{-# LANGUAGE DeriveGeneric #-} {-# LANGUAGE DuplicateRecordFields #-} {-# LANGUAGE NamedFieldPuns #-} {-# LANGUAGE OverloadedStrings #-} {-# LANGUAGE RecordWildCards #-} {-# LANGUAGE StrictData #-} {-# LANGUAGE NoImplicitPrelude #-} {-# OPTIONS_GHC -fno-warn-unused-imports #-} {-# OPTIONS_GHC -fno-warn-unused-matches #-} -- Derived from AWS service descriptions, licensed under Apache 2.0. -- | -- Module : Amazonka.Firehose.Types.VpcConfiguration -- Copyright : (c) 2013-2021 Brendan Hay -- License : Mozilla Public License, v. 2.0. -- Maintainer : Brendan Hay <brendan.g.hay+amazonka@gmail.com> -- Stability : auto-generated -- Portability : non-portable (GHC extensions) module Amazonka.Firehose.Types.VpcConfiguration where import qualified Amazonka.Core as Core import qualified Amazonka.Lens as Lens import qualified Amazonka.Prelude as Prelude -- | The details of the VPC of the Amazon ES destination. -- -- /See:/ 'newVpcConfiguration' smart constructor. data VpcConfiguration = VpcConfiguration' { -- | The IDs of the subnets that you want Kinesis Data Firehose to use to -- create ENIs in the VPC of the Amazon ES destination. Make sure that the -- routing tables and inbound and outbound rules allow traffic to flow from -- the subnets whose IDs are specified here to the subnets that have the -- destination Amazon ES endpoints. Kinesis Data Firehose creates at least -- one ENI in each of the subnets that are specified here. Do not delete or -- modify these ENIs. -- -- The number of ENIs that Kinesis Data Firehose creates in the subnets -- specified here scales up and down automatically based on throughput. To -- enable Kinesis Data Firehose to scale up the number of ENIs to match -- throughput, ensure that you have sufficient quota. To help you calculate -- the quota you need, assume that Kinesis Data Firehose can create up to -- three ENIs for this delivery stream for each of the subnets specified -- here. For more information about ENI quota, see -- <https://docs.aws.amazon.com/vpc/latest/userguide/amazon-vpc-limits.html#vpc-limits-enis Network Interfaces> -- in the Amazon VPC Quotas topic. VpcConfiguration -> NonEmpty Text subnetIds :: Prelude.NonEmpty Prelude.Text, -- | The ARN of the IAM role that you want the delivery stream to use to -- create endpoints in the destination VPC. You can use your existing -- Kinesis Data Firehose delivery role or you can specify a new role. In -- either case, make sure that the role trusts the Kinesis Data Firehose -- service principal and that it grants the following permissions: -- -- - @ec2:DescribeVpcs@ -- -- - @ec2:DescribeVpcAttribute@ -- -- - @ec2:DescribeSubnets@ -- -- - @ec2:DescribeSecurityGroups@ -- -- - @ec2:DescribeNetworkInterfaces@ -- -- - @ec2:CreateNetworkInterface@ -- -- - @ec2:CreateNetworkInterfacePermission@ -- -- - @ec2:DeleteNetworkInterface@ -- -- If you revoke these permissions after you create the delivery stream, -- Kinesis Data Firehose can\'t scale out by creating more ENIs when -- necessary. You might therefore see a degradation in performance. VpcConfiguration -> Text roleARN :: Prelude.Text, -- | The IDs of the security groups that you want Kinesis Data Firehose to -- use when it creates ENIs in the VPC of the Amazon ES destination. You -- can use the same security group that the Amazon ES domain uses or -- different ones. If you specify different security groups here, ensure -- that they allow outbound HTTPS traffic to the Amazon ES domain\'s -- security group. Also ensure that the Amazon ES domain\'s security group -- allows HTTPS traffic from the security groups specified here. If you use -- the same