smallcasecdkvpcmodule

package module
v0.0.18 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Sep 8, 2025 License: Apache-2.0 Imports: 11 Imported by: 0

README

cdk-vpc-module

cdk-vpc-module construct library is an open-source extension of the AWS Cloud Development Kit (AWS CDK) to deploy configurable aws vpc and its individual components in less than 50 lines of code and human readable configuration which can be managed by pull requests!

✨ Features

  • ✅ Option to configure custom IPv4 CIDR(10.10.0.0/24)
  • ✅ VPC Peering with route table entry
  • ✅ Configurable NACL as per subnet group
  • ✅ NATGateway as per availabilityZones

Using cdk a vpc can be deployed using the following sample code snippet:

import { Network } from "@smallcase/cdk-vpc-module/lib/constructs/network";
import { aws_ec2 as ec2, App, Stack, StackProps } from "aws-cdk-lib";
import { Construct } from "constructs";

export class VPCStack extends Stack {
  constructor(scope: Construct, id: string, props: StackProps = {}) {
    const s3EndpointIamPermission = new iam.PolicyStatement({
      actions: ["s3:*"],
      resources: ['arn:aws:s3:::*'],
      principals: [new iam.AnyPrincipal()],
    })
    const monitoringEndpointIamPermission = new iam.PolicyStatement({
      actions: ["*"],
      resources: ['*'],
      principals: [new iam.AnyPrincipal()],
    })
    super(scope, id, props);
    new Network(this, 'NETWORK', {
      vpc: {
        cidr: '10.10.0.0/16',
        subnetConfiguration: [],
      },
      peeringConfigs: {
        "TEST-PEERING": { // this key will be used as your peering id, which you will have to mention below when you configure a route table for your subnets
          peeringVpcId: "vpc-0000",
          tags: {
            "Name": "TEST-PEERING to CREATED-VPC",
            "Description": "Connect"
          }
        }
      },
      subnets: [
        {
          subnetGroupName: 'NATGateway',
          subnetType: ec2.SubnetType.PUBLIC,
          cidrBlock: ['10.10.0.0/28', '10.10.0.16/28', '10.10.0.32/28'],
          availabilityZones: ['ap-south-1a', 'ap-south-1b', 'ap-south-1c'],
          ingressNetworkACL: [
            {
              cidr: ec2.AclCidr.ipv4('0.0.0.0/0'),
              traffic: ec2.AclTraffic.allTraffic(),
            },
          ],
          routes: [
          ],
          egressNetworkACL: [
            {
              cidr: ec2.AclCidr.ipv4('0.0.0.0/0'),
              traffic: ec2.AclTraffic.allTraffic(),
            },
          ],
        },
        {
          subnetGroupName: 'Public',
          subnetType: ec2.SubnetType.PUBLIC,
          cidrBlock: ['10.10.2.0/24', '10.10.3.0/24', '10.10.4.0/24'],
          availabilityZones: ['ap-south-1a', 'ap-south-1b', 'ap-south-1c'],
          ingressNetworkACL: [
            {
              cidr: ec2.AclCidr.ipv4('0.0.0.0/0'),
              traffic: ec2.AclTraffic.allTraffic(),
            },
          ],
          egressNetworkACL: [
            {
              cidr: ec2.AclCidr.ipv4('0.0.0.0/0'),
              traffic: ec2.AclTraffic.allTraffic(),
            },
          ],
          routes: [
          ],
          tags: {
            // if you use this vpc for your eks cluster, you have to tag your subnets [read more](https://aws.amazon.com/premiumsupport/knowledge-center/eks-vpc-subnet-discovery/)
            'kubernetes.io/role/elb': '1',
            'kubernetes.io/cluster/TEST-CLUSTER': 'owned',
          },
        },
        {
          subnetGroupName: 'Private',
          subnetType: ec2.SubnetType.PRIVATE_WITH_NAT,
          cidrBlock: ['10.10.5.0/24', '10.10.6.0/24', '10.10.7.0/24'],
          availabilityZones: ['ap-south-1a', 'ap-south-1b', 'ap-south-1c'],
          ingressNetworkACL: [
            {
              cidr: ec2.AclCidr.ipv4('0.0.0.0/0'),
              traffic: ec2.AclTraffic.allTraffic(),
            },
          ],
          egressNetworkACL: [
            {
              cidr: ec2.AclCidr.ipv4('0.0.0.0/0'),
              traffic: ec2.AclTraffic.allTraffic(),
            },

