vFW and vDNS support added to azure-plugin

[multicloud/azure.git] / azure / aria / aria-extension-cloudify / plugins / aws / plugin.yaml

#
# Copyright (c) 2017 GigaSpaces Technologies Ltd. All rights reserved.
#
# Licensed under the Apache License, Version 2.0 (the "License"); you may
# not use this file except in compliance with the License. You may obtain
# a copy of the License at
#
#      http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
# License for the specific language governing permissions and limitations
# under the License.
#

tosca_definitions_version: tosca_simple_yaml_1_0

topology_template:
  policies:
    cloudify-aws-plugin:
      description: >-
        aws plugin executes operations.
      type: aria.Plugin
      properties:
        version: 1.4.10


data_types:
  aria.aws.datatypes.Config:
    properties:
    # Partially based on: http://docs.aws.amazon.com/cli/latest/userguide/cli-chap-getting-started.html
      aws_access_key_id:
        description: >
          The ID of your AWS ACCESS KEY.
        type: string
        required: false
      aws_secret_access_key:
        description: >
          The ID of your AWS SECRET KEY.
        type: string
        required: false
      region:
        description: >
          This is for backward compatibility with version 1.2.
        type: string
        required: false
      ec2_region_name:
        description: >
          The EC2 Region RegionName, such as us-east-1.
          (Not us-east-1b, which is an availability zone, or US East, which is a Region.)
        type: string
        required: false
      ec2_region_endpoint:
        description: >
          The endpoint for the given region.
        type: string
        required: false
      elb_region_name:
        description: >
          The ELB Region RegionName, such as us-east-1.
          (Not us-east-1b, which is an availability zone, or US East, which is a Region.)
          Required for aws_config for node type aria.aws.nodes.ElasticLoadBalancer.
        type: string
        required: false
      elb_region_endpoint:
        description: >
          The endpoint for the given ELB region.
        type: string
        required: false

  aria.aws.datatypes.Route:
    properties:
    # Based on: http://docs.aws.amazon.com/cli/latest/reference/ec2/create-route.html
      route_table_id:
        description: >
          In most cases, leave this blank, because the route table is implicit from the node or
          relationship that is creating the route.
        type: string
        required: false
      destination_cidr_block:
        description: >
          This is the cidr_block that you want to route traffic for to the device.
        type: string
      gateway_id:
        description: >
          The id of the gateway (either internet gateway, customer gateway, or vpn gateway).
        type: string
        required: false
      instance_id:
        description: >
          The id of the instance (if you are routing to a NAT instance).
        type: string
        required: false
      interface_id:
        description: >
          The id of an attached network interface.
        type: string
        required: false
      vpc_peering_connection_id:
        description: >
          The id of a VPC peering connection.
        type: string
        required: false

  aria.aws.datatypes.NetworkAclEntry:
    # Based on: http://docs.aws.amazon.com/cli/latest/reference/ec2/create-network-acl-entry.html
    properties:
      rule_number:
        description: >
          Some number to identify this rule. Cannot duplicate an existing rule number.
        type: integer
      protocol:
        description: >
          The Assigned Internet Protocol Number for the protocol (e.g. 1 is ICMP, 6 is TCP, and 17 is UDP).
        type: integer
      rule_action:
        description: Either ALLOW or DENY.
        type: string
        constraints:
          - valid_values: [ ALLOW, DENY ]
      cidr_block:
        description: >
          The cidr_block.
        type: string
      egress:
        description: >
          Whether the rule applies to egress traffic from the subnet.
        type: boolean
        default: false
        required: false
      icmp_type:
        description: >
          If in protocol you chose 1 for ICMP, the ICMP type, -1 for all ICMP types.
        type: integer
        required: false
      icmp_code:
        description: >
          If in protocol you chose 1 for ICMP, the ICMP code, -1 for all ICMP codes.
        type: integer
        required: false
      port_range_from:
        description: >
          The first port in the range.
        type: integer
        constraints:
          - in_range: [ 1, 65535 ]
      port_range_to:
        description: >
          The last port in the range.
        type: integer
        constraints:
          - in_range: [ 1, 65535 ]

  aria.aws.datatypes.SecurityGroupRule:
    # Based on: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-ec2-security-group-rule.html
    properties:
      egress:
        description: >
          Whether the rule applies to egress traffic.
        type: boolean
        default: false
        required: false
      ip_protocol:
        description: >
          The Assigned Internet Protocol Number for the protocol.
        type: string
        required: false
      from_port:
        description: >
          The first port in the range.
        type: integer
        required: false
        constraints:
          - in_range: [ 1, 65535 ]
      to_port:
        description: >
          The last port in the range.
        type: integer
        required: false
        constraints:
          - in_range: [ 1, 65535 ]
      cidr_ip:
        description: >
          The cidr_block.
        type: string
        required: false
      src_group_id:
        description: >
          The security group ID.
        type: string
        required: false

  aria.aws.datatypes.BlockDeviceMapping:
    derived_from: tosca.datatypes.Root
    properties:
    # Based on: http://docs.aws.amazon.com/cli/latest/reference/ec2/run-instances.html#options
      virtual_name:
        type: string
        required: false
      device_name:
        type: string
        required: false
      ebs:
        type: aria.aws.datatypes.Ebs
        required: false
      no_device:
        type: string
        required: false

  aria.aws.datatypes.Ebs:
    derived_from: tosca.datatypes.Root
    properties:
    # Based on: http://docs.aws.amazon.com/cli/latest/reference/ec2/run-instances.html#options
      snapshot_id:
        type: string
        required: false
      volume_size:
        type: integer
        required: false
      delete_on_termination:
        type: boolean
        required: false
      volume_type:
        type: string
        required: false
        constraints:
          - valid_values: [ standard, io1, gp2, sc1, st1]
        required: false
      iops:
        type: integer
        required: false
      encrypted:
        type: boolean
        required: false

  aria.aws.datatypes.NetworkInterfacePrivateIPAddress:
  # Based on: http://docs.aws.amazon.com/cli/latest/reference/ec2/create-network-interface.html
  # Specifically, look under --private-ip-addresses, and notice the differences from
  # --private-ip-address.
    derived_from: tosca.datatypes.Root
    properties:
      private_ip_address:
        type: string
        required: false
      primary:
        type: boolean
        required: false

