agent-claw: automated task changes

cdk/node_modules/aws-cdk-lib/aws-elasticloadbalancingv2/lib/nlb/network-listener-action.d.ts

@@ -0,0 +1,92 @@
+import type { Construct } from 'constructs';
+import type { INetworkListenerRef } from './network-listener';
+import type { INetworkTargetGroup } from './network-target-group';
+import type { Duration } from '../../../core';
+import type { CfnListener, CfnListenerRule } from '../elasticloadbalancingv2.generated';
+import type { IListenerAction } from '../shared/listener-action';
+/**
+ * What to do when a client makes a request to a listener
+ *
+ * Some actions can be combined with other ones (specifically,
+ * you can perform authentication before serving the request).
+ *
+ * Multiple actions form a linked chain; the chain must always terminate in a
+ * *(weighted)forward*, *fixedResponse* or *redirect* action.
+ *
+ * If an action supports chaining, the next action can be indicated
+ * by passing it in the `next` property.
+ */
+export declare class NetworkListenerAction implements IListenerAction {
+    private readonly defaultActionJson;
+    protected readonly next?: NetworkListenerAction | undefined;
+    /**
+     * Forward to one or more Target Groups
+     */
+    static forward(targetGroups: INetworkTargetGroup[], options?: NetworkForwardOptions): NetworkListenerAction;
+    /**
+     * Forward to one or more Target Groups which are weighted differently
+     */
+    static weightedForward(targetGroups: NetworkWeightedTargetGroup[], options?: NetworkForwardOptions): NetworkListenerAction;
+    private _actionJson?;
+    /**
+     * Create an instance of NetworkListenerAction
+     *
+     * The default class should be good enough for most cases and
+     * should be created by using one of the static factory functions,
+     * but allow overriding to make sure we allow flexibility for the future.
+     */
+    protected constructor(defaultActionJson: CfnListener.ActionProperty, next?: NetworkListenerAction | undefined);
+    /**
+     * Render the listener rule actions in this chain
+     */
+    renderRuleActions(): CfnListenerRule.ActionProperty[];
+    /**
+     * Render the listener default actions in this chain
+     */
+    renderActions(): CfnListener.ActionProperty[];
+    /**
+     * Called when the action is being used in a listener
+     */
+    bind(scope: Construct, listener: INetworkListenerRef): void;
+    private _renumber;
+    /**
+     * Renumber the "order" fields in the actions array.
+     *
+     * We don't number for 0 or 1 elements, but otherwise number them 1...#actions
+     * so ELB knows about the right order.
+     *
+     * Do this in `NetworkListenerAction` instead of in `Listener` so that we give
+     * users the opportunity to override by subclassing and overriding `renderActions`.
+     */
+    protected renumber(actions: CfnListener.ActionProperty[]): CfnListener.ActionProperty[];
+}
+/**
+ * Options for `NetworkListenerAction.forward()`
+ */
+export interface NetworkForwardOptions {
+    /**
+     * For how long clients should be directed to the same target group
+     *
+     * Range between 1 second and 7 days.
+     *
+     * @default - No stickiness
+     */
+    readonly stickinessDuration?: Duration;
+}
+/**
+ * A Target Group and weight combination
+ */
+export interface NetworkWeightedTargetGroup {
+    /**
+     * The target group
+     */
+    readonly targetGroup: INetworkTargetGroup;
+    /**
+     * The target group's weight
+     *
+     * Range is [0..1000).
+     *
+     * @default 1
+     */
+    readonly weight?: number;
+}

cdk/node_modules/aws-cdk-lib/aws-elasticloadbalancingv2/lib/nlb/network-listener-action.js

@@ -0,0 +1 @@
