Copyright	(c) 2013-2021 Brendan Hay
License	Mozilla Public License, v. 2.0.
Maintainer	Brendan Hay <brendan.g.hay+amazonka@gmail.com>
Stability	auto-generated
Portability	non-portable (GHC extensions)
Safe Haskell	None

Amazonka.Firehose.Types.VpcConfigurationDescription

Description

Documentation

data VpcConfigurationDescription Source #

The details of the VPC of the Amazon ES destination.

See: newVpcConfigurationDescription smart constructor.

Constructors

VpcConfigurationDescription'

Fields

subnetIds :: NonEmpty Text
The IDs of the subnets that Kinesis Data Firehose uses to create ENIs in the VPC of the Amazon ES destination. Make sure that the routing tables and inbound and outbound rules allow traffic to flow from the subnets whose IDs are specified here to the subnets that have the destination Amazon ES endpoints. Kinesis Data Firehose creates at least one ENI in each of the subnets that are specified here. Do not delete or modify these ENIs.
The number of ENIs that Kinesis Data Firehose creates in the subnets specified here scales up and down automatically based on throughput. To enable Kinesis Data Firehose to scale up the number of ENIs to match throughput, ensure that you have sufficient quota. To help you calculate the quota you need, assume that Kinesis Data Firehose can create up to three ENIs for this delivery stream for each of the subnets specified here. For more information about ENI quota, see Network Interfaces in the Amazon VPC Quotas topic.
roleARN :: Text
The ARN of the IAM role that the delivery stream uses to create endpoints in the destination VPC. You can use your existing Kinesis Data Firehose delivery role or you can specify a new role. In either case, make sure that the role trusts the Kinesis Data Firehose service principal and that it grants the following permissions:
- ```
ec2:DescribeVpcs
```
- ```
ec2:DescribeVpcAttribute
```
- ```
ec2:DescribeSubnets
```
- ```
ec2:DescribeSecurityGroups
```
- ```
ec2:DescribeNetworkInterfaces
```
- ```
ec2:CreateNetworkInterface
```
- ```
ec2:CreateNetworkInterfacePermission
```
- ```
ec2:DeleteNetworkInterface
```
If you revoke these permissions after you create the delivery stream, Kinesis Data Firehose can't scale out by creating more ENIs when necessary. You might therefore see a degradation in performance.
securityGroupIds :: NonEmpty Text
The IDs of the security groups that Kinesis Data Firehose uses when it creates ENIs in the VPC of the Amazon ES destination. You can use the same security group that the Amazon ES domain uses or different ones. If you specify different security groups, ensure that they allow outbound HTTPS traffic to the Amazon ES domain's security group. Also ensure that the Amazon ES domain's security group allows HTTPS traffic from the security groups specified here. If you use the same security group for both your delivery stream and the Amazon ES domain, make sure the security group inbound rule allows HTTPS traffic. For more information about security group rules, see Security group rules in the Amazon VPC documentation.
vpcId :: Text
The ID of the Amazon ES destination's VPC.