security group for both your delivery stream and the Amazon ES -- domain, make sure the security group inbound rule allows HTTPS traffic. -- For more information about security group rules, see -- <https://docs.aws.amazon.com/vpc/latest/userguide/VPC_SecurityGroups.html#SecurityGroupRules Security group rules> -- in the Amazon VPC documentation. VpcConfiguration -> NonEmpty Text securityGroupIds :: Prelude.NonEmpty Prelude.Text } deriving (VpcConfiguration -> VpcConfiguration -> Bool (VpcConfiguration -> VpcConfiguration -> Bool) -> (VpcConfiguration -> VpcConfiguration -> Bool) -> Eq VpcConfiguration forall a. (a -> a -> Bool) -> (a -> a -> Bool) -> Eq a /= :: VpcConfiguration -> VpcConfiguration -> Bool $c/= :: VpcConfiguration -> VpcConfiguration -> Bool == :: VpcConfiguration -> VpcConfiguration -> Bool $c== :: VpcConfiguration -> VpcConfiguration -> Bool Prelude.Eq, ReadPrec [VpcConfiguration] ReadPrec VpcConfiguration Int -> ReadS VpcConfiguration ReadS [VpcConfiguration] (Int -> ReadS VpcConfiguration) -> ReadS [VpcConfiguration] -> ReadPrec VpcConfiguration -> ReadPrec [VpcConfiguration] -> Read VpcConfiguration forall a. (Int -> ReadS a) -> ReadS [a] -> ReadPrec a -> ReadPrec [a] -> Read a readListPrec :: ReadPrec [VpcConfiguration] $creadListPrec :: ReadPrec [VpcConfiguration] readPrec :: ReadPrec VpcConfiguration $creadPrec :: ReadPrec VpcConfiguration readList :: ReadS [VpcConfiguration] $creadList :: ReadS [VpcConfiguration] readsPrec :: Int -> ReadS VpcConfiguration $creadsPrec :: Int -> ReadS VpcConfiguration Prelude.Read, Int -> VpcConfiguration -> ShowS [VpcConfiguration] -> ShowS VpcConfiguration -> String (Int -> VpcConfiguration -> ShowS) -> (VpcConfiguration -> String) -> ([VpcConfiguration] -> ShowS) -> Show VpcConfiguration forall a. (Int -> a -> ShowS) -> (a -> String) -> ([a] -> ShowS) -> Show a showList :: [VpcConfiguration] -> ShowS $cshowList :: [VpcConfiguration] -> ShowS show :: VpcConfiguration -> String $cshow :: VpcConfiguration -> String showsPrec :: Int -> VpcConfiguration -> ShowS $cshowsPrec :: Int -> VpcConfiguration -> ShowS Prelude.Show, (forall x. VpcConfiguration -> Rep VpcConfiguration x) -> (forall x. Rep VpcConfiguration x -> VpcConfiguration) -> Generic VpcConfiguration forall x. Rep VpcConfiguration x -> VpcConfiguration forall x. VpcConfiguration -> Rep VpcConfiguration x forall a. (forall x. a -> Rep a x) -> (forall x. Rep a x -> a) -> Generic a $cto :: forall x. Rep VpcConfiguration x -> VpcConfiguration $cfrom :: forall x. VpcConfiguration -> Rep VpcConfiguration x Prelude.Generic) -- | -- Create a value of 'VpcConfiguration' with all optional fields omitted. -- -- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields. -- -- The following record fields are available, with the corresponding lenses provided -- for backwards compatibility: -- -- 'subnetIds', 'vpcConfiguration_subnetIds' - The IDs of the subnets that you want Kinesis Data Firehose to use to -- create ENIs in the VPC of the Amazon ES destination. Make sure that the -- routing tables and inbound and outbound rules allow traffic to flow from -- the subnets whose IDs are specified here to the subnets that have the -- destination Amazon ES endpoints. Kinesis Data Firehose creates at least -- one ENI in each of the subnets that are specified here. Do not delete or -- modify these ENIs. -- -- The number of ENIs that Kinesis Data Firehose creates in the subnets -- specified here scales up and down automatically based on throughput. To -- enable Kinesis Data Firehose to scale up the number of ENIs to match -- throughput, ensure that you have sufficient quota. To