+"use strict";Object.defineProperty(exports,"__esModule",{value:!0}),exports.NetworkListenerAction=void 0;var jsiiDeprecationWarnings=()=>{var tmp=require("../../../.warnings.jsii.js");return jsiiDeprecationWarnings=()=>tmp,tmp};const JSII_RTTI_SYMBOL_1=Symbol.for("jsii.rtti");var errors_1=()=>{var tmp=require("../../../core/lib/errors");return errors_1=()=>tmp,tmp},literal_string_1=()=>{var tmp=require("../../../core/lib/private/literal-string");return literal_string_1=()=>tmp,tmp};class NetworkListenerAction{defaultActionJson;next;static[JSII_RTTI_SYMBOL_1]={fqn:"aws-cdk-lib.aws_elasticloadbalancingv2.NetworkListenerAction",version:"2.252.0"};static forward(targetGroups,options={}){try{jsiiDeprecationWarnings().aws_cdk_lib_aws_elasticloadbalancingv2_NetworkForwardOptions(options)}catch(error){throw process.env.JSII_DEBUG!=="1"&&error.name==="DeprecationError"&&Error.captureStackTrace(error,this.forward),error}if(targetGroups.length===0)throw new(errors_1()).UnscopedValidationError((0,literal_string_1().lit)`NeedLeastOneTargetGroup`,"Need at least one targetGroup in a NetworkListenerAction.forward()");return targetGroups.length===1&&options.stickinessDuration===void 0?new TargetGroupListenerAction(targetGroups,{type:"forward",targetGroupArn:targetGroups[0].targetGroupArn}):new TargetGroupListenerAction(targetGroups,{type:"forward",forwardConfig:{targetGroups:targetGroups.map(g=>({targetGroupArn:g.targetGroupArn})),targetGroupStickinessConfig:options.stickinessDuration?{durationSeconds:options.stickinessDuration.toSeconds(),enabled:!0}:void 0}})}static weightedForward(targetGroups,options={}){try{jsiiDeprecationWarnings().aws_cdk_lib_aws_elasticloadbalancingv2_NetworkForwardOptions(options)}catch(error){throw process.env.JSII_DEBUG!=="1"&&error.name==="DeprecationError"&&Error.captureStackTrace(error,this.weightedForward),error}if(targetGroups.length===0)throw new(errors_1()).UnscopedValidationError((0,literal_string_1().lit)`NeedLeastOneTargetGroup`,"Need at least one targetGroup in a NetworkListenerAction.weightedForward()");return new TargetGroupListenerAction(targetGroups.map(g=>g.targetGroup),{type:"forward",forwardConfig:{targetGroups:targetGroups.map(g=>({targetGroupArn:g.targetGroup.targetGroupArn,weight:g.weight})),targetGroupStickinessConfig:options.stickinessDuration?{durationSeconds:options.stickinessDuration.toSeconds(),enabled:!0}:void 0}})}_actionJson;constructor(defaultActionJson,next){this.defaultActionJson=defaultActionJson,this.next=next;try{jsiiDeprecationWarnings().aws_cdk_lib_aws_elasticloadbalancingv2_CfnListener_ActionProperty(defaultActionJson),jsiiDeprecationWarnings().aws_cdk_lib_aws_elasticloadbalancingv2_NetworkListenerAction(next)}catch(error){throw process.env.JSII_DEBUG!=="1"&&error.name==="DeprecationError"&&Error.captureStackTrace(error,NetworkListenerAction),error}}renderRuleActions(){const actionJson=this._actionJson??this.defaultActionJson;return this._renumber([actionJson,...this.next?.renderRuleActions()??[]])}renderActions(){return this._renumber([this.defaultActionJson,...this.next?.renderActions()??[]])}bind(scope,listener){try{jsiiDeprecationWarnings().aws_cdk_lib_aws_elasticloadbalancingv2_INetworkListenerRef(listener)}catch(error){throw process.env.JSII_DEBUG!=="1"&&error.name==="DeprecationError"&&Error.captureStackTrace(error,this.bind),error}Array.isArray(scope),Array.isArray(listener)}_renumber(actions){return actions.length<2?actions:actions.map((action,i)=>({...action,order:i+1}))}renumber(actions){return this._renumber(actions)}}exports.NetworkListenerAction=NetworkListenerAction;class TargetGroupListenerAction extends NetworkListenerAction{targetGroups;constructor(targetGroups,defaultActionJson){super(defaultActionJson),this.targetGroups=targetGroups}bind(_scope,listener){for(const tg of this.targetGroups)tg.registerListener(listener)}}

cdk/node_modules/aws-cdk-lib/aws-elasticloadbalancingv2/lib/nlb/network-listener-certificate.d.ts

@@ -0,0 +1,24 @@
+import { Construct } from 'constructs';
+import type { aws_elasticloadbalancingv2 as elbv2 } from '../../../interfaces';
+import type { IListenerCertificate } from '../shared/listener-certificate';
+/**
+ * Properties for adding a set of certificates to a listener
+ */
+export interface NetworkListenerCertificateProps {
+    /**
+     * The listener to attach the rule to
+     */
+    readonly listener: elbv2.IListenerRef;
+    /**
+     * Certificates to attach
+     *
+     * Duplicates are not allowed.