Instances

Instances details

Eq VpcConfigurationDescription Source #
Instance details Defined in Amazonka.Firehose.Types.VpcConfigurationDescription Methods (==) :: VpcConfigurationDescription -> VpcConfigurationDescription -> Bool # (/=) :: VpcConfigurationDescription -> VpcConfigurationDescription -> Bool #
Read VpcConfigurationDescription Source #
Instance details Defined in Amazonka.Firehose.Types.VpcConfigurationDescription Methods readsPrec :: Int -> ReadS VpcConfigurationDescription # readList :: ReadS [VpcConfigurationDescription] # readPrec :: ReadPrec VpcConfigurationDescription # readListPrec :: ReadPrec [VpcConfigurationDescription] #
Show VpcConfigurationDescription Source #
Instance details Defined in Amazonka.Firehose.Types.VpcConfigurationDescription Methods showsPrec :: Int -> VpcConfigurationDescription -> ShowS # show :: VpcConfigurationDescription -> String # showList :: [VpcConfigurationDescription] -> ShowS #
Generic VpcConfigurationDescription Source #
Instance details Defined in Amazonka.Firehose.Types.VpcConfigurationDescription Associated Types type Rep VpcConfigurationDescription :: Type -> Type # Methods from :: VpcConfigurationDescription -> Rep VpcConfigurationDescription x # to :: Rep VpcConfigurationDescription x -> VpcConfigurationDescription #
NFData VpcConfigurationDescription Source #
Instance details Defined in Amazonka.Firehose.Types.VpcConfigurationDescription Methods rnf :: VpcConfigurationDescription -> () #
Hashable VpcConfigurationDescription Source #
Instance details Defined in Amazonka.Firehose.Types.VpcConfigurationDescription Methods hashWithSalt :: Int -> VpcConfigurationDescription -> Int # hash :: VpcConfigurationDescription -> Int #
FromJSON VpcConfigurationDescription Source #
Instance details Defined in Amazonka.Firehose.Types.VpcConfigurationDescription Methods parseJSON :: Value -> Parser VpcConfigurationDescription # parseJSONList :: Value -> Parser [VpcConfigurationDescription] #
type Rep VpcConfigurationDescription Source #
Instance details Defined in Amazonka.Firehose.Types.VpcConfigurationDescription type Rep VpcConfigurationDescription = D1 ('MetaData "VpcConfigurationDescription" "Amazonka.Firehose.Types.VpcConfigurationDescription" "libZSservicesZSamazonka-kinesis-firehoseZSamazonka-kinesis-firehose" 'False) (C1 ('MetaCons "VpcConfigurationDescription'" 'PrefixI 'True) ((S1 ('MetaSel ('Just "subnetIds") 'NoSourceUnpackedness 'NoSourceStrictness 'DecidedStrict) (Rec0 (NonEmpty Text)) :: S1 ('MetaSel ('Just "roleARN") 'NoSourceUnpackedness 'NoSourceStrictness 'DecidedStrict) (Rec0 Text)) :: (S1 ('MetaSel ('Just "securityGroupIds") 'NoSourceUnpackedness 'NoSourceStrictness 'DecidedStrict) (Rec0 (NonEmpty Text)) :*: S1 ('MetaSel ('Just "vpcId") 'NoSourceUnpackedness 'NoSourceStrictness 'DecidedStrict) (Rec0 Text))))

newVpcConfigurationDescription Source #

Arguments

:: NonEmpty Text	`$sel:subnetIds:VpcConfigurationDescription'`
-> Text	`$sel:roleARN:VpcConfigurationDescription'`
-> NonEmpty Text	`$sel:securityGroupIds:VpcConfigurationDescription'`
-> Text	`$sel:vpcId:VpcConfigurationDescription'`
-> VpcConfigurationDescription

Create a value of VpcConfigurationDescription with all optional fields omitted.

Use generic-lens or optics to modify other optional fields.

The following record fields are available, with the corresponding lenses provided for backwards compatibility:

$sel:subnetIds:VpcConfigurationDescription', vpcConfigurationDescription_subnetIds - The IDs of the subnets that Kinesis Data Firehose uses to create ENIs in the VPC of the Amazon ES destination. Make sure that the routing tables and inbound and outbound rules allow traffic to flow from the subnets whose IDs are specified here to the subnets that have the destination Amazon ES endpoints. Kinesis Data Firehose creates at least one ENI in each of the subnets that are specified here. Do not delete or modify these ENIs.

The number of ENIs that Kinesis Data Firehose creates in the subnets specified here scales up and down automatically based on throughput. To enable Kinesis Data Firehose to scale up the number of ENIs to match throughput, ensure that you have sufficient quota. To help you calculate the quota you need, assume that Kinesis Data Firehose can create up to three ENIs for this delivery stream for each of the subnets specified here. For more information about ENI quota, see Network Interfaces in the Amazon VPC Quotas topic.

