Resource: awsNetworkmanagerCoreNetwork

Provides a core network resource.

\~> NOTE on Core Networks and Policy Attachments: For a given core network, this resource's policyDocument argument is incompatible with using the awsNetworkmanagerCoreNetworkPolicyAttachment resource. When using this resource's policyDocument argument and the awsNetworkmanagerCoreNetworkPolicyAttachment resource, both will attempt to manage the core network's policy document and Terraform will show a permanent difference.

Example Usage

Basic

/*Provider bindings are generated by running cdktf get.
See https://cdk.tf/provider-generation for more details.*/
import * as aws from "./.gen/providers/aws";
new aws.networkmanagerCoreNetwork.NetworkmanagerCoreNetwork(this, "example", {
  globalNetworkId: "${aws_networkmanager_global_network.example.id}",
});

With description

/*Provider bindings are generated by running cdktf get.
See https://cdk.tf/provider-generation for more details.*/
import * as aws from "./.gen/providers/aws";
new aws.networkmanagerCoreNetwork.NetworkmanagerCoreNetwork(this, "example", {
  description: "example",
  globalNetworkId: "${aws_networkmanager_global_network.example.id}",
});

With tags

/*Provider bindings are generated by running cdktf get.
See https://cdk.tf/provider-generation for more details.*/
import * as aws from "./.gen/providers/aws";
new aws.networkmanagerCoreNetwork.NetworkmanagerCoreNetwork(this, "example", {
  globalNetworkId: "${aws_networkmanager_global_network.example.id}",
  tags: {
    hello: "world",
  },
});

With VPC Attachment (Single Region)

The example below illustrates the scenario where your policy document has static routes pointing to VPC attachments and you want to attach your VPCs to the core network before applying the desired policy document. Set the createBasePolicy argument to true if your core network does not currently have any live policies (e.g. this is the first terraformApply with the core network resource), since a live policy is required before VPCs can be attached to the core network. Otherwise, if your core network already has a live policy, you may exclude the createBasePolicy argument.

/*Provider bindings are generated by running cdktf get.
See https://cdk.tf/provider-generation for more details.*/
import * as aws from "./.gen/providers/aws";
const awsNetworkmanagerGlobalNetworkExample =
  new aws.networkmanagerGlobalNetwork.NetworkmanagerGlobalNetwork(
    this,
    "example",
    {}
  );
const awsNetworkmanagerCoreNetworkExample =
  new aws.networkmanagerCoreNetwork.NetworkmanagerCoreNetwork(
    this,
    "example_1",
    {
      createBasePolicy: true,
      globalNetworkId: awsNetworkmanagerGlobalNetworkExample.id,
    }
  );
/*This allows the Terraform resource name to match the original name. You can remove the call if you don't need them to match.*/
awsNetworkmanagerCoreNetworkExample.overrideLogicalId("example");
const awsNetworkmanagerVpcAttachmentExample =
  new aws.networkmanagerVpcAttachment.NetworkmanagerVpcAttachment(
    this,
    "example_2",
    {
      coreNetworkId: awsNetworkmanagerCoreNetworkExample.id,
      subnetArns: "${aws_subnet.example[*].arn}",
      vpcArn: "${aws_vpc.example.arn}",
    }
  );
/*This allows the Terraform resource name to match the original name. You can remove the call if you don't need them to match.*/
awsNetworkmanagerVpcAttachmentExample.overrideLogicalId("example");
const dataAwsNetworkmanagerCoreNetworkPolicyDocumentExample =
  new aws.dataAwsNetworkmanagerCoreNetworkPolicyDocument.DataAwsNetworkmanagerCoreNetworkPolicyDocument(
    this,
    "example_3",
    {
      coreNetworkConfiguration: [
        {
          asnRanges: ["65022-65534"],
          edgeLocations: [
            {
              location: "us-west-2",
            },
          ],
        },
      ],
      segmentActions: [
        {
          action: "create-route",
          destinationCidrBlocks: ["0.0.0.0/0"],
          destinations: [awsNetworkmanagerVpcAttachmentExample.id],
          segment: "segment",
        },
      ],
      segments: [
        {
          name: "segment",
        },
      ],
    }
  );
/*This allows the Terraform resource name to match the original name. You can remove the call if you don't need them to match.*/
dataAwsNetworkmanagerCoreNetworkPolicyDocumentExample.overrideLogicalId(
  "example"
);
const awsNetworkmanagerCoreNetworkPolicyAttachmentExample =
  new aws.networkmanagerCoreNetworkPolicyAttachment.NetworkmanagerCoreNetworkPolicyAttachment(
    this,
    "example_4",
    {
      coreNetworkId: awsNetworkmanagerCoreNetworkExample.id,
      policyDocument:
        dataAwsNetworkmanagerCoreNetworkPolicyDocumentExample.json,
    }
  );
/*This allows the Terraform resource name to match the original name. You can remove the call if you don't need them to match.*/
awsNetworkmanagerCoreNetworkPolicyAttachmentExample.overrideLogicalId(
  "example"
);

