# TOSCA reference for AWS TNB
TOSCA reference
Topology and Orchestration Specification for Cloud Applications (TOSCA) is a declarative syntax that CSPs use to describe a topology of cloud based web services, their components, relationships, and the processes that manage them. CSPs describe the connection points, the logical links between the connection points, and the policies such as affinity and security in a TOSCA template. CSPs then upload the template to AWS TNB which synthesizes the resources needed to establish a functioning 5G network across AWS Availability Zones.
**Topics**
+ [
# VNFD template
](vnfd-template.md)
+ [
# Network service descriptor template
](nsd-template.md)
+ [
# Common nodes
](common-nodes.md)
# VNFD template
VNFD template
Defines a virtual network function descriptor (VNFD) template.
## Syntax
```
tosca_definitions_version: tnb_simple_yaml_1_0
topology_template:
inputs:
SampleInputParameter:
type: String
description: "Sample parameter description"
default: "DefaultSampleValue"
node\$1templates:
SampleNode1: tosca.nodes.AWS.VNF
```
## Topology template
`node_templates`
The TOSCA AWS Nodes. The possible nodes are:
+ [AWS.VNF](node-vnf.md)
+ [AWS.Artifacts.Helm](node-helm.md)
# AWS.VNF
AWS.VNF
Defines an AWS virtual network function (VNF) node.
## Syntax
```
tosca.nodes.AWS.VNF:
properties:
descriptor\$1id: String
descriptor\$1version: String
descriptor\$1name: String
provider: String
requirements:
helm: String
```
## Properties
`descriptor_id`
The UUID of the descriptor.
Required: Yes
Type: String
Pattern: `[a-f0-9]{8}-[a-f0-9]{4}-[a-f0-9]{4}-[a-f0-9]{4}-[a-f0-9]{12}`
`descriptor_version`
The version of the VNFD.
Required: Yes
Type: String
Pattern: `^[0-9]{1,5}\\.[0-9]{1,5}\\.[0-9]{1,5}.*`
`descriptor_name`
The name of the descriptor.
Required: Yes
Type: String
`provider`
The author of the VNFD.
Required: Yes
Type: String
## Requirements
`helm`
The Helm directory defining container artifacts. This is a reference to [AWS.Artifacts.Helm](node-helm.md).
Required: Yes
Type: String
## Example
```
SampleVNF:
type: tosca.nodes.AWS.VNF
properties:
descriptor_id: "6a792e0c-be2a-45fa-989e-5f89d94ca898"
descriptor_version: "1.0.0"
descriptor_name: "Test VNF Template"
provider: "Operator"
requirements:
helm: SampleHelm
```
# AWS.Artifacts.Helm
AWS.Artifacts.Helm
Defines an AWS Helm Node.
## Syntax
```
tosca.nodes.AWS.Artifacts.Helm:
properties:
implementation: String
```
## Properties
`implementation`
The local directory that contains the Helm chart within the CSAR package.
Required: Yes
Type: String
## Example
```
SampleHelm:
type: tosca.nodes.AWS.Artifacts.Helm
properties:
implementation: "./vnf-helm"
```
# Network service descriptor template
NSD template
Defines a network service descriptor (NSD) template.
## Syntax
```
tosca_definitions_version: tnb_simple_yaml_1_0
vnfds:
- descriptor\$1id: String
namespace: String
topology_template:
inputs:
SampleInputParameter:
type: String
description: "Sample parameter description"
default: "DefaultSampleValue"
node\$1templates:
SampleNode1: tosca.nodes.AWS.NS
```
## Using defined parameters
When you want to dynamically pass a parameter, such as the CIDR block for the VPC node, you can use the `{ get_input: input-parameter-name }` syntax and define the parameters in the NSD template. Then reuse the parameter across the same NSD template.
The following example shows how to define and use parameters:
```
tosca_definitions_version: tnb_simple_yaml_1_0
topology_template:
inputs:
cidr_block:
type: String
description: "CIDR Block for VPC"
default: "10.0.0.0/24"
node_templates:
ExampleSingleClusterNS:
type: tosca.nodes.AWS.NS
properties:
descriptor_id: "a1b2c3d4-5678-90ab-cdef-EXAMPLE11111"
.....
ExampleVPC:
type: tosca.nodes.AWS.Networking.VPC
properties:
cidr_block: { get_input: cidr_block }
```
## VNFD import
`descriptor_id`
The UUID of the descriptor.
Required: Yes
Type: String
Pattern: `[a-f0-9]{8}-[a-f0-9]{4}-[a-f0-9]{4}-[a-f0-9]{4}-[a-f0-9]{12}`
`namespace`
The unique name.
Required: Yes
Type: String
## Topology template
`node_templates`
The possible TOSCA AWS nodes are:
+ [AWS.NS](node-ns.md)
+ [AWS.Compute.EKS](node-eks.md)
+ [AWS.Compute.EKS.AuthRole](node-eks-authrole.md)
+ [AWS.Compute.EKSManagedNode](node-eks-managed-node.md)
+ [AWS.Compute.EKSSelfManagedNode](node-eks-self-managed.md)
+ [AWS.Compute.PlacementGroup](node-compute-placement-group.md)
+ [AWS.Compute.UserData](node-compute-user-data.md)
+ [AWS.Networking.SecurityGroup](node-networking-security-group.md)
+ [AWS.Networking.SecurityGroupEgressRule](node-networking-security-group-egress-rule.md)
+ [AWS.Networking.SecurityGroupIngressRule](node-networking-security-group-ingress-rule.md)
+ [AWS.Resource.Import](node-resource-import.md)
+ [AWS.Networking.ENI](node-eni.md)
+ [AWS.HookExecution](node-hook-execution.md)
+ [AWS.Networking.InternetGateway](node-internet-gateway.md)
+ [AWS.Networking.RouteTable](node-route-table.md)
+ [AWS.Networking.Subnet](node-subnet.md)
+ [AWS.Deployment.VNFDeployment](node-vnf-deployment.md)
+ [AWS.Networking.VPC](node-vpc.md)
+ [AWS.Networking.NATGateway](node-nat-gateway.md)
+ [AWS.Networking.Route](node-route.md)
# AWS.NS
AWS.NS
Defines an AWS network service (NS) node.
## Syntax
```
tosca.nodes.AWS.NS:
properties:
descriptor\$1id: String
descriptor\$1version: String
descriptor\$1name: String
```
## Properties
`descriptor_id`
The UUID of the descriptor.
Required: Yes
Type: String
Pattern: `[a-f0-9]{8}-[a-f0-9]{4}-[a-f0-9]{4}-[a-f0-9]{4}-[a-f0-9]{12}`
`descriptor_version`
The version of the NSD.
Required: Yes
Type: String
Pattern: `^[0-9]{1,5}\\.[0-9]{1,5}\\.[0-9]{1,5}.*`
`descriptor_name`
The name of the descriptor.
Required: Yes
Type: String
## Example
```
SampleNS:
type: tosca.nodes.AWS.NS
properties:
descriptor_id: "a1b2c3d4-5678-90ab-cdef-EXAMPLE11111"
descriptor_version: "1.0.0"
descriptor_name: "Test NS Template"
```
# AWS.Compute.EKS
AWS.Compute.EKS
Provide the name of the cluster, the desired Kubernetes version, and a role that allows the Kubernetes control plane to manage the AWS resources required for your NFs. Multus container network interface (CNI) plugins are enabled. You can attach multiple network interfaces and apply advanced network configuration to the Kubernetes-based network functions. You also specify the cluster endpoint access and the subnets for your cluster.
