daniel/agent-claw
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
bdd334b6fb0d1adc05a1a15c558ff077acff9b41
agent-claw/cdk/node_modules/aws-cdk-lib/aws-ec2/lib/vpc.d.ts
daniel 732b00fb66 agent-claw: automated task changes
2026-05-06 18:55:16 -05:00

1366 lines
42 KiB
TypeScript
Raw Blame History

import type { IConstruct, IDependable } from 'constructs';
import { Construct } from 'constructs';
import type { ClientVpnEndpointOptions } from './client-vpn-endpoint';
import { ClientVpnEndpoint } from './client-vpn-endpoint';
import type { ISubnetRef, IVPCRef, SubnetReference, VPCReference } from './ec2.generated';
import { CfnNatGateway } from './ec2.generated';
import type { IIpAddresses, IIpv6Addresses } from './ip-addresses';
import { NatProvider } from './nat';
import type { INetworkAcl } from './network-acl';
import { SubnetFilter } from './subnet';
import type { GatewayVpcEndpointOptions, InterfaceVpcEndpointOptions } from './vpc-endpoint';
import { GatewayVpcEndpoint, InterfaceVpcEndpoint } from './vpc-endpoint';
import type { FlowLogOptions } from './vpc-flow-logs';
import { FlowLog } from './vpc-flow-logs';
import type { VpcLookupOptions } from './vpc-lookup';
import type { EnableVpnGatewayOptions, VpnConnectionOptions } from './vpn';
import { VpnConnection } from './vpn';
import type { IResource } from '../../core';
import { Resource } from '../../core';
export interface ISubnet extends IResource, ISubnetRef {
/**
* The Availability Zone the subnet is located in
*/
readonly availabilityZone: string;
/**
* The subnetId for this particular subnet
* @attribute
*/
readonly subnetId: string;
/**
* Dependable that can be depended upon to force internet connectivity established on the VPC
*/
readonly internetConnectivityEstablished: IDependable;
/**
* The IPv4 CIDR block for this subnet
*/
readonly ipv4CidrBlock: string;
/**
* The route table for this subnet
*/
readonly routeTable: IRouteTable;
/**
* Associate a Network ACL with this subnet
*
* @param acl The Network ACL to associate
*/
associateNetworkAcl(id: string, acl: INetworkAcl): void;
}
/**
* An abstract route table
*/
export interface IRouteTable {
/**
* Route table ID
*/
readonly routeTableId: string;
}
export interface IVpc extends IResource, IVPCRef {
/**
* Identifier for this VPC
* @attribute
*/
readonly vpcId: string;
/**
* ARN for this VPC
* @attribute
*/
readonly vpcArn: string;
/**
* CIDR range for this VPC
*
* @attribute
*/
readonly vpcCidrBlock: string;
/**
* List of public subnets in this VPC
*/
readonly publicSubnets: ISubnet[];
/**
* List of private subnets in this VPC
*/
readonly privateSubnets: ISubnet[];
/**
* List of isolated subnets in this VPC
*/
readonly isolatedSubnets: ISubnet[];
/**
* AZs for this VPC
*/
readonly availabilityZones: string[];
/**
* Identifier for the VPN gateway
*/
readonly vpnGatewayId?: string;
/**
* Dependable that can be depended upon to force internet connectivity established on the VPC
*/
readonly internetConnectivityEstablished: IDependable;
/**
* Return information on the subnets appropriate for the given selection strategy
*
* Requires that at least one subnet is matched, throws a descriptive
* error message otherwise.
*/
selectSubnets(selection?: SubnetSelection): SelectedSubnets;
/**
* Adds a VPN Gateway to this VPC
*/
enableVpnGateway(options: EnableVpnGatewayOptions): void;
/**
* Adds a new VPN connection to this VPC
*/
addVpnConnection(id: string, options: VpnConnectionOptions): VpnConnection;
/**
* Adds a new client VPN endpoint to this VPC
*/
addClientVpnEndpoint(id: string, options: ClientVpnEndpointOptions): ClientVpnEndpoint;
/**
* Adds a new gateway endpoint to this VPC
*/
addGatewayEndpoint(id: string, options: GatewayVpcEndpointOptions): GatewayVpcEndpoint;
/**
* Adds a new interface endpoint to this VPC
*/
addInterfaceEndpoint(id: string, options: InterfaceVpcEndpointOptions): InterfaceVpcEndpoint;
/**
* Adds a new Flow Log to this VPC
*/
addFlowLog(id: string, options?: FlowLogOptions): FlowLog;
}
/**
* The types of IP addresses provisioned in the VPC.
*/
export declare enum IpProtocol {
/**
* The vpc will be configured with only IPv4 addresses.
*
* This is the default protocol if unset.
*/
IPV4_ONLY = "Ipv4_Only",
/**
* The vpc will have both IPv4 and IPv6 addresses.
*
* Unless specified, public IPv4 addresses will not be auto assigned,
* an egress only internet gateway (EIGW) will be created and configured,
* and NATs and internet gateways (IGW) will be configured with IPv6 addresses.