With VPC Attachment (Multi-Region)

The example below illustrates the scenario where your policy document has static routes pointing to VPC attachments and you want to attach your VPCs to the core network before applying the desired policy document. Set the createBasePolicy argument of the awsNetworkmanagerCoreNetwork resource to true if your core network does not currently have any live policies (e.g. this is the first terraformApply with the core network resource), since a live policy is required before VPCs can be attached to the core network. Otherwise, if your core network already has a live policy, you may exclude the createBasePolicy argument. For multi-region in a core network that does not yet have a live policy, pass a list of regions to the awsNetworkmanagerCoreNetwork basePolicyRegions argument. In the example below, usWest2 and usEast1 are specified in the base policy.

/*Provider bindings are generated by running cdktf get.
See https://cdk.tf/provider-generation for more details.*/
import * as aws from "./.gen/providers/aws";
const awsNetworkmanagerGlobalNetworkExample =
  new aws.networkmanagerGlobalNetwork.NetworkmanagerGlobalNetwork(
    this,
    "example",
    {}
  );
const awsNetworkmanagerCoreNetworkExample =
  new aws.networkmanagerCoreNetwork.NetworkmanagerCoreNetwork(
    this,
    "example_1",
    {
      basePolicyRegions: ["us-west-2", "us-east-1"],
      createBasePolicy: true,
      globalNetworkId: awsNetworkmanagerGlobalNetworkExample.id,
    }
  );
/*This allows the Terraform resource name to match the original name. You can remove the call if you don't need them to match.*/
awsNetworkmanagerCoreNetworkExample.overrideLogicalId("example");
const awsNetworkmanagerVpcAttachmentExampleUsEast1 =
  new aws.networkmanagerVpcAttachment.NetworkmanagerVpcAttachment(
    this,
    "example_us_east_1",
    {
      coreNetworkId: awsNetworkmanagerCoreNetworkExample.id,
      provider: "alternate",
      subnetArns: "${aws_subnet.example_us_east_1[*].arn}",
      vpcArn: "${aws_vpc.example_us_east_1.arn}",
    }
  );
const awsNetworkmanagerVpcAttachmentExampleUsWest2 =
  new aws.networkmanagerVpcAttachment.NetworkmanagerVpcAttachment(
    this,
    "example_us_west_2",
    {
      coreNetworkId: awsNetworkmanagerCoreNetworkExample.id,
      subnetArns: "${aws_subnet.example_us_west_2[*].arn}",
      vpcArn: "${aws_vpc.example_us_west_2.arn}",
    }
  );
const dataAwsNetworkmanagerCoreNetworkPolicyDocumentExample =
  new aws.dataAwsNetworkmanagerCoreNetworkPolicyDocument.DataAwsNetworkmanagerCoreNetworkPolicyDocument(
    this,
    "example_4",
    {
      coreNetworkConfiguration: [
        {
          asnRanges: ["65022-65534"],
          edgeLocations: [
            {
              location: "us-west-2",
            },
            {
              location: "us-east-1",
            },
          ],
        },
      ],
      segmentActions: [
        {
          action: "create-route",
          destinationCidrBlocks: ["10.0.0.0/16"],
          destinations: [awsNetworkmanagerVpcAttachmentExampleUsWest2.id],
          segment: "segment",
        },
        {
          action: "create-route",
          destinationCidrBlocks: ["10.1.0.0/16"],
          destinations: [awsNetworkmanagerVpcAttachmentExampleUsEast1.id],
          segment: "segment",
        },
      ],
      segments: [
        {
          name: "segment",
        },
        {
          name: "segment2",
        },
      ],
    }
  );
/*This allows the Terraform resource name to match the original name. You can remove the call if you don't need them to match.*/
dataAwsNetworkmanagerCoreNetworkPolicyDocumentExample.overrideLogicalId(
  "example"
);
const awsNetworkmanagerCoreNetworkPolicyAttachmentExample =
  new aws.networkmanagerCoreNetworkPolicyAttachment.NetworkmanagerCoreNetworkPolicyAttachment(
    this,
    "example_5",
    {
      coreNetworkId: awsNetworkmanagerCoreNetworkExample.id,
      policyDocument:
        dataAwsNetworkmanagerCoreNetworkPolicyDocumentExample.json,
    }
  );
/*This allows the Terraform resource name to match the original name. You can remove the call if you don't need them to match.*/
awsNetworkmanagerCoreNetworkPolicyAttachmentExample.overrideLogicalId(
  "example"
);