## Syntax
```
tosca.nodes.AWS.Compute.EKS:
capabilities:
multus:
properties:
enabled: Boolean
multus\$1role: String
ebs\$1csi:
properties:
enabled: Boolean
version: String
properties:
version: String
access: String
cluster\$1role: String
tags: List
ip\$1family: String
requirements:
subnets: List
```
## Capabilities
`multus`
Optional. Properties that define the Multus container network interface (CNI) usage.
If you include `multus`, specify the `enabled` and `multus_role` properties.
`enabled`
Indicates whether the default Multus capability is enabled.
Required: Yes
Type: Boolean
`multus_role`
The role for Multus network interface management.
Required: Yes
Type: String`ebs_csi`
Properties that define the Amazon EBS Container Storage Interface (CSI) driver installed in the Amazon EKS cluster.
Enable this plugin to use Amazon EKS self-managed nodes on AWS Outposts, AWS Local Zones, or AWS Regions. For more information, see [Amazon Elastic Block Store CSI driver](https://docs.aws.amazon.com/eks/latest/userguide/ebs-csi.html) in the **Amazon EKS User Guide**.
`enabled`
Indicates whether the default Amazon EBS CSI driver is installed.
Required: No
Type: Boolean
`version`
The version of the Amazon EBS CSI driver add-on. The version must match one of the versions returned by the *DescribeAddonVersions* action. For more information, see [DescribeAddonVersions](https://docs.aws.amazon.com/eks/latest/APIReference/API_DescribeAddonVersions.html) in the *Amazon EKS API Reference*
Required: No
Type: String
## Properties
`version`
The Kubernetes version for the cluster. AWS Telco Network Builder supports Kubernetes versions 1.25 through 1.32.
Required: Yes
Type: String
Possible values: 1.25 \$1 1.26 \$1 1.27 \$1 1.28 \$1 1.29 \$1 1.30 \$1 1.31 \$1 1.32
`access`
The cluster endpoint access.
Required: Yes
Type: String
Possible values: `PRIVATE` \$1 `PUBLIC` \$1 `ALL`
`cluster_role`
The role for cluster management.
Required: Yes
Type: String
`tags`
Tags to be attached to the resource.
Required: No
Type: List
`ip_family`
Indicates the IP family for service and pod addresses in the cluster.
Allowed value: `IPv4`, `IPv6`
Default value: `IPv4`
Required: No
Type: String
## Requirements
`subnets`
An [AWS.Networking.Subnet](node-subnet.md) node.
Required: Yes
Type: List
## Example
```
SampleEKS:
type: tosca.nodes.AWS.Compute.EKS
properties:
version: "1.26"
access: "ALL"
cluster_role: "arn:aws:iam::${AWS::TNB::AccountId}:role/SampleRole"
ip_family: "IPv6"
tags:
- "Name=SampleVPC"
- "Environment=Testing"
capabilities:
multus:
properties:
enabled: true
multus_role: "arn:aws:iam::${AWS::TNB::AccountId}:role/MultusRole"
ebs_csi:
properties:
enabled: true
version: "v1.16.0-eksbuild.1"
requirements:
subnets:
- SampleSubnet01
- SampleSubnet02
```
# AWS.Compute.EKS.AuthRole
AWS.Compute.EKS.AuthRole
An AuthRole allows you to add IAM roles to the Amazon EKS cluster `aws-auth` `ConfigMap` so that users can access the Amazon EKS cluster using an IAM role.
## Syntax
```
tosca.nodes.AWS.Compute.EKS.AuthRole:
properties:
role\$1mappings: List
arn: String
groups: List
requirements:
clusters: List
```
## Properties
`role_mappings`
List of mappings that define IAM roles that need to be added to the Amazon EKS cluster `aws-auth` `ConfigMap`.
`arn`
The ARN of the IAM role.
Required: Yes
Type: String
`groups`
Kubernetes groups to assign to the role defined in `arn`.
Required: No
Type: List
## Requirements
`clusters`
An [AWS.Compute.EKS](node-eks.md) node.
Required: Yes
Type: List
## Example
```
EKSAuthMapRoles:
type: tosca.nodes.AWS.Compute.EKS.AuthRole
properties:
role_mappings:
- arn: arn:aws:iam::${AWS::TNB::AccountId}:role/TNBHookRole1
groups:
- system:nodes
- system:bootstrappers
- arn: arn:aws:iam::${AWS::TNB::AccountId}:role/TNBHookRole2
groups:
- system:nodes
- system:bootstrappers
requirements:
clusters:
- Free5GCEKS1
- Free5GCEKS2
```
# AWS.Compute.EKSManagedNode
AWS.Compute.EKSManagedNode
AWS TNB supports EKS Managed Node groups to automate the provisioning and lifecycle management of nodes (Amazon EC2 instances) for Amazon EKS Kubernetes clusters. To create an EKS Node group, do the following:
+ Choose the Amazon Machine Images (AMI) for your cluster workers nodes by providing either the ID of the AMI or the AMI type.
+ Provide an Amazon EC2 key pair for SSH access and the scaling properties for your node group.
+ Ensure that your node group is associated with an Amazon EKS cluster.
+ Provide the subnets for the worker nodes.
+ Optionally, attach security groups, node labels, and a placement group to your node group.
## Syntax
```
tosca.nodes.AWS.Compute.EKSManagedNode:
capabilities:
compute:
properties:
ami\$1type: String
ami\$1id: String
instance\$1types: List
key\$1pair: String
root\$1volume\$1encryption: Boolean
root\$1volume\$1encryption\$1key\$1arn: String
root\$1volume\$1size: Integer
scaling:
properties:
desired\$1size: Integer
min\$1size: Integer
max\$1size: Integer
properties:
node\$1role: String
tags: List
kubernetes\$1version: String
requirements:
cluster: String
subnets: List
network\$1interfaces: List
security\$1groups: List
placement\$1group: String
user\$1data: String
labels: List
```
## Capabilities
`compute`
Properties that define the computing parameters for the Amazon EKS managed node group, such as, Amazon EC2 instance types and Amazon EC2 instance AMIs.
`ami_type`
The Amazon EKS-supported AMI type.
Required: Yes
Type: String
Possible values: `AL2_x86_64` \$1 `AL2_x86_64_GPU` \$1 `AL2_ARM_64` \$1 `AL2023_x86_64` \$1 `AL2023_ARM_64` \$1 `AL2023_x86_64_NVIDIA` \$1 `AL2023_x86_64_NEURON` \$1 `CUSTOM` \$1 `BOTTLEROCKET_ARM_64` \$1 `BOTTLEROCKET_x86_64` \$1 `BOTTLEROCKET_ARM_64_NVIDIA` \$1 `BOTTLEROCKET_x86_64_NVIDIA`
`ami_id`
The ID of the AMI.
Required: No
Type: String
If both `ami_type` and `ami_id` are specified in the template, AWS TNB will use only the `ami_id` value to create `EKSManagedNode`.
`instance_types`
The instance size.