          ],
          routes: [
            {
            // if you use this vpc for your eks cluster, you have to tag your subnets [read more](https://aws.amazon.com/premiumsupport/knowledge-center/eks-vpc-subnet-discovery/)
              routerType: ec2.RouterType.VPC_PEERING_CONNECTION,
              destinationCidrBlock: "<destinationCidrBlock>",
              //<Your VPC PeeringConfig KEY, in this example TEST-PEERING will be your ID>
              existingVpcPeeringRouteKey: "TEST-PEERING"
            }
          ],
          tags: {
            'kubernetes.io/role/internal-elb': '1',
            'kubernetes.io/cluster/TEST-CLUSTER': 'owned',
          },
        },
        {
          subnetGroupName: 'Database',
          subnetType: ec2.SubnetType.PRIVATE_WITH_NAT,
          cidrBlock: ['10.10.14.0/27', '10.10.14.32/27', '10.10.14.64/27'],
          availabilityZones: ['ap-south-1a', 'ap-south-1b', 'ap-south-1c'],
          ingressNetworkACL: [
            {
              cidr: ec2.AclCidr.ipv4('0.0.0.0/0'),
              traffic: ec2.AclTraffic.allTraffic(),
            },
          ],
          egressNetworkACL: [
            {
              cidr: ec2.AclCidr.ipv4('0.0.0.0/0'),
              traffic: ec2.AclTraffic.allTraffic(),
            },
          ],
          routes: [
          ],
          tags: {
          },
        },
      ],
      vpcEndpoints: [
        {
          name: "s3-gw",
          service: ec2.GatewayVpcEndpointAwsService.S3,
          subnetGroupNames: ["Private","Database"],
          externalSubnets: [
            {
              id: "subnet-<id>",
              availabilityZone: "ap-south-1a",
              routeTableId: "rtb-<id>"
            },
            {
              id: "subnet-<id>",
              availabilityZone: "ap-south-1b",
              routeTableId: "rtb-<id>"
            }
          ],
          iamPolicyStatements: [s3EndpointIamPermission]
        },
        {
          name: "da-stag-monitoring-vpe",
          service: ec2.InterfaceVpcEndpointAwsService.CLOUDWATCH_MONITORING,
          subnetGroupNames: ["ManageServicePrivate"],
          iamPolicyStatements: [monitoringEndpointIamPermission],
          securityGroupRules: [
            {
              peer: ec2.Peer.ipv4("10.10.0.0/16"),
              port:  ec2.Port.tcp(443),
              description: "From Test VPC"
            }
          ],
        },
      ]
    });
  }
}
const envDef = {
  account: '<AWS-ID>',
  region: '<AWS-REGION>',
};

const app = new App();

new VPCStack(app, 'TEST', {
  env: envDef,
  terminationProtection: true,
  tags: {
});
app.synth();

Please refer here to check how to use individual resource constructs.

🎬 Quick Start

The quick start shows you how to create an AWS-VPC using this module.

Prerequisites
  • A working aws CLI installation with access to an account and administrator privileges
  • You'll need a recent NodeJS installation

To get going you'll need a CDK project. For details please refer to the detailed guide for CDK.