+     */
+    readonly certificates: IListenerCertificate[];
+}
+/**
+ * Add certificates to a listener
+ */
+export declare class NetworkListenerCertificate extends Construct {
+    constructor(scope: Construct, id: string, props: NetworkListenerCertificateProps);
+}

cdk/node_modules/aws-cdk-lib/aws-elasticloadbalancingv2/lib/nlb/network-listener-certificate.js

@@ -0,0 +1 @@
+"use strict";Object.defineProperty(exports,"__esModule",{value:!0}),exports.NetworkListenerCertificate=void 0;var constructs_1=()=>{var tmp=require("constructs");return constructs_1=()=>tmp,tmp},elasticloadbalancingv2_generated_1=()=>{var tmp=require("../elasticloadbalancingv2.generated");return elasticloadbalancingv2_generated_1=()=>tmp,tmp};class NetworkListenerCertificate extends constructs_1().Construct{constructor(scope,id,props){super(scope,id);const certificates=[...(props.certificates||[]).map(c=>({certificateArn:c.certificateArn}))];new(elasticloadbalancingv2_generated_1()).CfnListenerCertificate(this,"Resource",{listenerArn:props.listener.listenerRef.listenerArn,certificates})}}exports.NetworkListenerCertificate=NetworkListenerCertificate;

cdk/node_modules/aws-cdk-lib/aws-elasticloadbalancingv2/lib/nlb/network-listener.d.ts

@@ -0,0 +1,261 @@
+import type { Construct } from 'constructs';
+import { NetworkListenerAction } from './network-listener-action';
+import type { INetworkLoadBalancer } from './network-load-balancer';
+import type { INetworkLoadBalancerTarget, INetworkTargetGroup } from './network-target-group';
+import { NetworkTargetGroup } from './network-target-group';
+import { Duration } from '../../../core';
+import type { BaseListenerLookupOptions, IListener } from '../shared/base-listener';
+import { BaseListener } from '../shared/base-listener';
+import type { HealthCheck } from '../shared/base-target-group';
+import type { AlpnPolicy } from '../shared/enums';
+import { Protocol, SslPolicy } from '../shared/enums';
+import type { IListenerCertificate } from '../shared/listener-certificate';
+/**
+ * Basic properties for a Network Listener
+ */
+export interface BaseNetworkListenerProps {
+    /**
+     * The port on which the listener listens for requests.
+     */
+    readonly port: number;
+    /**
+     * Default target groups to load balance to
+     *
+     * All target groups will be load balanced to with equal weight and without
+     * stickiness. For a more complex configuration than that, use
+     * either `defaultAction` or `addAction()`.
+     *
+     * Cannot be specified together with `defaultAction`.
+     *
+     * @default - None.
+     */
+    readonly defaultTargetGroups?: INetworkTargetGroup[];
+    /**
+     * Default action to take for requests to this listener
+     *
+     * This allows full control of the default Action of the load balancer,
+     * including weighted forwarding. See the `NetworkListenerAction` class for
+     * all options.
+     *
+     * Cannot be specified together with `defaultTargetGroups`.
+     *
+     * @default - None.
+     */
+    readonly defaultAction?: NetworkListenerAction;
+    /**
+     * Protocol for listener, expects TCP, TLS, UDP, or TCP_UDP.
+     *
+     * @default - TLS if certificates are provided. TCP otherwise.
+     */
+    readonly protocol?: Protocol;
+    /**
+     * Certificate list of ACM cert ARNs. You must provide exactly one certificate if the listener protocol is HTTPS or TLS.
+     *
+     * @default - No certificates.
+     */
+    readonly certificates?: IListenerCertificate[];
+    /**
+     * SSL Policy
+     *
+     * @default - Current predefined security policy.
+     */
+    readonly sslPolicy?: SslPolicy;
+    /**
+     * Application-Layer Protocol Negotiation (ALPN) is a TLS extension that is sent on the initial TLS handshake hello messages.
+     * ALPN enables the application layer to negotiate which protocols should be used over a secure connection, such as HTTP/1 and HTTP/2.
+     *
+     * Can only be specified together with Protocol TLS.
+     *
+     * @default - None
+     */
+    readonly alpnPolicy?: AlpnPolicy;
+    /**
+     * The load balancer TCP idle timeout.
+     *
+     * @default Duration.seconds(350)
+     */
+    readonly tcpIdleTimeout?: Duration;
+}
+/**
+ * Properties for a Network Listener attached to a Load Balancer
+ */
+export interface NetworkListenerProps extends BaseNetworkListenerProps {
+    /**
+     * The load balancer to attach this listener to
+     */
+    readonly loadBalancer: INetworkLoadBalancer;
+}
+/**
+ * Options for looking up a network listener.
+ */
+export interface NetworkListenerLookupOptions extends BaseListenerLookupOptions {
+    /**
+     * Protocol of the listener port
+     * @default - listener is not filtered by protocol
+     */
+    readonly listenerProtocol?: Protocol;
+}
+/**
+ * Define a Network Listener
+ *
+ * @resource AWS::ElasticLoadBalancingV2::Listener
+ */
+export declare class NetworkListener extends BaseListener implements INetworkListener {
+    /**
+     * Uniquely identifies this class.
+     */
+    static readonly PROPERTY_INJECTION_ID: string;
+    /**
+     * Looks up a network listener
+     */
+    static fromLookup(scope: Construct, id: string, options: NetworkListenerLookupOptions): INetworkListener;
+    /**
+     * Import an existing listener
+     */
+    static fromNetworkListenerArn(scope: Construct, id: string, networkListenerArn: string): INetworkListener;
+    readonly isNetworkListener = true;
+    /**
+     * The load balancer this listener is attached to
+     */
+    readonly loadBalancer: INetworkLoadBalancer;
+    /**
+     * ARNs of certificates added to this listener
+     */
+    private readonly _certificateArns;
+    /**
+     * the protocol of the listener
+     */
+    private readonly protocol;
+    constructor(scope: Construct, id: string, props: NetworkListenerProps);
+    /**
+     * Add one or more certificates to this listener.