Required: Yes
Type: List
`key_pair`
The EC2 Key pair to enable SSH access.
Required: Yes
Type: String
`root_volume_encryption`
Enables Amazon EBS encryption for the Amazon EBS root volume. If this property is not provided, AWS TNB encrypts Amazon EBS root volumes by default.
Required: No
Default: true
Type: Boolean
`root_volume_encryption_key_arn`
The ARN of the AWS KMS key. AWS TNB supports regular key ARN, multi-region key ARN and alias ARN.
Required: No
Type: String
+ If `root_volume_encryption` is false, do not include `root_volume_encryption_key_arn`.
+ AWS TNB supports root volume encryption of Amazon EBS-backed AMI’s.
+ If the AMI's root volume is already encrypted, you must include the `root_volume_encryption_key_arn` for AWS TNB to re-encrypt the root volume.
+ If the AMI's root volume is not encrypted, AWS TNB uses the `root_volume_encryption_key_arn` to encrypt the root volume.
If you do not include `root_volume_encryption_key_arn`, AWS TNB uses the default key provided by AWS Key Management Service to encrypt the root volume.
+ AWS TNB does not decrypt an encrypted AMI.
`root_volume_size`
The size of the Amazon Elastic Block Store root volume in GiBs.
Required: No
Default: 20
Type: Integer
Possible values: 1 to 16,384`scaling`
Properties that define the scaling parameters for the Amazon EKS managed node group, such as, the desired number of Amazon EC2 instances, and minimum and maximum number of Amazon EC2 instances in the node group.
`desired_size`
The number of instances in this NodeGroup.
Required: Yes
Type: Integer
`min_size`
The minimum number of instances in this NodeGroup.
Required: Yes
Type: Integer
`max_size`
The maximum number of instances in this NodeGroup.
Required: Yes
Type: Integer
## Properties
`node_role`
The ARN of the IAM role that is attached to the Amazon EC2 instance.
Required: Yes
Type: String
`tags`
The tags to be attached to the resource.
Required: No
Type: List
`kubernetes_version`
The Kubernetes version for the Managed Node group. AWS TNB supports Kubernetes versions 1.25 through 1.32. Consider the following:
+ Specify either the `kubernetes_version` or `ami_id`. Do not specify both.
+ The `kubernetes_version` must be less than or equal to the AWS.Compute.EKSManagedNode version.
+ There can be a difference of 3 versions between the AWS.Compute.EKSManagedNode version and `kubernetes_version`.
+ If neither the `kubernetes_version` or `ami_id` are specified, AWS TNB will use the latest AMI of the `AWS.Compute.EKSManagedNode` version to create `EKSManagedNode`
Required: No
Type: String
Possible values: 1.25 \$1 1.26 \$1 1.27 \$1 1.28 \$1 1.29 \$1 1.30 \$1 1.31 \$1 1.32
## Requirements
`cluster`
An [AWS.Compute.EKS](node-eks.md) node.
Required: Yes
Type: String
`subnets`
An [AWS.Networking.Subnet](node-subnet.md) node.
Required: Yes
Type: List
`network_interfaces`
An [AWS.Networking.ENI](node-eni.md) node. Ensure that the network interfaces and subnets are set to the same Availability Zone or instantiation will fail.
When you set `network_interfaces`, AWS TNB obtains the permission related to ENIs from the `multus_role` property if you included the `multus` property in the [AWS.Compute.EKS](https://docs.aws.amazon.com/tnb/latest/ug/node-eks.html) node. Otherwise, AWS TNB obtains the permission related to ENIs from the [node\$1role](#node_eks_managed_node_node_role) property.
Required: No
Type: List
`security_groups`
An [AWS.Networking.SecurityGroup](node-networking-security-group.md) node.
Required: No
Type: List
`placement_group`
A [tosca.nodes.AWS.Compute.PlacementGroup](node-compute-placement-group.md) node.
Required: No
Type: String
`user_data`
A [tosca.nodes.AWS.Compute.UserData](node-compute-user-data.md) node reference. A user data script is passed to the Amazon EC2 instances launched by the managed node group. Add the permissions required to run custom user data to the node\$1role passed to the node group.
Required: No
Type: String
`labels`
A list of node labels. A node label must have a name and a value. Create a label using the following criteria:
+ The name and value must be separated by `=`.
+ The name and value can each be up to 63 characters in length.
+ The label can include letters (A-Z, a-z,), numbers (0-9) and the following characters: `[-, _, ., *, ?]`
+ The name and value must start and end with an alphanumeric, `?`, or `*` character.
For example, `myLabelName1=*NodeLabelValue1`
Required: No
Type: List
## Example
```
SampleEKSManagedNode:
type: tosca.nodes.AWS.Compute.EKSManagedNode
capabilities:
compute:
properties:
ami_type: "AL2_x86_64"
instance_types:
- "t3.xlarge"
key_pair: "SampleKeyPair"
root_volume_encryption: true
root_volume_encryption_key_arn: "arn:aws:kms:us-west-2:111122223333:key/1234abcd-12ab-34cd-56ef-1234567890ab"
root_volume_size: 1500
scaling:
properties:
desired_size: 1
min_size: 1
max_size: 1
properties:
node_role: "arn:aws:iam::${AWS::TNB::AccountId}:role/SampleRole"
tags:
- "Name=SampleVPC"
- "Environment=Testing"
kubernetes_version:
- "1.30"
requirements:
cluster: SampleEKS
subnets:
- SampleSubnet
network_interfaces:
- SampleENI01
- SampleENI02
security_groups:
- SampleSecurityGroup01
- SampleSecurityGroup02
placement_group: SamplePlacementGroup
user_data: CustomUserData
labels:
- "sampleLabelName001=sampleLabelValue001"
- "sampleLabelName002=sampleLabelValue002"
```
# AWS.Compute.EKSSelfManagedNode
AWS.Compute.EKSSelfManagedNode
AWS TNB supports Amazon EKS self-managed nodes to automate the provisioning and lifecycle management of nodes (Amazon EC2 instances) for Amazon EKS Kubernetes clusters. To create an Amazon EKS node group, do the following:
+ Choose the Amazon Machine Images (AMI) for your cluster workers nodes by providing either the ID of the AMI.
+ Provide an Amazon EC2 key pair for SSH access.
+ Ensure that your node group is associated with an Amazon EKS cluster.
+ Provide the instance type and desired, minimum, and maximum sizes.
+ Provide the subnets for the worker nodes.
+ Optionally, attach security groups, node labels, and a placement group to your node group.
## Syntax
```
tosca.nodes.AWS.Compute.EKSSelfManagedNode:
capabilities:
compute:
properties:
ami\$1id: String
instance\$1type: String
key\$1pair: String
root\$1volume\$1encryption: Boolean
root\$1volume\$1encryption\$1key\$1arn: String
root\$1volume\$1size: Integer
scaling:
properties:
desired\$1size: Integer
min\$1size: Integer
max\$1size: Integer
properties:
node\$1role: String
tags: List
requirements:
cluster: String
subnets: List
network\$1interfaces: List
security\$1groups: List
placement\$1group: String
user\$1data: String
labels: List
```
## Capabilities
`compute`
Properties that define the computing parameters for the Amazon EKS self-managed nodes, such as, Amazon EC2 instance types and Amazon EC2 instance AMIs.