Create an empty directory on your system.

mkdir aws-quick-start-vpc && cd aws-quick-start-vpc

Bootstrap your CDK project, we will use TypeScript, but you can switch to any other supported language.

npx cdk init sample-vpc  --language typescript
npx cdk bootstrap

Install using NPM:

npm install @smallcase/cdk-vpc-module

Using yarn

yarn add @smallcase/cdk-vpc-module

Check the changed which are to be deployed

~ -> npx cdk diff

Deploy using

~ -> npx cdk deploy

Features Multiple VPC Endpoints: Define and manage multiple VPC Endpoints in one configuration. Flexible Subnet Selection: Attach VPC Endpoints to multiple subnet groups or external subnets. Custom Security Groups: Configure security groups for Interface VPC Endpoints. IAM Policies: Attach custom IAM policies to control access to the VPC Endpoints. Tagging: Apply custom tags to each VPC Endpoint.

Defining VPC Endpoints Configuration You can define multiple VPC Endpoints in the vpcEndpoints: [] configuration array. Each VPC Endpoint can be customized with different subnet groups, IAM policies, security group rules, and tags.

vpcEndpoints: [
  {
    name: "test-s3-gw",
    service: ec2.GatewayVpcEndpointAwsService.S3,
    subnetGroupNames: ["ManageServicePrivate", "ToolPrivate", "Database"],  // Subnet groups for the endpoint
    externalSubnets: [
      {
        id: "subnet-<id>",
        availabilityZone: "ap-south-1a",
        routeTableId: "rtb-<id>",
      },
      {
        id: "subnet-<id>",
        availabilityZone: "ap-south-1b",
        routeTableId: "rtb-<id>",
      }
    ],
    iamPolicyStatements: [s3EndpointIamPermission],  // Custom IAM policy for the endpoint
  },
  {
    name: "DynamoDbGatewayEndpoint",
    service: ec2.GatewayVpcEndpointAwsService.DYNAMODB,
    subnetGroupNames: ["private-subnet"],
    additionalTags: {
      Environment: "Staging",
    },
  },
],

In this example:

The S3 Gateway Endpoint is created in three subnet groups: ManageServicePrivate, ToolPrivate, and Database. External subnets are specified with their IDs, availability zones, and route table IDs for the S3 endpoint. A custom IAM policy (s3EndpointIamPermission) is attached to control access to the S3 endpoint. A DynamoDB Gateway Endpoint is created in the private-subnet with additional tags specifying the environment and ownership.

Configuration Options Here’s a breakdown of the configuration options available:

  1. name: A unique name for the VPC Endpoint.
  2. service: The AWS service the VPC Endpoint connects to (e.g., S3, DynamoDB, Secrets Manager)
  3. subnetGroupNames: The subnet group names where the VPC Endpoint will be deployed.
  4. externalSubnets: Specify external subnets if you need to define subnets manually (each with an id, availabilityZone, and routeTableId).
  5. iamPolicyStatements: (Optional) Attach IAM policy statements to control access to the endpoint.
  6. additionalTags: (Optional) Add custom tags to the VPC Endpoint for easier identification and tracking.

Dynamic Routing Strategy

The module automatically chooses the optimal routing strategy based on the number of NAT Gateways to prevent duplicate 0.0.0.0/0 route entries:

Single NAT Gateway (≤1 NAT Gateway)

  • Strategy: One route table per subnet group

  • Benefits:

    • Cost Optimized: Fewer route tables = lower costs
    • Simpler Management: One route table per subnet group
    • No Duplicate Routes: Single NAT Gateway means no duplicate 0.0.0.0/0 entries
    • Suitable for: Development, testing, small workloads

  • Configuration: All subnets in a group share the same route table with one NAT route

Multiple NAT Gateways (>1 NAT Gateway)

  • Strategy: One route table per subnet

  • Benefits:

    • Prevents Duplicate Routes: Each subnet gets its own route table, avoiding duplicate 0.0.0.0/0 entries
    • AZ-Aware Routing: Each subnet uses NAT Gateway in the same AZ when possible
    • High Availability: Better fault tolerance and load distribution
    • Cross-AZ Cost Reduction: Reduced data transfer costs
    • Suitable for: Production workloads, high availability requirements

  • Configuration: Each subnet gets its own route table with one NAT route

Why This Strategy?