help you calculate -- the quota you need, assume that Kinesis Data Firehose can create up to -- three ENIs for this delivery stream for each of the subnets specified -- here. For more information about ENI quota, see -- <https://docs.aws.amazon.com/vpc/latest/userguide/amazon-vpc-limits.html#vpc-limits-enis Network Interfaces> -- in the Amazon VPC Quotas topic. -- -- 'roleARN', 'vpcConfiguration_roleARN' - The ARN of the IAM role that you want the delivery stream to use to -- create endpoints in the destination VPC. You can use your existing -- Kinesis Data Firehose delivery role or you can specify a new role. In -- either case, make sure that the role trusts the Kinesis Data Firehose -- service principal and that it grants the following permissions: -- -- - @ec2:DescribeVpcs@ -- -- - @ec2:DescribeVpcAttribute@ -- -- - @ec2:DescribeSubnets@ -- -- - @ec2:DescribeSecurityGroups@ -- -- - @ec2:DescribeNetworkInterfaces@ -- -- - @ec2:CreateNetworkInterface@ -- -- - @ec2:CreateNetworkInterfacePermission@ -- -- - @ec2:DeleteNetworkInterface@ -- -- If you revoke these permissions after you create the delivery stream, -- Kinesis Data Firehose can\'t scale out by creating more ENIs when -- necessary. You might therefore see a degradation in performance. -- -- 'securityGroupIds', 'vpcConfiguration_securityGroupIds' - The IDs of the security groups that you want Kinesis Data Firehose to -- use when it creates ENIs in the VPC of the Amazon ES destination. You -- can use the same security group that the Amazon ES domain uses or -- different ones. If you specify different security groups here, ensure -- that they allow outbound HTTPS traffic to the Amazon ES domain\'s -- security group. Also ensure that the Amazon ES domain\'s security group -- allows HTTPS traffic from the security groups specified here. If you use -- the same security group for both your delivery stream and the Amazon ES -- domain, make sure the security group inbound rule allows HTTPS traffic. -- For more information about security group rules, see -- <https://docs.aws.amazon.com/vpc/latest/userguide/VPC_SecurityGroups.html#SecurityGroupRules Security group rules> -- in the Amazon VPC documentation. newVpcConfiguration :: -- | 'subnetIds' Prelude.NonEmpty Prelude.Text -> -- | 'roleARN' Prelude.Text -> -- | 'securityGroupIds' Prelude.NonEmpty Prelude.Text -> VpcConfiguration newVpcConfiguration :: NonEmpty Text -> Text -> NonEmpty Text -> VpcConfiguration newVpcConfiguration NonEmpty Text pSubnetIds_ Text pRoleARN_ NonEmpty Text pSecurityGroupIds_ = VpcConfiguration' :: NonEmpty Text -> Text -> NonEmpty Text -> VpcConfiguration VpcConfiguration' { $sel:subnetIds:VpcConfiguration' :: NonEmpty Text subnetIds = Tagged (NonEmpty Text) (Identity (NonEmpty Text)) -> Tagged (NonEmpty Text) (Identity (NonEmpty Text)) forall s t a b. (Coercible s a, Coercible t b) => Iso s t a b Lens.coerced (Tagged (NonEmpty Text) (Identity (NonEmpty Text)) -> Tagged (NonEmpty Text) (Identity (NonEmpty Text))) -> NonEmpty Text -> NonEmpty Text forall t b. AReview t b -> b -> t Lens.# NonEmpty Text pSubnetIds_, $sel:roleARN:VpcConfiguration' :: Text roleARN = Text pRoleARN_, $sel:securityGroupIds:VpcConfiguration' :: NonEmpty Text securityGroupIds = Tagged (NonEmpty Text) (Identity (NonEmpty Text)) -> Tagged (NonEmpty Text) (Identity (NonEmpty Text)) forall s t a b. (Coercible s a, Coercible t b) => Iso s t a b Lens.coerced (Tagged (NonEmpty Text) (Identity (NonEmpty Text)) -> Tagged (NonEmpty Text) (Identity (NonEmpty Text))) -> NonEmpty Text -> NonEmpty Text forall t b. AReview t b -> b -> t Lens.