "hostnameType": { "description": "Type of hostname for Amazon EC2 instances. For IPv4 only subnets, an instance DNS name must be based on the instance IPv4 address. For IPv6 native subnets, an instance DNS name must be based on the instance ID. For dual-stack subnets, you can specify whether DNS names use the instance IPv4 address or the instance ID. Valid values: ip-name and resource-name.", "type": "string" } }, "type": "object", "additionalProperties": false }, "type": "array" }, "privateIp": { "description": "Private IP address to associate with the instance in a VPC.", "type": "string" }, "region": { "description": "Region where this resource will be managed. Defaults to the Region set in the provider configuration.\nRegion is the region you'd like your resource to be created in.", "type": "string" }, "rootBlockDevice": { "description": "Configuration block to customize details about the root block device of the instance. See Block Devices below for details. When accessing this as an attribute reference, it is a list containing one object.", "items": { "properties": { "deleteOnTermination": { "description": "Whether the volume should be destroyed on instance termination. Defaults to true.", "type": "boolean" }, "encrypted": { "description": "Whether to enable volume encryption. Defaults to false. Must be configured to perform drift detection.", "type": "boolean" }, "iops": { "description": "Amount of provisioned IOPS. Only valid for volume_type of io1, io2 or gp3.", "type": "number" }, "kmsKeyId": { "description": "Amazon Resource Name (ARN) of the KMS Key to use when encrypting the volume. Must be configured to perform drift detection.", "type": "string" }, "kmsKeyIdRef": { "description": "Reference to a Key in kms to populate kmsKeyId.", "properties": { "name": { "description": "Name of the referenced object.", "type": "string" }, "policy": { "description": "Policies for referencing.", "properties": { "resolution": { "default": "Required", "description": "Resolution specifies whether resolution of this reference is required.\nThe default is 'Required', which means the reconcile will fail if the\nreference cannot be resolved. 'Optional' means this reference will be\na no-op if it cannot be resolved.", "enum": [ "Required", "Optional" ], "type": "string" }, "resolve": { "description": "Resolve specifies when this reference should be resolved. The default\nis 'IfNotPresent', which will attempt to resolve the reference only when\nthe corresponding field is not present. Use 'Always' to resolve the\nreference on every reconcile.", "enum": [ "Always", "IfNotPresent" ], "type": "string" } }, "type": "object", "additionalProperties": false } }, "required": [ "name" ], "type": "object", "additionalProperties": false }, "kmsKeyIdSelector": { "description": "Selector for a Key in kms to populate kmsKeyId.", "properties": { "matchControllerRef": { "description": "MatchControllerRef ensures an object with the same controller reference\nas the selecting object is selected.", "type": "boolean" }, "matchLabels": { "additionalProperties": { "type": "string" }, "description": "MatchLabels ensures an object with matching labels is selected.", "type": "object" }, "policy": { "description": "Policies for selection.", "properties": { "resolution": { "default": "Required", "description": "Resolution specifies whether resolution of this reference is required.\nThe default is 'Required', which means the reconcile will fail if the\nreference cannot be resolved. 'Optional' means this reference will be\na no-op if it cannot be resolved.", "enum": [ "Required", "Optional" ], "type": "string" }, "resolve": { "description": "Resolve specifies when this reference should be resolved. The default\nis 'IfNotPresent', which will attempt to resolve the reference only when\nthe corresponding field is not present. Use 'Always' to resolve the\nreference on every reconcile.", "enum": [ "Always", "IfNotPresent" ], "type": "string" } }, "type": "object", "additionalProperties": false } }, "type": "object", "additionalProperties": false }, "tags": { "additionalProperties": { "type": "string" }, "description": "Map of tags to assign to the device.", "type": "object", "x-kubernetes-map-type": "granular" }, "tagsAll": { "additionalProperties": { "type": "string" }, "description": "Map of tags assigned to the resource, including those inherited from the provider default_tags configuration block.", "type": "object", "x-kubernetes-map-type": "granular" }, "throughput": { "description": "Throughput to provision for a volume in mebibytes per second (MiB/s). This is only valid for volume_type of gp3.", "type": "number" }, "volumeSize": { "description": "Size of the volume in gibibytes (GiB).", "type": "number" }, "volumeType": { "description": "Type of volume. Valid values include standard, gp2, gp3, io1, io2, sc1, or st1. Defaults to the volume type that the AMI uses.", "type": "string" } }, "type": "object", "additionalProperties": false }, "type": "array" }, "secondaryPrivateIps": { "description": "List of secondary private IPv4 addresses to assign to the instance's primary network interface (eth0) in a VPC. Can only be assigned to the primary network interface (eth0) attached at instance creation, not a pre-existing network interface i.e., referenced in a network_interface block. Refer to the Elastic network interfaces documentation to see the maximum number of private IP addresses allowed per instance type.", "items": { "type": "string" }, "type": "array", "x-kubernetes-list-type": "set" }, "sourceDestCheck": { "description": "Controls if traffic is routed to the instance when the destination address does not match the instance. Used for NAT or VPNs. Defaults true.", "type": "boolean" }, "subnetId": { "description": "VPC Subnet ID to launch in.", "type": "string" }, "subnetIdRef": { "description": "Reference to a Subnet in ec2 to populate subnetId.", "properties": { "name": { "description": "Name of the referenced object.", "type": "string" }, "policy": { "description": "Policies for referencing.", "properties": { "resolution": { "default": "Required", "description": "Resolution specifies whether resolution of this reference is required.\nThe default is 'Required', which means the reconcile will fail if the\nreference cannot be resolved. 'Optional' means this reference will be\na no-op if it cannot be resolved.", "enum": [ "Required", "Optional" ], "type": "string" }, "resolve": { "description": "Resolve specifies when this reference should be resolved. The default\nis 'IfNotPresent', which will attempt to resolve the reference only when\nthe corresponding field is not present. Use 'Always' to resolve the\nreference on every reconcile.", "enum": [ "Always", "IfNotPresent" ], "type": "string" } }, "type": "object", "additionalProperties": false } }, "required": [ "name" ], "type": "object", "additionalProperties": false }, "subnetIdSelector": { "description": "Selector for a Subnet in ec2 to populate subnetId.", "properties": { "matchControllerRef": { "description": "MatchControllerRef ensures an object with the same controller reference\nas the selecting object is selected.", "type": "boolean" }, "matchLabels": { "additionalProperties": { "type": "string" }, "description": "MatchLabels ensures an object with matching labels is selected.", "type": "object" }, "policy": { "description": "Policies for selection.", "properties": { "resolution": { "default": "Required", "description": "Resolution specifies whether resolution of this reference is required.\nThe default is 'Required', which means the reconcile will fail if the\nreference cannot be resolved. 'Optional' means this reference will be\na no-op if it cannot be resolved.", "enum": [ "Required", "Optional" ], "type": "string" }, "resolve": { "description": "Resolve specifies when this reference should be resolved. The default\nis 'IfNotPresent', which will attempt to resolve the reference only when\nthe corresponding field is not present. Use 'Always' to resolve the\nreference on every reconcile.", "enum": [ "Always", "IfNotPresent" ], "type": "string" } }, "type": "object", "additionalProperties": false } }, "type": "object", "additionalProperties": false }, "tags": { "additionalProperties": { "type": "string" }, "description": "Key-value map of resource tags.", "type": "object", "x-kubernetes-map-type": "granular" }, "tenancy": { "description": "Tenancy of the instance (if the instance is running in a VPC). An instance with a tenancy of dedicated runs on single-tenant hardware. The host tenancy is not supported for the import-instance command. Valid values are default, dedicated, and host.", "type": "string" }, "userData": { "description": "User data to provide when launching the instance. Do not pass gzip-compressed data via this argument; see user_data_base64 instead. Updates to this field will trigger a stop/start of the EC2 instance by default. If the user_data_replace_on_change is set then updates to this field will trigger a destroy and recreate of the EC2 instance.", "type": "string" }, "userDataBase64": { "description": "Can be used instead of user_data to pass base64-encoded binary data directly. Use this instead of user_data whenever the value is not a valid UTF-8 string. For example, gzip-encoded user data must be base64-encoded and passed via this argument to avoid corruption. Updates to this field will trigger a stop/start of the EC2 instance by default. If the user_data_replace_on_change is set then updates to this field will trigger a destroy and recreate of the EC2 instance.", "type": "string" }, "userDataReplaceOnChange": { "description": "When used in combination with user_data or user_data_base64 will trigger a destroy and recreate of the EC2 instance when set to true. Defaults to false if not set.", "type": "boolean" }, "volumeTags": { "additionalProperties": { "type": "string" }, "description": "Map of tags to assign, at instance-creation time, to root and EBS volumes.", "type": "object", "x-kubernetes-map-type": "granular" }, "vpcSecurityGroupIdRefs": { "description": "References to SecurityGroup in ec2 to populate vpcSecurityGroupIds.", "items": { "description": "A Reference to a named object.", "properties": { "name": { "description": "Name of the referenced object.", "type": "string" }, "policy": { "description": "Policies for referencing.", "properties": { "resolution": { "default": "Required", "description": "Resolution specifies whether resolution of this reference is required.