daniel/agent-claw
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

agent-claw: automated task changes

Browse Source
This commit is contained in:
daniel
2026-05-06 18:55:16 -05:00
parent 38905bb1e9
commit 732b00fb66
8494 changed files with 2018127 additions and 4 deletions
Download Patch File Download Diff File Expand all files Collapse all files

13
cdk/node_modules/aws-cdk-lib/aws-ec2/.jsiirc.json generated vendored Normal file
View File

@@ -0,0 +1,13 @@
{
"targets": {
"java": {
"package": "software.amazon.awscdk.services.ec2"
},
"dotnet": {
"namespace": "Amazon.CDK.AWS.EC2"
},
"python": {
"module": "aws_cdk.aws_ec2"
}
}
}

2742
cdk/node_modules/aws-cdk-lib/aws-ec2/README.md generated vendored Normal file
View File

File diff suppressed because it is too large Load Diff

1
cdk/node_modules/aws-cdk-lib/aws-ec2/index.d.ts generated vendored Normal file
View File

@@ -0,0 +1 @@
export * from './lib';

1
cdk/node_modules/aws-cdk-lib/aws-ec2/index.js generated vendored Normal file
View File

File diff suppressed because one or more lines are too long

1
cdk/node_modules/aws-cdk-lib/aws-ec2/lib/aspects/index.d.ts generated vendored Normal file
View File

@@ -0,0 +1 @@
export * from './require-imdsv2-aspect';

1
cdk/node_modules/aws-cdk-lib/aws-ec2/lib/aspects/index.js generated vendored Normal file
View File

@@ -0,0 +1 @@
"use strict";var __createBinding=exports&&exports.__createBinding||(Object.create?(function(o,m,k,k2){k2===void 0&&(k2=k);var desc=Object.getOwnPropertyDescriptor(m,k);(!desc||("get"in desc?!m.__esModule:desc.writable||desc.configurable))&&(desc={enumerable:!0,get:function(){return m[k]}}),Object.defineProperty(o,k2,desc)}):(function(o,m,k,k2){k2===void 0&&(k2=k),o[k2]=m[k]})),__exportStar=exports&&exports.__exportStar||function(m,exports2){for(var p in m)p!=="default"&&!Object.prototype.hasOwnProperty.call(exports2,p)&&__createBinding(exports2,m,p)};Object.defineProperty(exports,"__esModule",{value:!0});var _noFold;exports.InstanceRequireImdsv2Aspect=void 0,Object.defineProperty(exports,_noFold="InstanceRequireImdsv2Aspect",{enumerable:!0,configurable:!0,get:()=>{var value=require("./require-imdsv2-aspect").InstanceRequireImdsv2Aspect;return Object.defineProperty(exports,_noFold="InstanceRequireImdsv2Aspect",{enumerable:!0,configurable:!0,value}),value}}),exports.LaunchTemplateRequireImdsv2Aspect=void 0,Object.defineProperty(exports,_noFold="LaunchTemplateRequireImdsv2Aspect",{enumerable:!0,configurable:!0,get:()=>{var value=require("./require-imdsv2-aspect").LaunchTemplateRequireImdsv2Aspect;return Object.defineProperty(exports,_noFold="LaunchTemplateRequireImdsv2Aspect",{enumerable:!0,configurable:!0,value}),value}});

74
cdk/node_modules/aws-cdk-lib/aws-ec2/lib/aspects/require-imdsv2-aspect.d.ts generated vendored Normal file
View File

@@ -0,0 +1,74 @@
import type { IConstruct } from 'constructs';
import * as cdk from '../../../core';
/**
* Properties for `RequireImdsv2Aspect`.
*/
interface RequireImdsv2AspectProps {
/**
* Whether warning annotations from this Aspect should be suppressed or not.
*
* @default - false
*/
readonly suppressWarnings?: boolean;
}
/**
* Base class for Aspect that makes IMDSv2 required.
*/
declare abstract class RequireImdsv2Aspect implements cdk.IAspect {
protected readonly suppressWarnings: boolean;
constructor(props?: RequireImdsv2AspectProps);
abstract visit(node: IConstruct): void;
/**
* Adds a warning annotation to a node, unless `suppressWarnings` is true.
*
* @param node The scope to add the warning to.
* @param message The warning message.
*/
protected warn(node: IConstruct, message: string): void;
}
/**
* Properties for `InstanceRequireImdsv2Aspect`.
*/
export interface InstanceRequireImdsv2AspectProps extends RequireImdsv2AspectProps {
/**
* Whether warnings that would be raised when an Instance is associated with an existing Launch Template
* should be suppressed or not.
*
* You can set this to `true` if `LaunchTemplateImdsAspect` is being used alongside this Aspect to
* suppress false-positive warnings because any Launch Templates associated with Instances will still be covered.
*
* @default - false
*/
readonly suppressLaunchTemplateWarning?: boolean;
}
/**
* Aspect that applies IMDS configuration on EC2 Instance constructs.
*
* This aspect configures IMDS on an EC2 instance by creating a Launch Template with the
* IMDS configuration and associating that Launch Template with the instance. If an Instance
* is already associated with a Launch Template, a warning will (optionally) be added to the
* construct node and it will be skipped.
*
* To cover Instances already associated with Launch Templates, use `LaunchTemplateImdsAspect`.
*/
export declare class InstanceRequireImdsv2Aspect extends RequireImdsv2Aspect {
private readonly suppressLaunchTemplateWarning;
constructor(props?: InstanceRequireImdsv2AspectProps);
visit(node: IConstruct): void;
protected warn(node: IConstruct, message: string): void;
}
/**
* Properties for `LaunchTemplateRequireImdsv2Aspect`.
*/
export interface LaunchTemplateRequireImdsv2AspectProps extends RequireImdsv2AspectProps {
}
/**
* Aspect that applies IMDS configuration on EC2 Launch Template constructs.
*
* @see https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-ec2-launchtemplate-launchtemplatedata-metadataoptions.html
*/
export declare class LaunchTemplateRequireImdsv2Aspect extends RequireImdsv2Aspect {
constructor(props?: LaunchTemplateRequireImdsv2AspectProps);
visit(node: IConstruct): void;
}
export {};

1
cdk/node_modules/aws-cdk-lib/aws-ec2/lib/aspects/require-imdsv2-aspect.js generated vendored Normal file
View File

@@ -0,0 +1 @@
"use strict";Object.defineProperty(exports,"__esModule",{value:!0}),exports.LaunchTemplateRequireImdsv2Aspect=exports.InstanceRequireImdsv2Aspect=void 0;var jsiiDeprecationWarnings=()=>{var tmp=require("../../../.warnings.jsii.js");return jsiiDeprecationWarnings=()=>tmp,tmp};const JSII_RTTI_SYMBOL_1=Symbol.for("jsii.rtti");var cdk=()=>{var tmp=require("../../../core");return cdk=()=>tmp,tmp},cxapi=()=>{var tmp=require("../../../cx-api");return cxapi=()=>tmp,tmp},ec2_generated_1=()=>{var tmp=require("../ec2.generated");return ec2_generated_1=()=>tmp,tmp},instance_1=()=>{var tmp=require("../instance");return instance_1=()=>tmp,tmp},launch_template_1=()=>{var tmp=require("../launch-template");return launch_template_1=()=>tmp,tmp};class RequireImdsv2Aspect{suppressWarnings;constructor(props){this.suppressWarnings=props?.suppressWarnings??!1}warn(node,message){this.suppressWarnings!==!0&&cdk().Annotations.of(node).addWarningV2(`@aws-cdk/aws-ec2:imdsv2${RequireImdsv2Aspect.name}`,`${RequireImdsv2Aspect.name} failed on node ${node.node.id}: ${message}`)}}class InstanceRequireImdsv2Aspect extends RequireImdsv2Aspect{static[JSII_RTTI_SYMBOL_1]={fqn:"aws-cdk-lib.aws_ec2.InstanceRequireImdsv2Aspect",version:"2.252.0"};suppressLaunchTemplateWarning;constructor(props){super(props);try{jsiiDeprecationWarnings().aws_cdk_lib_aws_ec2_InstanceRequireImdsv2AspectProps(props)}catch(error){throw process.env.JSII_DEBUG!=="1"&&error.name==="DeprecationError"&&Error.captureStackTrace(error,InstanceRequireImdsv2Aspect),error}this.suppressLaunchTemplateWarning=props?.suppressLaunchTemplateWarning??!1}visit(node){if(!(node instanceof instance_1().Instance))return;if(node.instance.launchTemplate!==void 0){this.warn(node,"Cannot toggle IMDSv1 because this Instance is associated with an existing Launch Template.");return}const launchTemplate=new(ec2_generated_1()).CfnLaunchTemplate(node,"LaunchTemplate",{launchTemplateData:{metadataOptions:{httpTokens:"required"}}});cdk().FeatureFlags.of(node).isEnabled(cxapi().EC2_UNIQUE_IMDSV2_LAUNCH_TEMPLATE_NAME)?launchTemplate.launchTemplateName=cdk().Names.uniqueId(launchTemplate):launchTemplate.launchTemplateName=`${node.node.id}LaunchTemplate`,node.instance.launchTemplate={launchTemplateName:launchTemplate.launchTemplateName,version:launchTemplate.getAtt("LatestVersionNumber").toString()}}warn(node,message){this.suppressLaunchTemplateWarning!==!0&&super.warn(node,message)}}exports.InstanceRequireImdsv2Aspect=InstanceRequireImdsv2Aspect;class LaunchTemplateRequireImdsv2Aspect extends RequireImdsv2Aspect{static[JSII_RTTI_SYMBOL_1]={fqn:"aws-cdk-lib.aws_ec2.LaunchTemplateRequireImdsv2Aspect",version:"2.252.0"};constructor(props){super(props);try{jsiiDeprecationWarnings().aws_cdk_lib_aws_ec2_LaunchTemplateRequireImdsv2AspectProps(props)}catch(error){throw process.env.JSII_DEBUG!=="1"&&error.name==="DeprecationError"&&Error.captureStackTrace(error,LaunchTemplateRequireImdsv2Aspect),error}}visit(node){if(!(node instanceof launch_template_1().LaunchTemplate))return;const launchTemplate=node.node.tryFindChild("Resource"),data=launchTemplate.launchTemplateData;if(cdk().isResolvableObject(data)){this.warn(node,"LaunchTemplateData is a CDK token.");return}const metadataOptions=data.metadataOptions;if(cdk().isResolvableObject(metadataOptions)){this.warn(node,"LaunchTemplateData.MetadataOptions is a CDK token.");return}const newData={...data,metadataOptions:{...metadataOptions,httpTokens:"required"}};launchTemplate.launchTemplateData=newData}}exports.LaunchTemplateRequireImdsv2Aspect=LaunchTemplateRequireImdsv2Aspect;

190
cdk/node_modules/aws-cdk-lib/aws-ec2/lib/bastion-host.d.ts generated vendored Normal file
View File

@@ -0,0 +1,190 @@
import type { Construct } from 'constructs';
import type { InstanceReference } from '.';
import { InstanceType } from '.';
import type { CloudFormationInit } from './cfn-init';
import type { Connections } from './connections';
import type { ApplyCloudFormationInitOptions, IInstance } from './instance';
import { Instance } from './instance';
import type { IMachineImage } from './machine-image';
import type { IPeer } from './peer';
import type { ISecurityGroup } from './security-group';
import type { BlockDevice } from './volume';
import type { IVpc, SubnetSelection } from './vpc';
import type { IPrincipal, IRole } from '../../aws-iam';
import { Resource } from '../../core';
/**
* Properties of the bastion host
*
*
*/
export interface BastionHostLinuxProps {
/**
* In which AZ to place the instance within the VPC
*
* @default - Random zone.
*/
readonly availabilityZone?: string;
/**
* VPC to launch the instance in.
*/
readonly vpc: IVpc;
/**
* The name of the instance
*
* @default 'BastionHost'
*/
readonly instanceName?: string;
/**
* Select the subnets to run the bastion host in.
* Set this to PUBLIC if you need to connect to this instance via the internet and cannot use SSM.
* You have to allow port 22 manually by using the connections field
*
* @default - private subnets of the supplied VPC
*/
readonly subnetSelection?: SubnetSelection;
/**
* Security Group to assign to this instance
*
* @default - create new security group with no inbound and all outbound traffic allowed
*/
readonly securityGroup?: ISecurityGroup;
/**
* Type of instance to launch
* @default 't3.nano'
*/
readonly instanceType?: InstanceType;
/**
* The machine image to use, assumed to have SSM Agent preinstalled.
*
* @default - An Amazon Linux 2023 image if the `@aws-cdk/aws-ec2:bastionHostUseAmazonLinux2023ByDefault` feature flag is enabled. Otherwise, an Amazon Linux 2 image. In both cases, the image is kept up-to-date automatically (the instance
* may be replaced on every deployment) and already has SSM Agent installed.
*/
readonly machineImage?: IMachineImage;
/**
* Specifies how block devices are exposed to the instance. You can specify virtual devices and EBS volumes.
*
* Each instance that is launched has an associated root device volume,
* either an Amazon EBS volume or an instance store volume.
* You can use block device mappings to specify additional EBS volumes or
* instance store volumes to attach to an instance when it is launched.
*
* @see https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/block-device-mapping-concepts.html
*
* @default - Uses the block device mapping of the AMI
*/
readonly blockDevices?: BlockDevice[];
/**
* Apply the given CloudFormation Init configuration to the instance at startup
*
* @default - no CloudFormation init
*/
readonly init?: CloudFormationInit;
/**
* Use the given options for applying CloudFormation Init
*
* Describes the configsets to use and the timeout to wait
*
* @default - default options
*/
readonly initOptions?: ApplyCloudFormationInitOptions;
/**
* Whether IMDSv2 should be required on this instance
*
* @default - false
*/
readonly requireImdsv2?: boolean;
/**
* Determines whether changes to the UserData will force instance replacement.
*
* Depending on the EC2 instance type, modifying the UserData may either restart
* or replace the instance:
*
* - Instance store-backed instances are replaced.
* - EBS-backed instances are restarted.
*
* Note that by default, restarting does not execute the updated UserData, so an alternative
* mechanism is needed to ensure the instance re-executes the UserData.
*
* When set to `true`, the instance's Logical ID will depend on the UserData, causing
* CloudFormation to replace the instance if the UserData changes.
*
* @default - `true` if `initOptions` is specified, otherwise `false`.
*/
readonly userDataCausesReplacement?: boolean;
}
/**
* This creates a linux bastion host you can use to connect to other instances or services in your VPC.
* The recommended way to connect to the bastion host is by using AWS Systems Manager Session Manager.
*
* The operating system is Amazon Linux 2 with the latest SSM agent installed
*
* You can also configure this bastion host to allow connections via SSH
*
*
* @resource AWS::EC2::Instance
*/
export declare class BastionHostLinux extends Resource implements IInstance {
/**
* Uniquely identifies this class.
*/
static readonly PROPERTY_INJECTION_ID: string;
/**
* Allows specify security group connections for the instance.
*/
readonly connections: Connections;
/**
* The IAM role assumed by the instance.
*/
readonly role: IRole;
/**
* The principal to grant permissions to
*/
readonly grantPrincipal: IPrincipal;
/**
* The underlying instance resource
*/
readonly instance: Instance;
/**
* @attribute
*/
readonly instanceId: string;
/**
* @attribute
*/
readonly instanceAvailabilityZone: string;
/**
* @attribute
*/
readonly instancePrivateDnsName: string;
/**
* @attribute
*/
readonly instancePrivateIp: string;
/**
* @attribute
*/
readonly instancePublicDnsName: string;
/**
* @attribute
*/
readonly instancePublicIp: string;
constructor(scope: Construct, id: string, props: BastionHostLinuxProps);
get instanceRef(): InstanceReference;
/**
* Returns the AmazonLinuxCpuType corresponding to the given instance architecture
* @param architecture the instance architecture value to convert
*/
private toAmazonLinuxCpuType;
/**
* Allow SSH access from the given peer or peers
*
* Necessary if you want to connect to the instance using ssh. If not
* called, you should use SSM Session Manager to connect to the instance.
*/
allowSshAccessFrom(...peer: IPeer[]): void;
/**
* Returns the machine image to use for the bastion host, respecting the feature flag
* to default to Amazon Linux 2023 if enabled, otherwise defaulting to Amazon Linux 2.
*/
private getMachineImage;
}

1
cdk/node_modules/aws-cdk-lib/aws-ec2/lib/bastion-host.js generated vendored Normal file
View File

File diff suppressed because one or more lines are too long

639
cdk/node_modules/aws-cdk-lib/aws-ec2/lib/cfn-init-elements.d.ts generated vendored Normal file
View File

@@ -0,0 +1,639 @@
import type { InitBindOptions, InitElementConfig } from './private/cfn-init-internal';
import { InitPlatform } from './private/cfn-init-internal';
import type * as s3 from '../../aws-s3';
import * as s3_assets from '../../aws-s3-assets';
import { Duration } from '../../core';
/**
* An object that represents reasons to restart an InitService
*
* Pass an instance of this object to the `InitFile`, `InitCommand`,
* `InitSource` and `InitPackage` objects, and finally to an `InitService`
* itself to cause the actions (files, commands, sources, and packages)
* to trigger a restart of the service.
*
* For example, the following will run a custom command to install Nginx,
* and trigger the nginx service to be restarted after the command has run.
*
* ```ts
* const handle = new ec2.InitServiceRestartHandle();
* ec2.CloudFormationInit.fromElements(
* ec2.InitCommand.shellCommand('/usr/bin/custom-nginx-install.sh', { serviceRestartHandles: [handle] }),
* ec2.InitService.enable('nginx', { serviceRestartHandle: handle }),
* );
* ```
*/
export declare class InitServiceRestartHandle {
private readonly commands;
private readonly files;
private readonly sources;
private readonly packages;
/**
* Add a command key to the restart set
* @internal
*/
_addCommand(key: string): number;
/**
* Add a file key to the restart set
* @internal
*/
_addFile(key: string): number;
/**
* Add a source key to the restart set
* @internal
*/
_addSource(key: string): number;
/**
* Add a package key to the restart set
* @internal
*/
_addPackage(packageType: string, key: string): void;
/**
* Render the restart handles for use in an InitService declaration
* @internal
*/
_renderRestartHandles(): any;
}
/**
* Base class for all CloudFormation Init elements
*/
export declare abstract class InitElement {
/**
* Returns the init element type for this element.
*/
abstract readonly elementType: string;
/**
* Called when the Init config is being consumed. Renders the CloudFormation
* representation of this init element, and calculates any authentication
* properties needed, if any.
*
* @param options bind options for the element.
* @internal
*/
abstract _bind(options: InitBindOptions): InitElementConfig;
}
/**
* Options for InitCommand
*/
export interface InitCommandOptions {
/**
* Identifier key for this command
*
* Commands are executed in lexicographical order of their key names.
*
* @default - Automatically generated based on index
*/
readonly key?: string;
/**
* Sets environment variables for the command.
*
* This property overwrites, rather than appends, the existing environment.
*
* @default - Use current environment
*/
readonly env?: Record<string, string>;
/**
* The working directory
*
* @default - Use default working directory
*/
readonly cwd?: string;
/**
* Command to determine whether this command should be run
*
* If the test passes (exits with error code of 0), the command is run.
*
* @default - Always run the command
*/
readonly testCmd?: string;
/**
* Continue running if this command fails
*
* @default false
*/
readonly ignoreErrors?: boolean;
/**
* The duration to wait after a command has finished in case the command causes a reboot.
*
* Set this value to `InitCommandWaitDuration.none()` if you do not want to wait for every command;
* `InitCommandWaitDuration.forever()` directs cfn-init to exit and resume only after the reboot is complete.
*
* For Windows systems only.
*
* @default - 60 seconds
*/
readonly waitAfterCompletion?: InitCommandWaitDuration;
/**
* Restart the given service(s) after this command has run
*
* @default - Do not restart any service
*/
readonly serviceRestartHandles?: InitServiceRestartHandle[];
}
/**
* Represents a duration to wait after a command has finished, in case of a reboot (Windows only).
*/
export declare abstract class InitCommandWaitDuration {
/** Wait for a specified duration after a command. */
static of(duration: Duration): InitCommandWaitDuration;
/** Do not wait for this command. */
static none(): InitCommandWaitDuration;
/** cfn-init will exit and resume only after a reboot. */
static forever(): InitCommandWaitDuration;
/**
* Render to a CloudFormation value.
* @internal
*/
abstract _render(): any;
}
/**
* Command to execute on the instance
*/
export declare class InitCommand extends InitElement {
private readonly command;
private readonly options;
/**
* Run a shell command
*
* Remember that some characters like `&`, `|`, `;`, `>` etc. have special meaning in a shell and
* need to be preceded by a `\` if you want to treat them as part of a filename.
*/
static shellCommand(shellCommand: string, options?: InitCommandOptions): InitCommand;
/**
* Run a command from an argv array
*
* You do not need to escape space characters or enclose command parameters in quotes.
*/
static argvCommand(argv: string[], options?: InitCommandOptions): InitCommand;
readonly elementType: string;
private constructor();
/** @internal */
_bind(options: InitBindOptions): InitElementConfig;
}
/**
* Options for InitFile
*/
export interface InitFileOptions {
/**
* The name of the owning group for this file.
*
* Not supported for Windows systems.
*
* @default 'root'
*/
readonly group?: string;
/**
* The name of the owning user for this file.
*
* Not supported for Windows systems.
*
* @default 'root'
*/
readonly owner?: string;
/**
* A six-digit octal value representing the mode for this file.
*
* Use the first three digits for symlinks and the last three digits for
* setting permissions. To create a symlink, specify 120xxx, where xxx
* defines the permissions of the target file. To specify permissions for a
* file, use the last three digits, such as 000644.
*
* Not supported for Windows systems.
*
* @default '000644'
*/
readonly mode?: string;
/**
* True if the inlined content (from a string or file) should be treated as base64 encoded.
* Only applicable for inlined string and file content.
*
* @default false
*/
readonly base64Encoded?: boolean;
/**
* Restart the given service after this file has been written
*
* @default - Do not restart any service
*/
readonly serviceRestartHandles?: InitServiceRestartHandle[];
}
/**
* Additional options for creating an InitFile from an asset.
*/
export interface InitFileAssetOptions extends InitFileOptions, s3_assets.AssetOptions {
}
/**
* Create files on the EC2 instance.
*/
export declare abstract class InitFile extends InitElement {
private readonly fileName;
private readonly options;
/**
* Use a literal string as the file content
*/
static fromString(fileName: string, content: string, options?: InitFileOptions): InitFile;
/**
* Write a symlink with the given symlink target
*/
static symlink(fileName: string, target: string, options?: InitFileOptions): InitFile;
/**
* Use a JSON-compatible object as the file content, write it to a JSON file.
*
* May contain tokens.
*/
static fromObject(fileName: string, obj: Record<string, any>, options?: InitFileOptions): InitFile;
/**
* Read a file from disk and use its contents
*
* The file will be embedded in the template, so care should be taken to not
* exceed the template size.
*
* If options.base64encoded is set to true, this will base64-encode the file's contents.
*/
static fromFileInline(targetFileName: string, sourceFileName: string, options?: InitFileOptions): InitFile;
/**
* Download from a URL at instance startup time
*/
static fromUrl(fileName: string, url: string, options?: InitFileOptions): InitFile;
/**
* Download a file from an S3 bucket at instance startup time
*/
static fromS3Object(fileName: string, bucket: s3.IBucket, key: string, options?: InitFileOptions): InitFile;
/**
* Create an asset from the given file
*
* This is appropriate for files that are too large to embed into the template.
*/
static fromAsset(targetFileName: string, path: string, options?: InitFileAssetOptions): InitFile;
/**
* Use a file from an asset at instance startup time
*/
static fromExistingAsset(targetFileName: string, asset: s3_assets.Asset, options?: InitFileOptions): InitFile;
readonly elementType: string;
protected constructor(fileName: string, options: InitFileOptions);
/** @internal */
_bind(bindOptions: InitBindOptions): InitElementConfig;
/**
* Perform the actual bind and render
*
* This is in a second method so the superclass can guarantee that
* the common work of registering into serviceHandles cannot be forgotten.
* @internal
*/
protected abstract _doBind(options: InitBindOptions): InitElementConfig;
/**
* Render the standard config block, given content vars
* @internal
*/
protected _standardConfig(fileOptions: InitFileOptions, platform: InitPlatform, contentVars: Record<string, any>): Record<string, any>;
}
/**
* Create Linux/UNIX groups and assign group IDs.
*
* Not supported for Windows systems.
*/
export declare class InitGroup extends InitElement {
private groupName;
private groupId?;
/**
* Create a group from its name, and optionally, group id
*/
static fromName(groupName: string, groupId?: number): InitGroup;
readonly elementType: string;
protected constructor(groupName: string, groupId?: number | undefined);
/** @internal */
_bind(options: InitBindOptions): InitElementConfig;
}
/**
* Optional parameters used when creating a user
*/
export interface InitUserOptions {
/**
* The user's home directory.
*
* @default assigned by the OS
*/
readonly homeDir?: string;
/**
* A user ID. The creation process fails if the user name exists with a different user ID.
* If the user ID is already assigned to an existing user the operating system may
* reject the creation request.
*
* @default assigned by the OS
*/
readonly userId?: number;
/**
* A list of group names. The user will be added to each group in the list.
*
* @default the user is not associated with any groups.
*/
readonly groups?: string[];
}
/**
* Create Linux/UNIX users and to assign user IDs.
*
* Users are created as non-interactive system users with a shell of
* /sbin/nologin. This is by design and cannot be modified.
*
* Not supported for Windows systems.
*/
export declare class InitUser extends InitElement {
private readonly userName;
private readonly userOptions;
/**
* Create a user from user name.
*/
static fromName(userName: string, options?: InitUserOptions): InitUser;
readonly elementType: string;
protected constructor(userName: string, userOptions: InitUserOptions);
/** @internal */
_bind(options: InitBindOptions): InitElementConfig;
}
/**
* Options for InitPackage.rpm/InitPackage.msi
*/
export interface LocationPackageOptions {
/**
* Identifier key for this package
*
* You can use this to order package installs.
*
* @default - Automatically generated
*/
readonly key?: string;
/**
* Restart the given service after this command has run
*
* @default - Do not restart any service
*/
readonly serviceRestartHandles?: InitServiceRestartHandle[];
}
/**
* Options for InitPackage.yum/apt/rubyGem/python
*/
export interface NamedPackageOptions {
/**
* Specify the versions to install
*
* @default - Install the latest version
*/
readonly version?: string[];
/**
* Restart the given services after this command has run
*
* @default - Do not restart any service
*/
readonly serviceRestartHandles?: InitServiceRestartHandle[];
}
/**
* A package to be installed during cfn-init time
*/
export declare class InitPackage extends InitElement {
private readonly type;
private readonly versions;
private readonly packageName?;
private readonly serviceHandles?;
/**
* Install an RPM from an HTTP URL or a location on disk
*/
static rpm(this: void, location: string, options?: LocationPackageOptions): InitPackage;
/**
* Install a package using Yum
*/
static yum(this: void, packageName: string, options?: NamedPackageOptions): InitPackage;
/**
* Install a package from RubyGems
*/
static rubyGem(this: void, gemName: string, options?: NamedPackageOptions): InitPackage;
/**
* Install a package from PyPI
*/
static python(this: void, packageName: string, options?: NamedPackageOptions): InitPackage;
/**
* Install a package using APT
*/
static apt(this: void, packageName: string, options?: NamedPackageOptions): InitPackage;
/**
* Install an MSI package from an HTTP URL or a location on disk
*/
static msi(this: void, location: string, options?: LocationPackageOptions): InitPackage;
readonly elementType: string;
protected constructor(type: string, versions: string[], packageName?: string | undefined, serviceHandles?: InitServiceRestartHandle[] | undefined);
/** @internal */
_bind(options: InitBindOptions): InitElementConfig;
protected renderPackageVersions(): any;
}
/**
* Options for an InitService
*/
export interface InitServiceOptions {
/**
* Enable or disable this service
*
* Set to true to ensure that the service will be started automatically upon boot.
*
* Set to false to ensure that the service will not be started automatically upon boot.
*
* @default - true if used in `InitService.enable()`, no change to service
* state if used in `InitService.fromOptions()`.
*/
readonly enabled?: boolean;
/**
* Make sure this service is running or not running after cfn-init finishes.
*
* Set to true to ensure that the service is running after cfn-init finishes.
*
* Set to false to ensure that the service is not running after cfn-init finishes.
*
* @default - same value as `enabled`.
*/
readonly ensureRunning?: boolean;
/**
* Restart service when the actions registered into the restartHandle have been performed
*
* Register actions into the restartHandle by passing it to `InitFile`, `InitCommand`,
* `InitPackage` and `InitSource` objects.
*
* @default - No files trigger restart
*/
readonly serviceRestartHandle?: InitServiceRestartHandle;
/**
* What service manager to use
*
* This needs to match the actual service manager on your Operating System.
* For example, Amazon Linux 1 uses SysVinit, but Amazon Linux 2 uses Systemd.
*
* @default ServiceManager.SYSVINIT for Linux images, ServiceManager.WINDOWS for Windows images
*/
readonly serviceManager?: ServiceManager;
}
/**
* A services that be enabled, disabled or restarted when the instance is launched.
*/
export declare class InitService extends InitElement {
private readonly serviceName;
private readonly serviceOptions;
/**
* Enable and start the given service, optionally restarting it
*/
static enable(serviceName: string, options?: InitServiceOptions): InitService;
/**
* Disable and stop the given service
*/
static disable(serviceName: string): InitService;
/**
* Install a systemd-compatible config file for the given service
*
* This is a helper function to create a simple systemd configuration
* file that will allow running a service on the machine using `InitService.enable()`.
*
* Systemd allows many configuration options; this function does not pretend
* to expose all of them. If you need advanced configuration options, you
* can use `InitFile` to create exactly the configuration file you need
* at `/etc/systemd/system/${serviceName}.service`.
*/
static systemdConfigFile(serviceName: string, options: SystemdConfigFileOptions): InitFile;
readonly elementType: string;
private constructor();
/** @internal */
_bind(options: InitBindOptions): InitElementConfig;
}
/**
* Additional options for an InitSource
*/
export interface InitSourceOptions {
/**
* Restart the given services after this archive has been extracted
*
* @default - Do not restart any service
*/
readonly serviceRestartHandles?: InitServiceRestartHandle[];
}
/**
* Additional options for an InitSource that builds an asset from local files.
*/
export interface InitSourceAssetOptions extends InitSourceOptions, s3_assets.AssetOptions {
}
/**
* Extract an archive into a directory
*/
export declare abstract class InitSource extends InitElement {
private readonly targetDirectory;
private readonly serviceHandles?;
/**
* Retrieve a URL and extract it into the given directory
*/
static fromUrl(targetDirectory: string, url: string, options?: InitSourceOptions): InitSource;
/**
* Extract a GitHub branch into a given directory
*/
static fromGitHub(targetDirectory: string, owner: string, repo: string, refSpec?: string, options?: InitSourceOptions): InitSource;
/**
* Extract an archive stored in an S3 bucket into the given directory
*/
static fromS3Object(targetDirectory: string, bucket: s3.IBucket, key: string, options?: InitSourceOptions): InitSource;
/**
* Create an InitSource from an asset created from the given path.
*/
static fromAsset(targetDirectory: string, path: string, options?: InitSourceAssetOptions): InitSource;
/**
* Extract a directory from an existing directory asset.
*/
static fromExistingAsset(targetDirectory: string, asset: s3_assets.Asset, options?: InitSourceOptions): InitSource;
readonly elementType: string;
protected constructor(targetDirectory: string, serviceHandles?: InitServiceRestartHandle[] | undefined);
/** @internal */
_bind(options: InitBindOptions): InitElementConfig;
/**
* Perform the actual bind and render
*
* This is in a second method so the superclass can guarantee that
* the common work of registering into serviceHandles cannot be forgotten.
* @internal
*/
protected abstract _doBind(options: InitBindOptions): InitElementConfig;
}
/**
* The service manager that will be used by InitServices
*
* The value needs to match the service manager used by your operating
* system.
*/
export declare enum ServiceManager {
/**
* Use SysVinit
*
* This is the default for Linux systems.
*/
SYSVINIT = 0,
/**
* Use Windows
*
* This is the default for Windows systems.
*/
WINDOWS = 1,
/**
* Use systemd
*/
SYSTEMD = 2
}
/**
* Options for creating a SystemD configuration file
*/
export interface SystemdConfigFileOptions {
/**
* The command to run to start this service
*/
readonly command: string;
/**
* The working directory for the command
*
* @default Root directory or home directory of specified user
*/
readonly cwd?: string;
/**
* A description of this service
*
* @default - No description
*/
readonly description?: string;
/**
* The user to execute the process under
*
* @default root
*/
readonly user?: string;
/**
* The group to execute the process under
*
* @default root
*/
readonly group?: string;
/**
* Keep the process running all the time
*
* Restarts the process when it exits for any reason other
* than the machine shutting down.
*
* @default true
*/
readonly keepRunning?: boolean;
/**
* Start the service after the networking part of the OS comes up
*
* @default true
*/
readonly afterNetwork?: boolean;
/**
* Environment variables to load when the process is running.
*
* @default - No environment variables set
*/
readonly environmentVariables?: Record<string, string>;
/**
* Loads environment variables from files when the process is running.
* Must use absolute paths.
*
* @default - No environment files
*/
readonly environmentFiles?: string[];
}

2
cdk/node_modules/aws-cdk-lib/aws-ec2/lib/cfn-init-elements.js generated vendored Normal file
View File

File diff suppressed because one or more lines are too long

175
cdk/node_modules/aws-cdk-lib/aws-ec2/lib/cfn-init.d.ts generated vendored Normal file
View File

@@ -0,0 +1,175 @@
import type { Construct } from 'constructs';
import type { InitElement } from './cfn-init-elements';
import { OperatingSystemType } from './machine-image';
import type { InitElementConfig } from './private/cfn-init-internal';
import type { UserData } from './user-data';
import * as iam from '../../aws-iam';
import type { CfnResource } from '../../core';
/**
* A CloudFormation-init configuration
*/
export declare class CloudFormationInit {
/**
* Build a new config from a set of Init Elements
*/
static fromElements(...elements: InitElement[]): CloudFormationInit;
/**
* Use an existing InitConfig object as the default and only config
*/
static fromConfig(config: InitConfig): CloudFormationInit;
/**
* Build a CloudFormationInit from config sets
*/
static fromConfigSets(props: ConfigSetProps): CloudFormationInit;
private readonly _configSets;
private readonly _configs;
private constructor();
/**
* Add a config with the given name to this CloudFormationInit object
*/
addConfig(configName: string, config: InitConfig): void;
/**
* Add a config set with the given name to this CloudFormationInit object
*
* The new configset will reference the given configs in the given order.
*/
addConfigSet(configSetName: string, configNames?: string[]): void;
/**
* Attach the CloudFormation Init config to the given resource
*
* As an app builder, use `instance.applyCloudFormationInit()` or
* `autoScalingGroup.applyCloudFormationInit()` to trigger this method.
*
* This method does the following:
*
* - Renders the `AWS::CloudFormation::Init` object to the given resource's
* metadata, potentially adding a `AWS::CloudFormation::Authentication` object
* next to it if required.
* - Updates the instance role policy to be able to call the APIs required for
* `cfn-init` and `cfn-signal` to work, and potentially add permissions to download
* referenced asset and bucket resources.
* - Updates the given UserData with commands to execute the `cfn-init` script.
*/
attach(attachedResource: CfnResource, attachOptions: AttachInitOptions): void;
private bind;
}
/**
* A collection of configuration elements
*/
export declare class InitConfig {
private readonly elements;
constructor(elements: InitElement[]);
/**
* Whether this configset has elements or not
*/
isEmpty(): boolean;
/**
* Add one or more elements to the config
*/
add(...elements: InitElement[]): void;
/**
* Called when the config is applied to an instance.
* Creates the CloudFormation representation of the Init config and handles any permissions and assets.
* @internal
*/
_bind(scope: Construct, options: AttachInitOptions): InitElementConfig;
private bindForType;
private initPlatformFromOSType;
}
/**
* Options for CloudFormationInit.withConfigSets
*/
export interface ConfigSetProps {
/**
* The definitions of each config set
*/
readonly configSets: Record<string, string[]>;
/**
* The sets of configs to pick from
*/
readonly configs: Record<string, InitConfig>;
}
/**
* Options for attaching a CloudFormationInit to a resource
*/
export interface AttachInitOptions {
/**
* Instance role of the consuming instance or fleet
*/
readonly instanceRole: iam.IRole;
/**
* Include --url argument when running cfn-init and cfn-signal commands
*
* This will be the cloudformation endpoint in the deployed region
* e.g. https://cloudformation.us-east-1.amazonaws.com
*
* @default false
*/
readonly includeUrl?: boolean;
/**
* Include --role argument when running cfn-init and cfn-signal commands
*
* This will be the IAM instance profile attached to the EC2 instance
*
* @default false
*/
readonly includeRole?: boolean;
/**
* OS Platform the init config will be used for
*/
readonly platform: OperatingSystemType;
/**
* UserData to add commands to
*/
readonly userData: UserData;
/**
* ConfigSet to activate
*
* @default ['default']
*/
readonly configSets?: string[];
/**
* Whether to embed a hash into the userData
*
* If `true` (the default), a hash of the config will be embedded into the
* UserData, so that if the config changes, the UserData changes and
* the instance will be replaced.
*
* If `false`, no such hash will be embedded, and if the CloudFormation Init
* config changes nothing will happen to the running instance.
*
* @default true
*/
readonly embedFingerprint?: boolean;
/**
* Print the results of running cfn-init to the Instance System Log
*
* By default, the output of running cfn-init is written to a log file
* on the instance. Set this to `true` to print it to the System Log
* (visible from the EC2 Console), `false` to not print it.
*
* (Be aware that the system log is refreshed at certain points in
* time of the instance life cycle, and successful execution may
* not always show up).
*
* @default true
*/
readonly printLog?: boolean;
/**
* Don't fail the instance creation when cfn-init fails
*
* You can use this to prevent CloudFormation from rolling back when
* instances fail to start up, to help in debugging.
*
* @default false
*/
readonly ignoreFailures?: boolean;
/**
* When provided, signals this resource instead of the attached resource
*
* You can use this to support signaling LaunchTemplate while attaching AutoScalingGroup
*
* @default - if this property is undefined cfn-signal signals the attached resource
*/
readonly signalResource?: CfnResource;
}

1
cdk/node_modules/aws-cdk-lib/aws-ec2/lib/cfn-init.js generated vendored Normal file
View File

File diff suppressed because one or more lines are too long

44
cdk/node_modules/aws-cdk-lib/aws-ec2/lib/cidr-splits.d.ts generated vendored Normal file
View File

@@ -0,0 +1,44 @@
/**
* Return the splits necessary to allocate the given sequence of cidrs in the given order
*
* The entire block is of size 'rootNetmask', and subsequent blocks will be allocated
* from it sized according to the sizes in the 'netmasks' array.
*
* The return value is a list of `CidrSplit` objects, which represent
* invocations of a pair of `Fn.select(Fn.cidr(...))` operations.
*
* Strategy: walk through the IP block space, clipping to the next possible
* start of a block of the given size, then allocate it. Here is an unrealistic
* example (with a weird ordering of the netmasks to show how clipping and hence
* space wasting plays out in practice):
*
* root space /16
* ┌──────────────────────────────────────────────────────────────────────────────────────────────┐
* │ │
* A /21 B /19
* ┌───┬───┬───┬───┬───────────────┬───────────────┬───┬───────────┬───────────────┬──────────────┐
* │ A │ A │ A │###│ B │ B │ A │###########│ B │ .... │
* └───┴───┴───┴───┴───────────────┴───────────────┴───┴───────────┴───────────────┴──────────────┘
* ^^^______ wasted space _________________^^^^^^
*/
export declare function calculateCidrSplits(rootNetmask: number, netmasks: number[]): CidrSplit[];
/**
* A representation of a pair of `Fn.select(Fn.cidr())` invocations
*/
export interface CidrSplit {
/**
* The netmask of this block size
*
* This is the inverse number of what you need to pass to Fn.cidr (pass `32 -
* netmask` to Fn.cidr)`.
*/
readonly netmask: number;
/**
* How many parts the mask needs to be split into
*/
readonly count: number;
/**
* What subnet index to select from the split
*/
readonly index: number;
}

1
cdk/node_modules/aws-cdk-lib/aws-ec2/lib/cidr-splits.js generated vendored Normal file
View File

@@ -0,0 +1 @@
"use strict";Object.defineProperty(exports,"__esModule",{value:!0}),exports.calculateCidrSplits=calculateCidrSplits;var core_1=()=>{var tmp=require("../../core");return core_1=()=>tmp,tmp},literal_string_1=()=>{var tmp=require("../../core/lib/private/literal-string");return literal_string_1=()=>tmp,tmp};function calculateCidrSplits(rootNetmask,netmasks){const ret=new Array;let offset=0;for(const netmask of netmasks){const size=Math.pow(2,32-netmask);offset=nextMultiple(offset,size);const count=Math.pow(2,netmask-rootNetmask);ret.push({count,netmask,index:offset/size}),offset+=size}if(offset>Math.pow(2,32-rootNetmask))throw new(core_1()).UnscopedValidationError((0,literal_string_1().lit)`CidrSpaceInsufficientSize`,`IP space of size /${rootNetmask} not big enough to allocate subnets of sizes ${netmasks.map(x=>`/${x}`)}`);return ret}function nextMultiple(current,multiple){return Math.ceil(current/multiple)*multiple}

44
cdk/node_modules/aws-cdk-lib/aws-ec2/lib/client-vpn-authorization-rule.d.ts generated vendored Normal file
View File

@@ -0,0 +1,44 @@
import type { Construct } from 'constructs';
import type { IClientVpnEndpointRef } from './ec2.generated';
import { Resource } from '../../core';
/**
* Options for a ClientVpnAuthorizationRule
*/
export interface ClientVpnAuthorizationRuleOptions {
/**
* The IPv4 address range, in CIDR notation, of the network for which access
* is being authorized.
*/
readonly cidr: string;
/**
* The ID of the group to grant access to, for example, the Active Directory
* group or identity provider (IdP) group.
*
* @default - authorize all groups
*/
readonly groupId?: string;
/**
* A brief description of the authorization rule.
*
* @default - no description
*/
readonly description?: string;
}
/**
* Properties for a ClientVpnAuthorizationRule
*/
export interface ClientVpnAuthorizationRuleProps extends ClientVpnAuthorizationRuleOptions {
/**
* The client VPN endpoint to which to add the rule.
* @default clientVpnEndpoint is required
*/
readonly clientVpnEndpoint?: IClientVpnEndpointRef;
}
/**
* A client VPN authorization rule
*/
export declare class ClientVpnAuthorizationRule extends Resource {
/** Uniquely identifies this class. */
static readonly PROPERTY_INJECTION_ID: string;
constructor(scope: Construct, id: string, props: ClientVpnAuthorizationRuleProps);
}

1
cdk/node_modules/aws-cdk-lib/aws-ec2/lib/client-vpn-authorization-rule.js generated vendored Normal file
View File

@@ -0,0 +1 @@
"use strict";var __esDecorate=exports&&exports.__esDecorate||function(ctor,descriptorIn,decorators,contextIn,initializers,extraInitializers){function accept(f){if(f!==void 0&&typeof f!="function")throw new TypeError("Function expected");return f}for(var kind=contextIn.kind,key=kind==="getter"?"get":kind==="setter"?"set":"value",target=!descriptorIn&&ctor?contextIn.static?ctor:ctor.prototype:null,descriptor=descriptorIn||(target?Object.getOwnPropertyDescriptor(target,contextIn.name):{}),_,done=!1,i=decorators.length-1;i>=0;i--){var context={};for(var p in contextIn)context[p]=p==="access"?{}:contextIn[p];for(var p in contextIn.access)context.access[p]=contextIn.access[p];context.addInitializer=function(f){if(done)throw new TypeError("Cannot add initializers after decoration has completed");extraInitializers.push(accept(f||null))};var result=(0,decorators[i])(kind==="accessor"?{get:descriptor.get,set:descriptor.set}:descriptor[key],context);if(kind==="accessor"){if(result===void 0)continue;if(result===null||typeof result!="object")throw new TypeError("Object expected");(_=accept(result.get))&&(descriptor.get=_),(_=accept(result.set))&&(descriptor.set=_),(_=accept(result.init))&&initializers.unshift(_)}else(_=accept(result))&&(kind==="field"?initializers.unshift(_):descriptor[key]=_)}target&&Object.defineProperty(target,contextIn.name,descriptor),done=!0},__runInitializers=exports&&exports.__runInitializers||function(thisArg,initializers,value){for(var useValue=arguments.length>2,i=0;i<initializers.length;i++)value=useValue?initializers[i].call(thisArg,value):initializers[i].call(thisArg);return useValue?value:void 0};Object.defineProperty(exports,"__esModule",{value:!0}),exports.ClientVpnAuthorizationRule=void 0;var jsiiDeprecationWarnings=()=>{var tmp=require("../../.warnings.jsii.js");return jsiiDeprecationWarnings=()=>tmp,tmp};const JSII_RTTI_SYMBOL_1=Symbol.for("jsii.rtti");var ec2_generated_1=()=>{var tmp=require("./ec2.generated");return ec2_generated_1=()=>tmp,tmp},core_1=()=>{var tmp=require("../../core");return core_1=()=>tmp,tmp},metadata_resource_1=()=>{var tmp=require("../../core/lib/metadata-resource");return metadata_resource_1=()=>tmp,tmp},literal_string_1=()=>{var tmp=require("../../core/lib/private/literal-string");return literal_string_1=()=>tmp,tmp},prop_injectable_1=()=>{var tmp=require("../../core/lib/prop-injectable");return prop_injectable_1=()=>tmp,tmp};let ClientVpnAuthorizationRule=(()=>{let _classDecorators=[prop_injectable_1().propertyInjectable],_classDescriptor,_classExtraInitializers=[],_classThis,_classSuper=core_1().Resource;var ClientVpnAuthorizationRule2=class extends _classSuper{static{_classThis=this}static{const _metadata=typeof Symbol=="function"&&Symbol.metadata?Object.create(_classSuper[Symbol.metadata]??null):void 0;__esDecorate(null,_classDescriptor={value:_classThis},_classDecorators,{kind:"class",name:_classThis.name,metadata:_metadata},null,_classExtraInitializers),ClientVpnAuthorizationRule2=_classThis=_classDescriptor.value,_metadata&&Object.defineProperty(_classThis,Symbol.metadata,{enumerable:!0,configurable:!0,writable:!0,value:_metadata})}static[JSII_RTTI_SYMBOL_1]={fqn:"aws-cdk-lib.aws_ec2.ClientVpnAuthorizationRule",version:"2.252.0"};static PROPERTY_INJECTION_ID="aws-cdk-lib.aws-ec2.ClientVpnAuthorizationRule";constructor(scope,id,props){try{jsiiDeprecationWarnings().aws_cdk_lib_aws_ec2_ClientVpnAuthorizationRuleProps(props)}catch(error){throw process.env.JSII_DEBUG!=="1"&&error.name==="DeprecationError"&&Error.captureStackTrace(error,ClientVpnAuthorizationRule2),error}if(!props.clientVpnEndoint&&!props.clientVpnEndpoint)throw new(core_1()).ValidationError((0,literal_string_1().lit)`ClientVpnEndpointRequired`,"ClientVpnAuthorizationRule: either clientVpnEndpoint or clientVpnEndoint (deprecated) must be specified",scope);if(props.clientVpnEndoint&&props.clientVpnEndpoint)throw new(core_1()).ValidationError((0,literal_string_1().lit)`ClientVpnEndpointMutuallyExclusive`,"ClientVpnAuthorizationRule: either clientVpnEndpoint or clientVpnEndoint (deprecated) must be specified, but not both",scope);const clientVpnEndpoint=props.clientVpnEndoint||props.clientVpnEndpoint;super(scope,id),(0,metadata_resource_1().addConstructMetadata)(this,props),new(ec2_generated_1()).CfnClientVpnAuthorizationRule(this,"Resource",{clientVpnEndpointId:clientVpnEndpoint.clientVpnEndpointRef.clientVpnEndpointId,targetNetworkCidr:props.cidr,accessGroupId:props.groupId,authorizeAllGroups:!props.groupId,description:props.description})}static{__runInitializers(_classThis,_classExtraInitializers)}};return ClientVpnAuthorizationRule2=_classThis})();exports.ClientVpnAuthorizationRule=ClientVpnAuthorizationRule;

48
cdk/node_modules/aws-cdk-lib/aws-ec2/lib/client-vpn-endpoint-types.d.ts generated vendored Normal file
View File

@@ -0,0 +1,48 @@
import type { IDependable } from 'constructs';
import type { IConnectable } from './connections';
import type { IClientVpnEndpointRef } from './ec2.generated';
import type { IResource } from '../../core';
/**
* A client VPN endpoint
*/
export interface IClientVpnEndpoint extends IResource, IConnectable, IClientVpnEndpointRef {
/**
* The endpoint ID
*/
readonly endpointId: string;
/**
* Dependable that can be depended upon to force target networks associations
*/
readonly targetNetworksAssociated: IDependable;
}
/**
* A connection handler for client VPN endpoints
*/
export interface IClientVpnConnectionHandler {
/**
* The name of the function
*/
readonly functionName: string;
/**
* The ARN of the function.
*/
readonly functionArn: string;
}
/**
* Transport protocol for client VPN
*/
export declare enum TransportProtocol {
/** Transmission Control Protocol (TCP) */
TCP = "tcp",
/** User Datagram Protocol (UDP) */
UDP = "udp"
}
/**
* Port for client VPN
*/
export declare enum VpnPort {
/** HTTPS */
HTTPS = 443,
/** OpenVPN */
OPENVPN = 1194
}

1
cdk/node_modules/aws-cdk-lib/aws-ec2/lib/client-vpn-endpoint-types.js generated vendored Normal file
View File

@@ -0,0 +1 @@
"use strict";Object.defineProperty(exports,"__esModule",{value:!0}),exports.VpnPort=exports.TransportProtocol=void 0;var TransportProtocol;(function(TransportProtocol2){TransportProtocol2.TCP="tcp",TransportProtocol2.UDP="udp"})(TransportProtocol||(exports.TransportProtocol=TransportProtocol={}));var VpnPort;(function(VpnPort2){VpnPort2[VpnPort2.HTTPS=443]="HTTPS",VpnPort2[VpnPort2.OPENVPN=1194]="OPENVPN"})(VpnPort||(exports.VpnPort=VpnPort={}));

262
cdk/node_modules/aws-cdk-lib/aws-ec2/lib/client-vpn-endpoint.d.ts generated vendored Normal file
View File