AWS route tables don't support duplicate entries for the same destination CIDR (like 0.0.0.0/0). When you have multiple NAT Gateways:

  • ❌ Wrong Approach: Multiple NAT routes in same route table → AlreadyExists error
  • ✅ Correct Approach: One route table per subnet → Each gets one NAT route
Automatic Strategy Selection
// Single NAT Gateway - Cost Optimized
new Network(this, 'NETWORK', {
  vpc: {
    cidr: '10.10.0.0/16',
    subnetConfiguration: [],
  },
  subnets: [
    {
      subnetGroupName: 'NATGateway',
      subnetType: ec2.SubnetType.PUBLIC,
      cidrBlock: ['10.10.0.0/28'], // Only one subnet
      availabilityZones: ['ap-south-1a'], // Only one AZ
      useSubnetForNAT: true,
    },
    {
      subnetGroupName: 'Private',
      subnetType: ec2.SubnetType.PRIVATE_WITH_NAT,
      cidrBlock: ['10.10.5.0/24', '10.10.6.0/24', '10.10.7.0/24'],
      availabilityZones: ['ap-south-1a', 'ap-south-1b', 'ap-south-1c'],
    },
  ],
});

// Multiple NAT Gateways - Performance Optimized
new Network(this, 'NETWORK', {
  vpc: {
    cidr: '10.10.0.0/16',
    subnetConfiguration: [],
  },
  natEipAllocationIds: [
    'eipalloc-1234567890abcdef',
    'eipalloc-0987654321fedcba',
    'eipalloc-abcdef1234567890',
  ],
  subnets: [
    {
      subnetGroupName: 'NATGateway',
      subnetType: ec2.SubnetType.PUBLIC,
      cidrBlock: ['10.10.0.0/28', '10.10.0.16/28', '10.10.0.32/28'],
      availabilityZones: ['ap-south-1a', 'ap-south-1b', 'ap-south-1c'],
      useSubnetForNAT: true,
    },
    {
      subnetGroupName: 'Private',
      subnetType: ec2.SubnetType.PRIVATE_WITH_NAT,
      cidrBlock: ['10.10.5.0/24', '10.10.6.0/24', '10.10.7.0/24'],
      availabilityZones: ['ap-south-1a', 'ap-south-1b', 'ap-south-1c'],
    },
  ],
});
CloudFormation Outputs

The module provides outputs to show which strategy is being used:

  • RoutingStrategy: Shows "Route Table per Subnet Group" or "Route Table per Subnet"
  • NATGatewayCount: Shows the number of NAT Gateways configured
Route Table Distribution
Scenario Route Tables NAT Routes per Table Strategy
Single NAT 1 per subnet group 1 Cost optimized
Multiple NAT 1 per subnet 1 Performance optimized
Migration Strategy

You can easily migrate between strategies by changing your configuration:

  1. Development → Production: Add more NAT Gateway subnets
  2. Production → Development: Reduce to single NAT Gateway subnet
  3. Cost Optimization: Monitor usage and adjust NAT Gateway count

The module handles the migration automatically without manual route table changes.

NAT Gateway EIP Allocation

You can specify existing Elastic IP (EIP) allocation IDs to use with your NAT Gateways. This is useful when you want to:

  • Use pre-existing EIPs
  • Maintain consistent IP addresses across deployments
  • Control EIP costs and management
Using EIP Allocation IDs
new Network(this, 'NETWORK', {
  vpc: {
    cidr: '10.10.0.0/16',
    subnetConfiguration: [],
  },
  // Specify existing EIP allocation IDs
  natEipAllocationIds: [
    'eipalloc-1234567890abcdef', // EIP for NAT Gateway 1
    'eipalloc-0987654321fedcba', // EIP for NAT Gateway 2
    'eipalloc-abcdef1234567890', // EIP for NAT Gateway 3
  ],
  subnets: [
    {
      subnetGroupName: 'NATGateway',
      subnetType: ec2.SubnetType.PUBLIC,
      cidrBlock: ['10.10.0.0/28', '10.10.0.16/28', '10.10.0.32/28'],
      availabilityZones: ['ap-south-1a', 'ap-south-1b', 'ap-south-1c'],
      useSubnetForNAT: true,
    },
    {
      subnetGroupName: 'Private',
      subnetType: ec2.SubnetType.PRIVATE_WITH_NAT,
      cidrBlock: ['10.10.5.0/24', '10.10.6.0/24', '10.10.7.0/24'],
      availabilityZones: ['ap-south-1a', 'ap-south-1b', 'ap-south-1c'],
    },
  ],
});
EIP Allocation ID Requirements
  • Count: Should match the number of NAT Gateway subnets (optional)
  • Format: Must be valid EIP allocation IDs (e.g., eipalloc-xxxxxxxxx)
  • Region: Must be in the same region as your VPC
  • Account: Must be owned by the same AWS account
Benefits of Using EIP Allocation IDs
  1. Cost Control: Reuse existing EIPs instead of creating new ones
  2. IP Consistency: Maintain the same public IP addresses across deployments
  3. Compliance: Meet requirements for static IP addresses
  4. DNS: Use existing DNS records that point to specific EIPs
CloudFormation Outputs

When EIP allocation IDs are provided, the module outputs:

  • NATEipAllocationIds: Comma-separated list of EIP allocation IDs used
  • RoutingStrategy: Shows the routing strategy being used
  • NATGatewayCount: Number of NAT Gateways configured
Example Output
{
  "NATEipAllocationIds": "eipalloc-1234567890abcdef,eipalloc-0987654321fedcba,eipalloc-abcdef1234567890",
  "RoutingStrategy": "Route Table per Subnet",
  "NATGatewayCount": "3"
}
Creating EIPs for NAT Gateways

If you need to create EIPs first, you can do so using CDK:

import * as ec2 from 'aws-cdk-lib/aws-ec2';

// Create EIPs
const eip1 = new ec2.CfnEIP(this, 'NATEip1', {
  domain: 'vpc',
});

const eip2 = new ec2.CfnEIP(this, 'NATEip2', {
  domain: 'vpc',
});

const eip3 = new ec2.CfnEIP(this, 'NATEip3', {
  domain: 'vpc',
});

// Use them in your Network construct
new Network(this, 'NETWORK', {
  vpc: {
    cidr: '10.10.0.0/16',
    subnetConfiguration: [],
  },
  natEipAllocationIds: [
    eip1.attrAllocationId,
    eip2.attrAllocationId,
    eip3.attrAllocationId,
  ],
  // ... rest of configuration
});

Documentation

Overview

@smallcase/cdk-vpc-module

Index

Constants

This section is empty.

Variables

This section is empty.

Functions

func Network_IsConstruct 

func Network_IsConstruct(x interface{}) *bool

Checks if `x` is a construct.

Returns: true if `x` is an object created from a class which extends `Construct`. Deprecated: use `x instanceof Construct` instead.

func NewNetwork_Override 

func NewNetwork_Override(n Network, scope constructs.Construct, id *string, props *VPCProps)

func NewVpcEndpointServiceNestedStack_Override added in v0.0.18 

func NewVpcEndpointServiceNestedStack_Override(v VpcEndpointServiceNestedStack, scope constructs.Construct, id *string, props *VpcEndpointServiceNestedStackProps)

func VpcEndpointServiceNestedStack_IsConstruct added in v0.0.18 

func VpcEndpointServiceNestedStack_IsConstruct(x interface{}) *bool

Checks if `x` is a construct.