  aria.aws.datatypes.NetworkInterface:
    # Based on: http://docs.aws.amazon.com/cli/latest/reference/ec2/create-network-interface.html
    derived_from: tosca.datatypes.Root
    properties:
      description:
        type: string
        required: false
      dry_run:
        type: boolean
        required: false
      groups:
        type: list
        entry_schema:
          type: string
        required: false
      ipv6_address_count:
        type: integer
        required: false
      ipv6_addresses:
        type: map
        entry_schema:
          type: string
        required: false
      private_ip_address:
        type: string
        required: false
      private_ip_addresses:
        type: map
        entry_schema:
          type: aria.aws.datatypes.NetworkInterfacePrivateIPAddress
        required: false
      secondary_private_ip_address_count:
        type: integer
        required: false
      subnet_id:
        type: string
        required: false
      cli_input_json:
        type: string
        required: false
      generate_cli_skeleton:
        type: string
        required: false

  aria.aws.datatypes.RunInstancesParameters:
    derived_from: tosca.datatypes.Root
    properties:
      # These properties were derived from the parameters of boto.e2c.connection.run_instances:
      # https://github.com/boto/boto/blob/master/boto/ec2/connection.py#L738
      # In the corresponding aws documentation,
      # http://docs.aws.amazon.com/cli/latest/reference/ec2/run-instances.html,
      # The properties 'placement', 'placement_group' and 'tenancy' of the boto api are part of a
      # structure called 'placement', in addition to 'affinity' and 'host_id' which do not exist
      # in the boto api.
      image_id:
        type: string
        required: false
      min_count:
        type: integer
        required: false
      max_count:
        type: integer
        required: false
      key_name:
        type: string
        required: false
      security_groups:
        type: list
        entry_schema:
          type: string
        required: false
      user_data:
        type: string
        required: false
      addressing_type:
        type: string
        required: false
      instance_type:
        type: string
        required: false
      placement:
        type: string
        required: false
      kernel_id:
        type: string
        required: false
      ramdisk_id:
        type: string
        required: false
      monitoring_enabled:
        type: boolean
        required: false
      subnet_id:
        type: string
        required: false
      block_device_map:
        type: list
        entry_schema:
          type: aria.aws.datatypes.BlockDeviceMapping
        required: false
      disable_api_termination:
        type: boolean
        required: false
      instance_initiated_shutdown_behavior:
        type: string
        constraints:
          - valid_values: [ stop, terminate ]
        required: false
      private_id_address:
        type: string
        required: false
      placement_group:
        type: string
        required: false
      client_token:
        type: string
        required: false
      security_group_ids:
        type: list
        entry_schema:
          type: string
        required: false
      additional_info:
        type: string
        required: false
      instance_profile_name:
        type: string
        required: false
      instance_profile_arn:
        type: string
        required: false
      tenancy:
        type: string
        required: false
        constraints:
          - valid_values: [ default, dedicated]
      ebs_optimized:
        type: boolean
        required: false
      network_interfaces:
        type: list
        entry_schema:
          type: aria.aws.datatypes.NetworkInterface
        required: false
      dry_run:
        type: boolean
        required: false

  aria.aws.datatypes.LoadBalancerListener:
  # According to the description of the 'listeners' property of aria.aws.node.LoadBalancer
    derived_from: tosca.datatypes.Root
    properties:
      LoadBalancerPortNumber:
        type: integer
        constraints:
          - in_range: [ 1, 65535 ]
      InstancePortNumber:
        type: integer
        constraints:
          - in_range: [ 1, 65535 ]
      protocol:
        type: string
        constraints:
          - valid_values: [ tcp, ssl, http, https ]
      SSLCertificateID:
        type: string
        required: false

  aria.aws.datatypes.LoadBalancerComplexListener:
    # According to the description of the 'complex_listeners' property of aria.aws.node.LoadBalancer
    derived_from: aria.aws.datatypes.LoadBalancerListener
    properties:
      InstanceProtocol:
        type: integer
        constraints:
          - in_range: [ 1, 65535 ]

  aria.aws.datatypes.LoadBalancerHealthCheck:
    # Based on: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-ec2-elb-health-check.html
    derived_from: tosca.datatypes.Root
    properties:
      healthy_threshold:
        type: string
        required: false
      interval:
        type: string
        required: false
      target:
        type: string
        required: false
      timeout:
        type: string
        required: false
      unhealthy_threshold:
        type: string
        required: false

  aria.aws.datatypes.NetworkInterfaceCreateParameters:
    # These properties were derived from the parameters of boto.e2c.connection.create_network_interface
    # https://github.com/boto/boto/blob/master/boto/ec2/connection.py#L4286, that are based on:
    # http://docs.aws.amazon.com/cli/latest/reference/ec2/create-network-interface.html
    derived_from: tosca.datatypes.Root
    properties:
      subnet_id:
        type: string
        required: false
      private_ip_address:
        type: string
        required: false
      description:
        type: string
        required: false
      groups:
        type: list
        entry_schema:
          type: string
        required: false
      dry_run:
        type: boolean
        required: false

  aria.aws.datatypes.VolumeCreateParameters:
    # Based on http://docs.aws.amazon.com/cli/latest/reference/ec2/create-volume.html#synopsis
    derived_from: tosca.datatypes.Root
    properties:
      size:
        type: integer
        required: false
      zone:
        type: string
        required: false
      snapshot:
        type: string
        required: false
      volume_type:
        type: string
        required: false
      iops:
        type: integer
        required: false
      encrypted:
        type: boolean
        required: false
      kms_key_id:
        type: string
        required: false
      dry_run:
        type: boolean
        required: false

  aria.aws.datatypes.VolumeDeleteParameters:
    # Based on: http://docs.aws.amazon.com/cli/latest/reference/ec2/delete-volume.html
    derived_from: tosca.datatypes.Root
    properties:
      volume_id:
        type: string
        required: false
      dry_run:
        type: boolean
        required: false

interface_types:
  aria.aws.interfaces.Validation:
    derived_from: tosca.interfaces.Root
    creation:
      description: >
        creation operation for the aws validation interface
  aria.aws.interfaces.Snapshot:
    derived_from: tosca.interfaces.Root
    create:
      description: >
        creation operation for the aws snapshot interface