@@ -0,0 +1,262 @@
import type { Construct, IDependable } from 'constructs';
import type { ClientVpnAuthorizationRuleOptions } from './client-vpn-authorization-rule';
import { ClientVpnAuthorizationRule } from './client-vpn-authorization-rule';
import type { IClientVpnConnectionHandler, IClientVpnEndpoint, TransportProtocol, VpnPort } from './client-vpn-endpoint-types';
import type { ClientVpnRouteOptions } from './client-vpn-route';
import { ClientVpnRoute } from './client-vpn-route';
import { Connections } from './connections';
import type { ClientVpnEndpointReference } from './ec2.generated';
import type { ISecurityGroup } from './security-group';
import type { IVpc, SubnetSelection } from './vpc';
import type { ISAMLProviderRef } from '../../aws-iam';
import * as logs from '../../aws-logs';
import { Resource } from '../../core';
import type { ILogStreamRef } from '../../interfaces/generated/aws-logs-interfaces.generated';
/**
* Options for Client Route Enforcement
*/
export interface ClientRouteEnforcementOptions {
/**
* Enable or disable Client Route Enforcement.
* The state can either be true (enabled) or false (disabled).
*/
readonly enforced: boolean;
}
/**
* Options for a client VPN endpoint
*/
export interface ClientVpnEndpointOptions {
/**
* The IPv4 address range, in CIDR notation, from which to assign client IP
* addresses. The address range cannot overlap with the local CIDR of the VPC
* in which the associated subnet is located, or the routes that you add manually.
*
* Changing the address range will replace the Client VPN endpoint.
*
* The CIDR block should be /22 or greater.
*/
readonly cidr: string;
/**
* The ARN of the client certificate for mutual authentication.
*
* The certificate must be signed by a certificate authority (CA) and it must
* be provisioned in AWS Certificate Manager (ACM).
*
* @default - use user-based authentication
*/
readonly clientCertificateArn?: string;
/**
* The type of user-based authentication to use.
*
* @see https://docs.aws.amazon.com/vpn/latest/clientvpn-admin/client-authentication.html
*
* @default - use mutual authentication
*/
readonly userBasedAuthentication?: ClientVpnUserBasedAuthentication;
/**
* Whether to enable connections logging
*
* @default true
*/
readonly logging?: boolean;
/**
* A CloudWatch Logs log group for connection logging
*
* @default - a new group is created
*/
readonly logGroup?: logs.ILogGroupRef;
/**
* A CloudWatch Logs log stream for connection logging
*
* @default - a new stream is created
*/
readonly logStream?: ILogStreamRef;
/**
* The AWS Lambda function used for connection authorization
*
* The name of the Lambda function must begin with the `AWSClientVPN-` prefix
*
* @default - no connection handler
*/
readonly clientConnectionHandler?: IClientVpnConnectionHandler;
/**
* A brief description of the Client VPN endpoint.
*
* @default - no description
*/
readonly description?: string;
/**
* The security groups to apply to the target network.
*
* @default - a new security group is created
*/
readonly securityGroups?: ISecurityGroup[];
/**
* Specify whether to enable the self-service portal for the Client VPN endpoint.
*
* @default true
*/
readonly selfServicePortal?: boolean;
/**
* The ARN of the server certificate
*/
readonly serverCertificateArn: string;
/**
* Indicates whether split-tunnel is enabled on the AWS Client VPN endpoint.
*
* @see https://docs.aws.amazon.com/vpn/latest/clientvpn-admin/split-tunnel-vpn.html
*
* @default false
*/
readonly splitTunnel?: boolean;
/**
* The transport protocol to be used by the VPN session.
*
* @default TransportProtocol.UDP
*/
readonly transportProtocol?: TransportProtocol;
/**
* The port number to assign to the Client VPN endpoint for TCP and UDP
* traffic.
*
* @default VpnPort.HTTPS
*/
readonly port?: VpnPort;
/**
* Information about the DNS servers to be used for DNS resolution.
*
* A Client VPN endpoint can have up to two DNS servers.
*
* @default - use the DNS address configured on the device
*/
readonly dnsServers?: string[];
/**
* Subnets to associate to the client VPN endpoint.
*
* @default - the VPC default strategy
*/
readonly vpcSubnets?: SubnetSelection;
/**
* Whether to authorize all users to the VPC CIDR
*
* This automatically creates an authorization rule. Set this to `false` and
* use `addAuthorizationRule()` to create your own rules instead.
*
* @default true
*/
readonly authorizeAllUsersToVpcCidr?: boolean;
/**
* The maximum VPN session duration time.
*
* @default ClientVpnSessionTimeout.TWENTY_FOUR_HOURS
*/
readonly sessionTimeout?: ClientVpnSessionTimeout;
/**
* Indicates whether the client VPN session is disconnected after the maximum `sessionTimeout` is reached.
*
* If `true`, users are prompted to reconnect client VPN.
* If `false`, client VPN attempts to reconnect automatically.
*
* @default undefined - AWS Client VPN default is true
* @see https://docs.aws.amazon.com/vpn/latest/clientvpn-admin/cvpn-working-max-duration.html
*/
readonly disconnectOnSessionTimeout?: boolean;
/**
* Customizable text that will be displayed in a banner on AWS provided clients
* when a VPN session is established.
*
* UTF-8 encoded characters only. Maximum of 1400 characters.
*
* @default - no banner is presented to the client
*/
readonly clientLoginBanner?: string;
/**
* Options for Client Route Enforcement.
*
* Client Route Enforcement is a feature of Client VPN that helps enforce administrator defined routes on devices connected through the VPN.
* This feature helps improve your security posture by ensuring that network traffic originating from a connected client is not inadvertently sent outside the VPN tunnel.
*
* @see https://docs.aws.amazon.com/vpn/latest/clientvpn-admin/cvpn-working-cre.html
*
* @default undefined - AWS Client VPN default setting is disable client route enforcement
*/
readonly clientRouteEnforcementOptions?: ClientRouteEnforcementOptions;
}
/**
* Maximum VPN session duration time
*/
export declare enum ClientVpnSessionTimeout {
/** 8 hours */
EIGHT_HOURS = 8,
/** 10 hours */
TEN_HOURS = 10,
/** 12 hours */
TWELVE_HOURS = 12,
/** 24 hours */
TWENTY_FOUR_HOURS = 24
}
/**
* User-based authentication for a client VPN endpoint
*/
export declare abstract class ClientVpnUserBasedAuthentication {
/**
* Active Directory authentication
*/
static activeDirectory(directoryId: string): ClientVpnUserBasedAuthentication;
/** Federated authentication */
static federated(samlProvider: ISAMLProviderRef, selfServiceSamlProvider?: ISAMLProviderRef): ClientVpnUserBasedAuthentication;
/** Renders the user based authentication */
abstract render(): any;
}
/**
* Properties for a client VPN endpoint
*/
export interface ClientVpnEndpointProps extends ClientVpnEndpointOptions {
/**
* The VPC to connect to.
*/
readonly vpc: IVpc;
}
/**
* Attributes when importing an existing client VPN endpoint
*/
export interface ClientVpnEndpointAttributes {
/**
* The endpoint ID
*/
readonly endpointId: string;
/**
* The security groups associated with the endpoint
*/
readonly securityGroups: ISecurityGroup[];
}
/**
* A client VPN connection
*/
export declare class ClientVpnEndpoint extends Resource implements IClientVpnEndpoint {
/**
* Uniquely identifies this class.
*/
static readonly PROPERTY_INJECTION_ID: string;
/**
* Import an existing client VPN endpoint
*/
static fromEndpointAttributes(scope: Construct, id: string, attrs: ClientVpnEndpointAttributes): IClientVpnEndpoint;
readonly endpointId: string;
/**
* Allows specify security group connections for the endpoint.
*/
readonly connections: Connections;
readonly targetNetworksAssociated: IDependable;
private readonly _targetNetworksAssociated;
constructor(scope: Construct, id: string, props: ClientVpnEndpointProps);
get clientVpnEndpointRef(): ClientVpnEndpointReference;
/**
* Adds an authorization rule to this endpoint
*/
addAuthorizationRule(id: string, props: ClientVpnAuthorizationRuleOptions): ClientVpnAuthorizationRule;
/**
* Adds a route to this endpoint
*/
addRoute(id: string, props: ClientVpnRouteOptions): ClientVpnRoute;
}

1
cdk/node_modules/aws-cdk-lib/aws-ec2/lib/client-vpn-endpoint.js generated vendored Normal file
View File

File diff suppressed because one or more lines are too long

66
cdk/node_modules/aws-cdk-lib/aws-ec2/lib/client-vpn-route.d.ts generated vendored Normal file
View File

@@ -0,0 +1,66 @@
import type { Construct } from 'constructs';
import type { IClientVpnEndpoint } from './client-vpn-endpoint-types';
import type { ISubnetRef } from './ec2.generated';
import { Resource } from '../../core';
/**
* Options for a ClientVpnRoute
*/
export interface ClientVpnRouteOptions {
/**
* The IPv4 address range, in CIDR notation, of the route destination.
*
* For example:
* - To add a route for Internet access, enter 0.0.0.0/0
* - To add a route for a peered VPC, enter the peered VPC's IPv4 CIDR range
* - To add a route for an on-premises network, enter the AWS Site-to-Site VPN
* connection's IPv4 CIDR range
* - To add a route for the local network, enter the client CIDR range
*/
readonly cidr: string;
/**
* A brief description of the authorization rule.
*
* @default - no description
*/
readonly description?: string;
/**
* The target for the route
*/
readonly target: ClientVpnRouteTarget;
}
/**
* Target for a client VPN route
*/
export declare abstract class ClientVpnRouteTarget {
/**
* Subnet
*
* The specified subnet must be an existing target network of the client VPN
* endpoint.
*/
static subnet(subnet: ISubnetRef): ClientVpnRouteTarget;
/**
* Local network
*/
static local(): ClientVpnRouteTarget;
/** The subnet ID */
abstract readonly subnetId: string;
}
/**
* Properties for a ClientVpnRoute
*/
export interface ClientVpnRouteProps extends ClientVpnRouteOptions {
/**
* The client VPN endpoint to which to add the route.
* @default clientVpnEndpoint is required
*/
readonly clientVpnEndpoint?: IClientVpnEndpoint;
}
/**
* A client VPN route
*/
export declare class ClientVpnRoute extends Resource {
/** Uniquely identifies this class. */
static readonly PROPERTY_INJECTION_ID: string;
constructor(scope: Construct, id: string, props: ClientVpnRouteProps);
}

1
cdk/node_modules/aws-cdk-lib/aws-ec2/lib/client-vpn-route.js generated vendored Normal file
View File

File diff suppressed because one or more lines are too long

138
cdk/node_modules/aws-cdk-lib/aws-ec2/lib/connections.d.ts generated vendored Normal file
View File

@@ -0,0 +1,138 @@
import type { IPeer } from './peer';
import type { Port } from './port';
import type { ISecurityGroup } from './security-group';
/**
* The goal of this module is to make possible to write statements like this:
*
* ```ts
* database.connections.allowFrom(fleet);
* fleet.connections.allowTo(database);
* rdgw.connections.allowFromCidrIp('0.3.1.5/86');
* rgdw.connections.allowTrafficTo(fleet, new AllPorts());
* ```
*
* The insight here is that some connecting peers have information on what ports should
* be involved in the connection, and some don't.
*/
/**
* An object that has a Connections object
*/
export interface IConnectable {
/**
* The network connections associated with this resource.
*/
readonly connections: Connections;
}
/**
* Properties to intialize a new Connections object
*/
export interface ConnectionsProps {
/**
* Class that represents the rule by which others can connect to this connectable
*
* This object is required, but will be derived from securityGroup if that is passed.
*
* @default Derived from securityGroup if set.
*/
readonly peer?: IPeer;
/**
* What securityGroup(s) this object is managing connections for
*
* @default No security groups
*/
readonly securityGroups?: ISecurityGroup[];
/**
* Default port range for initiating connections to and from this object
*
* @default - No default port
*/
readonly defaultPort?: Port;
}
/**
* Manage the allowed network connections for constructs with Security Groups.
*
* Security Groups can be thought of as a firewall for network-connected
* devices. This class makes it easy to allow network connections to and
* from security groups, and between security groups individually. When
* establishing connectivity between security groups, it will automatically
* add rules in both security groups
*
* This object can manage one or more security groups.
*/
export declare class Connections implements IConnectable {
/** @jsii suppress JSII5019 For historic reasons */
readonly connections: Connections;
/**
* The default port configured for this connection peer, if available
*/
readonly defaultPort?: Port;
/**
* Underlying securityGroup for this Connections object, if present
*
* May be empty if this Connections object is not managing a SecurityGroup,
* but simply representing a Connectable peer.
*/
private readonly _securityGroups;
/**
* The rule that defines how to represent this peer in a security group
*/
private readonly _securityGroupRules;
/**
* When doing bidirectional grants between Connections, make sure we don't recursive infinitely
*/
private skip;
/**
* When doing bidirectional grants between Security Groups in different stacks, put the rule on the other SG
*/
private remoteRule;
constructor(props?: ConnectionsProps);
get securityGroups(): ISecurityGroup[];
/**
* Add a security group to the list of security groups managed by this object
*/
addSecurityGroup(...securityGroups: ISecurityGroup[]): void;
/**
* Allow connections to the peer on the given port
*/
allowTo(other: IConnectable, portRange: Port, description?: string): void;
/**
* Allow connections from the peer on the given port
*/
allowFrom(other: IConnectable, portRange: Port, description?: string): void;
/**
* Allow hosts inside the security group to connect to each other on the given port
*/
allowInternally(portRange: Port, description?: string): void;
/**
* Allow to all IPv4 ranges
*/
allowToAnyIpv4(portRange: Port, description?: string): void;
/**
* Allow from any IPv4 ranges
*/
allowFromAnyIpv4(portRange: Port, description?: string): void;
/**
* Allow connections from the peer on our default port
*
* Even if the peer has a default port, we will always use our default port.
*/
allowDefaultPortFrom(other: IConnectable, description?: string): void;
/**
* Allow hosts inside the security group to connect to each other
*/
allowDefaultPortInternally(description?: string): void;
/**
* Allow default connections from all IPv4 ranges
*/
allowDefaultPortFromAnyIpv4(description?: string): void;
/**
* Allow connections to the security group on their default port
*/
allowToDefaultPort(other: IConnectable, description?: string): void;
/**
* Allow connections from the peer on our default port
*
* Even if the peer has a default port, we will always use our default port.
*/
allowDefaultPortTo(other: IConnectable, description?: string): void;
}

1
cdk/node_modules/aws-cdk-lib/aws-ec2/lib/connections.js generated vendored Normal file
View File

File diff suppressed because one or more lines are too long

53
cdk/node_modules/aws-cdk-lib/aws-ec2/lib/ec2-augmentations.generated.d.ts generated vendored Normal file
View File

@@ -0,0 +1,53 @@
import * as cw from "../../aws-cloudwatch";
declare module "./vpn" {
interface IVpnConnection {
/**
* Return the given named metric for this VPNConnection
*/
metric(metricName: string, props?: cw.MetricOptions): cw.Metric;
/**
* The state of the tunnel. 0 indicates DOWN and 1 indicates UP.
*
* Average over 5 minutes
*/
metricTunnelState(props?: cw.MetricOptions): cw.Metric;
/**
* The bytes received through the VPN tunnel.
*
* Sum over 5 minutes
*/
metricTunnelDataIn(props?: cw.MetricOptions): cw.Metric;
/**
* The bytes sent through the VPN tunnel.
*
* Sum over 5 minutes
*/
metricTunnelDataOut(props?: cw.MetricOptions): cw.Metric;
}
}
declare module "./vpn" {
interface VpnConnectionBase {
/**
* Return the given named metric for this VPNConnection
*/
metric(metricName: string, props?: cw.MetricOptions): cw.Metric;
/**
* The state of the tunnel. 0 indicates DOWN and 1 indicates UP.
*
* Average over 5 minutes
*/
metricTunnelState(props?: cw.MetricOptions): cw.Metric;
/**
* The bytes received through the VPN tunnel.
*
* Sum over 5 minutes
*/
metricTunnelDataIn(props?: cw.MetricOptions): cw.Metric;
/**
* The bytes sent through the VPN tunnel.
*
* Sum over 5 minutes
*/
metricTunnelDataOut(props?: cw.MetricOptions): cw.Metric;
}
}

1
cdk/node_modules/aws-cdk-lib/aws-ec2/lib/ec2-augmentations.generated.js generated vendored Normal file
View File

@@ -0,0 +1 @@
"use strict";Object.defineProperty(exports,"__esModule",{value:!0});var cw=()=>{var tmp=require("../../aws-cloudwatch");return cw=()=>tmp,tmp},vpn_1=()=>{var tmp=require("./vpn");return vpn_1=()=>tmp,tmp};vpn_1().VpnConnectionBase.prototype.metric=function(metricName,props){return new(cw()).Metric({namespace:"AWS/VPN",metricName,dimensionsMap:{VpnId:this.vpnId},...props}).attachTo(this)},vpn_1().VpnConnectionBase.prototype.metricTunnelState=function(props){return this.metric("TunnelState",{statistic:"Average",...props})},vpn_1().VpnConnectionBase.prototype.metricTunnelDataIn=function(props){return this.metric("TunnelDataIn",{statistic:"Sum",...props})},vpn_1().VpnConnectionBase.prototype.metricTunnelDataOut=function(props){return this.metric("TunnelDataOut",{statistic:"Sum",...props})};

740
cdk/node_modules/aws-cdk-lib/aws-ec2/lib/ec2-canned-metrics.generated.d.ts generated vendored Normal file
View File

@@ -0,0 +1,740 @@
export interface MetricWithDims<D> {
readonly namespace: string;
readonly metricName: string;
readonly statistic: string;
readonly dimensionsMap: D;
}
export declare class EC2CapacityReservationsMetrics {
static instanceUtilizationAverage(this: void, dimensions: {
CapacityReservationId: string;
}): MetricWithDims<{
CapacityReservationId: string;
}>;
static usedInstanceCountAverage(this: void, dimensions: {
CapacityReservationId: string;
}): MetricWithDims<{
CapacityReservationId: string;
}>;
static availableInstanceCountAverage(this: void, dimensions: {
CapacityReservationId: string;
}): MetricWithDims<{
CapacityReservationId: string;
}>;
static totalInstanceCountAverage(this: void, dimensions: {
CapacityReservationId: string;
}): MetricWithDims<{
CapacityReservationId: string;
}>;
}
export declare class EBSMetrics {
static volumeReadBytesSum(this: void, dimensions: {
VolumeId: string;
}): MetricWithDims<{
VolumeId: string;
}>;
static volumeWriteBytesSum(this: void, dimensions: {
VolumeId: string;
}): MetricWithDims<{
VolumeId: string;
}>;
static volumeReadOpsSum(this: void, dimensions: {
VolumeId: string;
}): MetricWithDims<{
VolumeId: string;
}>;
static volumeTotalReadTimeAverage(this: void, dimensions: {
VolumeId: string;
}): MetricWithDims<{
VolumeId: string;
}>;
static volumeWriteOpsSum(this: void, dimensions: {
VolumeId: string;
}): MetricWithDims<{
VolumeId: string;
}>;
static volumeTotalWriteTimeAverage(this: void, dimensions: {
VolumeId: string;
}): MetricWithDims<{
VolumeId: string;
}>;
static volumeIdleTimeAverage(this: void, dimensions: {
VolumeId: string;
}): MetricWithDims<{
VolumeId: string;
}>;
static volumeQueueLengthAverage(this: void, dimensions: {
VolumeId: string;
}): MetricWithDims<{
VolumeId: string;
}>;
static burstBalanceAverage(this: void, dimensions: {
VolumeId: string;
}): MetricWithDims<{
VolumeId: string;
}>;
}
export declare class EC2Metrics {
static cpuCreditUsageAverage(this: void, dimensions: {
InstanceId: string;
}): MetricWithDims<{
InstanceId: string;
}>;
static cpuCreditBalanceAverage(this: void, dimensions: {
InstanceId: string;
}): MetricWithDims<{
InstanceId: string;
}>;
static cpuSurplusCreditBalanceAverage(this: void, dimensions: {
InstanceId: string;
}): MetricWithDims<{
InstanceId: string;
}>;
static cpuSurplusCreditsChargedAverage(this: void, dimensions: {
InstanceId: string;
}): MetricWithDims<{
InstanceId: string;
}>;
static cpuUtilizationAverage(this: void, dimensions: {
InstanceId: string;
}): MetricWithDims<{
InstanceId: string;
}>;
static cpuUtilizationAverage(this: void, dimensions: {}): MetricWithDims<{}>;
static cpuUtilizationAverage(this: void, dimensions: {
AutoScalingGroupName: string;
}): MetricWithDims<{
AutoScalingGroupName: string;
}>;
static cpuUtilizationAverage(this: void, dimensions: {
ImageId: string;
}): MetricWithDims<{
ImageId: string;
}>;
static cpuUtilizationAverage(this: void, dimensions: {
InstanceType: string;
}): MetricWithDims<{
InstanceType: string;
}>;
static diskReadBytesAverage(this: void, dimensions: {
InstanceId: string;
}): MetricWithDims<{
InstanceId: string;
}>;
static diskReadBytesAverage(this: void, dimensions: {}): MetricWithDims<{}>;
static diskReadBytesAverage(this: void, dimensions: {
AutoScalingGroupName: string;
}): MetricWithDims<{
AutoScalingGroupName: string;
}>;
static diskReadBytesAverage(this: void, dimensions: {
ImageId: string;
}): MetricWithDims<{
ImageId: string;
}>;
static diskReadBytesAverage(this: void, dimensions: {
InstanceType: string;
}): MetricWithDims<{
InstanceType: string;
}>;
static diskReadOpsAverage(this: void, dimensions: {
InstanceId: string;
}): MetricWithDims<{
InstanceId: string;
}>;
static diskReadOpsAverage(this: void, dimensions: {}): MetricWithDims<{}>;
static diskReadOpsAverage(this: void, dimensions: {
AutoScalingGroupName: string;
}): MetricWithDims<{
AutoScalingGroupName: string;
}>;
static diskReadOpsAverage(this: void, dimensions: {
ImageId: string;
}): MetricWithDims<{
ImageId: string;
}>;
static diskReadOpsAverage(this: void, dimensions: {
InstanceType: string;
}): MetricWithDims<{
InstanceType: string;
}>;
static diskWriteBytesAverage(this: void, dimensions: {
InstanceId: string;
}): MetricWithDims<{
InstanceId: string;
}>;
static diskWriteBytesAverage(this: void, dimensions: {}): MetricWithDims<{}>;
static diskWriteBytesAverage(this: void, dimensions: {
AutoScalingGroupName: string;
}): MetricWithDims<{
AutoScalingGroupName: string;
}>;
static diskWriteBytesAverage(this: void, dimensions: {
ImageId: string;
}): MetricWithDims<{
ImageId: string;
}>;
static diskWriteBytesAverage(this: void, dimensions: {
InstanceType: string;
}): MetricWithDims<{
InstanceType: string;
}>;
static diskWriteOpsAverage(this: void, dimensions: {
InstanceId: string;
}): MetricWithDims<{
InstanceId: string;
}>;
static diskWriteOpsAverage(this: void, dimensions: {}): MetricWithDims<{}>;
static diskWriteOpsAverage(this: void, dimensions: {
AutoScalingGroupName: string;
}): MetricWithDims<{
AutoScalingGroupName: string;
}>;
static diskWriteOpsAverage(this: void, dimensions: {
ImageId: string;
}): MetricWithDims<{
ImageId: string;
}>;
static diskWriteOpsAverage(this: void, dimensions: {
InstanceType: string;
}): MetricWithDims<{
InstanceType: string;
}>;
static metadataNoTokenSum(this: void, dimensions: {
InstanceId: string;
}): MetricWithDims<{
InstanceId: string;
}>;
static metadataNoTokenSum(this: void, dimensions: {}): MetricWithDims<{}>;
static networkInAverage(this: void, dimensions: {
InstanceId: string;
}): MetricWithDims<{
InstanceId: string;
}>;
static networkInAverage(this: void, dimensions: {}): MetricWithDims<{}>;
static networkInAverage(this: void, dimensions: {
AutoScalingGroupName: string;
}): MetricWithDims<{
AutoScalingGroupName: string;
}>;
static networkInAverage(this: void, dimensions: {
ImageId: string;
}): MetricWithDims<{
ImageId: string;
}>;
static networkInAverage(this: void, dimensions: {
InstanceType: string;
}): MetricWithDims<{
InstanceType: string;
}>;
static networkOutAverage(this: void, dimensions: {
InstanceId: string;
}): MetricWithDims<{
InstanceId: string;
}>;
static networkOutAverage(this: void, dimensions: {}): MetricWithDims<{}>;
static networkOutAverage(this: void, dimensions: {
AutoScalingGroupName: string;
}): MetricWithDims<{
AutoScalingGroupName: string;
}>;
static networkOutAverage(this: void, dimensions: {
ImageId: string;
}): MetricWithDims<{
ImageId: string;
}>;
static networkOutAverage(this: void, dimensions: {
InstanceType: string;
}): MetricWithDims<{
InstanceType: string;
}>;
static networkPacketsInAverage(this: void, dimensions: {
InstanceId: string;
}): MetricWithDims<{
InstanceId: string;
}>;
static networkPacketsInAverage(this: void, dimensions: {}): MetricWithDims<{}>;
static networkPacketsInAverage(this: void, dimensions: {
AutoScalingGroupName: string;
}): MetricWithDims<{
AutoScalingGroupName: string;
}>;
static networkPacketsOutAverage(this: void, dimensions: {
InstanceId: string;
}): MetricWithDims<{
InstanceId: string;
}>;
static networkPacketsOutAverage(this: void, dimensions: {}): MetricWithDims<{}>;
static networkPacketsOutAverage(this: void, dimensions: {
AutoScalingGroupName: string;
}): MetricWithDims<{
AutoScalingGroupName: string;
}>;
static statusCheckFailedSum(this: void, dimensions: {
InstanceId: string;
}): MetricWithDims<{
InstanceId: string;
}>;
static statusCheckFailedInstanceSum(this: void, dimensions: {
InstanceId: string;
}): MetricWithDims<{
InstanceId: string;
}>;
static statusCheckFailedSystemSum(this: void, dimensions: {
InstanceId: string;
}): MetricWithDims<{
InstanceId: string;
}>;
static ebsReadOpsAverage(this: void, dimensions: {
InstanceId: string;
}): MetricWithDims<{
InstanceId: string;
}>;
static ebsWriteOpsAverage(this: void, dimensions: {
InstanceId: string;
}): MetricWithDims<{
InstanceId: string;
}>;
static ebsReadBytesAverage(this: void, dimensions: {
InstanceId: string;
}): MetricWithDims<{
InstanceId: string;
}>;
static ebsWriteBytesAverage(this: void, dimensions: {
InstanceId: string;
}): MetricWithDims<{
InstanceId: string;
}>;
static ebsioBalanceaverage(this: void, dimensions: {
InstanceId: string;
}): MetricWithDims<{
InstanceId: string;
}>;
static ebsByteBalanceaverage(this: void, dimensions: {
InstanceId: string;
}): MetricWithDims<{
InstanceId: string;
}>;
}
export declare class CWAgentMetrics {
static cpuUsageIdleAverage(this: void, dimensions: {
InstanceId: string;
}): MetricWithDims<{
InstanceId: string;
}>;
static cpuUsageIowaitAverage(this: void, dimensions: {
InstanceId: string;
}): MetricWithDims<{
InstanceId: string;
}>;
static cpuUsageStealAverage(this: void, dimensions: {
InstanceId: string;
}): MetricWithDims<{
InstanceId: string;
}>;
static cpuUsageSystemAverage(this: void, dimensions: {
InstanceId: string;
}): MetricWithDims<{
InstanceId: string;
}>;
static cpuUsageUserAverage(this: void, dimensions: {
InstanceId: string;
}): MetricWithDims<{
InstanceId: string;
}>;
static diskInodesFreeSum(this: void, dimensions: {
InstanceId: string;
}): MetricWithDims<{
InstanceId: string;
}>;
static diskInodesTotalSum(this: void, dimensions: {
InstanceId: string;
}): MetricWithDims<{
InstanceId: string;
}>;
static diskInodesUsedSum(this: void, dimensions: {
InstanceId: string;
}): MetricWithDims<{
InstanceId: string;
}>;
static diskUsedPercentMaximum(this: void, dimensions: {
InstanceId: string;
}): MetricWithDims<{
InstanceId: string;
}>;
static diskUsedMaximum(this: void, dimensions: {
InstanceId: string;
}): MetricWithDims<{
InstanceId: string;
}>;
static diskTotalMaximum(this: void, dimensions: {
InstanceId: string;
}): MetricWithDims<{
InstanceId: string;
}>;
static diskioIoTimeAverage(this: void, dimensions: {
InstanceId: string;
}): MetricWithDims<{
InstanceId: string;
}>;
static diskioReadBytesAverage(this: void, dimensions: {
InstanceId: string;
}): MetricWithDims<{
InstanceId: string;
}>;
static diskioReadsAverage(this: void, dimensions: {
InstanceId: string;
}): MetricWithDims<{
InstanceId: string;
}>;
static diskioWriteBytesAverage(this: void, dimensions: {
InstanceId: string;
}): MetricWithDims<{
InstanceId: string;
}>;
static diskioWritesAverage(this: void, dimensions: {
InstanceId: string;
}): MetricWithDims<{
InstanceId: string;
}>;
static memCachedAverage(this: void, dimensions: {
InstanceId: string;
}): MetricWithDims<{
InstanceId: string;
}>;
static memTotalAverage(this: void, dimensions: {
InstanceId: string;
}): MetricWithDims<{
InstanceId: string;
}>;
static memUsedAverage(this: void, dimensions: {
InstanceId: string;
}): MetricWithDims<{
InstanceId: string;
}>;
static memUsedPercentAverage(this: void, dimensions: {
InstanceId: string;
}): MetricWithDims<{
InstanceId: string;
}>;
static netstatTcpEstablishedSum(this: void, dimensions: {
InstanceId: string;
}): MetricWithDims<{
InstanceId: string;
}>;
static netstatTcpTimeWaitSum(this: void, dimensions: {
InstanceId: string;
}): MetricWithDims<{
InstanceId: string;
}>;
static swapUsedPercentAverage(this: void, dimensions: {
InstanceId: string;
}): MetricWithDims<{
InstanceId: string;
}>;
static ethtoolBwInAllowanceExceededSum(this: void, dimensions: {
InstanceId: string;
}): MetricWithDims<{
InstanceId: string;
}>;
static ethtoolBwOutAllowanceExceededSum(this: void, dimensions: {
InstanceId: string;
}): MetricWithDims<{
InstanceId: string;
}>;
static ethtoolConntrackAllowanceAvailableAverage(this: void, dimensions: {
InstanceId: string;
}): MetricWithDims<{
InstanceId: string;
}>;
static ethtoolEnaSrdModeAverage(this: void, dimensions: {
InstanceId: string;
}): MetricWithDims<{
InstanceId: string;
}>;
static ethtoolEnaSrdEligibleTxPktsSum(this: void, dimensions: {
InstanceId: string;
}): MetricWithDims<{
InstanceId: string;
}>;
static ethtoolEnaSrdTxPktsSum(this: void, dimensions: {
InstanceId: string;
}): MetricWithDims<{
InstanceId: string;
}>;
static ethtoolEnaSrdRxPktsSum(this: void, dimensions: {
InstanceId: string;
}): MetricWithDims<{
InstanceId: string;
}>;
static ethtoolEnaSrdResourceUtilizationAverage(this: void, dimensions: {
InstanceId: string;
}): MetricWithDims<{
InstanceId: string;
}>;
static ethtoolLinklocalAllowanceExceededSum(this: void, dimensions: {
InstanceId: string;
}): MetricWithDims<{
InstanceId: string;
}>;
static ethtoolPpsAllowanceExceededSum(this: void, dimensions: {
InstanceId: string;
}): MetricWithDims<{
InstanceId: string;
}>;
static ethtoolConntrackAllowanceExceededSum(this: void, dimensions: {
InstanceId: string;
}): MetricWithDims<{
InstanceId: string;
}>;
static tcPv4ConnectionsEstablishedSum(this: void, dimensions: {
InstanceId: string;
}): MetricWithDims<{
InstanceId: string;
}>;
static tcPv6ConnectionsEstablishedSum(this: void, dimensions: {
InstanceId: string;
}): MetricWithDims<{
InstanceId: string;
}>;
static memoryCommittedBytesInUseAverage(this: void, dimensions: {
InstanceId: string;
}): MetricWithDims<{
InstanceId: string;
}>;
static processorIdleTimeAverage(this: void, dimensions: {
InstanceId: string;
}): MetricWithDims<{
InstanceId: string;
}>;
static processorInterruptTimeAverage(this: void, dimensions: {
InstanceId: string;
}): MetricWithDims<{
InstanceId: string;
}>;
static processorUserTimeAverage(this: void, dimensions: {
InstanceId: string;
}): MetricWithDims<{
InstanceId: string;
}>;
static logicalDiskFreeSpaceAverage(this: void, dimensions: {
InstanceId: string;
}): MetricWithDims<{
InstanceId: string;
}>;
static pagingFileUsageAverage(this: void, dimensions: {
InstanceId: string;
}): MetricWithDims<{
InstanceId: string;
}>;
static physicalDiskDiskTimeAverage(this: void, dimensions: {
InstanceId: string;
}): MetricWithDims<{
InstanceId: string;
}>;
static physicalDiskDiskReadBytessecAverage(this: void, dimensions: {
InstanceId: string;
}): MetricWithDims<{
InstanceId: string;
}>;
static physicalDiskDiskWriteBytessecAverage(this: void, dimensions: {
InstanceId: string;
}): MetricWithDims<{
InstanceId: string;
}>;
static physicalDiskDiskWritessecAverage(this: void, dimensions: {
InstanceId: string;
}): MetricWithDims<{
InstanceId: string;
}>;
static physicalDiskDiskReadssecAverage(this: void, dimensions: {
InstanceId: string;
}): MetricWithDims<{
InstanceId: string;
}>;
static aggregateInboundBwAllowanceExceededSum(this: void, dimensions: {
InstanceId: string;
}): MetricWithDims<{
InstanceId: string;
}>;
static aggregateOutboundBwAllowanceExceededSum(this: void, dimensions: {
InstanceId: string;
}): MetricWithDims<{
InstanceId: string;
}>;
static availableConnectionTrackingAllowanceAverage(this: void, dimensions: {
InstanceId: string;
}): MetricWithDims<{
InstanceId: string;
}>;
static enaSrdModeAverage(this: void, dimensions: {
InstanceId: string;
}): MetricWithDims<{
InstanceId: string;
}>;
static enaSrdEligibleTxPktsSum(this: void, dimensions: {
InstanceId: string;
}): MetricWithDims<{
InstanceId: string;
}>;
static enaSrdTxPktsSum(this: void, dimensions: {
InstanceId: string;
}): MetricWithDims<{
InstanceId: string;
}>;
static enaSrdRxPktsSum(this: void, dimensions: {
InstanceId: string;
}): MetricWithDims<{
InstanceId: string;
}>;
static enaSrdResourceUtilizationAverage(this: void, dimensions: {
InstanceId: string;
}): MetricWithDims<{
InstanceId: string;
}>;
static linkLocalPacketRateAllowanceExceededSum(this: void, dimensions: {
InstanceId: string;
}): MetricWithDims<{
InstanceId: string;
}>;
static ppsAllowanceExceededSum(this: void, dimensions: {
InstanceId: string;
}): MetricWithDims<{
InstanceId: string;
}>;
static connectionTrackingAllowanceExceededSum(this: void, dimensions: {
InstanceId: string;
}): MetricWithDims<{
InstanceId: string;
}>;
}
export declare class NATGatewayMetrics {
static activeConnectionCountMaximum(this: void, dimensions: {
NatGatewayId: string;
}): MetricWithDims<{
NatGatewayId: string;
}>;
static packetsDropCountSum(this: void, dimensions: {
NatGatewayId: string;
}): MetricWithDims<{
NatGatewayId: string;
}>;
static bytesInFromDestinationSum(this: void, dimensions: {
NatGatewayId: string;
}): MetricWithDims<{
NatGatewayId: string;
}>;
static bytesInFromSourceSum(this: void, dimensions: {
NatGatewayId: string;
}): MetricWithDims<{
NatGatewayId: string;
}>;
static bytesOutToDestinationSum(this: void, dimensions: {
NatGatewayId: string;
}): MetricWithDims<{
NatGatewayId: string;
}>;
static bytesOutToSourceSum(this: void, dimensions: {
NatGatewayId: string;
}): MetricWithDims<{
NatGatewayId: string;
}>;
static connectionAttemptCountSum(this: void, dimensions: {
NatGatewayId: string;
}): MetricWithDims<{
NatGatewayId: string;
}>;
static connectionEstablishedCountSum(this: void, dimensions: {
NatGatewayId: string;
}): MetricWithDims<{
NatGatewayId: string;
}>;
static errorPortAllocationSum(this: void, dimensions: {
NatGatewayId: string;
}): MetricWithDims<{
NatGatewayId: string;
}>;
static idleTimeoutCountSum(this: void, dimensions: {
NatGatewayId: string;
}): MetricWithDims<{
NatGatewayId: string;
}>;
static packetsInFromDestinationSum(this: void, dimensions: {
NatGatewayId: string;
}): MetricWithDims<{
NatGatewayId: string;
}>;
static packetsInFromSourceSum(this: void, dimensions: {
NatGatewayId: string;
}): MetricWithDims<{
NatGatewayId: string;
}>;
static packetsOutToDestinationSum(this: void, dimensions: {
NatGatewayId: string;
}): MetricWithDims<{
NatGatewayId: string;
}>;
static packetsOutToSourceSum(this: void, dimensions: {
NatGatewayId: string;
}): MetricWithDims<{
NatGatewayId: string;
}>;
static peakBytesPerSecondMaximum(this: void, dimensions: {
NatGatewayId: string;
}): MetricWithDims<{
NatGatewayId: string;
}>;
static peakPacketsPerSecondMaximum(this: void, dimensions: {
NatGatewayId: string;
}): MetricWithDims<{
NatGatewayId: string;
}>;
}
export declare class TransitGatewayMetrics {
static bytesInSum(this: void, dimensions: {
TransitGateway: string;
}): MetricWithDims<{
TransitGateway: string;
}>;
static bytesOutSum(this: void, dimensions: {
TransitGateway: string;
}): MetricWithDims<{
TransitGateway: string;
}>;
static packetDropCountBlackholeSum(this: void, dimensions: {
TransitGateway: string;
}): MetricWithDims<{
TransitGateway: string;
}>;
static packetDropCountNoRouteSum(this: void, dimensions: {
TransitGateway: string;
}): MetricWithDims<{
TransitGateway: string;
}>;
static packetsInSum(this: void, dimensions: {
TransitGateway: string;
}): MetricWithDims<{
TransitGateway: string;
}>;
static packetsOutSum(this: void, dimensions: {
TransitGateway: string;
}): MetricWithDims<{
TransitGateway: string;
}>;
}
export declare class VPNMetrics {
static tunnelDataInSum(this: void, dimensions: {
VpnId: string;
}): MetricWithDims<{
VpnId: string;
}>;
static tunnelStateAverage(this: void, dimensions: {
VpnId: string;
}): MetricWithDims<{
VpnId: string;
}>;
static tunnelDataOutSum(this: void, dimensions: {
VpnId: string;
}): MetricWithDims<{
VpnId: string;
}>;
}

1
cdk/node_modules/aws-cdk-lib/aws-ec2/lib/ec2-canned-metrics.generated.js generated vendored Normal file
View File

File diff suppressed because one or more lines are too long

32392
cdk/node_modules/aws-cdk-lib/aws-ec2/lib/ec2.generated.d.ts generated vendored Normal file
View File

File diff suppressed because one or more lines are too long

1
cdk/node_modules/aws-cdk-lib/aws-ec2/lib/ec2.generated.js generated vendored Normal file
View File

File diff suppressed because one or more lines are too long

38
cdk/node_modules/aws-cdk-lib/aws-ec2/lib/index.d.ts generated vendored Normal file
View File

@@ -0,0 +1,38 @@
export * from './aspects';
export * from './bastion-host';
export * from './connections';
export * from './cfn-init';
export * from './cfn-init-elements';
export * from './instance-types';
export * from './instance';
export * from './launch-template';
export * from './machine-image';
export * from './nat';
export * from './network-acl';
export * from './network-acl-types';
export * from './network-util';
export * from './port';
export * from './prefix-list';
export * from './security-group';
export * from './subnet';
export * from './peer';
export * from './volume';
export * from './vpc';
export * from './vpc-lookup';
export * from './vpn';
export * from './vpc-endpoint';
export * from './vpc-endpoint-service';
export * from './user-data';
export * from './windows-versions';
export * from './vpc-flow-logs';
export * from './client-vpn-endpoint-types';
export * from './client-vpn-endpoint';
export * from './client-vpn-authorization-rule';
export * from './client-vpn-route';
export * from './ip-addresses';
export * from './machine-image';
export * from './placement-group';
export * from './key-pair';
export * from './instance-requirements';
export * from './ec2.generated';
import './ec2-augmentations.generated';

1
cdk/node_modules/aws-cdk-lib/aws-ec2/lib/index.js generated vendored Normal file
View File

File diff suppressed because one or more lines are too long

476
cdk/node_modules/aws-cdk-lib/aws-ec2/lib/instance-requirements.d.ts generated vendored Normal file
View File

@@ -0,0 +1,476 @@
import type { Size } from '../../core';
/**
* Hardware accelerator categories available for EC2 instances.
*
* Defines the general type of hardware accelerator that can be attached
* to an instance, typically used in instance requirement specifications
* (e.g., GPUs for compute-intensive tasks, FPGAs for custom logic, or
* inference chips for ML workloads).
*/
export declare enum AcceleratorType {
/**
* Graphics Processing Unit accelerators, such as NVIDIA GPUs.
* Commonly used for machine learning training, graphics rendering,
* or high-performance parallel computing.
*/
GPU = "gpu",
/**
* Field Programmable Gate Array accelerators, such as Xilinx FPGAs.
* Used for hardware-level customization and specialized workloads.
*/
FPGA = "fpga",
/**
* Inference accelerators, such as AWS Inferentia.
* Purpose-built for efficient machine learning inference.
*/
INFERENCE = "inference",
/**
* Media accelerators for video transcoding and processing workloads.
*/
MEDIA = "media"
}
/**
* Supported hardware accelerator manufacturers.
*
* Restricts instance selection to accelerators from a particular vendor.
* Useful for choosing specific ecosystems (e.g., NVIDIA CUDA, AWS chips).
*/
export declare enum AcceleratorManufacturer {
/** Amazon Web Services (e.g., Inferentia, Trainium accelerators). */
AWS = "amazon-web-services",
/** AMD (e.g., Radeon Pro V520 GPU). */
AMD = "amd",
/** NVIDIA (e.g., A100, V100, T4, K80, M60 GPUs). */
NVIDIA = "nvidia",
/** Xilinx (e.g., VU9P FPGA). */
XILINX = "xilinx",
/** Habana Labs(e.g, Gaudi accelerator). */
HABANA = "habana"
}
/**
* Specific hardware accelerator models supported by EC2.
*
* Defines exact accelerator models that can be required or excluded
* when selecting instance types.
*/
export declare enum AcceleratorName {
/** NVIDIA A100 GPU. */
A100 = "a100",
/** NVIDIA K80 GPU. */
K80 = "k80",
/** NVIDIA M60 GPU. */
M60 = "m60",
/** AMD Radeon Pro V520 GPU. */
RADEON_PRO_V520 = "radeon-pro-v520",
/** NVIDIA T4 GPU. */
T4 = "t4",
/** NVIDIA V100 GPU. */
V100 = "v100",
/** Xilinx VU9P FPGA. */
VU9P = "vu9p",
/** NVIDIA A10G GPU. */
A10G = "a10g",
/** NVIDIA H100 GPU. */
H100 = "h100",
/** AWS Inferentia chips. */
INFERENTIA = "inferentia",
/** NVIDIA GRID K520 GPU. */
K520 = "k520",
/** NVIDIA T4G GPUs. */
T4G = "t4g",
/** NVIDIA L40S GPU for AI inference and graphics workloads. */
L40S = "l40s",
/** NVIDIA L4 GPU for AI inference and graphics workloads. */
L4 = "l4",
/** Habana Gaudi HL-205 accelerator for deep learning training. */
GAUDI_HL_205 = "gaudi-hl-205",
/** AWS Inferentia2 chips for high-performance ML inference. */
INFERENTIA2 = "inferentia2",
/** AWS Trainium chips for high-performance ML training. */
TRAINIUM = "trainium",
/** AWS Trainium2 chips for high-performance ML training. */
TRAINIUM2 = "trainium2",
/** Xilinx U30 media transcoding accelerator for video processing. */
U30 = "u30"
}
/**
* Bare metal support requirements for EC2 instances.
*
* Controls whether selected instance types must, may, or must not
* be bare metal variants (i.e., instances that run directly on
* physical hardware without a hypervisor).
*/
export declare enum BareMetal {
/**
* Bare metal instance types are allowed, but non-bare-metal
* (virtualized) types may also be selected.
*/
INCLUDED = "included",
/**
* Only bare metal instance types are allowed.
* Non-bare-metal types will be excluded from selection.
*/
REQUIRED = "required",
/**
* Bare metal instance types are disallowed.
* Only non-bare-metal types may be selected.
*/
EXCLUDED = "excluded"
}
/**
* Burstable CPU performance requirements for EC2 instances.
*
* Controls whether selected instance types must, may, or must not
* support burstable vCPU performance (e.g., T3, T4g families).
*/
export declare enum BurstablePerformance {
/**
* Burstable-performance instance types are allowed, but
* non-burstable types may also be selected.
*/
INCLUDED = "included",
/**
* Only burstable-performance instance types are allowed.
* Non-burstable types will be excluded from selection.
*/
REQUIRED = "required",
/**
* Burstable-performance instance types are disallowed.
* Only non-burstable types may be selected.
*/
EXCLUDED = "excluded"
}
/**
* CPU manufacturers supported by EC2 instances.
*
* Restricts the acceptable CPU vendor for selected instance types.
*/
export declare enum CpuManufacturer {
/** Intel CPUs (e.g., Xeon families). */
INTEL = "intel",
/** AMD CPUs (e.g., EPYC families). */
AMD = "amd",
/** AWS-designed CPUs (e.g., Graviton families). */
AWS = "amazon-web-services",
/** Apple CPUs (e.g., M1, M2). */
APPLE = "apple"
}
/**
* Instance generation categories for EC2.
*
* Determines whether the instance type must belong to the latest
* (current) generation or to an older (previous) generation.
*/
export declare enum InstanceGeneration {
/** Current generation instances (latest families). */
CURRENT = "current",
/** Previous generation instances (older families). */
PREVIOUS = "previous"
}
/**
* Local storage support requirements for EC2 instances.
*
* Controls whether selected instance types must, may, or must not
* include directly attached local storage (instance store).
*/
export declare enum LocalStorage {
/**
* Instance types with local storage are allowed, but types without
* local storage may also be selected.
*/
INCLUDED = "included",
/**
* Only instance types with local storage are allowed.
* Types without local storage will be excluded.
*/
REQUIRED = "required",
/**
* Instance types with local storage are disallowed.
* Only types without local storage may be selected.
*/
EXCLUDED = "excluded"
}
/**
* Types of local storage available for EC2 instances.
*
* Specifies the physical medium used for local (instance store) storage.
*/
export declare enum LocalStorageType {
/** Hard disk drive storage. */
HDD = "hdd",
/** Solid state drive storage. */
SSD = "ssd"
}
/**
* The attributes for the instance types for a mixed instances policy.
*
* When you specify multiple attributes, you get instance types that satisfy all of the specified attributes. If you specify multiple values for an attribute, you get instance types that satisfy any of the specified values.
*
* To limit the list of instance types from which Amazon EC2 can identify matching instance types, you can use one of the following parameters, but not both in the same request:
* - AllowedInstanceTypes - The instance types to include in the list. All other instance types are ignored, even if they match your specified attributes.
* - ExcludedInstanceTypes - The instance types to exclude from the list, even if they match your specified attributes.
*
* Note: You must specify VCpuCount and MemoryMiB. All other attributes are optional. Any unspecified optional attribute is set to its default.
*/
export interface InstanceRequirementsConfig {
/**
* The minimum number of accelerators (GPUs, FPGAs, or AWS Inferentia chips) for an instance type.
*
* To exclude accelerator-enabled instance types, set acceleratorCountMax to 0.
*
* @default - No minimum or maximum limits
*/
readonly acceleratorCountMin?: number;
/**
* The maximum number of accelerators (GPUs, FPGAs, or AWS Inferentia chips) for an instance type.
*
* To exclude accelerator-enabled instance types, set Max to 0.
*
* @default - No minimum or maximum limits
*/
readonly acceleratorCountMax?: number;
/**
* Indicates whether instance types must have accelerators by specific manufacturers.
*
* - For instance types with NVIDIA devices, specify nvidia.
* - For instance types with AMD devices, specify amd.
* - For instance types with AWS devices, specify amazon-web-services.
* - For instance types with Xilinx devices, specify xilinx.
*
* @default - Any manufacturer
*/
readonly acceleratorManufacturers?: AcceleratorManufacturer[];
/**
* Lists the accelerators that must be on an instance type.
*
* - For instance types with NVIDIA A100 GPUs, specify a100.
* - For instance types with NVIDIA V100 GPUs, specify v100.
* - For instance types with NVIDIA K80 GPUs, specify k80.
* - For instance types with NVIDIA T4 GPUs, specify t4.
* - For instance types with NVIDIA M60 GPUs, specify m60.
* - For instance types with AMD Radeon Pro V520 GPUs, specify radeon-pro-v520.
* - For instance types with Xilinx VU9P FPGAs, specify vu9p.
*
* @default - Any accelerator
*/
readonly acceleratorNames?: AcceleratorName[];
/**
* The minimum total memory size for the accelerators on an instance type, in MiB.
*
* @default - No minimum or maximum limits
*/
readonly acceleratorTotalMemoryMin?: Size;
/**
* The maximum total memory size for the accelerators on an instance type, in MiB.
*
* @default - No minimum or maximum limits
*/
readonly acceleratorTotalMemoryMax?: Size;
/**
* Lists the accelerator types that must be on an instance type.
*
* - For instance types with GPU accelerators, specify gpu.
* - For instance types with FPGA accelerators, specify fpga.
* - For instance types with inference accelerators, specify inference.
*
* @default - Any accelerator type
*/
readonly acceleratorTypes?: AcceleratorType[];
/**
* The instance types to apply your specified attributes against. All other instance types are ignored, even if they match your specified attributes.
*
* You can use strings with one or more wild cards, represented by an asterisk (*), to allow an instance type, size, or generation. The following are examples: m5.8xlarge, c5*.*, m5a.*, r*, *3*.
*
* For example, if you specify c5*, Amazon EC2 Auto Scaling will allow the entire C5 instance family, which includes all C5a and C5n instance types. If you specify m5a.*, Amazon EC2 Auto Scaling will allow all the M5a instance types, but not the M5n instance types.
*
* Note: If you specify AllowedInstanceTypes, you can't specify ExcludedInstanceTypes.
*
* @default - All instance types
*/
readonly allowedInstanceTypes?: string[];
/**
* Indicates whether bare metal instance types are included, excluded, or required.
*
* @default - excluded
*/
readonly bareMetal?: BareMetal;
/**
* The minimum baseline bandwidth performance for an instance type, in Mbps. For more information, see Amazon EBSoptimized instances in the Amazon EC2 User Guide.
*
* @default - No minimum or maximum limits
*/
readonly baselineEbsBandwidthMbpsMin?: number;
/**
* The maximum baseline bandwidth performance for an instance type, in Mbps. For more information, see Amazon EBSoptimized instances in the Amazon EC2 User Guide.
*
* @default - No minimum or maximum limits
*/
readonly baselineEbsBandwidthMbpsMax?: number;
/**
* Indicates whether burstable performance instance types are included, excluded, or required. For more information, see Burstable performance instances in the Amazon EC2 User Guide.
*
* @default - excluded
*/
readonly burstablePerformance?: BurstablePerformance;
/**
* Lists which specific CPU manufacturers to include.
*
* - For instance types with Intel CPUs, specify intel.
* - For instance types with AMD CPUs, specify amd.
* - For instance types with AWS CPUs, specify amazon-web-services.
* - For instance types with Apple CPUs, specify apple.
*
* Note: Don't confuse the CPU hardware manufacturer with the CPU hardware architecture. Instances will be launched with a compatible CPU architecture based on the Amazon Machine Image (AMI) that you specify in your launch template.
*
* @default - Any manufacturer
*/
readonly cpuManufacturers?: CpuManufacturer[];
/**
* The instance types to exclude. You can use strings with one or more wild cards, represented by an asterisk (*), to exclude an instance family, type, size, or generation. The following are examples: m5.8xlarge, c5*.*, m5a.*, r*, *3*.
*
* For example, if you specify c5*, you are excluding the entire C5 instance family, which includes all C5a and C5n instance types. If you specify m5a.*, Amazon EC2 Auto Scaling will exclude all the M5a instance types, but not the M5n instance types.
*
* Note: If you specify ExcludedInstanceTypes, you can't specify AllowedInstanceTypes.
*
* @default - No excluded instance types
*/
readonly excludedInstanceTypes?: string[];
/**
* Indicates whether current or previous generation instance types are included.
*
* - For current generation instance types, specify current. The current generation includes EC2 instance types currently recommended for use. This typically includes the latest two to three generations in each instance family. For more information, see Instance types in the Amazon EC2 User Guide.
* - For previous generation instance types, specify previous.
*
* @default - Any current or previous generation
*/
readonly instanceGenerations?: InstanceGeneration[];
/**
* Indicates whether instance types with instance store volumes are included, excluded, or required. For more information, see Amazon EC2 instance store in the Amazon EC2 User Guide.
*
* @default - included
*/
readonly localStorage?: LocalStorage;
/**
* Indicates the type of local storage that is required.
*
* - For instance types with hard disk drive (HDD) storage, specify hdd.
* - For instance types with solid state drive (SSD) storage, specify ssd.
*
* @default - Any local storage type
*/
readonly localStorageTypes?: LocalStorageType[];
/**
* [Price protection] The price protection threshold for Spot Instances, as a percentage of an identified On-Demand price. The identified On-Demand price is the price of the lowest priced current generation C, M, or R instance type with your specified attributes. If no current generation C, M, or R instance type matches your attributes, then the identified price is from either the lowest priced current generation instance types or, failing that, the lowest priced previous generation instance types that match your attributes. When Amazon EC2 Auto Scaling selects instance types with your attributes, we will exclude instance types whose price exceeds your specified threshold.
*
* The parameter accepts an integer, which Amazon EC2 Auto Scaling interprets as a percentage.
*
* If you set DesiredCapacityType to vcpu or memory-mib, the price protection threshold is based on the per-vCPU or per-memory price instead of the per instance price.
*
* Note: Only one of SpotMaxPricePercentageOverLowestPrice or MaxSpotPriceAsPercentageOfOptimalOnDemandPrice can be specified. If you don't specify either, Amazon EC2 Auto Scaling will automatically apply optimal price protection to consistently select from a wide range of instance types. To indicate no price protection threshold for Spot Instances, meaning you want to consider all instance types that match your attributes, include one of these parameters and specify a high value, such as 999999.
*
* @default - Automatic optimal price protection
*/
readonly maxSpotPriceAsPercentageOfOptimalOnDemandPrice?: number;
/**
* The minimum amount of memory per vCPU for an instance type, in GiB.
*
* @default - No minimum or maximum limits
*/
readonly memoryPerVCpuMin?: Size;
/**
* The maximum amount of memory per vCPU for an instance type, in GiB.
*
* @default - No minimum or maximum limits
*/
readonly memoryPerVCpuMax?: Size;
/**
* The minimum instance memory size for an instance type, in MiB.
*
* Required: Yes
*/
readonly memoryMin: Size;
/**
* The maximum instance memory size for an instance type, in MiB.
*
* @default - No maximum limit
*/
readonly memoryMax?: Size;
/**
* The minimum amount of network bandwidth, in gigabits per second (Gbps).
*
* @default - No minimum or maximum limits
*/
readonly networkBandwidthGbpsMin?: number;
/**
* The maximum amount of network bandwidth, in gigabits per second (Gbps).
*
* @default - No minimum or maximum limits
*/
readonly networkBandwidthGbpsMax?: number;
/**
* The minimum number of network interfaces for an instance type.
*
* @default - No minimum or maximum limits
*/
readonly networkInterfaceCountMin?: number;
/**
* The maximum number of network interfaces for an instance type.
*
* @default - No minimum or maximum limits
*/
readonly networkInterfaceCountMax?: number;
/**
* [Price protection] The price protection threshold for On-Demand Instances, as a percentage higher than an identified On-Demand price. The identified On-Demand price is the price of the lowest priced current generation C, M, or R instance type with your specified attributes. If no current generation C, M, or R instance type matches your attributes, then the identified price is from either the lowest priced current generation instance types or, failing that, the lowest priced previous generation instance types that match your attributes. When Amazon EC2 Auto Scaling selects instance types with your attributes, we will exclude instance types whose price exceeds your specified threshold.
*
* The parameter accepts an integer, which Amazon EC2 Auto Scaling interprets as a percentage.
*
* To turn off price protection, specify a high value, such as 999999.
*
* If you set DesiredCapacityType to vcpu or memory-mib, the price protection threshold is applied based on the per-vCPU or per-memory price instead of the per instance price.
*
* @default - 20
*/
readonly onDemandMaxPricePercentageOverLowestPrice?: number;
/**
* Indicates whether instance types must provide On-Demand Instance hibernation support.
*
* @default - false
*/
readonly requireHibernateSupport?: boolean;
/**
* [Price protection] The price protection threshold for Spot Instances, as a percentage higher than an identified Spot price. The identified Spot price is the price of the lowest priced current generation C, M, or R instance type with your specified attributes. If no current generation C, M, or R instance type matches your attributes, then the identified price is from either the lowest priced current generation instance types or, failing that, the lowest priced previous generation instance types that match your attributes. When Amazon EC2 Auto Scaling selects instance types with your attributes, we will exclude instance types whose price exceeds your specified threshold.
*
* The parameter accepts an integer, which Amazon EC2 Auto Scaling interprets as a percentage.
*
* If you set DesiredCapacityType to vcpu or memory-mib, the price protection threshold is based on the per-vCPU or per-memory price instead of the per instance price.
*
* Note: Only one of SpotMaxPricePercentageOverLowestPrice or MaxSpotPriceAsPercentageOfOptimalOnDemandPrice can be specified. If you don't specify either, Amazon EC2 Auto Scaling will automatically apply optimal price protection to consistently select from a wide range of instance types. To indicate no price protection threshold for Spot Instances, meaning you want to consider all instance types that match your attributes, include one of these parameters and specify a high value, such as 999999.
*
* @default - Automatic optimal price protection
*/
readonly spotMaxPricePercentageOverLowestPrice?: number;
/**
* The minimum total local storage size for an instance type, in GB.
*
* @default - No minimum or maximum limits
*/
readonly totalLocalStorageGBMin?: number;
/**
* The maximum total local storage size for an instance type, in GB.
*
* @default - No minimum or maximum limits
*/
readonly totalLocalStorageGBMax?: number;
/**
* The minimum number of vCPUs for an instance type.
*
* Required: Yes
*/
readonly vCpuCountMin: number;
/**
* The maximum number of vCPUs for an instance type.
*
* @default - No maximum limit
*/
readonly vCpuCountMax?: number;
}