`ami_id`
The AMI ID used to launch the instance. AWS TNB supports instances that leverage IMDSv2. For more information, see [IMDS version](imds-version.md).
You can update the AMI ID for `EKSSelfManagedNode`. The Amazon EKS version of the AMI must be the same as or up to 2 versions lower than the Amazon EKS cluster version. For example if the Amazon EKS cluster version is 1.31, then the Amazon EKS AMI version must be 1.31, 1.30, or 1.29.
Required: Yes
Type: String
`instance_type`
The instance size.
Required: Yes
Type: String
`key_pair`
The Amazon EC2 key pair to enable SSH access.
Required: Yes
Type: String
`root_volume_encryption`
Enables Amazon EBS encryption for the Amazon EBS root volume. If this property is not provided, AWS TNB encrypts Amazon EBS root volumes by default.
Required: No
Default: true
Type: Boolean
`root_volume_encryption_key_arn`
The ARN of the AWS KMS key. AWS TNB supports regular key ARN, multi-region key ARN and alias ARN.
Required: No
Type: String
+ If `root_volume_encryption` is false, do not include `root_volume_encryption_key_arn`.
+ AWS TNB supports root volume encryption of Amazon EBS-backed AMI’s.
+ If the AMI's root volume is already encrypted, you must include the `root_volume_encryption_key_arn` for AWS TNB to re-encrypt the root volume.
+ If the AMI's root volume is not encrypted, AWS TNB uses the `root_volume_encryption_key_arn` to encrypt the root volume.
If you do not include `root_volume_encryption_key_arn`, AWS TNB uses AWS Managed Services to encrypt the root volume.
+ AWS TNB does not decrypt an encrypted AMI.
`root_volume_size`
The size of the Amazon Elastic Block Store root volume in GiBs.
Required: No
Default: 20
Type: Integer
Possible values: 1 to 16,384`scaling`
Properties that define the scaling parameters for the Amazon EKS self-managed nodes, such as, the desired number of Amazon EC2 instances, and minimum and maximum number of Amazon EC2 instances in the node group.
`desired_size`
The number of instances in this NodeGroup.
Required: Yes
Type: Integer
`min_size`
The minimum number of instances in this NodeGroup.
Required: Yes
Type: Integer
`max_size`
The maximum number of instances in this NodeGroup.
Required: Yes
Type: Integer
## Properties
`node_role`
The ARN of the IAM role that is attached to the Amazon EC2 instance.
Required: Yes
Type: String
`tags`
The tags to be attached to the resource. Tags will be propagated to the instances created by the resource.
Required: No
Type: List
## Requirements
`cluster`
An [AWS.Compute.EKS](node-eks.md) node.
Required: Yes
Type: String
`subnets`
An [AWS.Networking.Subnet](node-subnet.md) node.
Required: Yes
Type: List
`network_interfaces`
An [AWS.Networking.ENI](node-eni.md) node. Ensure that the network interfaces and subnets are set to the same Availability Zone or instantiation will fail.
When you set `network_interfaces`, AWS TNB obtains the permission related to ENIs from the `multus_role` property if you included the `multus` property in the [AWS.Compute.EKS](https://docs.aws.amazon.com/tnb/latest/ug/node-eks.html) node. Otherwise, AWS TNB obtains the permission related to ENIs from the [node\$1role](#node_eks_self_managed_node_role) property.
Required: No
Type: List
`security_groups`
An [AWS.Networking.SecurityGroup](node-networking-security-group.md) node.
Required: No
Type: List
`placement_group`
A [tosca.nodes.AWS.Compute.PlacementGroup](node-compute-placement-group.md) node.
Required: No
Type: String
`user_data`
A [tosca.nodes.AWS.Compute.UserData](node-compute-user-data.md) node reference. A user data script is passed to the Amazon EC2 instances launched by the self-managed node group. Add the permissions required for executing custom user data to the node\$1role passed to the node group.
Required: No
Type: String
`labels`
A list of node labels. A node label must have a name and a value. Create a label using the following criteria:
+ The name and value must be separated by `=`.
+ The name and value can each be up to 63 characters in length.
+ The label can include letters (A-Z, a-z,), numbers (0-9), and the following characters: `[-, _, ., *, ?]`
+ The name and value must start and end with an alphanumeric, `?`, or `*` character.
For example, `myLabelName1=*NodeLabelValue1`
Required: No
Type: List
## Example
```
SampleEKSSelfManagedNode:
type: tosca.nodes.AWS.Compute.EKSSelfManagedNode
capabilities:
compute:
properties:
ami_id: "ami-123123EXAMPLE"
instance_type: "c5.large"
key_pair: "SampleKeyPair"
root_volume_encryption: true
root_volume_encryption_key_arn: "arn:aws:kms:us-west-2:111122223333:key/1234abcd-12ab-34cd-56ef-1234567890ab"
root_volume_size: 1500
scaling:
properties:
desired_size: 1
min_size: 1
max_size: 1
properties:
node_role: "arn:aws:iam::${AWS::TNB::AccountId}:role/SampleNodeRole"
tags:
- "Name=SampleVPC"
- "Environment=Testing"
requirements:
cluster: SampleEKSCluster
subnets:
- SampleSubnet
network_interfaces:
- SampleNetworkInterface01
- SampleNetworkInterface02
security_groups:
- SampleSecurityGroup01
- SampleSecurityGroup02
placement_group: SamplePlacementGroup
user_data: CustomUserData
labels:
- "sampleLabelName001=sampleLabelValue001"
- "sampleLabelName002=sampleLabelValue002"
```
# AWS.Compute.PlacementGroup
AWS.Compute.PlacementGroup
A PlacementGroup node supports different strategies to place Amazon EC2 instances.
When you launch a new Amazon EC2instance, the Amazon EC2 service attempts to place the instance in such a way that all of your instances are spread out across underlying hardware to minimize correlated failures. You can use placement groups to influence the placement of a group of interdependent instances to meet the needs of your workload.
## Syntax
```
tosca.nodes.AWS.Compute.PlacementGroup
properties:
strategy: String
partition\$1count: Integer
tags: List
```
## Properties
`strategy`
The strategy to use to place Amazon EC2 instances.
Required: Yes
Type: String
Possible values: CLUSTER \$1 PARTITION \$1 SPREAD\$1HOST \$1 SPREAD\$1RACK
+ **CLUSTER** – packs instances close together inside an Availability Zone. This strategy enables workloads to achieve the low-latency network performance necessary for tightly-coupled node-to-node communication that is typical of high-performance computing (HPC) applications.
+ **PARTITION** – spreads your instances across logical partitions such that groups of instances in one partition do not share the underlying hardware with groups of instances in different partitions. This strategy is typically used by large distributed and replicated workloads, such as Hadoop, Cassandra, and Kafka.
+ **SPREAD\$1RACK** – places a small group of instances across distinct underlying hardware to reduce correlated failures.
+ **SPREAD\$1HOST** – used only with Outpost placement groups. Places a small group of instances across distinct underlying hardware to reduce correlated failures.
`partition_count`
The number of partitions.
Required: Required only when `strategy` is set to `PARTITION`.
Type: Integer
Possible values: 1 \$1 2 \$13 \$1 4 \$1 5 \$1 6 \$1 7
`tags`
The tags that you can attach to the placement group resource.