Argument Reference

The following arguments are supported:

description - (Optional) Description of the Core Network.
basePolicyRegion - (Optional, Deprecated use the basePolicyRegions argument instead) The base policy created by setting the createBasePolicy argument to true requires a region to be set in the edgeLocations, location key. If basePolicyRegion is not specified, the region used in the base policy defaults to the region specified in the provider block.
basePolicyRegions - (Optional) A list of regions to add to the base policy. The base policy created by setting the createBasePolicy argument to true requires one or more regions to be set in the edgeLocations, location key. If basePolicyRegions is not specified, the region used in the base policy defaults to the region specified in the provider block.
createBasePolicy - (Optional) Specifies whether to create a base policy when a core network is created or updated. A base policy is created and set to live to allow attachments to the core network (e.g. VPC Attachments) before applying a policy document provided using the awsNetworkmanagerCoreNetworkPolicyAttachment resource. This base policy is needed if your core network does not have any live policies (e.g. a core network resource created without the policyDocument argument) and your policy document has static routes pointing to VPC attachments and you want to attach your VPCs to the core network before applying the desired policy document. Valid values are true or false. Conflicts with policyDocument. An example of this Terraform snippet can be found above for VPC Attachment in a single region and for VPC Attachment multi-region. An example base policy is shown below. This base policy is overridden with the policy that you specify in the awsNetworkmanagerCoreNetworkPolicyAttachment resource.

{
  "version": "2021.12",
  "core-network-configuration": {
    "asn-ranges": [
      "64512-65534"
    ],
    "vpn-ecmp-support": false,
    "edge-locations": [
      {
        "location": "us-east-1"
      }
    ]
  },
  "segments": [
    {
      "name": "segment",
      "description": "base-policy",
      "isolate-attachments": false,
      "require-attachment-acceptance": false
    }
  ]
}

globalNetworkId - (Required) The ID of the global network that a core network will be a part of.
policyDocument - (Optional, Deprecated use the awsNetworkmanagerCoreNetworkPolicyAttachment resource instead) Policy document for creating a core network. Note that updating this argument will result in the new policy document version being set as the latest and live policy document. Refer to the Core network policies documentation for more information. Conflicts with createBasePolicy.
tags - (Optional) Key-value tags for the Core Network. If configured with a provider defaultTags configuration block present, tags with matching keys will overwrite those defined at the provider-level.

Timeouts

Configuration options:

create - (Default 30M)
delete - (Default 30M)
update - (Default 30M)

Attributes Reference

In addition to all arguments above, the following attributes are exported:

arn - Core Network Amazon Resource Name (ARN).
createdAt - Timestamp when a core network was created.
edges - One or more blocks detailing the edges within a core network. Detailed below.
id - Core Network ID.
segments - One or more blocks detailing the segments within a core network. Detailed below.
state - Current state of a core network.
tagsAll - A map of tags assigned to the resource, including those inherited from the provider defaultTags configuration block.

`edges`

The edges configuration block supports the following arguments:

asn - ASN of a core network edge.
edgeLocation - Region where a core network edge is located.
insideCidrBlocks - Inside IP addresses used for core network edges.

`segments`

The segments configuration block supports the following arguments:

edgeLocations - Regions where the edges are located.
name - Name of a core network segment.
sharedSegments - Shared segments of a core network.

Import

awsNetworkmanagerCoreNetwork can be imported using the core network ID, e.g.

$ terraform import aws_networkmanager_core_network.example core-network-0d47f6t230mz46dy4