*/
DUAL_STACK = "Dual_Stack"
}
/**
* The type of Subnet
*/
export declare enum SubnetType {
/**
* Isolated Subnets do not route traffic to the Internet (in this VPC),
* and as such, do not require NAT gateways.
*
* Isolated subnets can only connect to or be connected to from other
* instances in the same VPC. A default VPC configuration will not include
* isolated subnets.
*
* This can be good for subnets with RDS or Elasticache instances,
* or which route Internet traffic through a peer VPC.
*/
PRIVATE_ISOLATED = "Isolated",
/**
* Subnet that routes to the internet, but not vice versa.
*
* Instances in a private subnet can connect to the Internet, but will not
* allow connections to be initiated from the Internet. Egress to the internet will
* need to be provided.
* NAT Gateway(s) are the default solution to providing this subnet type the ability to route Internet traffic.
* If a NAT Gateway is not required or desired, set `natGateways:0` or use
* `SubnetType.PRIVATE_ISOLATED` instead.
*
* By default, a NAT gateway is created in every public subnet for maximum availability.
* Be aware that you will be charged for NAT gateways.
*
* Normally a Private subnet will use a NAT gateway in the same AZ, but
* if `natGateways` is used to reduce the number of NAT gateways, a NAT
* gateway from another AZ will be used instead.
*/
PRIVATE_WITH_EGRESS = "Private",
/**
* Subnet that routes to the internet (via a NAT gateway), but not vice versa.
*
* Instances in a private subnet can connect to the Internet, but will not
* allow connections to be initiated from the Internet. NAT Gateway(s) are
* required with this subnet type to route the Internet traffic through.
* If a NAT Gateway is not required or desired, use `SubnetType.PRIVATE_ISOLATED` instead.
*
* By default, a NAT gateway is created in every public subnet for maximum availability.
* Be aware that you will be charged for NAT gateways.
*
* Normally a Private subnet will use a NAT gateway in the same AZ, but
* if `natGateways` is used to reduce the number of NAT gateways, a NAT
* gateway from another AZ will be used instead.
* @deprecated use `PRIVATE_WITH_EGRESS`
*/
PRIVATE_WITH_NAT = "Deprecated_Private_NAT",
/**
* Subnet connected to the Internet
*
* Instances in a Public subnet can connect to the Internet and can be
* connected to from the Internet as long as they are launched with public
* IPs (controlled on the AutoScalingGroup or other constructs that launch
* instances).
*
* Public subnets route outbound traffic via an Internet Gateway.
*/
PUBLIC = "Public"
}
/**
* Customize subnets that are selected for placement of ENIs
*
* Constructs that allow customization of VPC placement use parameters of this
* type to provide placement settings.
*
* By default, the instances are placed in the private subnets.
*/
export interface SubnetSelection {
/**
* Select all subnets of the given type
*
* At most one of `subnetType` and `subnetGroupName` can be supplied.
*
* @default SubnetType.PRIVATE_WITH_EGRESS (or ISOLATED or PUBLIC if there are no PRIVATE_WITH_EGRESS subnets)
*/
readonly subnetType?: SubnetType;
/**
* Select subnets only in the given AZs.
*
* @default no filtering on AZs is done
*/
readonly availabilityZones?: string[];
/**
* Select the subnet group with the given name
*
* Select the subnet group with the given name. This only needs
* to be used if you have multiple subnet groups of the same type
* and you need to distinguish between them. Otherwise, prefer
* `subnetType`.
*
* This field does not select individual subnets, it selects all subnets that
* share the given subnet group name. This is the name supplied in
* `subnetConfiguration`.
*
* At most one of `subnetType` and `subnetGroupName` can be supplied.
*
* @default - Selection by type instead of by name
*/
readonly subnetGroupName?: string;
/**
* If true, return at most one subnet per AZ
*
* @default false
*/
readonly onePerAz?: boolean;
/**
* List of provided subnet filters.
*
* @default - none
*/
readonly subnetFilters?: SubnetFilter[];
/**
* Explicitly select individual subnets
*
* Use this if you don't want to automatically use all subnets in
* a group, but have a need to control selection down to
* individual subnets.
*
* Cannot be specified together with `subnetType` or `subnetGroupName`.
*
* @default - Use all subnets in a selected group (all private subnets by default)
*/
readonly subnets?: ISubnet[];
}
/**
* Result of selecting a subset of subnets from a VPC
*/
export interface SelectedSubnets {
/**
* The subnet IDs
*/
readonly subnetIds: string[];
/**
* The respective AZs of each subnet
*/
readonly availabilityZones: string[];
/**
* Dependency representing internet connectivity for these subnets
*/
readonly internetConnectivityEstablished: IDependable;
/**
* Selected subnet objects
*/
readonly subnets: ISubnet[];
/**
* Whether any of the given subnets are from the VPC's public subnets.
*/
readonly hasPublic: boolean;
/**
* The subnet selection is not actually real yet
*
* If this value is true, don't validate anything about the subnets. The count
* or identities are not known yet, and the validation will most likely fail
* which will prevent a successful lookup.