# NonEmpty Text pSecurityGroupIds_ } -- | The IDs of the subnets that you want Kinesis Data Firehose to use to -- create ENIs in the VPC of the Amazon ES destination. Make sure that the -- routing tables and inbound and outbound rules allow traffic to flow from -- the subnets whose IDs are specified here to the subnets that have the -- destination Amazon ES endpoints. Kinesis Data Firehose creates at least -- one ENI in each of the subnets that are specified here. Do not delete or -- modify these ENIs. -- -- The number of ENIs that Kinesis Data Firehose creates in the subnets -- specified here scales up and down automatically based on throughput. To -- enable Kinesis Data Firehose to scale up the number of ENIs to match -- throughput, ensure that you have sufficient quota. To help you calculate -- the quota you need, assume that Kinesis Data Firehose can create up to -- three ENIs for this delivery stream for each of the subnets specified -- here. For more information about ENI quota, see -- <https://docs.aws.amazon.com/vpc/latest/userguide/amazon-vpc-limits.html#vpc-limits-enis Network Interfaces> -- in the Amazon VPC Quotas topic. vpcConfiguration_subnetIds :: Lens.Lens' VpcConfiguration (Prelude.NonEmpty Prelude.Text) vpcConfiguration_subnetIds :: (NonEmpty Text -> f (NonEmpty Text)) -> VpcConfiguration -> f VpcConfiguration vpcConfiguration_subnetIds = (VpcConfiguration -> NonEmpty Text) -> (VpcConfiguration -> NonEmpty Text -> VpcConfiguration) -> Lens VpcConfiguration VpcConfiguration (NonEmpty Text) (NonEmpty Text) forall s a b t. (s -> a) -> (s -> b -> t) -> Lens s t a b Lens.lens (\VpcConfiguration' {NonEmpty Text subnetIds :: NonEmpty Text $sel:subnetIds:VpcConfiguration' :: VpcConfiguration -> NonEmpty Text subnetIds} -> NonEmpty Text subnetIds) (\s :: VpcConfiguration s@VpcConfiguration' {} NonEmpty Text a -> VpcConfiguration s {$sel:subnetIds:VpcConfiguration' :: NonEmpty Text subnetIds = NonEmpty Text a} :: VpcConfiguration) ((NonEmpty Text -> f (NonEmpty Text)) -> VpcConfiguration -> f VpcConfiguration) -> ((NonEmpty Text -> f (NonEmpty Text)) -> NonEmpty Text -> f (NonEmpty Text)) -> (NonEmpty Text -> f (NonEmpty Text)) -> VpcConfiguration -> f VpcConfiguration forall b c a. (b -> c) -> (a -> b) -> a -> c Prelude.. (NonEmpty Text -> f (NonEmpty Text)) -> NonEmpty Text -> f (NonEmpty Text) forall s t a b. (Coercible s a, Coercible t b) => Iso s t a b Lens.coerced -- | The ARN of the IAM role that you want the delivery stream to use to -- create endpoints in the destination VPC. You can use your existing -- Kinesis Data Firehose delivery role or you can specify a new role. In -- either case, make sure that the role trusts the Kinesis Data Firehose -- service principal and that it grants the following permissions: -- -- - @ec2:DescribeVpcs@ -- -- - @ec2:DescribeVpcAttribute@ -- -- - @ec2:DescribeSubnets@ -- -- - @ec2:DescribeSecurityGroups@ -- -- - @ec2:DescribeNetworkInterfaces@ -- -- - @ec2:CreateNetworkInterface@ -- -- - @ec2:CreateNetworkInterfacePermission@ -- -- - @ec2:DeleteNetworkInterface@ -- -- If you revoke these permissions after you create the delivery stream, -- Kinesis Data Firehose can\'t scale out by creating more ENIs when -- necessary. You might therefore see a degradation in performance. vpcConfiguration_roleARN :: Lens.Lens' VpcConfiguration Prelude.Text vpcConfiguration_roleARN :: (Text -> f Text) -> VpcConfiguration -> f VpcConfiguration vpcConfiguration_roleARN = (VpcConfiguration -> Text) -> (VpcConfiguration -> Text -> VpcConfiguration) -> Lens VpcConfiguration VpcConfiguration Text Text forall s a b t. (s -> a) -> (s -> b -> t) -> Lens s t a b Lens.lens (\VpcConfiguration' {Text