Class: Aws::Firehose::Types::VpcConfigurationDescription

Inherits:
Struct
  • Object
show all
Includes:
Structure
Defined in:
lib/aws-sdk-firehose/types.rb

Overview

The details of the VPC of the Amazon ES destination.

See Also:

Constant Summary collapse

SENSITIVE = 
[]

Instance Attribute Summary collapse

Instance Attribute Details

#role_arnString

The ARN of the IAM role that the Firehose stream uses to create endpoints in the destination VPC. You can use your existing Firehose delivery role or you can specify a new role. In either case, make sure that the role trusts the Firehose service principal and that it grants the following permissions:

  • ‘ec2:DescribeVpcs`

  • ‘ec2:DescribeVpcAttribute`

  • ‘ec2:DescribeSubnets`

  • ‘ec2:DescribeSecurityGroups`

  • ‘ec2:DescribeNetworkInterfaces`

  • ‘ec2:CreateNetworkInterface`

  • ‘ec2:CreateNetworkInterfacePermission`

  • ‘ec2:DeleteNetworkInterface`

If you revoke these permissions after you create the Firehose stream, Firehose can’t scale out by creating more ENIs when necessary. You might therefore see a degradation in performance.

Returns:

  • (String) 


5755
5756
5757
5758
5759
5760
5761
5762
 
# File 'lib/aws-sdk-firehose/types.rb', line 5755

class VpcConfigurationDescription < Struct.new(
  :subnet_ids,
  :role_arn,
  :security_group_ids,
  :vpc_id)
  SENSITIVE = []
  include Aws::Structure
end

#security_group_idsArray<String>

The IDs of the security groups that Firehose uses when it creates ENIs in the VPC of the Amazon ES destination. You can use the same security group that the Amazon ES domain uses or different ones. If you specify different security groups, ensure that they allow outbound HTTPS traffic to the Amazon ES domain’s security group. Also ensure that the Amazon ES domain’s security group allows HTTPS traffic from the security groups specified here. If you use the same security group for both your Firehose stream and the Amazon ES domain, make sure the security group inbound rule allows HTTPS traffic. For more information about security group rules, see

Security group rules][1

in the Amazon VPC documentation.

[1]: docs.aws.amazon.com/vpc/latest/userguide/VPC_SecurityGroups.html#SecurityGroupRules

Returns:

  • (Array<String>) 


5755
5756
5757
5758
5759
5760
5761
5762
 
# File 'lib/aws-sdk-firehose/types.rb', line 5755

class VpcConfigurationDescription < Struct.new(
  :subnet_ids,
  :role_arn,
  :security_group_ids,
  :vpc_id)
  SENSITIVE = []
  include Aws::Structure
end

#subnet_idsArray<String>

The IDs of the subnets that Firehose uses to create ENIs in the VPC of the Amazon ES destination. Make sure that the routing tables and inbound and outbound rules allow traffic to flow from the subnets whose IDs are specified here to the subnets that have the destination Amazon ES endpoints. Firehose creates at least one ENI in each of the subnets that are specified here. Do not delete or modify these ENIs.

The number of ENIs that Firehose creates in the subnets specified here scales up and down automatically based on throughput. To enable Firehose to scale up the number of ENIs to match throughput, ensure that you have sufficient quota. To help you calculate the quota you need, assume that Firehose can create up to three ENIs for this Firehose stream for each of the subnets specified here. For more information about ENI quota, see [Network Interfaces ][1] in the Amazon VPC Quotas topic.

[1]: docs.aws.amazon.com/vpc/latest/userguide/amazon-vpc-limits.html#vpc-limits-enis

Returns:

  • (Array<String>) 


5755
5756
5757
5758
5759
5760
5761
5762
 
# File 'lib/aws-sdk-firehose/types.rb', line 5755

class VpcConfigurationDescription < Struct.new(
  :subnet_ids,
  :role_arn,
  :security_group_ids,
  :vpc_id)
  SENSITIVE = []
  include Aws::Structure
end

#vpc_idString

The ID of the Amazon ES destination’s VPC.

Returns:

  • (String) 


5755
5756
5757
5758
5759
5760
5761
5762
 
# File 'lib/aws-sdk-firehose/types.rb', line 5755

class VpcConfigurationDescription < Struct.new(
  :subnet_ids,
  :role_arn,
  :security_group_ids,
  :vpc_id)
  SENSITIVE = []
  include Aws::Structure
end