*
* @default false
*/
readonly isPendingLookup?: boolean;
}
/**
* A new or imported VPC
*/
declare abstract class VpcBase extends Resource implements IVpc {
/**
* Identifier for this VPC
*/
abstract readonly vpcId: string;
/**
* Arn of this VPC
*/
abstract readonly vpcArn: string;
/**
* CIDR range for this VPC
*/
abstract readonly vpcCidrBlock: string;
/**
* List of public subnets in this VPC
*/
abstract readonly publicSubnets: ISubnet[];
/**
* List of private subnets in this VPC
*/
abstract readonly privateSubnets: ISubnet[];
/**
* List of isolated subnets in this VPC
*/
abstract readonly isolatedSubnets: ISubnet[];
/**
* AZs for this VPC
*/
abstract readonly availabilityZones: string[];
/**
* Dependencies for internet connectivity
*/
abstract readonly internetConnectivityEstablished: IDependable;
/**
* If this is set to true, don't error out on trying to select subnets
*/
protected incompleteSubnetDefinition: boolean;
/**
* Mutable private field for the vpnGatewayId
*
* @internal
*/
protected _vpnGatewayId?: string;
get vpcRef(): VPCReference;
/**
* Returns IDs of selected subnets
*/
selectSubnets(selection?: SubnetSelection): SelectedSubnets;
/**
* Adds a VPN Gateway to this VPC
*/
enableVpnGateway(options: EnableVpnGatewayOptions): void;
/**
* Adds a new VPN connection to this VPC
*/
addVpnConnection(id: string, options: VpnConnectionOptions): VpnConnection;
/**
* Adds a new client VPN endpoint to this VPC
*/
addClientVpnEndpoint(id: string, options: ClientVpnEndpointOptions): ClientVpnEndpoint;
/**
* Adds a new interface endpoint to this VPC
*/
addInterfaceEndpoint(id: string, options: InterfaceVpcEndpointOptions): InterfaceVpcEndpoint;
/**
* Adds a new gateway endpoint to this VPC
*/
addGatewayEndpoint(id: string, options: GatewayVpcEndpointOptions): GatewayVpcEndpoint;
/**
* Adds a new flow log to this VPC
*/
addFlowLog(id: string, options?: FlowLogOptions): FlowLog;
/**
* Returns the id of the VPN Gateway (if enabled)
*/
get vpnGatewayId(): string | undefined;
/**
* Return the subnets appropriate for the placement strategy
*/
protected selectSubnetObjects(selection?: SubnetSelection): ISubnet[];
private applySubnetFilters;
private selectSubnetObjectsByName;
private selectSubnetObjectsByType;
/**
* Validate the fields in a SubnetSelection object, and reify defaults if necessary
*
* In case of default selection, select the first type of PRIVATE, ISOLATED,
* PUBLIC (in that order) that has any subnets.
*/
private reifySelectionDefaults;
}
/**
* Properties that reference an external Vpc
*/
export interface VpcAttributes {
/**
* VPC's identifier
*/
readonly vpcId: string;
/**
* VPC's CIDR range
*
* @default - Retrieving the CIDR from the VPC will fail
*/
readonly vpcCidrBlock?: string;
/**
* List of availability zones for the subnets in this VPC.
*/
readonly availabilityZones: string[];
/**
* List of public subnet IDs
*
* Must be undefined or match the availability zones in length and order.
*
* @default - The VPC does not have any public subnets
*/
readonly publicSubnetIds?: string[];
/**
* List of names for the public subnets
*
* Must be undefined or have a name for every public subnet group.
*
* @default - All public subnets will have the name `Public`
*/
readonly publicSubnetNames?: string[];
/**
* List of IDs of route tables for the public subnets.
*
* Must be undefined or have a name for every public subnet group.
*
* @default - Retrieving the route table ID of any public subnet will fail
*/
readonly publicSubnetRouteTableIds?: string[];
/**
* List of IPv4 CIDR blocks for the public subnets.
*
* Must be undefined or have an entry for every public subnet group.
*
* @default - Retrieving the IPv4 CIDR block of any public subnet will fail
*/
readonly publicSubnetIpv4CidrBlocks?: string[];
/**
* List of private subnet IDs
*
* Must be undefined or match the availability zones in length and order.
*
* @default - The VPC does not have any private subnets
*/
readonly privateSubnetIds?: string[];
/**
* List of names for the private subnets
*
* Must be undefined or have a name for every private subnet group.
*
* @default - All private subnets will have the name `Private`
*/
readonly privateSubnetNames?: string[];
/**
* List of IDs of route tables for the private subnets.
*
* Must be undefined or have a name for every private subnet group.
*
* @default - Retrieving the route table ID of any private subnet will fail
*/
readonly privateSubnetRouteTableIds?: string[];
/**
* List of IPv4 CIDR blocks for the private subnets.
*
* Must be undefined or have an entry for every private subnet group.
*
* @default - Retrieving the IPv4 CIDR block of any private subnet will fail
*/
readonly privateSubnetIpv4CidrBlocks?: string[];
/**
* List of isolated subnet IDs
*
* Must be undefined or match the availability zones in length and order.