Returns: true if `x` is an object created from a class which extends `Construct`. Deprecated: use `x instanceof Construct` instead.

func VpcEndpointServiceNestedStack_IsNestedStack added in v0.0.18 

func VpcEndpointServiceNestedStack_IsNestedStack(x interface{}) *bool

Checks if `x` is an object of type `NestedStack`.

func VpcEndpointServiceNestedStack_IsStack added in v0.0.18 

func VpcEndpointServiceNestedStack_IsStack(x interface{}) *bool

Return whether the given object is a Stack.

We do attribute detection since we can't reliably use 'instanceof'.

func VpcEndpointServiceNestedStack_Of added in v0.0.18 

func VpcEndpointServiceNestedStack_Of(construct constructs.IConstruct) awscdk.Stack

Looks up the first stack scope in which `construct` is defined.

Fails if there is no stack up the tree.

Types

type AddRouteOptions 

type AddRouteOptions struct {
	// What type of router to route this traffic to.
	RouterType awsec2.RouterType `field:"required" json:"routerType" yaml:"routerType"`
	// IPv4 range this route applies to.
	// Default: '0.0.0.0/0'
	//
	DestinationCidrBlock *string `field:"optional" json:"destinationCidrBlock" yaml:"destinationCidrBlock"`
	// IPv6 range this route applies to.
	// Default: - Uses IPv6.
	//
	DestinationIpv6CidrBlock *string `field:"optional" json:"destinationIpv6CidrBlock" yaml:"destinationIpv6CidrBlock"`
	// Whether this route will enable internet connectivity.
	//
	// If true, this route will be added before any AWS resources that depend
	// on internet connectivity in the VPC will be created.
	// Default: false.
	//
	EnablesInternetConnectivity *bool   `field:"optional" json:"enablesInternetConnectivity" yaml:"enablesInternetConnectivity"`
	ExistingVpcPeeringRouteKey  *string `field:"optional" json:"existingVpcPeeringRouteKey" yaml:"existingVpcPeeringRouteKey"`
	RouteName                   *string `field:"optional" json:"routeName" yaml:"routeName"`
	RouterId                    *string `field:"optional" json:"routerId" yaml:"routerId"`
}

type IExternalVPEndpointSubnets added in v0.0.10 

type IExternalVPEndpointSubnets interface {
	AvailabilityZone() *string
	Id() *string
	RouteTableId() *string
}

type ISubnetsProps 

type ISubnetsProps interface {
	AvailabilityZones() *[]*string
	CidrBlock() *[]*string
	EgressNetworkACL() *[]*NetworkACL
	IngressNetworkACL() *[]*NetworkACL
	Routes() *[]*AddRouteOptions
	SubnetGroupName() *string
	SubnetType() awsec2.SubnetType
	Tags() *map[string]*string
	UseNestedStacks() *bool
	UseSubnetForNAT() *bool
}

type LoadBalancerConfig added in v0.0.13 

type LoadBalancerConfig struct {
	Certificates            *[]*string            `field:"optional" json:"certificates" yaml:"certificates"`
	ExistingArn             *string               `field:"optional" json:"existingArn" yaml:"existingArn"`
	ExistingSecurityGroupId *string               `field:"optional" json:"existingSecurityGroupId" yaml:"existingSecurityGroupId"`
	InternetFacing          *bool                 `field:"optional" json:"internetFacing" yaml:"internetFacing"`
	SecurityGroupRules      *[]*SecurityGroupRule `field:"optional" json:"securityGroupRules" yaml:"securityGroupRules"`
	SubnetGroupName         *string               `field:"optional" json:"subnetGroupName" yaml:"subnetGroupName"`
	TargetGroups            *[]*TargetGroupConfig `field:"optional" json:"targetGroups" yaml:"targetGroups"`
}