$sel:roleARN:VpcConfigurationDescription', vpcConfigurationDescription_roleARN - The ARN of the IAM role that the delivery stream uses to create endpoints in the destination VPC. You can use your existing Kinesis Data Firehose delivery role or you can specify a new role. In either case, make sure that the role trusts the Kinesis Data Firehose service principal and that it grants the following permissions:

```
ec2:DescribeVpcs
```
```
ec2:DescribeVpcAttribute
```
```
ec2:DescribeSubnets
```
```
ec2:DescribeSecurityGroups
```
```
ec2:DescribeNetworkInterfaces
```
```
ec2:CreateNetworkInterface
```
```
ec2:CreateNetworkInterfacePermission
```
```
ec2:DeleteNetworkInterface
```

If you revoke these permissions after you create the delivery stream, Kinesis Data Firehose can't scale out by creating more ENIs when necessary. You might therefore see a degradation in performance.

$sel:securityGroupIds:VpcConfigurationDescription', vpcConfigurationDescription_securityGroupIds - The IDs of the security groups that Kinesis Data Firehose uses when it creates ENIs in the VPC of the Amazon ES destination. You can use the same security group that the Amazon ES domain uses or different ones. If you specify different security groups, ensure that they allow outbound HTTPS traffic to the Amazon ES domain's security group. Also ensure that the Amazon ES domain's security group allows HTTPS traffic from the security groups specified here. If you use the same security group for both your delivery stream and the Amazon ES domain, make sure the security group inbound rule allows HTTPS traffic. For more information about security group rules, see Security group rules in the Amazon VPC documentation.

$sel:vpcId:VpcConfigurationDescription', vpcConfigurationDescription_vpcId - The ID of the Amazon ES destination's VPC.

vpcConfigurationDescription_subnetIds :: Lens' VpcConfigurationDescription (NonEmpty Text) Source #

The IDs of the subnets that Kinesis Data Firehose uses to create ENIs in the VPC of the Amazon ES destination. Make sure that the routing tables and inbound and outbound rules allow traffic to flow from the subnets whose IDs are specified here to the subnets that have the destination Amazon ES endpoints. Kinesis Data Firehose creates at least one ENI in each of the subnets that are specified here. Do not delete or modify these ENIs.

The number of ENIs that Kinesis Data Firehose creates in the subnets specified here scales up and down automatically based on throughput. To enable Kinesis Data Firehose to scale up the number of ENIs to match throughput, ensure that you have sufficient quota. To help you calculate the quota you need, assume that Kinesis Data Firehose can create up to three ENIs for this delivery stream for each of the subnets specified here. For more information about ENI quota, see Network Interfaces in the Amazon VPC Quotas topic.

vpcConfigurationDescription_roleARN :: Lens' VpcConfigurationDescription Text Source #

The ARN of the IAM role that the delivery stream uses to create endpoints in the destination VPC. You can use your existing Kinesis Data Firehose delivery role or you can specify a new role. In either case, make sure that the role trusts the Kinesis Data Firehose service principal and that it grants the following permissions:

```
ec2:DescribeVpcs
```
```
ec2:DescribeVpcAttribute
```
```
ec2:DescribeSubnets
```
```
ec2:DescribeSecurityGroups
```
```
ec2:DescribeNetworkInterfaces
```
```
ec2:CreateNetworkInterface
```
```
ec2:CreateNetworkInterfacePermission
```
```
ec2:DeleteNetworkInterface
```

If you revoke these permissions after you create the delivery stream, Kinesis Data Firehose can't scale out by creating more ENIs when necessary. You might therefore see a degradation in performance.

vpcConfigurationDescription_securityGroupIds :: Lens' VpcConfigurationDescription (NonEmpty Text) Source #

The IDs of the security groups that Kinesis Data Firehose uses when it creates ENIs in the VPC of the Amazon ES destination. You can use the same security group that the Amazon ES domain uses or different ones. If you specify different security groups, ensure that they allow outbound HTTPS traffic to the Amazon ES domain's security group. Also ensure that the Amazon ES domain's security group allows HTTPS traffic from the security groups specified here. If you use the same security group for both your delivery stream and the Amazon ES domain, make sure the security group inbound rule allows HTTPS traffic. For more information about security group rules, see Security group rules in the Amazon VPC documentation.

vpcConfigurationDescription_vpcId :: Lens' VpcConfigurationDescription Text Source #

The ID of the Amazon ES destination's VPC.