AWS Provider Reference¶

Source of truth

Definitions live under examples/api-definitions/apis/aws. Update the API definitions and re-run make docs-reference.

v1¶

Resource	Kind	Short Names	Categories
`airflowenvironments`	`AirflowEnvironment`	afw	—
`autoscalinggroups`	`AutoScalingGroup`	asg	—
`ec2instances`	`EC2Instance`	ec2	—
`ecrrepositories`	`ECRRepository`	ecr	—
`ecsclusters`	`ECSCluster`	ecsc	—
`elasticacheinstances`	`ElastiCacheInstance`	eci	—
`firehosedeliverystreams`	`FirehoseDeliveryStream`	fhs	—
`kafkaclusters`	`KafkaCluster`	kfk	—
`kinesisstreams`	`KinesisStream`	kis	—
`lambdafunctions`	`LambdaFunction`	lambda	—
`natgateways`	`NATGateway`	nat	—
`opensearchdomains`	`OpenSearchDomain`	osd	—
`rdsinstances`	`RDSInstance`	rds	—
`s3buckets`	`S3Bucket`	s3	—
`transferservers`	`TransferServer`	trf	—

EC2Instance¶

API Group: aws/v1\
Resource Name: ec2instances\
Kind: EC2Instance

Elastic compute optimized for long-running workloads.

EC2Instance resources let you describe or reconcile individual EC2 instances with the familiar metadata/spec shape. You can adopt existing instances with babyctl get and feed the object back into babyctl apply to update user data, networking, or tagging details without writing Terraform from scratch.

Configuration Examples¶

YAMLHCL

apiVersion: aws/v1
kind: EC2Instance
metadata:
  name: web-01
spec:
  ami: ami-0fd123456
  instanceType: t3.micro
  subnetId: subnet-1234abcd
  securityGroupIds:
    - sg-web
  keyName: admin
  userData: |
    #!/bin/bash
    yum install -y nginx
  tags:
    Environment: production
    Service: web

resource "aws_instance" "web" {
  ami           = "ami-0fd123456"
  instance_type = "t3.micro"
  subnet_id     = "subnet-1234abcd"
  vpc_security_group_ids = [
    aws_security_group.web.id,
  ]
  key_name  = "admin"
  user_data = file("cloud-init/userdata.sh")

  tags = {
    Environment = "production"
    Service     = "web"
  }
}

Required Arguments¶

Name	Type	Description
`ami`	`string`	ID of the AMI that should back the instance.
`instanceType`	`string`	EC2 instance type, for example `t3.micro`.

Optional Arguments¶

Name	Type	Description	Default
`subnetId`	`string`	Subnet where the instance should run.	—
`securityGroupIds`	`list(string)`	Security groups that should be attached to the ENI.	—
`keyName`	`string`	SSH key pair to attach for console access.	—
`userData`	`string`	Cloud-init or shell user data rendered as base64.	—
`tags`	`map(string)`	Free-form tags that should be synced to the instance.	—

Computed Attributes¶

Name	Type	Description
`instanceId`	`string`	AWS-generated instance identifier.
`privateIp`	`string`	Primary RFC1918 address associated with the instance.
`publicIp`	`string`	Elastic or public IP (when applicable).

ECRRepository¶

API Group: aws/v1\
Resource Name: ecrrepositories\
Kind: ECRRepository

Private container image distribution.

The ECRRepository resource mirrors the knobs you would typically set in Terraform when defining an AWS Elastic Container Registry. Use it to standardise repository encryption, immutability, lifecycle rules, and naming conventions across accounts.