1
cdk/node_modules/aws-cdk-lib/aws-ec2/lib/instance-requirements.js generated vendored Normal file
View File

@@ -0,0 +1 @@
"use strict";Object.defineProperty(exports,"__esModule",{value:!0}),exports.LocalStorageType=exports.LocalStorage=exports.InstanceGeneration=exports.CpuManufacturer=exports.BurstablePerformance=exports.BareMetal=exports.AcceleratorName=exports.AcceleratorManufacturer=exports.AcceleratorType=void 0;var AcceleratorType;(function(AcceleratorType2){AcceleratorType2.GPU="gpu",AcceleratorType2.FPGA="fpga",AcceleratorType2.INFERENCE="inference",AcceleratorType2.MEDIA="media"})(AcceleratorType||(exports.AcceleratorType=AcceleratorType={}));var AcceleratorManufacturer;(function(AcceleratorManufacturer2){AcceleratorManufacturer2.AWS="amazon-web-services",AcceleratorManufacturer2.AMD="amd",AcceleratorManufacturer2.NVIDIA="nvidia",AcceleratorManufacturer2.XILINX="xilinx",AcceleratorManufacturer2.HABANA="habana"})(AcceleratorManufacturer||(exports.AcceleratorManufacturer=AcceleratorManufacturer={}));var AcceleratorName;(function(AcceleratorName2){AcceleratorName2.A100="a100",AcceleratorName2.K80="k80",AcceleratorName2.M60="m60",AcceleratorName2.RADEON_PRO_V520="radeon-pro-v520",AcceleratorName2.T4="t4",AcceleratorName2.V100="v100",AcceleratorName2.VU9P="vu9p",AcceleratorName2.A10G="a10g",AcceleratorName2.H100="h100",AcceleratorName2.INFERENTIA="inferentia",AcceleratorName2.K520="k520",AcceleratorName2.T4G="t4g",AcceleratorName2.L40S="l40s",AcceleratorName2.L4="l4",AcceleratorName2.GAUDI_HL_205="gaudi-hl-205",AcceleratorName2.INFERENTIA2="inferentia2",AcceleratorName2.TRAINIUM="trainium",AcceleratorName2.TRAINIUM2="trainium2",AcceleratorName2.U30="u30"})(AcceleratorName||(exports.AcceleratorName=AcceleratorName={}));var BareMetal;(function(BareMetal2){BareMetal2.INCLUDED="included",BareMetal2.REQUIRED="required",BareMetal2.EXCLUDED="excluded"})(BareMetal||(exports.BareMetal=BareMetal={}));var BurstablePerformance;(function(BurstablePerformance2){BurstablePerformance2.INCLUDED="included",BurstablePerformance2.REQUIRED="required",BurstablePerformance2.EXCLUDED="excluded"})(BurstablePerformance||(exports.BurstablePerformance=BurstablePerformance={}));var CpuManufacturer;(function(CpuManufacturer2){CpuManufacturer2.INTEL="intel",CpuManufacturer2.AMD="amd",CpuManufacturer2.AWS="amazon-web-services",CpuManufacturer2.APPLE="apple"})(CpuManufacturer||(exports.CpuManufacturer=CpuManufacturer={}));var InstanceGeneration;(function(InstanceGeneration2){InstanceGeneration2.CURRENT="current",InstanceGeneration2.PREVIOUS="previous"})(InstanceGeneration||(exports.InstanceGeneration=InstanceGeneration={}));var LocalStorage;(function(LocalStorage2){LocalStorage2.INCLUDED="included",LocalStorage2.REQUIRED="required",LocalStorage2.EXCLUDED="excluded"})(LocalStorage||(exports.LocalStorage=LocalStorage={}));var LocalStorageType;(function(LocalStorageType2){LocalStorageType2.HDD="hdd",LocalStorageType2.SSD="ssd"})(LocalStorageType||(exports.LocalStorageType=LocalStorageType={}));

1498
cdk/node_modules/aws-cdk-lib/aws-ec2/lib/instance-types.d.ts generated vendored Normal file
View File

File diff suppressed because it is too large Load Diff

1
cdk/node_modules/aws-cdk-lib/aws-ec2/lib/instance-types.js generated vendored Normal file
View File

File diff suppressed because one or more lines are too long

606
cdk/node_modules/aws-cdk-lib/aws-ec2/lib/instance.d.ts generated vendored Normal file
View File

@@ -0,0 +1,606 @@
import type { Construct } from 'constructs';
import type { CloudFormationInit } from './cfn-init';
import type { IConnectable } from './connections';
import { Connections } from './connections';
import type { IInstanceRef, InstanceReference, IPlacementGroupRef } from './ec2.generated';
import { CfnInstance } from './ec2.generated';
import type { InstanceType } from './instance-types';
import type { IKeyPair } from './key-pair';
import type { CpuCredits, InstanceInitiatedShutdownBehavior } from './launch-template';
import type { IMachineImage, OperatingSystemType } from './machine-image';
import type { ISecurityGroup } from './security-group';
import type { UserData } from './user-data';
import type { BlockDevice } from './volume';
import type { IVpc, SubnetSelection } from './vpc';
import * as iam from '../../aws-iam';
import type { IResource } from '../../core';
import { Duration, Resource } from '../../core';
/**
* The state of token usage for your instance metadata requests.
*
* @see https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-ec2-instance-metadataoptions.html#cfn-ec2-instance-metadataoptions-httptokens
*/
export declare enum HttpTokens {
/**
* If the state is optional, you can choose to retrieve instance metadata with or without a signed token header on your request.
*/
OPTIONAL = "optional",
/**
* If the state is required, you must send a signed token header with any instance metadata retrieval requests. In this state,
* retrieving the IAM role credentials always returns the version 2.0 credentials; the version 1.0 credentials are not available.
*/
REQUIRED = "required"
}
export interface IInstance extends IResource, IConnectable, iam.IGrantable, IInstanceRef {
/**
* The instance's ID
*
* @attribute
*/
readonly instanceId: string;
/**
* The availability zone the instance was launched in
*
* @attribute
*/
readonly instanceAvailabilityZone: string;
/**
* Private DNS name for this instance
* @attribute
*/
readonly instancePrivateDnsName: string;
/**
* Private IP for this instance
*
* @attribute
*/
readonly instancePrivateIp: string;
/**
* Publicly-routable DNS name for this instance.
*
* (May be an empty string if the instance does not have a public name).
*
* @attribute
*/
readonly instancePublicDnsName: string;
/**
* Publicly-routable IP address for this instance.
*
* (May be an empty string if the instance does not have a public IP).
*
* @attribute
*/
readonly instancePublicIp: string;
}
/**
* Properties of an EC2 Instance
*/
export interface InstanceProps {
/**
* Name of SSH keypair to grant access to instance
*
* @default - No SSH access will be possible.
* @deprecated - Use `keyPair` instead - https://docs.aws.amazon.com/cdk/api/v2/docs/aws-cdk-lib.aws_ec2-readme.html#using-an-existing-ec2-key-pair
*/
readonly keyName?: string;
/**
* The SSH keypair to grant access to the instance.
*
* @default - No SSH access will be possible.
*/
readonly keyPair?: IKeyPair;
/**
* Where to place the instance within the VPC
*
* @default - Private subnets.
*/
readonly vpcSubnets?: SubnetSelection;
/**
* In which AZ to place the instance within the VPC
*
* @default - Random zone.
*/
readonly availabilityZone?: string;
/**
* Whether the instance could initiate connections to anywhere by default.
* This property is only used when you do not provide a security group.
*
* @default true
*/
readonly allowAllOutbound?: boolean;
/**
* Whether the instance could initiate IPv6 connections to anywhere by default.
* This property is only used when you do not provide a security group.
*
* @default false
*/
readonly allowAllIpv6Outbound?: boolean;
/**
* The length of time to wait for the resourceSignalCount
*
* The maximum value is 43200 (12 hours).
*
* @default Duration.minutes(5)
*/
readonly resourceSignalTimeout?: Duration;
/**
* VPC to launch the instance in.
*/
readonly vpc: IVpc;
/**
* Security Group to assign to this instance
*
* @default - create new security group
*/
readonly securityGroup?: ISecurityGroup;
/**
* Type of instance to launch
*/
readonly instanceType: InstanceType;
/**
* AMI to launch
*/
readonly machineImage: IMachineImage;
/**
* Specific UserData to use
*
* The UserData may still be mutated after creation.
*
* @default - A UserData object appropriate for the MachineImage's
* Operating System is created.
*/
readonly userData?: UserData;
/**
* Changes to the UserData force replacement
*
* Depending the EC2 instance type, changing UserData either
* restarts the instance or replaces the instance.
*
* - Instance store-backed instances are replaced.
* - EBS-backed instances are restarted.
*
* By default, restarting does not execute the new UserData so you
* will need a different mechanism to ensure the instance is restarted.
*
* Setting this to `true` will make the instance's Logical ID depend on the
* UserData, which will cause CloudFormation to replace it if the UserData
* changes.
*
* @default - true if `initOptions` is specified, false otherwise.
*/
readonly userDataCausesReplacement?: boolean;
/**
* An IAM role to associate with the instance profile assigned to this Auto Scaling Group.
*
* The role must be assumable by the service principal `ec2.amazonaws.com`:
* Note: You can provide an instanceProfile or a role, but not both.
*
* @example
* const role = new iam.Role(this, 'MyRole', {
* assumedBy: new iam.ServicePrincipal('ec2.amazonaws.com')
* });
*
* @default - A role will automatically be created, it can be accessed via the `role` property
*/
readonly role?: iam.IRole;
/**
* The instance profile used to pass role information to EC2 instances.
*
* Note: You can provide an instanceProfile or a role, but not both.
*
* @default - No instance profile
*/
readonly instanceProfile?: iam.IInstanceProfile;
/**
* The name of the instance
*
* @default - CDK generated name
*/
readonly instanceName?: string;
/**
* Specifies whether to enable an instance launched in a VPC to perform NAT.
* This controls whether source/destination checking is enabled on the instance.
* A value of true means that checking is enabled, and false means that checking is disabled.
* The value must be false for the instance to perform NAT.
*
* @default true
*/
readonly sourceDestCheck?: boolean;
/**
* Specifies how block devices are exposed to the instance. You can specify virtual devices and EBS volumes.
*
* Each instance that is launched has an associated root device volume,
* either an Amazon EBS volume or an instance store volume.
* You can use block device mappings to specify additional EBS volumes or
* instance store volumes to attach to an instance when it is launched.
*
* @see https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/block-device-mapping-concepts.html
*
* @default - Uses the block device mapping of the AMI
*/
readonly blockDevices?: BlockDevice[];
/**
* Defines a private IP address to associate with an instance.
*
* Private IP should be available within the VPC that the instance is build within.
*
* @default - no association
*/
readonly privateIpAddress?: string;
/**
* Propagate the EC2 instance tags to the EBS volumes.
*
* @default - false
*/
readonly propagateTagsToVolumeOnCreation?: boolean;
/**
* Apply the given CloudFormation Init configuration to the instance at startup
*
* @default - no CloudFormation init
*/
readonly init?: CloudFormationInit;
/**
* Use the given options for applying CloudFormation Init
*
* Describes the configsets to use and the timeout to wait
*
* @default - default options
*/
readonly initOptions?: ApplyCloudFormationInitOptions;
/**
* Whether IMDSv2 should be required on this instance.
*
* This is a simple boolean flag that enforces IMDSv2 by creating a Launch Template
* with `httpTokens: 'required'`. Use this for straightforward IMDSv2 enforcement.
*
* For more granular control over metadata options (like disabling the metadata endpoint,
* configuring hop limits, or enabling instance tags), use the individual metadata option properties instead.
*
* @default - false
*/
readonly requireImdsv2?: boolean;
/**
* Enables or disables the HTTP metadata endpoint on your instances.
*
* @see https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-ec2-instance-metadataoptions.html#cfn-ec2-instance-metadataoptions-httpendpoint
*
* @default true
*/
readonly httpEndpoint?: boolean;
/**
* Enables or disables the IPv6 endpoint for the instance metadata service.
*
* @see https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-ec2-instance-metadataoptions.html#cfn-ec2-instance-metadataoptions-httpprotocolipv6
*
* @default false
*/
readonly httpProtocolIpv6?: boolean;
/**
* The desired HTTP PUT response hop limit for instance metadata requests. The larger the number, the further instance metadata requests can travel.
*
* Possible values: Integers from 1 to 64
*
* @see https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-ec2-instance-metadataoptions.html#cfn-ec2-instance-metadataoptions-httpputresponsehoplimit
*
* @default - No default value specified by CloudFormation
*/
readonly httpPutResponseHopLimit?: number;
/**
* The state of token usage for your instance metadata requests.
*
* Set to 'required' to enforce IMDSv2. This is equivalent to using `requireImdsv2: true`,
* but allows you to configure other metadata options alongside IMDSv2 enforcement.
*
* @see https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-ec2-instance-metadataoptions.html#cfn-ec2-instance-metadataoptions-httptokens
*
* @default - The default is conditional based on the AMI and account-level settings:
* - If the AMI's `ImdsSupport` is `v2.0` and the account level default is `no-preference`, the default is `HttpTokens.REQUIRED`
* - If the AMI's `ImdsSupport` is `v2.0` and the account level default is `V1 or V2`, the default is `HttpTokens.OPTIONAL`
* - See https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/configuring-instance-metadata-options.html#instance-metadata-options-order-of-precedence
*/
readonly httpTokens?: HttpTokens;
/**
* Set to enabled to allow access to instance tags from the instance metadata. Set to disabled to turn off access to instance tags from the instance metadata.
*
* @see https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-ec2-instance-metadataoptions.html#cfn-ec2-instance-metadataoptions-instancemetadatatags
*
* @default false
*/
readonly instanceMetadataTags?: boolean;
/**
* Whether "Detailed Monitoring" is enabled for this instance
* Keep in mind that Detailed Monitoring results in extra charges
*
* @see http://aws.amazon.com/cloudwatch/pricing/
* @default - false
*/
readonly detailedMonitoring?: boolean;
/**
* Add SSM session permissions to the instance role
*
* Setting this to `true` adds the necessary permissions to connect
* to the instance using SSM Session Manager. You can do this
* from the AWS Console.
*
* NOTE: Setting this flag to `true` may not be enough by itself.
* You must also use an AMI that comes with the SSM Agent, or install
* the SSM Agent yourself. See
* [Working with SSM Agent](https://docs.aws.amazon.com/systems-manager/latest/userguide/ssm-agent.html)
* in the SSM Developer Guide.
*
* @default false
*/
readonly ssmSessionPermissions?: boolean;
/**
* Whether to associate a public IP address to the primary network interface attached to this instance.
*
* You cannot specify this property and `ipv6AddressCount` at the same time.
*
* @default - public IP address is automatically assigned based on default behavior
*/
readonly associatePublicIpAddress?: boolean;
/**
* Specifying the CPU credit type for burstable EC2 instance types (T2, T3, T3a, etc).
* The unlimited CPU credit option is not supported for T3 instances with a dedicated host.
*
* @default - T2 instances are standard, while T3, T4g, and T3a instances are unlimited.
*/
readonly creditSpecification?: CpuCredits;
/**
* Indicates whether the instance is optimized for Amazon EBS I/O.
*
* This optimization provides dedicated throughput to Amazon EBS and an optimized configuration stack to provide optimal Amazon EBS I/O performance.
* This optimization isn't available with all instance types.
* Additional usage charges apply when using an EBS-optimized instance.
*
* @default false
*/
readonly ebsOptimized?: boolean;
/**
* If true, the instance will not be able to be terminated using the Amazon EC2 console, CLI, or API.
*
* To change this attribute after launch, use [ModifyInstanceAttribute](https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_ModifyInstanceAttribute.html).
* Alternatively, if you set InstanceInitiatedShutdownBehavior to terminate, you can terminate the instance
* by running the shutdown command from the instance.
*
* @see https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ec2-instance.html#cfn-ec2-instance-disableapitermination
*
* @default false
*/
readonly disableApiTermination?: boolean;
/**
* Indicates whether an instance stops or terminates when you initiate shutdown from the instance
* (using the operating system command for system shutdown).
*
* @see https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/terminating-instances.html#Using_ChangingInstanceInitiatedShutdownBehavior
*
* @default InstanceInitiatedShutdownBehavior.STOP
*/
readonly instanceInitiatedShutdownBehavior?: InstanceInitiatedShutdownBehavior;
/**
* The placement group that you want to launch the instance into.
*
* @default - no placement group will be used for this instance.
*/
readonly placementGroup?: IPlacementGroupRef;
/**
* Whether the instance is enabled for AWS Nitro Enclaves.
*
* Nitro Enclaves requires a Nitro-based virtualized parent instance with specific Intel/AMD with at least 4 vCPUs
* or Graviton with at least 2 vCPUs instance types and Linux/Windows host OS,
* while the enclave itself supports only Linux OS.
*
* You can't set both `enclaveEnabled` and `hibernationEnabled` to true on the same instance.
*
* @see https://docs.aws.amazon.com/enclaves/latest/user/nitro-enclave.html#nitro-enclave-reqs
*
* @default - false
*/
readonly enclaveEnabled?: boolean;
/**
* Whether the instance is enabled for hibernation.
*
* You can't set both `enclaveEnabled` and `hibernationEnabled` to true on the same instance.
*
* @see https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-ec2-instance-hibernationoptions.html
*
* @default - false
*/
readonly hibernationEnabled?: boolean;
/**
* The number of IPv6 addresses to associate with the primary network interface.
*
* Amazon EC2 chooses the IPv6 addresses from the range of your subnet.
*
* You cannot specify this property and `associatePublicIpAddress` at the same time.
*
* @default - For instances associated with an IPv6 subnet, use 1; otherwise, use 0.
*/
readonly ipv6AddressCount?: number;
}
/**
* This represents a single EC2 instance
*/
export declare class Instance extends Resource implements IInstance {
/**
* Uniquely identifies this class.
*/
static readonly PROPERTY_INJECTION_ID: string;
/**
* The type of OS the instance is running.
*/
readonly osType: OperatingSystemType;
/**
* Allows specify security group connections for the instance.
*/
readonly connections: Connections;
/**
* The IAM role assumed by the instance.
*/
readonly role: iam.IRole;
/**
* The principal to grant permissions to
*/
readonly grantPrincipal: iam.IPrincipal;
/**
* UserData for the instance
*/
readonly userData: UserData;
/**
* the underlying instance resource
*
* @jsii suppress JSII5019 For historic reasons
*/
readonly instance: CfnInstance;
/**
* @attribute
*/
readonly instanceId: string;
/**
* @attribute
*/
readonly instanceAvailabilityZone: string;
/**
* @attribute
*/
readonly instancePrivateDnsName: string;
/**
* @attribute
*/
readonly instancePrivateIp: string;
/**
* @attribute
*/
readonly instancePublicDnsName: string;
/**
* @attribute
*/
readonly instancePublicIp: string;
private readonly securityGroup;
private readonly _securityGroups;
constructor(scope: Construct, id: string, props: InstanceProps);
get instanceRef(): InstanceReference;
/**
* Add the security group to the instance.
*
* @param securityGroup: The security group to add
*/
addSecurityGroup(securityGroup: ISecurityGroup): void;
/**
* Add command to the startup script of the instance.
* The command must be in the scripting language supported by the instance's OS (i.e. Linux/Windows).
*/
addUserData(...commands: string[]): void;
/**
* Adds a statement to the IAM role assumed by the instance.
*/
addToRolePolicy(statement: iam.PolicyStatement): void;
/**
* Use a CloudFormation Init configuration at instance startup
*
* This does the following:
*
* - Attaches the CloudFormation Init metadata to the Instance resource.
* - Add commands to the instance UserData to run `cfn-init` and `cfn-signal`.
* - Update the instance's CreationPolicy to wait for the `cfn-signal` commands.
*/
applyCloudFormationInit(init: CloudFormationInit, options?: ApplyCloudFormationInitOptions): void;
/**
* Wait for a single additional resource signal
*
* Add 1 to the current ResourceSignal Count and add the given timeout to the current timeout.
*
* Use this to pause the CloudFormation deployment to wait for the instances
* in the AutoScalingGroup to report successful startup during
* creation and updates. The UserData script needs to invoke `cfn-signal`
* with a success or failure code after it is done setting up the instance.
*/
private waitForResourceSignal;
/**
* Apply CloudFormation update policies for the instance
*/
private applyUpdatePolicies;
/**
* Render the metadata options for the instance
*/
private renderMetadataOptions;
}
/**
* Options for applying CloudFormation init to an instance or instance group
*/
export interface ApplyCloudFormationInitOptions {
/**
* ConfigSet to activate
*
* @default ['default']
*/
readonly configSets?: string[];
/**
* Timeout waiting for the configuration to be applied
*
* @default Duration.minutes(5)
*/
readonly timeout?: Duration;
/**
* Force instance replacement by embedding a config fingerprint
*
* If `true` (the default), a hash of the config will be embedded into the
* UserData, so that if the config changes, the UserData changes.
*
* - If the EC2 instance is instance-store backed or
* `userDataCausesReplacement` is set, this will cause the instance to be
* replaced and the new configuration to be applied.
* - If the instance is EBS-backed and `userDataCausesReplacement` is not
* set, the change of UserData will make the instance restart but not be
* replaced, and the configuration will not be applied automatically.
*
* If `false`, no hash will be embedded, and if the CloudFormation Init
* config changes nothing will happen to the running instance. If a
* config update introduces errors, you will not notice until after the
* CloudFormation deployment successfully finishes and the next instance
* fails to launch.
*
* @default true
*/
readonly embedFingerprint?: boolean;
/**
* Print the results of running cfn-init to the Instance System Log
*
* By default, the output of running cfn-init is written to a log file
* on the instance. Set this to `true` to print it to the System Log
* (visible from the EC2 Console), `false` to not print it.
*
* (Be aware that the system log is refreshed at certain points in
* time of the instance life cycle, and successful execution may
* not always show up).
*
* @default true
*/
readonly printLog?: boolean;
/**
* Don't fail the instance creation when cfn-init fails
*
* You can use this to prevent CloudFormation from rolling back when
* instances fail to start up, to help in debugging.
*
* @default false
*/
readonly ignoreFailures?: boolean;
/**
* Include --url argument when running cfn-init and cfn-signal commands
*
* This will be the cloudformation endpoint in the deployed region
* e.g. https://cloudformation.us-east-1.amazonaws.com
*
* @default false
*/
readonly includeUrl?: boolean;
/**
* Include --role argument when running cfn-init and cfn-signal commands
*
* This will be the IAM instance profile attached to the EC2 instance
*
* @default false
*/
readonly includeRole?: boolean;
}

1
cdk/node_modules/aws-cdk-lib/aws-ec2/lib/instance.js generated vendored Normal file
View File

File diff suppressed because one or more lines are too long

254
cdk/node_modules/aws-cdk-lib/aws-ec2/lib/ip-addresses.d.ts generated vendored Normal file
View File

@@ -0,0 +1,254 @@
import type { Construct } from 'constructs';
import type { CidrSplit } from './cidr-splits';
import { CfnVPCCidrBlock } from './ec2.generated';
import type { SubnetConfiguration } from './vpc';
/**
* An abstract Provider of IpAddresses
*
* Note this is specific to the IPv4 CIDR.
*/
export declare class IpAddresses {
/**
* Used to provide local Ip Address Management services for your VPC
*
* VPC CIDR is supplied at creation and subnets are calculated locally
*
* Note this is specific to the IPv4 CIDR.
*
*/
static cidr(cidrBlock: string): IIpAddresses;
/**
* Used to provide centralized Ip Address Management services for your VPC
*
* Uses VPC CIDR allocations from AWS IPAM
*
* Note this is specific to the IPv4 CIDR.
*
* @see https://docs.aws.amazon.com/vpc/latest/ipam/what-it-is-ipam.html
*/
static awsIpamAllocation(props: AwsIpamProps): IIpAddresses;
private constructor();
}
/**
* Implementations for ip address management.
*
* Note this is specific to the IPv4 CIDR.
*/
export interface IIpAddresses {
/**
* Called by the VPC to retrieve VPC options from the Ipam
*
* Don't call this directly, the VPC will call it automatically.
*/
allocateVpcCidr(): VpcIpamOptions;
/**
* Called by the VPC to retrieve Subnet options from the Ipam
*
* Don't call this directly, the VPC will call it automatically.
*/
allocateSubnetsCidr(input: AllocateCidrRequest): SubnetIpamOptions;
}
/**
* CIDR Allocated Vpc
*/
export interface VpcIpamOptions {
/**
* CIDR Block for Vpc
*
* @default - Only required when Ipam has concrete allocation available for static Vpc
*/
readonly cidrBlock?: string;
/**
* CIDR Mask for Vpc
*
* @default - Only required when using AWS Ipam
*/
readonly ipv4NetmaskLength?: number;
/**
* ipv4 IPAM Pool Id
*
* @default - Only required when using AWS Ipam
*/
readonly ipv4IpamPoolId?: string;
}
/**
* Subnet requested for allocation
*/
export interface RequestedSubnet {
/**
* The availability zone for the subnet
*/
readonly availabilityZone: string;
/**
* Specify configuration parameters for a single subnet group in a VPC
*/
readonly configuration: SubnetConfiguration;
/**
* Id for the Subnet construct
*/
readonly subnetConstructId: string;
}
/**
* Request for subnets CIDR to be allocated for a Vpc
*/
export interface AllocateCidrRequest {
/**
* The IPv4 CIDR block for this Vpc
*/
readonly vpcCidr: string;
/**
* The Subnets to be allocated
*/
readonly requestedSubnets: RequestedSubnet[];
}
/**
* Request for allocation of the VPC IPv6 CIDR.
*/
export interface AllocateVpcIpv6CidrRequest {
/**
* The VPC construct to attach to.
*/
readonly scope: Construct;
/**
* The id of the VPC.
*/
readonly vpcId: string;
}
/**
* Request for IPv6 CIDR block to be split up.
*/
export interface CreateIpv6CidrBlocksRequest {
/**
* The IPv6 CIDR block string representation.
*/
readonly ipv6SelectedCidr: string;
/**
* The number of subnets to assign CIDRs to.
*/
readonly subnetCount: number;
/**
* Size of the covered bits in the CIDR.
* @default - 128 - 64 = /64 CIDR.
*/
readonly sizeMask?: string;
}
/**
* Request for subnet IPv6 CIDRs to be allocated for a VPC.
*/
export interface AllocateIpv6CidrRequest {
/**
* List of subnets allocated with IPv4 CIDRs
*/
readonly allocatedSubnets: AllocatedSubnet[];
/**
* The IPv6 CIDRs to be allocated to the subnets
*/
readonly ipv6Cidrs: string[];
}
/**
* CIDR Allocated Subnets
*/
export interface SubnetIpamOptions {
/**
* CIDR Allocations for Subnets
*/
readonly allocatedSubnets: AllocatedSubnet[];
}
/**
* CIDR Allocated Subnet
*/
export interface AllocatedSubnet {
/**
* IPv4 CIDR Allocations for a Subnet.
*
* Note this is specific to the IPv4 CIDR.
*/
readonly cidr: string;
/**
* IPv6 CIDR Allocations for a Subnet.
*
* Note this is specific to the IPv6 CIDR.
*
* @default - no IPV6 CIDR
*/
readonly ipv6Cidr?: string;
}
/**
* Configuration for AwsIpam
*/
export interface AwsIpamProps {
/**
* Netmask length for Vpc
*/
readonly ipv4NetmaskLength: number;
/**
* Ipam Pool Id for ipv4 allocation
*/
readonly ipv4IpamPoolId: string;
/**
* Default length for Subnet ipv4 Network mask
*
* Specify this option only if you do not specify all Subnets using SubnetConfiguration with a cidrMask
*
* @default - Default ipv4 Subnet Mask for subnets in Vpc
*
*/
readonly defaultSubnetIpv4NetmaskLength?: number;
}
/**
* Convert a CIDR split command to a CFN expression that calculates the same CIDR
*
* Can recursively produce multiple `{ Fn::Cidr }` expressions.
*
* This is necessary because CFN's `{ Fn::Cidr }` reifies the split to an actual list of
* strings, and to limit resource consumption `count` may never be higher than 256. So
* if we need to split deeper, we need to do more than one split.
*
* (Function public for testing)
*/
export declare function cidrSplitToCfnExpression(parentCidr: string, split: CidrSplit): string;
/**
* An abstract Provider of Ipv6Addresses.
*
* Note this is specific to the IPv6 CIDR.
*/
export declare class Ipv6Addresses {
/**
* Used for IPv6 address management with Amazon provided CIDRs.
*
* Note this is specific to the IPv6 CIDR.
*/
static amazonProvided(): IIpv6Addresses;
private constructor();
}
/**
* Implementations for IPv6 address management.
*
* Note this is specific to the IPv6 CIDR.
*/
export interface IIpv6Addresses {
/**
* Whether the IPv6 CIDR is Amazon provided or not.
*
* Note this is specific to the IPv6 CIDR.
*/
amazonProvided: boolean;
/**
* Called by VPC to allocate IPv6 CIDR.
*
* Note this is specific to the IPv6 CIDR.
*/
allocateVpcIpv6Cidr(input: AllocateVpcIpv6CidrRequest): CfnVPCCidrBlock;
/**
* Split IPv6 CIDR block up for subnets.
*
* Note this is specific to the IPv6 CIDR.
*/
createIpv6CidrBlocks(input: CreateIpv6CidrBlocksRequest): string[];
/**
* Allocates Subnets IPv6 CIDRs. Called by VPC when creating subnets with IPv6 enabled.
*
* Note this is specific to the IPv6 CIDR.
*/
allocateSubnetsIpv6Cidr(input: AllocateIpv6CidrRequest): SubnetIpamOptions;
}

1
cdk/node_modules/aws-cdk-lib/aws-ec2/lib/ip-addresses.js generated vendored Normal file
View File

@@ -0,0 +1 @@
"use strict";Object.defineProperty(exports,"__esModule",{value:!0}),exports.Ipv6Addresses=exports.IpAddresses=void 0,exports.cidrSplitToCfnExpression=cidrSplitToCfnExpression;var jsiiDeprecationWarnings=()=>{var tmp=require("../../.warnings.jsii.js");return jsiiDeprecationWarnings=()=>tmp,tmp};const JSII_RTTI_SYMBOL_1=Symbol.for("jsii.rtti");var cidr_splits_1=()=>{var tmp=require("./cidr-splits");return cidr_splits_1=()=>tmp,tmp},ec2_generated_1=()=>{var tmp=require("./ec2.generated");return ec2_generated_1=()=>tmp,tmp},network_util_1=()=>{var tmp=require("./network-util");return network_util_1=()=>tmp,tmp},core_1=()=>{var tmp=require("../../core");return core_1=()=>tmp,tmp},literal_string_1=()=>{var tmp=require("../../core/lib/private/literal-string");return literal_string_1=()=>tmp,tmp};class IpAddresses{static[JSII_RTTI_SYMBOL_1]={fqn:"aws-cdk-lib.aws_ec2.IpAddresses",version:"2.252.0"};static cidr(cidrBlock){return new Cidr(cidrBlock)}static awsIpamAllocation(props){try{jsiiDeprecationWarnings().aws_cdk_lib_aws_ec2_AwsIpamProps(props)}catch(error){throw process.env.JSII_DEBUG!=="1"&&error.name==="DeprecationError"&&Error.captureStackTrace(error,this.awsIpamAllocation),error}return new AwsIpam(props)}constructor(){}}exports.IpAddresses=IpAddresses;class AwsIpam{props;constructor(props){this.props=props}allocateVpcCidr(){return{ipv4NetmaskLength:this.props.ipv4NetmaskLength,ipv4IpamPoolId:this.props.ipv4IpamPoolId}}allocateSubnetsCidr(input){return{allocatedSubnets:(0,cidr_splits_1().calculateCidrSplits)(this.props.ipv4NetmaskLength,input.requestedSubnets.map((mask=>{if(mask.configuration.cidrMask===void 0&&this.props.defaultSubnetIpv4NetmaskLength===void 0)throw new(core_1()).UnscopedValidationError((0,literal_string_1().lit)`CidrSubnetsCaseDefaultcidrmask`,"If you have not set a cidr for all subnets in this case you must set a defaultCidrMask in AwsIpam Options");const cidrMask=mask.configuration.cidrMask??this.props.defaultSubnetIpv4NetmaskLength;if(cidrMask===void 0)throw new(core_1()).UnscopedValidationError((0,literal_string_1().lit)`ShouldNotShouldHappened`,"Should not have happened, but satisfies the type checker");return cidrMask}))).map(subnet=>({cidr:cidrSplitToCfnExpression(input.vpcCidr,subnet)}))}}}function cidrSplitToCfnExpression(parentCidr,split){if(split.count===1)return parentCidr;if(split.count<=256)return core_1().Fn.select(split.index,core_1().Fn.cidr(parentCidr,split.count,`${32-split.netmask}`));if(split.netmask-8<1)throw new(core_1()).UnscopedValidationError((0,literal_string_1().lit)`CannotSplitRange`,`Cannot split an IP range into ${split.count} /${split.netmask}s`);const parentSplit={netmask:split.netmask-8,count:Math.ceil(split.count/256),index:Math.floor(split.index/256)};return cidrSplitToCfnExpression(cidrSplitToCfnExpression(parentCidr,parentSplit),{netmask:split.netmask,count:256,index:split.index-parentSplit.index*256})}class Cidr{cidrBlock;networkBuilder;constructor(cidrBlock){if(this.cidrBlock=cidrBlock,core_1().Token.isUnresolved(cidrBlock))throw new(core_1()).UnscopedValidationError((0,literal_string_1().lit)`MustBeCidrPropertyConcrete`,"'cidr' property must be a concrete CIDR string, got a Token (we need to parse it for automatic subdivision)");this.networkBuilder=new(network_util_1()).NetworkBuilder(this.cidrBlock)}allocateVpcCidr(){return{cidrBlock:this.networkBuilder.networkCidr.cidr}}allocateSubnetsCidr(input){const allocatedSubnets=[],subnetsWithoutDefinedCidr=[];input.requestedSubnets.forEach((requestedSubnet,index)=>{requestedSubnet.configuration.cidrMask===void 0?subnetsWithoutDefinedCidr.push({index,requestedSubnet}):allocatedSubnets.push({cidr:this.networkBuilder.addSubnet(requestedSubnet.configuration.cidrMask)})});const cidrMaskForRemaining=this.networkBuilder.maskForRemainingSubnets(subnetsWithoutDefinedCidr.length);return subnetsWithoutDefinedCidr.forEach(subnet=>{allocatedSubnets.splice(subnet.index,0,{cidr:this.networkBuilder.addSubnet(cidrMaskForRemaining)})}),{allocatedSubnets}}}class Ipv6Addresses{static[JSII_RTTI_SYMBOL_1]={fqn:"aws-cdk-lib.aws_ec2.Ipv6Addresses",version:"2.252.0"};static amazonProvided(){return new AmazonProvided}constructor(){}}exports.Ipv6Addresses=Ipv6Addresses;class AmazonProvided{amazonProvided;constructor(){this.amazonProvided=!0}allocateVpcIpv6Cidr(input){return new(ec2_generated_1()).CfnVPCCidrBlock(input.scope,"ipv6cidr",{vpcId:input.vpcId,amazonProvidedIpv6CidrBlock:this.amazonProvided})}createIpv6CidrBlocks(input){const sizeMask=input.sizeMask??"64";return core_1().Fn.cidr(input.ipv6SelectedCidr,input.subnetCount,sizeMask)}allocateSubnetsIpv6Cidr(input){const allocatedSubnets=[];return input.allocatedSubnets.forEach((allocated,i)=>{const allocatedIpv6={cidr:allocated.cidr,ipv6Cidr:core_1().Fn.select(i,input.ipv6Cidrs)};allocatedSubnets.push(allocatedIpv6)}),{allocatedSubnets}}}

168
cdk/node_modules/aws-cdk-lib/aws-ec2/lib/key-pair.d.ts generated vendored Normal file
View File

@@ -0,0 +1,168 @@
import type { Construct } from 'constructs';
import type { IKeyPairRef, KeyPairReference } from './ec2.generated';
import { OperatingSystemType } from './machine-image';
import type { IStringParameter } from '../../aws-ssm';
import type { IResource, ResourceProps } from '../../core';
import { Resource } from '../../core';
/**
* The format of the Key Pair
*/
export declare enum KeyPairFormat {
/**
* A PPK file, typically used with PuTTY.
*/
PPK = "ppk",
/**
* A PEM file.
*/
PEM = "pem"
}
/**
* The type of the key pair.
*/
export declare enum KeyPairType {
/**
* An RSA key.
*/
RSA = "rsa",
/**
* An ED25519 key.
*
* Note that ED25519 keys are not supported for Windows instances.
*/
ED25519 = "ed25519"
}
/**
* The properties of a Key Pair
*/
export interface KeyPairProps extends ResourceProps {
/**
* A unique name for the key pair.
*
* @default A generated name
*/
readonly keyPairName?: string;
/**
* The format of the key pair.
*
* @default PEM
*/
readonly format?: KeyPairFormat;
/**
* The type of key pair.
*
* @default RSA (ignored if keyMaterial is provided)
*/
readonly type?: KeyPairType;
/**
* The public key material.
*
* If this is provided the key is considered "imported". For imported
* keys, it is assumed that you already have the private key material
* so the private key material will not be returned or stored in
* AWS Systems Manager Parameter Store.
*
* @default a public and private key will be generated
*/
readonly publicKeyMaterial?: string;
}
/**
* Attributes of a Key Pair.
*/
export interface KeyPairAttributes {
/**
* The unique name of the key pair.
*/
readonly keyPairName: string;
/**
* The type of the key pair.
*
* @default no type specified
*/
readonly type?: KeyPairType;
}
/**
* An EC2 Key Pair.
*/
export interface IKeyPair extends IResource, IKeyPairRef {
/**
* The name of the key pair.
*
* @attribute
*/
readonly keyPairName: string;
/**
* The type of the key pair.
*/
readonly type?: KeyPairType;
/**
* Used internally to determine whether the key pair is compatible with an OS type.
*
* @internal
*/
_isOsCompatible(osType: OperatingSystemType): boolean;
}
/**
* An EC2 Key Pair.
*
* @resource AWS::EC2::KeyPair
*/
export declare class KeyPair extends Resource implements IKeyPair {
/** Uniquely identifies this class. */
static readonly PROPERTY_INJECTION_ID: string;
/**
* Imports a key pair based on the name.
*/
static fromKeyPairName(scope: Construct, id: string, keyPairName: string): IKeyPair;
/**
* Imports a key pair with a name and optional type.
*/
static fromKeyPairAttributes(scope: Construct, id: string, attrs: KeyPairAttributes): IKeyPair;
/**
* The unique name of the key pair.
*
* @attribute
*/
readonly keyPairName: string;
/**
* The fingerprint of the key pair.
*
* @attribute
*/
readonly keyPairFingerprint: string;
/**
* The unique ID of the key pair.
*
* @attribute
*/
readonly keyPairId: string;
/**
* The type of the key pair.
*/
readonly type?: KeyPairType;
/**
* The format of the key pair.
*/
readonly format: KeyPairFormat;
private _privateKeySsm?;
private readonly _isImport;
constructor(scope: Construct, id: string, props?: KeyPairProps);
get keyPairRef(): KeyPairReference;
/**
* Whether the key material was imported.
*
* Keys with imported material do not have their private key material stored
* or returned automatically.
*/
get hasImportedMaterial(): boolean;
/**
* The Systems Manager Parameter Store parameter with the pair's private key material.
*/
get privateKey(): IStringParameter;
/**
* Used internally to determine whether the key pair is compatible with an OS type.
*
* @internal
*/
_isOsCompatible(osType: OperatingSystemType): boolean;
}

1
cdk/node_modules/aws-cdk-lib/aws-ec2/lib/key-pair.js generated vendored Normal file
View File

File diff suppressed because one or more lines are too long

524
cdk/node_modules/aws-cdk-lib/aws-ec2/lib/launch-template.d.ts generated vendored Normal file
View File