\nThe default is 'Required', which means the reconcile will fail if the\nreference cannot be resolved. 'Optional' means this reference will be\na no-op if it cannot be resolved.", "enum": [ "Required", "Optional" ], "type": "string" }, "resolve": { "description": "Resolve specifies when this reference should be resolved. The default\nis 'IfNotPresent', which will attempt to resolve the reference only when\nthe corresponding field is not present. Use 'Always' to resolve the\nreference on every reconcile.", "enum": [ "Always", "IfNotPresent" ], "type": "string" } }, "type": "object", "additionalProperties": false } }, "required": [ "name" ], "type": "object", "additionalProperties": false }, "type": "array" }, "vpcSecurityGroupIdSelector": { "description": "Selector for a list of SecurityGroup in ec2 to populate vpcSecurityGroupIds.", "properties": { "matchControllerRef": { "description": "MatchControllerRef ensures an object with the same controller reference\nas the selecting object is selected.", "type": "boolean" }, "matchLabels": { "additionalProperties": { "type": "string" }, "description": "MatchLabels ensures an object with matching labels is selected.", "type": "object" }, "policy": { "description": "Policies for selection.", "properties": { "resolution": { "default": "Required", "description": "Resolution specifies whether resolution of this reference is required.\nThe default is 'Required', which means the reconcile will fail if the\nreference cannot be resolved. 'Optional' means this reference will be\na no-op if it cannot be resolved.", "enum": [ "Required", "Optional" ], "type": "string" }, "resolve": { "description": "Resolve specifies when this reference should be resolved. The default\nis 'IfNotPresent', which will attempt to resolve the reference only when\nthe corresponding field is not present. Use 'Always' to resolve the\nreference on every reconcile.", "enum": [ "Always", "IfNotPresent" ], "type": "string" } }, "type": "object", "additionalProperties": false } }, "type": "object", "additionalProperties": false }, "vpcSecurityGroupIds": { "description": "List of security group IDs to associate with.", "items": { "type": "string" }, "type": "array", "x-kubernetes-list-type": "set" } }, "required": [ "region" ], "type": "object", "additionalProperties": false }, "initProvider": { "description": "THIS IS A BETA FIELD. It will be honored\nunless the Management Policies feature flag is disabled.\nInitProvider holds the same fields as ForProvider, with the exception\nof Identifier and other resource reference fields. The fields that are\nin InitProvider are merged into ForProvider when the resource is created.\nThe same fields are also added to the terraform ignore_changes hook, to\navoid updating them after creation. This is useful for fields that are\nrequired on creation, but we do not desire to update them after creation,\nfor example because of an external controller is managing them, like an\nautoscaler.", "properties": { "ami": { "description": "AMI to use for the instance. Required unless launch_template is specified and the Launch Template specifes an AMI. If an AMI is specified in the Launch Template, setting ami will override the AMI specified in the Launch Template.", "type": "string" }, "associatePublicIpAddress": { "description": "Whether to associate a public IP address with an instance in a VPC.", "type": "boolean" }, "availabilityZone": { "description": "AZ to start the instance in.", "type": "string" }, "capacityReservationSpecification": { "description": "Describes an instance's Capacity Reservation targeting option. See Capacity Reservation Specification below for more details.", "items": { "properties": { "capacityReservationPreference": { "description": "Indicates the instance's Capacity Reservation preferences. Can be \"open\" or \"none\". (Default: \"open\").", "type": "string" }, "capacityReservationTarget": { "description": "Information about the target Capacity Reservation. See Capacity Reservation Target below for more details.", "items": { "properties": { "capacityReservationId": { "description": "ID of the Capacity Reservation in which to run the instance.", "type": "string" }, "capacityReservationResourceGroupArn": { "description": "ARN of the Capacity Reservation resource group in which to run the instance.", "type": "string" } }, "type": "object", "additionalProperties": false }, "type": "array" } }, "type": "object", "additionalProperties": false }, "type": "array" }, "cpuOptions": { "description": "The CPU options for the instance. See CPU Options below for more details.", "items": { "properties": { "amdSevSnp": { "description": "Indicates whether to enable the instance for AMD SEV-SNP. AMD SEV-SNP is supported with M6a, R6a, and C6a instance types only. Valid values are enabled and disabled.", "type": "string" }, "coreCount": { "description": "Sets the number of CPU cores for an instance. This option is only supported on creation of instance type that support CPU Options CPU Cores and Threads Per CPU Core Per Instance Type - specifying this option for unsupported instance types will return an error from the EC2 API.", "type": "number" }, "threadsPerCore": { "description": "If set to 1, hyperthreading is disabled on the launched instance. Defaults to 2 if not set. See Optimizing CPU Options for more information.", "type": "number" } }, "type": "object", "additionalProperties": false }, "type": "array" }, "creditSpecification": { "description": "Configuration block for customizing the credit specification of the instance. See Credit Specification below for more details. Removing this configuration on existing instances will only stop managing it. It will not change the configuration back to the default for the instance type.", "items": { "properties": { "cpuCredits": { "description": "Credit option for CPU usage. Valid values include standard or unlimited. T3 instances are launched as unlimited by default. T2 instances are launched as standard by default.", "type": "string" } }, "type": "object", "additionalProperties": false }, "type": "array" }, "disableApiStop": { "description": "If true, enables EC2 Instance Stop Protection.", "type": "boolean" }, "disableApiTermination": { "description": "If true, enables EC2 Instance Termination Protection.", "type": "boolean" }, "ebsBlockDevice": { "description": "One or more configuration blocks with additional EBS block devices to attach to the instance. Block device configurations only apply on resource creation. See Block Devices below for details on attributes and drift detection. When accessing this as an attribute reference, it is a set of objects.", "items": { "properties": { "deleteOnTermination": { "description": "Whether the volume should be destroyed on instance termination. Defaults to true.", "type": "boolean" }, "deviceName": { "description": "Name of the device to mount.", "type": "string" }, "encrypted": { "description": "Enables EBS encryption on the volume. Defaults to false. Cannot be used with snapshot_id. Must be configured to perform drift detection.", "type": "boolean" }, "iops": { "description": "Amount of provisioned IOPS. Only valid for volume_type of io1, io2 or gp3.", "type": "number" }, "kmsKeyId": { "description": "Amazon Resource Name (ARN) of the KMS Key to use when encrypting the volume. Must be configured to perform drift detection.", "type": "string" }, "kmsKeyIdRef": { "description": "Reference to a Key in kms to populate kmsKeyId.", "properties": { "name": { "description": "Name of the referenced object.", "type": "string" }, "policy": { "description": "Policies for referencing.", "properties": { "resolution": { "default": "Required", "description": "Resolution specifies whether resolution of this reference is required.\nThe default is 'Required', which means the reconcile will fail if the\nreference cannot be resolved. 'Optional' means this reference will be\na no-op if it cannot be resolved.", "enum": [ "Required", "Optional" ], "type": "string" }, "resolve": { "description": "Resolve specifies when this reference should be resolved. The default\nis 'IfNotPresent', which will attempt to resolve the reference only when\nthe corresponding field is not present. Use 'Always' to resolve the\nreference on every reconcile.", "enum": [ "Always", "IfNotPresent" ], "type": "string" } }, "type": "object", "additionalProperties": false } }, "required": [ "name" ], "type": "object", "additionalProperties": false }, "kmsKeyIdSelector": { "description": "Selector for a Key in kms to populate kmsKeyId.", "properties": { "matchControllerRef": { "description": "MatchControllerRef ensures an object with the same controller reference\nas the selecting object is selected.", "type": "boolean" }, "matchLabels": { "additionalProperties": { "type": "string" }, "description": "MatchLabels ensures an object with matching labels is selected.", "type": "object" }, "policy": { "description": "Policies for selection.", "properties": { "resolution": { "default": "Required", "description": "Resolution specifies whether resolution of this reference is required.\nThe default is 'Required', which means the reconcile will fail if the\nreference cannot be resolved. 