{-# LANGUAGE DeriveGeneric #-} {-# LANGUAGE DuplicateRecordFields #-} {-# LANGUAGE NamedFieldPuns #-} {-# LANGUAGE OverloadedStrings #-} {-# LANGUAGE RecordWildCards #-} {-# LANGUAGE StrictData #-} {-# LANGUAGE NoImplicitPrelude #-} {-# OPTIONS_GHC -fno-warn-unused-imports #-} {-# OPTIONS_GHC -fno-warn-unused-matches #-} -- Derived from AWS service descriptions, licensed under Apache 2.0. -- | -- Module : Amazonka.Firehose.Types.VpcConfiguration -- Copyright : (c) 2013-2023 Brendan Hay -- License : Mozilla Public License, v. 2.0. -- Maintainer : Brendan Hay -- Stability : auto-generated -- Portability : non-portable (GHC extensions) module Amazonka.Firehose.Types.VpcConfiguration where import qualified Amazonka.Core as Core import qualified Amazonka.Core.Lens.Internal as Lens import qualified Amazonka.Data as Data import qualified Amazonka.Prelude as Prelude -- | The details of the VPC of the Amazon ES destination. -- -- /See:/ 'newVpcConfiguration' smart constructor. data VpcConfiguration = VpcConfiguration' { -- | The IDs of the subnets that you want Kinesis Data Firehose to use to -- create ENIs in the VPC of the Amazon ES destination. Make sure that the -- routing tables and inbound and outbound rules allow traffic to flow from -- the subnets whose IDs are specified here to the subnets that have the -- destination Amazon ES endpoints. Kinesis Data Firehose creates at least -- one ENI in each of the subnets that are specified here. Do not delete or -- modify these ENIs. -- -- The number of ENIs that Kinesis Data Firehose creates in the subnets -- specified here scales up and down automatically based on throughput. To -- enable Kinesis Data Firehose to scale up the number of ENIs to match -- throughput, ensure that you have sufficient quota. To help you calculate -- the quota you need, assume that Kinesis Data Firehose can create up to -- three ENIs for this delivery stream for each of the subnets specified -- here. For more information about ENI quota, see -- <https://docs.aws.amazon.com/vpc/latest/userguide/amazon-vpc-limits.html#vpc-limits-enis Network Interfaces> -- in the Amazon VPC Quotas topic. VpcConfiguration -> NonEmpty Text subnetIds :: Prelude.NonEmpty Prelude.Text, -- | The ARN of the IAM role that you want the delivery stream to use to -- create endpoints in the destination VPC. You can use your existing -- Kinesis Data Firehose delivery role or you can specify a new role. In -- either case, make sure that the role trusts the Kinesis Data Firehose -- service principal and that it grants the following permissions: -- -- - @ec2:DescribeVpcs@ -- -- - @ec2:DescribeVpcAttribute@ -- -- - @ec2:DescribeSubnets@ -- -- - @ec2:DescribeSecurityGroups@ -- -- - @ec2:DescribeNetworkInterfaces@ -- -- - @ec2:CreateNetworkInterface@ -- -- - @ec2:CreateNetworkInterfacePermission@ -- -- - @ec2:DeleteNetworkInterface@ -- -- If you revoke these permissions after you create the delivery stream, -- Kinesis Data Firehose can\'t scale out by creating more ENIs when -- necessary. You might therefore see a degradation in performance. VpcConfiguration -> Text roleARN :: Prelude.Text, -- | The IDs of the security groups that you want Kinesis Data Firehose to -- use when it creates ENIs in the VPC of the Amazon ES destination. You -- can use the same security group that the Amazon ES domain uses or -- different ones. If you specify different security groups