node_types:
  aria.aws.nodes.Instance:
    derived_from: tosca.nodes.Compute
    properties:
      use_external_resource:
        description: >
          Indicate whether the resource exists or it should be created,
          true if you are bringing an existing resource, false if you want to create it.
        type: boolean
        default: false
      resource_id:
        description: >
          The AWS resource ID of the external resource, if use_external_resource is true.
          Otherwise it is an empty string.
        type: string
        default: ''
      tags:
        description: >
          A dictionary of key/value pairs of tags you want to add.
        type: map
        default: {}
        entry_schema:
          type: string  # http://docs.aws.amazon.com/AWSEC2/latest/UserGuide/Using_Tags.html
      name:
        description: >
          Optional field if you want to add a specific name to the instance.
        type: string
        default: ''
        required: false
      image_id:
        description: >
          The ID of the AMI image in your Amazon account.
        type: string
      instance_type:
        description: >
          The instance's size.
        type: string
      use_password:
        type: boolean
        default: false
      parameters:
        description: >
          The key value pair parameters allowed by Amazon API to the
          ec2.connection.EC2Connection.run_instances command. It should be mentioned that
          although this field is listed as optional, A non-trivial use case requires
          that both the key_name parameter and the security_groups parameter be specified.
        type: aria.aws.datatypes.RunInstancesParameters
        default: {}
        required: false
      aws_config:
        description: >
          A dictionary of values to pass to authenticate with the AWS API.
        type: aria.aws.datatypes.Config
        required: false
    attributes:
      public_ip_address:
        type: string
    interfaces:
      Standard:
        create:
          implementation: cloudify-aws-plugin > cloudify_aws.ec2.instance.create
        start:
          implementation: cloudify-aws-plugin > cloudify_aws.ec2.instance.start
          inputs:
            start_retry_interval:
              description: Polling interval until the server is active in seconds
              type: integer
              default: 30
            private_key_path:
              description: >
                Path to private key which matches the server's
                public key. Will be used to decrypt password in case
                the "use_password" property is set to "true"
              type: string
              default: ''
        stop:
          implementation: cloudify-aws-plugin > cloudify_aws.ec2.instance.stop
        delete:
          implementation: cloudify-aws-plugin > cloudify_aws.ec2.instance.delete
      Validation:
        type: aria.aws.interfaces.Validation
        creation:
          implementation: cloudify-aws-plugin > cloudify_aws.ec2.instance.creation_validation
    requirements:
      - elastic_ip:
          capability: tosca.capabilities.Node
          node: aria.aws.nodes.ElasticIP
          relationship: aria.aws.relationships.InstanceConnectedToElasticIP
          occurrences: [ 0, UNBOUNDED ]
      - keypair:
          capability: tosca.capabilities.Node
          node: aria.aws.nodes.KeyPair
          relationship: aria.aws.relationships.InstanceConnectedToKeypair
          occurrences: [ 0, UNBOUNDED ]
      - security_group:
          capability: tosca.capabilities.Node
          node: aria.aws.nodes.SecurityGroup
          relationship: aria.aws.relationships.instance_connected_to_security_group
          occurrences: [ 0, UNBOUNDED ]
      - load_balancer:
          capability: tosca.capabilities.Node
          node: aria.aws.nodes.ElasticLoadBalancer
          relationship: aria.aws.relationships.InstanceConnectedToLoadBalancer
          occurrences: [ 0, UNBOUNDED ]
      - subnet_to_be_contained_in:
          capability: tosca.capabilities.Node
          node: aria.aws.nodes.Subnet
          relationship: aria.aws.relationships.InstanceContainedInSubnet
          occurrences: [ 0, UNBOUNDED ]
      - subnet_to_connect_to:
          capability: tosca.capabilities.Node
          node: aria.aws.nodes.Subnet
          relationship: aria.aws.relationships.InstanceConnectedToSubnet
          occurrences: [ 0, UNBOUNDED ]
      - eni:
          capability: tosca.capabilities.Root
          node: aria.aws.nodes.Interface
          relationship: aria.aws.relationships.InstanceConnectedToENI
          occurrences: [ 0, UNBOUNDED ]

  aria.aws.nodes.WindowsInstance:
    derived_from: aria.aws.nodes.Instance
    properties:
      use_password:
        type: boolean
        default: true
      os_family:
        type: string
        default: windows

  aria.aws.nodes.ElasticIP:
    derived_from: tosca.nodes.Root
    properties:
      use_external_resource:
        description: >
          Indicate whether the resource exists or it should be created,
          true if you are bringing an existing resource, false if you want to create it.
        type: boolean
        default: false
      resource_id:
        description: >
          The AWS resource ID of the external resource, if use_external_resource is true.
          Otherwise it is an empty string.
        type: string
        default: ''
      tags:
        description: >
          A dictionary of key/value pairs of tags you want to add.
        type: map
        default: {}
        entry_schema:
          type: string  # http://docs.aws.amazon.com/AWSEC2/latest/UserGuide/Using_Tags.html
      domain:
        description: >
          Set this to 'vpc' if you want to use VPC.
        type: string
        required: false
      aws_config:
        description: >
          A dictionary of values to pass to authenticate with the AWS API.
        type: aria.aws.datatypes.Config
        required: false
    interfaces:
      Standard:
        create:
          implementation: cloudify-aws-plugin > cloudify_aws.ec2.elasticip.create
        delete:
          implementation: cloudify-aws-plugin > cloudify_aws.ec2.elasticip.delete
      Validation:
        type: aria.aws.interfaces.Validation
        creation:
          implementation: cloudify-aws-plugin > cloudify_aws.ec2.elasticip.creation_validation

  aria.aws.nodes.SecurityGroup:
    derived_from: tosca.nodes.Root
    properties:
      use_external_resource:
        description: >
          Indicate whether the resource exists or it should be created,
          true if you are bringing an existing resource, false if you want to create it.
        type: boolean
        default: false
      resource_id:
        description: >
          The AWS resource ID of the external resource, if use_external_resource is true.
          Otherwise it is an empty string.
        type: string
        default: ''
      tags:
        description: >
          A dictionary of key/value pairs of tags you want to add.
        type: map
        default: {}
        entry_schema:
          type: string  # http://docs.aws.amazon.com/AWSEC2/latest/UserGuide/Using_Tags.html
      description:
        description: >
          The description field that is required for every security group that you create
          in Amazon.
        type: string
      rules:
        description: >
          You need to pass in either src_group_id (security group ID) OR cidr_ip,
          and then the following three: ip_protocol, from_port and to_port.
        type: list
        entry_schema:
          type: aria.aws.datatypes.SecurityGroupRule
        default: []
      aws_config:
        description: >
          A dictionary of values to pass to authenticate with the AWS API.
        type: aria.aws.datatypes.Config
        required: false
    interfaces:
      Standard:
        create:
          implementation: cloudify-aws-plugin > cloudify_aws.ec2.securitygroup.create
        start:
          implementation: cloudify-aws-plugin > cloudify_aws.ec2.securitygroup.start
        delete:
          implementation: cloudify-aws-plugin > cloudify_aws.ec2.securitygroup.delete
      Validation:
        type: aria.aws.interfaces.Validation
        creation:
          implementation: cloudify-aws-plugin > cloudify_aws.ec2.securitygroup.creation_validation
    requirements:
      - vpc:
          capability: tosca.capabilities.Node
          node: aria.aws.nodes.VPC
          relationship: aria.aws.relationships.SecurityGroupContainedInVPC
          occurrences: [ 0, UNBOUNDED ]
      - security_group_rule:
          capability: tosca.capabilities.Node
          node: aria.aws.nodes.SecurityGroupRule
          relationship: aria.aws.relationships.SecurityGroupUsesRule
          occurrences: [ 0, UNBOUNDED ]