+     *
+     * After the first certificate, this creates NetworkListenerCertificates
+     * resources since cloudformation requires the certificates array on the
+     * listener resource to have a length of 1.
+     */
+    addCertificates(id: string, certificates: IListenerCertificate[]): void;
+    /**
+     * Load balance incoming requests to the given target groups.
+     *
+     * All target groups will be load balanced to with equal weight and without
+     * stickiness. For a more complex configuration than that, use `addAction()`.
+     */
+    addTargetGroups(_id: string, ...targetGroups: INetworkTargetGroup[]): void;
+    /**
+     * Perform the given Action on incoming requests
+     *
+     * This allows full control of the default Action of the load balancer,
+     * including weighted forwarding. See the `NetworkListenerAction` class for
+     * all options.
+     */
+    addAction(_id: string, props: AddNetworkActionProps): void;
+    /**
+     * Load balance incoming requests to the given load balancing targets.
+     *
+     * This method implicitly creates a NetworkTargetGroup for the targets
+     * involved, and a 'forward' action to route traffic to the given TargetGroup.
+     *
+     * If you want more control over the precise setup, create the TargetGroup
+     * and use `addAction` yourself.
+     *
+     * It's possible to add conditions to the targets added in this way. At least
+     * one set of targets must be added without conditions.
+     *
+     * @returns The newly created target group
+     */
+    addTargets(id: string, props: AddNetworkTargetsProps): NetworkTargetGroup;
+    /**
+     * Wrapper for _setDefaultAction which does a type-safe bind
+     */
+    private setDefaultAction;
+}
+/**
+ * Indicates that this resource can be referenced as an NLB Listener
+ */
+export interface INetworkListenerRef extends IListener {
+    /**
+     * Indicates that this is an NLB listener
+     *
+     * Will always return true, but is necessary to prevent accidental structural
+     * equality in TypeScript.
+     */
+    readonly isNetworkListener: boolean;
+}
+/**
+ * Properties to reference an existing listener
+ */
+export interface INetworkListener extends IListener, INetworkListenerRef {
+}
+/**
+ * Properties for adding a new action to a listener
+ */
+export interface AddNetworkActionProps {
+    /**
+     * Action to perform
+     */
+    readonly action: NetworkListenerAction;
+}
+/**
+ * Properties for adding new network targets to a listener
+ */
+export interface AddNetworkTargetsProps {
+    /**
+     * The port on which the target receives traffic.
+     *
+     * @default Determined from protocol if known
+     */
+    readonly port: number;
+    /**
+     * Protocol for target group, expects TCP, TLS, UDP, or TCP_UDP.
+     *
+     * @default - inherits the protocol of the listener
+     */
+    readonly protocol?: Protocol;
+    /**
+     * The targets to add to this target group.
+     *
+     * Can be `Instance`, `IPAddress`, or any self-registering load balancing
+     * target. If you use either `Instance` or `IPAddress` as targets, all
+     * target must be of the same type.
+     */
+    readonly targets?: INetworkLoadBalancerTarget[];
+    /**
+     * The name of the target group.
+     *
+     * This name must be unique per region per account, can have a maximum of
+     * 32 characters, must contain only alphanumeric characters or hyphens, and
+     * must not begin or end with a hyphen.
+     *
+     * @default Automatically generated
+     */
+    readonly targetGroupName?: string;
+    /**
+     * The amount of time for Elastic Load Balancing to wait before deregistering a target.
+     *
+     * The range is 0-3600 seconds.
+     *
+     * @default Duration.minutes(5)
+     */
+    readonly deregistrationDelay?: Duration;
+    /**
+     * Indicates whether Proxy Protocol version 2 is enabled.
+     *
+     * @default false
+     */
+    readonly proxyProtocolV2?: boolean;
+    /**
+     * Indicates whether client IP preservation is enabled.
+     *
+     * @default false if the target group type is IP address and the
+     * target group protocol is TCP or TLS. Otherwise, true.
+     */
+    readonly preserveClientIp?: boolean;
+    /**
+     * Health check configuration
+     *
+     * @default - The default value for each property in this configuration varies depending on the target.
+     * @see https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-elasticloadbalancingv2-targetgroup.html#aws-resource-elasticloadbalancingv2-targetgroup-properties
+     */
+    readonly healthCheck?: HealthCheck;
+}

cdk/node_modules/aws-cdk-lib/aws-elasticloadbalancingv2/lib/nlb/network-load-balancer.d.ts

@@ -0,0 +1,335 @@
+import type { Construct } from 'constructs';
+import type { BaseNetworkListenerProps } from './network-listener';
+import { NetworkListener } from './network-listener';
+import * as cloudwatch from '../../../aws-cloudwatch';
+import * as ec2 from '../../../aws-ec2';
+import type { BaseLoadBalancerLookupOptions, BaseLoadBalancerProps, ILoadBalancerV2, SubnetMapping } from '../shared/base-load-balancer';
+import { BaseLoadBalancer } from '../shared/base-load-balancer';
+import { IpAddressType } from '../shared/enums';
+/**
+ * Indicates how traffic is distributed among the load balancer Availability Zones.