here, ensure -- that they allow outbound HTTPS traffic to the Amazon ES domain\'s -- security group. Also ensure that the Amazon ES domain\'s security group -- allows HTTPS traffic from the security groups specified here. If you use -- the same security group for both your delivery stream and the Amazon ES -- domain, make sure the security group inbound rule allows HTTPS traffic. -- For more information about security group rules, see -- <https://docs.aws.amazon.com/vpc/latest/userguide/VPC_SecurityGroups.html#SecurityGroupRules Security group rules> -- in the Amazon VPC documentation. VpcConfiguration -> NonEmpty Text securityGroupIds :: Prelude.NonEmpty Prelude.Text } deriving (VpcConfiguration -> VpcConfiguration -> Bool forall a. (a -> a -> Bool) -> (a -> a -> Bool) -> Eq a /= :: VpcConfiguration -> VpcConfiguration -> Bool $c/= :: VpcConfiguration -> VpcConfiguration -> Bool == :: VpcConfiguration -> VpcConfiguration -> Bool $c== :: VpcConfiguration -> VpcConfiguration -> Bool Prelude.Eq, ReadPrec [VpcConfiguration] ReadPrec VpcConfiguration Int -> ReadS VpcConfiguration ReadS [VpcConfiguration] forall a. (Int -> ReadS a) -> ReadS [a] -> ReadPrec a -> ReadPrec [a] -> Read a readListPrec :: ReadPrec [VpcConfiguration] $creadListPrec :: ReadPrec [VpcConfiguration] readPrec :: ReadPrec VpcConfiguration $creadPrec :: ReadPrec VpcConfiguration readList :: ReadS [VpcConfiguration] $creadList :: ReadS [VpcConfiguration] readsPrec :: Int -> ReadS VpcConfiguration $creadsPrec :: Int -> ReadS VpcConfiguration Prelude.Read, Int -> VpcConfiguration -> ShowS [VpcConfiguration] -> ShowS VpcConfiguration -> String forall a. (Int -> a -> ShowS) -> (a -> String) -> ([a] -> ShowS) -> Show a showList :: [VpcConfiguration] -> ShowS $cshowList :: [VpcConfiguration] -> ShowS show :: VpcConfiguration -> String $cshow :: VpcConfiguration -> String showsPrec :: Int -> VpcConfiguration -> ShowS $cshowsPrec :: Int -> VpcConfiguration -> ShowS Prelude.Show, forall x. Rep VpcConfiguration x -> VpcConfiguration forall x. VpcConfiguration -> Rep VpcConfiguration x forall a. (forall x. a -> Rep a x) -> (forall x. Rep a x -> a) -> Generic a $cto :: forall x. Rep VpcConfiguration x -> VpcConfiguration $cfrom :: forall x. VpcConfiguration -> Rep VpcConfiguration x Prelude.Generic) -- | -- Create a value of 'VpcConfiguration' with all optional fields omitted. -- -- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields. -- -- The following record fields are available, with the corresponding lenses provided -- for backwards compatibility: -- -- 'subnetIds', 'vpcConfiguration_subnetIds' - The IDs of the subnets that you want Kinesis Data Firehose to use to -- create ENIs in the VPC of the Amazon ES destination. Make sure that the -- routing tables and inbound and outbound rules allow traffic to flow from -- the subnets whose IDs are specified here to the subnets that have the -- destination Amazon ES endpoints. Kinesis Data Firehose creates at least -- one ENI in each of the subnets that are specified here. Do not delete or -- modify these ENIs. -- -- The number of ENIs that Kinesis Data Firehose creates in the subnets -- specified here scales up and down automatically based on throughput. To -- enable Kinesis Data Firehose to scale up the number of ENIs to match -- throughput, ensure that you have sufficient quota. To help you calculate -- the quota you need, assume that Kinesis