  aria.aws.nodes.Volume:
    derived_from: tosca.nodes.Root
    properties:
      use_external_resource:
        description: >
          Indicate whether the resource exists or it should be created,
          true if you are bringing an existing resource, false if you want to create it.
        type: boolean
        default: false
      resource_id:
        description: >
          The AWS resource ID of the external resource, if use_external_resource is true.
          Otherwise it is an empty string.
        type: string
        default: ''
      tags:
        description: >
          A dictionary of key/value pairs of tags you want to add.
        type: map
        default: {}
        entry_schema:
          type: string  # http://docs.aws.amazon.com/AWSEC2/latest/UserGuide/Using_Tags.html
      size:
        description: >
          The size of the volume in GB.
        type: string
      zone:
        description: >
          A string representing the AWS availability zone.
        type: string
      device:
        description: >
          The device on the instance
        type: string
      aws_config:
        description: >
          A dictionary of values to pass to authenticate with the AWS API.
        type: aria.aws.datatypes.Config
        required: false
    interfaces:
      Standard:
        create:
          implementation: cloudify-aws-plugin > cloudify_aws.ec2.ebs.create
          inputs:
            args:
              type: map
              entry_schema:
                type: aria.aws.datatypes.VolumeCreateParameters
              default: {}
        start:
          implementation: cloudify-aws-plugin > cloudify_aws.ec2.ebs.start
        delete:
          implementation: cloudify-aws-plugin > cloudify_aws.ec2.ebs.delete
          inputs:
            args:
              type: map
              entry_schema:
                type: aria.aws.datatypes.VolumeDeleteParameters
              default: {}
      Validation:
        type: aria.aws.interfaces.Validation
        creation:
          implementation: cloudify-aws-plugin > cloudify_aws.ec2.ebs.creation_validation
      Snapshot:
        type: aria.aws.interfaces.Snapshot
        create:
          implementation: cloudify-aws-plugin > cloudify_aws.ec2.ebs.create_snapshot
          inputs:
            args:
              type: map
              entry_schema:
                type: string
              default: {}
    requirements:
      - instance:
          capability: tosca.capabilities.Node
          node: aria.aws.nodes.Instance
          relationship: aria.aws.relationships.VolumeConnectedToInstance
          occurrences: [ 0, UNBOUNDED ]

  aria.aws.nodes.KeyPair:
    derived_from: tosca.nodes.Root
    properties:
      use_external_resource:
        description: >
          Indicate whether the resource exists or if the resource should be created.
        type: boolean
        default: false
      resource_id:
        description: >
          The AWS resource ID of the external resource, if use_external_resource is true.
          If use_external_resource is false, this will be the keys name and ID in AWS.
          If left blank, the plugin will set a name for you.
          Otherwise it is an empty string.
        type: string
        default: ''
      tags:
        description: >
          A dictionary of key/value pairs of tags you want to add.
        type: map
        default: {}
        entry_schema:
          type: string  # http://docs.aws.amazon.com/AWSEC2/latest/UserGuide/Using_Tags.html
      private_key_path:
        description: >
          The path where the key should be saved on the machine. If this is a bootstrap
          process, this refers to the local computer. If this will run on the manager,
          this will be saved on the manager.
        type: string
      aws_config:
        description: >
          A dictionary of values to pass to authenticate with the AWS API.
        type: aria.aws.datatypes.Config
        required: false
    attributes:
      aws_resource_id:
        type: string
    interfaces:
      Standard:
        create:
          implementation: cloudify-aws-plugin > cloudify_aws.ec2.keypair.create
        delete:
          implementation: cloudify-aws-plugin > cloudify_aws.ec2.keypair.delete
      Validation:
        type: aria.aws.interfaces.Validation
        creation:
          implementation: cloudify-aws-plugin > cloudify_aws.ec2.keypair.creation_validation

  aria.aws.nodes.ElasticLoadBalancer:
    derived_from: tosca.nodes.LoadBalancer
    properties:
      use_external_resource:
        description: >
          Indicate whether the resource exists or it should be created,
          true if you are bringing an existing resource, false if you want to create it.
        type: boolean
        default: false
      resource_id:
        description: >
          The AWS resource ID of the external resource, if use_external_resource is true.
          Otherwise it is an empty string.
        type: string
        default: ''
      tags:
        description: >
          A dictionary of key/value pairs of tags you want to add.
        type: map
        default: {}
        entry_schema:
          type: string  # http://docs.aws.amazon.com/AWSEC2/latest/UserGuide/Using_Tags.html
      elb_name:
        description: >
          The mnemonic name associated with the new load balancer
        type: string
      zones:
        description: >
          zones (List of strings) - The names of the availability zone(s) to add.
          example: ['us-east-1b','us-east-1b']
        type: string
      security_groups:
        description: >
          security_groups (list of strings) - The security groups assigned to your LoadBalancer
          within your VPC.
          example: ['sg-123456','sg-7891011']
          FYI: security groups only supported with vpc
        type: list
        entry_schema:
          type: string
        default: []
        required: false
      listeners:
        description: >
          listeners (List of tuples) - Each tuple contains three or four values, (LoadBalancerPortNumber,
          InstancePortNumber, Protocol, [SSLCertificateId]) where LoadBalancerPortNumber and
          InstancePortNumber are integer values between 1 and 65535, Protocol is a string containing
          either 'TCP', 'SSL', 'HTTP', or 'HTTPS'; SSLCertificateID is the ARN of a AWS IAM certificate,
          and must be specified when doing HTTPS.
          example: [[80, 8080, 'http'], [443, 8443, 'tcp']]
        type: list
        entry_schema:
          type: aria.aws.datatypes.LoadBalancerListener
      health_checks:
        description: >
          list of healthchecks (dicts) to use as criteria for instance health
          example: [{'target': 'HTTP:8080/health'}, {'target': 'HTTP:80/alive'}]
        type: list
        entry_schema:
          type: aria.aws.datatypes.LoadBalancerHealthCheck
        default: []
        required: false
      scheme:
        description: >
          The type of a LoadBalancer. By default, Elastic Load Balancing creates an internet-facing
          LoadBalancer with a publicly resolvable DNS name, which resolves to public IP addresses.
          Specify the value internal for this option to create an internal LoadBalancer with a DNS
          name that resolves to private IP addresses.
          This option is only available for LoadBalancers attached to an Amazon VPC.
        type: string
        default: ''
        required: false
      subnets:
        description: >
          list of strings - A list of subnet IDs in your VPC to attach to your LoadBalancer.
          example:
        type: list
        entry_schema:
          type: string
        default: []
        required: false
      complex_listeners:
        description: >
          List of tuples - Each tuple contains four or five values, (LoadBalancerPortNumber,
          InstancePortNumber, Protocol, InstanceProtocol, SSLCertificateId).
          Where:
          LoadBalancerPortNumber and InstancePortNumber are integer values between 1 and 65535
          Protocol and InstanceProtocol is a string containing either 'TCP', 'SSL', 'HTTP', or 'HTTPS'
          SSLCertificateId is the ARN of an SSL certificate loaded into AWS IAM
        type: list
        entry_schema:
          type: aria.aws.datatypes.LoadBalancerComplexListener
        default: []
        required: false
      aws_config:
        description: >
          A dictionary of values to pass to authenticate with the AWS API.
        type: aria.aws.datatypes.Config
        required: false
    interfaces:
      Standard:
        create:
          implementation: cloudify-aws-plugin > cloudify_aws.ec2.elasticloadbalancer.create
        start:
          implementation: cloudify-aws-plugin > cloudify_aws.ec2.elasticloadbalancer.start
        delete:
          implementation: cloudify-aws-plugin > cloudify_aws.ec2.elasticloadbalancer.delete
      Validation:
        type: aria.aws.interfaces.Validation
        creation:
          implementation: cloudify-aws-plugin > cloudify_aws.ec2.elasticloadbalancer.creation_validation