+ *
+ * @see https://docs.aws.amazon.com/elasticloadbalancing/latest/network/network-load-balancers.html#zonal-dns-affinity
+ */
+export declare enum ClientRoutingPolicy {
+    /**
+     * 100 percent zonal affinity
+     */
+    AVAILABILITY_ZONE_AFFINITY = "availability_zone_affinity",
+    /**
+     * 85 percent zonal affinity
+     */
+    PARTIAL_AVAILABILITY_ZONE_AFFINITY = "partial_availability_zone_affinity",
+    /**
+     * No zonal affinity
+     */
+    ANY_AVAILABILITY_ZONE = "any_availability_zone"
+}
+/**
+ * Properties for a network load balancer
+ */
+export interface NetworkLoadBalancerProps extends BaseLoadBalancerProps {
+    /**
+     * Security groups to associate with this load balancer
+     *
+     * @default - No security groups associated with the load balancer.
+     */
+    readonly securityGroups?: ec2.ISecurityGroup[];
+    /**
+     * The type of IP addresses to use
+     *
+     * If you want to add a UDP or TCP_UDP listener to the load balancer,
+     * you must choose IPv4.
+     *
+     * @default IpAddressType.IPV4
+     */
+    readonly ipAddressType?: IpAddressType;
+    /**
+     * The AZ affinity routing policy
+     *
+     * @see https://docs.aws.amazon.com/elasticloadbalancing/latest/network/network-load-balancers.html#zonal-dns-affinity
+     *
+     * @default - AZ affinity is disabled.
+     */
+    readonly clientRoutingPolicy?: ClientRoutingPolicy;
+    /**
+     * Indicates whether to evaluate inbound security group rules for traffic sent to a Network Load Balancer through AWS PrivateLink.
+     *
+     * @default true
+     */
+    readonly enforceSecurityGroupInboundRulesOnPrivateLinkTraffic?: boolean;
+    /**
+     * Indicates whether zonal shift is enabled
+     *
+     * @see https://docs.aws.amazon.com/elasticloadbalancing/latest/network/zonal-shift.html
+     *
+     * @default false
+     */
+    readonly zonalShift?: boolean;
+    /**
+     * Indicates whether to use an IPv6 prefix from each subnet for source NAT.
+     *
+     * The IP address type must be IpAddressType.DUALSTACK.
+     *
+     * @default undefined - NLB default behavior is false
+     */
+    readonly enablePrefixForIpv6SourceNat?: boolean;
+    /**
+     * Subnet information for the load balancer.
+     *
+     * @default undefined - The VPC default strategy for subnets is used
+     */
+    readonly subnetMappings?: SubnetMapping[];
+    /**
+     * Create a Network Load Balancer without security groups.
+     *
+     * When true, creates an NLB that cannot have security groups attached.
+     * This is useful when you need to create a traditional NLB without security group associations.
+     *
+     * This property only takes effect when the feature flag
+     * `@aws-cdk/aws-elasticloadbalancingv2:networkLoadBalancerWithSecurityGroupByDefault` is enabled.
+     *
+     * @default false
+     */
+    readonly disableSecurityGroups?: boolean;
+}
+/**
+ * Properties to reference an existing load balancer
+ */
+export interface NetworkLoadBalancerAttributes {
+    /**
+     * ARN of the load balancer
+     */
+    readonly loadBalancerArn: string;
+    /**
+     * The canonical hosted zone ID of this load balancer
+     *
+     * @default - When not provided, LB cannot be used as Route53 Alias target.
+     */
+    readonly loadBalancerCanonicalHostedZoneId?: string;
+    /**
+     * The DNS name of this load balancer
+     *
+     * @default - When not provided, LB cannot be used as Route53 Alias target.
+     */
+    readonly loadBalancerDnsName?: string;
+    /**
+     * The VPC to associate with the load balancer.
+     *
+     * @default - When not provided, listeners cannot be created on imported load
+     * balancers.
+     */
+    readonly vpc?: ec2.IVpc;
+    /**
+     * Security groups to associate with this load balancer
+     *
+     * @default - No security groups associated with the load balancer.
+     */
+    readonly loadBalancerSecurityGroups?: string[];
+}
+/**
+ * Options for looking up an NetworkLoadBalancer
+ */
+export interface NetworkLoadBalancerLookupOptions extends BaseLoadBalancerLookupOptions {
+}
+/**
+ * Define a new network load balancer
+ *
+ * @resource AWS::ElasticLoadBalancingV2::LoadBalancer
+ */
+export declare class NetworkLoadBalancer extends BaseLoadBalancer implements INetworkLoadBalancer {
+    /**
+     * Uniquely identifies this class.