*
* @default - The VPC does not have any isolated subnets
*/
readonly isolatedSubnetIds?: string[];
/**
* List of names for the isolated subnets
*
* Must be undefined or have a name for every isolated subnet group.
*
* @default - All isolated subnets will have the name `Isolated`
*/
readonly isolatedSubnetNames?: string[];
/**
* List of IDs of route tables for the isolated subnets.
*
* Must be undefined or have a name for every isolated subnet group.
*
* @default - Retrieving the route table ID of any isolated subnet will fail
*/
readonly isolatedSubnetRouteTableIds?: string[];
/**
* List of IPv4 CIDR blocks for the isolated subnets.
*
* Must be undefined or have an entry for every isolated subnet group.
*
* @default - Retrieving the IPv4 CIDR block of any isolated subnet will fail
*/
readonly isolatedSubnetIpv4CidrBlocks?: string[];
/**
* VPN gateway's identifier
*/
readonly vpnGatewayId?: string;
/**
* The region the VPC is in
*
* @default - The region of the stack where the VPC belongs to
*/
readonly region?: string;
}
export interface SubnetAttributes {
/**
* The Availability Zone the subnet is located in
*
* @default - No AZ information, cannot use AZ selection features
*/
readonly availabilityZone?: string;
/**
* The IPv4 CIDR block associated with the subnet
*
* @default - No CIDR information, cannot use CIDR filter features
*/
readonly ipv4CidrBlock?: string;
/**
* The ID of the route table for this particular subnet
*
* @default - No route table information, cannot create VPC endpoints
*/
readonly routeTableId?: string;
/**
* The subnetId for this particular subnet
*/
readonly subnetId: string;
}
/**
* Configuration for Vpc
*/
export interface VpcProps {
/**
* The protocol of the vpc.
*
* Options are IPv4 only or dual stack.
*
* @default IpProtocol.IPV4_ONLY
*/
readonly ipProtocol?: IpProtocol;
/**
* The Provider to use to allocate IPv4 Space to your VPC.
*
* Options include static allocation or from a pool.
*
* Note this is specific to IPv4 addresses.
*
* @default ec2.IpAddresses.cidr
*/
readonly ipAddresses?: IIpAddresses;
/**
* The CIDR range to use for the VPC, e.g. '10.0.0.0/16'.
*
* Should be a minimum of /28 and maximum size of /16. The range will be
* split across all subnets per Availability Zone.
*
* @default Vpc.DEFAULT_CIDR_RANGE
*
* @deprecated Use ipAddresses instead
*/
readonly cidr?: string;
/**
* Indicates whether the instances launched in the VPC get public DNS hostnames.
*
* If this attribute is true, instances in the VPC get public DNS hostnames,
* but only if the enableDnsSupport attribute is also set to true.
*
* @default true
*/
readonly enableDnsHostnames?: boolean;
/**
* Indicates whether the DNS resolution is supported for the VPC.
*
* If this attribute is false, the Amazon-provided DNS server in the VPC that
* resolves public DNS hostnames to IP addresses is not enabled. If this
* attribute is true, queries to the Amazon provided DNS server at the
* 169.254.169.253 IP address, or the reserved IP address at the base of the
* VPC IPv4 network range plus two will succeed.
*
* @default true
*/
readonly enableDnsSupport?: boolean;
/**
* The default tenancy of instances launched into the VPC.
*
* By setting this to dedicated tenancy, instances will be launched on
* hardware dedicated to a single AWS customer, unless specifically specified
* at instance launch time. Please note, not all instance types are usable
* with Dedicated tenancy.
*
* @default DefaultInstanceTenancy.Default (shared) tenancy
*/
readonly defaultInstanceTenancy?: DefaultInstanceTenancy;
/**
* Define the maximum number of AZs to use in this region
*
* If the region has more AZs than you want to use (for example, because of
* EIP limits), pick a lower number here. The AZs will be sorted and picked
* from the start of the list.
*
* If you pick a higher number than the number of AZs in the region, all AZs
* in the region will be selected. To use "all AZs" available to your
* account, use a high number (such as 99).
*
* Be aware that environment-agnostic stacks will be created with access to
* only 2 AZs, so to use more than 2 AZs, be sure to specify the account and
* region on your stack.
*
* Specify this option only if you do not specify `availabilityZones`.
*
* @default 3
*/
readonly maxAzs?: number;
/**
* Define the number of AZs to reserve.
*
* When specified, the IP space is reserved for the azs but no actual
* resources are provisioned.
*
* @default 0
*/
readonly reservedAzs?: number;
/**
* Availability zones this VPC spans.
*
* Specify this option only if you do not specify `maxAzs`.
*
* @default - a subset of AZs of the stack
*/
readonly availabilityZones?: string[];
/**
* The number of NAT Gateways/Instances to create.
*
* The type of NAT gateway or instance will be determined by the
* `natGatewayProvider` parameter.
*
* You can set this number lower than the number of Availability Zones in your
* VPC in order to save on NAT cost. Be aware you may be charged for
* cross-AZ data traffic instead.