  aria.aws.nodes.VPC:
    derived_from: tosca.nodes.network.Network
    properties:
      use_external_resource:
        description: >
          Indicate whether the resource exists or it should be created,
          true if you are bringing an existing resource, false if you want to create it.
        type: boolean
        default: false
      resource_id:
        description: >
          The AWS resource ID of the external resource, if use_external_resource is true.
          Otherwise it is an empty string.
        type: string
        default: ''
      tags:
        description: >
          A dictionary of key/value pairs of tags you want to add.
        type: map
        default: {}
        entry_schema:
          type: string  # http://docs.aws.amazon.com/AWSEC2/latest/UserGuide/Using_Tags.html
      cidr_block:
        description: >
          The CIDR Block that you will split this VPCs subnets across.
        type: string
      instance_tenancy:
        description: >
          Default or dedicated.
        type: string
        default: default
        required: false
      aws_config:
        description: >
          A dictionary of values to pass to authenticate with the AWS API.
        type: aria.aws.datatypes.Config
        required: false
    interfaces:
      Standard:
        create:
          implementation: cloudify-aws-plugin > cloudify_aws.vpc.vpc.create_vpc
        start:
          implementation: cloudify-aws-plugin > cloudify_aws.vpc.vpc.start
        delete:
          implementation: cloudify-aws-plugin > cloudify_aws.vpc.vpc.delete
      Validation:
        type: aria.aws.interfaces.Validation
        creation:
          implementation: cloudify-aws-plugin > cloudify_aws.vpc.vpc.creation_validation
    requirements:
      - vpc:
          capability: tosca.capabilities.Node
          node: aria.aws.nodes.VPC
          relationship: aria.aws.relationships.RouteTableOfSourceVPCConnectedToTargetPeerVPC
          occurrences: [ 0, UNBOUNDED ]

  aria.aws.nodes.Subnet:
    derived_from: tosca.nodes.Root
    properties:
      use_external_resource:
        description: >
          Indicate whether the resource exists or it should be created,
          true if you are bringing an existing resource, false if you want to create it.
        type: boolean
        default: false
      resource_id:
        description: >
          The AWS resource ID of the external resource, if use_external_resource is true.
          Otherwise it is an empty string.
        type: string
        default: ''
      tags:
        description: >
          A dictionary of key/value pairs of tags you want to add.
        type: map
        default: {}
        entry_schema:
          type: string  # http://docs.aws.amazon.com/AWSEC2/latest/UserGuide/Using_Tags.html
      cidr_block:
        description: >
          The CIDR Block that instances will be on.
        type: string
      availability_zone:
        description: >
          The availability zone that you want your subnet in.
        type: string
        default: ''
        required: false
      aws_config:
        description: >
          A dictionary of values to pass to authenticate with the AWS API.
        type: aria.aws.datatypes.Config
        required: false
    interfaces:
      Standard:
        create:
          implementation: cloudify-aws-plugin > cloudify_aws.vpc.subnet.create_subnet
        start:
          implementation: cloudify-aws-plugin > cloudify_aws.vpc.subnet.start_subnet
        delete:
          implementation: cloudify-aws-plugin > cloudify_aws.vpc.subnet.delete_subnet
      Validation:
        type: aria.aws.interfaces.Validation
        creation:
          implementation: cloudify-aws-plugin > cloudify_aws.vpc.subnet.creation_validation
    requirements:
      - vpc:
          capability: tosca.capabilities.Node
          node: aria.aws.nodes.VPC
          relationship: aria.aws.relationships.SubnetContainedInVPC
          occurrences: [ 0, UNBOUNDED ]

  aria.aws.nodes.Gateway:
    derived_from: tosca.nodes.Root
    properties:
      use_external_resource:
        description: >
          Indicate whether the resource exists or it should be created,
          true if you are bringing an existing resource, false if you want to create it.
        type: boolean
        default: false
      resource_id:
        description: >
          The AWS resource ID of the external resource, if use_external_resource is true.
          Otherwise it is an empty string.
        type: string
        default: ''
      tags:
        description: >
          A dictionary of key/value pairs of tags you want to add.
        type: map
        default: {}
        entry_schema:
          type: string  # http://docs.aws.amazon.com/AWSEC2/latest/UserGuide/Using_Tags.html
      aws_config:
        description: >
          A dictionary of values to pass to authenticate with the AWS API.
        type: aria.aws.datatypes.Config
        required: false
    interfaces:
      Validation:
        type: aria.aws.interfaces.Validation
        creation:
          implementation: cloudify-aws-plugin > cloudify_aws.vpc.gateway.creation_validation
    requirements:
      - vpc:
          capability: tosca.capabilities.Node
          node: aria.aws.nodes.VPC
          relationship: aria.aws.relationships.GatewayConnectedToVPC
          occurrences: [ 0, UNBOUNDED ]

  aria.aws.nodes.InternetGateway:
    derived_from: aria.aws.nodes.Gateway
    properties:
      cidr_block:
        description: >
          The cidr_block that you want this internet gateway to service. Default is for all internet
          traffic.
        type: string
        default: '0.0.0.0/0'
    interfaces:
      Standard:
        create:
          implementation: cloudify-aws-plugin > cloudify_aws.vpc.gateway.create_internet_gateway
        start:
          implementation: cloudify-aws-plugin > cloudify_aws.vpc.gateway.start_internet_gateway
        delete:
          implementation: cloudify-aws-plugin > cloudify_aws.vpc.gateway.delete_internet_gateway