Required: No
Type: List
## Example
```
ExamplePlacementGroup:
type: tosca.nodes.AWS.Compute.PlacementGroup
properties:
strategy: "PARTITION"
partition_count: 5
tags:
- tag_key=tag_value
```
# AWS.Compute.UserData
AWS.Compute.UserData
AWS TNB supports launching Amazon EC2 instances with custom user data, through the UserData node in Network Service Descriptor (NSD). For more information about custom user data, see [User data and shell scripts](https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/user-data.html#user-data-shell-scripts) in the *Amazon EC2 User Guide*.
During network instantiation, AWS TNB provides the Amazon EC2 instance registration to the cluster through a user-data script. When custom user data is also provided, AWS TNB merges both scripts and passes them on as a [multimime](https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/user-data.html#user-data-mime-multi) script to Amazon EC2. The custom user-data script is run prior to the Amazon EKS registration script.
To use custom variables in the user-data script, add an exclamation mark `!` after the open curly brace `{`. For example, to use `MyVariable` in the script, enter: `{!MyVariable}`
**Note**
AWS TNB supports user-data scripts up to 7 KB in size.
Because AWS TNB uses CloudFormation to process and render the `multimime` user-data script, ensure that the script adheres to all CloudFormation rules.
## Syntax
```
tosca.nodes.AWS.Compute.UserData:
properties:
implementation: String
content\$1type: String
```
## Properties
`implementation`
The relative path to the user data script definition. The format must be: `./scripts/script_name.sh`
Required: Yes
Type: String
`content_type`
Content type of the user data script.
Required: Yes
Type: String
Possible values: `x-shellscript`
## Example
```
ExampleUserData:
type: tosca.nodes.AWS.Compute.UserData
properties:
content_type: "text/x-shellscript"
implementation: "./scripts/customUserData.sh"
```
# AWS.Networking.SecurityGroup
AWS.Networking.SecurityGroup
AWS TNB supports security groups to automate the provisioning of [Amazon EC2 Security Groups](https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ec2-security-groups.html) which you can attach to Amazon EKS Kubernetes cluster node groups.
## Syntax
```
tosca.nodes.AWS.Networking.SecurityGroup
properties:
description: String
name: String
tags: List
requirements:
vpc: String
```
## Properties
`description`
The description of the security group. You can use up to 255 characters to describe the group. You can include only letters (A-Z and a-z), numbers (0-9), spaces, and the following special characters: .\$1-:/()\$1,@[]\$1=&;\$1\$1\$1\$1\$1
Required: Yes
Type: String
`name`
A name for the security group. You can use up to 255 characters for the name. You can include only letters (A-Z and a-z), numbers (0-9), spaces, and the following special characters: .\$1-:/()\$1,@[]\$1=&;\$1\$1\$1\$1\$1
Required: Yes
Type: String
`tags`
The tags that you can attach to the security group resource.
Required: No
Type: List
## Requirements
`vpc`
An [AWS.Networking.VPC](node-vpc.md) node.
Required: Yes
Type: String
## Example
```
SampleSecurityGroup001:
type: tosca.nodes.AWS.Networking.SecurityGroup
properties:
description: "Sample Security Group for Testing"
name: "SampleSecurityGroup"
tags:
- "Name=SecurityGroup"
- "Environment=Testing"
requirements:
vpc: SampleVPC
```
# AWS.Networking.SecurityGroupEgressRule
AWS.Networking.SecurityGroupEgressRule
AWS TNB supports security group egress rules to automate the provisioning of Amazon EC2 Security Group Egress Rules which can be attached to AWS.Networking.SecurityGroup. Note that you must provide a cidr\$1ip/destination\$1security\$1group/destination\$1prefix\$1list as the destination for egress traffic.
## Syntax
```
AWS.Networking.SecurityGroupEgressRule
properties:
ip\$1protocol: String
from\$1port: Integer
to\$1port: Integer
description: String
destination\$1prefix\$1list: String
cidr\$1ip: String
cidr\$1ipv6: String
requirements:
security\$1group: String
destination\$1security\$1group: String
```
## Properties
`cidr_ip`
The IPv4 address range in CIDR format. You must specify a CIDR range that allows egress traffic.
Required: No
Type: String
`cidr_ipv6`
The IPv6 address range in CIDR format, for egress traffic. You must specify a destination security group (`destination_security_group` or `destination_prefix_list`) or a CIDR range (`cidr_ip` or `cidr_ipv6`).
Required: No
Type: String
`description`
The description of an egress (outbound) security group rule. You can use up to 255 characters to describe the rule.
Required: No
Type: String
`destination_prefix_list`
The prefix list ID of an existing Amazon VPC managed prefix list. This is the destination from node group instances associated with the security group. For more information on managed prefix lists, see [Managed prefix lists](https://docs.aws.amazon.com/vpc/latest/userguide/managed-prefix-lists.html) in the *Amazon VPC User Guide*.
Required: No
Type: String
`from_port`
If the protocol is TCP or UDP, this is the start of the port range. If the protocol is ICMP or ICMPv6, this is the type number. A value of -1 indicates all ICMP/ICMPv6 types. If you specify all ICMP/ICMPv6 types, you must specify all ICMP/ICMPv6 codes.
Required: No
Type: Integer
`ip_protocol`
The IP protocol name (tcp, udp, icmp, icmpv6) or protocol number. Use -1 to specify all protocols. When authorizing security group rules, specifying -1 or a protocol number other than tcp, udp, icmp, or icmpv6 allows traffic on all ports, regardless of any port range you specify. For tcp, udp, and icmp, you must specify a port range. For icmpv6, the port range is optional; if you omit the port range, traffic for all types and codes is allowed.
Required: Yes
Type: String
`to_port`
If the protocol is TCP or UDP, this is the end of the port range. If the protocol is ICMP or ICMPv6, this is the code. A value of -1 indicates all ICMP/ICMPv6 codes. If you specify all ICMP/ICMPv6 types, you must specify all ICMP/ICMPv6 codes.
Required: No
Type: Integer
## Requirements
`security_group`
The ID of the security group to which this rule is to be added.
Required: Yes
Type: String
`destination_security_group`
The ID or TOSCA reference of the destination security group to which egress traffic is allowed.
Required: No
Type: String
## Example
```
SampleSecurityGroupEgressRule:
type: tosca.nodes.AWS.Networking.SecurityGroupEgressRule
properties:
ip_protocol: "tcp"
from_port: 8000
to_port: 9000
description: "Egress Rule for sample security group"
cidr_ipv6: "2600:1f14:3758:ca00::/64"
requirements:
security_group: SampleSecurityGroup001
destination_security_group: SampleSecurityGroup002
```
# AWS.Networking.SecurityGroupIngressRule
AWS.Networking.SecurityGroupIngressRule
AWS TNB supports security group ingress rules to automate the provisioning of Amazon EC2 Security Group Ingress Rules which can be attached to AWS.Networking.SecurityGroup. Note that you must provide a cidr\$1ip/source\$1security\$1group/source\$1prefix\$1list as the source for ingress traffic.