@@ -0,0 +1,524 @@
import type { Construct } from 'constructs';
import type { IConnectable } from './connections';
import { Connections } from './connections';
import type { ILaunchTemplateRef, IPlacementGroupRef, LaunchTemplateReference } from './ec2.generated';
import type { InstanceType } from './instance-types';
import type { IKeyPair } from './key-pair';
import type { IMachineImage, OperatingSystemType } from './machine-image';
import type { ISecurityGroup } from './security-group';
import type { UserData } from './user-data';
import type { BlockDevice } from './volume';
import * as iam from '../../aws-iam';
import type { Duration, Expiration, IResource } from '../../core';
import { Resource, TagManager } from '../../core';
/**
* Provides the options for specifying the CPU credit type for burstable EC2 instance types (T2, T3, T3a, etc).
*
* @see https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/burstable-performance-instances-how-to.html
*/
export declare enum CpuCredits {
/**
* Standard bursting mode.
* @see https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/burstable-performance-instances-standard-mode.html
*/
STANDARD = "standard",
/**
* Unlimited bursting mode.
* @see https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/burstable-performance-instances-unlimited-mode.html
*/
UNLIMITED = "unlimited"
}
/**
* Provides the options for specifying the instance initiated shutdown behavior.
*
* @see https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/terminating-instances.html#Using_ChangingInstanceInitiatedShutdownBehavior
*/
export declare enum InstanceInitiatedShutdownBehavior {
/**
* The instance will stop when it initiates a shutdown.
*/
STOP = "stop",
/**
* The instance will be terminated when it initiates a shutdown.
*/
TERMINATE = "terminate"
}
/**
* Interface for LaunchTemplate-like objects.
*/
export interface ILaunchTemplate extends IResource, ILaunchTemplateRef {
/**
* The version number of this launch template to use
*
* @attribute
*/
readonly versionNumber: string;
/**
* The identifier of the Launch Template
*
* Exactly one of `launchTemplateId` and `launchTemplateName` will be set.
*
* @attribute
*/
readonly launchTemplateId?: string;
/**
* The name of the Launch Template
*
* Exactly one of `launchTemplateId` and `launchTemplateName` will be set.
*
* @attribute
*/
readonly launchTemplateName?: string;
}
/**
* Provides the options for the types of interruption for spot instances.
*/
export declare enum SpotInstanceInterruption {
/**
* The instance will stop when interrupted.
*/
STOP = "stop",
/**
* The instance will be terminated when interrupted.
*/
TERMINATE = "terminate",
/**
* The instance will hibernate when interrupted.
*/
HIBERNATE = "hibernate"
}
/**
* The Spot Instance request type.
*
* @see https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/spot-requests.html
*/
export declare enum SpotRequestType {
/**
* A one-time Spot Instance request remains active until Amazon EC2 launches the Spot Instance,
* the request expires, or you cancel the request. If the Spot price exceeds your maximum price
* or capacity is not available, your Spot Instance is terminated and the Spot Instance request
* is closed.
*/
ONE_TIME = "one-time",
/**
* A persistent Spot Instance request remains active until it expires or you cancel it, even if
* the request is fulfilled. If the Spot price exceeds your maximum price or capacity is not available,
* your Spot Instance is interrupted. After your instance is interrupted, when your maximum price exceeds
* the Spot price or capacity becomes available again, the Spot Instance is started if stopped or resumed
* if hibernated.
*/
PERSISTENT = "persistent"
}
/**
* Interface for the Spot market instance options provided in a LaunchTemplate.
*/
export interface LaunchTemplateSpotOptions {
/**
* Spot Instances with a defined duration (also known as Spot blocks) are designed not to be interrupted and will run continuously for the duration you select.
* You can use a duration of 1, 2, 3, 4, 5, or 6 hours.
*
* @see https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/spot-requests.html#fixed-duration-spot-instances
*
* @default Requested spot instances do not have a pre-defined duration.
*/
readonly blockDuration?: Duration;
/**
* The behavior when a Spot Instance is interrupted.
*
* @default Spot instances will terminate when interrupted.
*/
readonly interruptionBehavior?: SpotInstanceInterruption;
/**
* Maximum hourly price you're willing to pay for each Spot instance. The value is given
* in dollars. ex: 0.01 for 1 cent per hour, or 0.001 for one-tenth of a cent per hour.
*
* @default Maximum hourly price will default to the on-demand price for the instance type.
*/
readonly maxPrice?: number;
/**
* The Spot Instance request type.
*
* If you are using Spot Instances with an Auto Scaling group, use one-time requests, as the
* Amazon EC2 Auto Scaling service handles requesting new Spot Instances whenever the group is
* below its desired capacity.
*
* @default One-time spot request.
*/
readonly requestType?: SpotRequestType;
/**
* The end date of the request. For a one-time request, the request remains active until all instances
* launch, the request is canceled, or this date is reached. If the request is persistent, it remains
* active until it is canceled or this date and time is reached.
*
* @default The default end date is 7 days from the current date.
*/
readonly validUntil?: Expiration;
}
/**
* The state of token usage for your instance metadata requests.
*
* @see https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-ec2-instance-metadataoptions.html#cfn-ec2-instance-metadataoptions-httptokens
* @see https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-ec2-launchtemplate-launchtemplatedata-metadataoptions.html#cfn-ec2-launchtemplate-launchtemplatedata-metadataoptions-httptokens
*/
export declare enum LaunchTemplateHttpTokens {
/**
* If the state is optional, you can choose to retrieve instance metadata with or without a signed token header on your request.
*/
OPTIONAL = "optional",
/**
* If the state is required, you must send a signed token header with any instance metadata retrieval requests. In this state,
* retrieving the IAM role credentials always returns the version 2.0 credentials; the version 1.0 credentials are not available.
*/
REQUIRED = "required"
}
/**
* Properties of a LaunchTemplate.
*/
export interface LaunchTemplateProps {
/**
* Name for this launch template.
*
* @default Automatically generated name
*/
readonly launchTemplateName?: string;
/**
* A description for the first version of the launch template.
*
* The version description must be maximum 255 characters long.
*
* @see https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ec2-launchtemplate.html#cfn-ec2-launchtemplate-versiondescription
*
* @default - No description
*/
readonly versionDescription?: string;
/**
* Type of instance to launch.
*
* @default - This Launch Template does not specify a default Instance Type.
*/
readonly instanceType?: InstanceType;
/**
* The AMI that will be used by instances.
*
* @default - This Launch Template does not specify a default AMI.
*/
readonly machineImage?: IMachineImage;
/**
* The user data to make available to the instance.
*
* @default - This Launch Template creates a UserData based on the type of provided
* machineImage; no UserData is created if a machineImage is not provided
*/
readonly userData?: UserData;
/**
* An IAM role to associate with the instance profile that is used by instances.
*
* The role must be assumable by the service principal `ec2.amazonaws.com`.
* Note: You can provide an instanceProfile or a role, but not both.
*
* @example
* const role = new iam.Role(this, 'MyRole', {
* assumedBy: new iam.ServicePrincipal('ec2.amazonaws.com')
* });
*
* @default - No new role is created.
*/
readonly role?: iam.IRole;
/**
* Specifies how block devices are exposed to the instance. You can specify virtual devices and EBS volumes.
*
* Each instance that is launched has an associated root device volume,
* either an Amazon EBS volume or an instance store volume.
* You can use block device mappings to specify additional EBS volumes or
* instance store volumes to attach to an instance when it is launched.
*
* @see https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/block-device-mapping-concepts.html
*
* @default - Uses the block device mapping of the AMI
*/
readonly blockDevices?: BlockDevice[];
/**
* CPU credit type for burstable EC2 instance types.
*
* @see https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/burstable-performance-instances.html
*
* @default - No credit type is specified in the Launch Template.
*/
readonly cpuCredits?: CpuCredits;
/**
* If you set this parameter to true, you cannot terminate the instances launched with this launch template
* using the Amazon EC2 console, CLI, or API; otherwise, you can.
*
* @default - The API termination setting is not specified in the Launch Template.
*/
readonly disableApiTermination?: boolean;
/**
* Indicates whether the instances are optimized for Amazon EBS I/O. This optimization provides dedicated throughput
* to Amazon EBS and an optimized configuration stack to provide optimal Amazon EBS I/O performance. This optimization
* isn't available with all instance types. Additional usage charges apply when using an EBS-optimized instance.
*
* @default - EBS optimization is not specified in the launch template.
*/
readonly ebsOptimized?: boolean;
/**
* If this parameter is set to true, the instance is enabled for AWS Nitro Enclaves; otherwise, it is not enabled for AWS Nitro Enclaves.
*
* @default - Enablement of Nitro enclaves is not specified in the launch template; defaulting to false.
*/
readonly nitroEnclaveEnabled?: boolean;
/**
* If you set this parameter to true, the instance is enabled for hibernation.
*
* @default - Hibernation configuration is not specified in the launch template; defaulting to false.
*/
readonly hibernationConfigured?: boolean;
/**
* Indicates whether an instance stops or terminates when you initiate shutdown from the instance (using the operating system command for system shutdown).
*
* @see https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/terminating-instances.html#Using_ChangingInstanceInitiatedShutdownBehavior
*
* @default - Shutdown behavior is not specified in the launch template; defaults to STOP.
*/
readonly instanceInitiatedShutdownBehavior?: InstanceInitiatedShutdownBehavior;
/**
* If this property is defined, then the Launch Template's InstanceMarketOptions will be
* set to use Spot instances, and the options for the Spot instances will be as defined.
*
* @default - Instance launched with this template will not be spot instances.
*/
readonly spotOptions?: LaunchTemplateSpotOptions;
/**
* Name of SSH keypair to grant access to instance
*
* @default - No SSH access will be possible.
* @deprecated - Use `keyPair` instead - https://docs.aws.amazon.com/cdk/api/v2/docs/aws-cdk-lib.aws_ec2-readme.html#using-an-existing-ec2-key-pair
*/
readonly keyName?: string;
/**
* The SSH keypair to grant access to the instance.
*
* @default - No SSH access will be possible.
*/
readonly keyPair?: IKeyPair;
/**
* If set to true, then detailed monitoring will be enabled on instances created with this
* launch template.
*
* @see https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/using-cloudwatch-new.html
*
* @default False - Detailed monitoring is disabled.
*/
readonly detailedMonitoring?: boolean;
/**
* Security group to assign to instances created with the launch template.
*
* @default No security group is assigned.
*/
readonly securityGroup?: ISecurityGroup;
/**
* Whether IMDSv2 should be required on launched instances.
*
* @default - false
*/
readonly requireImdsv2?: boolean;
/**
* Enables or disables the HTTP metadata endpoint on your instances.
*
* @see https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-ec2-launchtemplate-launchtemplatedata-metadataoptions.html#cfn-ec2-launchtemplate-launchtemplatedata-metadataoptions-httpendpoint
*
* @default true
*/
readonly httpEndpoint?: boolean;
/**
* Enables or disables the IPv6 endpoint for the instance metadata service.
*
* @see https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-ec2-launchtemplate-launchtemplatedata-metadataoptions.html#cfn-ec2-launchtemplate-launchtemplatedata-metadataoptions-httpprotocolipv6
*
* @default true
*/
readonly httpProtocolIpv6?: boolean;
/**
* The desired HTTP PUT response hop limit for instance metadata requests. The larger the number, the further instance metadata requests can travel.
*
* @see https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-ec2-launchtemplate-launchtemplatedata-metadataoptions.html#cfn-ec2-launchtemplate-launchtemplatedata-metadataoptions-httpputresponsehoplimit
*
* @default 1
*/
readonly httpPutResponseHopLimit?: number;
/**
* The state of token usage for your instance metadata requests. The default state is `optional` if not specified. However,
* if requireImdsv2 is true, the state must be `required`.
*
* @see https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-ec2-launchtemplate-launchtemplatedata-metadataoptions.html#cfn-ec2-launchtemplate-launchtemplatedata-metadataoptions-httptokens
*
* @default LaunchTemplateHttpTokens.OPTIONAL
*/
readonly httpTokens?: LaunchTemplateHttpTokens;
/**
* Set to enabled to allow access to instance tags from the instance metadata. Set to disabled to turn off access to instance tags from the instance metadata.
*
* @see https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-ec2-launchtemplate-launchtemplatedata-metadataoptions.html#cfn-ec2-launchtemplate-launchtemplatedata-metadataoptions-instancemetadatatags
*
* @default false
*/
readonly instanceMetadataTags?: boolean;
/**
* Whether instances should have a public IP addresses associated with them.
*
* @default - Use subnet settings
*/
readonly associatePublicIpAddress?: boolean;
/**
* The instance profile used to pass role information to EC2 instances.
*
* Note: You can provide an instanceProfile or a role, but not both.
*
* @default - No instance profile
*/
readonly instanceProfile?: iam.IInstanceProfile;
/**
* The placement group that you want to launch the instance into.
*
* @default - no placement group will be used for this launch template.
*/
readonly placementGroup?: IPlacementGroupRef;
}
/**
* A class that provides convenient access to special version tokens for LaunchTemplate
* versions.
*/
export declare class LaunchTemplateSpecialVersions {
/**
* The special value that denotes that users of a Launch Template should
* reference the LATEST version of the template.
*/
static readonly LATEST_VERSION: string;
/**
* The special value that denotes that users of a Launch Template should
* reference the DEFAULT version of the template.
*/
static readonly DEFAULT_VERSION: string;
}
/**
* Attributes for an imported LaunchTemplate.
*/
export interface LaunchTemplateAttributes {
/**
* The version number of this launch template to use
*
* @default Version: "$Default"
*/
readonly versionNumber?: string;
/**
* The identifier of the Launch Template
*
* Exactly one of `launchTemplateId` and `launchTemplateName` may be set.
*
* @default None
*/
readonly launchTemplateId?: string;
/**
* The name of the Launch Template
*
* Exactly one of `launchTemplateId` and `launchTemplateName` may be set.
*
* @default None
*/
readonly launchTemplateName?: string;
}
/**
* This represents an EC2 LaunchTemplate.
*
* @see https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ec2-launch-templates.html
*/
export declare class LaunchTemplate extends Resource implements ILaunchTemplate, iam.IGrantable, IConnectable {
/**
* Uniquely identifies this class.
*/
static readonly PROPERTY_INJECTION_ID: string;
/**
* Import an existing LaunchTemplate.
*/
static fromLaunchTemplateAttributes(scope: Construct, id: string, attrs: LaunchTemplateAttributes): ILaunchTemplate;
readonly launchTemplateId?: string;
readonly launchTemplateName?: string;
/**
* The default version for the launch template.
*
* @attribute
*/
readonly defaultVersionNumber: string;
/**
* The latest version of the launch template.
*
* @attribute
*/
readonly latestVersionNumber: string;
/**
* The type of OS the instance is running.
*
* @attribute
*/
readonly osType?: OperatingSystemType;
/**
* The AMI ID of the image to use
*
* @attribute
*/
readonly imageId?: string;
/**
* IAM Role assumed by instances that are launched from this template.
*
* @attribute
*/
readonly role?: iam.IRole;
/**
* UserData executed by instances that are launched from this template.
*
* @attribute
*/
readonly userData?: UserData;
/**
* Type of instance to launch.
*
* @attribute
*/
readonly instanceType?: InstanceType;
/**
* Principal to grant permissions to.
* @internal
*/
protected readonly _grantPrincipal?: iam.IPrincipal;
/**
* Allows specifying security group connections for the instance.
* @internal
*/
protected readonly _connections?: Connections;
/**
* TagManager for tagging support.
*/
protected readonly tags: TagManager;
private resource?;
constructor(scope: Construct, id: string, props?: LaunchTemplateProps);
get versionNumber(): string;
get launchTemplateRef(): LaunchTemplateReference;
private renderMetadataOptions;
/**
* Add the security group to the instance.
*
* @param securityGroup: The security group to add
*/
addSecurityGroup(securityGroup: ISecurityGroup): void;
/**
* Allows specifying security group connections for the instance.
*
* @note Only available if you provide a securityGroup when constructing the LaunchTemplate.
*/
get connections(): Connections;
/**
* Principal to grant permissions to.
*
* @note Only available if you provide a role when constructing the LaunchTemplate.
*/
get grantPrincipal(): iam.IPrincipal;
}

1
cdk/node_modules/aws-cdk-lib/aws-ec2/lib/launch-template.js generated vendored Normal file
View File

File diff suppressed because one or more lines are too long

64
cdk/node_modules/aws-cdk-lib/aws-ec2/lib/machine-image/amazon-linux-2022.d.ts generated vendored Normal file
View File

@@ -0,0 +1,64 @@
import type { AmazonLinuxImageSsmParameterCommonOptions } from './common';
import { AmazonLinuxImageSsmParameterBase } from './common';
/**
* Amazon Linux 2022 kernel versions
*/
export declare class AmazonLinux2022Kernel {
private readonly version;
/**
* The latest kernel version currently available in a published AMI.
*
* When a new kernel version is available for an al2022 AMI this will be
* updated to contain the latest kernel version and will cause your instances
* to be replaced. Do not store stateful information on the instance if you are
* using this version.
*/
static readonly CDK_LATEST: AmazonLinux2022Kernel;
/**
* The default kernel version for Amazon Linux 2022 is 5.15 and
* the SSM parameter does not include it in the name
* (i.e. /aws/service/ami-amazon-linux-latest/amzn2022-ami-kernel-default-x86_64)
*/
static readonly DEFAULT: AmazonLinux2022Kernel;
/**
* Kernel version 5.15
*/
static readonly KERNEL_5_15: AmazonLinux2022Kernel;
constructor(version: string);
/**
* Generate a string representation of the kernel
*/
toString(): string;
}
/**
* Properties specific to al2022 images
*/
export interface AmazonLinux2022ImageSsmParameterProps extends AmazonLinuxImageSsmParameterCommonOptions {
/**
* What kernel version of Amazon Linux to use
*
* @default AmazonLinux2022Kernel.DEFAULT
*/
readonly kernel?: AmazonLinux2022Kernel;
}
/**
* A SSM Parameter that contains the AMI ID for Amazon Linux 2023
*/
export declare class AmazonLinux2022ImageSsmParameter extends AmazonLinuxImageSsmParameterBase {
/**
* Generates a SSM Parameter name for a specific amazon linux 2022 AMI
*
* Example values:
*
* "/aws/service/ami-amazon-linux-latest/al2022-ami-kernel-5.15-x86_64",
* "/aws/service/ami-amazon-linux-latest/al2022-ami-kernel-default-x86_64",
* "/aws/service/ami-amazon-linux-latest/al2022-ami-minimal-kernel-5.15-arm64",
* "/aws/service/ami-amazon-linux-latest/al2022-ami-minimal-kernel-5.15-x86_64",
* "/aws/service/ami-amazon-linux-latest/al2022-ami-kernel-5.15-arm64",
* "/aws/service/ami-amazon-linux-latest/al2022-ami-minimal-kernel-default-arm64",
* "/aws/service/ami-amazon-linux-latest/al2022-ami-minimal-kernel-default-x86_64",
* "/aws/service/ami-amazon-linux-latest/al2022-ami-kernel-default-arm64",
*/
static ssmParameterName(props: AmazonLinux2022ImageSsmParameterProps): string;
constructor(props: AmazonLinux2022ImageSsmParameterProps);
}

1
cdk/node_modules/aws-cdk-lib/aws-ec2/lib/machine-image/amazon-linux-2022.js generated vendored Normal file
View File

@@ -0,0 +1 @@
"use strict";Object.defineProperty(exports,"__esModule",{value:!0}),exports.AmazonLinux2022ImageSsmParameter=exports.AmazonLinux2022Kernel=void 0;var jsiiDeprecationWarnings=()=>{var tmp=require("../../../.warnings.jsii.js");return jsiiDeprecationWarnings=()=>tmp,tmp};const JSII_RTTI_SYMBOL_1=Symbol.for("jsii.rtti");var common_1=()=>{var tmp=require("./common");return common_1=()=>tmp,tmp};class AmazonLinux2022Kernel{version;static[JSII_RTTI_SYMBOL_1]={fqn:"aws-cdk-lib.aws_ec2.AmazonLinux2022Kernel",version:"2.252.0"};static CDK_LATEST=new AmazonLinux2022Kernel("5.15");static DEFAULT=new AmazonLinux2022Kernel("default");static KERNEL_5_15=new AmazonLinux2022Kernel("5.15");constructor(version){this.version=version}toString(){return`kernel-${this.version}`}}exports.AmazonLinux2022Kernel=AmazonLinux2022Kernel;class AmazonLinux2022ImageSsmParameter extends common_1().AmazonLinuxImageSsmParameterBase{static[JSII_RTTI_SYMBOL_1]={fqn:"aws-cdk-lib.aws_ec2.AmazonLinux2022ImageSsmParameter",version:"2.252.0"};static ssmParameterName(props){try{jsiiDeprecationWarnings().aws_cdk_lib_aws_ec2_AmazonLinux2022ImageSsmParameterProps(props)}catch(error){throw process.env.JSII_DEBUG!=="1"&&error.name==="DeprecationError"&&Error.captureStackTrace(error,this.ssmParameterName),error}const edition=props&&props.edition||common_1().AmazonLinuxEdition.STANDARD;return"/aws/service/ami-amazon-linux-latest/"+[common_1().AmazonLinuxGeneration.AMAZON_LINUX_2022,"ami",edition!==common_1().AmazonLinuxEdition.STANDARD?edition:void 0,props.kernel?.toString(),props.cpuType??common_1().AmazonLinuxCpuType.X86_64].filter(x=>!!x).join("-")}constructor(props){super({parameterName:AmazonLinux2022ImageSsmParameter.ssmParameterName(props),cachedInContext:props.cachedInContext,additionalCacheKey:props.additionalCacheKey,userData:props.userData});try{jsiiDeprecationWarnings().aws_cdk_lib_aws_ec2_AmazonLinux2022ImageSsmParameterProps(props)}catch(error){throw process.env.JSII_DEBUG!=="1"&&error.name==="DeprecationError"&&Error.captureStackTrace(error,AmazonLinux2022ImageSsmParameter),error}}}exports.AmazonLinux2022ImageSsmParameter=AmazonLinux2022ImageSsmParameter;

64
cdk/node_modules/aws-cdk-lib/aws-ec2/lib/machine-image/amazon-linux-2023.d.ts generated vendored Normal file
View File

@@ -0,0 +1,64 @@
import type { AmazonLinuxImageSsmParameterCommonOptions } from './common';
import { AmazonLinuxImageSsmParameterBase } from './common';
/**
* Amazon Linux 2023 kernel versions
*/
export declare class AmazonLinux2023Kernel {
private readonly version;
/**
* The latest kernel version currently available in a published AMI.
*
* When a new kernel version is available for an al2023 AMI this will be
* updated to contain the latest kernel version and will cause your instances
* to be replaced. Do not store stateful information on the instance if you are
* using this version.
*/
static readonly CDK_LATEST: AmazonLinux2023Kernel;
/**
* The default kernel version for Amazon Linux 2023 is 6.1 and
* the SSM parameter does not include it in the name
* (i.e. /aws/service/ami-amazon-linux-latest/amzn2023-ami-kernel-default-x86_64)
*/
static readonly DEFAULT: AmazonLinux2023Kernel;
/**
* Kernel version 6.1
*/
static readonly KERNEL_6_1: AmazonLinux2023Kernel;
constructor(version: string);
/**
* Generate a string representation of the kernel
*/
toString(): string;
}
/**
* Properties specific to al2023 images
*/
export interface AmazonLinux2023ImageSsmParameterProps extends AmazonLinuxImageSsmParameterCommonOptions {
/**
* What kernel version of Amazon Linux to use
*
* @default AmazonLinux2023Kernel.DEFAULT
*/
readonly kernel?: AmazonLinux2023Kernel;
}
/**
* A SSM Parameter that contains the AMI ID for Amazon Linux 2023
*/
export declare class AmazonLinux2023ImageSsmParameter extends AmazonLinuxImageSsmParameterBase {
/**
* Generates a SSM Parameter name for a specific amazon linux 2023 AMI
*
* Example values:
*
* "/aws/service/ami-amazon-linux-latest/al2023-ami-kernel-6.1-arm64",
* "/aws/service/ami-amazon-linux-latest/al2023-ami-kernel-6.1-x86_64",
* "/aws/service/ami-amazon-linux-latest/al2023-ami-minimal-kernel-6.1-arm64",
* "/aws/service/ami-amazon-linux-latest/al2023-ami-minimal-kernel-6.1-x86_64",
* "/aws/service/ami-amazon-linux-latest/al2023-ami-minimal-kernel-default-arm64",
* "/aws/service/ami-amazon-linux-latest/al2023-ami-kernel-default-x86_64",
* "/aws/service/ami-amazon-linux-latest/al2023-ami-minimal-kernel-default-x86_64",
* "/aws/service/ami-amazon-linux-latest/al2023-ami-kernel-default-arm64",
*/
static ssmParameterName(props: AmazonLinux2023ImageSsmParameterProps): string;
constructor(props?: AmazonLinux2023ImageSsmParameterProps);
}

1
cdk/node_modules/aws-cdk-lib/aws-ec2/lib/machine-image/amazon-linux-2023.js generated vendored Normal file
View File

@@ -0,0 +1 @@
"use strict";Object.defineProperty(exports,"__esModule",{value:!0}),exports.AmazonLinux2023ImageSsmParameter=exports.AmazonLinux2023Kernel=void 0;var jsiiDeprecationWarnings=()=>{var tmp=require("../../../.warnings.jsii.js");return jsiiDeprecationWarnings=()=>tmp,tmp};const JSII_RTTI_SYMBOL_1=Symbol.for("jsii.rtti");var common_1=()=>{var tmp=require("./common");return common_1=()=>tmp,tmp};class AmazonLinux2023Kernel{version;static[JSII_RTTI_SYMBOL_1]={fqn:"aws-cdk-lib.aws_ec2.AmazonLinux2023Kernel",version:"2.252.0"};static CDK_LATEST=new AmazonLinux2023Kernel("6.1");static DEFAULT=new AmazonLinux2023Kernel("default");static KERNEL_6_1=new AmazonLinux2023Kernel("6.1");constructor(version){this.version=version}toString(){return`kernel-${this.version}`}}exports.AmazonLinux2023Kernel=AmazonLinux2023Kernel;class AmazonLinux2023ImageSsmParameter extends common_1().AmazonLinuxImageSsmParameterBase{static[JSII_RTTI_SYMBOL_1]={fqn:"aws-cdk-lib.aws_ec2.AmazonLinux2023ImageSsmParameter",version:"2.252.0"};static ssmParameterName(props){try{jsiiDeprecationWarnings().aws_cdk_lib_aws_ec2_AmazonLinux2023ImageSsmParameterProps(props)}catch(error){throw process.env.JSII_DEBUG!=="1"&&error.name==="DeprecationError"&&Error.captureStackTrace(error,this.ssmParameterName),error}const edition=props&&props.edition||common_1().AmazonLinuxEdition.STANDARD;return"/aws/service/ami-amazon-linux-latest/"+[common_1().AmazonLinuxGeneration.AMAZON_LINUX_2023,"ami",edition!==common_1().AmazonLinuxEdition.STANDARD?edition:void 0,(props.kernel??AmazonLinux2023Kernel.DEFAULT)?.toString(),props.cpuType??common_1().AmazonLinuxCpuType.X86_64].filter(x=>!!x).join("-")}constructor(props={}){super({parameterName:AmazonLinux2023ImageSsmParameter.ssmParameterName(props),cachedInContext:props.cachedInContext,additionalCacheKey:props.additionalCacheKey,userData:props.userData});try{jsiiDeprecationWarnings().aws_cdk_lib_aws_ec2_AmazonLinux2023ImageSsmParameterProps(props)}catch(error){throw process.env.JSII_DEBUG!=="1"&&error.name==="DeprecationError"&&Error.captureStackTrace(error,AmazonLinux2023ImageSsmParameter),error}}}exports.AmazonLinux2023ImageSsmParameter=AmazonLinux2023ImageSsmParameter;

77
cdk/node_modules/aws-cdk-lib/aws-ec2/lib/machine-image/amazon-linux2.d.ts generated vendored Normal file
View File

@@ -0,0 +1,77 @@
import type { AmazonLinuxImageSsmParameterCommonOptions } from './common';
import { AmazonLinuxImageSsmParameterBase, AmazonLinuxStorage, AmazonLinuxVirt } from './common';
/**
* Amazon Linux 2 kernel versions
*/
export declare class AmazonLinux2Kernel {
private readonly version;
/**
* The latest kernel version currently available in a published AMI.
*
* When a new kernel version is available for an amzn2 AMI this will be
* updated to contain the latest kernel version and will cause your instances
* to be replaced. Do not store stateful information on the instance if you are
* using this version.
*/
static readonly CDK_LATEST: AmazonLinux2Kernel;
/**
* The default kernel version for Amazon Linux 2 is 4.14 and
* Linux 4.14.311-233.529.amzn2.x86_64
* the SSM parameter does not include it in the name
* (i.e. /aws/service/ami-amazon-linux-latest/amzn2-ami-hvm-x86_64-gp2)
*/
static readonly DEFAULT: AmazonLinux2Kernel;
/**
* Kernel version 5.10
*/
static readonly KERNEL_5_10: AmazonLinux2Kernel;
constructor(version: string);
/**
* Generate a string representation of the kernel
*/
toString(): string | undefined;
}
/**
* Properties specific to amzn2 images
*/
export interface AmazonLinux2ImageSsmParameterProps extends AmazonLinuxImageSsmParameterCommonOptions {
/**
* What storage backed image to use
*
* @default GeneralPurpose
*/
readonly storage?: AmazonLinuxStorage;
/**
* What kernel version of Amazon Linux to use
*
* @default -
*/
readonly kernel?: AmazonLinux2Kernel;
/**
* Virtualization type
*
* @default HVM
*/
readonly virtualization?: AmazonLinuxVirt;
}
/**
* A SSM Parameter that contains the AMI ID for Amazon Linux 2
*/
export declare class AmazonLinux2ImageSsmParameter extends AmazonLinuxImageSsmParameterBase {
/**
* Generates a SSM Parameter name for a specific amazon linux 2 AMI
*
* Example values:
*
* "/aws/service/ami-amazon-linux-latest/amzn2-ami-hvm-x86_64-ebs",
* "/aws/service/ami-amazon-linux-latest/amzn2-ami-hvm-x86_64-gp2",
* "/aws/service/ami-amazon-linux-latest/amzn2-ami-kernel-5.10-hvm-x86_64-ebs",
* "/aws/service/ami-amazon-linux-latest/amzn2-ami-hvm-arm64-gp2",
* "/aws/service/ami-amazon-linux-latest/amzn2-ami-minimal-hvm-arm64-ebs",
* "/aws/service/ami-amazon-linux-latest/amzn2-ami-kernel-5.10-hvm-arm64-gp2",
* "/aws/service/ami-amazon-linux-latest/amzn2-ami-kernel-5.10-hvm-x86_64-gp2",
* "/aws/service/ami-amazon-linux-latest/amzn2-ami-minimal-hvm-x86_64-ebs"
*/
static ssmParameterName(props: AmazonLinux2ImageSsmParameterProps): string;
constructor(props: AmazonLinux2ImageSsmParameterProps);
}

1
cdk/node_modules/aws-cdk-lib/aws-ec2/lib/machine-image/amazon-linux2.js generated vendored Normal file
View File

@@ -0,0 +1 @@
"use strict";Object.defineProperty(exports,"__esModule",{value:!0}),exports.AmazonLinux2ImageSsmParameter=exports.AmazonLinux2Kernel=void 0;var jsiiDeprecationWarnings=()=>{var tmp=require("../../../.warnings.jsii.js");return jsiiDeprecationWarnings=()=>tmp,tmp};const JSII_RTTI_SYMBOL_1=Symbol.for("jsii.rtti");var common_1=()=>{var tmp=require("./common");return common_1=()=>tmp,tmp};class AmazonLinux2Kernel{version;static[JSII_RTTI_SYMBOL_1]={fqn:"aws-cdk-lib.aws_ec2.AmazonLinux2Kernel",version:"2.252.0"};static CDK_LATEST=new AmazonLinux2Kernel("5.10");static DEFAULT=new AmazonLinux2Kernel("default");static KERNEL_5_10=new AmazonLinux2Kernel("5.10");constructor(version){this.version=version}toString(){return this.version==="default"?void 0:`kernel-${this.version}`}}exports.AmazonLinux2Kernel=AmazonLinux2Kernel;class AmazonLinux2ImageSsmParameter extends common_1().AmazonLinuxImageSsmParameterBase{static[JSII_RTTI_SYMBOL_1]={fqn:"aws-cdk-lib.aws_ec2.AmazonLinux2ImageSsmParameter",version:"2.252.0"};static ssmParameterName(props){try{jsiiDeprecationWarnings().aws_cdk_lib_aws_ec2_AmazonLinux2ImageSsmParameterProps(props)}catch(error){throw process.env.JSII_DEBUG!=="1"&&error.name==="DeprecationError"&&Error.captureStackTrace(error,this.ssmParameterName),error}const edition=props&&props.edition||common_1().AmazonLinuxEdition.STANDARD;return"/aws/service/ami-amazon-linux-latest/"+[common_1().AmazonLinuxGeneration.AMAZON_LINUX_2,"ami",edition!==common_1().AmazonLinuxEdition.STANDARD?edition:void 0,props.kernel?.toString(),props.virtualization??common_1().AmazonLinuxVirt.HVM,props.cpuType??common_1().AmazonLinuxCpuType.X86_64,props.storage??common_1().AmazonLinuxStorage.GENERAL_PURPOSE].filter(x=>!!x).join("-")}constructor(props){super({parameterName:AmazonLinux2ImageSsmParameter.ssmParameterName(props),cachedInContext:props.cachedInContext,additionalCacheKey:props.additionalCacheKey,userData:props.userData});try{jsiiDeprecationWarnings().aws_cdk_lib_aws_ec2_AmazonLinux2ImageSsmParameterProps(props)}catch(error){throw process.env.JSII_DEBUG!=="1"&&error.name==="DeprecationError"&&Error.captureStackTrace(error,AmazonLinux2ImageSsmParameter),error}}}exports.AmazonLinux2ImageSsmParameter=AmazonLinux2ImageSsmParameter;

187
cdk/node_modules/aws-cdk-lib/aws-ec2/lib/machine-image/common.d.ts generated vendored Normal file
View File

@@ -0,0 +1,187 @@
import type { Construct } from 'constructs';
import { UserData } from '../user-data';
/**
* Common options across all generations.
*/
export interface AmazonLinuxImageSsmParameterCommonOptions extends AmazonLinuxImageSsmParameterBaseOptions {
/**
* What edition of Amazon Linux to use
*
* @default AmazonLinuxEdition.Standard
*/
readonly edition?: AmazonLinuxEdition;
/**
* CPU Type
*
* @default AmazonLinuxCpuType.X86_64
*/
readonly cpuType?: AmazonLinuxCpuType;
}
/**
* Base options for amazon linux ssm parameters
*/
export interface AmazonLinuxImageSsmParameterBaseOptions {
/**
* Whether the AMI ID is cached to be stable between deployments
*
* By default, the newest image is used on each deployment. This will cause
* instances to be replaced whenever a new version is released, and may cause
* downtime if there aren't enough running instances in the AutoScalingGroup
* to reschedule the tasks on.
*
* If set to true, the AMI ID will be cached in `cdk.context.json` and the
* same value will be used on future runs. Your instances will not be replaced
* but your AMI version will grow old over time. To refresh the AMI lookup,
* you will have to evict the value from the cache using the `cdk context`
* command. See https://docs.aws.amazon.com/cdk/latest/guide/context.html for
* more information.
*
* Can not be set to `true` in environment-agnostic stacks.
*
* @default false
*/
readonly cachedInContext?: boolean;
/**
* Adds an additional discriminator to the `cdk.context.json` cache key.
*
* @default - no additional cache key
*/
readonly additionalCacheKey?: string;
/**
* Initial user data
*
* @default - Empty UserData for Linux machines
*/
readonly userData?: UserData;
}
/**
* Base properties for an Amazon Linux SSM Parameter
*/
export interface AmazonLinuxImageSsmParameterBaseProps extends AmazonLinuxImageSsmParameterBaseOptions {
/**
* The name of the SSM parameter that contains the AMI value
*/
readonly parameterName: string;
}
export declare abstract class AmazonLinuxImageSsmParameterBase implements IMachineImage {
private readonly props;
private readonly cachedInContext;
constructor(props: AmazonLinuxImageSsmParameterBaseProps);
getImage(scope: Construct): MachineImageConfig;
}
/**
* What generation of Amazon Linux to use
*/
export declare enum AmazonLinuxGeneration {
/**
* Amazon Linux
*/
AMAZON_LINUX = "amzn",
/**
* Amazon Linux 2
*/
AMAZON_LINUX_2 = "amzn2",
/**
* Amazon Linux 2022
*/
AMAZON_LINUX_2022 = "al2022",
/**
* Amazon Linux 2023
*/
AMAZON_LINUX_2023 = "al2023"
}
/**
* Interface for classes that can select an appropriate machine image to use
*/
export interface IMachineImage {
/**
* Return the image to use in the given context
*/
getImage(scope: Construct): MachineImageConfig;
}
/**
* Configuration for a machine image
*/
export interface MachineImageConfig {
/**
* The AMI ID of the image to use
*/
readonly imageId: string;
/**
* Operating system type for this image
*/
readonly osType: OperatingSystemType;
/**
* Initial UserData for this image
*/
readonly userData: UserData;
}
/**
* The OS type of a particular image
*/
export declare enum OperatingSystemType {
LINUX = 0,
WINDOWS = 1,
/**
* Used when the type of the operating system is not known
* (for example, for imported Auto-Scaling Groups).
*/
UNKNOWN = 2
}
/**
* CPU type
*/
export declare enum AmazonLinuxCpuType {
/**
* arm64 CPU type
*/
ARM_64 = "arm64",
/**
* x86_64 CPU type
*/
X86_64 = "x86_64"
}
/**
* Amazon Linux edition
*/
export declare enum AmazonLinuxEdition {
/**
* Standard edition
*/
STANDARD = "standard",
/**
* Minimal edition
*/
MINIMAL = "minimal"
}
/**
* Virtualization type for Amazon Linux
*/
export declare enum AmazonLinuxVirt {
/**
* HVM virtualization (recommended)
*/
HVM = "hvm",
/**
* PV virtualization
*/
PV = "pv"
}
/**
* Available storage options for Amazon Linux images
* Only applies to Amazon Linux & Amazon Linux 2
*/
export declare enum AmazonLinuxStorage {
/**
* EBS-backed storage
*/
EBS = "ebs",
/**
* S3-backed storage
*/
S3 = "s3",
/**
* General Purpose-based storage (recommended)
*/
GENERAL_PURPOSE = "gp2"
}

1
cdk/node_modules/aws-cdk-lib/aws-ec2/lib/machine-image/common.js generated vendored Normal file
View File

@@ -0,0 +1 @@
"use strict";Object.defineProperty(exports,"__esModule",{value:!0}),exports.AmazonLinuxStorage=exports.AmazonLinuxVirt=exports.AmazonLinuxEdition=exports.AmazonLinuxCpuType=exports.OperatingSystemType=exports.AmazonLinuxGeneration=exports.AmazonLinuxImageSsmParameterBase=void 0;var jsiiDeprecationWarnings=()=>{var tmp=require("../../../.warnings.jsii.js");return jsiiDeprecationWarnings=()=>tmp,tmp};const JSII_RTTI_SYMBOL_1=Symbol.for("jsii.rtti");var utils_1=()=>{var tmp=require("./utils");return utils_1=()=>tmp,tmp},user_data_1=()=>{var tmp=require("../user-data");return user_data_1=()=>tmp,tmp};class AmazonLinuxImageSsmParameterBase{props;static[JSII_RTTI_SYMBOL_1]={fqn:"aws-cdk-lib.aws_ec2.AmazonLinuxImageSsmParameterBase",version:"2.252.0"};cachedInContext;constructor(props){this.props=props;try{jsiiDeprecationWarnings().aws_cdk_lib_aws_ec2_AmazonLinuxImageSsmParameterBaseProps(props)}catch(error){throw process.env.JSII_DEBUG!=="1"&&error.name==="DeprecationError"&&Error.captureStackTrace(error,AmazonLinuxImageSsmParameterBase),error}this.cachedInContext=this.props.cachedInContext??!0}getImage(scope){const imageId=(0,utils_1().lookupImage)(scope,this.cachedInContext,this.props.parameterName,this.props.additionalCacheKey),osType=OperatingSystemType.LINUX;return{imageId,osType,userData:this.props.userData??user_data_1().UserData.forLinux()}}}exports.AmazonLinuxImageSsmParameterBase=AmazonLinuxImageSsmParameterBase;var AmazonLinuxGeneration;(function(AmazonLinuxGeneration2){AmazonLinuxGeneration2.AMAZON_LINUX="amzn",AmazonLinuxGeneration2.AMAZON_LINUX_2="amzn2",AmazonLinuxGeneration2.AMAZON_LINUX_2022="al2022",AmazonLinuxGeneration2.AMAZON_LINUX_2023="al2023"})(AmazonLinuxGeneration||(exports.AmazonLinuxGeneration=AmazonLinuxGeneration={}));var OperatingSystemType;(function(OperatingSystemType2){OperatingSystemType2[OperatingSystemType2.LINUX=0]="LINUX",OperatingSystemType2[OperatingSystemType2.WINDOWS=1]="WINDOWS",OperatingSystemType2[OperatingSystemType2.UNKNOWN=2]="UNKNOWN"})(OperatingSystemType||(exports.OperatingSystemType=OperatingSystemType={}));var AmazonLinuxCpuType;(function(AmazonLinuxCpuType2){AmazonLinuxCpuType2.ARM_64="arm64",AmazonLinuxCpuType2.X86_64="x86_64"})(AmazonLinuxCpuType||(exports.AmazonLinuxCpuType=AmazonLinuxCpuType={}));var AmazonLinuxEdition;(function(AmazonLinuxEdition2){AmazonLinuxEdition2.STANDARD="standard",AmazonLinuxEdition2.MINIMAL="minimal"})(AmazonLinuxEdition||(exports.AmazonLinuxEdition=AmazonLinuxEdition={}));var AmazonLinuxVirt;(function(AmazonLinuxVirt2){AmazonLinuxVirt2.HVM="hvm",AmazonLinuxVirt2.PV="pv"})(AmazonLinuxVirt||(exports.AmazonLinuxVirt=AmazonLinuxVirt={}));var AmazonLinuxStorage;(function(AmazonLinuxStorage2){AmazonLinuxStorage2.EBS="ebs",AmazonLinuxStorage2.S3="s3",AmazonLinuxStorage2.GENERAL_PURPOSE="gp2"})(AmazonLinuxStorage||(exports.AmazonLinuxStorage=AmazonLinuxStorage={}));

5
cdk/node_modules/aws-cdk-lib/aws-ec2/lib/machine-image/index.d.ts generated vendored Normal file
View File

@@ -0,0 +1,5 @@
export * from './common';
export * from './amazon-linux2';
export * from './machine-image';
export * from './amazon-linux-2022';
export * from './amazon-linux-2023';

1
cdk/node_modules/aws-cdk-lib/aws-ec2/lib/machine-image/index.js generated vendored Normal file
View File

File diff suppressed because one or more lines are too long

473
cdk/node_modules/aws-cdk-lib/aws-ec2/lib/machine-image/machine-image.d.ts generated vendored Normal file
View File

@@ -0,0 +1,473 @@
import type { Construct } from 'constructs';
import type { AmazonLinux2022ImageSsmParameterProps } from './amazon-linux-2022';
import type { AmazonLinux2023ImageSsmParameterProps } from './amazon-linux-2023';
import type { AmazonLinux2ImageSsmParameterProps } from './amazon-linux2';
import type { IMachineImage, MachineImageConfig } from './common';
import { AmazonLinuxCpuType, AmazonLinuxEdition, AmazonLinuxGeneration, AmazonLinuxStorage, AmazonLinuxVirt, OperatingSystemType } from './common';
import { UserData } from '../user-data';
import { WindowsVersion } from '../windows-versions';
/**
* Factory functions for standard Amazon Machine Image objects.
*/
export declare abstract class MachineImage {
/**
* A Windows image that is automatically kept up-to-date
*
* This Machine Image automatically updates to the latest version on every
* deployment. Be aware this will cause your instances to be replaced when a
* new version of the image becomes available. Do not store stateful information
* on the instance if you are using this image.
*/
static latestWindows(version: WindowsVersion, props?: WindowsImageProps): IMachineImage;
/**
* An Amazon Linux 2 image that is automatically kept up-to-date
*
* This Machine Image automatically updates to the latest version on every
* deployment. Be aware this will cause your instances to be replaced when a
* new version of the image becomes available. Do not store stateful information
* on the instance if you are using this image.
*/
static latestAmazonLinux2(props?: AmazonLinux2ImageSsmParameterProps): IMachineImage;
/**
* An Amazon Linux 2022 image that is automatically kept up-to-date
*
* This Machine Image automatically updates to the latest version on every
* deployment. Be aware this will cause your instances to be replaced when a
* new version of the image becomes available. Do not store stateful information
* on the instance if you are using this image.
*
* @deprecated - use latestAmazonLinux2023() instead
*/
static latestAmazonLinux2022(props?: AmazonLinux2022ImageSsmParameterProps): IMachineImage;
/**
* An Amazon Linux 2023 image that is automatically kept up-to-date
*
* This Machine Image automatically updates to the latest version on every
* deployment. Be aware this will cause your instances to be replaced when a
* new version of the image becomes available. Do not store stateful information
* on the instance if you are using this image.
*/
static latestAmazonLinux2023(props?: AmazonLinux2023ImageSsmParameterProps): IMachineImage;
/**
* An Amazon Linux image that is automatically kept up-to-date
*
* This Machine Image automatically updates to the latest version on every
* deployment. Be aware this will cause your instances to be replaced when a
* new version of the image becomes available. Do not store stateful information
* on the instance if you are using this image.
*
* N.B.: "latest" in the name of this function indicates that it always uses the most recent
* image of a particular generation of Amazon Linux, not that it uses the "latest generation".
* For backwards compatibility, this function uses Amazon Linux 1 if no generation
* is specified.
*
* Specify the desired generation using the `generation` property:
*
* ```ts
* ec2.MachineImage.latestAmazonLinux({
* // Use Amazon Linux 2
* generation: ec2.AmazonLinuxGeneration.AMAZON_LINUX_2,
* })
* ```
* @deprecated use MachineImage.latestAmazonLinux2 instead
*/
static latestAmazonLinux(props?: AmazonLinuxImageProps): IMachineImage;
/**
* A Linux image where you specify the AMI ID for every region
*
* @param amiMap For every region where you are deploying the stack,
* specify the AMI ID for that region.
* @param props Customize the image by supplying additional props
*/
static genericLinux(amiMap: Record<string, string>, props?: GenericLinuxImageProps): IMachineImage;
/**
* A Windows image where you specify the AMI ID for every region
*
* @param amiMap For every region where you are deploying the stack,
* specify the AMI ID for that region.
* @param props Customize the image by supplying additional props
*/
static genericWindows(amiMap: Record<string, string>, props?: GenericWindowsImageProps): IMachineImage;
/**
* An image specified in SSM parameter store
*
* By default, the SSM parameter is refreshed at every deployment,
* causing your instances to be replaced whenever a new version of the AMI
* is released.
*
* Pass `{ cachedInContext: true }` to keep the AMI ID stable. If you do, you
* will have to remember to periodically invalidate the context to refresh
* to the newest AMI ID.
*/
static fromSsmParameter(parameterName: string, options?: SsmParameterImageOptions): IMachineImage;
/**
* An image specified in SSM parameter store that will be resolved at instance launch time.
*
* The AMI ID will be resolved at instance launch time.
*
* @param parameterName The name of SSM parameter containing the AMI ID
* @param options The parameter image options
*
* @see https://docs.aws.amazon.com/autoscaling/ec2/userguide/using-systems-manager-parameters.html
*
*/
static resolveSsmParameterAtLaunch(parameterName: string, options?: SsmParameterImageOptions): IMachineImage;
/**
* Look up a shared Machine Image using DescribeImages
*
* The most recent, available, launchable image matching the given filter
* criteria will be used. Looking up AMIs may take a long time; specify
* as many filter criteria as possible to narrow down the search.
*
* The AMI selected will be cached in `cdk.context.json` and the same value
* will be used on future runs. To refresh the AMI lookup, you will have to
* evict the value from the cache using the `cdk context` command. See
* https://docs.aws.amazon.com/cdk/latest/guide/context.html for more information.
*
* This function can not be used in environment-agnostic stacks.
*/
static lookup(props: LookupMachineImageProps): IMachineImage;
}
/**
* Select the image based on a given SSM parameter at deployment time of the CloudFormation Stack.
*
* This Machine Image automatically updates to the latest version on every
* deployment. Be aware this will cause your instances to be replaced when a
* new version of the image becomes available. Do not store stateful information
* on the instance if you are using this image.
*
* The AMI ID is selected using the values published to the SSM parameter store.
*/
export declare class GenericSSMParameterImage implements IMachineImage {
private readonly os;
private readonly userData?;
/**
* Name of the SSM parameter we're looking up
*/
readonly parameterName: string;
constructor(parameterName: string, os: OperatingSystemType, userData?: UserData | undefined);
/**
* Return the image to use in the given context
*/
getImage(scope: Construct): MachineImageConfig;
}
/**
* Select the image based on a given SSM parameter at instance launch time.
*
* This Machine Image comes with an imageId as `resolve:ssm:parameter-name` or `resolve:ssm:parameter-name:version` format
* as described in the document:
*
* @see https://docs.aws.amazon.com/autoscaling/ec2/userguide/using-systems-manager-parameters.html
*
* The AMI ID would be selected at instance launch time.
*/
export declare class ResolveSsmParameterAtLaunchImage implements IMachineImage {
private readonly props;
/**
* Name of the SSM parameter we're looking up
*/
readonly parameterName: string;
constructor(parameterName: string, props?: SsmParameterImageOptions);
/**
* Return the image to use in the given context
*/
getImage(_scope: Construct): MachineImageConfig;
}
/**
* Properties for GenericSsmParameterImage
*/
export interface SsmParameterImageOptions {
/**
* Operating system
*
* @default OperatingSystemType.LINUX
*/
readonly os?: OperatingSystemType;
/**
* Custom UserData
*
* @default - UserData appropriate for the OS
*/
readonly userData?: UserData;
/**
* Whether the AMI ID is cached to be stable between deployments
*
* By default, the newest image is used on each deployment. This will cause
* instances to be replaced whenever a new version is released, and may cause
* downtime if there aren't enough running instances in the AutoScalingGroup
* to reschedule the tasks on.
*
* If set to true, the AMI ID will be cached in `cdk.context.json` and the
* same value will be used on future runs. Your instances will not be replaced
* but your AMI version will grow old over time. To refresh the AMI lookup,
* you will have to evict the value from the cache using the `cdk context`
* command. See https://docs.aws.amazon.com/cdk/latest/guide/context.html for
* more information.
*
* Can not be set to `true` in environment-agnostic stacks.
*
* @default false
*/
readonly cachedInContext?: boolean;
/**
* Adds an additional discriminator to the `cdk.context.json` cache key.
*
* @default - no additional cache key
*/
readonly additionalCacheKey?: string;
/**
* The version of the SSM parameter.
*
* @default no version specified.
*/
readonly parameterVersion?: string;
}
/**
* Configuration options for WindowsImage
*/
export interface WindowsImageProps {
/**
* Initial user data
*
* @default - Empty UserData for Windows machines
*/
readonly userData?: UserData;
}
/**
* Select the latest version of the indicated Windows version
*
* This Machine Image automatically updates to the latest version on every
* deployment. Be aware this will cause your instances to be replaced when a
* new version of the image becomes available. Do not store stateful information
* on the instance if you are using this image.
*
* The AMI ID is selected using the values published to the SSM parameter store.
*
* https://aws.amazon.com/blogs/mt/query-for-the-latest-windows-ami-using-systems-manager-parameter-store/
*/
export declare class WindowsImage extends GenericSSMParameterImage {
private static DEPRECATED_VERSION_NAME_MAP;
constructor(version: WindowsVersion, props?: WindowsImageProps);
}
/**
* Amazon Linux image properties
*/
export interface AmazonLinuxImageProps {
/**
* What generation of Amazon Linux to use
*
* @default AmazonLinux
*/
readonly generation?: AmazonLinuxGeneration;
/**
* What edition of Amazon Linux to use
*
* @default Standard
*/
readonly edition?: AmazonLinuxEdition;
/**
* What kernel version of Amazon Linux to use
*
* @default -
*/
readonly kernel?: AmazonLinuxKernel;
/**
* What storage backed image to use
*
* @default GeneralPurpose
*/
readonly storage?: AmazonLinuxStorage;
/**
* Initial user data
*
* @default - Empty UserData for Linux machines
*/
readonly userData?: UserData;
/**
* CPU Type
*
* @default X86_64
*/
readonly cpuType?: AmazonLinuxCpuType;
/**
* Virtualization type
*
* @default HVM
*/
readonly virtualization?: AmazonLinuxVirt;
/**
* Whether the AMI ID is cached to be stable between deployments
*
* By default, the newest image is used on each deployment. This will cause
* instances to be replaced whenever a new version is released, and may cause
* downtime if there aren't enough running instances in the AutoScalingGroup
* to reschedule the tasks on.
*
* If set to true, the AMI ID will be cached in `cdk.context.json` and the
* same value will be used on future runs. Your instances will not be replaced
* but your AMI version will grow old over time. To refresh the AMI lookup,
* you will have to evict the value from the cache using the `cdk context`
* command. See https://docs.aws.amazon.com/cdk/latest/guide/context.html for
* more information.
*
* Can not be set to `true` in environment-agnostic stacks.
*
* @default false
*/
readonly cachedInContext?: boolean;
/**
* Adds an additional discriminator to the `cdk.context.json` cache key.
*
* @default - no additional cache key
*/
readonly additionalCacheKey?: string;
}
/**
* Selects the latest version of Amazon Linux
*
* This Machine Image automatically updates to the latest version on every
* deployment. Be aware this will cause your instances to be replaced when a
* new version of the image becomes available. Do not store stateful information
* on the instance if you are using this image.
*
* The AMI ID is selected using the values published to the SSM parameter store.
*/
export declare class AmazonLinuxImage extends GenericSSMParameterImage {
private readonly props;
/**
* Return the SSM parameter name that will contain the Amazon Linux image with the given attributes
*/
static ssmParameterName(props?: AmazonLinuxImageProps): string;
private readonly cachedInContext;
constructor(props?: AmazonLinuxImageProps);
/**
* Return the image to use in the given context
*/
getImage(scope: Construct): MachineImageConfig;
}
/**
* Amazon Linux Kernel
*/
export declare enum AmazonLinuxKernel {
/**
* Kernel version 5.10
*/
KERNEL5_X = "kernel-5.10",
/**
* Kernel version 6.1
*/
KERNEL6_1 = "kernel-6.1"
}
/**
* Configuration options for GenericLinuxImage
*/
export interface GenericLinuxImageProps {
/**
* Initial user data
*
* @default - Empty UserData for Linux machines
*/
readonly userData?: UserData;
}
/**
* Configuration options for GenericWindowsImage
*/
export interface GenericWindowsImageProps {
/**
* Initial user data
*
* @default - Empty UserData for Windows machines
*/
readonly userData?: UserData;
}
/**
* Construct a Linux machine image from an AMI map
*
* Linux images IDs are not published to SSM parameter store yet, so you'll have to
* manually specify an AMI map.
*/
export declare class GenericLinuxImage implements IMachineImage {
private readonly amiMap;
private readonly props;
constructor(amiMap: {
[region: string]: string;
}, props?: GenericLinuxImageProps);
getImage(scope: Construct): MachineImageConfig;
}
/**
* Construct a Windows machine image from an AMI map
*
* Allows you to create a generic Windows EC2 , manually specify an AMI map.
*/
export declare class GenericWindowsImage implements IMachineImage {
private readonly amiMap;
private readonly props;
constructor(amiMap: {
[region: string]: string;
}, props?: GenericWindowsImageProps);
getImage(scope: Construct): MachineImageConfig;
}
/**
* A machine image whose AMI ID will be searched using DescribeImages.
*
* The most recent, available, launchable image matching the given filter
* criteria will be used. Looking up AMIs may take a long time; specify
* as many filter criteria as possible to narrow down the search.
*
* The AMI selected will be cached in `cdk.context.json` and the same value
* will be used on future runs. To refresh the AMI lookup, you will have to
* evict the value from the cache using the `cdk context` command. See
* https://docs.aws.amazon.com/cdk/latest/guide/context.html for more information.
* If `props.additionalCacheKey` is set, the context key uses that value as a discriminator
* rather than the cached value being global across all lookups.
*/
export declare class LookupMachineImage implements IMachineImage {
private readonly props;
constructor(props: LookupMachineImageProps);
/**
* Return the correct image
*/
getImage(scope: Construct): MachineImageConfig;
}
/**
* Properties for looking up an image
*/
export interface LookupMachineImageProps {
/**
* Name of the image (may contain wildcards)
*/
readonly name: string;
/**
* Owner account IDs or aliases
*
* @default - All owners
*/
readonly owners?: string[];
/**
* Additional filters on the AMI
*
* @see https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_DescribeImages.html
* @default - No additional filters
*/
readonly filters?: {
[key: string]: string[];
};
/**
* Look for Windows images
*
* @default false
*/
readonly windows?: boolean;
/**
* Custom userdata for this image
*
* @default - Empty user data appropriate for the platform type
*/
readonly userData?: UserData;
/**
* Adds an additional discriminator to the `cdk.context.json` cache key.
*
* @default - no additional cache key
*/
readonly additionalCacheKey?: string;
}