Data Firehose can create up to -- three ENIs for this delivery stream for each of the subnets specified -- here. For more information about ENI quota, see -- <https://docs.aws.amazon.com/vpc/latest/userguide/amazon-vpc-limits.html#vpc-limits-enis Network Interfaces> -- in the Amazon VPC Quotas topic. -- -- 'roleARN', 'vpcConfiguration_roleARN' - The ARN of the IAM role that you want the delivery stream to use to -- create endpoints in the destination VPC. You can use your existing -- Kinesis Data Firehose delivery role or you can specify a new role. In -- either case, make sure that the role trusts the Kinesis Data Firehose -- service principal and that it grants the following permissions: -- -- - @ec2:DescribeVpcs@ -- -- - @ec2:DescribeVpcAttribute@ -- -- - @ec2:DescribeSubnets@ -- -- - @ec2:DescribeSecurityGroups@ -- -- - @ec2:DescribeNetworkInterfaces@ -- -- - @ec2:CreateNetworkInterface@ -- -- - @ec2:CreateNetworkInterfacePermission@ -- -- - @ec2:DeleteNetworkInterface@ -- -- If you revoke these permissions after you create the delivery stream, -- Kinesis Data Firehose can\'t scale out by creating more ENIs when -- necessary. You might therefore see a degradation in performance. -- -- 'securityGroupIds', 'vpcConfiguration_securityGroupIds' - The IDs of the security groups that you want Kinesis Data Firehose to -- use when it creates ENIs in the VPC of the Amazon ES destination. You -- can use the same security group that the Amazon ES domain uses or -- different ones. If you specify different security groups here, ensure -- that they allow outbound HTTPS traffic to the Amazon ES domain\'s -- security group. Also ensure that the Amazon ES domain\'s security group -- allows HTTPS traffic from the security groups specified here. If you use -- the same security group for both your delivery stream and the Amazon ES -- domain, make sure the security group inbound rule allows HTTPS traffic. -- For more information about security group rules, see -- <https://docs.aws.amazon.com/vpc/latest/userguide/VPC_SecurityGroups.html#SecurityGroupRules Security group rules> -- in the Amazon VPC documentation. newVpcConfiguration :: -- | 'subnetIds' Prelude.NonEmpty Prelude.Text -> -- | 'roleARN' Prelude.Text -> -- | 'securityGroupIds' Prelude.NonEmpty Prelude.Text -> VpcConfiguration newVpcConfiguration :: NonEmpty Text -> Text -> NonEmpty Text -> VpcConfiguration newVpcConfiguration NonEmpty Text pSubnetIds_ Text pRoleARN_ NonEmpty Text pSecurityGroupIds_ = VpcConfiguration' { $sel:subnetIds:VpcConfiguration' :: NonEmpty Text subnetIds = forall s t a b. (Coercible s a, Coercible t b) => Iso s t a b Lens.coerced forall t b. AReview t b -> b -> t Lens.# NonEmpty Text pSubnetIds_, $sel:roleARN:VpcConfiguration' :: Text roleARN = Text pRoleARN_, $sel:securityGroupIds:VpcConfiguration' :: NonEmpty Text securityGroupIds = forall s t a b. (Coercible s a, Coercible t b) => Iso s t a b Lens.coerced forall t b. AReview t b -> b -> t Lens.