Configuration Examples¶

YAMLHCL

apiVersion: aws/v1
kind: ECRRepository
metadata:
  name: platform-images
spec:
  repositoryName: platform-images
  imageTagMutability: IMMUTABLE
  encryptionConfiguration:
    type: KMS
    kmsKeyArn: arn:aws:kms:ap-southeast-2:123456789012:key/abcd
  scanOnPush: true
  lifecyclePolicies:
    - description: Keep last 30 prod tags
      rulePriority: 1
      selection:
        tagStatus: tagged
        tagPrefixList: [prod-]
        countType: imageCountMoreThan
        countNumber: 30
      action:
        type: expire

resource "aws_ecr_repository" "platform" {
  name                 = "platform-images"
  image_tag_mutability = "IMMUTABLE"

  encryption_configuration {
    encryption_type = "KMS"
    kms_key         = "arn:aws:kms:ap-southeast-2:123456789012:key/abcd"
  }

  image_scanning_configuration {
    scan_on_push = true
  }
}

resource "aws_ecr_lifecycle_policy" "platform" {
  repository = aws_ecr_repository.platform.name
  policy = jsonencode({
    rules = [{
      description = "Keep last 30 prod tags"
      rulePriority = 1
      selection = {
        tagStatus     = "tagged"
        tagPrefixList = ["prod-"]
        countType     = "imageCountMoreThan"
        countNumber   = 30
      }
      action = { type = "expire" }
    }]
  })
}

Required Arguments¶

Name	Type	Description
`repositoryName`	`string`	Human-friendly name for the repository.

Optional Arguments¶

Name	Type	Description	Default
`imageTagMutability`	`string`	Whether tags are `MUTABLE` or `IMMUTABLE`.	—
`scanOnPush`	`bool`	Enables ECR vulnerability scanning when images are pushed.	—
`encryptionConfiguration`	`object`	Optional block specifying KMS encryption details.	—
`lifecyclePolicies`	`list(object)`	Ordered list of lifecycle policies expressed as JSON-friendly maps.	—

Computed Attributes¶

Name	Type	Description
`repositoryArn`	`string`	ARN that uniquely identifies the repository.
`repositoryUri`	`string`	URI that docker clients can push to.

LambdaFunction¶

API Group: aws/v1\
Resource Name: lambdafunctions\
Kind: LambdaFunction

Event-driven serverless compute with millisecond billing.

LambdaFunction resources bring AWS Lambda into the same document-driven workflow as other providers. Use them to keep runtime, IAM role, package sources, and tuning flags aligned between HCL and YAML consumers.

Configuration Examples¶

YAMLHCL

apiVersion: aws/v1
kind: LambdaFunction
metadata:
  name: image-processor
spec:
  functionName: image-processor
  runtime: nodejs20.x
  handler: handler.run
  roleArn: arn:aws:iam::123456789012:role/lambda-runtime
  package:
    s3Bucket: artifacts-us-east-1
    s3Key: lambdas/image-processor.zip
  timeoutSeconds: 30
  memoryMB: 512
  environment:
    LOG_LEVEL: info
    BUCKET_NAME: raw-images

resource "aws_lambda_function" "image_processor" {
  function_name = "image-processor"
  handler       = "handler.run"
  role          = "arn:aws:iam::123456789012:role/lambda-runtime"
  runtime       = "nodejs20.x"
  s3_bucket     = "artifacts-us-east-1"
  s3_key        = "lambdas/image-processor.zip"
  timeout       = 30
  memory_size   = 512

  environment {
    variables = {
      LOG_LEVEL   = "info"
      BUCKET_NAME = "raw-images"
    }
  }
}

Required Arguments¶

Name	Type	Description
`functionName`	`string`	Friendly name for the Lambda function.
`runtime`	`string`	Runtime identifier such as `nodejs20.x` or `python3.12`.
`handler`	`string`	Entrypoint format `<file>.<export>` evaluated by the runtime.
`roleArn`	`string`	IAM role ARN that provides execution permissions.
`package`	`object`	Location of the deployment artifact (S3 bucket/key or container image).

Optional Arguments¶

Name	Type	Description	Default
`timeoutSeconds`	`number`	Max invocation time before Lambda terminates (default 3).	—
`memoryMB`	`number`	Memory size in MB that also controls CPU share.	—
`environment`	`map(string)`	Key/value environment variables available during execution.	—

Computed Attributes¶

Name	Type	Description
`functionArn`	`string`	Full ARN of the Lambda function.
`lastModified`	`string`	Timestamp of the most recent publish or update.