1
cdk/node_modules/aws-cdk-lib/aws-ec2/lib/machine-image/machine-image.js generated vendored Normal file
View File

File diff suppressed because one or more lines are too long

2
cdk/node_modules/aws-cdk-lib/aws-ec2/lib/machine-image/utils.d.ts generated vendored Normal file
View File

@@ -0,0 +1,2 @@
import type { Construct } from 'constructs';
export declare function lookupImage(scope: Construct, cachedInContext: boolean | undefined, parameterName: string, additionalCacheKey?: string): string;

1
cdk/node_modules/aws-cdk-lib/aws-ec2/lib/machine-image/utils.js generated vendored Normal file
View File

@@ -0,0 +1 @@
"use strict";Object.defineProperty(exports,"__esModule",{value:!0}),exports.lookupImage=lookupImage;var ssm=()=>{var tmp=require("../../../aws-ssm");return ssm=()=>tmp,tmp};function lookupImage(scope,cachedInContext,parameterName,additionalCacheKey){return cachedInContext?ssm().StringParameter.valueFromLookup(scope,parameterName,void 0,{additionalCacheKey}):ssm().StringParameter.valueForTypedStringParameterV2(scope,parameterName,ssm().ParameterValueType.AWS_EC2_IMAGE_ID)}

314
cdk/node_modules/aws-cdk-lib/aws-ec2/lib/nat.d.ts generated vendored Normal file
View File

@@ -0,0 +1,314 @@
import type { IConnectable } from './connections';
import { Connections } from './connections';
import { Instance } from './instance';
import type { InstanceType } from './instance-types';
import type { IKeyPair } from './key-pair';
import type { CpuCredits } from './launch-template';
import type { IMachineImage } from './machine-image';
import { LookupMachineImage } from './machine-image';
import type { ISecurityGroup } from './security-group';
import { UserData } from './user-data';
import type { PrivateSubnet, PublicSubnet, Vpc } from './vpc';
/**
* Direction of traffic to allow all by default.
*/
export declare enum NatTrafficDirection {
/**
* Allow all outbound traffic and disallow all inbound traffic.
*/
OUTBOUND_ONLY = "OUTBOUND_ONLY",
/**
* Allow all outbound and inbound traffic.
*/
INBOUND_AND_OUTBOUND = "INBOUND_AND_OUTBOUND",
/**
* Disallow all outbound and inbound traffic.
*/
NONE = "NONE"
}
/**
* Pair represents a gateway created by NAT Provider
*/
export interface GatewayConfig {
/**
* Availability Zone
*/
readonly az: string;
/**
* Identity of gateway spawned by the provider
*/
readonly gatewayId: string;
}
/**
* NAT providers
*
* Determines what type of NAT provider to create, either NAT gateways or NAT
* instance.
*
*
*/
export declare abstract class NatProvider {
/**
* Use NAT Gateways to provide NAT services for your VPC
*
* NAT gateways are managed by AWS.
*
* @see https://docs.aws.amazon.com/vpc/latest/userguide/vpc-nat-gateway.html
*/
static gateway(props?: NatGatewayProps): NatProvider;
/**
* Use NAT instances to provide NAT services for your VPC
*
* NAT instances are managed by you, but in return allow more configuration.
*
* Be aware that instances created using this provider will not be
* automatically replaced if they are stopped for any reason. You should implement
* your own NatProvider based on AutoScaling groups if you need that.
*
* @see https://docs.aws.amazon.com/vpc/latest/userguide/VPC_NAT_Instance.html
*
* @deprecated use instanceV2. 'instance' is deprecated since NatInstanceProvider
* uses a instance image that has reached EOL on Dec 31 2023
*/
static instance(props: NatInstanceProps): NatInstanceProvider;
/**
* Use NAT instances to provide NAT services for your VPC
*
* NAT instances are managed by you, but in return allow more configuration.
*
* Be aware that instances created using this provider will not be
* automatically replaced if they are stopped for any reason. You should implement
* your own NatProvider based on AutoScaling groups if you need that.
*
* @see https://docs.aws.amazon.com/vpc/latest/userguide/VPC_NAT_Instance.html
*/
static instanceV2(props: NatInstanceProps): NatInstanceProviderV2;
/**
* Return list of gateways spawned by the provider
*/
abstract readonly configuredGateways: GatewayConfig[];
/**
* Called by the VPC to configure NAT
*
* Don't call this directly, the VPC will call it automatically.
*/
abstract configureNat(options: ConfigureNatOptions): void;
/**
* Configures subnet with the gateway
*
* Don't call this directly, the VPC will call it automatically.
*/
abstract configureSubnet(subnet: PrivateSubnet): void;
}
/**
* Options passed by the VPC when NAT needs to be configured
*
*
*/
export interface ConfigureNatOptions {
/**
* The VPC we're configuring NAT for
*/
readonly vpc: Vpc;
/**
* The public subnets where the NAT providers need to be placed
*/
readonly natSubnets: PublicSubnet[];
/**
* The private subnets that need to route through the NAT providers.
*
* There may be more private subnets than public subnets with NAT providers.
*/
readonly privateSubnets: PrivateSubnet[];
}
/**
* Properties for a NAT gateway
*
*/
export interface NatGatewayProps {
/**
* EIP allocation IDs for the NAT gateways
*
* @default - No fixed EIPs allocated for the NAT gateways
*/
readonly eipAllocationIds?: string[];
}
/**
* Properties for a NAT instance
*
*
*/
export interface NatInstanceProps {
/**
* The machine image (AMI) to use
*
* By default, will do an AMI lookup for the latest NAT instance image.
*
* If you have a specific AMI ID you want to use, pass a `GenericLinuxImage`. For example:
*
* ```ts
* ec2.NatProvider.instance({
* instanceType: new ec2.InstanceType('t3.micro'),
* machineImage: new ec2.GenericLinuxImage({
* 'us-east-2': 'ami-0f9c61b5a562a16af'
* })
* })
* ```
*
* @default - Latest NAT instance image
*/
readonly machineImage?: IMachineImage;
/**
* Instance type of the NAT instance
*/
readonly instanceType: InstanceType;
/**
* Whether to associate a public IP address to the primary network interface attached to this instance.
*
* @default undefined - No public IP address associated
*/
readonly associatePublicIpAddress?: boolean;
/**
* Name of SSH keypair to grant access to instance
*
* @default - No SSH access will be possible.
* @deprecated - Use `keyPair` instead - https://docs.aws.amazon.com/cdk/api/v2/docs/aws-cdk-lib.aws_ec2-readme.html#using-an-existing-ec2-key-pair
*/
readonly keyName?: string;
/**
* The SSH keypair to grant access to the instance.
*
* @default - No SSH access will be possible.
*/
readonly keyPair?: IKeyPair;
/**
* Security Group for NAT instances
*
* @default - A new security group will be created
* @deprecated - Cannot create a new security group before the VPC is created,
* and cannot create the VPC without the NAT provider.
* Set {@link defaultAllowedTraffic} to {@link NatTrafficDirection.NONE}
* and use {@link NatInstanceProviderV2.gatewayInstances} to retrieve
* the instances on the fly and add security groups
*
* @example
* const natGatewayProvider = ec2.NatProvider.instanceV2({
* instanceType: new ec2.InstanceType('t3.small'),
* defaultAllowedTraffic: ec2.NatTrafficDirection.NONE,
* });
* const vpc = new ec2.Vpc(this, 'Vpc', { natGatewayProvider });
*
* const securityGroup = new ec2.SecurityGroup(this, 'SecurityGroup', {
* vpc,
* allowAllOutbound: false,
* });
* securityGroup.addEgressRule(ec2.Peer.anyIpv4(), ec2.Port.tcp(443));
* for (const gatewayInstance of natGatewayProvider.gatewayInstances) {
* gatewayInstance.addSecurityGroup(securityGroup);
* }
*/
readonly securityGroup?: ISecurityGroup;
/**
* Direction to allow all traffic through the NAT instance by default.
*
* By default, inbound and outbound traffic is allowed.
*
* If you set this to another value than INBOUND_AND_OUTBOUND, you must
* configure the NAT instance's security groups in another way, either by
* passing in a fully configured Security Group using the `securityGroup`
* property, or by configuring it using the `.securityGroup` or
* `.connections` members after passing the NAT Instance Provider to a Vpc.
*
* @default NatTrafficDirection.INBOUND_AND_OUTBOUND
*/
readonly defaultAllowedTraffic?: NatTrafficDirection;
/**
* Specifying the CPU credit type for burstable EC2 instance types (T2, T3, T3a, etc).
* The unlimited CPU credit option is not supported for T3 instances with dedicated host (`host`) tenancy.
*
* @default - T2 instances are standard, while T3, T4g, and T3a instances are unlimited.
*/
readonly creditSpecification?: CpuCredits;
/**
* Custom user data to run on the NAT instances
*
* @default UserData.forLinux().addCommands(...NatInstanceProviderV2.DEFAULT_USER_DATA_COMMANDS); - Appropriate user data commands to initialize and configure the NAT instances
* @see https://docs.aws.amazon.com/vpc/latest/userguide/VPC_NAT_Instance.html#create-nat-ami
*/
readonly userData?: UserData;
}
/**
* Provider for NAT Gateways
*/
export declare class NatGatewayProvider extends NatProvider {
private readonly props;
private gateways;
constructor(props?: NatGatewayProps);
configureNat(options: ConfigureNatOptions): void;
configureSubnet(subnet: PrivateSubnet): void;
get configuredGateways(): GatewayConfig[];
}
/**
* NAT provider which uses NAT Instances
*
* @deprecated use NatInstanceProviderV2. NatInstanceProvider is deprecated since
* the instance image used has reached EOL on Dec 31 2023
*/
export declare class NatInstanceProvider extends NatProvider implements IConnectable {
private readonly props;
private gateways;
private _securityGroup?;
private _connections?;
constructor(props: NatInstanceProps);
configureNat(options: ConfigureNatOptions): void;
/**
* The Security Group associated with the NAT instances
*/
get securityGroup(): ISecurityGroup;
/**
* Manage the Security Groups associated with the NAT instances
*/
get connections(): Connections;
get configuredGateways(): GatewayConfig[];
configureSubnet(subnet: PrivateSubnet): void;
}
/**
* Modern NAT provider which uses NAT Instances.
* The instance uses Amazon Linux 2023 as the operating system.
*/
export declare class NatInstanceProviderV2 extends NatProvider implements IConnectable {
private readonly props;
/**
* Amazon Linux 2023 NAT instance user data commands
* Enable iptables on the instance, enable persistent IP forwarding, configure NAT on instance
* @see https://docs.aws.amazon.com/vpc/latest/userguide/VPC_NAT_Instance.html#create-nat-ami
*/
static readonly DEFAULT_USER_DATA_COMMANDS: string[];
private gateways;
private _securityGroup?;
private _connections?;
/**
* Array of gateway instances spawned by the provider after internal configuration
*/
get gatewayInstances(): Instance[];
constructor(props: NatInstanceProps);
configureNat(options: ConfigureNatOptions): void;
/**
* The Security Group associated with the NAT instances
*/
get securityGroup(): ISecurityGroup;
/**
* Manage the Security Groups associated with the NAT instances
*/
get connections(): Connections;
get configuredGateways(): GatewayConfig[];
configureSubnet(subnet: PrivateSubnet): void;
}
/**
* Machine image representing the latest NAT instance image
*
*
*/
export declare class NatInstanceImage extends LookupMachineImage {
constructor();
}

8
cdk/node_modules/aws-cdk-lib/aws-ec2/lib/nat.js generated vendored Normal file
View File

File diff suppressed because one or more lines are too long

146
cdk/node_modules/aws-cdk-lib/aws-ec2/lib/network-acl-types.d.ts generated vendored Normal file
View File

@@ -0,0 +1,146 @@
/**
* Either an IPv4 or an IPv6 CIDR
*
*
*/
export declare abstract class AclCidr {
/**
* An IP network range in CIDR notation (for example, 172.16.0.0/24).
*/
static ipv4(ipv4Cidr: string): AclCidr;
/**
* The CIDR containing all IPv4 addresses (i.e., 0.0.0.0/0)
*/
static anyIpv4(): AclCidr;
/**
* An IPv6 network range in CIDR notation (for example, 2001:db8::/48)
*/
static ipv6(ipv6Cidr: string): AclCidr;
/**
* The CIDR containing all IPv6 addresses (i.e., ::/0)
*/
static anyIpv6(): AclCidr;
abstract toCidrConfig(): AclCidrConfig;
}
/**
* Acl Configuration for CIDR
*
*
*/
export interface AclCidrConfig {
/**
* Ipv4 CIDR
*/
readonly cidrBlock?: string;
/**
* Ipv6 CIDR
*/
readonly ipv6CidrBlock?: string;
}
/**
* The traffic that is configured using a Network ACL entry
*
*
*/
export declare abstract class AclTraffic {
/**
* Apply the ACL entry to all traffic
*/
static allTraffic(): AclTraffic;
/**
* Apply the ACL entry to ICMP traffic of given type and code
*/
static icmp(props: AclIcmp): AclTraffic;
/**
* Apply the ACL entry to ICMPv6 traffic of given type and code
*
* Requires an IPv6 CIDR block.
*/
static icmpv6(props: AclIcmp): AclTraffic;
/**
* Apply the ACL entry to TCP traffic on a given port
*/
static tcpPort(port: number): AclTraffic;
/**
* Apply the ACL entry to TCP traffic on a given port range
*/
static tcpPortRange(startPort: number, endPort: number): AclTraffic;
/**
* Apply the ACL entry to UDP traffic on a given port
*/
static udpPort(port: number): AclTraffic;
/**
* Apply the ACL entry to UDP traffic on a given port range
*/
static udpPortRange(startPort: number, endPort: number): AclTraffic;
abstract toTrafficConfig(): AclTrafficConfig;
}
/**
* Acl Configuration for traffic
*
*
*/
export interface AclTrafficConfig {
/**
* The Internet Control Message Protocol (ICMP) code and type.
*
* @default - Required if specifying 1 (ICMP) for the protocol parameter.
*/
readonly icmp?: AclIcmp;
/**
* The range of port numbers for the UDP/TCP protocol.
*
* @default - Required if specifying 6 (TCP) or 17 (UDP) for the protocol parameter
*/
readonly portRange?: AclPortRange;
/**
* The protocol number.
*
* A value of "-1" means all protocols.
*
* If you specify "-1" or a protocol number other than "6" (TCP), "17" (UDP),
* or "1" (ICMP), traffic on all ports is allowed, regardless of any ports or
* ICMP types or codes that you specify.
*
* If you specify protocol "58" (ICMPv6) and specify an IPv4 CIDR
* block, traffic for all ICMP types and codes allowed, regardless of any that
* you specify. If you specify protocol "58" (ICMPv6) and specify an IPv6 CIDR
* block, you must specify an ICMP type and code.
*
* @default 17
*/
readonly protocol: number;
}
/**
* Properties to create Icmp
*
*
*/
export interface AclIcmp {
/**
* The Internet Control Message Protocol (ICMP) type. You can use -1 to specify all ICMP types.
* Conditional requirement: Required if you specify 1 (ICMP) for the CreateNetworkAclEntry protocol parameter.
*/
readonly type?: number;
/**
* The Internet Control Message Protocol (ICMP) code. You can use -1 to specify all ICMP
* codes for the given ICMP type. Requirement is conditional: Required if you
* specify 1 (ICMP) for the protocol parameter.
*/
readonly code?: number;
}
/**
* Properties to create PortRange
*
*
*/
export interface AclPortRange {
/**
* The first port in the range. Required if you specify 6 (TCP) or 17 (UDP) for the protocol parameter.
*/
readonly from?: number;
/**
* The last port in the range. Required if you specify 6 (TCP) or 17 (UDP) for the protocol parameter.
*/
readonly to?: number;
}

1
cdk/node_modules/aws-cdk-lib/aws-ec2/lib/network-acl-types.js generated vendored Normal file
View File

@@ -0,0 +1 @@
"use strict";Object.defineProperty(exports,"__esModule",{value:!0}),exports.AclTraffic=exports.AclCidr=void 0;var jsiiDeprecationWarnings=()=>{var tmp=require("../../.warnings.jsii.js");return jsiiDeprecationWarnings=()=>tmp,tmp};const JSII_RTTI_SYMBOL_1=Symbol.for("jsii.rtti");class AclCidr{static[JSII_RTTI_SYMBOL_1]={fqn:"aws-cdk-lib.aws_ec2.AclCidr",version:"2.252.0"};static ipv4(ipv4Cidr){return new AclCidrImpl({cidrBlock:ipv4Cidr})}static anyIpv4(){return AclCidr.ipv4("0.0.0.0/0")}static ipv6(ipv6Cidr){return new AclCidrImpl({ipv6CidrBlock:ipv6Cidr})}static anyIpv6(){return AclCidr.ipv6("::/0")}}exports.AclCidr=AclCidr;class AclCidrImpl extends AclCidr{config;constructor(config){super(),this.config=config}toCidrConfig(){return this.config}}class AclTraffic{static[JSII_RTTI_SYMBOL_1]={fqn:"aws-cdk-lib.aws_ec2.AclTraffic",version:"2.252.0"};static allTraffic(){return new AclTrafficImpl({protocol:-1})}static icmp(props){try{jsiiDeprecationWarnings().aws_cdk_lib_aws_ec2_AclIcmp(props)}catch(error){throw process.env.JSII_DEBUG!=="1"&&error.name==="DeprecationError"&&Error.captureStackTrace(error,this.icmp),error}return new AclTrafficImpl({protocol:1,icmp:props})}static icmpv6(props){try{jsiiDeprecationWarnings().aws_cdk_lib_aws_ec2_AclIcmp(props)}catch(error){throw process.env.JSII_DEBUG!=="1"&&error.name==="DeprecationError"&&Error.captureStackTrace(error,this.icmpv6),error}return new AclTrafficImpl({protocol:58,icmp:props})}static tcpPort(port){return new AclTrafficImpl({protocol:6,portRange:{from:port,to:port}})}static tcpPortRange(startPort,endPort){return new AclTrafficImpl({protocol:6,portRange:{from:startPort,to:endPort}})}static udpPort(port){return new AclTrafficImpl({protocol:17,portRange:{from:port,to:port}})}static udpPortRange(startPort,endPort){return new AclTrafficImpl({protocol:17,portRange:{from:startPort,to:endPort}})}}exports.AclTraffic=AclTraffic;class AclTrafficImpl extends AclTraffic{config;constructor(config){super(),this.config=config}toTrafficConfig(){return this.config}}

281
cdk/node_modules/aws-cdk-lib/aws-ec2/lib/network-acl.d.ts generated vendored Normal file
View File

@@ -0,0 +1,281 @@
import type { Construct } from 'constructs';
import type { INetworkAclEntryRef, INetworkAclRef, ISubnetNetworkAclAssociationRef, NetworkAclEntryReference, NetworkAclReference, SubnetNetworkAclAssociationReference } from './ec2.generated';
import type { AclCidr, AclTraffic } from './network-acl-types';
import type { ISubnet, IVpc, SubnetSelection } from './vpc';
import type { IResource } from '../../core';
import { Resource } from '../../core';
/**
* A NetworkAcl
*/
export interface INetworkAcl extends IResource, INetworkAclRef {
/**
* ID for the current Network ACL
* @attribute
*/
readonly networkAclId: string;
/**
* Add a new entry to the ACL
*/
addEntry(id: string, options: CommonNetworkAclEntryOptions): NetworkAclEntry;
}
/**
* A NetworkAclBase that is not created in this template
*
*
*/
declare abstract class NetworkAclBase extends Resource implements INetworkAcl {
abstract readonly networkAclId: string;
get networkAclRef(): NetworkAclReference;
/**
* Add a new entry to the ACL
*/
addEntry(id: string, options: CommonNetworkAclEntryOptions): NetworkAclEntry;
}
/**
* Properties to create NetworkAcl
*
*
*/
export interface NetworkAclProps {
/**
* The name of the NetworkAcl.
*
* Since the NetworkAcl resource doesn't support providing a physical name, the value provided here will be recorded in the `Name` tag.
*
* @default CDK generated name
*/
readonly networkAclName?: string;
/**
* The VPC in which to create the NetworkACL.
*/
readonly vpc: IVpc;
/**
* Subnets in the given VPC to associate the ACL with
*
* More subnets can always be added later by calling
* `associateWithSubnets()`.
*
* @default - No subnets associated
*/
readonly subnetSelection?: SubnetSelection;
}
/**
* Define a new custom network ACL
*
* By default, will deny all inbound and outbound traffic unless entries are
* added explicitly allowing it.
*
*
*/
export declare class NetworkAcl extends NetworkAclBase {
/** Uniquely identifies this class. */
static readonly PROPERTY_INJECTION_ID: string;
/**
* Import an existing NetworkAcl into this app.
*/
static fromNetworkAclId(scope: Construct, id: string, networkAclId: string): INetworkAcl;
/**
* The ID of the NetworkACL
*
* @attribute
*/
readonly networkAclId: string;
/**
* The VPC ID for this NetworkACL
*
* @attribute
*/
readonly networkAclVpcId: string;
private readonly networkAcl;
private readonly vpc;
constructor(scope: Construct, id: string, props: NetworkAclProps);
/**
* Associate the ACL with a given set of subnets
*/
associateWithSubnet(id: string, selection: SubnetSelection): void;
}
/**
* What action to apply to traffic matching the ACL
*
*
*/
export declare enum Action {
/**
* Allow the traffic
*/
ALLOW = "allow",
/**
* Deny the traffic
*/
DENY = "deny"
}
/**
* A NetworkAclEntry
*
*
*/
export interface INetworkAclEntry extends IResource, INetworkAclEntryRef {
/**
* The network ACL.
*/
readonly networkAcl: INetworkAcl;
}
/**
* Base class for NetworkAclEntries
*
*
*/
declare abstract class NetworkAclEntryBase extends Resource implements INetworkAclEntry {
abstract readonly networkAcl: INetworkAcl;
abstract readonly networkAclEntryRef: NetworkAclEntryReference;
}
/**
* Direction of traffic the AclEntry applies to
*
*
*/
export declare enum TrafficDirection {
/**
* Traffic leaving the subnet
*/
EGRESS = 0,
/**
* Traffic entering the subnet
*/
INGRESS = 1
}
/**
* Basic NetworkACL entry props
*
*
*/
export interface CommonNetworkAclEntryOptions {
/**
* The name of the NetworkAclEntry.
*
* It is not recommended to use an explicit group name.
*
* @default If you don't specify a NetworkAclName, AWS CloudFormation generates a
* unique physical ID and uses that ID for the group name.
*/
readonly networkAclEntryName?: string;
/**
* The CIDR range to allow or deny.
*/
readonly cidr: AclCidr;
/**
* What kind of traffic this ACL rule applies to
*/
readonly traffic: AclTraffic;
/**
* Traffic direction, with respect to the subnet, this rule applies to
*
* @default TrafficDirection.INGRESS
*/
readonly direction?: TrafficDirection;
/**
* Whether to allow or deny traffic that matches the rule; valid values are "allow" or "deny".
*
* Any traffic that is not explicitly allowed is automatically denied in a custom
* ACL, all traffic is automatically allowed in a default ACL.
*
* @default ALLOW
*/
readonly ruleAction?: Action;
/**
* Rule number to assign to the entry, such as 100. ACL entries are processed in ascending order by rule number.
* Entries can't use the same rule number unless one is an egress rule and the other is an ingress rule.
*/
readonly ruleNumber: number;
}
/**
* Properties to create NetworkAclEntry
*
*
*/
export interface NetworkAclEntryProps extends CommonNetworkAclEntryOptions {
/**
* The network ACL this entry applies to.
*/
readonly networkAcl: INetworkAcl;
}
/**
* Define an entry in a Network ACL table
*
*
*/
export declare class NetworkAclEntry extends NetworkAclEntryBase {
/** Uniquely identifies this class. */
static readonly PROPERTY_INJECTION_ID: string;
readonly networkAcl: INetworkAcl;
readonly networkAclEntryRef: NetworkAclEntryReference;
constructor(scope: Construct, id: string, props: NetworkAclEntryProps);
}
/**
* A SubnetNetworkAclAssociation
*
*
*/
export interface ISubnetNetworkAclAssociation extends IResource, ISubnetNetworkAclAssociationRef {
/**
* ID for the current SubnetNetworkAclAssociation
* @attribute
*/
readonly subnetNetworkAclAssociationAssociationId: string;
}
/**
* Properties to create a SubnetNetworkAclAssociation
*
*
*/
export interface SubnetNetworkAclAssociationProps {
/**
* The name of the SubnetNetworkAclAssociation.
*
* It is not recommended to use an explicit name.
*
* @default If you don't specify a SubnetNetworkAclAssociationName, AWS CloudFormation generates a
* unique physical ID and uses that ID for the group name.
*/
readonly subnetNetworkAclAssociationName?: string;
/**
* The Network ACL this association is defined for
*/
readonly networkAcl: INetworkAclRef;
/**
* ID of the Subnet
*/
readonly subnet: ISubnet;
}
/**
* Associate a network ACL with a subnet
*
*
*/
declare abstract class SubnetNetworkAclAssociationBase extends Resource implements ISubnetNetworkAclAssociation {
abstract readonly subnetNetworkAclAssociationAssociationId: string;
get subnetNetworkAclAssociationRef(): SubnetNetworkAclAssociationReference;
}
export declare class SubnetNetworkAclAssociation extends SubnetNetworkAclAssociationBase {
/** Uniquely identifies this class. */
static readonly PROPERTY_INJECTION_ID: string;
static fromSubnetNetworkAclAssociationAssociationId(scope: Construct, id: string, subnetNetworkAclAssociationAssociationId: string): ISubnetNetworkAclAssociation;
/**
* ID for the current SubnetNetworkAclAssociation
* @attribute
*/
readonly subnetNetworkAclAssociationAssociationId: string;
private readonly _subnet;
private association;
private readonly _networkAcl;
constructor(scope: Construct, id: string, props: SubnetNetworkAclAssociationProps);
/**
* ID of the Subnet
*/
get subnet(): ISubnet;
/**
* ID for the current Network ACL
*/
get networkAcl(): INetworkAcl;
}
export {};

1
cdk/node_modules/aws-cdk-lib/aws-ec2/lib/network-acl.js generated vendored Normal file
View File

File diff suppressed because one or more lines are too long

197
cdk/node_modules/aws-cdk-lib/aws-ec2/lib/network-util.d.ts generated vendored Normal file
View File

@@ -0,0 +1,197 @@
import { UnscopedValidationError } from '../../core';
/**
* InvalidCidrRangeError is thrown when attempting to perform operations on a CIDR
* range that is either not valid, or outside of the VPC size limits.
*
* @internal
*/
export declare class InvalidCidrRangeError extends UnscopedValidationError {
constructor(cidr: string);
}
/**
* NetworkUtils contains helpers to work with network constructs (subnets/ranges)
*
* @internal
*/
export declare class NetworkUtils {
/**
* Validates an IPv4 string
*
* returns true of the string contains 4 numbers between 0-255 delimited by
* a `.` character
* @internal
*/
static validIp(ipAddress: string): boolean;
/**
* Converts a string IPv4 to a number
*
* takes an IP Address (e.g. 174.66.173.168) and converts to a number
* (e.g 2923605416); currently only supports IPv4
*
* Uses the formula:
* (first octet * 256³) + (second octet * 256²) + (third octet * 256) +
* (fourth octet)
*
* @param {string} the IP address (e.g. 174.66.173.168)
* @returns {number} the integer value of the IP address (e.g 2923605416)
* @internal
*/
static ipToNum(ipAddress: string): number;
/**
* Takes number and converts it to IPv4 address string
*
* Takes a number (e.g 2923605416) and converts it to an IPv4 address string
* currently only supports IPv4
*
* @param {number} the integer value of the IP address (e.g 2923605416)
* @returns {string} the IPv4 address (e.g. 174.66.173.168)
* @internal
*/
static numToIp(ipNum: number): string;
/**
* Validates if any CIDR blocks in two arrays overlap
*
* @param cidrBlocks1 First array of CIDR blocks
* @param cidrBlocks2 Second array of CIDR blocks
* @returns Tuple with overlap status, and the overlapping CIDR blocks if found
* @internal
*/
static validateCidrBlocksOverlap(cidrBlocks1: string[], cidrBlocks2: string[]): [boolean, string, string];
/**
* Validates if two CIDR blocks overlap
*
* @param cidr1 First CIDR block
* @param cidr2 Second CIDR block
* @returns True if the CIDR blocks overlap
* @internal
*/
static validateCidrPairOverlap(cidr1: string, cidr2: string): boolean;
/**
* Checks if two IP address ranges overlap
*
* @param range1 First IP range as [start, end]
* @param range2 Second IP range as [start, end]
* @returns True if the ranges overlap
*/
private static rangesOverlap;
}
/**
* Creates a network based on a CIDR Block to build contained subnets
*
* @internal
*/
export declare class NetworkBuilder {
/**
* The CIDR range used when creating the network
* @internal
*/
readonly networkCidr: CidrBlock;
/**
* The list of CIDR blocks for subnets within this network
*/
private readonly subnetCidrs;
/**
* The next available IP address as a number
*/
private nextAvailableIp;
/**
* Create a network using the provided CIDR block
*
* No subnets are allocated in the constructor, the maxIpConsumed is set one
* less than the first IP in the network
*
*/
constructor(cidr: string);
/**
* Add a subnet to the network and update the maxIpConsumed
* @internal
*/
addSubnet(mask: number): string;
/**
* Add {count} number of subnets to the network and update the maxIpConsumed
* @internal
*/
addSubnets(mask: number, count?: number): string[];
/**
* return the CIDR notation strings for all subnets in the network
* @internal
*/
get cidrStrings(): string[];
/**
* Calculates the largest subnet to create of the given count from the
* remaining IP space
* @internal
*/
maskForRemainingSubnets(subnetCount: number): number;
}
/**
* A block of IP address space with a given bit prefix
*
* @internal
*/
export declare class CidrBlock {
/**
* Calculates the netmask for a given CIDR mask
*
* For example:
* CidrBlock.calculateNetmask(24) returns '255.255.255.0'
* @internal
*/
static calculateNetmask(mask: number): string;
/**
* Calculates the number IP addresses in a CIDR Mask
*
* For example:
* CidrBlock.calculateNetsize(24) returns 256
* @internal
*/
static calculateNetsize(mask: number): number;
/**
* The CIDR Block represented as a string e.g. '10.0.0.0/21'
* @internal
*/
readonly cidr: string;
/**
* The CIDR mask e.g. for CIDR '10.0.0.0/21' returns 21
* @internal
*/
readonly mask: number;
/**
* The total number of IP addresses in the CIDR
* @internal
*/
readonly networkSize: number;
private readonly networkAddress;
constructor(cidr: string);
constructor(ipAddress: number, mask: number);
/**
* The maximum IP in the CIDR Block e.g. '10.0.8.255'
* @internal
*/
maxIp(): string;
/**
* The minimum IP in the CIDR Block e.g. '10.0.0.0'
* @internal
*/
minIp(): string;
/**
* Returns the number representation for the minimum IPv4 address
* @internal
*/
minAddress(): number;
/**
* Returns the number representation for the maximum IPv4 address
* @internal
*/
maxAddress(): number;
/**
* Returns the next CIDR Block of the same mask size
* @internal
*/
nextBlock(): CidrBlock;
/**
* Returns true if this CidrBlock fully contains the provided CidrBlock
* @internal
*/
containsCidr(other: CidrBlock): boolean;
}

1
cdk/node_modules/aws-cdk-lib/aws-ec2/lib/network-util.js generated vendored Normal file
View File

@@ -0,0 +1 @@
"use strict";Object.defineProperty(exports,"__esModule",{value:!0}),exports.CidrBlock=exports.NetworkBuilder=exports.NetworkUtils=exports.InvalidCidrRangeError=void 0;var core_1=()=>{var tmp=require("../../core");return core_1=()=>tmp,tmp},literal_string_1=()=>{var tmp=require("../../core/lib/private/literal-string");return literal_string_1=()=>tmp,tmp};class InvalidCidrRangeError extends core_1().UnscopedValidationError{constructor(cidr){super((0,literal_string_1().lit)`InvalidCidrRange`,cidr+" is not a valid VPC CIDR range. VPCs must be between /16 and /28 and the minimum subnet size is /28."),Object.setPrototypeOf(this,InvalidCidrRangeError.prototype)}}exports.InvalidCidrRangeError=InvalidCidrRangeError;class NetworkUtils{static validIp(ipAddress){const octets=ipAddress.split(".");return octets.length!==4?!1:octets.map(octet=>parseInt(octet,10)).filter(octet=>octet>=0&&octet<=255).length===4}static ipToNum(ipAddress){if(!this.validIp(ipAddress))throw new(core_1()).UnscopedValidationError((0,literal_string_1().lit)`InvalidIpAddress`,`${ipAddress} is not valid`);return ipAddress.split(".").reduce((p,c,i)=>p+parseInt(c,10)*256**(3-i),0)}static numToIp(ipNum){let remaining=ipNum;const address=new Array;for(let i=0;i<4;i++)remaining!==0?(address.push(Math.floor(remaining/256**(3-i))),remaining=remaining%256**(3-i)):address.push(0);const ipAddress=address.join(".");if(!this.validIp(ipAddress))throw new(core_1()).UnscopedValidationError((0,literal_string_1().lit)`InvalidIpAddressFormat`,`${ipAddress} is not a valid IP Address`);return ipAddress}static validateCidrBlocksOverlap(cidrBlocks1,cidrBlocks2){for(const cidr1 of cidrBlocks1)for(const cidr2 of cidrBlocks2)if(this.validateCidrPairOverlap(cidr1,cidr2))return[!0,cidr1,cidr2];return[!1,"",""]}static validateCidrPairOverlap(cidr1,cidr2){const cidr1Range=new CidrBlock(cidr1),cidr1IpRange=[cidr1Range.minIp(),cidr1Range.maxIp()],cidr2Range=new CidrBlock(cidr2),cidr2IpRange=[cidr2Range.minIp(),cidr2Range.maxIp()];return this.rangesOverlap(cidr1IpRange,cidr2IpRange)}static rangesOverlap(range1,range2){const[start1,end1]=range1,[start2,end2]=range2;return start1<=end2&&start2<=end1}}exports.NetworkUtils=NetworkUtils;class NetworkBuilder{networkCidr;subnetCidrs=[];nextAvailableIp;constructor(cidr){this.networkCidr=new CidrBlock(cidr),this.subnetCidrs=[],this.nextAvailableIp=this.networkCidr.minAddress()}addSubnet(mask){return this.addSubnets(mask,1)[0]}addSubnets(mask,count=1){if(mask<16||mask>28)throw new InvalidCidrRangeError(`x.x.x.x/${mask}`);const maxIp=this.nextAvailableIp+CidrBlock.calculateNetsize(mask)*count;if(this.networkCidr.maxAddress()<maxIp-1)throw new(core_1()).UnscopedValidationError((0,literal_string_1().lit)`SubnetCountExceedsRemainingSpace`,`${count} of /${mask} exceeds remaining space of ${this.networkCidr.cidr}`);const subnets=[];for(let i=0;i<count;i++){const subnet=new CidrBlock(this.nextAvailableIp,mask);this.nextAvailableIp=subnet.nextBlock().minAddress(),this.subnetCidrs.push(subnet),subnets.push(subnet)}return subnets.map(subnet=>subnet.cidr)}get cidrStrings(){return this.subnetCidrs.map(subnet=>subnet.cidr)}maskForRemainingSubnets(subnetCount){const remaining=this.networkCidr.maxAddress()-this.nextAvailableIp+1,ipsPerSubnet=Math.floor(remaining/subnetCount);return 32-Math.floor(Math.log2(ipsPerSubnet))}}exports.NetworkBuilder=NetworkBuilder;class CidrBlock{static calculateNetmask(mask){return NetworkUtils.numToIp(2**32-2**(32-mask))}static calculateNetsize(mask){return 2**(32-mask)}cidr;mask;networkSize;networkAddress;constructor(ipAddressOrCidr,mask){typeof ipAddressOrCidr=="string"?(this.mask=parseInt(ipAddressOrCidr.split("/")[1],10),this.networkAddress=NetworkUtils.ipToNum(ipAddressOrCidr.split("/")[0])+CidrBlock.calculateNetsize(this.mask)-1):(typeof mask=="number"?this.mask=mask:this.mask=16,this.networkAddress=ipAddressOrCidr+CidrBlock.calculateNetsize(this.mask)-1,this.networkSize=2**(32-this.mask)),this.networkSize=2**(32-this.mask),this.cidr=`${this.minIp()}/${this.mask}`}maxIp(){return NetworkUtils.numToIp(this.maxAddress())}minIp(){return NetworkUtils.numToIp(this.minAddress())}minAddress(){const div=this.networkAddress%this.networkSize;return this.networkAddress-div}maxAddress(){return this.minAddress()+this.networkSize-1}nextBlock(){return new CidrBlock(this.maxAddress()+1,this.mask)}containsCidr(other){return this.maxAddress()>=other.maxAddress()&&this.minAddress()<=other.minAddress()}}exports.CidrBlock=CidrBlock;

62
cdk/node_modules/aws-cdk-lib/aws-ec2/lib/peer.d.ts generated vendored Normal file
View File

@@ -0,0 +1,62 @@
import type { IConnectable } from './connections';
/**
* Interface for classes that provide the peer-specification parts of a security group rule
*/
export interface IPeer extends IConnectable {
/**
* Whether the rule can be inlined into a SecurityGroup or not
*/
readonly canInlineRule: boolean;
/**
* A unique identifier for this connection peer
*/
readonly uniqueId: string;
/**
* Produce the ingress rule JSON for the given connection
*/
toIngressRuleConfig(): any;
/**
* Produce the egress rule JSON for the given connection
*/
toEgressRuleConfig(): any;
}
/**
* Peer object factories (to be used in Security Group management)
*
* The static methods on this object can be used to create peer objects
* which represent a connection partner in Security Group rules.
*
* Use this object if you need to represent connection partners using plain IP
* addresses, or a prefix list ID.
*
* If you want to address a connection partner by Security Group, you can just
* use the Security Group (or the construct that contains a Security Group)
* directly, as it already implements `IPeer`.
*/
export declare class Peer {
/**
* Create an IPv4 peer from a CIDR
*/
static ipv4(cidrIp: string): IPeer;
/**
* Any IPv4 address
*/
static anyIpv4(): IPeer;
/**
* Create an IPv6 peer from a CIDR
*/
static ipv6(cidrIp: string): IPeer;
/**
* Any IPv6 address
*/
static anyIpv6(): IPeer;
/**
* A prefix list
*/
static prefixList(prefixListId: string): IPeer;
/**
* A security group ID
*/
static securityGroupId(securityGroupId: string, sourceSecurityGroupOwnerId?: string): IPeer;
protected constructor();
}

1
cdk/node_modules/aws-cdk-lib/aws-ec2/lib/peer.js generated vendored Normal file
View File

@@ -0,0 +1 @@
"use strict";Object.defineProperty(exports,"__esModule",{value:!0}),exports.Peer=void 0;const JSII_RTTI_SYMBOL_1=Symbol.for("jsii.rtti");var connections_1=()=>{var tmp=require("./connections");return connections_1=()=>tmp,tmp},core_1=()=>{var tmp=require("../../core");return core_1=()=>tmp,tmp},literal_string_1=()=>{var tmp=require("../../core/lib/private/literal-string");return literal_string_1=()=>tmp,tmp};class Peer{static[JSII_RTTI_SYMBOL_1]={fqn:"aws-cdk-lib.aws_ec2.Peer",version:"2.252.0"};static ipv4(cidrIp){return new CidrIPv4(cidrIp)}static anyIpv4(){return new AnyIPv4}static ipv6(cidrIp){return new CidrIPv6(cidrIp)}static anyIpv6(){return new AnyIPv6}static prefixList(prefixListId){return new PrefixList(prefixListId)}static securityGroupId(securityGroupId,sourceSecurityGroupOwnerId){return new SecurityGroupId(securityGroupId,sourceSecurityGroupOwnerId)}constructor(){}}exports.Peer=Peer;class CidrIPv4{cidrIp;canInlineRule=!0;connections=new(connections_1()).Connections({peer:this});uniqueId;constructor(cidrIp){if(this.cidrIp=cidrIp,!core_1().Token.isUnresolved(cidrIp)){const cidrMatch=cidrIp.match(/^(\d{1,3}\.){3}\d{1,3}(\/\d+)?$/);if(!cidrMatch)throw new(core_1()).UnscopedValidationError((0,literal_string_1().lit)`InvalidPv`,`Invalid IPv4 CIDR: "${cidrIp}"`);if(!cidrMatch[2])throw new(core_1()).UnscopedValidationError((0,literal_string_1().lit)`CidrMaskMissingIpv4`,`CIDR mask is missing in IPv4: "${cidrIp}". Did you mean "${cidrIp}/32"?`)}this.uniqueId=cidrIp}toIngressRuleConfig(){return{cidrIp:this.cidrIp}}toEgressRuleConfig(){return{cidrIp:this.cidrIp}}}class AnyIPv4 extends CidrIPv4{constructor(){super("0.0.0.0/0")}}class CidrIPv6{cidrIpv6;canInlineRule=!0;connections=new(connections_1()).Connections({peer:this});uniqueId;constructor(cidrIpv6){if(this.cidrIpv6=cidrIpv6,!core_1().Token.isUnresolved(cidrIpv6)){const cidrMatch=cidrIpv6.match(/^([\da-f]{0,4}:){2,7}([\da-f]{0,4})?(\/\d+)?$/);if(!cidrMatch)throw new(core_1()).UnscopedValidationError((0,literal_string_1().lit)`InvalidPv`,`Invalid IPv6 CIDR: "${cidrIpv6}"`);if(!cidrMatch[3])throw new(core_1()).UnscopedValidationError((0,literal_string_1().lit)`CidrMaskMissingIpv6`,`CIDR mask is missing in IPv6: "${cidrIpv6}". Did you mean "${cidrIpv6}/128"?`)}this.uniqueId=cidrIpv6}toIngressRuleConfig(){return{cidrIpv6:this.cidrIpv6}}toEgressRuleConfig(){return{cidrIpv6:this.cidrIpv6}}}class AnyIPv6 extends CidrIPv6{constructor(){super("::/0")}}class PrefixList{prefixListId;canInlineRule=!1;connections=new(connections_1()).Connections({peer:this});uniqueId;constructor(prefixListId){this.prefixListId=prefixListId,this.uniqueId=prefixListId}toIngressRuleConfig(){return{sourcePrefixListId:this.prefixListId}}toEgressRuleConfig(){return{destinationPrefixListId:this.prefixListId}}}class SecurityGroupId{securityGroupId;sourceSecurityGroupOwnerId;canInlineRule=!0;connections=new(connections_1()).Connections({peer:this});uniqueId;constructor(securityGroupId,sourceSecurityGroupOwnerId){if(this.securityGroupId=securityGroupId,this.sourceSecurityGroupOwnerId=sourceSecurityGroupOwnerId,!core_1().Token.isUnresolved(securityGroupId)&&!securityGroupId.match(/^sg-[a-z0-9]{8,17}$/))throw new(core_1()).UnscopedValidationError((0,literal_string_1().lit)`InvalidSecurityGroup`,`Invalid security group ID: "${securityGroupId}"`);if(sourceSecurityGroupOwnerId&&!core_1().Token.isUnresolved(sourceSecurityGroupOwnerId)&&!sourceSecurityGroupOwnerId.match(/^[0-9]{12}$/))throw new(core_1()).UnscopedValidationError((0,literal_string_1().lit)`InvalidSecurityGroupOwner`,`Invalid security group owner ID: "${sourceSecurityGroupOwnerId}"`);this.uniqueId=securityGroupId}toIngressRuleConfig(){return{sourceSecurityGroupId:this.securityGroupId,...this.sourceSecurityGroupOwnerId&&{sourceSecurityGroupOwnerId:this.sourceSecurityGroupOwnerId}}}toEgressRuleConfig(){return{destinationSecurityGroupId:this.securityGroupId}}}

150
cdk/node_modules/aws-cdk-lib/aws-ec2/lib/placement-group.d.ts generated vendored Normal file
View File

@@ -0,0 +1,150 @@
import type { Construct } from 'constructs';
import type { IPlacementGroupRef, PlacementGroupReference } from './ec2.generated';
import type { IResource } from '../../core';
import { Resource } from '../../core';
/**
* Determines where your instances are placed on the underlying hardware according to the specified PlacementGroupStrategy
*
* @see https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/placement-groups.html
*/
export interface IPlacementGroup extends IResource, IPlacementGroupRef {
/**
* The name of this placement group
*
* @attribute
*/
readonly placementGroupName: string;
/**
* The number of partitions. Valid only when Strategy is set to PARTITION.
*
* @default 0
*/
readonly partitions?: number;
/**
* Places instances on distinct hardware. Spread placement groups are recommended for applications
* that have a small number of critical instances that should be kept separate from each other.
* Launching instances in a spread level placement group reduces the risk of simultaneous failures
* that might occur when instances share the same equipment.
* Spread level placement groups provide access to distinct hardware,
* and are therefore suitable for mixing instance types or launching instances over time.
* If you start or launch an instance in a spread placement group and there is insufficient
* unique hardware to fulfill the request, the request fails. Amazon EC2 makes more distinct hardware
* available over time, so you can try your request again later.
* Placement groups can spread instances across racks or hosts.
* You can use host level spread placement groups only with AWS Outposts.
*
* @default - no spread level
*/
readonly spreadLevel?: PlacementGroupSpreadLevel;
/**
* Which strategy to use when launching instances
*
* @default - `PlacementGroupStrategy.PARTITION` if `partitions` is defined, `CLUSTER` otherwise
*/
readonly strategy?: PlacementGroupStrategy;
}
/**
* Props for a PlacementGroup
*/
export interface PlacementGroupProps {
/**
* the name of this placement group
*
* @default - generated by CFN
*
* @attribute
*/
readonly placementGroupName?: string;
/**
* The number of partitions. Valid only when Strategy is set to partition.
*
* @default 0
*/
readonly partitions?: number;
/**
* Places instances on distinct hardware. Spread placement groups are recommended for applications
* that have a small number of critical instances that should be kept separate from each other.
* Launching instances in a spread level placement group reduces the risk of simultaneous failures
* that might occur when instances share the same equipment.
* Spread level placement groups provide access to distinct hardware,
* and are therefore suitable for mixing instance types or launching instances over time.
* If you start or launch an instance in a spread placement group and there is insufficient
* unique hardware to fulfill the request, the request fails. Amazon EC2 makes more distinct hardware
* available over time, so you can try your request again later.
* Placement groups can spread instances across racks or hosts.
* You can use host level spread placement groups only with AWS Outposts.
*
* @default - no spread level
*/
readonly spreadLevel?: PlacementGroupSpreadLevel;
/**
* Which strategy to use when launching instances
*
* @default - `PlacementGroupStrategy.PARTITION` if `partitions` is defined, `CLUSTER` otherwise
*/
readonly strategy?: PlacementGroupStrategy;
}
/**
* Determines how this placement group spreads instances
*/
export declare enum PlacementGroupSpreadLevel {
/**
* Host spread level placement groups are only available with AWS Outposts.
* For host spread level placement groups, there are no restrictions for running instances per Outposts.
*
* @see https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/placement-groups-outpost.html
*/
HOST = "host",
/**
* Each instance is launched on a separate rack.
* Each has its own network and power source.
* A rack spread placement group can span multiple Availability Zones in the same Region.
* For rack spread level placement groups, you can have a maximum of seven running instances per Availability Zone per group.
*/
RACK = "rack"
}
/**
* Which strategy to use when launching instances
*/
export declare enum PlacementGroupStrategy {
/**
* Packs instances close together inside an Availability Zone.
* This strategy enables workloads to achieve the low-latency network
* performance necessary for tightly-coupled node-to-node communication that
* is typical of high-performance computing (HPC) applications.
*/
CLUSTER = "cluster",
/**
* Spreads your instances across logical partitions such that groups of instances
* in one partition do not share the underlying hardware with groups of instances
* in different partitions.
*
* This strategy is typically used by large distributed and replicated workloads,
* such as Hadoop, Cassandra, and Kafka.
*/
PARTITION = "partition",
/**
* Strictly places a small group of instances across distinct underlying hardware
* to reduce correlated failures.
*/
SPREAD = "spread"
}
/**
* Defines a placement group. Placement groups give you fine-grained control over
* where your instances are provisioned.
*/
export declare class PlacementGroup extends Resource implements IPlacementGroup {
/** Uniquely identifies this class. */
static readonly PROPERTY_INJECTION_ID: string;
/**
* Import a PlacementGroup by its arn
*/
static fromPlacementGroupName(scope: Construct, id: string, placementGroupName: string): IPlacementGroup;
readonly partitions?: number;
readonly spreadLevel?: PlacementGroupSpreadLevel;
readonly strategy?: PlacementGroupStrategy;
private readonly resource;
get placementGroupName(): string;
constructor(scope: Construct, id: string, props?: PlacementGroupProps);
get placementGroupRef(): PlacementGroupReference;
}

1
cdk/node_modules/aws-cdk-lib/aws-ec2/lib/placement-group.js generated vendored Normal file
View File

File diff suppressed because one or more lines are too long

287
cdk/node_modules/aws-cdk-lib/aws-ec2/lib/port.d.ts generated vendored Normal file
View File