'Optional' means this reference will be\na no-op if it cannot be resolved.", "enum": [ "Required", "Optional" ], "type": "string" }, "resolve": { "description": "Resolve specifies when this reference should be resolved. The default\nis 'IfNotPresent', which will attempt to resolve the reference only when\nthe corresponding field is not present. Use 'Always' to resolve the\nreference on every reconcile.", "enum": [ "Always", "IfNotPresent" ], "type": "string" } }, "type": "object", "additionalProperties": false } }, "type": "object", "additionalProperties": false }, "snapshotId": { "description": "Snapshot ID to mount.", "type": "string" }, "tags": { "additionalProperties": { "type": "string" }, "description": "Map of tags to assign to the device.", "type": "object", "x-kubernetes-map-type": "granular" }, "tagsAll": { "additionalProperties": { "type": "string" }, "description": "Map of tags assigned to the resource, including those inherited from the provider default_tags configuration block.", "type": "object", "x-kubernetes-map-type": "granular" }, "throughput": { "description": "Throughput to provision for a volume in mebibytes per second (MiB/s). This is only valid for volume_type of gp3.", "type": "number" }, "volumeSize": { "description": "Size of the volume in gibibytes (GiB).", "type": "number" }, "volumeType": { "description": "Type of volume. Valid values include standard, gp2, gp3, io1, io2, sc1, or st1. Defaults to gp2.", "type": "string" } }, "type": "object", "additionalProperties": false }, "type": "array" }, "ebsOptimized": { "description": "If true, the launched EC2 instance will be EBS-optimized. Note that if this is not set on an instance type that is optimized by default then this will show as disabled but if the instance type is optimized by default then there is no need to set this and there is no effect to disabling it. See the EBS Optimized section of the AWS User Guide for more information.", "type": "boolean" }, "enablePrimaryIpv6": { "description": "Whether to assign a primary IPv6 Global Unicast Address (GUA) to the instance when launched in a dual-stack or IPv6-only subnet. A primary IPv6 address ensures a consistent IPv6 address for the instance and is automatically assigned by AWS to the ENI. Once enabled, the first IPv6 GUA becomes the primary IPv6 address and cannot be disabled. The primary IPv6 address remains until the instance is terminated or the ENI is detached. Disabling enable_primary_ipv6 after it has been enabled forces recreation of the instance.", "type": "boolean" }, "enclaveOptions": { "description": "Enable Nitro Enclaves on launched instances. See Enclave Options below for more details.", "items": { "properties": { "enabled": { "description": "Whether Nitro Enclaves will be enabled on the instance. Defaults to false.", "type": "boolean" } }, "type": "object", "additionalProperties": false }, "type": "array" }, "ephemeralBlockDevice": { "description": "One or more configuration blocks to customize Ephemeral (also known as \"Instance Store\") volumes on the instance. See Block Devices below for details. When accessing this as an attribute reference, it is a set of objects.", "items": { "properties": { "deviceName": { "description": "Name of the block device to mount on the instance.", "type": "string" }, "noDevice": { "description": "Suppresses the specified device included in the AMI's block device mapping.", "type": "boolean" }, "virtualName": { "description": "Instance Store Device Name (e.g., ephemeral0).", "type": "string" } }, "type": "object", "additionalProperties": false }, "type": "array" }, "forceDestroy": { "description": "Destroys instance even if disable_api_termination or disable_api_stop is set to true. Defaults to false. If setting this field in the same operation that would require replacing the instance or destroying the instance, this flag will not work.", "type": "boolean" }, "getPasswordData": { "description": "If true, wait for password data to become available and retrieve it. Useful for getting the administrator password for instances running Microsoft Windows. The password data is exported to the password_data attribute. See GetPasswordData for more information.", "type": "boolean" }, "hibernation": { "description": "If true, the launched EC2 instance will support hibernation.", "type": "boolean" }, "hostId": { "description": "ID of a dedicated host that the instance will be assigned to. Use when an instance is to be launched on a specific dedicated host.", "type": "string" }, "hostResourceGroupArn": { "description": "ARN of the host resource group in which to launch the instances. If you specify an ARN, omit the tenancy parameter or set it to host.", "type": "string" }, "iamInstanceProfile": { "description": "IAM Instance Profile to launch the instance with. Specified as the name of the Instance Profile. Ensure your credentials have the correct permission to assign the instance profile according to the EC2 documentation, notably iam:PassRole.", "type": "string" }, "instanceInitiatedShutdownBehavior": { "description": "Shutdown behavior for the instance. Amazon defaults this to stop for EBS-backed instances and terminate for instance-store instances. Cannot be set on instance-store instances. See Shutdown Behavior for more information.", "type": "string" }, "instanceMarketOptions": { "description": "Describes the market (purchasing) option for the instances. See Market Options below for details on attributes.", "items": { "properties": { "marketType": { "description": "Type of market for the instance. Valid values are spot and capacity-block. Defaults to spot. Required if spot_options is specified.", "type": "string" }, "spotOptions": { "description": "Block to configure the options for Spot Instances. See Spot Options below for details on attributes.", "items": { "properties": { "instanceInterruptionBehavior": { "description": "The behavior when a Spot Instance is interrupted. Valid values include hibernate, stop, terminate . The default is terminate.", "type": "string" }, "maxPrice": { "description": "The maximum hourly price that you're willing to pay for a Spot Instance.", "type": "string" }, "spotInstanceType": { "description": "The Spot Instance request type. Valid values include one-time, persistent. Persistent Spot Instance requests are only supported when the instance interruption behavior is either hibernate or stop. The default is one-time.", "type": "string" }, "validUntil": { "description": "The end date of the request, in UTC format (YYYY-MM-DDTHH:MM:SSZ). Supported only for persistent requests.", "type": "string" } }, "type": "object", "additionalProperties": false }, "type": "array" } }, "type": "object", "additionalProperties": false }, "type": "array" }, "instanceType": { "description": "Instance type to use for the instance. Required unless launch_template is specified and the Launch Template specifies an instance type. If an instance type is specified in the Launch Template, setting instance_type will override the instance type specified in the Launch Template. Updates to this field will trigger a stop/start of the EC2 instance.", "type": "string" }, "ipv6AddressCount": { "description": "Number of IPv6 addresses to associate with the primary network interface. Amazon EC2 chooses the IPv6 addresses from the range of your subnet.", "type": "number" }, "ipv6Addresses": { "description": "Specify one or more IPv6 addresses from the range of the subnet to associate with the primary network interface", "items": { "type": "string" }, "type": "array" }, "keyName": { "description": "Key name of the Key Pair to use for the instance; which can be managed using the .", "type": "string" }, "launchTemplate": { "description": "Specifies a Launch Template to configure the instance. Parameters configured on this resource will override the corresponding parameters in the Launch Template. See Launch Template Specification below for more details.", "items": { "properties": { "id": { "description": "ID of the launch template. Conflicts with name.", "type": "string" }, "name": { "description": "Name of the launch template. Conflicts with id.", "type": "string" }, "version": { "description": "Template version. Can be a specific version number, $Latest or $Default. The default value is $Default.", "type": "string" } }, "type": "object", "additionalProperties": false }, "type": "array" }, "maintenanceOptions": { "description": "Maintenance and recovery options for the instance. See Maintenance Options below for more details.", "items": { "properties": { "autoRecovery": { "description": "Automatic recovery behavior of the Instance. Can be \"default\" or \"disabled\". See Recover your instance for more details.", "type": "string" } }, "type": "object", "additionalProperties": false }, "type": "array" }, "metadataOptions": { "description": "Customize the metadata options of the instance. See Metadata Options below for more details.", "items": { "properties": { "httpEndpoint": { "description": "Whether the metadata service is available. Valid values include enabled or disabled. Defaults to enabled.", "type": "string" }, "httpProtocolIpv6": { "description": "Whether the IPv6 endpoint for the instance metadata service is enabled. Defaults to disabled.", "type": "string" }, "httpPutResponseHopLimit": { "description": "Desired HTTP PUT response hop limit for instance metadata requests. The larger the number, the further instance metadata requests can travel. Valid values are integer from 1 to 64. Defaults to 1.", "type": "number" }, "httpTokens": { "description": "Whether or not the metadata service requires session tokens, also referred to as Instance Metadata Service Version 2 (IMDSv2). Valid values include optional or required.", "type": "string" }, "instanceMetadataTags": { "description": "Enables or disables access to instance tags from the instance metadata service. Valid values include enabled or disabled. Defaults to