roleARN :: Text $sel:roleARN:VpcConfiguration' :: VpcConfiguration -> Text roleARN} -> Text roleARN) (\s :: VpcConfiguration s@VpcConfiguration' {} Text a -> VpcConfiguration s {$sel:roleARN:VpcConfiguration' :: Text roleARN = Text a} :: VpcConfiguration) -- | The IDs of the security groups that you want Kinesis Data Firehose to -- use when it creates ENIs in the VPC of the Amazon ES destination. You -- can use the same security group that the Amazon ES domain uses or -- different ones. If you specify different security groups here, ensure -- that they allow outbound HTTPS traffic to the Amazon ES domain\'s -- security group. Also ensure that the Amazon ES domain\'s security group -- allows HTTPS traffic from the security groups specified here. If you use -- the same security group for both your delivery stream and the Amazon ES -- domain, make sure the security group inbound rule allows HTTPS traffic. -- For more information about security group rules, see -- <https://docs.aws.amazon.com/vpc/latest/userguide/VPC_SecurityGroups.html#SecurityGroupRules Security group rules> -- in the Amazon VPC documentation. vpcConfiguration_securityGroupIds :: Lens.Lens' VpcConfiguration (Prelude.NonEmpty Prelude.Text) vpcConfiguration_securityGroupIds :: (NonEmpty Text -> f (NonEmpty Text)) -> VpcConfiguration -> f VpcConfiguration vpcConfiguration_securityGroupIds = (VpcConfiguration -> NonEmpty Text) -> (VpcConfiguration -> NonEmpty Text -> VpcConfiguration) -> Lens VpcConfiguration VpcConfiguration (NonEmpty Text) (NonEmpty Text) forall s a b t. (s -> a) -> (s -> b -> t) -> Lens s t a b Lens.lens (\VpcConfiguration' {NonEmpty Text securityGroupIds :: NonEmpty Text $sel:securityGroupIds:VpcConfiguration' :: VpcConfiguration -> NonEmpty Text securityGroupIds} -> NonEmpty Text securityGroupIds) (\s :: VpcConfiguration s@VpcConfiguration' {} NonEmpty Text a -> VpcConfiguration s {$sel:securityGroupIds:VpcConfiguration' :: NonEmpty Text securityGroupIds = NonEmpty Text a} :: VpcConfiguration) ((NonEmpty Text -> f (NonEmpty Text)) -> VpcConfiguration -> f VpcConfiguration) -> ((NonEmpty Text -> f (NonEmpty Text)) -> NonEmpty Text -> f (NonEmpty Text)) -> (NonEmpty Text -> f (NonEmpty Text)) -> VpcConfiguration -> f VpcConfiguration forall b c a. (b -> c) -> (a -> b) -> a -> c Prelude.. (NonEmpty Text -> f (NonEmpty Text)) -> NonEmpty Text -> f (NonEmpty Text) forall s t a b. (Coercible s a, Coercible t b) => Iso s t a b Lens.coerced instance Prelude.Hashable VpcConfiguration instance Prelude.NFData VpcConfiguration instance Core.ToJSON VpcConfiguration where toJSON :: VpcConfiguration -> Value toJSON VpcConfiguration' {NonEmpty Text Text securityGroupIds :: NonEmpty Text roleARN :: Text subnetIds :: NonEmpty Text $sel:securityGroupIds:VpcConfiguration' :: VpcConfiguration -> NonEmpty Text $sel:roleARN:VpcConfiguration' :: VpcConfiguration -> Text $sel:subnetIds:VpcConfiguration' :: VpcConfiguration -> NonEmpty Text ..} = [Pair] -> Value Core.object ( [Maybe Pair] -> [Pair] forall a. [Maybe a] -> [a] Prelude.catMaybes [ Pair -> Maybe Pair forall a. a -> Maybe a Prelude.Just (Text "SubnetIds" Text -> NonEmpty Text -> Pair forall kv v. (KeyValue kv, ToJSON v) => Text -> v -> kv Core..= NonEmpty Text subnetIds), Pair -> Maybe Pair forall a. a -> Maybe a Prelude.Just (Text "RoleARN" Text -> Text -> Pair forall kv v. (KeyValue kv, ToJSON v) => Text -> v -> kv Core..= Text roleARN), Pair -> Maybe Pair forall a. a -> Maybe a Prelude.Just (Text "SecurityGroupIds" Text -> NonEmpty Text -> Pair forall kv v. (KeyValue kv, ToJSON v) => Text -> v -> kv Core..= NonEmpty Text securityGroupIds) ] )