+     */
+    static readonly PROPERTY_INJECTION_ID: string;
+    /**
+     * Looks up the network load balancer.
+     */
+    static fromLookup(scope: Construct, id: string, options: NetworkLoadBalancerLookupOptions): INetworkLoadBalancer;
+    static fromNetworkLoadBalancerAttributes(scope: Construct, id: string, attrs: NetworkLoadBalancerAttributes): INetworkLoadBalancer;
+    readonly metrics: INetworkLoadBalancerMetrics;
+    readonly ipAddressType?: IpAddressType;
+    readonly connections: ec2.Connections;
+    private readonly isSecurityGroupsPropertyDefined;
+    private readonly _enforceSecurityGroupInboundRulesOnPrivateLinkTraffic?;
+    private enablePrefixForIpv6SourceNat?;
+    /**
+     * After the implementation of `IConnectable` (see https://github.com/aws/aws-cdk/pull/28494), the default
+     * value for `securityGroups` is set by the `ec2.Connections` constructor to an empty array.
+     * To keep backward compatibility (`securityGroups` is `undefined` if the related property is not specified)
+     * a getter has been added.
+     */
+    get securityGroups(): string[] | undefined;
+    constructor(scope: Construct, id: string, props: NetworkLoadBalancerProps);
+    get enforceSecurityGroupInboundRulesOnPrivateLinkTraffic(): string | undefined;
+    /**
+     * Add a listener to this load balancer
+     *
+     * @returns The newly created listener
+     */
+    addListener(id: string, props: BaseNetworkListenerProps): NetworkListener;
+    /**
+     * Add a security group to this load balancer
+     */
+    addSecurityGroup(securityGroup: ec2.ISecurityGroup): void;
+    /**
+     * Return the given named metric for this Network Load Balancer
+     *
+     * @default Average over 5 minutes
+     * @deprecated Use ``NetworkLoadBalancer.metrics.custom`` instead
+     */
+    metric(metricName: string, props?: cloudwatch.MetricOptions): cloudwatch.Metric;
+    /**
+     * The total number of concurrent TCP flows (or connections) from clients to targets.
+     *
+     * This metric includes connections in the SYN_SENT and ESTABLISHED states.
+     * TCP connections are not terminated at the load balancer, so a client
+     * opening a TCP connection to a target counts as a single flow.
+     *
+     * @default Average over 5 minutes
+     * @deprecated Use ``NetworkLoadBalancer.metrics.activeFlowCount`` instead
+     */
+    metricActiveFlowCount(props?: cloudwatch.MetricOptions): cloudwatch.Metric;
+    /**
+     * The number of load balancer capacity units (LCU) used by your load balancer.
+     *
+     * @default Sum over 5 minutes
+     * @deprecated Use ``NetworkLoadBalancer.metrics.activeFlowCount`` instead
+     */
+    metricConsumedLCUs(props?: cloudwatch.MetricOptions): cloudwatch.Metric;
+    /**
+     * The total number of new TCP flows (or connections) established from clients to targets in the time period.
+     *
+     * @default Sum over 5 minutes
+     * @deprecated Use ``NetworkLoadBalancer.metrics.newFlowCount`` instead
+     */
+    metricNewFlowCount(props?: cloudwatch.MetricOptions): cloudwatch.Metric;
+    /**
+     * The total number of bytes processed by the load balancer, including TCP/IP headers.
+     *
+     * @default Sum over 5 minutes
+     * @deprecated Use ``NetworkLoadBalancer.metrics.processedBytes`` instead
+     */
+    metricProcessedBytes(props?: cloudwatch.MetricOptions): cloudwatch.Metric;
+    /**
+     * The total number of reset (RST) packets sent from a client to a target.
+     *
+     * These resets are generated by the client and forwarded by the load balancer.
+     *
+     * @default Sum over 5 minutes
+     * @deprecated Use ``NetworkLoadBalancer.metrics.tcpClientResetCount`` instead
+     */
+    metricTcpClientResetCount(props?: cloudwatch.MetricOptions): cloudwatch.Metric;
+    /**
+     * The total number of reset (RST) packets generated by the load balancer.
+     *
+     * @default Sum over 5 minutes
+     * @deprecated Use ``NetworkLoadBalancer.metrics.tcpElbResetCount`` instead
+     */
+    metricTcpElbResetCount(props?: cloudwatch.MetricOptions): cloudwatch.Metric;
+    /**
+     * The total number of reset (RST) packets sent from a target to a client.
+     *
+     * These resets are generated by the target and forwarded by the load balancer.