*
* @default - One NAT gateway/instance per Availability Zone
*/
readonly natGateways?: number;
/**
* Configures the subnets which will have NAT Gateways/Instances
*
* You can pick a specific group of subnets by specifying the group name;
* the picked subnets must be public subnets.
*
* Only necessary if you have more than one public subnet group.
*
* @default - All public subnets.
*/
readonly natGatewaySubnets?: SubnetSelection;
/**
* What type of NAT provider to use
*
* Select between NAT gateways or NAT instances. NAT gateways
* may not be available in all AWS regions.
*
* @default NatProvider.gateway()
*
*/
readonly natGatewayProvider?: NatProvider;
/**
* Configure the subnets to build for each AZ
*
* Each entry in this list configures a Subnet Group; each group will contain a
* subnet for each Availability Zone.
*
* For example, if you want 1 public subnet, 1 private subnet, and 1 isolated
* subnet in each AZ provide the following:
*
* ```ts
* new ec2.Vpc(this, 'VPC', {
* subnetConfiguration: [
* {
* cidrMask: 24,
* name: 'ingress',
* subnetType: ec2.SubnetType.PUBLIC,
* },
* {
* cidrMask: 24,
* name: 'application',
* subnetType: ec2.SubnetType.PRIVATE_WITH_EGRESS,
* },
* {
* cidrMask: 28,
* name: 'rds',
* subnetType: ec2.SubnetType.PRIVATE_ISOLATED,
* }
* ]
* });
* ```
*
* @default - The VPC CIDR will be evenly divided between 1 public and 1
* private subnet per AZ.
*/
readonly subnetConfiguration?: SubnetConfiguration[];
/**
* Indicates whether a VPN gateway should be created and attached to this VPC.
*
* @default - true when vpnGatewayAsn or vpnConnections is specified
*/
readonly vpnGateway?: boolean;
/**
* The private Autonomous System Number (ASN) for the VPN gateway.
*
* @default - Amazon default ASN.
*/
readonly vpnGatewayAsn?: number;
/**
* VPN connections to this VPC.
*
* @default - No connections.
*/
readonly vpnConnections?: {
[id: string]: VpnConnectionOptions;
};
/**
* Where to propagate VPN routes.
*
* @default - On the route tables associated with private subnets. If no
* private subnets exists, isolated subnets are used. If no isolated subnets
* exists, public subnets are used.
*/
readonly vpnRoutePropagation?: SubnetSelection[];
/**
* Gateway endpoints to add to this VPC.
*
* @default - None.
*/
readonly gatewayEndpoints?: {
[id: string]: GatewayVpcEndpointOptions;
};
/**
* Flow logs to add to this VPC.
*
* @default - No flow logs.
*/
readonly flowLogs?: {
[id: string]: FlowLogOptions;
};
/**
* The VPC name.
*
* Since the VPC resource doesn't support providing a physical name, the value provided here will be recorded in the `Name` tag
*
* @default this.node.path
*/
readonly vpcName?: string;
/**
* If set to true then the default inbound & outbound rules will be removed
* from the default security group
*
* @default true if '@aws-cdk/aws-ec2:restrictDefaultSecurityGroup' is enabled, false otherwise
*/
readonly restrictDefaultSecurityGroup?: boolean;
/**
* If set to false then disable the creation of the default internet gateway
*
* @default true
*/
readonly createInternetGateway?: boolean;
/**
* The Provider to use to allocate IPv6 Space to your VPC.
*
* Options include amazon provided CIDR block.
*
* Note this is specific to IPv6 addresses.
*
* @default Ipv6Addresses.amazonProvided
*/
readonly ipv6Addresses?: IIpv6Addresses;
}
/**
* The default tenancy of instances launched into the VPC.
*/
export declare enum DefaultInstanceTenancy {
/**
* Instances can be launched with any tenancy.
*/
DEFAULT = "default",
/**
* Any instance launched into the VPC automatically has dedicated tenancy, unless you launch it with the default tenancy.
*/
DEDICATED = "dedicated",
/**
* Instances must be launched on dedicated hosts. This provides additional visibility
* and control over instance placement at the physical host level.
*/
HOST = "host"
}
/**
* Specify configuration parameters for a single subnet group in a VPC.
*/
export interface SubnetConfiguration {
/**
* The number of leading 1 bits in the routing mask.
*
* The number of available IP addresses in each subnet of this group
* will be equal to `2^(32 - cidrMask) - 2`.
*
* Valid values are `16--28`.
*
* Note this is specific to IPv4 addresses.
*
* @default - Available IP space is evenly divided across subnets.
*/
readonly cidrMask?: number;
/**
* The type of Subnet to configure.
*
* The Subnet type will control the ability to route and connect to the
* Internet.
*/
readonly subnetType: SubnetType;
/**
* Logical name for the subnet group.
*
* This name can be used when selecting VPC subnets to distinguish
* between different subnet groups of the same type.
*/
readonly name: string;
/**
* Controls if subnet IP space needs to be reserved.
*
* When true, the IP space for the subnet is reserved but no actual
* resources are provisioned. This space is only dependent on the
* number of availability zones and on `cidrMask` - all other subnet
* properties are ignored.