## Syntax
```
AWS.Networking.SecurityGroupIngressRule
properties:
ip\$1protocol: String
from\$1port: Integer
to\$1port: Integer
description: String
source\$1prefix\$1list: String
cidr\$1ip: String
cidr\$1ipv6: String
requirements:
security\$1group: String
source\$1security\$1group: String
```
## Properties
`cidr_ip`
The IPv4 address range in CIDR format. You must specify a CIDR range that allows ingress traffic.
Required: No
Type: String
`cidr_ipv6`
The IPv6 address range in CIDR format, for ingress traffic. You must specify a source security group (`source_security_group` or `source_prefix_list`) or a CIDR range (`cidr_ip` or `cidr_ipv6`).
Required: No
Type: String
`description`
The description of an ingress (inbound) security group rule. You can use up to 255 characters to describe the rule.
Required: No
Type: String
`source_prefix_list`
The prefix list ID of an existing Amazon VPC managed prefix list. This is the source from which node group instances associated with the security group will be allowed to receive traffic from. For more information on managed prefix lists, see [Managed prefix lists](https://docs.aws.amazon.com/vpc/latest/userguide/managed-prefix-lists.html) in the *Amazon VPC User Guide*.
Required: No
Type: String
`from_port`
If the protocol is TCP or UDP, this is the start of the port range. If the protocol is ICMP or ICMPv6, this is the type number. A value of -1 indicates all ICMP/ICMPv6 types. If you specify all ICMP/ICMPv6 types, you must specify all ICMP/ICMPv6 codes.
Required: No
Type: Integer
`ip_protocol`
The IP protocol name (tcp, udp, icmp, icmpv6) or protocol number. Use -1 to specify all protocols. When authorizing security group rules, specifying -1 or a protocol number other than tcp, udp, icmp, or icmpv6 allows traffic on all ports, regardless of any port range you specify. For tcp, udp, and icmp, you must specify a port range. For icmpv6, the port range is optional; if you omit the port range, traffic for all types and codes is allowed.
Required: Yes
Type: String
`to_port`
If the protocol is TCP or UDP, this is the end of the port range. If the protocol is ICMP or ICMPv6, this is the code. A value of -1 indicates all ICMP/ICMPv6 codes. If you specify all ICMP/ICMPv6 types, you must specify all ICMP/ICMPv6 codes.
Required: No
Type: Integer
## Requirements
`security_group`
The ID of the security group to which this rule is to be added.
Required: Yes
Type: String
`source_security_group`
The ID or TOSCA reference of the source security group from which ingress traffic is to be allowed.
Required: No
Type: String
## Example
```
SampleSecurityGroupIngressRule:
type: tosca.nodes.AWS.Networking.SecurityGroupIngressRule
properties:
ip_protocol: "tcp"
from_port: 8000
to_port: 9000
description: "Ingress Rule for free5GC cluster on IPv6"
cidr_ipv6: "2600:1f14:3758:ca00::/64"
requirements:
security_group: SampleSecurityGroup1
source_security_group: SampleSecurityGroup2
```
# AWS.Resource.Import
AWS.Resource.Import
You can import the following AWS resources into AWS TNB:
+ VPC
+ Subnet
+ Route Table
+ Internet Gateway
+ Security Group
## Syntax
```
tosca.nodes.AWS.Resource.Import
properties:
resource\$1type: String
resource\$1id: String
```
## Properties
`resource_type`
The resource type that is imported to AWS TNB.
Required: No
Type: List
`resource_id`
The resource ID that is imported to AWS TNB.
Required: No
Type: List
## Example
```
SampleImportedVPC:
type: tosca.nodes.AWS.Resource.Import
properties:
resource_type: "tosca.nodes.AWS.Networking.VPC"
resource_id: "vpc-123456"
```
# AWS.Networking.ENI
AWS.Networking.ENI
A network interface is a logical networking component in a VPC that represents a virtual network card. A network interface is assigned an IP address either automatically or manually based on its subnet. After you deploy an Amazon EC2 instance in a subnet, you can attach a network interface to it, or detach a network interface from that Amazon EC2 instance and reattach to another Amazon EC2 instance in that subnet. The device index identifies the position in the attachment order.
## Syntax
```
tosca.nodes.AWS.Networking.ENI:
properties:
device\$1index: Integer
source\$1dest\$1check: Boolean
tags: List
requirements:
subnet: String
security\$1groups: List
```
## Properties
`device_index`
The device index must be greater than zero.
Required: Yes
Type: Integer
`source_dest_check`
Indicates whether the network interface performs source/destination checking. A value of `true` means that checking is enabled, and `false` means that checking is disabled.
Allowed value: true, false
Default: true
Required: No
Type: Boolean
`tags`
The tags to be attached to the resource.
Required: No
Type: List
## Requirements
`subnet`
An [AWS.Networking.Subnet](node-subnet.md) node.
Required: Yes
Type: String
`security_groups`
An [AWS.Networking.SecurityGroup](node-networking-security-group.md) node.
Required: No
Type: String
## Example
```
SampleENI:
type: tosca.nodes.AWS.Networking.ENI
properties:
device_index: 5
source_dest_check: true
tags:
- "Name=SampleVPC"
- "Environment=Testing"
requirements:
subnet: SampleSubnet
security_groups:
- SampleSecurityGroup01
- SampleSecurityGroup02
```
# AWS.HookExecution
AWS.HookExecution
A lifecycle hook provides you with the ability to run your own scripts as part of your infrastructure and network instantiation.
## Syntax
```
tosca.nodes.AWS.HookExecution:
capabilities:
execution:
properties:
type: String
requirements:
definition: String
vpc: String
```
## Capabilities
`execution`
Properties for the hook execution engine that runs the hook scripts.
`type`
The hook execution engine type.
Required: No
Type: String
Possible values: `CODE_BUILD`
## Requirements
`definition`
An [AWS.HookDefinition.Bash](node-hook-bash.md) node.
Required: Yes
Type: String
`vpc`
An [AWS.Networking.VPC](node-vpc.md) node.
Required: Yes
Type: String
## Example
```
SampleHookExecution:
type: tosca.nodes.AWS.HookExecution
requirements:
definition: SampleHookScript
vpc: SampleVPC
```
# AWS.Networking.InternetGateway
AWS.Networking.InternetGateway
Defines an AWS Internet Gateway Node.
## Syntax
```
tosca.nodes.AWS.Networking.InternetGateway:
capabilities:
routing:
properties:
dest\$1cidr: String
ipv6\$1dest\$1cidr: String
properties:
tags: List
egress\$1only: Boolean
requirements:
vpc: String
route\$1table: String
```
## Capabilities
`routing`
Properties that define the routing connection within the VPC. You must include either the `dest_cidr` or `ipv6_dest_cidr` property.
`dest_cidr`
The IPv4 CIDR block used for the destination match. This property is used to create a route in `RouteTable` and its value is used as the `DestinationCidrBlock`.
Required: No if you included the `ipv6_dest_cidr` property.
Type: String
`ipv6_dest_cidr`
The IPv6 CIDR block used for the destination match.
Required: No if you included the `dest_cidr` property.
Type: String
## Properties
`tags`
The tags to be attached to the resource.
Required: No
Type: List
`egress_only`
An IPv6-specific property. Indicates if the internet gateway is only for egress communication or not. When `egress_only` is true, you must define the `ipv6_dest_cidr` property.