+     *
+     * @default Sum over 5 minutes
+     * @deprecated Use ``NetworkLoadBalancer.metrics.tcpTargetResetCount`` instead
+     */
+    metricTcpTargetResetCount(props?: cloudwatch.MetricOptions): cloudwatch.Metric;
+}
+/**
+ * Contains all metrics for a Network Load Balancer.
+ */
+export interface INetworkLoadBalancerMetrics {
+    /**
+     * Return the given named metric for this Network Load Balancer
+     *
+     * @default Average over 5 minutes
+     */
+    custom(metricName: string, props?: cloudwatch.MetricOptions): cloudwatch.Metric;
+    /**
+     * The total number of concurrent TCP flows (or connections) from clients to targets.
+     *
+     * This metric includes connections in the SYN_SENT and ESTABLISHED states.
+     * TCP connections are not terminated at the load balancer, so a client
+     * opening a TCP connection to a target counts as a single flow.
+     *
+     * @default Average over 5 minutes
+     */
+    activeFlowCount(props?: cloudwatch.MetricOptions): cloudwatch.Metric;
+    /**
+     * The number of load balancer capacity units (LCU) used by your load balancer.
+     *
+     * @default Sum over 5 minutes
+     */
+    consumedLCUs(props?: cloudwatch.MetricOptions): cloudwatch.Metric;
+    /**
+     * The total number of new TCP flows (or connections) established from clients to targets in the time period.
+     *
+     * @default Sum over 5 minutes
+     */
+    newFlowCount(props?: cloudwatch.MetricOptions): cloudwatch.Metric;
+    /**
+     * The total number of bytes processed by the load balancer, including TCP/IP headers.
+     *
+     * @default Sum over 5 minutes
+     */
+    processedBytes(props?: cloudwatch.MetricOptions): cloudwatch.Metric;
+    /**
+     * The total number of reset (RST) packets sent from a client to a target.
+     *
+     * These resets are generated by the client and forwarded by the load balancer.
+     *
+     * @default Sum over 5 minutes
+     */
+    tcpClientResetCount(props?: cloudwatch.MetricOptions): cloudwatch.Metric;
+    /**
+     * The total number of reset (RST) packets generated by the load balancer.
+     *
+     * @default Sum over 5 minutes
+     */
+    tcpElbResetCount(props?: cloudwatch.MetricOptions): cloudwatch.Metric;
+    /**
+     * The total number of reset (RST) packets sent from a target to a client.
+     *
+     * These resets are generated by the target and forwarded by the load balancer.
+     *
+     * @default Sum over 5 minutes
+     */
+    tcpTargetResetCount(props?: cloudwatch.MetricOptions): cloudwatch.Metric;
+}
+/**
+ * A network load balancer
+ */
+export interface INetworkLoadBalancer extends ILoadBalancerV2, ec2.IVpcEndpointServiceLoadBalancer, ec2.IConnectable {
+    /**
+     * The VPC this load balancer has been created in (if available)
+     */
+    readonly vpc?: ec2.IVpc;
+    /**
+     * All metrics available for this load balancer
+     */
+    readonly metrics: INetworkLoadBalancerMetrics;
+    /**
+     * Security groups associated with this load balancer
+     */
+    readonly securityGroups?: string[];
+    /**
+     * The type of IP addresses to use
+     *
+     * @default IpAddressType.IPV4
+     */
+    readonly ipAddressType?: IpAddressType;
+    /**
+     * Indicates whether to evaluate inbound security group rules for traffic sent to a Network Load Balancer through AWS PrivateLink
+     *
+     * @default on
+     */
+    readonly enforceSecurityGroupInboundRulesOnPrivateLinkTraffic?: string;
+    /**
+     * Add a listener to this load balancer
+     *
+     * @returns The newly created listener
+     */
+    addListener(id: string, props: BaseNetworkListenerProps): NetworkListener;
+}

cdk/node_modules/aws-cdk-lib/aws-elasticloadbalancingv2/lib/nlb/network-target-group.d.ts

@@ -0,0 +1,166 @@
+import type { Construct } from 'constructs';
+import * as cloudwatch from '../../../aws-cloudwatch';
+import type { ITargetGroupRef } from '../elasticloadbalancingv2.generated';
+import type { INetworkListenerRef } from './network-listener';
+import type { BaseTargetGroupProps, ITargetGroup, LoadBalancerTargetProps, TargetGroupAttributes } from '../shared/base-target-group';
+import { TargetGroupBase } from '../shared/base-target-group';
+import { Protocol } from '../shared/enums';
+/**
+ * Properties for a new Network Target Group
+ */
+export interface NetworkTargetGroupProps extends BaseTargetGroupProps {
+    /**
+     * The port on which the target receives traffic.
+     */
+    readonly port: number;
+    /**
+     * Protocol for target group, expects TCP, TLS, UDP, or TCP_UDP.
+     *
+     * @default - TCP
+     */
+    readonly protocol?: Protocol;
+    /**
+     * Indicates whether Proxy Protocol version 2 is enabled.