*
* @default false
*/
readonly reserved?: boolean;
/**
* Controls if a public IPv4 address is associated to an instance at launch
*
* Note this is specific to IPv4 addresses.
*
* @default true in Subnet.Public of IPV4_ONLY VPCs, false otherwise
*/
readonly mapPublicIpOnLaunch?: boolean;
/**
* This property is specific to dual stack VPCs.
*
* If set to false, then an IPv6 address will not be automatically assigned.
*
* Note this is specific to IPv6 addresses.
*
* @default true
*/
readonly ipv6AssignAddressOnCreation?: boolean;
}
/**
* Define an AWS Virtual Private Cloud
*
* See the package-level documentation of this package for an overview
* of the various dimensions in which you can configure your VPC.
*
* For example:
*
* ```ts
* const vpc = new ec2.Vpc(this, 'TheVPC', {
* ipAddresses: ec2.IpAddresses.cidr('10.0.0.0/16'),
* })
*
* // Iterate the private subnets
* const selection = vpc.selectSubnets({
* subnetType: ec2.SubnetType.PRIVATE_WITH_EGRESS
* });
*
* for (const subnet of selection.subnets) {
* // ...
* }
* ```
*
* @resource AWS::EC2::VPC
*/
export declare class Vpc extends VpcBase {
/**
* Uniquely identifies this class.
*/
static readonly PROPERTY_INJECTION_ID: string;
/**
* The default CIDR range used when creating VPCs.
* This can be overridden using VpcProps when creating a VPCNetwork resource.
* e.g. new VpcResource(this, { cidr: '192.168.0.0./16' })
*
* Note this is specific to the IPv4 CIDR.
*/
static readonly DEFAULT_CIDR_RANGE: string;
/**
* The default subnet configuration
*
* 1 Public and 1 Private subnet per AZ evenly split
*/
static readonly DEFAULT_SUBNETS: SubnetConfiguration[];
/**
* The default subnet configuration if natGateways specified to be 0
*
* 1 Public and 1 Isolated Subnet per AZ evenly split
*/
static readonly DEFAULT_SUBNETS_NO_NAT: SubnetConfiguration[];
/**
* Import a VPC by supplying all attributes directly
*
* NOTE: using `fromVpcAttributes()` with deploy-time parameters (like a `Fn.importValue()` or
* `CfnParameter` to represent a list of subnet IDs) sometimes accidentally works. It happens
* to work for constructs that need a list of subnets (like `AutoScalingGroup` and `eks.Cluster`)
* but it does not work for constructs that need individual subnets (like
* `Instance`). See https://github.com/aws/aws-cdk/issues/4118 for more
* information.
*
* Prefer to use `Vpc.fromLookup()` instead.
*/
static fromVpcAttributes(scope: Construct, id: string, attrs: VpcAttributes): IVpc;
/**
* Import an existing VPC by querying the AWS environment this stack is deployed to.
*
* This function only needs to be used to use VPCs not defined in your CDK
* application. If you are looking to share a VPC between stacks, you can
* pass the `Vpc` object between stacks and use it as normal.
*
* Calling this method will lead to a lookup when the CDK CLI is executed.
* You can therefore not use any values that will only be available at
* CloudFormation execution time (i.e., Tokens).
*
* The VPC information will be cached in `cdk.context.json` and the same VPC
* will be used on future runs. To refresh the lookup, you will have to
* evict the value from the cache using the `cdk context` command. See
* https://docs.aws.amazon.com/cdk/latest/guide/context.html for more information.
*/
static fromLookup(scope: Construct, id: string, options: VpcLookupOptions): IVpc;
/**
* Identifier for this VPC
*/
readonly vpcId: string;
/**
* @attribute
*/
readonly vpcArn: string;
/**
* @attribute
*/
readonly vpcCidrBlock: string;
/**
* @attribute
*/
readonly vpcDefaultNetworkAcl: string;
/**
* @attribute
*/
readonly vpcCidrBlockAssociations: string[];
/**
* @attribute
*/
readonly vpcDefaultSecurityGroup: string;
/**
* @attribute
*/
readonly vpcIpv6CidrBlocks: string[];
/**
* List of public subnets in this VPC
*/
readonly publicSubnets: ISubnet[];
/**
* List of private subnets in this VPC
*/
readonly privateSubnets: ISubnet[];
/**
* List of isolated subnets in this VPC
*/
readonly isolatedSubnets: ISubnet[];
/**
* AZs for this VPC
*/
readonly availabilityZones: string[];
/**
* Internet Gateway for the VPC. Note that in case the VPC is configured only
* with ISOLATED subnets, this attribute will be `undefined`.
*/
readonly internetGatewayId?: string;
readonly internetConnectivityEstablished: IDependable;
/**
* Indicates if instances launched in this VPC will have public DNS hostnames.
*/
readonly dnsHostnamesEnabled: boolean;
/**
* Indicates if DNS support is enabled for this VPC.
*/
readonly dnsSupportEnabled: boolean;
/**
* The VPC resource
*/
private readonly resource;
/**
* Indicates if IPv4 addresses will be used in the VPC.