disabled.", "type": "string" } }, "type": "object", "additionalProperties": false }, "type": "array" }, "monitoring": { "description": "If true, the launched EC2 instance will have detailed monitoring enabled. (Available since v0.6.0)", "type": "boolean" }, "networkInterface": { "description": "Customize network interfaces to be attached at instance boot time. See Network Interfaces below for more details.", "items": { "properties": { "deleteOnTermination": { "description": "Whether or not to delete the network interface on instance termination. Defaults to false. Currently, the only valid value is false, as this is only supported when creating new network interfaces when launching an instance.", "type": "boolean" }, "deviceIndex": { "description": "Integer index of the network interface attachment. Limited by instance type.", "type": "number" }, "networkCardIndex": { "description": "Integer index of the network card. Limited by instance type. The default index is 0.", "type": "number" }, "networkInterfaceId": { "description": "ID of the network interface to attach.", "type": "string" }, "networkInterfaceIdRef": { "description": "Reference to a NetworkInterface in ec2 to populate networkInterfaceId.", "properties": { "name": { "description": "Name of the referenced object.", "type": "string" }, "policy": { "description": "Policies for referencing.", "properties": { "resolution": { "default": "Required", "description": "Resolution specifies whether resolution of this reference is required.\nThe default is 'Required', which means the reconcile will fail if the\nreference cannot be resolved. 'Optional' means this reference will be\na no-op if it cannot be resolved.", "enum": [ "Required", "Optional" ], "type": "string" }, "resolve": { "description": "Resolve specifies when this reference should be resolved. The default\nis 'IfNotPresent', which will attempt to resolve the reference only when\nthe corresponding field is not present. Use 'Always' to resolve the\nreference on every reconcile.", "enum": [ "Always", "IfNotPresent" ], "type": "string" } }, "type": "object", "additionalProperties": false } }, "required": [ "name" ], "type": "object", "additionalProperties": false }, "networkInterfaceIdSelector": { "description": "Selector for a NetworkInterface in ec2 to populate networkInterfaceId.", "properties": { "matchControllerRef": { "description": "MatchControllerRef ensures an object with the same controller reference\nas the selecting object is selected.", "type": "boolean" }, "matchLabels": { "additionalProperties": { "type": "string" }, "description": "MatchLabels ensures an object with matching labels is selected.", "type": "object" }, "policy": { "description": "Policies for selection.", "properties": { "resolution": { "default": "Required", "description": "Resolution specifies whether resolution of this reference is required.\nThe default is 'Required', which means the reconcile will fail if the\nreference cannot be resolved. 'Optional' means this reference will be\na no-op if it cannot be resolved.", "enum": [ "Required", "Optional" ], "type": "string" }, "resolve": { "description": "Resolve specifies when this reference should be resolved. The default\nis 'IfNotPresent', which will attempt to resolve the reference only when\nthe corresponding field is not present. Use 'Always' to resolve the\nreference on every reconcile.", "enum": [ "Always", "IfNotPresent" ], "type": "string" } }, "type": "object", "additionalProperties": false } }, "type": "object", "additionalProperties": false } }, "type": "object", "additionalProperties": false }, "type": "array" }, "placementGroup": { "description": "Placement Group to start the instance in. Conflicts with placement_group_id.", "type": "string" }, "placementGroupId": { "description": "Placement Group ID to start the instance in. Conflicts with placement_group.", "type": "string" }, "placementPartitionNumber": { "description": "Number of the partition the instance is in. Valid only if the strategy argument is set to \"partition\".", "type": "number" }, "primaryNetworkInterface": { "description": "The primary network interface. See Primary Network Interface below.", "items": { "properties": { "networkInterfaceId": { "description": "ID of the network interface to attach.", "type": "string" }, "networkInterfaceIdRef": { "description": "Reference to a NetworkInterface in ec2 to populate networkInterfaceId.", "properties": { "name": { "description": "Name of the referenced object.", "type": "string" }, "policy": { "description": "Policies for referencing.", "properties": { "resolution": { "default": "Required", "description": "Resolution specifies whether resolution of this reference is required.\nThe default is 'Required', which means the reconcile will fail if the\nreference cannot be resolved. 'Optional' means this reference will be\na no-op if it cannot be resolved.", "enum": [ "Required", "Optional" ], "type": "string" }, "resolve": { "description": "Resolve specifies when this reference should be resolved. The default\nis 'IfNotPresent', which will attempt to resolve the reference only when\nthe corresponding field is not present. Use 'Always' to resolve the\nreference on every reconcile.", "enum": [ "Always", "IfNotPresent" ], "type": "string" } }, "type": "object", "additionalProperties": false } }, "required": [ "name" ], "type": "object", "additionalProperties": false }, "networkInterfaceIdSelector": { "description": "Selector for a NetworkInterface in ec2 to populate networkInterfaceId.", "properties": { "matchControllerRef": { "description": "MatchControllerRef ensures an object with the same controller reference\nas the selecting object is selected.", "type": "boolean" }, "matchLabels": { "additionalProperties": { "type": "string" }, "description": "MatchLabels ensures an object with matching labels is selected.", "type": "object" }, "policy": { "description": "Policies for selection.", "properties": { "resolution": { "default": "Required", "description": "Resolution specifies whether resolution of this reference is required.\nThe default is 'Required', which means the reconcile will fail if the\nreference cannot be resolved. 'Optional' means this reference will be\na no-op if it cannot be resolved.", "enum": [ "Required", "Optional" ], "type": "string" }, "resolve": { "description": "Resolve specifies when this reference should be resolved. The default\nis 'IfNotPresent', which will attempt to resolve the reference only when\nthe corresponding field is not present. Use 'Always' to resolve the\nreference on every reconcile.", "enum": [ "Always", "IfNotPresent" ], "type": "string" } }, "type": "object", "additionalProperties": false } }, "type": "object", "additionalProperties": false } }, "type": "object", "additionalProperties": false }, "type": "array" }, "privateDnsNameOptions": { "description": "Options for the instance hostname. The default values are inherited from the subnet. See Private DNS Name Options below for more details.", "items": { "properties": { "enableResourceNameDnsARecord": { "description": "Indicates whether to respond to DNS queries for instance hostnames with DNS A records.", "type": "boolean" }, "enableResourceNameDnsAaaaRecord": { "description": "Indicates whether to respond to DNS queries for instance hostnames with DNS AAAA records.", "type": "boolean" }, "hostnameType": { "description": "Type of hostname for Amazon EC2 instances. For IPv4 only subnets, an instance DNS name must be based on the instance IPv4 address. For IPv6 native subnets, an instance DNS name must be based on the instance ID. For dual-stack subnets, you can specify whether DNS names use the instance IPv4 address or the instance ID. Valid values: ip-name and resource-name.", "type": "string" } }, "type": "object", "additionalProperties": false }, "type": "array" }, "privateIp": { "description": "Private IP address to associate with the instance in a VPC.", "type": "string" }, "rootBlockDevice": { "description": "Configuration block to customize details about the root block device of the instance. See Block Devices below for details. When accessing this as an attribute reference, it is a list containing one object.", "items": { "properties": { "deleteOnTermination": { "description": "Whether the volume should be destroyed on instance termination. Defaults to true.", "type": "boolean" }, "encrypted": { "description": "Whether to enable volume encryption. Defaults to false. Must be configured to perform drift detection.", "type": "boolean" }, "iops": { "description": "Amount of provisioned IOPS. Only valid for volume_type of io1, io2 or gp3.", "type": "number" }, "kmsKeyId": { "description": "Amazon Resource Name (ARN) of the KMS Key to use when encrypting the volume. Must be configured to perform drift detection.", "type": "string" }, "kmsKeyIdRef": { "description": "Reference to a Key in kms to populate kmsKeyId.", "properties": { "name": { "description": "Name of the referenced object.", "type": "string" }, "policy": { "description": "Policies for referencing.", "properties": { "resolution": { "default": "Required", "description": "Resolution specifies whether resolution of this reference is required.\nThe default is 'Required', which means the reconcile will fail if the\nreference cannot be resolved. 