  aria.aws.nodes.VPNGateway:
    derived_from: aria.aws.nodes.Gateway
    properties:
      type:
        description: >
          Type of VPN Connection. Only valid value currently is ipsec.1
        type: string
        default: ipsec.1
      availability_zone:
        description: >
          The Availability Zone where you want the VPN gateway.
        type: string
        default: ''
        required: false
    interfaces:
      Standard:
        create:
          implementation: cloudify-aws-plugin > cloudify_aws.vpc.gateway.create_vpn_gateway
        start:
          implementation: cloudify-aws-plugin > cloudify_aws.vpc.gateway.start_vpn_gateway
        delete:
          implementation: cloudify-aws-plugin > cloudify_aws.vpc.gateway.delete_vpn_gateway

  aria.aws.nodes.CustomerGateway:
    derived_from: aria.aws.nodes.Gateway
    properties:
      type:
        description: >
          Type of VPN Connection. Only valid value currently is ipsec.1
        type: string
        default: ipsec.1
      ip_address:
        description: >
          Internet-routable IP address for customers gateway. Must be a static address
        type: string
      bgp_asn:
        description: >
          Customer gateways Border Gateway Protocol (BGP) Autonomous System Number (ASN)
        type: integer
    interfaces:
      Standard:
        create:
          implementation: cloudify-aws-plugin > cloudify_aws.vpc.gateway.create_customer_gateway
        start:
          implementation: cloudify-aws-plugin > cloudify_aws.vpc.gateway.start_customer_gateway
        delete:
          implementation: cloudify-aws-plugin > cloudify_aws.vpc.gateway.delete_customer_gateway
    requirements:
      - vpn_gateway:
          capability: tosca.capabilities.Node
          node: aria.aws.nodes.VPNGateway
          relationship: aria.aws.relationships.CustomerGatewayConnectedToVPNGateway
          occurrences: [ 0, UNBOUNDED ]

  aria.aws.nodes.ACL:
    derived_from: tosca.nodes.Root
    properties:
      use_external_resource:
        description: >
          Indicate whether the resource exists or it should be created,
          true if you are bringing an existing resource, false if you want to create it.
        type: boolean
        default: false
      resource_id:
        description: >
          The AWS resource ID of the external resource, if use_external_resource is true.
          Otherwise it is an empty string.
        type: string
        default: ''
      tags:
        description: >
          A dictionary of key/value pairs of tags you want to add.
        type: map
        default: {}
        entry_schema:
          type: string  # http://docs.aws.amazon.com/AWSEC2/latest/UserGuide/Using_Tags.html
      acl_network_entries:
        description: >
          A list of rules of data type aria.datatypes.aws.NetworkAclEntry (see above).
        type: list
        entry_schema:
          type: aria.aws.datatypes.NetworkAclEntry
        default: []
        required: false
      aws_config:
        description: >
          A dictionary of values to pass to authenticate with the AWS API.
        type: aria.aws.datatypes.Config
        required: false
    interfaces:
      Standard:
        create:
          implementation: cloudify-aws-plugin > cloudify_aws.vpc.networkacl.create_network_acl
        start:
          implementation: cloudify-aws-plugin > cloudify_aws.vpc.networkacl.start_network_acl
        delete:
          implementation: cloudify-aws-plugin > cloudify_aws.vpc.networkacl.delete_network_acl
      Validation:
        type: aria.aws.interfaces.Validation
        creation:
          implementation: cloudify-aws-plugin > cloudify_aws.vpc.networkacl.creation_validation
    requirements:
      - vpc:
          capability: tosca.capabilities.Node
          node: aria.aws.nodes.VPC
          relationship: aria.aws.relationships.NetworkACLContainedInVPC
          occurrences: [ 0, UNBOUNDED ]
      - subnet:
          capability: tosca.capabilities.Node
          node: aria.aws.nodes.Subnet
          relationship: aria.aws.relationships.NetworkACLAssociatedWithSubnet
          occurrences: [ 0, UNBOUNDED ]

  aria.aws.nodes.DHCPOptions:
    derived_from: tosca.nodes.Root
    properties:
      use_external_resource:
        description: >
          Indicate whether the resource exists or it should be created,
          true if you are bringing an existing resource, false if you want to create it.
        type: boolean
        default: false
      resource_id:
        description: >
          The AWS resource ID of the external resource, if use_external_resource is true.
          Otherwise it is an empty string.
        type: string
        default: ''
      tags:
        description: >
          A dictionary of key/value pairs of tags you want to add.
        type: map
        default: {}
        entry_schema:
          type: string  # http://docs.aws.amazon.com/AWSEC2/latest/UserGuide/Using_Tags.html
      domain_name:
        description: >
          A domain name.
        type: string
        required: false
      domain_name_servers:
        description: >
          A list of up to four DNS servers.
        type: list
        entry_schema:
          type: string
        default: []
        required: false
      ntp_servers:
        description: >
          A list of up to four NTP servers.
        type: list
        entry_schema:
          type: string
        default: []
        required: false
      netbios_name_servers:
        description: >
          A list of up to four netbios servers.
        type: list
        entry_schema:
          type: string
        default: []
        required: false
      netbios_node_type:
        description: >
          netbios type. recommended two.
        type: string
        default: ''
        required: false
      aws_config:
        description: >
          A dictionary of values to pass to authenticate with the AWS API.
        type: aria.aws.datatypes.Config
        required: false
    interfaces:
      Standard:
        create:
          implementation: cloudify-aws-plugin > cloudify_aws.vpc.dhcp.create_dhcp_options
        start:
          implementation: cloudify-aws-plugin > cloudify_aws.vpc.dhcp.start_dhcp_options
        delete:
          implementation: cloudify-aws-plugin > cloudify_aws.vpc.dhcp.delete_dhcp_options
      Validation:
        type: aria.aws.interfaces.Validation
        creation:
          implementation: cloudify-aws-plugin > cloudify_aws.vpc.dhcp.creation_validation
    requirements:
      - vpc:
          capability: tosca.capabilities.Node
          node: aria.aws.nodes.VPC
          relationship: aria.aws.relationships.DHCPOptionsAssociatedWithVPC
          occurrences: [ 0, UNBOUNDED ]