@@ -0,0 +1,287 @@
/**
* Protocol for use in Connection Rules
*
* https://www.iana.org/assignments/protocol-numbers/protocol-numbers.xhtml
*/
export declare enum Protocol {
ALL = "-1",
HOPOPT = "0",
ICMP = "icmp",
IGMP = "2",
GGP = "3",
IPV4 = "4",
ST = "5",
TCP = "tcp",
CBT = "7",
EGP = "8",
IGP = "9",
BBN_RCC_MON = "10",
NVP_II = "11",
PUP = "12",
EMCON = "14",
XNET = "15",
CHAOS = "16",
UDP = "udp",
MUX = "18",
DCN_MEAS = "19",
HMP = "20",
PRM = "21",
XNS_IDP = "22",
TRUNK_1 = "23",
TRUNK_2 = "24",
LEAF_1 = "25",
LEAF_2 = "26",
RDP = "27",
IRTP = "28",
ISO_TP4 = "29",
NETBLT = "30",
MFE_NSP = "31",
MERIT_INP = "32",
DCCP = "33",
THREEPC = "34",
IDPR = "35",
XTP = "36",
DDP = "37",
IDPR_CMTP = "38",
TPPLUSPLUS = "39",
IL = "40",
IPV6 = "41",
SDRP = "42",
IPV6_ROUTE = "43",
IPV6_FRAG = "44",
IDRP = "45",
RSVP = "46",
GRE = "47",
DSR = "48",
BNA = "49",
ESP = "50",
AH = "51",
I_NLSP = "52",
SWIPE = "53",
NARP = "54",
MOBILE = "55",
TLSP = "56",
SKIP = "57",
ICMPV6 = "icmpv6",
IPV6_NONXT = "59",
IPV6_OPTS = "60",
CFTP = "62",
ANY_LOCAL = "63",
SAT_EXPAK = "64",
KRYPTOLAN = "65",
RVD = "66",
IPPC = "67",
ANY_DFS = "68",
SAT_MON = "69",
VISA = "70",
IPCV = "71",
CPNX = "72",
CPHB = "73",
WSN = "74",
PVP = "75",
BR_SAT_MON = "76",
SUN_ND = "77",
WB_MON = "78",
WB_EXPAK = "79",
ISO_IP = "80",
VMTP = "81",
SECURE_VMTP = "82",
VINES = "83",
TTP = "84",
IPTM = "84_",
NSFNET_IGP = "85",
DGP = "86",
TCF = "87",
EIGRP = "88",
OSPFIGP = "89",
SPRITE_RPC = "90",
LARP = "91",
MTP = "92",
AX_25 = "93",
IPIP = "94",
MICP = "95",
SCC_SP = "96",
ETHERIP = "97",
ENCAP = "98",
ANY_ENC = "99",
GMTP = "100",
IFMP = "101",
PNNI = "102",
PIM = "103",
ARIS = "104",
SCPS = "105",
QNX = "106",
A_N = "107",
IPCOMP = "108",
SNP = "109",
COMPAQ_PEER = "110",
IPX_IN_IP = "111",
VRRP = "112",
PGM = "113",
ANY_0_HOP = "114",
L2_T_P = "115",
DDX = "116",
IATP = "117",
STP = "118",
SRP = "119",
UTI = "120",
SMP = "121",
SM = "122",
PTP = "123",
ISIS_IPV4 = "124",
FIRE = "125",
CRTP = "126",
CRUDP = "127",
SSCOPMCE = "128",
IPLT = "129",
SPS = "130",
PIPE = "131",
SCTP = "132",
FC = "133",
RSVP_E2E_IGNORE = "134",
MOBILITY_HEADER = "135",
UDPLITE = "136",
MPLS_IN_IP = "137",
MANET = "138",
HIP = "139",
SHIM6 = "140",
WESP = "141",
ROHC = "142",
ETHERNET = "143",
EXPERIMENT_1 = "253",
EXPERIMENT_2 = "254",
RESERVED = "255"
}
/**
* Properties to create a port range
*/
export interface PortProps {
/**
* The protocol for the range
*/
readonly protocol: Protocol;
/**
* The starting port for the range
*
* @default - Not included in the rule
*/
readonly fromPort?: number;
/**
* The ending port for the range
*
* @default - Not included in the rule
*/
readonly toPort?: number;
/**
* String representation for this object
*/
readonly stringRepresentation: string;
}
/**
* Interface for classes that provide the connection-specification parts of a security group rule
*/
export declare class Port {
private readonly props;
/** Well-known SSH port (TCP 22) */
static readonly SSH: Port;
/** Well-known SMTP port (TCP 25) */
static readonly SMTP: Port;
/** Well-known DNS port (UDP 53) */
static readonly DNS_UDP: Port;
/** Well-known DNS port (TCP 53) */
static readonly DNS_TCP: Port;
/** Well-known HTTP port (TCP 80) */
static readonly HTTP: Port;
/** Well-known POP3 port (TCP 110) */
static readonly POP3: Port;
/** Well-known IMAP port (TCP 143) */
static readonly IMAP: Port;
/** Well-known LDAP port (TCP 389) */
static readonly LDAP: Port;
/** Well-known HTTPS port (TCP 443) */
static readonly HTTPS: Port;
/** Well-known SMB port (TCP 445) */
static readonly SMB: Port;
/** Well-known IMAPS port (TCP 993) */
static readonly IMAPS: Port;
/** Well-known POP3S port (TCP 995) */
static readonly POP3S: Port;
/** Well-known Microsoft SQL Server port (TCP 1433) */
static readonly MSSQL: Port;
/** Well-known NFS port (TCP 2049) */
static readonly NFS: Port;
/** Well-known MySQL and Aurora port (TCP 3306) */
static readonly MYSQL_AURORA: Port;
/** Well-known Microsoft Remote Desktop Protocol port (TCP 3389) */
static readonly RDP: Port;
/** Well-known PostgreSQL port (TCP 5432) */
static readonly POSTGRES: Port;
/**
* A single TCP port
*/
static tcp(port: number): Port;
/**
* A TCP port range
*/
static tcpRange(startPort: number, endPort: number): Port;
/**
* Any TCP traffic
*/
static allTcp(): Port;
/**
* A single UDP port
*/
static udp(port: number): Port;
/**
* A UDP port range
*/
static udpRange(startPort: number, endPort: number): Port;
/**
* Any UDP traffic
*/
static allUdp(): Port;
/**
* A specific combination of ICMP type and code
*
* @see https://www.iana.org/assignments/icmp-parameters/icmp-parameters.xhtml
*/
static icmpTypeAndCode(type: number, code: number): Port;
/**
* All codes for a single ICMP type
*/
static icmpType(type: number): Port;
/**
* ICMP ping (echo) traffic
*/
static icmpPing(): Port;
/**
* All ICMP traffic
*/
static allIcmp(): Port;
/**
* All ICMPv6 traffic
*/
static allIcmpV6(): Port;
/**
* All traffic
*/
static allTraffic(): Port;
/**
* A single ESP port
*/
static esp(): Port;
/**
* A single AH port
*/
static ah(): Port;
/**
* Whether the rule containing this port range can be inlined into a securitygroup or not.
*/
readonly canInlineRule: boolean;
constructor(props: PortProps);
/**
* Produce the ingress/egress rule JSON for the given connection
*/
toRuleJson(): any;
toString(): string;
}

1
cdk/node_modules/aws-cdk-lib/aws-ec2/lib/port.js generated vendored Normal file
View File

File diff suppressed because one or more lines are too long

167
cdk/node_modules/aws-cdk-lib/aws-ec2/lib/prefix-list.d.ts generated vendored Normal file
View File

@@ -0,0 +1,167 @@
import type { Construct } from 'constructs';
import { Connections } from './connections';
import type { IPrefixListRef, PrefixListReference } from './ec2.generated';
import { CfnPrefixList } from './ec2.generated';
import type { IPeer } from './peer';
import type { IResource } from '../../core';
import { Resource } from '../../core';
/**
* A prefix list
*/
export interface IPrefixList extends IResource, IPeer, IPrefixListRef {
/**
* The ID of the prefix list
*
* @attribute
*/
readonly prefixListId: string;
}
/**
* The IP address type.
*/
export declare enum AddressFamily {
IP_V4 = "IPv4",
IP_V6 = "IPv6"
}
/**
* Options to add a prefix list
*/
export interface PrefixListOptions {
/**
* The maximum number of entries for the prefix list.
*
* @default Automatically-calculated
*/
readonly maxEntries?: number;
}
/**
* Properties for creating a prefix list.
*/
export interface PrefixListProps extends PrefixListOptions {
/**
* The address family of the prefix list.
*
* @default AddressFamily.IP_V4
*/
readonly addressFamily?: AddressFamily;
/**
* The name of the prefix list.
*
* @default None
*
* @remarks
* It is not recommended to use an explicit name.
*/
readonly prefixListName?: string;
/**
* The list of entries for the prefix list.
*
* @default []
*/
readonly entries?: CfnPrefixList.EntryProperty[];
}
/**
* The base class for a prefix list
*/
declare abstract class PrefixListBase extends Resource implements IPrefixList {
/**
* The ID of the prefix list
*
* @attribute
*/
abstract readonly prefixListId: string;
/**
* The network connections associated with this resource.
*/
readonly connections: Connections;
/**
* Whether the rule can be inlined into a SecurityGroup or not
*/
readonly canInlineRule = false;
abstract readonly prefixListRef: PrefixListReference;
/**
* A unique identifier for this connection peer
*/
get uniqueId(): string;
/**
* Produce the ingress rule JSON for the given connection
*/
toIngressRuleConfig(): any;
/**
* Produce the egress rule JSON for the given connection
*/
toEgressRuleConfig(): any;
}
/**
* Properties for looking up an existing managed prefix list.
*/
export interface PrefixListLookupOptions {
/**
* The name of the managed prefix list.
*/
readonly prefixListName: string;
/**
* The ID of the AWS account that owns the managed prefix list.
*
* @default - Don't filter on ownerId
*/
readonly ownerId?: string;
/**
* The address family of the managed prefix list.
*
* @default - Don't filter on addressFamily
*/
readonly addressFamily?: AddressFamily;
}
/**
* A managed prefix list.
* @resource AWS::EC2::PrefixList
*/
export declare class PrefixList extends PrefixListBase {
/** Uniquely identifies this class. */
static readonly PROPERTY_INJECTION_ID: string;
/**
* Look up prefix list by id.
*/
static fromPrefixListId(scope: Construct, id: string, prefixListId: string): IPrefixList;
/**
* Look up prefix list by name
*/
static fromLookup(scope: Construct, id: string, options: PrefixListLookupOptions): IPrefixList;
/**
* The ID of the prefix list
*
* @attribute
*/
readonly prefixListId: string;
/**
* The name of the prefix list
*
* @attribute
*/
readonly prefixListName: string;
/**
* The ARN of the prefix list
*
* @attribute
*/
readonly prefixListArn: string;
/**
* The owner ID of the prefix list
*
*/
readonly ownerId: string;
/**
* The version of the prefix list
*
*/
readonly version: number;
/**
* The address family of the prefix list
*
*/
readonly addressFamily: string;
constructor(scope: Construct, id: string, props?: PrefixListProps);
get prefixListRef(): PrefixListReference;
}
export {};

1
cdk/node_modules/aws-cdk-lib/aws-ec2/lib/prefix-list.js generated vendored Normal file
View File

File diff suppressed because one or more lines are too long

71
cdk/node_modules/aws-cdk-lib/aws-ec2/lib/private/cfn-init-internal.d.ts generated vendored Normal file
View File

@@ -0,0 +1,71 @@
import type { Construct } from 'constructs';
import type * as iam from '../../../aws-iam';
/**
* The type of the init element.
*/
export declare enum InitElementType {
PACKAGE = "PACKAGE",
GROUP = "GROUP",
USER = "USER",
SOURCE = "SOURCE",
FILE = "FILE",
COMMAND = "COMMAND",
SERVICE = "SERVICE"
}
/**
* The platform to which the init template applies.
*/
export declare enum InitPlatform {
WINDOWS = "WINDOWS",
LINUX = "LINUX"
}
/**
* Context information passed when an InitElement is being consumed
* @internal
*/
export interface InitBindOptions {
/**
* Scope in which to define any resources, if necessary.
*/
readonly scope: Construct;
/**
* Which OS platform (Linux, Windows) the init block will be for.
* Impacts which config types are available and how they are created.
*/
readonly platform: InitPlatform;
/**
* Ordered index of current element type. Primarily used to auto-generate
* command keys and retain ordering.
*/
readonly index: number;
/**
* Instance role of the consuming instance or fleet
*/
readonly instanceRole: iam.IRole;
}
/**
* A return type for a configured InitElement. Both its CloudFormation representation, and any
* additional metadata needed to create the CloudFormation::Init.
*
* Marked internal so as not to leak the underlying L1 representation.
*
* @internal
*/
export interface InitElementConfig {
/**
* The CloudFormation representation of the configuration of an InitElement.
*/
readonly config: Record<string, any>;
/**
* Optional authentication blocks to be associated with the Init Config
*
* @default - No authentication associated with the config
*/
readonly authentication?: Record<string, any>;
/**
* Optional string representing a hash of the asset associated with this element (if any).
*
* @default - No hash is provided
*/
readonly assetHash?: string;
}

1
cdk/node_modules/aws-cdk-lib/aws-ec2/lib/private/cfn-init-internal.js generated vendored Normal file
View File

@@ -0,0 +1 @@
"use strict";Object.defineProperty(exports,"__esModule",{value:!0}),exports.InitPlatform=exports.InitElementType=void 0;var InitElementType;(function(InitElementType2){InitElementType2.PACKAGE="PACKAGE",InitElementType2.GROUP="GROUP",InitElementType2.USER="USER",InitElementType2.SOURCE="SOURCE",InitElementType2.FILE="FILE",InitElementType2.COMMAND="COMMAND",InitElementType2.SERVICE="SERVICE"})(InitElementType||(exports.InitElementType=InitElementType={}));var InitPlatform;(function(InitPlatform2){InitPlatform2.WINDOWS="WINDOWS",InitPlatform2.LINUX="LINUX"})(InitPlatform||(exports.InitPlatform=InitPlatform={}));

6
cdk/node_modules/aws-cdk-lib/aws-ec2/lib/private/conversions.d.ts generated vendored Normal file
View File

@@ -0,0 +1,6 @@
import type { IConstruct } from 'constructs';
import type { INetworkAclRef, ISubnetRef } from '../ec2.generated';
import type { INetworkAcl } from '../network-acl';
import type { ISubnet } from '../vpc';
export declare function asNetworkAcl(x: INetworkAclRef, scope: IConstruct): INetworkAcl;
export declare function asSubnet(x: ISubnetRef, scope: IConstruct): ISubnet;

1
cdk/node_modules/aws-cdk-lib/aws-ec2/lib/private/conversions.js generated vendored Normal file
View File

@@ -0,0 +1 @@
"use strict";Object.defineProperty(exports,"__esModule",{value:!0}),exports.asNetworkAcl=asNetworkAcl,exports.asSubnet=asSubnet;var errors_1=()=>{var tmp=require("../../../core/lib/errors");return errors_1=()=>tmp,tmp},literal_string_1=()=>{var tmp=require("../../../core/lib/private/literal-string");return literal_string_1=()=>tmp,tmp};function asNetworkAcl(x,scope){if("addEntry"in x)return x;throw new(errors_1()).ValidationError((0,literal_string_1().lit)`ProvidedNetworkAclInstanceNetwork`,`Provided networkAcl is not an instance of INetworkAcl: ${x.constructor.name}`,scope)}function asSubnet(x,scope){if("subnetId"in x)return x;throw new(errors_1()).ValidationError((0,literal_string_1().lit)`ProvidedSubnetInstanceSubnet`,`Provided subnet is not an instance of ISubnet: ${x.constructor.name}`,scope)}

5
cdk/node_modules/aws-cdk-lib/aws-ec2/lib/private/ebs-util.d.ts generated vendored Normal file
View File

@@ -0,0 +1,5 @@
import type { Construct } from 'constructs';
import type { CfnInstance, CfnLaunchTemplate } from '../ec2.generated';
import type { BlockDevice } from '../volume';
export declare function instanceBlockDeviceMappings(construct: Construct, blockDevices: BlockDevice[]): CfnInstance.BlockDeviceMappingProperty[];
export declare function launchTemplateBlockDeviceMappings(construct: Construct, blockDevices: BlockDevice[]): CfnLaunchTemplate.BlockDeviceMappingProperty[];

1
cdk/node_modules/aws-cdk-lib/aws-ec2/lib/private/ebs-util.js generated vendored Normal file
View File

@@ -0,0 +1 @@
"use strict";Object.defineProperty(exports,"__esModule",{value:!0}),exports.instanceBlockDeviceMappings=instanceBlockDeviceMappings,exports.launchTemplateBlockDeviceMappings=launchTemplateBlockDeviceMappings;var core_1=()=>{var tmp=require("../../../core");return core_1=()=>tmp,tmp},literal_string_1=()=>{var tmp=require("../../../core/lib/private/literal-string");return literal_string_1=()=>tmp,tmp},volume_1=()=>{var tmp=require("../volume");return volume_1=()=>tmp,tmp};function instanceBlockDeviceMappings(construct,blockDevices){for(const blockDevice of blockDevices)blockDevice.volume.ebsDevice?.throughput!==void 0&&core_1().Annotations.of(construct).addWarningV2("@aws-cdk/aws-ec2:throughputNotSupported","The throughput property is not supported on EC2 instances. Use a Launch Template instead. See https://github.com/aws/aws-cdk/issues/34033 for more information.");return synthesizeBlockDeviceMappings(construct,blockDevices,{})}function launchTemplateBlockDeviceMappings(construct,blockDevices){return synthesizeBlockDeviceMappings(construct,blockDevices,"")}function synthesizeBlockDeviceMappings(construct,blockDevices,noDeviceValue){return blockDevices.map(({deviceName,volume,mappingEnabled})=>{const{virtualName,ebsDevice:ebs}=volume;let finalEbs;if(ebs){const{iops,throughput,volumeType,kmsKey,...rest}=ebs;if(throughput){if(volumeType!==volume_1().EbsDeviceVolumeType.GP3)throw new(core_1()).ValidationError((0,literal_string_1().lit)`RequiresThroughputRequiresVolumetype`,`'throughput' requires 'volumeType': ${volume_1().EbsDeviceVolumeType.GP3}, got: ${volumeType}.`,construct);if(!Number.isInteger(throughput))throw new(core_1()).ValidationError((0,literal_string_1().lit)`MustBeThroughputInteger`,`'throughput' must be an integer, got: ${throughput}.`,construct);if(throughput<125||throughput>2e3)throw new(core_1()).ValidationError((0,literal_string_1().lit)`MustBeThroughputBetween2000`,`'throughput' must be between 125 and 2000, got ${throughput}.`,construct);const maximumThroughputRatio=.25;if(iops){const iopsRatio=throughput/iops;if(iopsRatio>maximumThroughputRatio)throw new(core_1()).ValidationError((0,literal_string_1().lit)`ThroughputMiBpsIopsRatio`,`Throughput (MiBps) to iops ratio of ${iopsRatio} is too high; maximum is ${maximumThroughputRatio} MiBps per iops`,construct)}}if(iops)volumeType!==volume_1().EbsDeviceVolumeType.IO1&&volumeType!==volume_1().EbsDeviceVolumeType.IO2&&volumeType!==volume_1().EbsDeviceVolumeType.GP3&&core_1().Annotations.of(construct).addWarningV2("@aws-cdk/aws-ec2:iopsIgnored","iops will be ignored without volumeType: IO1, IO2, or GP3");else if(volumeType===volume_1().EbsDeviceVolumeType.IO1||volumeType===volume_1().EbsDeviceVolumeType.IO2)throw new(core_1()).ValidationError((0,literal_string_1().lit)`IopsPropertyRequiredVolumeType`,"iops property is required with volumeType: EbsDeviceVolumeType.IO1 and EbsDeviceVolumeType.IO2",construct);finalEbs={...rest,iops,throughput,volumeType,kmsKeyId:kmsKey?.keyArn}}else finalEbs=void 0;return{deviceName,ebs:finalEbs,virtualName,noDevice:mappingEnabled===!1?noDeviceValue:void 0}})}

404
cdk/node_modules/aws-cdk-lib/aws-ec2/lib/security-group.d.ts generated vendored Normal file
View File

@@ -0,0 +1,404 @@
import type { Construct } from 'constructs';
import { Connections } from './connections';
import type { ISecurityGroupRef, SecurityGroupReference } from './ec2.generated';
import type { IPeer } from './peer';
import { Port } from './port';
import type { IVpc } from './vpc';
import type { IResource, ResourceProps } from '../../core';
import { Resource } from '../../core';
/**
* Interface for security group-like objects
*/
export interface ISecurityGroup extends IResource, IPeer, ISecurityGroupRef {
/**
* ID for the current security group
* @attribute
*/
readonly securityGroupId: string;
/**
* Whether the SecurityGroup has been configured to allow all outbound traffic
*/
readonly allowAllOutbound: boolean;
/**
* Add an ingress rule for the current security group
*
* `remoteRule` controls where the Rule object is created if the peer is also a
* securityGroup and they are in different stack. If false (default) the
* rule object is created under the current SecurityGroup object. If true and the
* peer is also a SecurityGroup, the rule object is created under the remote
* SecurityGroup object.
*/
addIngressRule(peer: IPeer, connection: Port, description?: string, remoteRule?: boolean): void;
/**
* Add an egress rule for the current security group
*
* `remoteRule` controls where the Rule object is created if the peer is also a
* securityGroup and they are in different stack. If false (default) the
* rule object is created under the current SecurityGroup object. If true and the
* peer is also a SecurityGroup, the rule object is created under the remote
* SecurityGroup object.
*/
addEgressRule(peer: IPeer, connection: Port, description?: string, remoteRule?: boolean): void;
}
/**
* A SecurityGroup that is not created in this template
*/
declare abstract class SecurityGroupBase extends Resource implements ISecurityGroup {
/**
* Return whether the indicated object is a security group
*/
static isSecurityGroup(x: any): x is SecurityGroupBase;
abstract readonly securityGroupId: string;
abstract readonly allowAllOutbound: boolean;
abstract readonly allowAllIpv6Outbound: boolean;
readonly canInlineRule = false;
readonly connections: Connections;
readonly defaultPort?: Port;
private peerAsTokenCount;
constructor(scope: Construct, id: string, props?: ResourceProps);
get securityGroupRef(): SecurityGroupReference;
get uniqueId(): string;
addIngressRule(peer: IPeer, connection: Port, description?: string, remoteRule?: boolean): void;
addEgressRule(peer: IPeer, connection: Port, description?: string, remoteRule?: boolean): void;
toIngressRuleConfig(): any;
toEgressRuleConfig(): any;
/**
* Determine where to parent a new ingress/egress rule
*
* A SecurityGroup rule is parented under the group it's related to, UNLESS
* we're in a cross-stack scenario with another Security Group. In that case,
* we respect the 'remoteRule' flag and will parent under the other security
* group.
*
* This is necessary to avoid cyclic dependencies between stacks, since both
* ingress and egress rules will reference both security groups, and a naive
* parenting will lead to the following situation:
*
* ╔════════════════════╗ ╔════════════════════╗
* ║ ┌───────────┐ ║ ║ ┌───────────┐ ║
* ║ │ GroupA │◀────╬─┐ ┌───╬───▶│ GroupB │ ║
* ║ └───────────┘ ║ │ │ ║ └───────────┘ ║
* ║ ▲ ║ │ │ ║ ▲ ║
* ║ │ ║ │ │ ║ │ ║
* ║ │ ║ │ │ ║ │ ║
* ║ ┌───────────┐ ║ └───┼───╬────┌───────────┐ ║
* ║ │ EgressA │─────╬─────┘ ║ │ IngressB │ ║
* ║ └───────────┘ ║ ║ └───────────┘ ║
* ║ ║ ║ ║
* ╚════════════════════╝ ╚════════════════════╝
*
* By having the ability to switch the parent, we avoid the cyclic reference by
* keeping all rules in a single stack.
*
* If this happens, we also have to change the construct ID, because
* otherwise we might have two objects with the same ID if we have
* multiple reversed security group relationships.
*
* ╔═══════════════════════════════════╗
* ║┌───────────┐ ║
* ║│ GroupB │ ║
* ║└───────────┘ ║
* ║ ▲ ║
* ║ │ ┌───────────┐ ║
* ║ ├────"from A"──│ IngressB │ ║
* ║ │ └───────────┘ ║
* ║ │ ┌───────────┐ ║
* ║ ├─────"to B"───│ EgressA │ ║
* ║ │ └───────────┘ ║
* ║ │ ┌───────────┐ ║
* ║ └─────"to B"───│ EgressC │ ║ <-- oops
* ║ └───────────┘ ║
* ╚═══════════════════════════════════╝
*/
protected determineRuleScope(peer: IPeer, connection: Port, fromTo: 'from' | 'to', remoteRule?: boolean): RuleScope;
private renderPeer;
}
/**
* The scope and id in which a given SecurityGroup rule should be defined.
*/
export interface RuleScope {
/**
* The SecurityGroup in which a rule should be scoped.
*/
readonly scope: ISecurityGroup;
/**
* The construct ID to use for the rule.
*/
readonly id: string;
}
export interface SecurityGroupProps {
/**
* The name of the security group. For valid values, see the GroupName
* parameter of the CreateSecurityGroup action in the Amazon EC2 API
* Reference.
*
* It is not recommended to use an explicit group name.
*
* @default If you don't specify a GroupName, AWS CloudFormation generates a
* unique physical ID and uses that ID for the group name.
*/
readonly securityGroupName?: string;
/**
* A description of the security group.
*
* @default The default name will be the construct's CDK path.
*/
readonly description?: string;
/**
* The VPC in which to create the security group.
*/
readonly vpc: IVpc;
/**
* Whether to allow all outbound traffic by default.
*
* If this is set to true, there will only be a single egress rule which allows all
* outbound traffic. If this is set to false, no outbound traffic will be allowed by
* default and all egress traffic must be explicitly authorized.
*
* To allow all ipv6 traffic use allowAllIpv6Outbound
*
* @default true
*/
readonly allowAllOutbound?: boolean;
/**
* Whether to allow all outbound ipv6 traffic by default.
*
* If this is set to true, there will only be a single egress rule which allows all
* outbound ipv6 traffic. If this is set to false, no outbound traffic will be allowed by
* default and all egress ipv6 traffic must be explicitly authorized.
*
* To allow all ipv4 traffic use allowAllOutbound
*
* @default false
*/
readonly allowAllIpv6Outbound?: boolean;
/**
* Whether to disable inline ingress and egress rule optimization.
*
* If this is set to true, ingress and egress rules will not be declared under the
* SecurityGroup in cloudformation, but will be separate elements.
*
* Inlining rules is an optimization for producing smaller stack templates. Sometimes
* this is not desirable, for example when security group access is managed via tags.
*
* The default value can be overridden globally by setting the context variable
* '@aws-cdk/aws-ec2.securityGroupDisableInlineRules'.
*
* @default false
*/
readonly disableInlineRules?: boolean;
}
/**
* Additional options for imported security groups
*/
export interface SecurityGroupImportOptions {
/**
* Mark the SecurityGroup as having been created allowing all outbound traffic
*
* Only if this is set to false will egress rules be added to this security
* group. Be aware, this would undo any potential "all outbound traffic"
* default.
*
*
* @default true
*/
readonly allowAllOutbound?: boolean;
/**
* Mark the SecurityGroup as having been created allowing all outbound ipv6 traffic
*
* Only if this is set to false will egress rules for ipv6 be added to this security
* group. Be aware, this would undo any potential "all outbound traffic"
* default.
*
* @default false
*/
readonly allowAllIpv6Outbound?: boolean;
/**
* If a SecurityGroup is mutable CDK can add rules to existing groups
*
* Beware that making a SecurityGroup immutable might lead to issue
* due to missing ingress/egress rules for new resources.
*
*
* @default true
*/
readonly mutable?: boolean;
}
/**
* Creates an Amazon EC2 security group within a VPC.
*
* Security Groups act like a firewall with a set of rules, and are associated
* with any AWS resource that has or creates Elastic Network Interfaces (ENIs).
* A typical example of a resource that has a security group is an Instance (or
* Auto Scaling Group of instances)
*
* If you are defining new infrastructure in CDK, there is a good chance you
* won't have to interact with this class at all. Like IAM Roles, Security
* Groups need to exist to control access between AWS resources, but CDK will
* automatically generate and populate them with least-privilege permissions
* for you so you can concentrate on your business logic.
*
* All Constructs that require Security Groups will create one for you if you
* don't specify one at construction. After construction, you can selectively
* allow connections to and between constructs via--for example-- the `instance.connections`
* object. Think of it as "allowing connections to your instance", rather than
* "adding ingress rules a security group". See the [Allowing
* Connections](https://docs.aws.amazon.com/cdk/api/latest/docs/aws-cdk-lib.aws_ec2-readme.html#allowing-connections)
* section in the library documentation for examples.
*
* Direct manipulation of the Security Group through `addIngressRule` and
* `addEgressRule` is possible, but mutation through the `.connections` object
* is recommended. If you peer two constructs with security groups this way,
* appropriate rules will be created in both.
*
* If you have an existing security group you want to use in your CDK application,
* you would import it like this:
*
* ```ts
* const securityGroup = ec2.SecurityGroup.fromSecurityGroupId(this, 'SG', 'sg-12345', {
* mutable: false
* });
* ```
*/
export declare class SecurityGroup extends SecurityGroupBase {
/**
* Uniquely identifies this class.
*/
static readonly PROPERTY_INJECTION_ID: string;
/**
* Look up a security group by id.
*/
static fromLookupById(scope: Construct, id: string, securityGroupId: string): ISecurityGroup;
/**
* Look up a security group by name.
*/
static fromLookupByName(scope: Construct, id: string, securityGroupName: string, vpc: IVpc): ISecurityGroup;
/**
* Import an existing security group into this app.
*
* This method will assume that the Security Group has a rule in it which allows
* all outbound traffic, and so will not add egress rules to the imported Security
* Group (only ingress rules).
*
* If your existing Security Group needs to have egress rules added, pass the
* `allowAllOutbound: false` option on import.
*/
static fromSecurityGroupId(scope: Construct, id: string, securityGroupId: string, options?: SecurityGroupImportOptions): ISecurityGroup;
/**
* Look up a security group.
*/
private static fromLookupAttributes;
/**
* The ID of the security group
*
* @attribute
*/
readonly securityGroupId: string;
/**
* The VPC ID this security group is part of.
*
* @attribute
*/
readonly securityGroupVpcId: string;
/**
* Whether the SecurityGroup has been configured to allow all outbound traffic
*/
readonly allowAllOutbound: boolean;
/**
* Whether the SecurityGroup has been configured to allow all outbound ipv6 traffic
*/
readonly allowAllIpv6Outbound: boolean;
private readonly securityGroup;
private readonly directIngressRules;
private readonly directEgressRules;
/**
* Whether to disable optimization for inline security group rules.
*/
private readonly disableInlineRules;
constructor(scope: Construct, id: string, props: SecurityGroupProps);
addIngressRule(peer: IPeer, connection: Port, description?: string, remoteRule?: boolean): void;
addEgressRule(peer: IPeer, connection: Port, description?: string, remoteRule?: boolean): void;
/**
* Add a direct ingress rule
*/
private addDirectIngressRule;
/**
* Return whether the given ingress rule exists on the group
*/
private hasIngressRule;
/**
* Add a direct egress rule
*/
private addDirectEgressRule;
/**
* Return whether the given egress rule exists on the group
*/
private hasEgressRule;
/**
* Add the default egress rule to the securityGroup
*
* This depends on allowAllOutbound:
*
* - If allowAllOutbound is true, we *TECHNICALLY* don't need to do anything, because
* EC2 is going to create this default rule anyway. But, for maximum readability
* of the template, we will add one anyway.
* - If allowAllOutbound is false, we add a bogus rule that matches no traffic in
* order to get rid of the default "all outbound" rule that EC2 creates by default.
* If other rules happen to get added later, we remove the bogus rule again so
* that it doesn't clutter up the template too much (even though that's not
* strictly necessary).
*/
private addDefaultEgressRule;
/**
* Add a allow all ipv6 egress rule to the securityGroup
*
* This depends on allowAllIpv6Outbound:
*
* - If allowAllIpv6Outbound is true, we will add an allow all rule.
* - If allowAllOutbound is false, we don't do anything since EC2 does not add
* a default allow all ipv6 rule.
*/
private addDefaultIpv6EgressRule;
/**
* Remove the bogus rule if it exists
*/
private removeNoTrafficRule;
}
export interface ConnectionRule {
/**
* The IP protocol name (tcp, udp, icmp) or number (see Protocol Numbers).
* Use -1 to specify all protocols. If you specify -1, or a protocol number
* other than tcp, udp, icmp, or 58 (ICMPv6), traffic on all ports is
* allowed, regardless of any ports you specify. For tcp, udp, and icmp, you
* must specify a port range. For protocol 58 (ICMPv6), you can optionally
* specify a port range; if you don't, traffic for all types and codes is
* allowed.
*
* @default tcp
*/
readonly protocol?: string;
/**
* Start of port range for the TCP and UDP protocols, or an ICMP type number.
*
* If you specify icmp for the IpProtocol property, you can specify
* -1 as a wildcard (i.e., any ICMP type number).
*/
readonly fromPort: number;
/**
* End of port range for the TCP and UDP protocols, or an ICMP code.
*
* If you specify icmp for the IpProtocol property, you can specify -1 as a
* wildcard (i.e., any ICMP code).
*
* @default If toPort is not specified, it will be the same as fromPort.
*/
readonly toPort?: number;
/**
* Description of this connection. It is applied to both the ingress rule
* and the egress rule.
*
* @default No description
*/
readonly description?: string;
}
export {};

1
cdk/node_modules/aws-cdk-lib/aws-ec2/lib/security-group.js generated vendored Normal file
View File

File diff suppressed because one or more lines are too long

37
cdk/node_modules/aws-cdk-lib/aws-ec2/lib/subnet.d.ts generated vendored Normal file
View File

@@ -0,0 +1,37 @@
import type { ISubnet } from './vpc';
/**
* Contains logic which chooses a set of subnets from a larger list, in conjunction
* with SubnetSelection, to determine where to place AWS resources such as VPC
* endpoints, EC2 instances, etc.
*/
export declare abstract class SubnetFilter {
/**
* Chooses subnets by id.
*/
static byIds(subnetIds: string[]): SubnetFilter;
/**
* Chooses subnets which are in one of the given availability zones.
*/
static availabilityZones(availabilityZones: string[]): SubnetFilter;
/**
* Chooses subnets such that there is at most one per availability zone.
*/
static onePerAz(): SubnetFilter;
/**
* Chooses subnets which contain any of the specified IP addresses.
*/
static containsIpAddresses(ipv4addrs: string[]): SubnetFilter;
/**
* Chooses subnets which have the provided CIDR netmask.
*/
static byCidrMask(mask: number): SubnetFilter;
/**
* Chooses subnets which are inside any of the specified CIDR range.
* @param cidrs List of CIDR ranges to filter subnets from
*/
static byCidrRanges(cidrs: string[]): SubnetFilter;
/**
* Executes the subnet filtering logic, returning a filtered set of subnets.
*/
selectSubnets(_subnets: ISubnet[]): ISubnet[];
}

1
cdk/node_modules/aws-cdk-lib/aws-ec2/lib/subnet.js generated vendored Normal file
View File

@@ -0,0 +1 @@
"use strict";Object.defineProperty(exports,"__esModule",{value:!0}),exports.SubnetFilter=void 0;const JSII_RTTI_SYMBOL_1=Symbol.for("jsii.rtti");var network_util_1=()=>{var tmp=require("./network-util");return network_util_1=()=>tmp,tmp},core_1=()=>{var tmp=require("../../core");return core_1=()=>tmp,tmp},literal_string_1=()=>{var tmp=require("../../core/lib/private/literal-string");return literal_string_1=()=>tmp,tmp};class SubnetFilter{static[JSII_RTTI_SYMBOL_1]={fqn:"aws-cdk-lib.aws_ec2.SubnetFilter",version:"2.252.0"};static byIds(subnetIds){return new SubnetIdSubnetFilter(subnetIds)}static availabilityZones(availabilityZones){return new AvailabilityZoneSubnetFilter(availabilityZones)}static onePerAz(){return new OnePerAZSubnetFilter}static containsIpAddresses(ipv4addrs){return new ContainsIpAddressesSubnetFilter(ipv4addrs)}static byCidrMask(mask){return new CidrMaskSubnetFilter(mask)}static byCidrRanges(cidrs){return new CidrRangesSubnetFilter(cidrs)}selectSubnets(_subnets){throw new(core_1()).UnscopedValidationError((0,literal_string_1().lit)`CannotSelectSubnetsAbstractSubnet`,"Cannot select subnets with an abstract SubnetFilter. `selectSubnets` needs to be implmemented.")}}exports.SubnetFilter=SubnetFilter;class AvailabilityZoneSubnetFilter extends SubnetFilter{availabilityZones;constructor(availabilityZones){super(),this.availabilityZones=availabilityZones}selectSubnets(subnets){return subnets.filter(s=>this.availabilityZones.includes(s.availabilityZone))}}class OnePerAZSubnetFilter extends SubnetFilter{constructor(){super()}selectSubnets(subnets){return this.retainOnePerAz(subnets)}retainOnePerAz(subnets){const azsSeen=new Set;return subnets.filter(subnet=>azsSeen.has(subnet.availabilityZone)?!1:(azsSeen.add(subnet.availabilityZone),!0))}}class ContainsIpAddressesSubnetFilter extends SubnetFilter{ipAddresses;constructor(ipAddresses){super(),this.ipAddresses=ipAddresses}selectSubnets(subnets){return this.retainByIp(subnets,this.ipAddresses)}retainByIp(subnets,ips){const cidrBlockObjs=ips.map(ip=>{const ipNum=network_util_1().NetworkUtils.ipToNum(ip);return new(network_util_1()).CidrBlock(ipNum,32)});return subnets.filter(s=>{const subnetCidrBlock=new(network_util_1()).CidrBlock(s.ipv4CidrBlock);return cidrBlockObjs.some(cidr=>subnetCidrBlock.containsCidr(cidr))})}}class SubnetIdSubnetFilter extends SubnetFilter{subnetIds;constructor(subnetIds){super(),this.subnetIds=subnetIds}selectSubnets(subnets){return subnets.filter(subnet=>this.subnetIds.includes(core_1().Token.asString(subnet.subnetId)))}}class CidrMaskSubnetFilter extends SubnetFilter{mask;constructor(mask){super(),this.mask=mask}selectSubnets(subnets){return subnets.filter(subnet=>new(network_util_1()).CidrBlock(subnet.ipv4CidrBlock).mask===this.mask)}}class CidrRangesSubnetFilter extends SubnetFilter{cidrRanges;constructor(cidrRanges){super(),this.cidrRanges=cidrRanges}selectSubnets(subnets){return this.checkCidrRanges(subnets,this.cidrRanges)}checkCidrRanges(subnets,cidrRanges){const cidrs=cidrRanges.map(cidr=>new(network_util_1()).CidrBlock(cidr));return subnets.filter(s=>{const subnetCidrBlock=new(network_util_1()).CidrBlock(s.ipv4CidrBlock);return cidrs.some(cidr=>cidr.containsCidr(subnetCidrBlock))})}}

239
cdk/node_modules/aws-cdk-lib/aws-ec2/lib/user-data.d.ts generated vendored Normal file
View File

@@ -0,0 +1,239 @@
import { OperatingSystemType } from './machine-image';
import type { IBucketRef } from '../../aws-s3';
import type { Resource } from '../../core';
/**
* Options when constructing UserData for Linux
*/
export interface LinuxUserDataOptions {
/**
* Shebang for the UserData script
*
* @default "#!/bin/bash"
*/
readonly shebang?: string;
}
/**
* Options when constructing UserData for Windows
*/
export interface WindowsUserDataOptions {
/**
* Set to true to set this userdata to persist through an instance reboot; allowing
* it to run on every instance start.
* By default, UserData is run only once during the first instance launch.
*
* For more information, see:
* https://aws.amazon.com/premiumsupport/knowledge-center/execute-user-data-ec2/
* https://docs.aws.amazon.com/AWSEC2/latest/WindowsGuide/ec2-windows-user-data.html#user-data-scripts
*
* @default false
*/
readonly persist?: boolean;
}
/**
* Options when downloading files from S3
*/
export interface S3DownloadOptions {
/**
* Name of the S3 bucket to download from
*/
readonly bucket: IBucketRef;
/**
* The key of the file to download
*/
readonly bucketKey: string;
/**
* The name of the local file.
*
* @default Linux - /tmp/bucketKey
* Windows - %TEMP%/bucketKey
*/
readonly localFile?: string;
/**
* The region of the S3 Bucket (needed for access via VPC Gateway)
* @default none
*/
readonly region?: string;
}
/**
* Options when executing a file.
*/
export interface ExecuteFileOptions {
/**
* The path to the file.
*/
readonly filePath: string;
/**
* The arguments to be passed to the file.
*
* @default No arguments are passed to the file.
*/
readonly arguments?: string;
}
/**
* Instance User Data
*/
export declare abstract class UserData {
/**
* Create a userdata object for Linux hosts
*/
static forLinux(options?: LinuxUserDataOptions): UserData;
/**
* Create a userdata object for Windows hosts
*/
static forWindows(options?: WindowsUserDataOptions): UserData;
/**
* Create a userdata object with custom content
*/
static custom(content: string): UserData;
static forOperatingSystem(os: OperatingSystemType): UserData;
/**
* Add one or more commands to the user data
*/
abstract addCommands(...commands: string[]): void;
/**
* Add one or more commands to the user data that will run when the script exits.
*/
abstract addOnExitCommands(...commands: string[]): void;
/**
* Render the UserData for use in a construct
*/
abstract render(): string;
/**
* Adds commands to download a file from S3
*
* @returns: The local path that the file will be downloaded to
*/
abstract addS3DownloadCommand(params: S3DownloadOptions): string;
/**
* Adds commands to execute a file
*/
abstract addExecuteFileCommand(params: ExecuteFileOptions): void;
/**
* Adds a command which will send a cfn-signal when the user data script ends
*/
abstract addSignalOnExitCommand(resource: Resource): void;
}
/**
* Options when creating `MultipartBody`.
*/
export interface MultipartBodyOptions {
/**
* `Content-Type` header of this part.
*
* Some examples of content types:
* * `text/x-shellscript; charset="utf-8"` (shell script)
* * `text/cloud-boothook; charset="utf-8"` (shell script executed during boot phase)
*
* For Linux shell scripts use `text/x-shellscript`.
*/
readonly contentType: string;
/**
* `Content-Transfer-Encoding` header specifying part encoding.
*
* @default undefined - body is not encoded
*/
readonly transferEncoding?: string;
/**
* The body of message.
*
* @default undefined - body will not be added to part
*/
readonly body?: string;
}
/**
* The base class for all classes which can be used as `MultipartUserData`.
*/
export declare abstract class MultipartBody {
/**
* Content type for shell scripts
*/
static readonly SHELL_SCRIPT = "text/x-shellscript; charset=\"utf-8\"";
/**
* Content type for boot hooks
*/
static readonly CLOUD_BOOTHOOK = "text/cloud-boothook; charset=\"utf-8\"";
/**
* Constructs the new `MultipartBody` wrapping existing `UserData`. Modification to `UserData` are reflected
* in subsequent renders of the part.
*
* For more information about content types see `MultipartBodyOptions.contentType`.
*
* @param userData user data to wrap into body part
* @param contentType optional content type, if default one should not be used
*/
static fromUserData(userData: UserData, contentType?: string): MultipartBody;
/**
* Constructs the raw `MultipartBody` using specified body, content type and transfer encoding.
*
* When transfer encoding is specified (typically as Base64), it's caller responsibility to convert body to
* Base64 either by wrapping with `Fn.base64` or by converting it by other converters.
*/
static fromRawBody(opts: MultipartBodyOptions): MultipartBody;
constructor();
/**
* Render body part as the string.
*
* Subclasses should not add leading nor trailing new line characters (\r \n)
*/
abstract renderBodyPart(): string[];
}
/**
* Options for creating `MultipartUserData`
*/
export interface MultipartUserDataOptions {
/**
* The string used to separate parts in multipart user data archive (it's like MIME boundary).
*
* This string should contain [a-zA-Z0-9()+,-./:=?] characters only, and should not be present in any part, or in text content of archive.
*
* @default `+AWS+CDK+User+Data+Separator==`
*/
readonly partsSeparator?: string;
}
/**
* Mime multipart user data.
*
* This class represents MIME multipart user data, as described in.
* [Specifying Multiple User Data Blocks Using a MIME Multi Part Archive](https://docs.aws.amazon.com/AmazonECS/latest/developerguide/bootstrap_container_instance.html#multi-part_user_data)
*
*/
export declare class MultipartUserData extends UserData {
private static readonly USE_PART_ERROR;
private static readonly BOUNDRY_PATTERN;
private parts;
private opts;
private defaultUserData?;
constructor(opts?: MultipartUserDataOptions);
/**
* Adds a part to the list of parts.
*/
addPart(part: MultipartBody): void;
/**
* Adds a multipart part based on a UserData object.
*
* If `makeDefault` is true, then the UserData added by this method
* will also be the target of calls to the `add*Command` methods on
* this MultipartUserData object.
*
* If `makeDefault` is false, then this is the same as calling:
*
* ```ts
* declare const multiPart: ec2.MultipartUserData;
* declare const userData: ec2.UserData;
* declare const contentType: string;
*
* multiPart.addPart(ec2.MultipartBody.fromUserData(userData, contentType));
* ```
*
* An undefined `makeDefault` defaults to either:
* - `true` if no default UserData has been set yet; or
* - `false` if there is no default UserData set.
*/
addUserDataPart(userData: UserData, contentType?: string, makeDefault?: boolean): void;
render(): string;
addS3DownloadCommand(params: S3DownloadOptions): string;
addExecuteFileCommand(params: ExecuteFileOptions): void;
addSignalOnExitCommand(resource: Resource): void;
addCommands(...commands: string[]): void;
addOnExitCommands(...commands: string[]): void;
}

5
cdk/node_modules/aws-cdk-lib/aws-ec2/lib/user-data.js generated vendored Normal file
View File

@@ -0,0 +1,5 @@
"use strict";Object.defineProperty(exports,"__esModule",{value:!0}),exports.MultipartUserData=exports.MultipartBody=exports.UserData=void 0;var jsiiDeprecationWarnings=()=>{var tmp=require("../../.warnings.jsii.js");return jsiiDeprecationWarnings=()=>tmp,tmp};const JSII_RTTI_SYMBOL_1=Symbol.for("jsii.rtti");var machine_image_1=()=>{var tmp=require("./machine-image");return machine_image_1=()=>tmp,tmp},core_1=()=>{var tmp=require("../../core");return core_1=()=>tmp,tmp},literal_string_1=()=>{var tmp=require("../../core/lib/private/literal-string");return literal_string_1=()=>tmp,tmp};class UserData{static[JSII_RTTI_SYMBOL_1]={fqn:"aws-cdk-lib.aws_ec2.UserData",version:"2.252.0"};static forLinux(options={}){try{jsiiDeprecationWarnings().aws_cdk_lib_aws_ec2_LinuxUserDataOptions(options)}catch(error){throw process.env.JSII_DEBUG!=="1"&&error.name==="DeprecationError"&&Error.captureStackTrace(error,this.forLinux),error}return new LinuxUserData(options)}static forWindows(options={}){try{jsiiDeprecationWarnings().aws_cdk_lib_aws_ec2_WindowsUserDataOptions(options)}catch(error){throw process.env.JSII_DEBUG!=="1"&&error.name==="DeprecationError"&&Error.captureStackTrace(error,this.forWindows),error}return new WindowsUserData(options)}static custom(content){const userData=new CustomUserData;return userData.addCommands(content),userData}static forOperatingSystem(os){try{jsiiDeprecationWarnings().aws_cdk_lib_aws_ec2_OperatingSystemType(os)}catch(error){throw process.env.JSII_DEBUG!=="1"&&error.name==="DeprecationError"&&Error.captureStackTrace(error,this.forOperatingSystem),error}switch(os){case machine_image_1().OperatingSystemType.LINUX:return UserData.forLinux();case machine_image_1().OperatingSystemType.WINDOWS:return UserData.forWindows();case machine_image_1().OperatingSystemType.UNKNOWN:throw new(core_1()).UnscopedValidationError((0,literal_string_1().lit)`CannotDetermineUserData`,"Cannot determine UserData for unknown operating system type")}}}exports.UserData=UserData;class LinuxUserData extends UserData{props;lines=[];onExitLines=[];constructor(props={}){super(),this.props=props}addCommands(...commands){this.lines.push(...commands)}addOnExitCommands(...commands){this.onExitLines.push(...commands)}render(){return[this.props.shebang??"#!/bin/bash",...this.renderOnExitLines(),...this.lines].join(`
`)}addS3DownloadCommand(params){const s3Path=`s3://${params.bucket.bucketRef.bucketName}/${params.bucketKey}`,localPath=params.localFile&&params.localFile.length!==0?params.localFile:`/tmp/${params.bucketKey}`;return this.addCommands(`mkdir -p $(dirname '${localPath}')`,`aws s3 cp '${s3Path}' '${localPath}'`+(params.region!==void 0?` --region ${params.region}`:"")),localPath}addExecuteFileCommand(params){this.addCommands("set -e",`chmod +x '${params.filePath}'`,`'${params.filePath}' ${params.arguments??""}`.trim())}addSignalOnExitCommand(resource){const stack=core_1().Stack.of(resource),resourceID=resource.node.defaultChild.logicalId;this.addOnExitCommands(`/opt/aws/bin/cfn-signal --stack ${stack.stackName} --resource ${resourceID} --region ${stack.region} -e $exitCode || echo 'Failed to send Cloudformation Signal'`)}renderOnExitLines(){return this.onExitLines.length>0?["function exitTrap(){","exitCode=$?",...this.onExitLines,"}","trap exitTrap EXIT"]:[]}}class WindowsUserData extends UserData{props;lines=[];onExitLines=[];constructor(props={}){super(),this.props=props}addCommands(...commands){this.lines.push(...commands)}addOnExitCommands(...commands){this.onExitLines.push(...commands)}render(){return`<powershell>${[...this.renderOnExitLines(),...this.lines,...this.onExitLines.length>0?['throw "Success"']:[]].join(`
`)}</powershell>${this.props.persist??!1?"<persist>true</persist>":""}`}addS3DownloadCommand(params){const localPath=params.localFile&&params.localFile.length!==0?params.localFile:`C:/temp/${params.bucketKey}`;return this.addCommands(`mkdir (Split-Path -Path '${localPath}' ) -ea 0`,`Read-S3Object -BucketName '${params.bucket.bucketRef.bucketName}' -key '${params.bucketKey}' -file '${localPath}' -ErrorAction Stop`+(params.region!==void 0?` -Region ${params.region}`:"")),localPath}addExecuteFileCommand(params){this.addCommands(`&'${params.filePath}' ${params.arguments??""}`.trim(),`if (!$?) { Write-Error 'Failed to execute the file "${params.filePath}"' -ErrorAction Stop }`)}addSignalOnExitCommand(resource){const stack=core_1().Stack.of(resource),resourceID=resource.node.defaultChild.logicalId;this.addOnExitCommands(`cfn-signal --stack ${stack.stackName} --resource ${resourceID} --region ${stack.region} --success ($success.ToString().ToLower())`)}renderOnExitLines(){return this.onExitLines.length>0?["trap {",'$success=($PSItem.Exception.Message -eq "Success")',...this.onExitLines,"break","}"]:[]}}class CustomUserData extends UserData{lines=[];constructor(){super()}addCommands(...commands){this.lines.push(...commands)}addOnExitCommands(){throw new(core_1()).UnscopedValidationError((0,literal_string_1().lit)`CustomUserDataDoesNotSupportAddOnExitCommands`,"CustomUserData does not support addOnExitCommands, use UserData.forLinux() or UserData.forWindows() instead.")}render(){return this.lines.join(`
`)}addS3DownloadCommand(){throw new(core_1()).UnscopedValidationError((0,literal_string_1().lit)`CustomUserDataDoesNotSupportAddS3DownloadCommand`,"CustomUserData does not support addS3DownloadCommand, use UserData.forLinux() or UserData.forWindows() instead.")}addExecuteFileCommand(){throw new(core_1()).UnscopedValidationError((0,literal_string_1().lit)`CustomUserDataDoesNotSupportAddExecuteFileCommand`,"CustomUserData does not support addExecuteFileCommand, use UserData.forLinux() or UserData.forWindows() instead.")}addSignalOnExitCommand(){throw new(core_1()).UnscopedValidationError((0,literal_string_1().lit)`CustomUserDataDoesNotSupportAddSignalOnExitCommand`,"CustomUserData does not support addSignalOnExitCommand, use UserData.forLinux() or UserData.forWindows() instead.")}}class MultipartBody{static[JSII_RTTI_SYMBOL_1]={fqn:"aws-cdk-lib.aws_ec2.MultipartBody",version:"2.252.0"};static SHELL_SCRIPT='text/x-shellscript; charset="utf-8"';static CLOUD_BOOTHOOK='text/cloud-boothook; charset="utf-8"';static fromUserData(userData,contentType){try{jsiiDeprecationWarnings().aws_cdk_lib_aws_ec2_UserData(userData)}catch(error){throw process.env.JSII_DEBUG!=="1"&&error.name==="DeprecationError"&&Error.captureStackTrace(error,this.fromUserData),error}return new MultipartBodyUserDataWrapper(userData,contentType)}static fromRawBody(opts){try{jsiiDeprecationWarnings().aws_cdk_lib_aws_ec2_MultipartBodyOptions(opts)}catch(error){throw process.env.JSII_DEBUG!=="1"&&error.name==="DeprecationError"&&Error.captureStackTrace(error,this.fromRawBody),error}return new MultipartBodyRaw(opts)}constructor(){}}exports.MultipartBody=MultipartBody;class MultipartBodyRaw extends MultipartBody{props;constructor(props){super(),this.props=props}renderBodyPart(){const result=[];return result.push(`Content-Type: ${this.props.contentType}`),this.props.transferEncoding!=null&&result.push(`Content-Transfer-Encoding: ${this.props.transferEncoding}`),result.push(""),this.props.body!=null&&result.push(this.props.body),result}}class MultipartBodyUserDataWrapper extends MultipartBody{userData;contentType;constructor(userData,contentType){super(),this.userData=userData,this.contentType=contentType||MultipartBody.SHELL_SCRIPT}renderBodyPart(){const result=[];return result.push(`Content-Type: ${this.contentType}`),result.push("Content-Transfer-Encoding: base64"),result.push(""),result.push(core_1().Fn.base64(this.userData.render())),result}}class MultipartUserData extends UserData{static[JSII_RTTI_SYMBOL_1]={fqn:"aws-cdk-lib.aws_ec2.MultipartUserData",version:"2.252.0"};static USE_PART_ERROR="MultipartUserData only supports this operation if it has a default UserData. Call addUserDataPart with makeDefault=true.";static BOUNDRY_PATTERN="[^a-zA-Z0-9()+,-./:=?]";parts=[];opts;defaultUserData;constructor(opts){super();try{jsiiDeprecationWarnings().aws_cdk_lib_aws_ec2_MultipartUserDataOptions(opts)}catch(error){throw process.env.JSII_DEBUG!=="1"&&error.name==="DeprecationError"&&Error.captureStackTrace(error,MultipartUserData),error}let partsSeparator;if(opts?.partsSeparator!=null){if(new RegExp(MultipartUserData.BOUNDRY_PATTERN).test(opts.partsSeparator))throw new(core_1()).UnscopedValidationError((0,literal_string_1().lit)`InvalidCharactersInSeparator`,`Invalid characters in separator. Separator has to match pattern ${MultipartUserData.BOUNDRY_PATTERN}`);partsSeparator=opts.partsSeparator}else partsSeparator="+AWS+CDK+User+Data+Separator==";this.opts={partsSeparator}}addPart(part){try{jsiiDeprecationWarnings().aws_cdk_lib_aws_ec2_MultipartBody(part)}catch(error){throw process.env.JSII_DEBUG!=="1"&&error.name==="DeprecationError"&&Error.captureStackTrace(error,this.addPart),error}this.parts.push(part)}addUserDataPart(userData,contentType,makeDefault){try{jsiiDeprecationWarnings().aws_cdk_lib_aws_ec2_UserData(userData)}catch(error){throw process.env.JSII_DEBUG!=="1"&&error.name==="DeprecationError"&&Error.captureStackTrace(error,this.addUserDataPart),error}this.addPart(MultipartBody.fromUserData(userData,contentType)),makeDefault=makeDefault??this.defaultUserData===void 0,makeDefault&&(this.defaultUserData=userData)}render(){const boundary=this.opts.partsSeparator;var resultArchive=new Array;return resultArchive.push(`Content-Type: multipart/mixed; boundary="${boundary}"`),resultArchive.push("MIME-Version: 1.0"),resultArchive.push(""),this.parts.forEach(part=>{resultArchive.push(`--${boundary}`),resultArchive.push(...part.renderBodyPart())}),resultArchive.push(`--${boundary}--`),resultArchive.push(""),resultArchive.join(`
`)}addS3DownloadCommand(params){try{jsiiDeprecationWarnings().aws_cdk_lib_aws_ec2_S3DownloadOptions(params)}catch(error){throw process.env.JSII_DEBUG!=="1"&&error.name==="DeprecationError"&&Error.captureStackTrace(error,this.addS3DownloadCommand),error}if(this.defaultUserData)return this.defaultUserData.addS3DownloadCommand(params);throw new(core_1()).UnscopedValidationError((0,literal_string_1().lit)`MultipartUserDataRequiresDefaultUserData`,MultipartUserData.USE_PART_ERROR)}addExecuteFileCommand(params){try{jsiiDeprecationWarnings().aws_cdk_lib_aws_ec2_ExecuteFileOptions(params)}catch(error){throw process.env.JSII_DEBUG!=="1"&&error.name==="DeprecationError"&&Error.captureStackTrace(error,this.addExecuteFileCommand),error}if(this.defaultUserData)this.defaultUserData.addExecuteFileCommand(params);else throw new(core_1()).UnscopedValidationError((0,literal_string_1().lit)`MultipartUserDataRequiresDefaultUserData`,MultipartUserData.USE_PART_ERROR)}addSignalOnExitCommand(resource){try{jsiiDeprecationWarnings().aws_cdk_lib_Resource(resource)}catch(error){throw process.env.JSII_DEBUG!=="1"&&error.name==="DeprecationError"&&Error.captureStackTrace(error,this.addSignalOnExitCommand),error}if(this.defaultUserData)this.defaultUserData.addSignalOnExitCommand(resource);else throw new(core_1()).UnscopedValidationError((0,literal_string_1().lit)`MultipartUserDataRequiresDefaultUserData`,MultipartUserData.USE_PART_ERROR)}addCommands(...commands){if(this.defaultUserData)this.defaultUserData.addCommands(...commands);else throw new(core_1()).UnscopedValidationError((0,literal_string_1().lit)`MultipartUserDataRequiresDefaultUserData`,MultipartUserData.USE_PART_ERROR)}addOnExitCommands(...commands){if(this.defaultUserData)this.defaultUserData.addOnExitCommands(...commands);else throw new(core_1()).UnscopedValidationError((0,literal_string_1().lit)`MultipartUserDataRequiresDefaultUserData`,MultipartUserData.USE_PART_ERROR)}}exports.MultipartUserData=MultipartUserData;