'Optional' means this reference will be\na no-op if it cannot be resolved.", "enum": [ "Required", "Optional" ], "type": "string" }, "resolve": { "description": "Resolve specifies when this reference should be resolved. The default\nis 'IfNotPresent', which will attempt to resolve the reference only when\nthe corresponding field is not present. Use 'Always' to resolve the\nreference on every reconcile.", "enum": [ "Always", "IfNotPresent" ], "type": "string" } }, "type": "object", "additionalProperties": false } }, "required": [ "name" ], "type": "object", "additionalProperties": false }, "kmsKeyIdSelector": { "description": "Selector for a Key in kms to populate kmsKeyId.", "properties": { "matchControllerRef": { "description": "MatchControllerRef ensures an object with the same controller reference\nas the selecting object is selected.", "type": "boolean" }, "matchLabels": { "additionalProperties": { "type": "string" }, "description": "MatchLabels ensures an object with matching labels is selected.", "type": "object" }, "policy": { "description": "Policies for selection.", "properties": { "resolution": { "default": "Required", "description": "Resolution specifies whether resolution of this reference is required.\nThe default is 'Required', which means the reconcile will fail if the\nreference cannot be resolved. 'Optional' means this reference will be\na no-op if it cannot be resolved.", "enum": [ "Required", "Optional" ], "type": "string" }, "resolve": { "description": "Resolve specifies when this reference should be resolved. The default\nis 'IfNotPresent', which will attempt to resolve the reference only when\nthe corresponding field is not present. Use 'Always' to resolve the\nreference on every reconcile.", "enum": [ "Always", "IfNotPresent" ], "type": "string" } }, "type": "object", "additionalProperties": false } }, "type": "object", "additionalProperties": false }, "tags": { "additionalProperties": { "type": "string" }, "description": "Map of tags to assign to the device.", "type": "object", "x-kubernetes-map-type": "granular" }, "tagsAll": { "additionalProperties": { "type": "string" }, "description": "Map of tags assigned to the resource, including those inherited from the provider default_tags configuration block.", "type": "object", "x-kubernetes-map-type": "granular" }, "throughput": { "description": "Throughput to provision for a volume in mebibytes per second (MiB/s). This is only valid for volume_type of gp3.", "type": "number" }, "volumeSize": { "description": "Size of the volume in gibibytes (GiB).", "type": "number" }, "volumeType": { "description": "Type of volume. Valid values include standard, gp2, gp3, io1, io2, sc1, or st1. Defaults to the volume type that the AMI uses.", "type": "string" } }, "type": "object", "additionalProperties": false }, "type": "array" }, "secondaryPrivateIps": { "description": "List of secondary private IPv4 addresses to assign to the instance's primary network interface (eth0) in a VPC. Can only be assigned to the primary network interface (eth0) attached at instance creation, not a pre-existing network interface i.e., referenced in a network_interface block. Refer to the Elastic network interfaces documentation to see the maximum number of private IP addresses allowed per instance type.", "items": { "type": "string" }, "type": "array", "x-kubernetes-list-type": "set" }, "sourceDestCheck": { "description": "Controls if traffic is routed to the instance when the destination address does not match the instance. Used for NAT or VPNs. Defaults true.", "type": "boolean" }, "subnetId": { "description": "VPC Subnet ID to launch in.", "type": "string" }, "subnetIdRef": { "description": "Reference to a Subnet in ec2 to populate subnetId.", "properties": { "name": { "description": "Name of the referenced object.", "type": "string" }, "policy": { "description": "Policies for referencing.", "properties": { "resolution": { "default": "Required", "description": "Resolution specifies whether resolution of this reference is required.\nThe default is 'Required', which means the reconcile will fail if the\nreference cannot be resolved. 'Optional' means this reference will be\na no-op if it cannot be resolved.", "enum": [ "Required", "Optional" ], "type": "string" }, "resolve": { "description": "Resolve specifies when this reference should be resolved. The default\nis 'IfNotPresent', which will attempt to resolve the reference only when\nthe corresponding field is not present. Use 'Always' to resolve the\nreference on every reconcile.", "enum": [ "Always", "IfNotPresent" ], "type": "string" } }, "type": "object", "additionalProperties": false } }, "required": [ "name" ], "type": "object", "additionalProperties": false }, "subnetIdSelector": { "description": "Selector for a Subnet in ec2 to populate subnetId.", "properties": { "matchControllerRef": { "description": "MatchControllerRef ensures an object with the same controller reference\nas the selecting object is selected.", "type": "boolean" }, "matchLabels": { "additionalProperties": { "type": "string" }, "description": "MatchLabels ensures an object with matching labels is selected.", "type": "object" }, "policy": { "description": "Policies for selection.", "properties": { "resolution": { "default": "Required", "description": "Resolution specifies whether resolution of this reference is required.\nThe default is 'Required', which means the reconcile will fail if the\nreference cannot be resolved. 'Optional' means this reference will be\na no-op if it cannot be resolved.", "enum": [ "Required", "Optional" ], "type": "string" }, "resolve": { "description": "Resolve specifies when this reference should be resolved. The default\nis 'IfNotPresent', which will attempt to resolve the reference only when\nthe corresponding field is not present. Use 'Always' to resolve the\nreference on every reconcile.", "enum": [ "Always", "IfNotPresent" ], "type": "string" } }, "type": "object", "additionalProperties": false } }, "type": "object", "additionalProperties": false }, "tags": { "additionalProperties": { "type": "string" }, "description": "Key-value map of resource tags.", "type": "object", "x-kubernetes-map-type": "granular" }, "tenancy": { "description": "Tenancy of the instance (if the instance is running in a VPC). An instance with a tenancy of dedicated runs on single-tenant hardware. The host tenancy is not supported for the import-instance command. Valid values are default, dedicated, and host.", "type": "string" }, "userData": { "description": "User data to provide when launching the instance. Do not pass gzip-compressed data via this argument; see user_data_base64 instead. Updates to this field will trigger a stop/start of the EC2 instance by default. If the user_data_replace_on_change is set then updates to this field will trigger a destroy and recreate of the EC2 instance.", "type": "string" }, "userDataBase64": { "description": "Can be used instead of user_data to pass base64-encoded binary data directly. Use this instead of user_data whenever the value is not a valid UTF-8 string. For example, gzip-encoded user data must be base64-encoded and passed via this argument to avoid corruption. Updates to this field will trigger a stop/start of the EC2 instance by default. If the user_data_replace_on_change is set then updates to this field will trigger a destroy and recreate of the EC2 instance.", "type": "string" }, "userDataReplaceOnChange": { "description": "When used in combination with user_data or user_data_base64 will trigger a destroy and recreate of the EC2 instance when set to true. Defaults to false if not set.", "type": "boolean" }, "volumeTags": { "additionalProperties": { "type": "string" }, "description": "Map of tags to assign, at instance-creation time, to root and EBS volumes.", "type": "object", "x-kubernetes-map-type": "granular" }, "vpcSecurityGroupIdRefs": { "description": "References to SecurityGroup in ec2 to populate vpcSecurityGroupIds.", "items": { "description": "A Reference to a named object.", "properties": { "name": { "description": "Name of the referenced object.", "type": "string" }, "policy": { "description": "Policies for referencing.", "properties": { "resolution": { "default": "Required", "description": "Resolution specifies whether resolution of this reference is required.\nThe default is 'Required', which means the reconcile will fail if the\nreference cannot be resolved. 'Optional' means this reference will be\na no-op if it cannot be resolved.", "enum": [ "Required", "Optional" ], "type": "string" }, "resolve": { "description": "Resolve specifies when this reference should be resolved. The default\nis 'IfNotPresent', which will attempt to resolve the reference only when\nthe corresponding field is not present. Use 'Always' to resolve the\nreference on every reconcile.", "enum": [ "Always", "IfNotPresent" ], "type": "string" } }, "type": "object", "additionalProperties": false } }, "required": [ "name" ], "type": "object", "additionalProperties": false }, "type": "array" }, "vpcSecurityGroupIdSelector": { "description": "Selector for a list of SecurityGroup in ec2 to populate vpcSecurityGroupIds.", "properties": { "matchControllerRef": { "description": "MatchControllerRef ensures an object with the same controller reference\nas the selecting object is selected.", "type": "boolean" }, "matchLabels": { "additionalProperties": { "type": "string" }, "description": "MatchLabels ensures an object with matching labels is selected.", "type": "object" }, "policy": { "description": "Policies for selection.", "properties": { "resolution": { "default": "Required", "description": "Resolution specifies whether resolution of this reference is required.\nThe default is 'Required', which means the reconcile will fail if the\nreference cannot be resolved. 'Optional' means this reference will be\na no-op if it cannot be resolved.", "enum": [ "Required", "Optional" ], "type": "string" }, "resolve": { "description": "Resolve specifies when this reference should be resolved. The default\nis 'IfNotPresent', which will attempt to resolve the reference only when\nthe corresponding field is not present. Use 'Always' to resolve the\nreference on every reconcile.", "enum": [ "Always", "IfNotPresent" ], "type": "string" } }, "type": "object", "additionalProperties": false } }, "type": "object", "additionalProperties": false }, "vpcSecurityGroupIds": { "description": "List of security group IDs to associate with.", "items": { "type": "string" }, "type": "array", "x-kubernetes-list-type": "set" } }, "type": "object", "additionalProperties": false }, "managementPolicies": { "default": [ "*" ], "description": "THIS IS A BETA FIELD. It is on by default but can be opted out\nthrough a Crossplane feature flag.