*
* True for IPV4_ONLY and DUAL_STACK VPCs.
*/
private readonly useIpv4;
/**
* Indicates if IPv6 addresses will be used in the VPC.
*
* True for DUAL_STACK VPCs. False for IPV4_ONLY VPCs.
*/
private readonly useIpv6;
/**
* The provider of ipv4 addresses
*/
private readonly ipAddresses;
/**
* The provider of IPv6 addresses.
*/
private readonly ipv6Addresses?;
/**
* The IPv6 CIDR block CFN resource.
*
* Needed to create a dependency for the subnets.
*/
private readonly ipv6CidrBlock?;
/**
* The IPv6 CIDR block string representation.
*/
private readonly ipv6SelectedCidr?;
/**
* Subnet configurations for this VPC
*/
private subnetConfiguration;
private readonly _internetConnectivityEstablished;
/**
* Vpc creates a VPC that spans a whole region.
* It will automatically divide the provided VPC CIDR range, and create public and private subnets per Availability Zone.
* Network routing for the public subnets will be configured to allow outbound access directly via an Internet Gateway.
* Network routing for the private subnets will be configured to allow outbound access via a set of resilient NAT Gateways (one per AZ).
*/
constructor(scope: Construct, id: string, props?: VpcProps);
private createNatGateways;
/**
* createSubnets creates the subnets specified by the subnet configuration
* array or creates the `DEFAULT_SUBNETS` configuration
*/
private createSubnets;
/**
* Defaults to true in Subnet.Public for IPV4_ONLY VPCs.
*
* Defaults to false in Subnet.Public for DUAL_STACK VPCs.
*
* Always defaults to false in non-public subnets and will error if set.
*/
private calculateMapPublicIpOnLaunch;
private createSubnetResources;
private restrictDefaultSecurityGroup;
/**
* Returns the list of resolved availability zones found in the provided stack availability
* zones.
*
* Note: A resolved availability zone refers to an availability zone that is not a token
* and is also not a dummy value.
*/
private resolveStackAvailabilityZones;
}
/**
* Specify configuration parameters for a VPC subnet
*/
export interface SubnetProps {
/**
* The availability zone for the subnet
*/
readonly availabilityZone: string;
/**
* The VPC which this subnet is part of
*/
readonly vpcId: string;
/**
* The CIDR notation for this subnet
*/
readonly cidrBlock: string;
/**
* Controls if a public IP is associated to an instance at launch
*
* @default true in Subnet.Public, false in Subnet.Private or Subnet.Isolated.
*/
readonly mapPublicIpOnLaunch?: boolean;
/**
* The IPv6 CIDR block.
*
* If you specify AssignIpv6AddressOnCreation, you must also specify Ipv6CidrBlock.
*
* @default - no IPv6 CIDR block.
*/
readonly ipv6CidrBlock?: string;
/**
* Indicates whether a network interface created in this subnet receives an IPv6 address.
*
* If you specify AssignIpv6AddressOnCreation, you must also specify Ipv6CidrBlock.
*
* @default false
*/
readonly assignIpv6AddressOnCreation?: boolean;
}
/**
* Represents a new VPC subnet resource
*
* @resource AWS::EC2::Subnet
*/
export declare class Subnet extends Resource implements ISubnet {
/**
* Uniquely identifies this class.
*/
static readonly PROPERTY_INJECTION_ID: string;
static isVpcSubnet(x: any): x is Subnet;
static fromSubnetAttributes(scope: Construct, id: string, attrs: SubnetAttributes): ISubnet;
/**
* Import existing subnet from id.
*/
static fromSubnetId(scope: Construct, id: string, subnetId: string): ISubnet;
/**
* The Availability Zone the subnet is located in
*/
readonly availabilityZone: string;
/**
* @attribute
*/
readonly ipv4CidrBlock: string;
/**
* The subnetId for this particular subnet
*/
readonly subnetId: string;
/**
* @attribute
*/
readonly subnetVpcId: string;
/**
* @attribute
*/
readonly subnetAvailabilityZone: string;
/**
* @attribute
*/
readonly subnetIpv6CidrBlocks: string[];
/**
* The Amazon Resource Name (ARN) of the Outpost for this subnet (if one exists).
* @attribute
*/
readonly subnetOutpostArn: string;
/**
* @attribute
*/
readonly subnetNetworkAclAssociationId: string;
/**
* Parts of this VPC subnet
*/
readonly dependencyElements: IDependable[];
/**
* The routeTableId attached to this subnet.
*/
readonly routeTable: IRouteTable;
readonly subnetRef: SubnetReference;
readonly internetConnectivityEstablished: IDependable;
private readonly _internetConnectivityEstablished;
private _networkAcl;
constructor(scope: Construct, id: string, props: SubnetProps);
/**
* Create a default route that points to a passed IGW, with a dependency
* on the IGW's attachment to the VPC.