50
cdk/node_modules/aws-cdk-lib/aws-ec2/lib/util.d.ts generated vendored Normal file
View File

@@ -0,0 +1,50 @@
import type { Construct } from 'constructs';
import type { ISubnet } from './vpc';
import { SubnetType } from './vpc';
/**
* Turn an arbitrary string into one that can be used as a CloudFormation identifier by stripping special characters
*
* (At the moment, no efforts are taken to prevent collisions, but we can add that later when it becomes necessary).
*/
export declare function slugify(x: string): string;
/**
* The default names for every subnet type
*/
export declare function defaultSubnetName(type: SubnetType): "Public" | "Private" | "Isolated";
/**
* Return a subnet name from its construct ID
*
* All subnet names look like NAME <> "Subnet" <> INDEX
*/
export declare function subnetGroupNameFromConstructId(subnet: ISubnet): string;
/**
* Make the subnet construct ID from a name and number
*/
export declare function subnetId(name: string, i: number): string;
export declare class ImportSubnetGroup {
private readonly availabilityZones;
private readonly subnetIds;
private readonly names;
private readonly routeTableIds;
private readonly ipv4CidrBlocks;
private readonly groups;
constructor(subnetIds: string[] | undefined, names: string[] | undefined, routeTableIds: string[] | undefined, ipv4CidrBlocks: string[] | undefined, type: SubnetType, availabilityZones: string[], idField: string, nameField: string, routeTableIdField: string, ipv4CidrBlockField: string);
import(scope: Construct): ISubnet[];
/**
* Return a list with a name for every subnet
*/
private normalizeNames;
/**
* Return the i'th AZ
*/
private pickAZ;
}
/**
* Generate the list of numbers of [0..n)
*/
export declare function range(n: number): number[];
/**
* Return the union of table IDs from all selected subnets
*/
export declare function allRouteTableIds(subnets: ISubnet[]): string[];
export declare function flatten<A>(xs: A[][]): A[];

1
cdk/node_modules/aws-cdk-lib/aws-ec2/lib/util.js generated vendored Normal file
View File

@@ -0,0 +1 @@
"use strict";Object.defineProperty(exports,"__esModule",{value:!0}),exports.ImportSubnetGroup=void 0,exports.slugify=slugify,exports.defaultSubnetName=defaultSubnetName,exports.subnetGroupNameFromConstructId=subnetGroupNameFromConstructId,exports.subnetId=subnetId,exports.range=range,exports.allRouteTableIds=allRouteTableIds,exports.flatten=flatten;var vpc_1=()=>{var tmp=require("./vpc");return vpc_1=()=>tmp,tmp},core_1=()=>{var tmp=require("../../core");return core_1=()=>tmp,tmp},literal_string_1=()=>{var tmp=require("../../core/lib/private/literal-string");return literal_string_1=()=>tmp,tmp};function slugify(x){return x.replace(/[^a-zA-Z0-9]/g,"")}function defaultSubnetName(type){switch(type){case vpc_1().SubnetType.PUBLIC:return"Public";case vpc_1().SubnetType.PRIVATE_WITH_NAT:case vpc_1().SubnetType.PRIVATE_WITH_EGRESS:case vpc_1().SubnetType.PRIVATE:return"Private";case vpc_1().SubnetType.PRIVATE_ISOLATED:case vpc_1().SubnetType.ISOLATED:return"Isolated"}}function subnetGroupNameFromConstructId(subnet){return subnet.node.id.replace(/Subnet\d+$/,"")}function subnetId(name,i){return`${name}Subnet${i+1}`}class ImportSubnetGroup{availabilityZones;subnetIds;names;routeTableIds;ipv4CidrBlocks;groups;constructor(subnetIds,names,routeTableIds,ipv4CidrBlocks,type,availabilityZones,idField,nameField,routeTableIdField,ipv4CidrBlockField){if(this.availabilityZones=availabilityZones,this.subnetIds=subnetIds||[],this.routeTableIds=routeTableIds||[],this.ipv4CidrBlocks=ipv4CidrBlocks||[],this.groups=this.subnetIds.length/this.availabilityZones.length,Math.floor(this.groups)!==this.groups)throw new(core_1()).UnscopedValidationError((0,literal_string_1().lit)`MustBeNumberMultipleAvailability`,`Number of ${idField} (${this.subnetIds.length}) must be a multiple of availability zones (${this.availabilityZones.length}).`);if(this.routeTableIds.length!==this.subnetIds.length&&routeTableIds!=null)throw new(core_1()).UnscopedValidationError((0,literal_string_1().lit)`MustBeNumberEqualAmount`,`Number of ${routeTableIdField} (${this.routeTableIds.length}) must be equal to the amount of ${idField} (${this.subnetIds.length}).`);if(this.ipv4CidrBlocks.length!==this.subnetIds.length&&ipv4CidrBlocks!=null)throw new(core_1()).UnscopedValidationError((0,literal_string_1().lit)`MustBeNumberEqualAmount`,`Number of ${ipv4CidrBlockField} (${this.ipv4CidrBlocks.length}) must be equal to the amount of ${idField} (${this.subnetIds.length}).`);this.names=this.normalizeNames(names,defaultSubnetName(type),nameField)}import(scope){return range(this.subnetIds.length).map(i=>{const k=Math.floor(i/this.availabilityZones.length);return vpc_1().Subnet.fromSubnetAttributes(scope,subnetId(this.names[k],i),{availabilityZone:this.pickAZ(i),subnetId:this.subnetIds[i],routeTableId:this.routeTableIds[i],ipv4CidrBlock:this.ipv4CidrBlocks[i]})})}normalizeNames(names,defaultName,fieldName){if(names===void 0||names.length===0)return[defaultName];if(names.length!==this.groups)throw new(core_1()).UnscopedValidationError((0,literal_string_1().lit)`EntryEveryCorrespondingSubnet`,`${fieldName} must have an entry for every corresponding subnet group, got: ${JSON.stringify(names)}`);return names}pickAZ(i){return this.availabilityZones[i%this.availabilityZones.length]}}exports.ImportSubnetGroup=ImportSubnetGroup;function range(n){const ret=[];for(let i=0;i<n;i++)ret.push(i);return ret}function allRouteTableIds(subnets){const ret=new Set;for(const subnet of subnets)subnet.routeTable&&subnet.routeTable.routeTableId&&ret.add(subnet.routeTable.routeTableId);return Array.from(ret)}function flatten(xs){return Array.prototype.concat.apply([],xs)}

493
cdk/node_modules/aws-cdk-lib/aws-ec2/lib/volume.d.ts generated vendored Normal file
View File

@@ -0,0 +1,493 @@
import type { Construct } from 'constructs';
import type { IInstanceRef, IVolumeRef, VolumeReference } from './ec2.generated';
import type { IGrantable } from '../../aws-iam';
import { Grant } from '../../aws-iam';
import type { IKey } from '../../aws-kms';
import type { IResource, RemovalPolicy, Size } from '../../core';
import { Resource } from '../../core';
/**
* Block device
*/
export interface BlockDevice {
/**
* The device name exposed to the EC2 instance
*
* For example, a value like `/dev/sdh`, `xvdh`.
*
* @see https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/device_naming.html
*/
readonly deviceName: string;
/**
* Defines the block device volume, to be either an Amazon EBS volume or an ephemeral instance store volume
*
* For example, a value like `BlockDeviceVolume.ebs(15)`, `BlockDeviceVolume.ephemeral(0)`.
*/
readonly volume: BlockDeviceVolume;
/**
* If false, the device mapping will be suppressed.
* If set to false for the root device, the instance might fail the Amazon EC2 health check.
* Amazon EC2 Auto Scaling launches a replacement instance if the instance fails the health check.
*
* @default true - device mapping is left untouched
*/
readonly mappingEnabled?: boolean;
}
/**
* Base block device options for an EBS volume
*/
export interface EbsDeviceOptionsBase {
/**
* Indicates whether to delete the volume when the instance is terminated.
*
* @default - true for Amazon EC2 Auto Scaling, false otherwise (e.g. EBS)
*/
readonly deleteOnTermination?: boolean;
/**
* The number of I/O operations per second (IOPS) to provision for the volume.
*
* Must only be set for `volumeType`: `EbsDeviceVolumeType.IO1`
*
* The maximum ratio of IOPS to volume size (in GiB) is 50:1, so for 5,000 provisioned IOPS,
* you need at least 100 GiB storage on the volume.
*
* @see https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/EBSVolumeTypes.html
*
* @default - none, required for `EbsDeviceVolumeType.IO1`
*/
readonly iops?: number;
/**
* The EBS volume type
* @see https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/EBSVolumeTypes.html
*
* @default `EbsDeviceVolumeType.GENERAL_PURPOSE_SSD` or `EbsDeviceVolumeType.GENERAL_PURPOSE_SSD_GP3` if
* `@aws-cdk/aws-ec2:ebsDefaultGp3Volume` is enabled.
*/
readonly volumeType?: EbsDeviceVolumeType;
/**
* The throughput to provision for a `gp3` volume.
*
* Valid Range: Minimum value of 125. Maximum value of 2000.
*
* `gp3` volumes deliver a consistent baseline throughput performance of 125 MiB/s.
* You can provision additional throughput for an additional cost at a ratio of 0.25 MiB/s per provisioned IOPS.
*
* @see https://docs.aws.amazon.com/ebs/latest/userguide/general-purpose.html#gp3-performance
*
* @default - 125 MiB/s.
*/
readonly throughput?: number;
}
/**
* Block device options for an EBS volume
*/
export interface EbsDeviceOptions extends EbsDeviceOptionsBase {
/**
* Specifies whether the EBS volume is encrypted.
* Encrypted EBS volumes can only be attached to instances that support Amazon EBS encryption
*
* @see https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/EBSEncryption.html#EBSEncryption_supported_instances
*
* @default false
*/
readonly encrypted?: boolean;
/**
* The ARN of the AWS Key Management Service (AWS KMS) CMK used for encryption.
*
* You have to ensure that the KMS CMK has the correct permissions to be used by the service launching the ec2 instances.
*
* @see https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/EBSEncryption.html#ebs-encryption-requirements
*
* @default - If encrypted is true, the default aws/ebs KMS key will be used.
*/
readonly kmsKey?: IKey;
}
/**
* Block device options for an EBS volume created from a snapshot
*/
export interface EbsDeviceSnapshotOptions extends EbsDeviceOptionsBase {
/**
* The volume size, in Gibibytes (GiB)
*
* If you specify volumeSize, it must be equal or greater than the size of the snapshot.
*
* @default - The snapshot size
*/
readonly volumeSize?: number;
}
/**
* Properties of an EBS block device
*/
export interface EbsDeviceProps extends EbsDeviceSnapshotOptions, EbsDeviceOptions {
/**
* The snapshot ID of the volume to use
*
* @default - No snapshot will be used
*/
readonly snapshotId?: string;
}
/**
* Describes a block device mapping for an EC2 instance or Auto Scaling group.
*/
export declare class BlockDeviceVolume {
readonly ebsDevice?: EbsDeviceProps | undefined;
readonly virtualName?: string | undefined;
/**
* Creates a new Elastic Block Storage device
*
* @param volumeSize The volume size, in Gibibytes (GiB)
* @param options additional device options
*/
static ebs(volumeSize: number, options?: EbsDeviceOptions): BlockDeviceVolume;
/**
* Creates a new Elastic Block Storage device from an existing snapshot
*
* @param snapshotId The snapshot ID of the volume to use
* @param options additional device options
*/
static ebsFromSnapshot(snapshotId: string, options?: EbsDeviceSnapshotOptions): BlockDeviceVolume;
/**
* Creates a virtual, ephemeral device.
* The name will be in the form ephemeral{volumeIndex}.
*
* @param volumeIndex the volume index. Must be equal or greater than 0
*/
static ephemeral(volumeIndex: number): BlockDeviceVolume;
/**
* @param ebsDevice EBS device info
* @param virtualName Virtual device name
*/
protected constructor(ebsDevice?: EbsDeviceProps | undefined, virtualName?: string | undefined);
}
/**
* Supported EBS volume types for blockDevices
*/
export declare enum EbsDeviceVolumeType {
/**
* Magnetic
*/
STANDARD = "standard",
/**
* Provisioned IOPS SSD - IO1
*/
IO1 = "io1",
/**
* Provisioned IOPS SSD - IO2
*/
IO2 = "io2",
/**
* General Purpose SSD - GP2
*/
GP2 = "gp2",
/**
* General Purpose SSD - GP3
*/
GP3 = "gp3",
/**
* Throughput Optimized HDD
*/
ST1 = "st1",
/**
* Cold HDD
*/
SC1 = "sc1",
/**
* General purpose SSD volume (GP2) that balances price and performance for a wide variety of workloads.
*/
GENERAL_PURPOSE_SSD = "gp2",
/**
* General purpose SSD volume (GP3) that balances price and performance for a wide variety of workloads.
*/
GENERAL_PURPOSE_SSD_GP3 = "gp3",
/**
* Highest-performance SSD volume (IO1) for mission-critical low-latency or high-throughput workloads.
*/
PROVISIONED_IOPS_SSD = "io1",
/**
* Highest-performance SSD volume (IO2) for mission-critical low-latency or high-throughput workloads.
*/
PROVISIONED_IOPS_SSD_IO2 = "io2",
/**
* Low-cost HDD volume designed for frequently accessed, throughput-intensive workloads.
*/
THROUGHPUT_OPTIMIZED_HDD = "st1",
/**
* Lowest cost HDD volume designed for less frequently accessed workloads.
*/
COLD_HDD = "sc1",
/**
* Magnetic volumes are backed by magnetic drives and are suited for workloads where data is accessed infrequently, and scenarios where low-cost
* storage for small volume sizes is important.
*/
MAGNETIC = "standard"
}
/**
* An EBS Volume in AWS EC2.
*/
export interface IVolume extends IResource, IVolumeRef {
/**
* The EBS Volume's ID
*
* @attribute
*/
readonly volumeId: string;
/**
* The availability zone that the EBS Volume is contained within (ex: us-west-2a)
*/
readonly availabilityZone: string;
/**
* The customer-managed encryption key that is used to encrypt the Volume.
*
* @attribute
*/
readonly encryptionKey?: IKey;
/**
* Grants permission to attach this Volume to an instance.
* CAUTION: Granting an instance permission to attach to itself using this method will lead to
* an unresolvable circular reference between the instance role and the instance.
* Use `IVolume.grantAttachVolumeToSelf` to grant an instance permission to attach this
* volume to itself.
*
* @param grantee the principal being granted permission.
* @param instances the instances to which permission is being granted to attach this
* volume to. If not specified, then permission is granted to attach
* to all instances in this account.
*/
grantAttachVolume(grantee: IGrantable, instances?: IInstanceRef[]): Grant;
/**
* Grants permission to attach the Volume by a ResourceTag condition. If you are looking to
* grant an Instance, AutoScalingGroup, EC2-Fleet, SpotFleet, ECS host, etc the ability to attach
* this volume to **itself** then this is the method you want to use.
*
* This is implemented by adding a Tag with key `VolumeGrantAttach-<suffix>` to the given
* constructs and this Volume, and then conditioning the Grant such that the grantee is only
* given the ability to AttachVolume if both the Volume and the destination Instance have that
* tag applied to them.
*
* @param grantee the principal being granted permission.
* @param constructs The list of constructs that will have the generated resource tag applied to them.
* @param tagKeySuffix A suffix to use on the generated Tag key in place of the generated hash value.
* Defaults to a hash calculated from this volume and list of constructs. (DEPRECATED)
*/
grantAttachVolumeByResourceTag(grantee: IGrantable, constructs: Construct[], tagKeySuffix?: string): Grant;
/**
* Grants permission to detach this Volume from an instance
* CAUTION: Granting an instance permission to detach from itself using this method will lead to
* an unresolvable circular reference between the instance role and the instance.
* Use `IVolume.grantDetachVolumeFromSelf` to grant an instance permission to detach this
* volume from itself.
*
* @param grantee the principal being granted permission.
* @param instances the instances to which permission is being granted to detach this
* volume from. If not specified, then permission is granted to detach
* from all instances in this account.
*/
grantDetachVolume(grantee: IGrantable, instances?: IInstanceRef[]): Grant;
/**
* Grants permission to detach the Volume by a ResourceTag condition.
*
* This is implemented via the same mechanism as `IVolume.grantAttachVolumeByResourceTag`,
* and is subject to the same conditions.
*
* @param grantee the principal being granted permission.
* @param constructs The list of constructs that will have the generated resource tag applied to them.
* @param tagKeySuffix A suffix to use on the generated Tag key in place of the generated hash value.
* Defaults to a hash calculated from this volume and list of constructs. (DEPRECATED)
*/
grantDetachVolumeByResourceTag(grantee: IGrantable, constructs: Construct[], tagKeySuffix?: string): Grant;
}
/**
* Properties of an EBS Volume
*/
export interface VolumeProps {
/**
* The value of the physicalName property of this resource.
*
* @default - The physical name will be allocated by CloudFormation at deployment time
*/
readonly volumeName?: string;
/**
* The Availability Zone in which to create the volume.
*/
readonly availabilityZone: string;
/**
* The size of the volume, in GiBs. You must specify either a snapshot ID or a volume size.
* See https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ec2-volume.html
* for details on the allowable size for each type of volume.
*
* @default - If you're creating the volume from a snapshot and don't specify a volume size, the default is the snapshot size.
*/
readonly size?: Size;
/**
* The snapshot from which to create the volume. You must specify either a snapshot ID or a volume size.
*
* @default - The EBS volume is not created from a snapshot.
*/
readonly snapshotId?: string;
/**
* Indicates whether Amazon EBS Multi-Attach is enabled.
* See [Considerations and limitations](https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ebs-volumes-multi.html#considerations)
* for the constraints of multi-attach.
*
* @default false
*/
readonly enableMultiAttach?: boolean;
/**
* Specifies whether the volume should be encrypted. The effect of setting the encryption state to true depends on the volume origin
* (new or from a snapshot), starting encryption state, ownership, and whether encryption by default is enabled. For more information,
* see [Encryption by Default](https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/EBSEncryption.html#encryption-by-default)
* in the Amazon Elastic Compute Cloud User Guide.
*
* Encrypted Amazon EBS volumes must be attached to instances that support Amazon EBS encryption. For more information, see
* [Supported Instance Types](https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/EBSEncryption.html#EBSEncryption_supported_instances).
*
* @default false
*/
readonly encrypted?: boolean;
/**
* The customer-managed encryption key that is used to encrypt the Volume. The encrypted property must
* be true if this is provided.
*
* Note: If using an `aws-kms.IKey` created from a `aws-kms.Key.fromKeyArn()` here,
* then the KMS key **must** have the following in its Key policy; otherwise, the Volume
* will fail to create.
*
* {
* "Effect": "Allow",
* "Principal": { "AWS": "<arn for your account-user> ex: arn:aws:iam::00000000000:root" },
* "Resource": "*",
* "Action": [
* "kms:DescribeKey",
* "kms:GenerateDataKeyWithoutPlainText",
* ],
* "Condition": {
* "StringEquals": {
* "kms:ViaService": "ec2.<Region>.amazonaws.com", (eg: ec2.us-east-1.amazonaws.com)
* "kms:CallerAccount": "0000000000" (your account ID)
* }
* }
* }
*
* @default - The default KMS key for the account, region, and EC2 service is used.
*/
readonly encryptionKey?: IKey;
/**
* Indicates whether the volume is auto-enabled for I/O operations. By default, Amazon EBS disables I/O to the volume from attached EC2
* instances when it determines that a volume's data is potentially inconsistent. If the consistency of the volume is not a concern, and
* you prefer that the volume be made available immediately if it's impaired, you can configure the volume to automatically enable I/O.
*
* @default false
*/
readonly autoEnableIo?: boolean;
/**
* The type of the volume; what type of storage to use to form the EBS Volume.
*
* @default `EbsDeviceVolumeType.GENERAL_PURPOSE_SSD`
*/
readonly volumeType?: EbsDeviceVolumeType;
/**
* The number of I/O operations per second (IOPS) to provision for the volume. The maximum ratio is 50 IOPS/GiB for PROVISIONED_IOPS_SSD,
* and 500 IOPS/GiB for both PROVISIONED_IOPS_SSD_IO2 and GENERAL_PURPOSE_SSD_GP3.
* See https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ec2-volume.html
* for more information.
*
* This parameter is valid only for PROVISIONED_IOPS_SSD, PROVISIONED_IOPS_SSD_IO2 and GENERAL_PURPOSE_SSD_GP3 volumes.
*
* @default None -- Required for io1 and io2 volumes. The default for gp3 volumes is 3,000 IOPS if omitted.
*/
readonly iops?: number;
/**
* Policy to apply when the volume is removed from the stack
*
* @default RemovalPolicy.RETAIN
*/
readonly removalPolicy?: RemovalPolicy;
/**
* The throughput that the volume supports, in MiB/s
* Takes a minimum of 125 and maximum of 2000.
* @see https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ec2-volume.html#cfn-ec2-volume-throughput
* @default - 125 MiB/s. Only valid on gp3 volumes.
*/
readonly throughput?: number;
/**
* Specifies the Amazon EBS Provisioned Rate for Volume Initialization (volume initialization rate),
* at which to download the snapshot blocks from Amazon S3 to the volume.
*
* Valid range is between 100 and 300 MiB/s.
*
* This parameter is supported only for volumes created from snapshots.
*
* @see https://docs.aws.amazon.com/ebs/latest/userguide/initalize-volume.html#volume-initialization-rate
*
* @default undefined - The volume initialization rate is not set.
*/
readonly volumeInitializationRate?: Size;
}
/**
* Attributes required to import an existing EBS Volume into the Stack.
*/
export interface VolumeAttributes {
/**
* The EBS Volume's ID
*/
readonly volumeId: string;
/**
* The availability zone that the EBS Volume is contained within (ex: us-west-2a)
*/
readonly availabilityZone: string;
/**
* The customer-managed encryption key that is used to encrypt the Volume.
*
* @default None -- The EBS Volume is not using a customer-managed KMS key for encryption.
*/
readonly encryptionKey?: IKey;
}
/**
* Common behavior of Volumes. Users should not use this class directly, and instead use ``Volume``.
*/
declare abstract class VolumeBase extends Resource implements IVolume {
abstract readonly volumeId: string;
abstract readonly availabilityZone: string;
abstract readonly encryptionKey?: IKey;
get volumeRef(): VolumeReference;
/**
* [disable-awslint:no-grants]
*/
grantAttachVolume(grantee: IGrantable, instances?: IInstanceRef[]): Grant;
/**
* [disable-awslint:no-grants]
*/
grantAttachVolumeByResourceTag(grantee: IGrantable, constructs: Construct[], tagKeySuffix?: string): Grant;
/**
* [disable-awslint:no-grants]
*/
grantDetachVolume(grantee: IGrantable, instances?: IInstanceRef[]): Grant;
/**
* [disable-awslint:no-grants]
*/
grantDetachVolumeByResourceTag(grantee: IGrantable, constructs: Construct[], tagKeySuffix?: string): Grant;
private collectGrantResourceArns;
private calculateResourceTagValue;
}
/**
* Creates a new EBS Volume in AWS EC2.
*/
export declare class Volume extends VolumeBase {
/**
* Uniquely identifies this class.
*/
static readonly PROPERTY_INJECTION_ID: string;
/**
* Import an existing EBS Volume into the Stack.
*
* @param scope the scope of the import.
* @param id the ID of the imported Volume in the construct tree.
* @param attrs the attributes of the imported Volume
*/
static fromVolumeAttributes(scope: Construct, id: string, attrs: VolumeAttributes): IVolume;
readonly volumeId: string;
readonly availabilityZone: string;
readonly encryptionKey?: IKey;
constructor(scope: Construct, id: string, props: VolumeProps);
protected validateProps(props: VolumeProps): void;
}
export {};

1
cdk/node_modules/aws-cdk-lib/aws-ec2/lib/volume.js generated vendored Normal file
View File

File diff suppressed because one or more lines are too long

150
cdk/node_modules/aws-cdk-lib/aws-ec2/lib/vpc-endpoint-service.d.ts generated vendored Normal file
View File

@@ -0,0 +1,150 @@
import type { Construct } from 'constructs';
import type { IVPCEndpointServiceRef, VPCEndpointServiceReference } from './ec2.generated';
import type { ArnPrincipal } from '../../aws-iam';
import type { IResource } from '../../core';
import { Resource } from '../../core';
/**
* IP address types supported for VPC endpoint service.
*/
export declare enum IpAddressType {
/**
* ipv4 address type.
*/
IPV4 = "ipv4",
/**
* ipv6 address type.
*/
IPV6 = "ipv6"
}
/**
* A load balancer that can host a VPC Endpoint Service
*
*/
export interface IVpcEndpointServiceLoadBalancer {
/**
* The ARN of the load balancer that hosts the VPC Endpoint Service
*
* @attribute
*/
readonly loadBalancerArn: string;
}
/**
* A VPC endpoint service.
*
*/
export interface IVpcEndpointService extends IResource, IVPCEndpointServiceRef {
/**
* The service name of the VPC Endpoint Service that clients use to connect to,
* like com.amazonaws.vpce.<region>.vpce-svc-xxxxxxxxxxxxxxxx
*
* @attribute
*/
readonly vpcEndpointServiceName: string;
/**
* The id of the VPC Endpoint Service that clients use to connect to,
* like vpce-svc-xxxxxxxxxxxxxxxx
*
* @attribute
*/
readonly vpcEndpointServiceId: string;
}
/**
* A VPC endpoint service
* @resource AWS::EC2::VPCEndpointService
*
*/
export declare class VpcEndpointService extends Resource implements IVpcEndpointService {
/** Uniquely identifies this class. */
static readonly PROPERTY_INJECTION_ID: string;
/**
* The default value for a VPC Endpoint Service name prefix, useful if you do
* not have a synthesize-time region literal available (all you have is
* `{ "Ref": "AWS::Region" }`)
*/
static readonly DEFAULT_PREFIX = "com.amazonaws.vpce";
/**
* One or more network load balancers to host the service.
* @attribute
*/
readonly vpcEndpointServiceLoadBalancers: IVpcEndpointServiceLoadBalancer[];
/**
* Whether to require manual acceptance of new connections to the service.
*
*/
readonly acceptanceRequired: boolean;
/**
* Whether to enable the built-in Contributor Insights rules provided by AWS PrivateLink.
*
*/
readonly contributorInsightsEnabled?: boolean;
/**
* One or more Principal ARNs to allow inbound connections to.
*
*/
readonly allowedPrincipals: ArnPrincipal[];
/**
* IP address types supported for this VPC endpoint service.
*/
private readonly supportedIpAddressTypes?;
/**
* The Regions from which service consumers can access the service.
*/
private readonly allowedRegions?;
/**
* The id of the VPC Endpoint Service, like vpce-svc-xxxxxxxxxxxxxxxx.
* @attribute
*/
readonly vpcEndpointServiceId: string;
/**
* The service name of the VPC Endpoint Service that clients use to connect to,
* like com.amazonaws.vpce.<region>.vpce-svc-xxxxxxxxxxxxxxxx
*
* @attribute
*/
readonly vpcEndpointServiceName: string;
private readonly endpointService;
constructor(scope: Construct, id: string, props: VpcEndpointServiceProps);
get vpcEndpointServiceRef(): VPCEndpointServiceReference;
}
/**
* Construction properties for a VpcEndpointService.
*
*/
export interface VpcEndpointServiceProps {
/**
* One or more load balancers to host the VPC Endpoint Service.
*
*/
readonly vpcEndpointServiceLoadBalancers: IVpcEndpointServiceLoadBalancer[];
/**
* Whether requests from service consumers to connect to the service through
* an endpoint must be accepted.
* @default true
*
*/
readonly acceptanceRequired?: boolean;
/**
* Indicates whether to enable the built-in Contributor Insights rules provided by AWS PrivateLink.
* @default false
*
*/
readonly contributorInsights?: boolean;
/**
* IAM users, IAM roles, or AWS accounts to allow inbound connections from.
* These principals can connect to your service using VPC endpoints. Takes a
* list of one or more ArnPrincipal.
* @default - no principals
*
*/
readonly allowedPrincipals?: ArnPrincipal[];
/**
* Specify which IP address types are supported for VPC endpoint service.
* @default - No specific IP address types configured
*/
readonly supportedIpAddressTypes?: IpAddressType[];
/**
* The Regions from which service consumers can access the service.
* @default - No Region restrictions
*/
readonly allowedRegions?: string[];
}

1
cdk/node_modules/aws-cdk-lib/aws-ec2/lib/vpc-endpoint-service.js generated vendored Normal file
View File

File diff suppressed because one or more lines are too long

891
cdk/node_modules/aws-cdk-lib/aws-ec2/lib/vpc-endpoint.d.ts generated vendored Normal file
View File