Required: No
Type: Boolean
## Requirements
`vpc`
An [AWS.Networking.VPC](node-vpc.md) node.
Required: Yes
Type: String
`route_table`
An [AWS.Networking.RouteTable](node-route-table.md) node.
Required: Yes
Type: String
## Example
```
Free5GCIGW:
type: tosca.nodes.AWS.Networking.InternetGateway
properties:
egress_only: false
capabilities:
routing:
properties:
dest_cidr: "0.0.0.0/0"
ipv6_dest_cidr: "::/0"
requirements:
route_table: Free5GCRouteTable
vpc: Free5GCVPC
Free5GCEGW:
type: tosca.nodes.AWS.Networking.InternetGateway
properties:
egress_only: true
capabilities:
routing:
properties:
ipv6_dest_cidr: "::/0"
requirements:
route_table: Free5GCPrivateRouteTable
vpc: Free5GCVPC
```
# AWS.Networking.RouteTable
AWS.Networking.RouteTable
A route table contains a set of rules, called routes, that determine where network traffic from subnets within your VPC or gateway is directed. You must associate a route table with a VPC.
## Syntax
```
tosca.nodes.AWS.Networking.RouteTable:
properties:
tags: List
requirements:
vpc: String
```
## Properties
`tags`
Tags to be attached to the resource.
Required: No
Type: List
## Requirements
`vpc`
An [AWS.Networking.VPC](node-vpc.md) node.
Required: Yes
Type: String
## Example
```
SampleRouteTable:
type: tosca.nodes.AWS.Networking.RouteTable
properties:
tags:
- "Name=SampleVPC"
- "Environment=Testing"
requirements:
vpc: SampleVPC
```
# AWS.Networking.Subnet
AWS.Networking.Subnet
A subnet is a range of IP addresses in your VPC, and it must reside entirely within one Availability Zone. You must specify a VPC, a CIDR block, Availability Zone, and a route table for your subnet. You must also define whether your subnet is private or public.
## Syntax
```
tosca.nodes.AWS.Networking.Subnet:
properties:
type: String
availability\$1zone: String
cidr\$1block: String
ipv6\$1cidr\$1block: String
ipv6\$1cidr\$1block\$1suffix: String
outpost\$1arn: String
tags: List
requirements:
vpc: String
route\$1table: String
```
## Properties
`type`
Indicates whether instances launched in this subnet receive a public IPv4 address.
Required: Yes
Type: String
Possible values: `PUBLIC` \$1 `PRIVATE`
`availability_zone`
The Availability Zone for the subnet. This field supports AWS Availability Zones within a AWS Region, for example `us-west-2` (US West (Oregon)). It also supports AWS Local Zones within the Availability Zone, for example `us-west-2-lax-1a`.
Required: Yes
Type: String
`cidr_block`
The CIDR block for the subnet.
Required: No
Type: String
`ipv6_cidr_block`
The CIDR block used to create the IPv6 subnet. If you include this property, do not include `ipv6_cidr_block_suffix`.
Required: No
Type: String
`ipv6_cidr_block_suffix`
The 2-digit hexadecimal suffix of the IPv6 CIDR block for the subnet created over Amazon VPC. Use the following format: `2-digit hexadecimal::/subnetMask`
If you include this property, do not include `ipv6_cidr_block`.
Required: No
Type: String
`outpost_arn`
The ARN of AWS Outposts that the subnet will be created in. Add this property to the NSD template if you want to launch Amazon EKS self-managed nodes on AWS Outposts. For more information, see [Amazon EKS on AWS Outposts](https://docs.aws.amazon.com/eks/latest/userguide/eks-outposts.html) in the *Amazon EKS User Guide*.
If you add this property to the NSD template, you must set the value for the `availability_zone` property to the Availability Zone of the AWS Outposts.
Required: No
Type: String
`tags`
The tags to be attached to the resource.
Required: No
Type: List
## Requirements
`vpc`
An [AWS.Networking.VPC](node-vpc.md) node.
Required: Yes
Type: String
`route_table`
An [AWS.Networking.RouteTable](node-route-table.md) node.
Required: Yes
Type: String
## Example
```
SampleSubnet01:
type: tosca.nodes.AWS.Networking.Subnet
properties:
type: "PUBLIC"
availability_zone: "us-east-1a"
cidr_block: "10.100.50.0/24"
ipv6_cidr_block_suffix: "aa::/64"
outpost_arn: "arn:aws:outposts:region:accountId:outpost/op-11223344EXAMPLE"
tags:
- "Name=SampleVPC"
- "Environment=Testing"
requirements:
vpc: SampleVPC
route_table: SampleRouteTable
SampleSubnet02:
type: tosca.nodes.AWS.Networking.Subnet
properties:
type: "PUBLIC"
availability_zone: "us-west-2b"
cidr_block: "10.100.50.0/24"
ipv6_cidr_block: "2600:1f14:3758:ca00::/64"
requirements:
route_table: SampleRouteTable
vpc: SampleVPC
```
# AWS.Deployment.VNFDeployment
AWS.Deployment.VNFDeployment
NF deployments are modeled by providing the infrastructure and the application associated to it. The [cluster](#node_vnf_deployment_cluster) attribute specifies the EKS cluster to host your NFs. The [vnfs](#node_vnf_deployment_vnfs) attribute specifies the network functions for your deployment. You can also provide optional lifecycle hooks operations of type [pre\$1create](#node_vnf_deployment_pre_create) and [post\$1create](#node_vnf_deployment_post_create) to run instructions specific to your deployment, such as calling an Inventory Management system API.
## Syntax
```
tosca.nodes.AWS.Deployment.VNFDeployment:
requirements:
deployment: String
cluster: String
vnfs: List
interfaces:
Hook:
pre\$1create: String
post\$1create: String
```
## Requirements
`deployment`
An [AWS.Deployment.VNFDeployment](node-vnf.md) node.
Required: No
Type: String
`cluster`
An [AWS.Compute.EKS](node-eks.md) node.
Required: Yes
Type: String
`vnfs`
An [AWS.VNF](node-vnf.md) node.
Required: Yes
Type: String
## Interfaces
### Hooks
Defines the stage when lifecycle hooks are run.
`pre_create`
An [AWS.HookExecution](node-hook-execution.md) node. This hook is run before the `VNFDeployment` node deploys.
Required: No
Type: String
`post_create`
An [AWS.HookExecution](node-hook-execution.md) node. This hook is run after the `VNFDeployment` node deploys.
Required: No
Type: String
## Example
```
SampleHelmDeploy:
type: tosca.nodes.AWS.Deployment.VNFDeployment
requirements:
deployment: SampleHelmDeploy2
cluster: SampleEKS
vnfs:
- vnf.SampleVNF
interfaces:
Hook:
pre_create: SampleHook
```
# AWS.Networking.VPC
AWS.Networking.VPC
You must specify a CIDR block for your virtual private cloud (VPC).
## Syntax
```
tosca.nodes.AWS.Networking.VPC:
properties:
cidr\$1block: String
ipv6\$1cidr\$1block: String
dns\$1support: String
tags: List
```
## Properties
`cidr_block`
The IPv4 network range for the VPC, in CIDR notation.
Required: Yes
Type: String
`ipv6_cidr_block`
The IPv6 CIDR block used to create the VPC.