+     *
+     * @default false
+     */
+    readonly proxyProtocolV2?: boolean;
+    /**
+     * Indicates whether client IP preservation is enabled.
+     *
+     * @default false if the target group type is IP address and the
+     * target group protocol is TCP or TLS. Otherwise, true.
+     */
+    readonly preserveClientIp?: boolean;
+    /**
+     * The targets to add to this target group.
+     *
+     * Can be `Instance`, `IPAddress`, or any self-registering load balancing
+     * target. If you use either `Instance` or `IPAddress` as targets, all
+     * target must be of the same type.
+     *
+     * @default - No targets.
+     */
+    readonly targets?: INetworkLoadBalancerTarget[];
+    /**
+     *
+     * Indicates whether the load balancer terminates connections at
+     * the end of the deregistration timeout.
+     *
+     * @default false
+     */
+    readonly connectionTermination?: boolean;
+}
+/**
+ * Contains all metrics for a Target Group of a Network Load Balancer.
+ */
+export interface INetworkTargetGroupMetrics {
+    /**
+     * Return the given named metric for this Network Target Group
+     *
+     * @default Average over 5 minutes
+     */
+    custom(metricName: string, props?: cloudwatch.MetricOptions): cloudwatch.Metric;
+    /**
+     * The number of targets that are considered healthy.
+     *
+     * @default Average over 5 minutes
+     */
+    healthyHostCount(props?: cloudwatch.MetricOptions): cloudwatch.Metric;
+    /**
+     * The number of targets that are considered unhealthy.
+     *
+     * @default Average over 5 minutes
+     */
+    unHealthyHostCount(props?: cloudwatch.MetricOptions): cloudwatch.Metric;
+}
+/**
+ * Define a Network Target Group
+ */
+export declare class NetworkTargetGroup extends TargetGroupBase implements INetworkTargetGroup {
+    /**
+     * Uniquely identifies this class.
+     */
+    static readonly PROPERTY_INJECTION_ID: string;
+    /**
+     * Import an existing target group
+     */
+    static fromTargetGroupAttributes(scope: Construct, id: string, attrs: TargetGroupAttributes): INetworkTargetGroup;
+    readonly isNetworkTargetGroup = true;
+    private readonly listeners;
+    private _metrics?;
+    constructor(scope: Construct, id: string, props: NetworkTargetGroupProps);
+    get metrics(): INetworkTargetGroupMetrics;
+    /**
+     * Add a load balancing target to this target group
+     */
+    addTarget(...targets: INetworkLoadBalancerTarget[]): void;
+    /**
+     * Register a listener that is load balancing to this target group.
+     *
+     * Don't call this directly. It will be called by listeners.
+     */
+    registerListener(listener: INetworkListenerRef): void;
+    /**
+     * The number of targets that are considered healthy.
+     *
+     * @default Average over 5 minutes
+     * @deprecated Use ``NetworkTargetGroup.metrics.healthyHostCount`` instead
+     */
+    metricHealthyHostCount(props?: cloudwatch.MetricOptions): cloudwatch.Metric;
+    /**
+     * The number of targets that are considered unhealthy.
+     *
+     * @default Average over 5 minutes
+     * @deprecated Use ``NetworkTargetGroup.metrics.healthyHostCount`` instead
+     */
+    metricUnHealthyHostCount(props?: cloudwatch.MetricOptions): cloudwatch.Metric;
+    /**
+     * Full name of first load balancer
+     */
+    get firstLoadBalancerFullName(): string;
+    protected validateTargetGroup(): string[];
+}
+/**
+ * Indicates that this resource can be referenced as an NLB TargetGroup
+ */
+export interface INetworkTargetGroupRef extends ITargetGroupRef {
+    /**
+     * Indicates that this is a Network Target Group
+     *
+     * Will always return true, but is necessary to prevent accidental structural
+     * equality in TypeScript.
+     */
+    readonly isNetworkTargetGroup: boolean;
+}
+/**
+ * A network target group
+ */
+export interface INetworkTargetGroup extends ITargetGroup, INetworkTargetGroupRef {
+    /**
+     * All metrics available for this target group.
+     */
+    readonly metrics: INetworkTargetGroupMetrics;
+    /**
+     * Register a listener that is load balancing to this target group.
+     *
+     * Don't call this directly. It will be called by listeners.
+     */
+    registerListener(listener: INetworkListenerRef): void;
+    /**
+     * Add a load balancing target to this target group
+     */
+    addTarget(...targets: INetworkLoadBalancerTarget[]): void;
+}
+/**
+ * Interface for constructs that can be targets of an network load balancer
+ */
+export interface INetworkLoadBalancerTarget {
+    /**
+     * Attach load-balanced target to a TargetGroup
+     *
+     * May return JSON to directly add to the [Targets] list, or return undefined
+     * if the target will register itself with the load balancer.
+     */
+    attachToNetworkTargetGroup(targetGroup: INetworkTargetGroup): LoadBalancerTargetProps;
+}