@@ -0,0 +1,891 @@
import type { Construct } from 'constructs';
import type { IConnectable } from './connections';
import { Connections } from './connections';
import type { IVPCEndpointRef, VPCEndpointReference } from './ec2.generated';
import type { ISecurityGroup } from './security-group';
import type { IVpc, SubnetSelection } from './vpc';
import * as iam from '../../aws-iam';
import type { IResource } from '../../core';
import { Resource } from '../../core';
/**
* A VPC endpoint.
*/
export interface IVpcEndpoint extends IResource, IVPCEndpointRef {
/**
* The VPC endpoint identifier.
* @attribute
*/
readonly vpcEndpointId: string;
}
export declare abstract class VpcEndpoint extends Resource implements IVpcEndpoint {
abstract readonly vpcEndpointId: string;
protected policyDocument?: iam.PolicyDocument;
get vpcEndpointRef(): VPCEndpointReference;
/**
* Adds a statement to the policy document of the VPC endpoint. The statement
* must have a Principal.
*
* Not all interface VPC endpoints support policy. For more information
* see https://docs.aws.amazon.com/vpc/latest/userguide/vpce-interface.html
*
* @param statement the IAM statement to add
*/
addToPolicy(statement: iam.PolicyStatement): void;
}
/**
* A gateway VPC endpoint.
*/
export interface IGatewayVpcEndpoint extends IVpcEndpoint {
}
/**
* The type of VPC endpoint.
*/
export declare enum VpcEndpointType {
/**
* Interface
*
* An interface endpoint is an elastic network interface with a private IP
* address that serves as an entry point for traffic destined to a supported
* service.
*/
INTERFACE = "Interface",
/**
* Gateway
*
* A gateway endpoint is a gateway that is a target for a specified route in
* your route table, used for traffic destined to a supported AWS service.
*/
GATEWAY = "Gateway",
/**
* A Gateway Load Balancer (GWLB) endpoint is an entry/exit point in your VPC that allows traffic
* to flow between your VPC and Gateway Load Balancer appliances (like firewalls, intrusion detection systems,
* or other security appliances) deployed in a separate VPC.
*/
GATEWAYLOADBALANCER = "GatewayLoadBalancer",
/**
* A ServiceNetwork VPC endpoint is a feature to connect your VPC to an AWS Cloud WAN (Wide Area Network)
* or Amazon VPC Lattice service.
*/
SERVICENETWORK = "ServiceNetwork",
/**
* A Resource VPC endpoint in AWS is specifically designed to connect to AWS Resource Access Manager (RAM) service
* privately within your VPC, without requiring access through the public internet.
*/
RESOURCE = "Resource"
}
/**
* IP address type for the endpoint.
*/
export declare enum VpcEndpointIpAddressType {
/**
* Assign IPv4 addresses to the endpoint network interfaces.
* This option is supported only if all selected subnets have IPv4 address ranges
* and the endpoint service accepts IPv4 requests.
*/
IPV4 = "ipv4",
/**
* Assign IPv6 addresses to the endpoint network interfaces.
* This option is supported only if all selected subnets are IPv6 only subnets
* and the endpoint service accepts IPv6 requests.
*/
IPV6 = "ipv6",
/**
* Assign both IPv4 and IPv6 addresses to the endpoint network interfaces.
* This option is supported only if all selected subnets have both IPv4 and IPv6
* address ranges and the endpoint service accepts both IPv4 and IPv6 requests.
*/
DUALSTACK = "dualstack"
}
/**
* Enums for all Dns Record IP Address types.
*/
export declare enum VpcEndpointDnsRecordIpType {
/**
* Create A records for the private, Regional, and zonal DNS names.
* The IP address type must be IPv4 or Dualstack.
*/
IPV4 = "ipv4",
/**
* Create AAAA records for the private, Regional, and zonal DNS names.
* The IP address type must be IPv6 or Dualstack.
*/
IPV6 = "ipv6",
/**
* Create A and AAAA records for the private, Regional, and zonal DNS names.
* The IP address type must be Dualstack.
*/
DUALSTACK = "dualstack",
/**
* Create A records for the private, Regional, and zonal DNS names and
* AAAA records for the Regional and zonal DNS names.
* The IP address type must be Dualstack.
*/
SERVICE_DEFINED = "service-defined"
}
/**
* Indicates whether to enable private DNS only for inbound endpoints.
* This option is available only for services that support both gateway and interface endpoints.
* It routes traffic that originates from the VPC to the gateway endpoint and traffic that
* originates from on-premises to the interface endpoint.
*/
export declare enum VpcEndpointPrivateDnsOnlyForInboundResolverEndpoint {
/**
* Enable private DNS for all resolvers.
*/
ALL_RESOLVERS = "AllResolvers",
/**
* Enable private DNS only for inbound endpoints.
*/
ONLY_INBOUND_RESOLVER = "OnlyInboundResolver"
}
/**
* A service for a gateway VPC endpoint.
*/
export interface IGatewayVpcEndpointService {
/**
* The name of the service.
*/
readonly name: string;
}
/**
* An AWS service for a gateway VPC endpoint.
*/
export declare class GatewayVpcEndpointAwsService implements IGatewayVpcEndpointService {
static readonly DYNAMODB: GatewayVpcEndpointAwsService;
static readonly S3: GatewayVpcEndpointAwsService;
static readonly S3_EXPRESS: GatewayVpcEndpointAwsService;
/**
* The name of the service.
*/
readonly name: string;
constructor(name: string, prefix?: string);
}
/**
* Options to add a gateway endpoint to a VPC.
*/
export interface GatewayVpcEndpointOptions {
/**
* The service to use for this gateway VPC endpoint.
*/
readonly service: IGatewayVpcEndpointService;
/**
* Where to add endpoint routing.
*
* By default, this endpoint will be routable from all subnets in the VPC.
* Specify a list of subnet selection objects here to be more specific.
*
* @default - All subnets in the VPC
* @example
*
* declare const vpc: ec2.Vpc;
*
* vpc.addGatewayEndpoint('DynamoDbEndpoint', {
* service: ec2.GatewayVpcEndpointAwsService.DYNAMODB,
* // Add only to ISOLATED subnets
* subnets: [
* { subnetType: ec2.SubnetType.PRIVATE_ISOLATED }
* ]
* });
*
*
*/
readonly subnets?: SubnetSelection[];
}
/**
* Construction properties for a GatewayVpcEndpoint.
*/
export interface GatewayVpcEndpointProps extends GatewayVpcEndpointOptions {
/**
* The VPC network in which the gateway endpoint will be used.
*/
readonly vpc: IVpc;
}
/**
* A gateway VPC endpoint.
* @resource AWS::EC2::VPCEndpoint
*/
export declare class GatewayVpcEndpoint extends VpcEndpoint implements IGatewayVpcEndpoint {
/** Uniquely identifies this class. */
static readonly PROPERTY_INJECTION_ID: string;
static fromGatewayVpcEndpointId(scope: Construct, id: string, gatewayVpcEndpointId: string): IGatewayVpcEndpoint;
/**
* The gateway VPC endpoint identifier.
*/
readonly vpcEndpointId: string;
/**
* The date and time the gateway VPC endpoint was created.
* @attribute
*/
readonly vpcEndpointCreationTimestamp: string;
/**
* @attribute
*/
readonly vpcEndpointNetworkInterfaceIds: string[];
/**
* @attribute
*/
readonly vpcEndpointDnsEntries: string[];
constructor(scope: Construct, id: string, props: GatewayVpcEndpointProps);
}
/**
* A service for an interface VPC endpoint.
*/
export interface IInterfaceVpcEndpointService {
/**
* The name of the service.
*/
readonly name: string;
/**
* The port of the service.
*/
readonly port: number;
/**
* Whether Private DNS is supported by default.
*/
readonly privateDnsDefault?: boolean;
}
/**
* A custom-hosted service for an interface VPC endpoint.
*/
export declare class InterfaceVpcEndpointService implements IInterfaceVpcEndpointService {
/**
* The name of the service.
*/
readonly name: string;
/**
* The port of the service.
*/
readonly port: number;
/**
* Whether Private DNS is supported by default.
*/
readonly privateDnsDefault?: boolean;
constructor(name: string, port?: number);
}
/**
* Optional properties for the InterfaceVpcEndpointAwsService class
*/
export interface InterfaceVpcEndpointAwsServiceProps {
/**
* If true, the service is a global endpoint and
* its name will not be prefixed with the stack's region.
*
* @default false
*/
readonly global?: boolean;
}
/**
* An AWS service for an interface VPC endpoint.
*/
export declare class InterfaceVpcEndpointAwsService implements IInterfaceVpcEndpointService {
static readonly ACCESS_ANALYZER: InterfaceVpcEndpointAwsService;
static readonly ACCOUNT_MANAGEMENT: InterfaceVpcEndpointAwsService;
static readonly AIRFLOW_API: InterfaceVpcEndpointAwsService;
static readonly AIRFLOW_API_FIPS: InterfaceVpcEndpointAwsService;
static readonly AIRFLOW_ENV: InterfaceVpcEndpointAwsService;
static readonly AIRFLOW_ENV_FIPS: InterfaceVpcEndpointAwsService;
static readonly AIRFLOW_OPS: InterfaceVpcEndpointAwsService;
static readonly APIGATEWAY: InterfaceVpcEndpointAwsService;
/** @deprecated - Use InterfaceVpcEndpointAwsService.APP_MESH_ENVOY_MANAGEMENT instead. */
static readonly APP_MESH: InterfaceVpcEndpointAwsService;
static readonly APP_MESH_ENVOY_MANAGEMENT: InterfaceVpcEndpointAwsService;
static readonly APP_MESH_OPS: InterfaceVpcEndpointAwsService;
static readonly APP_RUNNER: InterfaceVpcEndpointAwsService;
static readonly APP_RUNNER_REQUESTS: InterfaceVpcEndpointAwsService;
static readonly APP_SYNC: InterfaceVpcEndpointAwsService;
static readonly APPCONFIG: InterfaceVpcEndpointAwsService;
static readonly APPCONFIGDATA: InterfaceVpcEndpointAwsService;
static readonly APPLICATION_AUTOSCALING: InterfaceVpcEndpointAwsService;
static readonly APPLICATION_DISCOVERY_ARSENAL: InterfaceVpcEndpointAwsService;
static readonly APPLICATION_DISCOVERY_SERVICE: InterfaceVpcEndpointAwsService;
static readonly APPLICATION_MIGRATION_SERVICE: InterfaceVpcEndpointAwsService;
static readonly APPSTREAM_API: InterfaceVpcEndpointAwsService;
static readonly APPSTREAM_STREAMING: InterfaceVpcEndpointAwsService;
static readonly ATHENA: InterfaceVpcEndpointAwsService;
static readonly AUDIT_MANAGER: InterfaceVpcEndpointAwsService;
static readonly AUTOSCALING: InterfaceVpcEndpointAwsService;
static readonly AUTOSCALING_PLANS: InterfaceVpcEndpointAwsService;
static readonly B2B_DATA_INTERCHANGE: InterfaceVpcEndpointAwsService;
static readonly BACKUP: InterfaceVpcEndpointAwsService;
static readonly BACKUP_GATEWAY: InterfaceVpcEndpointAwsService;
static readonly BATCH: InterfaceVpcEndpointAwsService;
static readonly BEDROCK: InterfaceVpcEndpointAwsService;
static readonly BEDROCK_FIPS: InterfaceVpcEndpointAwsService;
static readonly BEDROCK_AGENT: InterfaceVpcEndpointAwsService;
static readonly BEDROCK_AGENT_RUNTIME: InterfaceVpcEndpointAwsService;
static readonly BEDROCK_AGENTCORE: InterfaceVpcEndpointAwsService;
static readonly BEDROCK_AGENTCORE_GATEWAY: InterfaceVpcEndpointAwsService;
static readonly BEDROCK_RUNTIME: InterfaceVpcEndpointAwsService;
static readonly BEDROCK_RUNTIME_FIPS: InterfaceVpcEndpointAwsService;
static readonly BEDROCK_DATA_AUTOMATION: InterfaceVpcEndpointAwsService;
static readonly BEDROCK_DATA_AUTOMATION_FIPS: InterfaceVpcEndpointAwsService;
static readonly BEDROCK_DATA_AUTOMATION_RUNTIME: InterfaceVpcEndpointAwsService;
static readonly BEDROCK_DATA_AUTOMATION_RUNTIME_FIPS: InterfaceVpcEndpointAwsService;
static readonly BILLING: InterfaceVpcEndpointAwsService;
static readonly BILLING_AND_COST_MANAGEMENT_FREETIER: InterfaceVpcEndpointAwsService;
static readonly BILLING_AND_COST_MANAGEMENT_TAX: InterfaceVpcEndpointAwsService;
static readonly BILLING_CONDUCTOR: InterfaceVpcEndpointAwsService;
static readonly BRAKET: InterfaceVpcEndpointAwsService;
static readonly CERTIFICATE_MANAGER: InterfaceVpcEndpointAwsService;
static readonly CERTIFICATE_MANAGER_FIPS: InterfaceVpcEndpointAwsService;
static readonly CLEAN_ROOMS: InterfaceVpcEndpointAwsService;
static readonly CLEAN_ROOMS_ML: InterfaceVpcEndpointAwsService;
static readonly CLOUD_CONTROL_API: InterfaceVpcEndpointAwsService;
static readonly CLOUD_CONTROL_API_FIPS: InterfaceVpcEndpointAwsService;
static readonly CLOUD_DIRECTORY: InterfaceVpcEndpointAwsService;
static readonly CLOUD_MAP_DATA_SERVICE_DISCOVERY: InterfaceVpcEndpointAwsService;
static readonly CLOUD_MAP_DATA_SERVICE_DISCOVERY_FIPS: InterfaceVpcEndpointAwsService;
static readonly CLOUD_MAP_SERVICE_DISCOVERY: InterfaceVpcEndpointAwsService;
static readonly CLOUD_MAP_SERVICE_DISCOVERY_FIPS: InterfaceVpcEndpointAwsService;
static readonly CLOUDFORMATION: InterfaceVpcEndpointAwsService;
static readonly CLOUDHSM: InterfaceVpcEndpointAwsService;
static readonly CLOUDTRAIL: InterfaceVpcEndpointAwsService;
/** @deprecated Use InterfaceVpcEndpointAwsService.Q_DEVELOPER_CODE_WHISPERER instead.*/
static readonly CODEWHISPERER: InterfaceVpcEndpointAwsService;
/** @deprecated - Use InterfaceVpcEndpointAwsService.CLOUDWATCH_MONITORING instead. */
static readonly CLOUDWATCH: InterfaceVpcEndpointAwsService;
static readonly CLOUDWATCH_APPLICATION_INSIGHTS: InterfaceVpcEndpointAwsService;
static readonly CLOUDWATCH_APPLICATION_SIGNALS: InterfaceVpcEndpointAwsService;
/** @deprecated - Use InterfaceVpcEndpointAwsService.EVENTBRIDGE instead. */
static readonly CLOUDWATCH_EVENTS: InterfaceVpcEndpointAwsService;
static readonly CLOUDWATCH_EVIDENTLY: InterfaceVpcEndpointAwsService;
static readonly CLOUDWATCH_EVIDENTLY_DATAPLANE: InterfaceVpcEndpointAwsService;
static readonly CLOUDWATCH_LOGS: InterfaceVpcEndpointAwsService;
static readonly CLOUDWATCH_MONITORING: InterfaceVpcEndpointAwsService;
static readonly CLOUDWATCH_NETWORK_MONITOR: InterfaceVpcEndpointAwsService;
static readonly CLOUDWATCH_RUM: InterfaceVpcEndpointAwsService;
static readonly CLOUDWATCH_RUM_DATAPLANE: InterfaceVpcEndpointAwsService;
static readonly CLOUDWATCH_SYNTHETICS: InterfaceVpcEndpointAwsService;
static readonly CLOUDWATCH_SYNTHETICS_FIPS: InterfaceVpcEndpointAwsService;
static readonly CODEARTIFACT_API: InterfaceVpcEndpointAwsService;
static readonly CODEARTIFACT_REPOSITORIES: InterfaceVpcEndpointAwsService;
static readonly CODEBUILD: InterfaceVpcEndpointAwsService;
static readonly CODEBUILD_FIPS: InterfaceVpcEndpointAwsService;
static readonly CODECATALYST: InterfaceVpcEndpointAwsService;
static readonly CODECATALYST_GIT: InterfaceVpcEndpointAwsService;
static readonly CODECATALYST_PACKAGES: InterfaceVpcEndpointAwsService;
static readonly CODECOMMIT: InterfaceVpcEndpointAwsService;
static readonly CODECOMMIT_FIPS: InterfaceVpcEndpointAwsService;
static readonly CODEDEPLOY: InterfaceVpcEndpointAwsService;
static readonly CODEDEPLOY_COMMANDS_SECURE: InterfaceVpcEndpointAwsService;
static readonly CODEGURU_PROFILER: InterfaceVpcEndpointAwsService;
static readonly CODEGURU_REVIEWER: InterfaceVpcEndpointAwsService;
static readonly CODEPIPELINE: InterfaceVpcEndpointAwsService;
static readonly CODESTAR_CONNECTIONS: InterfaceVpcEndpointAwsService;
static readonly CODE_CONNECTIONS: InterfaceVpcEndpointAwsService;
static readonly COGNITO_IDP: InterfaceVpcEndpointAwsService;
static readonly COGNITO_IDP_FIPS: InterfaceVpcEndpointAwsService;
static readonly COMPREHEND: InterfaceVpcEndpointAwsService;
static readonly COMPREHEND_MEDICAL: InterfaceVpcEndpointAwsService;
static readonly COMPUTE_OPTIMIZER: InterfaceVpcEndpointAwsService;
static readonly CONFIG: InterfaceVpcEndpointAwsService;
static readonly CONNECT_APP_INTEGRATIONS: InterfaceVpcEndpointAwsService;
static readonly CONNECT_CASES: InterfaceVpcEndpointAwsService;
static readonly CONNECT_CONNECT_CAMPAIGNS: InterfaceVpcEndpointAwsService;
static readonly CONNECT_PROFILE: InterfaceVpcEndpointAwsService;
static readonly CONNECT_VOICEID: InterfaceVpcEndpointAwsService;
static readonly CONNECT_WISDOM: InterfaceVpcEndpointAwsService;
static readonly CONTROL_CATALOG: InterfaceVpcEndpointAwsService;
static readonly COST_EXPLORER: InterfaceVpcEndpointAwsService;
static readonly COST_OPTIMIZATION_HUB: InterfaceVpcEndpointAwsService;
static readonly DATA_EXCHANGE: InterfaceVpcEndpointAwsService;
static readonly DATA_EXPORTS: InterfaceVpcEndpointAwsService;
static readonly DATASYNC: InterfaceVpcEndpointAwsService;
static readonly DATAZONE: InterfaceVpcEndpointAwsService;
static readonly DATABASE_MIGRATION_SERVICE: InterfaceVpcEndpointAwsService;
static readonly DATABASE_MIGRATION_SERVICE_FIPS: InterfaceVpcEndpointAwsService;
static readonly DEADLINE_CLOUD_MANAGEMENT: InterfaceVpcEndpointAwsService;
static readonly DEADLINE_CLOUD_SCHEDULING: InterfaceVpcEndpointAwsService;
static readonly DEVOPS_GURU: InterfaceVpcEndpointAwsService;
static readonly DIRECTORY_SERVICE: InterfaceVpcEndpointAwsService;
static readonly DIRECTORY_SERVICE_DATA: InterfaceVpcEndpointAwsService;
/**
The management endpoint for DSQL.
For the Connection endpoint, use `new InterfaceVpcEndpointService(cfnCluster.attrVpcEndpointServiceName)`.
See https://docs.aws.amazon.com/aurora-dsql/latest/userguide/privatelink-managing-clusters.html#endpoint-types-dsql for details
*/
static readonly DSQL_MANAGEMENT: InterfaceVpcEndpointAwsService;
static readonly DYNAMODB: InterfaceVpcEndpointAwsService;
static readonly DYNAMODB_FIPS: InterfaceVpcEndpointAwsService;
static readonly DYNAMODB_STREAMS: InterfaceVpcEndpointAwsService;
static readonly EBS_DIRECT: InterfaceVpcEndpointAwsService;
static readonly EC2: InterfaceVpcEndpointAwsService;
static readonly EC2_MESSAGES: InterfaceVpcEndpointAwsService;
static readonly ECR: InterfaceVpcEndpointAwsService;
static readonly ECR_DOCKER: InterfaceVpcEndpointAwsService;
static readonly ECR_PUBLIC: InterfaceVpcEndpointAwsService;
static readonly ECS: InterfaceVpcEndpointAwsService;
static readonly ECS_AGENT: InterfaceVpcEndpointAwsService;
static readonly ECS_TELEMETRY: InterfaceVpcEndpointAwsService;
static readonly EKS: InterfaceVpcEndpointAwsService;
static readonly EKS_AUTH: InterfaceVpcEndpointAwsService;
static readonly ELASTIC_BEANSTALK: InterfaceVpcEndpointAwsService;
static readonly ELASTIC_BEANSTALK_HEALTH: InterfaceVpcEndpointAwsService;
static readonly ELASTIC_DISASTER_RECOVERY: InterfaceVpcEndpointAwsService;
static readonly ELASTIC_FILESYSTEM: InterfaceVpcEndpointAwsService;
static readonly ELASTIC_FILESYSTEM_FIPS: InterfaceVpcEndpointAwsService;
static readonly ELASTIC_INFERENCE_RUNTIME: InterfaceVpcEndpointAwsService;
static readonly ELASTIC_LOAD_BALANCING: InterfaceVpcEndpointAwsService;
static readonly ELASTICACHE: InterfaceVpcEndpointAwsService;
static readonly ELASTICACHE_FIPS: InterfaceVpcEndpointAwsService;
static readonly ELEMENTAL_MEDIACONNECT: InterfaceVpcEndpointAwsService;
static readonly EMAIL_SMTP: InterfaceVpcEndpointAwsService;
static readonly EMAIL: InterfaceVpcEndpointAwsService;
static readonly EMAIL_FIPS: InterfaceVpcEndpointAwsService;
static readonly EMR: InterfaceVpcEndpointAwsService;
static readonly EMR_EKS: InterfaceVpcEndpointAwsService;
static readonly EMR_SERVERLESS: InterfaceVpcEndpointAwsService;
static readonly EMR_SERVERLESS_LIVY: InterfaceVpcEndpointAwsService;
static readonly EMR_SERVERLESS_DASHBOARD: InterfaceVpcEndpointAwsService;
static readonly EMR_WAL: InterfaceVpcEndpointAwsService;
static readonly END_USER_MESSAGING_SOCIAL: InterfaceVpcEndpointAwsService;
static readonly ENTITY_RESOLUTION: InterfaceVpcEndpointAwsService;
static readonly EVENTBRIDGE: InterfaceVpcEndpointAwsService;
static readonly EVENTBRIDGE_SCHEMA_REGISTRY: InterfaceVpcEndpointAwsService;
static readonly FAULT_INJECTION_SIMULATOR: InterfaceVpcEndpointAwsService;
static readonly FINSPACE: InterfaceVpcEndpointAwsService;
static readonly FINSPACE_API: InterfaceVpcEndpointAwsService;
static readonly FORECAST: InterfaceVpcEndpointAwsService;
static readonly FORECAST_QUERY: InterfaceVpcEndpointAwsService;
static readonly FORECAST_FIPS: InterfaceVpcEndpointAwsService;
static readonly FORECAST_QUERY_FIPS: InterfaceVpcEndpointAwsService;
static readonly FRAUD_DETECTOR: InterfaceVpcEndpointAwsService;
static readonly FSX: InterfaceVpcEndpointAwsService;
static readonly FSX_FIPS: InterfaceVpcEndpointAwsService;
static readonly CODECOMMIT_GIT: InterfaceVpcEndpointAwsService;
static readonly CODECOMMIT_GIT_FIPS: InterfaceVpcEndpointAwsService;
static readonly GLUE: InterfaceVpcEndpointAwsService;
static readonly GLUE_DATABREW: InterfaceVpcEndpointAwsService;
static readonly GLUE_DASHBOARD: InterfaceVpcEndpointAwsService;
static readonly GRAFANA: InterfaceVpcEndpointAwsService;
static readonly GRAFANA_WORKSPACE: InterfaceVpcEndpointAwsService;
static readonly GROUNDSTATION: InterfaceVpcEndpointAwsService;
static readonly GUARDDUTY: InterfaceVpcEndpointAwsService;
static readonly GUARDDUTY_FIPS: InterfaceVpcEndpointAwsService;
static readonly GUARDDUTY_DATA: InterfaceVpcEndpointAwsService;
static readonly GUARDDUTY_DATA_FIPS: InterfaceVpcEndpointAwsService;
static readonly HEALTH_IMAGING: InterfaceVpcEndpointAwsService;
static readonly HEALTH_IMAGING_RUNTIME: InterfaceVpcEndpointAwsService;
static readonly HEALTH_IMAGING_DICOM: InterfaceVpcEndpointAwsService;
static readonly HEALTHLAKE: InterfaceVpcEndpointAwsService;
static readonly IAM: InterfaceVpcEndpointAwsService;
static readonly IAM_IDENTITY_CENTER: InterfaceVpcEndpointAwsService;
static readonly IAM_ROLES_ANYWHERE: InterfaceVpcEndpointAwsService;
static readonly IMAGE_BUILDER: InterfaceVpcEndpointAwsService;
static readonly INSPECTOR: InterfaceVpcEndpointAwsService;
static readonly INSPECTOR_SCAN: InterfaceVpcEndpointAwsService;
static readonly INTERNET_MONITOR: InterfaceVpcEndpointAwsService;
static readonly INTERNET_MONITOR_FIPS: InterfaceVpcEndpointAwsService;
static readonly INVOICING: InterfaceVpcEndpointAwsService;
static readonly IOT_CORE: InterfaceVpcEndpointAwsService;
static readonly IOT_CORE_CREDENTIALS: InterfaceVpcEndpointAwsService;
static readonly IOT_CORE_DEVICE_ADVISOR: InterfaceVpcEndpointAwsService;
static readonly IOT_CORE_FLEETHUB_API: InterfaceVpcEndpointAwsService;
static readonly IOT_CORE_FOR_LORAWAN: InterfaceVpcEndpointAwsService;
static readonly IOT_FLEETWISE: InterfaceVpcEndpointAwsService;
static readonly IOT_LORAWAN_CUPS: InterfaceVpcEndpointAwsService;
static readonly IOT_LORAWAN_LNS: InterfaceVpcEndpointAwsService;
static readonly IOT_GREENGRASS: InterfaceVpcEndpointAwsService;
static readonly IOT_ROBORUNNER: InterfaceVpcEndpointAwsService;
static readonly IOT_SITEWISE_API: InterfaceVpcEndpointAwsService;
static readonly IOT_SITEWISE_DATA: InterfaceVpcEndpointAwsService;
static readonly IOT_TWINMAKER_API: InterfaceVpcEndpointAwsService;
static readonly IOT_TWINMAKER_DATA: InterfaceVpcEndpointAwsService;
static readonly KAFKA: InterfaceVpcEndpointAwsService;
static readonly KAFKA_CONNECT: InterfaceVpcEndpointAwsService;
static readonly KAFKA_FIPS: InterfaceVpcEndpointAwsService;
static readonly KENDRA: InterfaceVpcEndpointAwsService;
static readonly KENDRA_RANKING: InterfaceVpcEndpointAwsService;
static readonly KEYSPACES: InterfaceVpcEndpointAwsService;
static readonly KEYSPACES_FIPS: InterfaceVpcEndpointAwsService;
static readonly KINESIS_STREAMS: InterfaceVpcEndpointAwsService;
static readonly KINESIS_STREAMS_FIPS: InterfaceVpcEndpointAwsService;
static readonly KINESIS_FIREHOSE: InterfaceVpcEndpointAwsService;
static readonly KMS: InterfaceVpcEndpointAwsService;
static readonly KMS_FIPS: InterfaceVpcEndpointAwsService;
static readonly LAKE_FORMATION: InterfaceVpcEndpointAwsService;
static readonly LAUNCH_WIZARD: InterfaceVpcEndpointAwsService;
static readonly LAMBDA: InterfaceVpcEndpointAwsService;
static readonly LEX_MODELS: InterfaceVpcEndpointAwsService;
static readonly LEX_RUNTIME: InterfaceVpcEndpointAwsService;
static readonly LICENSE_MANAGER: InterfaceVpcEndpointAwsService;
static readonly LICENSE_MANAGER_FIPS: InterfaceVpcEndpointAwsService;
static readonly LICENSE_MANAGER_LINUX_SUBSCRIPTIONS: InterfaceVpcEndpointAwsService;
static readonly LICENSE_MANAGER_LINUX_SUBSCRIPTIONS_FIPS: InterfaceVpcEndpointAwsService;
static readonly LICENSE_MANAGER_USER_SUBSCRIPTIONS: InterfaceVpcEndpointAwsService;
static readonly LOCATION_SERVICE_GEOFENCING: InterfaceVpcEndpointAwsService;
static readonly LOCATION_SERVICE_MAPS: InterfaceVpcEndpointAwsService;
static readonly LOCATION_SERVICE_METADATA: InterfaceVpcEndpointAwsService;
static readonly LOCATION_SERVICE_PLACES: InterfaceVpcEndpointAwsService;
static readonly LOCATION_SERVICE_ROUTE: InterfaceVpcEndpointAwsService;
static readonly LOCATION_SERVICE_TRACKING: InterfaceVpcEndpointAwsService;
static readonly LOOKOUT_EQUIPMENT: InterfaceVpcEndpointAwsService;
static readonly LOOKOUT_METRICS: InterfaceVpcEndpointAwsService;
static readonly LOOKOUT_VISION: InterfaceVpcEndpointAwsService;
static readonly MAILMANAGER: InterfaceVpcEndpointAwsService;
static readonly MAILMANAGER_FIPS: InterfaceVpcEndpointAwsService;
static readonly MAINFRAME_MODERNIZATION: InterfaceVpcEndpointAwsService;
static readonly MAINFRAME_MODERNIZATION_APP_TEST: InterfaceVpcEndpointAwsService;
static readonly MACIE: InterfaceVpcEndpointAwsService;
static readonly MANAGEMENT_CONSOLE: InterfaceVpcEndpointAwsService;
static readonly MANAGEMENT_CONSOLE_SIGNIN: InterfaceVpcEndpointAwsService;
static readonly MANAGED_BLOCKCHAIN_QUERY: InterfaceVpcEndpointAwsService;
static readonly MANAGED_BLOCKCHAIN_BITCOIN_MAINNET: InterfaceVpcEndpointAwsService;
static readonly MANAGED_BLOCKCHAIN_BITCOIN_TESTNET: InterfaceVpcEndpointAwsService;
static readonly MEMORY_DB: InterfaceVpcEndpointAwsService;
static readonly MEMORY_DB_FIPS: InterfaceVpcEndpointAwsService;
static readonly MIGRATIONHUB_ORCHESTRATOR: InterfaceVpcEndpointAwsService;
static readonly MIGRATIONHUB_REFACTOR_SPACES: InterfaceVpcEndpointAwsService;
static readonly MIGRATIONHUB_STRATEGY: InterfaceVpcEndpointAwsService;
static readonly MQ: InterfaceVpcEndpointAwsService;
static readonly NEPTUNE_ANALYTICS: InterfaceVpcEndpointAwsService;
static readonly NEPTUNE_ANALYTICS_DATA: InterfaceVpcEndpointAwsService;
static readonly NEPTUNE_ANALYTICS_FIPS: InterfaceVpcEndpointAwsService;
static readonly NETWORK_FIREWALL: InterfaceVpcEndpointAwsService;
static readonly NETWORK_FIREWALL_FIPS: InterfaceVpcEndpointAwsService;
static readonly NETWORK_FLOW_MONITOR: InterfaceVpcEndpointAwsService;
static readonly NETWORK_FLOW_MONITOR_REPORTS: InterfaceVpcEndpointAwsService;
static readonly NIMBLE_STUDIO: InterfaceVpcEndpointAwsService;
static readonly OBSERVABILITY_ADMIN: InterfaceVpcEndpointAwsService;
static readonly OUTPOSTS: InterfaceVpcEndpointAwsService;
static readonly ORGANIZATIONS: InterfaceVpcEndpointAwsService;
static readonly ORGANIZATIONS_FIPS: InterfaceVpcEndpointAwsService;
static readonly OMICS_ANALYTICS: InterfaceVpcEndpointAwsService;
static readonly OMICS_CONTROL_STORAGE: InterfaceVpcEndpointAwsService;
static readonly OMICS_STORAGE: InterfaceVpcEndpointAwsService;
static readonly OMICS_TAGS: InterfaceVpcEndpointAwsService;
static readonly OMICS_WORKFLOWS: InterfaceVpcEndpointAwsService;
static readonly PANORAMA: InterfaceVpcEndpointAwsService;
static readonly PARALLEL_COMPUTING_SERVICE: InterfaceVpcEndpointAwsService;
static readonly PARALLEL_COMPUTING_SERVICE_FIPS: InterfaceVpcEndpointAwsService;
static readonly PAYMENT_CRYPTOGRAPHY_CONTROLPLANE: InterfaceVpcEndpointAwsService;
/** @deprecated - Use InterfaceVpcEndpointAwsService.PAYMENT_CRYPTOGRAPHY_DATAPLANE instead. */
static readonly PAYMENT_CRYTOGRAPHY_DATAPLANE: InterfaceVpcEndpointAwsService;
static readonly PAYMENT_CRYPTOGRAPHY_DATAPLANE: InterfaceVpcEndpointAwsService;
static readonly PERSONALIZE: InterfaceVpcEndpointAwsService;
static readonly PERSONALIZE_EVENTS: InterfaceVpcEndpointAwsService;
static readonly PERSONALIZE_RUNTIME: InterfaceVpcEndpointAwsService;
static readonly PINPOINT_V1: InterfaceVpcEndpointAwsService;
/** @deprecated - Use InterfaceVpcEndpointAwsService.PINPOINT_SMS_VOICE_V2 instead. */
static readonly PINPOINT: InterfaceVpcEndpointAwsService;
static readonly PINPOINT_SMS_VOICE_V2: InterfaceVpcEndpointAwsService;
static readonly PIPES: InterfaceVpcEndpointAwsService;
static readonly PIPES_DATA: InterfaceVpcEndpointAwsService;
static readonly PIPES_FIPS: InterfaceVpcEndpointAwsService;
static readonly PRICE_LIST: InterfaceVpcEndpointAwsService;
static readonly PRICING_CALCULATOR: InterfaceVpcEndpointAwsService;
static readonly POLLY: InterfaceVpcEndpointAwsService;
static readonly PRIVATE_5G: InterfaceVpcEndpointAwsService;
static readonly PRIVATE_CERTIFICATE_AUTHORITY: InterfaceVpcEndpointAwsService;
static readonly PRIVATE_CERTIFICATE_AUTHORITY_FIPS: InterfaceVpcEndpointAwsService;
static readonly PRIVATE_CERTIFICATE_AUTHORITY_CONNECTOR_AD: InterfaceVpcEndpointAwsService;
static readonly PRIVATE_CERTIFICATE_AUTHORITY_CONNECTOR_SCEP: InterfaceVpcEndpointAwsService;
static readonly PROMETHEUS: InterfaceVpcEndpointAwsService;
static readonly PROMETHEUS_WORKSPACES: InterfaceVpcEndpointAwsService;
static readonly PROTON: InterfaceVpcEndpointAwsService;
static readonly Q_BUSSINESS: InterfaceVpcEndpointAwsService;
static readonly Q_DEVELOPER: InterfaceVpcEndpointAwsService;
static readonly Q_DEVELOPER_CODE_WHISPERER: InterfaceVpcEndpointAwsService;
static readonly Q_DEVELOPER_QAPPS: InterfaceVpcEndpointAwsService;
static readonly Q_USER_SUBSCRIPTIONS: InterfaceVpcEndpointAwsService;
static readonly QLDB: InterfaceVpcEndpointAwsService;
static readonly QUICKSIGHT_WEBSITE: InterfaceVpcEndpointAwsService;
static readonly RDS: InterfaceVpcEndpointAwsService;
static readonly RDS_DATA: InterfaceVpcEndpointAwsService;
static readonly RDS_PERFORMANCE_INSIGHTS: InterfaceVpcEndpointAwsService;
static readonly RDS_PERFORMANCE_INSIGHTS_FIPS: InterfaceVpcEndpointAwsService;
static readonly REDSHIFT: InterfaceVpcEndpointAwsService;
static readonly REDSHIFT_FIPS: InterfaceVpcEndpointAwsService;
static readonly REDSHIFT_DATA: InterfaceVpcEndpointAwsService;
static readonly REDSHIFT_DATA_FIPS: InterfaceVpcEndpointAwsService;
static readonly REDSHIFT_SERVERLESS: InterfaceVpcEndpointAwsService;
static readonly REDSHIFT_SERVERLESS_FIPS: InterfaceVpcEndpointAwsService;
static readonly REKOGNITION: InterfaceVpcEndpointAwsService;
static readonly REKOGNITION_FIPS: InterfaceVpcEndpointAwsService;
static readonly REKOGNITION_STREAMING: InterfaceVpcEndpointAwsService;
static readonly REKOGNITION_STREAMING_FIPS: InterfaceVpcEndpointAwsService;
static readonly REPOST_SPACE: InterfaceVpcEndpointAwsService;
static readonly RESOURCE_ACCESS_MANAGER: InterfaceVpcEndpointAwsService;
static readonly RESOURCE_GROUPS: InterfaceVpcEndpointAwsService;
static readonly RESOURCE_GROUPS_FIPS: InterfaceVpcEndpointAwsService;
static readonly ROBOMAKER: InterfaceVpcEndpointAwsService;
static readonly RECYCLE_BIN: InterfaceVpcEndpointAwsService;
static readonly S3: InterfaceVpcEndpointAwsService;
static readonly S3_OUTPOSTS: InterfaceVpcEndpointAwsService;
static readonly S3_MULTI_REGION_ACCESS_POINTS: InterfaceVpcEndpointAwsService;
static readonly S3_TABLES: InterfaceVpcEndpointAwsService;
static readonly S3_VECTORS: InterfaceVpcEndpointAwsService;
static readonly SAVINGS_PLANS: InterfaceVpcEndpointAwsService;
static readonly SAGEMAKER_API: InterfaceVpcEndpointAwsService;
static readonly SAGEMAKER_API_FIPS: InterfaceVpcEndpointAwsService;
static readonly SAGEMAKER_DATA_SCIENCE_ASSISTANT: InterfaceVpcEndpointAwsService;
static readonly SAGEMAKER_EXPERIMENTS: InterfaceVpcEndpointAwsService;
static readonly SAGEMAKER_FEATURESTORE_RUNTIME: InterfaceVpcEndpointAwsService;
static readonly SAGEMAKER_GEOSPATIAL: InterfaceVpcEndpointAwsService;
static readonly SAGEMAKER_METRICS: InterfaceVpcEndpointAwsService;
static readonly SAGEMAKER_NOTEBOOK: InterfaceVpcEndpointAwsService;
static readonly SAGEMAKER_PARTNER_APP: InterfaceVpcEndpointAwsService;
static readonly SAGEMAKER_RUNTIME: InterfaceVpcEndpointAwsService;
static readonly SAGEMAKER_RUNTIME_FIPS: InterfaceVpcEndpointAwsService;
static readonly SAGEMAKER_STUDIO: InterfaceVpcEndpointAwsService;
static readonly SECRETS_MANAGER: InterfaceVpcEndpointAwsService;
static readonly SECURITYHUB: InterfaceVpcEndpointAwsService;
static readonly SECURITYLAKE: InterfaceVpcEndpointAwsService;
static readonly SECURITYLAKE_FIPS: InterfaceVpcEndpointAwsService;
static readonly SERVICE_CATALOG: InterfaceVpcEndpointAwsService;
static readonly SERVICE_CATALOG_APPREGISTRY: InterfaceVpcEndpointAwsService;
static readonly SERVER_MIGRATION_SERVICE: InterfaceVpcEndpointAwsService;
static readonly SERVER_MIGRATION_SERVICE_FIPS: InterfaceVpcEndpointAwsService;
static readonly SERVER_MIGRATION_SERVICE_AWSCONNECTOR: InterfaceVpcEndpointAwsService;
static readonly SERVERLESS_APPLICATION_REPOSITORY: InterfaceVpcEndpointAwsService;
/** @deprecated - Use InterfaceVpcEndpointAwsService.EMAIL_SMTP instead. */
static readonly SES: InterfaceVpcEndpointAwsService;
static readonly SHIELD: InterfaceVpcEndpointAwsService;
static readonly SHIELD_FIPS: InterfaceVpcEndpointAwsService;
static readonly SIMSPACE_WEAVER: InterfaceVpcEndpointAwsService;
static readonly SNOW_DEVICE_MANAGEMENT: InterfaceVpcEndpointAwsService;
static readonly SNS: InterfaceVpcEndpointAwsService;
static readonly SQS: InterfaceVpcEndpointAwsService;
static readonly SQS_FIPS: InterfaceVpcEndpointAwsService;
static readonly SSM: InterfaceVpcEndpointAwsService;
static readonly SSM_FIPS: InterfaceVpcEndpointAwsService;
static readonly SSM_MESSAGES: InterfaceVpcEndpointAwsService;
static readonly SSM_CONTACTS: InterfaceVpcEndpointAwsService;
static readonly SSM_INCIDENTS: InterfaceVpcEndpointAwsService;
static readonly SSM_QUICK_SETUP: InterfaceVpcEndpointAwsService;
static readonly STEP_FUNCTIONS: InterfaceVpcEndpointAwsService;
static readonly STEP_FUNCTIONS_SYNC: InterfaceVpcEndpointAwsService;
static readonly STORAGE_GATEWAY: InterfaceVpcEndpointAwsService;
static readonly STS: InterfaceVpcEndpointAwsService;
static readonly STS_FIPS: InterfaceVpcEndpointAwsService;
static readonly SUPPLY_CHAIN: InterfaceVpcEndpointAwsService;
static readonly SWF: InterfaceVpcEndpointAwsService;
static readonly SWF_FIPS: InterfaceVpcEndpointAwsService;
static readonly TAGGING: InterfaceVpcEndpointAwsService;
static readonly TELCO_NETWORK_BUILDER: InterfaceVpcEndpointAwsService;
static readonly TEXTRACT: InterfaceVpcEndpointAwsService;
static readonly TEXTRACT_FIPS: InterfaceVpcEndpointAwsService;
static readonly TIMESTREAM_INFLUXDB: InterfaceVpcEndpointAwsService;
static readonly TIMESTREAM_INFLUXDB_FIPS: InterfaceVpcEndpointAwsService;
static readonly TRANSCRIBE: InterfaceVpcEndpointAwsService;
static readonly TRANSCRIBE_STREAMING: InterfaceVpcEndpointAwsService;
static readonly TRANSFER: InterfaceVpcEndpointAwsService;
static readonly TRANSFER_SERVER: InterfaceVpcEndpointAwsService;
static readonly TRANSLATE: InterfaceVpcEndpointAwsService;
static readonly TRUSTED_ADVISOR: InterfaceVpcEndpointAwsService;
static readonly WAFV2: InterfaceVpcEndpointAwsService;
static readonly WAFV2_FIPS: InterfaceVpcEndpointAwsService;
static readonly WELL_ARCHITECTED_TOOL: InterfaceVpcEndpointAwsService;
static readonly WORKMAIL: InterfaceVpcEndpointAwsService;
static readonly WORKSPACES: InterfaceVpcEndpointAwsService;
static readonly WORKSPACES_THIN_CLIENT: InterfaceVpcEndpointAwsService;
static readonly WORKSPACES_WEB: InterfaceVpcEndpointAwsService;
static readonly WORKSPACES_WEB_FIPS: InterfaceVpcEndpointAwsService;
static readonly XRAY: InterfaceVpcEndpointAwsService;
static readonly VERIFIED_PERMISSIONS: InterfaceVpcEndpointAwsService;
static readonly VPC_LATTICE: InterfaceVpcEndpointAwsService;
/**
* The name of the service. e.g. com.amazonaws.us-east-1.ecs
*/
readonly name: string;
/**
* The short name of the service. e.g. ecs
*/
readonly shortName: string;
/**
* The port of the service.
*/
readonly port: number;
/**
* Whether Private DNS is supported by default.
*/
readonly privateDnsDefault?: boolean;
constructor(name: string, prefix?: string, port?: number, props?: InterfaceVpcEndpointAwsServiceProps);
/**
* Get the endpoint prefix for the service in the specified region
* because the prefix for some of the services in cn-north-1 and cn-northwest-1 are different
*
* For future maintenance the vpc endpoint services could be fetched using AWS CLI Commmand:
* aws ec2 describe-vpc-endpoint-services
*/
private getDefaultEndpointPrefix;
/**
* Get the endpoint suffix for the service in the specified region.
* In cn-north-1 and cn-northwest-1, the vpc endpoint of transcribe is:
* cn.com.amazonaws.cn-north-1.transcribe.cn
* cn.com.amazonaws.cn-northwest-1.transcribe.cn
* so suffix '.cn' should be return in these scenarios.
*
* For future maintenance the vpc endpoint services could be fetched using AWS CLI Commmand:
* aws ec2 describe-vpc-endpoint-services
*/
private getDefaultEndpointSuffix;
}
/**
* Options to add an interface endpoint to a VPC.
*/
export interface InterfaceVpcEndpointOptions {
/**
* The service to use for this interface VPC endpoint.
*/
readonly service: IInterfaceVpcEndpointService;
/**
* Whether to associate a private hosted zone with the specified VPC. This
* allows you to make requests to the service using its default DNS hostname.
*
* @default set by the instance of IInterfaceVpcEndpointService, or true if
* not defined by the instance of IInterfaceVpcEndpointService
*/
readonly privateDnsEnabled?: boolean;
/**
* The subnets in which to create an endpoint network interface. At most one
* per availability zone.
*
* @default - private subnets
*/
readonly subnets?: SubnetSelection;
/**
* The security groups to associate with this interface VPC endpoint.
*
* @default - a new security group is created
*/
readonly securityGroups?: ISecurityGroup[];
/**
* Whether to automatically allow VPC traffic to the endpoint
*
* If enabled, all traffic to the endpoint from within the VPC will be
* automatically allowed. This is done based on the VPC's CIDR range.
*
* @default true
*/
readonly open?: boolean;
/**
* Limit to only those availability zones where the endpoint service can be created
*
* Setting this to 'true' requires a lookup to be performed at synthesis time. Account
* and region must be set on the containing stack for this to work.
*
* @default false
*/
readonly lookupSupportedAzs?: boolean;
/**
* The IP address type for the endpoint.
*
* @default not specified
*/
readonly ipAddressType?: VpcEndpointIpAddressType;
/**
* Type of DNS records created for the VPC endpoint.
*
* @default not specified
*/
readonly dnsRecordIpType?: VpcEndpointDnsRecordIpType;
/**
* Whether to enable private DNS only for inbound endpoints.
*
* @default not specified
*/
readonly privateDnsOnlyForInboundResolverEndpoint?: VpcEndpointPrivateDnsOnlyForInboundResolverEndpoint;
/**
* The region where the VPC endpoint service is located.
*
* Only needs to be specified for cross-region VPC endpoints.
*
* @default - Same region as the interface VPC endpoint
*/
readonly serviceRegion?: string;
}
/**
* Construction properties for an InterfaceVpcEndpoint.
*/
export interface InterfaceVpcEndpointProps extends InterfaceVpcEndpointOptions {
/**
* The VPC network in which the interface endpoint will be used.
*/
readonly vpc: IVpc;
}
/**
* An interface VPC endpoint.
*/
export interface IInterfaceVpcEndpoint extends IVpcEndpoint, IConnectable {
}
/**
* A interface VPC endpoint.
* @resource AWS::EC2::VPCEndpoint
*/
export declare class InterfaceVpcEndpoint extends VpcEndpoint implements IInterfaceVpcEndpoint {
/**
* Uniquely identifies this class.
*/
static readonly PROPERTY_INJECTION_ID: string;
/**
* Imports an existing interface VPC endpoint.
*/
static fromInterfaceVpcEndpointAttributes(scope: Construct, id: string, attrs: InterfaceVpcEndpointAttributes): IInterfaceVpcEndpoint;
/**
* The interface VPC endpoint identifier.
*/
readonly vpcEndpointId: string;
/**
* The date and time the interface VPC endpoint was created.
* @attribute
*/
readonly vpcEndpointCreationTimestamp: string;
/**
* The DNS entries for the interface VPC endpoint.
* Each entry is a combination of the hosted zone ID and the DNS name.
* The entries are ordered as follows: regional public DNS, zonal public DNS, private DNS, and wildcard DNS.
* This order is not enforced for AWS Marketplace services.
*
* The following is an example. In the first entry, the hosted zone ID is Z1HUB23UULQXV
* and the DNS name is vpce-01abc23456de78f9g-12abccd3.ec2.us-east-1.vpce.amazonaws.com.
*
* ["Z1HUB23UULQXV:vpce-01abc23456de78f9g-12abccd3.ec2.us-east-1.vpce.amazonaws.com",
* "Z1HUB23UULQXV:vpce-01abc23456de78f9g-12abccd3-us-east-1a.ec2.us-east-1.vpce.amazonaws.com",
* "Z1C12344VYDITB0:ec2.us-east-1.amazonaws.com"]
*
* If you update the PrivateDnsEnabled or SubnetIds properties, the DNS entries in the list will change.
* @attribute
*/
readonly vpcEndpointDnsEntries: string[];
/**
* One or more network interfaces for the interface VPC endpoint.
* @attribute
*/
readonly vpcEndpointNetworkInterfaceIds: string[];
/**
* Access to network connections.
*/
readonly connections: Connections;
constructor(scope: Construct, id: string, props: InterfaceVpcEndpointProps);
/**
* Determine which subnets to place the endpoint in. This is in its own function
* because there's a lot of code.
*/
private endpointSubnets;
/**
* Sanity checking when looking up AZs for an endpoint service, to make sure it won't fail
*/
private validateCanLookupSupportedAzs;
private availableAvailabilityZones;
}
/**
* Construction properties for an ImportedInterfaceVpcEndpoint.
*/
export interface InterfaceVpcEndpointAttributes {
/**
* The interface VPC endpoint identifier.
*/
readonly vpcEndpointId: string;
/**
* The security groups associated with the interface VPC endpoint.
*
* If you wish to manage the network connections associated with this endpoint,
* you will need to specify its security groups.
*/
readonly securityGroups?: ISecurityGroup[];
/**
* The port of the service of the interface VPC endpoint.
*/
readonly port: number;
}

1
cdk/node_modules/aws-cdk-lib/aws-ec2/lib/vpc-endpoint.js generated vendored Normal file
View File

File diff suppressed because one or more lines are too long

577
cdk/node_modules/aws-cdk-lib/aws-ec2/lib/vpc-flow-logs.d.ts generated vendored Normal file
View File

@@ -0,0 +1,577 @@
import type { Construct } from 'constructs';
import type { FlowLogReference, IFlowLogRef, ISubnetRef } from './ec2.generated';
import type { IVpc } from './vpc';
import * as iam from '../../aws-iam';
import type * as firehose from '../../aws-kinesisfirehose';
import * as logs from '../../aws-logs';
import * as s3 from '../../aws-s3';
import type { IResource } from '../../core';
import { Resource } from '../../core';
/**
* A FlowLog
*/
export interface IFlowLog extends IResource, IFlowLogRef {
/**
* The Id of the VPC Flow Log
*
* @attribute
*/
readonly flowLogId: string;
}
/**
* The type of VPC traffic to log
*/
export declare enum FlowLogTrafficType {
/**
* Only log accepts
*/
ACCEPT = "ACCEPT",
/**
* Log all requests
*/
ALL = "ALL",
/**
* Only log rejects
*/
REJECT = "REJECT"
}
/**
* The available destination types for Flow Logs
*/
export declare enum FlowLogDestinationType {
/**
* Send flow logs to CloudWatch Logs Group
*/
CLOUD_WATCH_LOGS = "cloud-watch-logs",
/**
* Send flow logs to S3 Bucket
*/
S3 = "s3",
/**
* Send flow logs to Amazon Data Firehose
*/
KINESIS_DATA_FIREHOSE = "kinesis-data-firehose"
}
/**
* The type of resource to create the flow log for
*/
export declare abstract class FlowLogResourceType {
/**
* The subnet to attach the Flow Log to
*/
static fromSubnet(subnet: ISubnetRef): FlowLogResourceType;
/**
* The VPC to attach the Flow Log to
*/
static fromVpc(vpc: IVpc): FlowLogResourceType;
/**
* The Network Interface to attach the Flow Log to
*/
static fromNetworkInterfaceId(id: string): FlowLogResourceType;
/**
* The Transit Gateway to attach the Flow Log to
*/
static fromTransitGatewayId(id: string): FlowLogResourceType;
/**
* The Transit Gateway Attachment to attach the Flow Log to
*/
static fromTransitGatewayAttachmentId(id: string): FlowLogResourceType;
/**
* The type of resource to attach a flow log to.
*/
abstract resourceType: string;
/**
* The Id of the resource that the flow log should be attached to.
*/
abstract resourceId: string;
}
/**
* The file format for flow logs written to an S3 bucket destination
*/
export declare enum FlowLogFileFormat {
/**
* File will be written as plain text
*
* This is the default value
*/
PLAIN_TEXT = "plain-text",
/**
* File will be written in parquet format
*/
PARQUET = "parquet"
}
/**
* Options for writing logs to a S3 destination
*/
export interface S3DestinationOptions {
/**
* Use Hive-compatible prefixes for flow logs
* stored in Amazon S3
*
* @default false
*/
readonly hiveCompatiblePartitions?: boolean;
/**
* The format for the flow log
*
* @default FlowLogFileFormat.PLAIN_TEXT
*/
readonly fileFormat?: FlowLogFileFormat;
/**
* Partition the flow log per hour
*
* @default false
*/
readonly perHourPartition?: boolean;
}
/**
* Options for writing logs to a destination
*
* TODO: there are other destination options, currently they are
* only for s3 destinations (not sure if that will change)
*/
export interface DestinationOptions extends S3DestinationOptions {
}
/**
* The destination type for the flow log
*/
export declare abstract class FlowLogDestination {
/**
* Use CloudWatch logs as the destination
*/
static toCloudWatchLogs(logGroup?: logs.ILogGroupRef, iamRole?: iam.IRole): FlowLogDestination;
/**
* Use S3 as the destination
*
* @param bucket optional s3 bucket to publish logs to. If one is not provided
* a default bucket will be created
* @param keyPrefix optional prefix within the bucket to write logs to
* @param options additional s3 destination options
*/
static toS3(bucket?: s3.IBucket, keyPrefix?: string, options?: S3DestinationOptions): FlowLogDestination;
/**
* Use Amazon Data Firehose as the destination
*
* @param deliveryStreamArn the ARN of Amazon Data Firehose delivery stream to publish logs to
* @deprecated use `toFirehose`
*/
static toKinesisDataFirehoseDestination(deliveryStreamArn: string): FlowLogDestination;
/**
* Use Amazon Data Firehose as the destination
*
* If the delivery stream and the VPC are in different account, you must specify `iamRole`.
*
* @param deliveryStream the Amazon Data Firehose delivery stream to publish logs to
* @param iamRole the IAM Role for cross account log delivery
* @see https://docs.aws.amazon.com/vpc/latest/userguide/flow-logs-firehose.html
*/
static toFirehose(deliveryStream: firehose.IDeliveryStreamRef, iamRole?: iam.IRole): FlowLogDestination;
/**
* Generates a flow log destination configuration
*/
abstract bind(scope: Construct, flowLog: FlowLog): FlowLogDestinationConfig;
}
/**
* Flow Log Destination configuration
*/
export interface FlowLogDestinationConfig {
/**
* The type of destination to publish the flow logs to.
*
* @default - CLOUD_WATCH_LOGS
*/
readonly logDestinationType: FlowLogDestinationType;
/**
* The IAM role that allows Amazon EC2 to publish flow logs to the log destination.
*
* Required if the destination type is CloudWatch logs, or if the destination type is Amazon Data Firehose delivery stream and the delivery stream and the VPC are in different accounts.
*
* @default - default IAM role is created for you if the destination type is CloudWatch logs
*/
readonly iamRole?: iam.IRole;
/**
* The CloudWatch Logs Log Group to publish the flow logs to
*
* @default - default log group is created for you
*/
readonly logGroup?: logs.ILogGroupRef;
/**
* S3 bucket to publish the flow logs to
*
* @default - undefined
*/
readonly s3Bucket?: s3.IBucket;
/**
* S3 bucket key prefix to publish the flow logs to
*
* @default - undefined
*/
readonly keyPrefix?: string;
/**
* The ARN of Amazon Data Firehose delivery stream to publish the flow logs to
*
* @deprecated use deliveryStream
* @default - undefined
*/
readonly deliveryStreamArn?: string;
/**
* The Amazon Data Firehose delivery stream to publish the flow logs to
*
* @default - undefined
*/
readonly deliveryStream?: firehose.IDeliveryStreamRef;
/**
* Options for writing flow logs to a supported destination
*
* @default - undefined
*/
readonly destinationOptions?: DestinationOptions;
}
/**
* The maximum interval of time during which a flow of packets
* is captured and aggregated into a flow log record.
*
*/
export declare enum FlowLogMaxAggregationInterval {
/**
* 1 minute (60 seconds)
*/
ONE_MINUTE = 60,
/**
* 10 minutes (600 seconds)
*/
TEN_MINUTES = 600
}
/**
* The following table describes all of the available fields for a flow log record.
*/
export declare class LogFormat {
readonly value: string;
/**
* The VPC Flow Logs version.
*/
static readonly VERSION: LogFormat;
/**
* The AWS account ID of the owner of the source network interface for which traffic is recorded.
*/
static readonly ACCOUNT_ID: LogFormat;
/**
* The ID of the network interface for which the traffic is recorded.
*/
static readonly INTERFACE_ID: LogFormat;
/**
* The source address for incoming traffic, or the IPv4 or IPv6 address of the network interface
* for outgoing traffic on the network interface.
*/
static readonly SRC_ADDR: LogFormat;
/**
* The destination address for outgoing traffic, or the IPv4 or IPv6 address of the network interface
* for incoming traffic on the network interface.
*/
static readonly DST_ADDR: LogFormat;
/**
* The source port of the traffic.
*/
static readonly SRC_PORT: LogFormat;
/**
* The destination port of the traffic.
*/
static readonly DST_PORT: LogFormat;
/**
* The IANA protocol number of the traffic.
*/
static readonly PROTOCOL: LogFormat;
/**
* The number of packets transferred during the flow.
*/
static readonly PACKETS: LogFormat;
/**
* The number of bytes transferred during the flow.
*/
static readonly BYTES: LogFormat;
/**
* The time, in Unix seconds, when the first packet of the flow was received within
* the aggregation interval.
*
* This might be up to 60 seconds after the packet was transmitted or received on
* the network interface.
*/
static readonly START_TIMESTAMP: LogFormat;
/**
* The time, in Unix seconds, when the last packet of the flow was received within
* the aggregation interval.
*
* This might be up to 60 seconds after the packet was transmitted or received on
* the network interface.
*/
static readonly END_TIMESTAMP: LogFormat;
/**
* The action that is associated with the traffic.
*/
static readonly ACTION: LogFormat;
/**
* The logging status of the flow log.
*/
static readonly LOG_STATUS: LogFormat;
/**
* The ID of the VPC that contains the network interface for which the traffic is recorded.
*/
static readonly VPC_ID: LogFormat;
/**
* The ID of the subnet that contains the network interface for which the traffic is recorded.
*/
static readonly SUBNET_ID: LogFormat;
/**
* The ID of the instance that's associated with network interface for which the traffic is
* recorded, if the instance is owned by you.
*
* Returns a '-' symbol for a requester-managed network interface; for example, the
* network interface for a NAT gateway
*/
static readonly INSTANCE_ID: LogFormat;
/**
* The bitmask value for TCP flags.
*
* - FIN -- 1
* - SYN -- 2
* - RST -- 4
* - SYN-ACK -- 18
*
* If no supported flags are recorded, the TCP flag value is 0.
*
* TCP flags can be OR-ed during the aggregation interval. For short connections,
* the flags might be set on the same line in the flow log record, for example,
* 19 for SYN-ACK and FIN, and 3 for SYN and FIN.
*/
static readonly TCP_FLAGS: LogFormat;
/**
* The type of traffic.
*
* The possible values are IPv4, IPv6, or EFA.
*/
static readonly TRAFFIC_TYPE: LogFormat;
/**
* The packet-level (original) source IP address of the traffic.
*/
static readonly PKT_SRC_ADDR: LogFormat;
/**
* The packet-level (original) destination IP address for the traffic.
*/
static readonly PKT_DST_ADDR: LogFormat;
/**
* The Region that contains the network interface for which traffic is recorded.
*/
static readonly REGION: LogFormat;
/**
* The ID of the Availability Zone that contains the network interface for which traffic is recorded.
*/
static readonly AZ_ID: LogFormat;
/**
* The type of sublocation that's returned in the sublocation-id field.
*/
static readonly SUBLOCATION_TYPE: LogFormat;
/**
* The ID of the sublocation that contains the network interface for which traffic is recorded.
*/
static readonly SUBLOCATION_ID: LogFormat;
/**
* The name of the subset of IP address ranges for the pkt-srcaddr field,
* if the source IP address is for an AWS service.
*/
static readonly PKT_SRC_AWS_SERVICE: LogFormat;
/**
* The name of the subset of IP address ranges for the pkt-dstaddr field,
* if the destination IP address is for an AWS service.
*/
static readonly PKT_DST_AWS_SERVICE: LogFormat;
/**
* The direction of the flow with respect to the interface where traffic is captured.
*/
static readonly FLOW_DIRECTION: LogFormat;
/**
* The path that egress traffic takes to the destination.
*/
static readonly TRAFFIC_PATH: LogFormat;
/**
* AWS Resource Name (ARN) of the ECS cluster if the traffic is from a running ECS task.
*/
static readonly ECS_CLUSTER_ARN: LogFormat;
/**
* Name of the ECS cluster if the traffic is from a running ECS task.
*/
static readonly ECS_CLUSTER_NAME: LogFormat;
/**
* ARN of the ECS container instance if the traffic is from a running ECS task on an EC2 instance.
*/
static readonly ECS_CONTAINER_INSTANCE_ARN: LogFormat;
/**
* ID of the ECS container instance if the traffic is from a running ECS task on an EC2 instance.
*/
static readonly ECS_CONTAINER_INSTANCE_ID: LogFormat;
/**
* Docker runtime ID of the container if the traffic is from a running ECS task.
* If there is one container or more in the ECS task, this will be the docker runtime ID of the first container.
*/
static readonly ECS_CONTAINER_ID: LogFormat;
/**
* Docker runtime ID of the container if the traffic is from a running ECS task.
* If there is more than one container in the ECS task, this will be the Docker runtime ID of the second container.
*/
static readonly ECS_SECOND_CONTAINER_ID: LogFormat;
/**
* Name of the ECS service if the traffic is from a running ECS task and the ECS task is started by an ECS service.
*/
static readonly ECS_SERVICE_NAME: LogFormat;
/**
* ARN of the ECS task definition if the traffic is from a running ECS task.
*/
static readonly ECS_TASK_DEFINITION_ARN: LogFormat;
/**
* ARN of the ECS task if the traffic is from a running ECS task.
*/
static readonly ECS_TASK_ARN: LogFormat;
/**
* ID of the ECS task if the traffic is from a running ECS task.
*/
static readonly ECS_TASK_ID: LogFormat;
/**
* The default format.
*/
static readonly ALL_DEFAULT_FIELDS: LogFormat;
/**
* A custom format string.
*
* Gives full control over the format string fragment.
*/
static custom(formatString: string): LogFormat;
/**
* A custom field name.
*
* If there is no ready-made constant for a new field yet, you can use this.
* The field name will automatically be wrapped in `${ ... }`.
*/
static field(field: string): LogFormat;
protected constructor(value: string);
}
/**
* Options to add a flow log to a VPC
*/
export interface FlowLogOptions {
/**
* The type of traffic to log. You can log traffic that the resource accepts or rejects, or all traffic.
* When the target is either `TransitGateway` or `TransitGatewayAttachment`, setting the traffic type is not possible.
*
* @see https://docs.aws.amazon.com/vpc/latest/tgw/working-with-flow-logs.html
*
* @default ALL
*/
readonly trafficType?: FlowLogTrafficType;
/**
* Specifies the type of destination to which the flow log data is to be published.
* Flow log data can be published to CloudWatch Logs or Amazon S3
*
* @default FlowLogDestinationType.toCloudWatchLogs()
*/
readonly destination?: FlowLogDestination;
/**
* The fields to include in the flow log record, in the order in which they should appear.
*
* If multiple fields are specified, they will be separated by spaces. For full control over the literal log format
* string, pass a single field constructed with `LogFormat.custom()`.
*
* See https://docs.aws.amazon.com/vpc/latest/userguide/flow-logs.html#flow-log-records
*
* @default - default log format is used.
*/
readonly logFormat?: LogFormat[];
/**
* The maximum interval of time during which a flow of packets is captured
* and aggregated into a flow log record.
*
* When creating flow logs for a Transit Gateway or Transit Gateway Attachment,
* this property must be ONE_MINUTES.
*
* @see https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ec2-flowlog.html#cfn-ec2-flowlog-maxaggregationinterval
*
* @default - FlowLogMaxAggregationInterval.ONE_MINUTES if creating flow logs for Transit Gateway, otherwise FlowLogMaxAggregationInterval.TEN_MINUTES.
*/
readonly maxAggregationInterval?: FlowLogMaxAggregationInterval;
}
/**
* Properties of a VPC Flow Log
*/
export interface FlowLogProps extends FlowLogOptions {
/**
* The name of the FlowLog
*
* Since the FlowLog resource doesn't support providing a physical name, the value provided here will be recorded in the `Name` tag.
*
* @default CDK generated name
*/
readonly flowLogName?: string;
/**
* The type of resource for which to create the flow log
*/
readonly resourceType: FlowLogResourceType;
}
/**
* The base class for a Flow Log
*/
declare abstract class FlowLogBase extends Resource implements IFlowLog {
/**
* The Id of the VPC Flow Log
*
* @attribute
*/
abstract readonly flowLogId: string;
get flowLogRef(): FlowLogReference;
}
/**
* A VPC flow log.
* @resource AWS::EC2::FlowLog
*/
export declare class FlowLog extends FlowLogBase {
/** Uniquely identifies this class. */
static readonly PROPERTY_INJECTION_ID: string;
/**
* Import a Flow Log by it's Id
*/
static fromFlowLogId(scope: Construct, id: string, flowLogId: string): IFlowLog;
/**
* The Id of the VPC Flow Log
*
* @attribute
*/
readonly flowLogId: string;
/**
* The S3 bucket to publish flow logs to
*/
readonly bucket?: s3.IBucket;
/**
* S3 bucket key prefix to publish the flow logs under
*/
readonly keyPrefix?: string;
/**
* The iam role used to publish logs to CloudWatch
*/
readonly iamRole?: iam.IRole;
/**
* The CloudWatch Logs LogGroup to publish flow logs to
*/
private readonly _logGroup?;
/**
* The CloudWatch Logs LogGroup to publish flow logs to
*/
get logGroup(): logs.ILogGroup | undefined;
/**
* The ARN of the Amazon Data Firehose delivery stream to publish flow logs to
* @deprecated Use deliveryStream
*/
readonly deliveryStreamArn?: string;
/**
* The Amazon Data Firehose delivery stream to publish flow logs to
*/
readonly deliveryStream?: firehose.IDeliveryStreamRef;
constructor(scope: Construct, id: string, props: FlowLogProps);
}
export {};

1
cdk/node_modules/aws-cdk-lib/aws-ec2/lib/vpc-flow-logs.js generated vendored Normal file
View File

File diff suppressed because one or more lines are too long

73
cdk/node_modules/aws-cdk-lib/aws-ec2/lib/vpc-lookup.d.ts generated vendored Normal file
View File

@@ -0,0 +1,73 @@
/**
* Properties for looking up an existing VPC.
*
* The combination of properties must specify filter down to exactly one
* non-default VPC, otherwise an error is raised.
*/
export interface VpcLookupOptions {
/**
* The ID of the VPC
*
* If given, will import exactly this VPC.
*
* @default Don't filter on vpcId
*/
readonly vpcId?: string;
/**
* The name of the VPC
*
* If given, will import the VPC with this name.
*
* @default Don't filter on vpcName
*/
readonly vpcName?: string;
/**
* Tags on the VPC
*
* The VPC must have all of these tags
*
* @default Don't filter on tags
*/
readonly tags?: {
[key: string]: string;
};
/**
* Whether to match the default VPC
*
* @default Don't care whether we return the default VPC
*/
readonly isDefault?: boolean;
/**
* Optional tag for subnet group name.
* If not provided, we'll look at the aws-cdk:subnet-name tag.
* If the subnet does not have the specified tag,
* we'll use its type as the name.
*
* @default aws-cdk:subnet-name
*/
readonly subnetGroupNameTag?: string;
/**
* Optional to override inferred region
*
* @default Current stack's environment region
*/
readonly region?: string;
/**
* Whether to look up whether a VPN Gateway is attached to the looked up VPC.
* You can set this to `false` if you know the VPC does not have a VPN Gateway
* attached, in order to avoid an API call.
*
* If you change this property from `false` to `true` or undefined, you may
* need to clear the corresponding context entry in `cdk.context.json` in
* order to trigger a new lookup.
*
* @default true
*/
readonly returnVpnGateways?: boolean;
/**
* The ID of the AWS account that owns the VPC
*
* @default the account id of the parent stack
*/
readonly ownerAccountId?: string;
}

1
cdk/node_modules/aws-cdk-lib/aws-ec2/lib/vpc-lookup.js generated vendored Normal file
View File

@@ -0,0 +1 @@
"use strict";Object.defineProperty(exports,"__esModule",{value:!0});

Some files were not shown because too many files have changed in this diff Show More