Allowed value: `AMAZON_PROVIDED`
Required: No
Type: String
`dns_support`
Indicates whether the instances launched in the VPC get DNS hostnames.
Required: No
Type: Boolean
Default: `false`
`tags`
Tags to be attached to the resource.
Required: No
Type: List
## Example
```
SampleVPC:
type: tosca.nodes.AWS.Networking.VPC
properties:
cidr_block: "10.100.0.0/16"
ipv6_cidr_block: "AMAZON_PROVIDED"
dns_support: true
tags:
- "Name=SampleVPC"
- "Environment=Testing"
```
# AWS.Networking.NATGateway
AWS.Networking.NATGateway
You can define a public or private NAT Gateway node over a subnet. For a public gateway, if you do not provide an Elastic IP allocation id, AWS TNB will allocate an Elastic IP for your account and associate that to the gateway.
## Syntax
```
tosca.nodes.AWS.Networking.NATGateway:
requirements:
subnet: String
internet\$1gateway: String
properties:
type: String
eip\$1allocation\$1id: String
tags: List
```
## Properties
`subnet`
The [AWS.Networking.Subnet](https://docs.aws.amazon.com/tnb/latest/ug/node-subnet.html) node reference.
Required: Yes
Type: String
`internet_gateway`
The [AWS.Networking.InternetGateway](https://docs.aws.amazon.com/tnb/latest/ug/node-internet-gateway.html) node reference.
Required: Yes
Type: String
## Properties
`type`
Indicates if the gateway is public or private.
Allowed value: `PUBLIC`, `PRIVATE`
Required: Yes
Type: String
`eip_allocation_id`
The ID that represents the allocation of the Elastic IP address.
Required: No
Type: String
`tags`
Tags to be attached to the resource.
Required: No
Type: List
## Example
```
Free5GCNatGateway01:
type: tosca.nodes.AWS.Networking.NATGateway
requirements:
subnet: Free5GCSubnet01
internet_gateway: Free5GCIGW
properties:
type: PUBLIC
eip_allocation_id: eipalloc-12345
```
# AWS.Networking.Route
AWS.Networking.Route
You can define a route node that associates the destination route to the NAT Gateway as the target resource, and adds the route to the associated route table.
## Syntax
```
tosca.nodes.AWS.Networking.Route:
properties:
dest\$1cidr\$1blocks: List
requirements:
nat\$1gateway: String
route\$1table: String
```
## Properties
`dest_cidr_blocks`
The list of destination IPv4 routes to the target resource.
Required: Yes
Type: List
Member type: String
## Requirements
`nat_gateway`
The [AWS.Networking.NATGateway](https://docs.aws.amazon.com/tnb/latest/ug/node-nat-gateway.html) node reference.
Required: Yes
Type: String
`route_table`
The [AWS.Networking.RouteTable](https://docs.aws.amazon.com/tnb/latest/ug/node-route-table.html) node reference.
Required: Yes
Type: String
## Example
```
Free5GCRoute:
type: tosca.nodes.AWS.Networking.Route
properties:
dest_cidr_blocks:
- 0.0.0.0/0
- 10.0.0.0/28
requirements:
nat_gateway: Free5GCNatGateway01
route_table: Free5GCRouteTable
```
# AWS.Store.SSMParameters
AWS.Store.SSMParameters
You can create SSM parameters through AWS TNB. The SSM parameters that you create are created in SSM and prefixed by the AWS TNB network instance ID. This prevents parameter values from an override when multiple instances are instantiated and upgraded using the same NSD template.
## Syntax
```
tosca.nodes.AWS.Store.SSMParameters
properties:
parameters:
name: String
value: String
tags: List
```
## Properties
Parameters
`name`
The name of the ssm property. Use the following format: `^[a-zA-Z0-9]+[a-zA-Z0-9\-\_]*[a-zA-Z0-9]+$`
Each parameter's name must be less than 256 characters.
Required: Yes
Type: String
`value`
The value of the ssm property. Use one of the following formats:
+ For values without references: `^[a-zA-Z0-9]+[a-zA-Z0-9\-\_]*[a-zA-Z0-9]+$`
+ For static references: `^\$\{[a-zA-Z0-9]+\.(properties|capabilities|requirements)(\.([a-zA-Z0-9\-_]+))+\}$`
+ For dynamic references: `^\$\{[a-zA-Z0-9]+\.(name|id|arn)\}$`
Each parameter’s value must be less than 4 KB.
Required: Yes
Type: String
`tags`
The tags that you can attach to an SSM property.
Required: No
Type: List
## Example
```
SampleSSM
type: tosca.nodes.AWS.Store.SSMParameters
properties:
parameters:
- name: "Name1"
value: "Value1"
- name: "EKS_VERSION"
value: "${SampleEKS.properties.version}"
- name: "VPC_ID"
value: "${SampleVPC.id}
- name: "REGION"
value: "${AWS::Region}
tags:
- "tagKey=tagValue"
```
# Common nodes
Common nodes
Define nodes for the NSD and VNFD.
+ [AWS.HookDefinition.Bash](node-hook-bash.md)
# AWS.HookDefinition.Bash
AWS.HookDefinition.Bash
Defines an AWS HookDefinition in `bash`.
## Syntax
```
tosca.nodes.AWS.HookDefinition.Bash:
properties:
implementation: String
environment\$1variables: List
execution\$1role: String
```
## Properties
`implementation`
The relative path to the hook definition. The format must be: `./hooks/script_name.sh`
Required: Yes
Type: String
`environment_variables`
The environment variables for the hook bash script. Use the following format: `envName=envValue` with the following regex patterns:
+ For values without references: `^[a-zA-Z0-9]+[a-zA-Z0-9\-\_]*[a-zA-Z0-9]+=[a-zA-Z0-9]+[a-zA-Z0-9\-\_]*[a-zA-Z0-9]+$`
+ For static references: `^[a-zA-Z0-9]+[a-zA-Z0-9\-\_]*[a-zA-Z0-9]+=\$\{[a-zA-Z0-9]+\.(properties|capabilities|requirements)(\.([a-zA-Z0-9\-_]+))+\}$`
+ For dynamic references: `^[a-zA-Z0-9]+[a-zA-Z0-9\-\_]*[a-zA-Z0-9]+=\$\{[a-zA-Z0-9]+\.(name|id|arn)\}$`
Ensure that the `envName=envValue` value meets the following criteria:
+ Do not use spaces.
+ Start **envName** with a letter (A-Z or a-z) or number (0-9).
+ Do not start the environment variable name with the following AWS TNB reserved keywords (case insensitive):
+ CODEBUILD
+ TNB
+ HOME
+ AWS
+ You can use any number of letters (A-Z or a-z), numbers (0-9), and special characters `-` and `_` for **envName** and **envValue**.
+ Each environment variable (each **envName**=**envValue**) must be less than 128 characters.
Example: `A123-45xYz=Example_789`
Required: No
Type: List
`execution_role`
The role for hook execution.
Required: Yes
Type: String
## Example
```
SampleHookScript:
type: tosca.nodes.AWS.HookDefinition.Bash
properties:
implementation: "./hooks/myhook.sh"
environment_variables:
- "variable01=value01"
- "variable02=value02"
execution_role: "arn:aws:iam::${AWS::TNB::AccountId}:role/SampleHookPermission"
```