  aria.aws.nodes.RouteTable:
    derived_from: tosca.nodes.Root
    properties:
      use_external_resource:
        description: >
          Indicate whether the resource exists or it should be created,
          true if you are bringing an existing resource, false if you want to create it.
        type: boolean
        default: false
        required: true
      resource_id:
        description: >
          The AWS resource ID of the external resource, if use_external_resource is true.
          Otherwise it is an empty string.
        type: string
        default: ''
      tags:
        description: >
          A dictionary of key/value pairs of tags you want to add.
        type: map
        default: {}
        entry_schema:
          type: string  # http://docs.aws.amazon.com/AWSEC2/latest/UserGuide/Using_Tags.html
      aws_config:
        description: >
          A dictionary of values to pass to authenticate with the AWS API.
        type: aria.aws.datatypes.Config
        required: false
    interfaces:
      Standard:
        create:
          implementation: cloudify_aws.vpc.routetable.create_route_table
          inputs:
            routes:
              description: >
                A list of aria.aws.datatypes.Route.
              type: list
              entry_schema:
                type: aria.aws.datatypes.Route
              default: []
        start:
          implementation: cloudify-aws-plugin > cloudify_aws.vpc.routetable.start_route_table
        delete:
          implementation: cloudify-aws-plugin > cloudify_aws.vpc.routetable.delete_route_table
      Validation:
        type: aria.aws.interfaces.Validation
        creation:
          implementation: cloudify-aws-plugin > cloudify_aws.vpc.routetable.creation_validation
    requirements:
      - vpc:
          capability: tosca.capabilities.Node
          node: aria.aws.nodes.VPC
          relationship: aria.aws.relationships.SubnetContainedInVPC
          occurrences: [ 0, UNBOUNDED ]
      - subnet:
          capability: tosca.capabilities.Node
          node: aria.aws.nodes.Subnet
          relationship: aria.aws.relationships.RoutetableAssociatedWithSubnet
          occurrences: [ 0, UNBOUNDED ]
      - gateway:
          capability: tosca.capabilities.Node
          node: aria.aws.nodes.Gateway
          relationship: aria.aws.relationships.RouteTableToGateway
          occurrences: [ 0, UNBOUNDED ]

  aria.aws.nodes.Interface:
    derived_from: tosca.nodes.network.Port
    properties:
      use_external_resource:
        description: >
          Indicate whether the resource exists or it should be created,
          true if you are bringing an existing resource, false if you want to create it.
        type: boolean
        default: false
      resource_id:
        description: >
          The AWS resource ID of the external resource, if use_external_resource is true.
          Otherwise it is an empty string.
        type: string
        default: ''
      tags:
        description: >
          A dictionary of key/value pairs of tags you want to add.
        type: map
        default: {}
        entry_schema:
          type: string  # http://docs.aws.amazon.com/AWSEC2/latest/UserGuide/Using_Tags.html
      parameters:
        description: >
          Any parameters accepted by the create_network_interface operation.
        type: aria.aws.datatypes.NetworkInterfaceCreateParameters
        required: false
      aws_config:
        description: >
          A dictionary of values to pass to authenticate with the AWS API.
        type: aria.aws.datatypes.Config
        required: false
    interfaces:
      Standard:
        create:
          implementation: cloudify-aws-plugin > cloudify_aws.ec2.eni.create
          inputs:
            args:
              type: aria.aws.datatypes.NetworkInterfaceCreateParameters
              default: {}
        start:
          implementation: cloudify-aws-plugin > cloudify_aws.ec2.eni.start
        delete:
          implementation: cloudify-aws-plugin > cloudify_aws.ec2.eni.delete
          inputs:
            args:
              type: map
              entry_schema:
                type: string
              default: {}
    requirements:
      - instance:
          capability: tosca.capabilities.Node
          node: aria.aws.nodes.Instance
          relationship: aria.aws.relationships.ENIConnectedToInstance
          occurrences: [ 0, UNBOUNDED ]

  aria.aws.nodes.SecurityGroupRule:
    derived_from: tosca.nodes.Root
    properties:
      use_external_resource:
        type: boolean
        default: False
      resource_id:
        description: >
          The resource ID.
        type: string
        default: ''
        required: false
      rule:
        description: >
          A list of rules of data type aria.aws.datatypes.SecurityGroupRule (see above).
        type: list
        entry_schema:
          type: aria.aws.datatypes.SecurityGroupRule
        default: []
        required: false
      aws_config:
        description: >
          A dictionary of values to pass to authenticate with the AWS API.
        type: aria.aws.datatypes.Config
    requirements:
      - security_group_to_depend_on:
          capability: tosca.capabilities.Node
          node: aria.aws.nodes.SecurityGroup
          relationship: aria.aws.relationships.RuleDependsOnSecurityGroup
          occurrences: [ 0, UNBOUNDED ]
      - security_group_to_be_contained_in:
          capability: tosca.capabilities.Node
          node: aria.aws.nodes.SecurityGroup
          relationship: aria.aws.relationships.RuleContainedInSecurityGroup
          occurrences: [ 0, UNBOUNDED ]

  aria.aws.nodes.SecurityGroupRule.Multi:
    derived_from: aria.aws.nodes.SecurityGroupRule
    interfaces:
      Standard:
        create:
          implementation: cloudify-aws-plugin > cloudify_aws.ec2.securitygroup.create_rule
          inputs:
            args:
              type: map
              entry_schema:
                type: aria.aws.datatypes.SecurityGroupRule
              default: {}
        delete:
          implementation: cloudify-aws-plugin > cloudify_aws.ec2.securitygroup.delete_rule
          inputs:
            args:
              type: map
              entry_schema:
                type: aria.aws.datatypes.SecurityGroupRule
              default: {}


relationship_types:
  aria.aws.relationships.ConnectedToElasticIP:
    derived_from: tosca.relationships.ConnectsTo
    interfaces:
      Configure:
        add_source:
          implementation: cloudify-aws-plugin > cloudify_aws.ec2.elasticip.associate
        remove_source:
          implementation: cloudify-aws-plugin > cloudify_aws.ec2.elasticip.disassociate

  aria.aws.relationships.InstanceConnectedToElasticIP:
    derived_from: aria.aws.relationships.ConnectedToElasticIP

  aria.aws.relationships.InstanceConnectedToKeypair:
    derived_from: tosca.relationships.ConnectsTo

  aria.aws.relationships.ConnectedToSecurityGroup:
    derived_from: tosca.relationships.ConnectsTo