\nManagementPolicies specify the array of actions Crossplane is allowed to\ntake on the managed and external resources.\nThis field is planned to replace the DeletionPolicy field in a future\nrelease. Currently, both could be set independently and non-default\nvalues would be honored if the feature flag is enabled. If both are\ncustom, the DeletionPolicy field will be ignored.\nSee the design doc for more information: https://github.com/crossplane/crossplane/blob/499895a25d1a1a0ba1604944ef98ac7a1a71f197/design/design-doc-observe-only-resources.md?plain=1#L223\nand this one: https://github.com/crossplane/crossplane/blob/444267e84783136daa93568b364a5f01228cacbe/design/one-pager-ignore-changes.md", "items": { "description": "A ManagementAction represents an action that the Crossplane controllers\ncan take on an external resource.", "enum": [ "Observe", "Create", "Update", "Delete", "LateInitialize", "*" ], "type": "string" }, "type": "array" }, "providerConfigRef": { "default": { "name": "default" }, "description": "ProviderConfigReference specifies how the provider that will be used to\ncreate, observe, update, and delete this managed resource should be\nconfigured.", "properties": { "name": { "description": "Name of the referenced object.", "type": "string" }, "policy": { "description": "Policies for referencing.", "properties": { "resolution": { "default": "Required", "description": "Resolution specifies whether resolution of this reference is required.\nThe default is 'Required', which means the reconcile will fail if the\nreference cannot be resolved. 'Optional' means this reference will be\na no-op if it cannot be resolved.", "enum": [ "Required", "Optional" ], "type": "string" }, "resolve": { "description": "Resolve specifies when this reference should be resolved. The default\nis 'IfNotPresent', which will attempt to resolve the reference only when\nthe corresponding field is not present. Use 'Always' to resolve the\nreference on every reconcile.", "enum": [ "Always", "IfNotPresent" ], "type": "string" } }, "type": "object", "additionalProperties": false } }, "required": [ "name" ], "type": "object", "additionalProperties": false }, "writeConnectionSecretToRef": { "description": "WriteConnectionSecretToReference specifies the namespace and name of a\nSecret to which any connection details for this managed resource should\nbe written. Connection details frequently include the endpoint, username,\nand password required to connect to the managed resource.", "properties": { "name": { "description": "Name of the secret.", "type": "string" }, "namespace": { "description": "Namespace of the secret.", "type": "string" } }, "required": [ "name", "namespace" ], "type": "object", "additionalProperties": false } }, "required": [ "forProvider" ], "type": "object", "additionalProperties": false }, "status": { "description": "InstanceStatus defines the observed state of Instance.", "properties": { "atProvider": { "properties": { "ami": { "description": "AMI to use for the instance. Required unless launch_template is specified and the Launch Template specifes an AMI. If an AMI is specified in the Launch Template, setting ami will override the AMI specified in the Launch Template.", "type": "string" }, "arn": { "description": "ARN of the instance.", "type": "string" }, "associatePublicIpAddress": { "description": "Whether to associate a public IP address with an instance in a VPC.", "type": "boolean" }, "availabilityZone": { "description": "AZ to start the instance in.", "type": "string" }, "capacityReservationSpecification": { "description": "Describes an instance's Capacity Reservation targeting option. See Capacity Reservation Specification below for more details.", "items": { "properties": { "capacityReservationPreference": { "description": "Indicates the instance's Capacity Reservation preferences. Can be \"open\" or \"none\". (Default: \"open\").", "type": "string" }, "capacityReservationTarget": { "description": "Information about the target Capacity Reservation. See Capacity Reservation Target below for more details.", "items": { "properties": { "capacityReservationId": { "description": "ID of the Capacity Reservation in which to run the instance.", "type": "string" }, "capacityReservationResourceGroupArn": { "description": "ARN of the Capacity Reservation resource group in which to run the instance.", "type": "string" } }, "type": "object", "additionalProperties": false }, "type": "array" } }, "type": "object", "additionalProperties": false }, "type": "array" }, "cpuOptions": { "description": "The CPU options for the instance. See CPU Options below for more details.", "items": { "properties": { "amdSevSnp": { "description": "Indicates whether to enable the instance for AMD SEV-SNP. AMD SEV-SNP is supported with M6a, R6a, and C6a instance types only. Valid values are enabled and disabled.", "type": "string" }, "coreCount": { "description": "Sets the number of CPU cores for an instance. This option is only supported on creation of instance type that support CPU Options CPU Cores and Threads Per CPU Core Per Instance Type - specifying this option for unsupported instance types will return an error from the EC2 API.", "type": "number" }, "threadsPerCore": { "description": "If set to 1, hyperthreading is disabled on the launched instance. Defaults to 2 if not set. See Optimizing CPU Options for more information.", "type": "number" } }, "type": "object", "additionalProperties": false }, "type": "array" }, "creditSpecification": { "description": "Configuration block for customizing the credit specification of the instance. See Credit Specification below for more details. Removing this configuration on existing instances will only stop managing it. It will not change the configuration back to the default for the instance type.", "items": { "properties": { "cpuCredits": { "description": "Credit option for CPU usage. Valid values include standard or unlimited. T3 instances are launched as unlimited by default. T2 instances are launched as standard by default.", "type": "string" } }, "type": "object", "additionalProperties": false }, "type": "array" }, "disableApiStop": { "description": "If true, enables EC2 Instance Stop Protection.", "type": "boolean" }, "disableApiTermination": { "description": "If true, enables EC2 Instance Termination Protection.", "type": "boolean" }, "ebsBlockDevice": { "description": "One or more configuration blocks with additional EBS block devices to attach to the instance. Block device configurations only apply on resource creation. See Block Devices below for details on attributes and drift detection. When accessing this as an attribute reference, it is a set of objects.", "items": { "properties": { "deleteOnTermination": { "description": "Whether the volume should be destroyed on instance termination. Defaults to true.", "type": "boolean" }, "deviceName": { "description": "Name of the device to mount.", "type": "string" }, "encrypted": { "description": "Enables EBS encryption on the volume. Defaults to false. Cannot be used with snapshot_id. Must be configured to perform drift detection.", "type": "boolean" }, "iops": { "description": "Amount of provisioned IOPS. Only valid for volume_type of io1, io2 or gp3.", "type": "number" }, "kmsKeyId": { "description": "Amazon Resource Name (ARN) of the KMS Key to use when encrypting the volume. Must be configured to perform drift detection.", "type": "string" }, "snapshotId": { "description": "Snapshot ID to mount.", "type": "string" }, "tags": { "additionalProperties": { "type": "string" }, "description": "Map of tags to assign to the device.", "type": "object", "x-kubernetes-map-type": "granular" }, "tagsAll": { "additionalProperties": { "type": "string" }, "description": "Map of tags assigned to the resource, including those inherited from the provider default_tags configuration block.", "type": "object", "x-kubernetes-map-type": "granular" }, "throughput": { "description": "Throughput to provision for a volume in mebibytes per second (MiB/s). This is only valid for volume_type of gp3.", "type": "number" }, "volumeId": { "description": "ID of the volume. For example, the ID can be accessed like this, aws_instance.web.ebs_block_device.2.volume_id.", "type": "string" }, "volumeSize": { "description": "Size of the volume in gibibytes (GiB).", "type": "number" }, "volumeType": { "description": "Type of volume. Valid values include standard, gp2, gp3, io1, io2, sc1, or st1. Defaults to gp2.", "type": "string" } }, "type": "object", "additionalProperties": false }, "type": "array" }, "ebsOptimized": { "description": "If true, the launched EC2 instance will be EBS-optimized. Note that if this is not set on an instance type that is optimized by default then this will show as disabled but if the instance type is optimized by default then there is no need to set this and there is no effect to disabling it. See the EBS Optimized section of the AWS User Guide for more information.", "type": "boolean" }, "enablePrimaryIpv6": { "description": "Whether to assign a primary IPv6 Global Unicast Address (GUA) to the instance when launched in a dual-stack or IPv6-only subnet. A primary IPv6 address ensures a consistent IPv6 address for the instance and is automatically assigned by AWS to the ENI. Once enabled, the first IPv6 GUA becomes the primary IPv6 address and cannot be disabled. The primary IPv6 address remains until the instance is terminated or the ENI is detached. Disabling enable_primary_ipv6 after it has been enabled forces recreation of the