*
* @param gatewayId the logical ID (ref) of the gateway attached to your VPC
* @param gatewayAttachment the gateway attachment construct to be added as a dependency
*/
addDefaultInternetRoute(gatewayId: string, gatewayAttachment: IDependable): void;
/**
* Create a default IPv6 route that points to a passed IGW.
*
* @param gatewayId the logical ID (ref) of the gateway attached to your VPC
*/
addIpv6DefaultInternetRoute(gatewayId: string): void;
/**
* Create a default IPv6 route that points to a passed EIGW.
*
* @param gatewayId the logical ID (ref) of the gateway attached to your VPC
*/
addIpv6DefaultEgressOnlyInternetRoute(gatewayId: string): void;
/**
* Network ACL associated with this Subnet
*
* Upon creation, this is the default ACL which allows all traffic, except
* explicit DENY entries that you add.
*
* You can replace it with a custom ACL which denies all traffic except
* the explicit ALLOW entries that you add by creating a `NetworkAcl`
* object and calling `associateNetworkAcl()`.
*/
get networkAcl(): INetworkAcl;
/**
* Adds an entry to this subnets route table that points to the passed NATGatewayId
* @param natGatewayId The ID of the NAT gateway
*/
addDefaultNatRoute(natGatewayId: string): void;
/**
* Adds an entry to this subnets route table that points to the passed NATGatewayId.
* Uses the known 64:ff9b::/96 prefix.
* @param natGatewayId The ID of the NAT gateway
*/
addIpv6Nat64Route(natGatewayId: string): void;
/**
* Adds an entry to this subnets route table
*/
addRoute(id: string, options: AddRouteOptions): void;
associateNetworkAcl(id: string, networkAcl: INetworkAcl): void;
}
/**
* Options for adding a new route to a subnet
*/
export interface AddRouteOptions {
/**
* IPv4 range this route applies to
*
* @default '0.0.0.0/0'
*/
readonly destinationCidrBlock?: string;
/**
* IPv6 range this route applies to
*
* @default - Uses IPv6
*/
readonly destinationIpv6CidrBlock?: string;
/**
* What type of router to route this traffic to
*/
readonly routerType: RouterType;
/**
* The ID of the router
*
* Can be an instance ID, gateway ID, etc, depending on the router type.
*/
readonly routerId: string;
/**
* Whether this route will enable internet connectivity
*
* If true, this route will be added before any AWS resources that depend
* on internet connectivity in the VPC will be created.
*
* @default false
*/
readonly enablesInternetConnectivity?: boolean;
}
/**
* Type of router used in route
*/
export declare enum RouterType {
/**
* Carrier gateway
*/
CARRIER_GATEWAY = "CarrierGateway",
/**
* Egress-only Internet Gateway
*/
EGRESS_ONLY_INTERNET_GATEWAY = "EgressOnlyInternetGateway",
/**
* Internet Gateway
*/
GATEWAY = "Gateway",
/**
* Instance
*/
INSTANCE = "Instance",
/**
* Local Gateway
*/
LOCAL_GATEWAY = "LocalGateway",
/**
* NAT Gateway
*/
NAT_GATEWAY = "NatGateway",
/**
* Network Interface
*/
NETWORK_INTERFACE = "NetworkInterface",
/**
* Transit Gateway
*/
TRANSIT_GATEWAY = "TransitGateway",
/**
* VPC peering connection
*/
VPC_PEERING_CONNECTION = "VpcPeeringConnection",
/**
* VPC Endpoint for gateway load balancers
*/
VPC_ENDPOINT = "VpcEndpoint",
/**
* AWS Network Manager Core Network
*/
CORE_NETWORK = "CoreNetwork"
}
export interface PublicSubnetProps extends SubnetProps {
}
export interface IPublicSubnet extends ISubnet {
}
export interface PublicSubnetAttributes extends SubnetAttributes {
}
/**
* Represents a public VPC subnet resource
*/
export declare class PublicSubnet extends Subnet implements IPublicSubnet {
/**
* Uniquely identifies this class.
*/
static readonly PROPERTY_INJECTION_ID: string;
static fromPublicSubnetAttributes(scope: Construct, id: string, attrs: PublicSubnetAttributes): IPublicSubnet;
constructor(scope: Construct, id: string, props: PublicSubnetProps);
/**
* Creates a new managed NAT gateway attached to this public subnet.
* Also adds the EIP for the managed NAT.
* @returns A ref to the NAT Gateway ID
*/
addNatGateway(eipAllocationId?: string): CfnNatGateway;
}
export interface PrivateSubnetProps extends SubnetProps {
}
export interface IPrivateSubnet extends ISubnet {
}
export interface PrivateSubnetAttributes extends SubnetAttributes {
}
/**
* Represents a private VPC subnet resource
*/
export declare class PrivateSubnet extends Subnet implements IPrivateSubnet {
/**
* Uniquely identifies this class.
*/
static readonly PROPERTY_INJECTION_ID: string;
static fromPrivateSubnetAttributes(scope: Construct, id: string, attrs: PrivateSubnetAttributes): IPrivateSubnet;
constructor(scope: Construct, id: string, props: PrivateSubnetProps);
}
export {};
Reference in New Issue View Git Blame Copy Permalink