  # The name of this relationship is not in CamelCase since in order to attach security group to an
  # instance using the Cloudify AWS plugin, the relationship between the instance and the security
  # group must be include the string 'instance_connected_to_security_group' in its name.
  aria.aws.relationships.instance_connected_to_security_group:
    derived_from: aria.aws.relationships.ConnectedToSecurityGroup

  aria.aws.relationships.InstanceConnectedToLoadBalancer:
    derived_from: tosca.relationships.ConnectsTo
    interfaces:
      Configure:
        add_source:
          implementation: cloudify-aws-plugin > cloudify_aws.ec2.elasticloadbalancer.associate
        remove_source:
          implementation: cloudify-aws-plugin > cloudify_aws.ec2.elasticloadbalancer.disassociate

  aria.aws.relationships.VolumeConnectedToInstance:
    derived_from: tosca.relationships.ConnectsTo
    interfaces:
      Configure:
        add_source:
          implementation: cloudify-aws-plugin > cloudify_aws.ec2.ebs.associate
          inputs:
            args:
              type: map
              entry_schema:
                type: string
              default: {}
            force:
              type: boolean
              default: False
        remove_source:
          implementation: cloudify-aws-plugin > cloudify_aws.ec2.ebs.disassociate
          inputs:
            args:
              type: map
              entry_schema:
                type: string
              default: {}
            force:
              type: boolean
              default: False

  aria.aws.relationships.SubnetContainedInVPC:
    derived_from: tosca.relationships.HostedOn

  aria.aws.relationships.RoutetableContainedInVPC:
    derived_from: tosca.relationships.HostedOn

  aria.aws.relationships.RoutetableAssociatedWithSubnet:
    derived_from: tosca.relationships.ConnectsTo
    interfaces:
      Configure:
        add_target:
          implementation: cloudify-aws-plugin > cloudify_aws.vpc.routetable.associate_route_table
        remove_target:
          implementation: cloudify-aws-plugin > cloudify_aws.vpc.routetable.disassociate_route_table

  aria.aws.relationships.RouteTableToGateway:
    derived_from: tosca.relationships.ConnectsTo
    interfaces:
      Configure:
        add_target:
          implementation: cloudify-aws-plugin > cloudify_aws.vpc.routetable.create_route_to_gateway
          inputs:
            destination_cidr_block:
              description: >
                Provide a specific value for the destination cidr block.
                If the target is an internet gateway, then this is not necessary.
                It will resolve to the cidr_block node property.
                Otherwise, you need to provide this value.
              type: string
              default: ''
        remove_target:
          implementation: cloudify-aws-plugin > cloudify_aws.vpc.routetable.delete_route_from_gateway

  aria.aws.relationships.GatewayConnectedToVPC:
    derived_from: tosca.relationships.ConnectsTo
    interfaces:
      Configure:
        add_target:
          implementation: cloudify-aws-plugin > cloudify_aws.vpc.gateway.attach_gateway
        remove_target:
          implementation: cloudify-aws-plugin > cloudify_aws.vpc.gateway.detach_gateway

  aria.aws.relationships.NetworkACLContainedInVPC:
    derived_from: tosca.relationships.HostedOn

  aria.aws.relationships.NetworkACLAssociatedWithSubnet:
    derived_from: tosca.relationships.ConnectsTo
    interfaces:
      Configure:
        add_target:
          implementation: cloudify-aws-plugin > cloudify_aws.vpc.networkacl.associate_network_acl
        remove_target:
          implementation: cloudify-aws-plugin > cloudify_aws.vpc.networkacl.disassociate_network_acl

  aria.aws.relationships.RouteTableOfSourceVPCConnectedToTargetPeerVPC:
    derived_from: tosca.relationships.ConnectsTo
    interfaces:
      Configure:
        pre_configure_target:
          implementation: cloudify-aws-plugin > cloudify_aws.vpc.vpc.create_vpc_peering_connection
          inputs:
            target_account_id:
              description: >
                The 12 digit account ID that the target VPC belongs to.
              type: string
              default: ''
            routes:
              description: >
                A list of aria.aws.datatypes.Route for assignment to the source Route Table.
              type: list
              entry_schema:
                type: aria.aws.datatypes.Route
              default: []
        post_configure_target:
          implementation: cloudify-aws-plugin > cloudify_aws.vpc.vpc.accept_vpc_peering_connection
        remove_target:
          implementation: cloudify-aws-plugin > cloudify_aws.vpc.vpc.delete_vpc_peering_connection

  aria.aws.relationships.DHCPOptionsAssociatedWithVPC:
    derived_from: tosca.relationships.ConnectsTo
    interfaces:
      Configure:
        add_target:
          implementation: cloudify-aws-plugin > cloudify_aws.vpc.dhcp.associate_dhcp_options
        remove_target:
          implementation: cloudify-aws-plugin > cloudify_aws.vpc.dhcp.restore_dhcp_options

  aria.aws.relationships.CustomerGatewayConnectedToVPNGateway:
    derived_from: tosca.relationships.ConnectsTo
    interfaces:
      Configure:
        add_target:
          implementation: cloudify-aws-plugin > cloudify_aws.vpc.gateway.create_vpn_connection
          inputs:
            routes:
              description: >
                A list of static routes to add to this vpn_connection.
                The routes will be of type aria.aws.datatypes.Route.
                However, you can only provide the destination_cidr_block and a vpn_connection_id.
              type: list
              entry_schema:
                type: aria.aws.datatypes.Route
              default: []
        remove_target:
          implementation: cloudify-aws-plugin > cloudify_aws.vpc.gateway.delete_vpn_connection

  aria.aws.relationships.InstanceContainedInSubnet:
    derived_from: tosca.relationships.HostedOn

  aria.aws.relationships.InstanceConnectedToSubnet:
    derived_from: tosca.relationships.ConnectsTo

  aria.aws.relationships.SecurityGroupContainedInVPC:
    derived_from: tosca.relationships.HostedOn

  aria.aws.relationships.ConnectedToSubnet:  # ARIA NOTE: I don't see a use for this relationship
    derived_from: tosca.relationships.ConnectsTo

  aria.aws.relationships.ENIConnectedToInstance:
    derived_from: tosca.relationships.ConnectsTo
    interfaces:
      Configure:
        add_source:
          implementation: cloudify-aws-plugin > cloudify_aws.ec2.eni.associate
          inputs:
            args:
              type: map
              entry_schema:
                type: string
              default: {}
        remove_source:
          implementation: cloudify-aws-plugin > cloudify_aws.ec2.eni.disassociate
          inputs:
            args:
              type: map
              entry_schema:
                type: string
              default: {}

  aria.aws.relationships.InstanceConnectedToENI:
    derived_from: tosca.relationships.ConnectsTo

  aria.aws.relationships.SecurityGroupUsesRule:
    derived_from: tosca.relationships.DependsOn

  aria.aws.relationships.RuleDependsOnSecurityGroup:
    derived_from: tosca.relationships.DependsOn

  aria.aws.relationships.RuleContainedInSecurityGroup:
    derived_from: tosca.relationships.HostedOn