instance.", "type": "boolean" }, "enclaveOptions": { "description": "Enable Nitro Enclaves on launched instances. See Enclave Options below for more details.", "items": { "properties": { "enabled": { "description": "Whether Nitro Enclaves will be enabled on the instance. Defaults to false.", "type": "boolean" } }, "type": "object", "additionalProperties": false }, "type": "array" }, "ephemeralBlockDevice": { "description": "One or more configuration blocks to customize Ephemeral (also known as \"Instance Store\") volumes on the instance. See Block Devices below for details. When accessing this as an attribute reference, it is a set of objects.", "items": { "properties": { "deviceName": { "description": "Name of the block device to mount on the instance.", "type": "string" }, "noDevice": { "description": "Suppresses the specified device included in the AMI's block device mapping.", "type": "boolean" }, "virtualName": { "description": "Instance Store Device Name (e.g., ephemeral0).", "type": "string" } }, "type": "object", "additionalProperties": false }, "type": "array" }, "forceDestroy": { "description": "Destroys instance even if disable_api_termination or disable_api_stop is set to true. Defaults to false. If setting this field in the same operation that would require replacing the instance or destroying the instance, this flag will not work.", "type": "boolean" }, "getPasswordData": { "description": "If true, wait for password data to become available and retrieve it. Useful for getting the administrator password for instances running Microsoft Windows. The password data is exported to the password_data attribute. See GetPasswordData for more information.", "type": "boolean" }, "hibernation": { "description": "If true, the launched EC2 instance will support hibernation.", "type": "boolean" }, "hostId": { "description": "ID of a dedicated host that the instance will be assigned to. Use when an instance is to be launched on a specific dedicated host.", "type": "string" }, "hostResourceGroupArn": { "description": "ARN of the host resource group in which to launch the instances. If you specify an ARN, omit the tenancy parameter or set it to host.", "type": "string" }, "iamInstanceProfile": { "description": "IAM Instance Profile to launch the instance with. Specified as the name of the Instance Profile. Ensure your credentials have the correct permission to assign the instance profile according to the EC2 documentation, notably iam:PassRole.", "type": "string" }, "id": { "description": "ID of the instance.", "type": "string" }, "instanceInitiatedShutdownBehavior": { "description": "Shutdown behavior for the instance. Amazon defaults this to stop for EBS-backed instances and terminate for instance-store instances. Cannot be set on instance-store instances. See Shutdown Behavior for more information.", "type": "string" }, "instanceLifecycle": { "description": "Indicates whether this is a Spot Instance or a Scheduled Instance.", "type": "string" }, "instanceMarketOptions": { "description": "Describes the market (purchasing) option for the instances. See Market Options below for details on attributes.", "items": { "properties": { "marketType": { "description": "Type of market for the instance. Valid values are spot and capacity-block. Defaults to spot. Required if spot_options is specified.", "type": "string" }, "spotOptions": { "description": "Block to configure the options for Spot Instances. See Spot Options below for details on attributes.", "items": { "properties": { "instanceInterruptionBehavior": { "description": "The behavior when a Spot Instance is interrupted. Valid values include hibernate, stop, terminate . The default is terminate.", "type": "string" }, "maxPrice": { "description": "The maximum hourly price that you're willing to pay for a Spot Instance.", "type": "string" }, "spotInstanceType": { "description": "The Spot Instance request type. Valid values include one-time, persistent. Persistent Spot Instance requests are only supported when the instance interruption behavior is either hibernate or stop. The default is one-time.", "type": "string" }, "validUntil": { "description": "The end date of the request, in UTC format (YYYY-MM-DDTHH:MM:SSZ). Supported only for persistent requests.", "type": "string" } }, "type": "object", "additionalProperties": false }, "type": "array" } }, "type": "object", "additionalProperties": false }, "type": "array" }, "instanceState": { "description": "State of the instance. One of: pending, running, shutting-down, terminated, stopping, stopped. See Instance Lifecycle for more information.", "type": "string" }, "instanceType": { "description": "Instance type to use for the instance. Required unless launch_template is specified and the Launch Template specifies an instance type. If an instance type is specified in the Launch Template, setting instance_type will override the instance type specified in the Launch Template. Updates to this field will trigger a stop/start of the EC2 instance.", "type": "string" }, "ipv6AddressCount": { "description": "Number of IPv6 addresses to associate with the primary network interface. Amazon EC2 chooses the IPv6 addresses from the range of your subnet.", "type": "number" }, "ipv6Addresses": { "description": "Specify one or more IPv6 addresses from the range of the subnet to associate with the primary network interface", "items": { "type": "string" }, "type": "array" }, "keyName": { "description": "Key name of the Key Pair to use for the instance; which can be managed using the .", "type": "string" }, "launchTemplate": { "description": "Specifies a Launch Template to configure the instance. Parameters configured on this resource will override the corresponding parameters in the Launch Template. See Launch Template Specification below for more details.", "items": { "properties": { "id": { "description": "ID of the launch template. Conflicts with name.", "type": "string" }, "name": { "description": "Name of the launch template. Conflicts with id.", "type": "string" }, "version": { "description": "Template version. Can be a specific version number, $Latest or $Default. The default value is $Default.", "type": "string" } }, "type": "object", "additionalProperties": false }, "type": "array" }, "maintenanceOptions": { "description": "Maintenance and recovery options for the instance. See Maintenance Options below for more details.", "items": { "properties": { "autoRecovery": { "description": "Automatic recovery behavior of the Instance. Can be \"default\" or \"disabled\". See Recover your instance for more details.", "type": "string" } }, "type": "object", "additionalProperties": false }, "type": "array" }, "metadataOptions": { "description": "Customize the metadata options of the instance. See Metadata Options below for more details.", "items": { "properties": { "httpEndpoint": { "description": "Whether the metadata service is available. Valid values include enabled or disabled. Defaults to enabled.", "type": "string" }, "httpProtocolIpv6": { "description": "Whether the IPv6 endpoint for the instance metadata service is enabled. Defaults to disabled.", "type": "string" }, "httpPutResponseHopLimit": { "description": "Desired HTTP PUT response hop limit for instance metadata requests. The larger the number, the further instance metadata requests can travel. Valid values are integer from 1 to 64. Defaults to 1.", "type": "number" }, "httpTokens": { "description": "Whether or not the metadata service requires session tokens, also referred to as Instance Metadata Service Version 2 (IMDSv2). Valid values include optional or required.", "type": "string" }, "instanceMetadataTags": { "description": "Enables or disables access to instance tags from the instance metadata service. Valid values include enabled or disabled. Defaults to disabled.", "type": "string" } }, "type": "object", "additionalProperties": false }, "type": "array" }, "monitoring": { "description": "If true, the launched EC2 instance will have detailed monitoring enabled. (Available since v0.6.0)", "type": "boolean" }, "networkInterface": { "description": "Customize network interfaces to be attached at instance boot time. See Network Interfaces below for more details.", "items": { "properties": { "deleteOnTermination": { "description": "Whether or not to delete the network interface on instance termination. Defaults to false. Currently, the only valid value is false, as this is only supported when creating new network interfaces when launching an instance.", "type": "boolean" }, "deviceIndex": { "description": "Integer index of the network interface attachment. Limited by instance type.", "type": "number" }, "networkCardIndex": { "description": "Integer index of the network card. Limited by instance type. The default index is 0.", "type": "number" }, "networkInterfaceId": { "description": "ID of the network interface to attach.", "type": "string" } }, "type": "object", "additionalProperties": false }, "type": "array" }, "outpostArn": { "description": "ARN of the Outpost the instance is assigned to.", "type": "string" }, "passwordData": { "description": "Base-64 encoded encrypted password data for the instance. Useful for getting the administrator password for instances running Microsoft Windows. This attribute is only exported if get_password_data is true. Note that this encrypted value will be stored in the state file, as with all exported attributes. See GetPasswordData for more information.", "type": "string" }, "placementGroup": { "description": "Placement Group to start the instance in. Conflicts with placement_group_id.", "type": "string" }, "placementGroupId": { "description": "Placement Group ID to start the instance in. Conflicts with placement_group.", "type": "string" }, "placementPartitionNumber": { "description": "Number of the partition the instance is in. Valid only if the strategy argument is set to \"partition\".", "type": "number" }, "primaryNetworkInterface": { "description": "The primary network interface. See Primary Network Interface below.", "items": { "properties": { "deleteOnTermination": { "description": "(Read-Only) Whether the network interface will be deleted when the instance terminates.", "type": "boolean" }, "networkInterfaceId": { "description": "ID of the network interface to attach.", "type": "string" } }, "type": "object", "additionalProperties": false }, "type": "array" }, "primaryNetworkInterfaceId": { "description": "ID of the instance's primary network interface.", "type": "string" }, "privateDns": { "description": "Private DNS name assigned to the instance. Can only be used inside the Amazon EC2, and only available if you've enabled DNS hostnames for your VPC.", "type": "string" }, "privateDnsNameOptions": { "description": "Options for the instance hostname. The default values are inherited from the subnet. See Private DNS Name Options below for more details.", "items": { "properties": { "enableResourceNameDnsARecord": { "description": "Indicates whether to respond to DNS queries for instance hostnames with DNS A records.", "type": "boolean" }, "enableResourceNameDnsAaaaRecord": { "description": "Indicates whether to respond to DNS queries for instance hostnames with DNS AAAA records.", "type": "boolean" }, "hostnameType": { "description": "Type of hostname for Amazon EC2 instances. For IPv4 only subnets, an instance DNS name must be based on the instance IPv4 address. For IPv6 native subnets, an instance DNS name must be based on the instance ID. For dual-stack subnets, you can specify whether DNS names use the instance IPv4 address or the instance ID. Valid values: ip-name and resource-name.", "type": "string" } }, "type": "object", "additionalProperties": false }, "type": "array" }, "privateIp": { "description": "Private IP address to associate with the instance in a VPC.", "type": "string" }, "publicDns": { "description": "Public DNS name assigned to the instance. For EC2-VPC, this is only available if you've enabled DNS hostnames for your VPC.", "type": "string" }, "publicIp": { "description": "Public IP address assigned to the instance, if applicable. NOTE: If you are using an aws_eip with your instance, you should refer to the EIP's address directly and not use public_ip as this field will change after the EIP is attached.", "type": "string" }, "region": { "description": "Region where this resource will be managed. Defaults to the Region set in the provider configuration.\nRegion is the region you'd like your resource to be created in.", "type": "string" }, "rootBlockDevice": { "description": "Configuration block to customize details about the root block device of the instance. See Block Devices below for details. When accessing this as an attribute reference, it is a list containing one object.", "items": { "properties": { "deleteOnTermination": { "description": "Whether the volume should be destroyed on instance termination. Defaults to true.", "type": "boolean" }, "deviceName": { "description": "Device name, e.g., /dev/sdh or xvdh.", "type": "string" }, "encrypted": { "description": "Whether to enable volume encryption. Defaults to false. Must be configured to perform drift detection.", "type": "boolean" }, "iops": { "description": "Amount of provisioned IOPS. Only valid for volume_type of io1, io2 or gp3.", "type": "number" }, "kmsKeyId": { "description": "Amazon Resource Name (ARN) of the KMS Key to use when encrypting the volume. Must be configured to perform drift detection.", "type": "string" }, "tags": { "additionalProperties": { "type": "string" }, "description": "Map of tags to assign to the device.", "type": "object", "x-kubernetes-map-type": "granular" }, "tagsAll": { "additionalProperties": { "type": "string" }, "description": "Map of tags assigned to the resource, including those inherited from the provider default_tags configuration block.", "type": "object", "x-kubernetes-map-type": "granular" }, "throughput": { "description": "Throughput to provision for a volume in mebibytes per second (MiB/s). This is only valid for volume_type of gp3.", "type": "number" }, "volumeId": { "description": "ID of the volume. For example, the ID can be accessed like this, aws_instance.web.root_block_device.0.volume_id.", "type": "string" }, "volumeSize": { "description": "Size of the volume in gibibytes (GiB).", "type": "number" }, "volumeType": { "description": "Type of volume. Valid values include standard, gp2, gp3, io1, io2, sc1, or st1. Defaults to the volume type that the AMI uses.", "type": "string" } }, "type": "object", "additionalProperties": false }, "type": "array" }, "secondaryPrivateIps": { "description": "List of secondary private IPv4 addresses to assign to the instance's primary network interface (eth0) in a VPC. Can only be assigned to the primary network interface (eth0) attached at instance creation, not a pre-existing network interface i.e., referenced in a network_interface block. Refer to the Elastic network interfaces documentation to see the maximum number of private IP addresses allowed per instance type.", "items": { "type": "string" }, "type": "array", "x-kubernetes-list-type": "set" }, "securityGroups": { "description": "List of security group names to associate with.", "items": { "type": "string" }, "type": "array", "x-kubernetes-list-type": "set" }, "sourceDestCheck": { "description": "Controls if traffic is routed to the instance when the destination address does not match the instance. Used for NAT or VPNs. Defaults true.", "type": "boolean" }, "spotInstanceRequestId": { "description": "If the request is a Spot Instance request, the ID of the request.", "type": "string" }, "subnetId": { "description": "VPC Subnet ID to launch in.", "type": "string" }, "tags": { "additionalProperties": { "type": "string" }, "description": "Key-value map of resource tags.", "type": "object", "x-kubernetes-map-type": "granular" }, "tagsAll": { "additionalProperties": { "type": "string" }, "description": "Map of tags assigned to the resource, including those inherited from the provider default_tags configuration block.", "type": "object", "x-kubernetes-map-type": "granular" }, "tenancy": { "description": "Tenancy of the instance (if the instance is running in a VPC). An instance with a tenancy of dedicated runs on single-tenant hardware. The host tenancy is not supported for the import-instance command. Valid values are default, dedicated, and host.", "type": "string" }, "userData": { "description": "User data to provide when launching the instance. Do not pass gzip-compressed data via this argument; see user_data_base64 instead. Updates to this field will trigger a stop/start of the EC2 instance by default. If the user_data_replace_on_change is set then updates to this field will trigger a destroy and recreate of the EC2 instance.", "type": "string" }, "userDataBase64": { "description": "Can be used instead of user_data to pass base64-encoded binary data directly. Use this instead of user_data whenever the value is not a valid UTF-8 string. For example, gzip-encoded user data must be base64-encoded and passed via this argument to avoid corruption. Updates to this field will trigger a stop/start of the EC2 instance by default. If the user_data_replace_on_change is set then updates to this field will trigger a destroy and recreate of the EC2 instance.", "type": "string" }, "userDataReplaceOnChange": { "description": "When used in combination with user_data or user_data_base64 will trigger a destroy and recreate of the EC2 instance when set to true. Defaults to false if not set.", "type": "boolean" }, "volumeTags": { "additionalProperties": { "type": "string" }, "description": "Map of tags to assign, at instance-creation time, to root and EBS volumes.", "type": "object", "x-kubernetes-map-type": "granular" }, "vpcSecurityGroupIds": { "description": "List of security group IDs to associate with.", "items": { "type": "string" }, "type": "array", "x-kubernetes-list-type": "set" } }, "type": "object", "additionalProperties": false }, "conditions": { "description": "Conditions of the resource.", "items": { "description": "A Condition that may apply to a resource.", "properties": { "lastTransitionTime": { "description": "LastTransitionTime is the last time this condition transitioned from one\nstatus to another.", "format": "date-time", "type": "string" }, "message": { "description": "A Message containing details about this condition's last transition from\none status to another, if any.", "type": "string" }, "observedGeneration": { "description": "ObservedGeneration represents the .metadata.generation that the condition was set based upon.\nFor instance, if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration is 9, the condition is out of date\nwith respect to the current state of the instance.", "format": "int64", "type": "integer" }, "reason": { "description": "A Reason for this condition's last transition from one status to another.", "type": "string" }, "status": { "description": "Status of this condition; is it currently True, False, or Unknown?", "type": "string" }, "type": { "description": "Type of this condition. At most one of each condition type may apply to\na resource at any point in time.", "type": "string" } }, "required": [ "lastTransitionTime", "reason", "status", "type" ], "type": "object", "additionalProperties": false }, "type": "array", "x-kubernetes-list-map-keys": [ "type" ], "x-kubernetes-list-type": "map" }, "observedGeneration": { "description": "ObservedGeneration is the latest metadata.generation\nwhich resulted in either a ready state, or stalled due to error\nit can not recover from without human intervention.", "format": "int64", "type": "integer" } }, "type": "object", "additionalProperties": false } }, "required": [ "spec" ], "type": "object" }