# NonEmpty Text pSecurityGroupIds_ } -- | The IDs of the subnets that you want Kinesis Data Firehose to use to -- create ENIs in the VPC of the Amazon ES destination. Make sure that the -- routing tables and inbound and outbound rules allow traffic to flow from -- the subnets whose IDs are specified here to the subnets that have the -- destination Amazon ES endpoints. Kinesis Data Firehose creates at least -- one ENI in each of the subnets that are specified here. Do not delete or -- modify these ENIs. -- -- The number of ENIs that Kinesis Data Firehose creates in the subnets -- specified here scales up and down automatically based on throughput. To -- enable Kinesis Data Firehose to scale up the number of ENIs to match -- throughput, ensure that you have sufficient quota. To help you calculate -- the quota you need, assume that Kinesis Data Firehose can create up to -- three ENIs for this delivery stream for each of the subnets specified -- here. For more information about ENI quota, see -- <https://docs.aws.amazon.com/vpc/latest/userguide/amazon-vpc-limits.html#vpc-limits-enis Network Interfaces> -- in the Amazon VPC Quotas topic. vpcConfiguration_subnetIds :: Lens.Lens' VpcConfiguration (Prelude.NonEmpty Prelude.Text) vpcConfiguration_subnetIds :: Lens' VpcConfiguration (NonEmpty Text) vpcConfiguration_subnetIds = forall s a b t. (s -> a) -> (s -> b -> t) -> Lens s t a b Lens.lens (\VpcConfiguration' {NonEmpty Text subnetIds :: NonEmpty Text $sel:subnetIds:VpcConfiguration' :: VpcConfiguration -> NonEmpty Text subnetIds} -> NonEmpty Text subnetIds) (\s :: VpcConfiguration s@VpcConfiguration' {} NonEmpty Text a -> VpcConfiguration s {$sel:subnetIds:VpcConfiguration' :: NonEmpty Text subnetIds = NonEmpty Text a} :: VpcConfiguration) forall b c a. (b -> c) -> (a -> b) -> a -> c Prelude.. forall s t a b. (Coercible s a, Coercible t b) => Iso s t a b Lens.coerced -- | The ARN of the IAM role that you want the delivery stream to use to -- create endpoints in the destination VPC. You can use your existing -- Kinesis Data Firehose delivery role or you can specify a new role. In -- either case, make sure that the role trusts the Kinesis Data Firehose -- service principal and that it grants the following permissions: -- -- - @ec2:DescribeVpcs@ -- -- - @ec2:DescribeVpcAttribute@ -- -- - @ec2:DescribeSubnets@ -- -- - @ec2:DescribeSecurityGroups@ -- -- - @ec2:DescribeNetworkInterfaces@ -- -- - @ec2:CreateNetworkInterface@ -- -- - @ec2:CreateNetworkInterfacePermission@ -- -- - @ec2:DeleteNetworkInterface@ -- -- If you revoke these permissions after you create the delivery stream, -- Kinesis Data Firehose can\'t scale out by creating more ENIs when -- necessary. You might therefore see a degradation in performance. vpcConfiguration_roleARN :: Lens.Lens' VpcConfiguration Prelude.Text vpcConfiguration_roleARN :: Lens' VpcConfiguration Text vpcConfiguration_roleARN = forall s a b t. (s -> a) -> (s -> b -> t) -> Lens s t a b Lens.lens (\VpcConfiguration' {Text roleARN :: Text $sel:roleARN:VpcConfiguration' :: VpcConfiguration -> Text roleARN} -> Text roleARN) (\s :: VpcConfiguration s@VpcConfiguration' {} Text a -> VpcConfiguration s {$sel:roleARN:VpcConfiguration' :: Text roleARN = Text a} :: VpcConfiguration) -- | The IDs of the security groups that you want Kinesis Data Firehose to -- use when it creates ENIs in the VPC of the Amazon ES destination. You -- can use the same security group that the Amazon ES domain uses or -- different ones. If you specify different security groups here, ensure -- that they allow outbound HTTPS traffic to the Amazon ES domain\'s -- security group. Also ensure that the Amazon ES domain\'s security group -- allows HTTPS traffic from the security groups specified here. If you use -- the same security group for both your delivery stream and the Amazon ES -- domain, make sure the security group inbound rule allows HTTPS traffic. -- For more information about security group rules, see -- <https://docs.aws.amazon.com/vpc/latest/userguide/VPC_SecurityGroups.html#SecurityGroupRules Security group rules> -- in the Amazon VPC documentation. vpcConfiguration_securityGroupIds :: Lens.Lens' VpcConfiguration (Prelude.NonEmpty Prelude.Text) vpcConfiguration_securityGroupIds :: Lens' VpcConfiguration (NonEmpty Text) vpcConfiguration_securityGroupIds = forall s a b t. (s -> a) -> (s -> b -> t) -> Lens s t a b Lens.lens (\VpcConfiguration' {NonEmpty Text securityGroupIds :: NonEmpty Text $sel:securityGroupIds:VpcConfiguration' :: VpcConfiguration -> NonEmpty Text securityGroupIds} -> NonEmpty Text securityGroupIds) (\s :: VpcConfiguration s@VpcConfiguration' {} NonEmpty Text a -> VpcConfiguration s {$sel:securityGroupIds:VpcConfiguration' :: NonEmpty Text securityGroupIds = NonEmpty Text a} :: VpcConfiguration) forall b c a. (b -> c) -> (a -> b) -> a -> c Prelude.. forall s t a b. (Coercible s a, Coercible t b) => Iso s t a b Lens.coerced instance Prelude.Hashable VpcConfiguration where hashWithSalt :: Int -> VpcConfiguration -> Int hashWithSalt Int _salt VpcConfiguration' {NonEmpty Text Text securityGroupIds :: NonEmpty Text roleARN :: Text subnetIds :: NonEmpty Text $sel:securityGroupIds:VpcConfiguration' :: VpcConfiguration -> NonEmpty Text $sel:roleARN:VpcConfiguration' :: VpcConfiguration -> Text $sel:subnetIds:VpcConfiguration' :: VpcConfiguration -> NonEmpty Text ..} = Int _salt forall a. Hashable a => Int -> a -> Int `Prelude.hashWithSalt` NonEmpty Text subnetIds forall a. Hashable a => Int -> a -> Int `Prelude.hashWithSalt` Text roleARN forall a. Hashable a => Int -> a -> Int `Prelude.hashWithSalt` NonEmpty Text securityGroupIds instance Prelude.NFData VpcConfiguration where rnf :: VpcConfiguration -> () rnf VpcConfiguration' {NonEmpty Text Text securityGroupIds :: NonEmpty Text roleARN :: Text subnetIds :: NonEmpty Text $sel:securityGroupIds:VpcConfiguration' :: VpcConfiguration -> NonEmpty Text $sel:roleARN:VpcConfiguration' :: VpcConfiguration -> Text $sel:subnetIds:VpcConfiguration' :: VpcConfiguration -> NonEmpty Text ..} = forall a. NFData a => a -> () Prelude.rnf NonEmpty Text subnetIds seq :: forall a b. a -> b -> b `Prelude.seq` forall a. NFData a => a -> () Prelude.rnf Text roleARN seq :: forall a b. a -> b -> b `Prelude.seq` forall a. NFData a => a -> () Prelude.rnf NonEmpty Text securityGroupIds instance Data.ToJSON VpcConfiguration where toJSON :: VpcConfiguration -> Value toJSON VpcConfiguration' {NonEmpty Text Text securityGroupIds :: NonEmpty Text roleARN :: Text subnetIds :: NonEmpty Text $sel:securityGroupIds:VpcConfiguration' :: VpcConfiguration -> NonEmpty Text $sel:roleARN:VpcConfiguration' :: VpcConfiguration -> Text $sel:subnetIds:VpcConfiguration' :: VpcConfiguration -> NonEmpty Text ..} = [Pair] -> Value Data.object ( forall a. [Maybe a] -> [a] Prelude.catMaybes [ forall a. a -> Maybe a Prelude.Just (Key "SubnetIds" forall kv v. (KeyValue kv, ToJSON v) => Key -> v -> kv Data..= NonEmpty Text subnetIds), forall a. a -> Maybe a Prelude.Just (Key "RoleARN" forall kv v. (KeyValue kv, ToJSON v) => Key -> v -> kv Data..= Text roleARN), forall a. a -> Maybe a Prelude.Just (Key "SecurityGroupIds" forall kv v. (KeyValue kv, ToJSON v) => Key -> v -> kv Data..= NonEmpty Text securityGroupIds) ] )