type Network 

type Network interface {
	constructs.Construct
	EndpointOutputs() *map[string]interface{}
	NatSubnets() *[]awsec2.PublicSubnet
	SetNatSubnets(val *[]awsec2.PublicSubnet)
	// The tree node.
	Node() constructs.Node
	PbSubnets() *[]awsec2.PublicSubnet
	SetPbSubnets(val *[]awsec2.PublicSubnet)
	PvSubnets() *[]awsec2.PrivateSubnet
	SetPvSubnets(val *[]awsec2.PrivateSubnet)
	SecurityGroupOutputs() *map[string]awsec2.SecurityGroup
	Subnets() *map[string]*[]awsec2.Subnet
	SetSubnets(val *map[string]*[]awsec2.Subnet)
	Vpc() awsec2.Vpc
	CreateSubnet(option ISubnetsProps, vpc awsec2.Vpc, peeringConnectionId *PeeringConnectionInternalType, useGlobalNestedStacks *bool) *[]awsec2.Subnet
	MergeSubnetsByGroupNames(name *string, service interface{}, subnetGroupNames *[]*string, externalSubnets *[]IExternalVPEndpointSubnets) *awsec2.SelectedSubnets
	// Returns a string representation of this construct.
	ToString() *string
}

func NewNetwork 

func NewNetwork(scope constructs.Construct, id *string, props *VPCProps) Network

type NetworkACL 

type NetworkACL struct {
	Cidr    awsec2.AclCidr    `field:"required" json:"cidr" yaml:"cidr"`
	Traffic awsec2.AclTraffic `field:"required" json:"traffic" yaml:"traffic"`
}

type NetworkLoadBalancerConfig added in v0.0.13 

type NetworkLoadBalancerConfig struct {
	SecurityGroupRules      *[]*SecurityGroupRule `field:"required" json:"securityGroupRules" yaml:"securityGroupRules"`
	SubnetGroupName         *string               `field:"required" json:"subnetGroupName" yaml:"subnetGroupName"`
	Certificates            *[]*string            `field:"optional" json:"certificates" yaml:"certificates"`
	ExistingSecurityGroupId *string               `field:"optional" json:"existingSecurityGroupId" yaml:"existingSecurityGroupId"`
	InternetFacing          *bool                 `field:"optional" json:"internetFacing" yaml:"internetFacing"`
}

type PeeringConfig 

type PeeringConfig struct {
	PeeringVpcId      *string             `field:"required" json:"peeringVpcId" yaml:"peeringVpcId"`
	Tags              *map[string]*string `field:"required" json:"tags" yaml:"tags"`
	PeerAssumeRoleArn *string             `field:"optional" json:"peerAssumeRoleArn" yaml:"peerAssumeRoleArn"`
	PeerOwnerId       *string             `field:"optional" json:"peerOwnerId" yaml:"peerOwnerId"`
	PeerRegion        *string             `field:"optional" json:"peerRegion" yaml:"peerRegion"`
}

type PeeringConnectionInternalType 

type PeeringConnectionInternalType struct {
}

type SecurityGroupRule added in v0.0.10 

type SecurityGroupRule struct {
	Peer        interface{} `field:"required" json:"peer" yaml:"peer"`
	Port        awsec2.Port `field:"required" json:"port" yaml:"port"`
	Description *string     `field:"optional" json:"description" yaml:"description"`
}

type TargetGroupConfig added in v0.0.13 

type TargetGroupConfig struct {
	ApplicationPort     *float64                                             `field:"required" json:"applicationPort" yaml:"applicationPort"`
	Host                *string                                              `field:"required" json:"host" yaml:"host"`
	HealthCheckPath     *string                                              `field:"optional" json:"healthCheckPath" yaml:"healthCheckPath"`
	HealthCheckPort     *float64                                             `field:"optional" json:"healthCheckPort" yaml:"healthCheckPort"`
	HealthCheckProtocol awselasticloadbalancingv2.Protocol                   `field:"optional" json:"healthCheckProtocol" yaml:"healthCheckProtocol"`
	Priority            *float64                                             `field:"optional" json:"priority" yaml:"priority"`
	Protocol            awselasticloadbalancingv2.ApplicationProtocol        `field:"optional" json:"protocol" yaml:"protocol"`
	ProtocolVersion     awselasticloadbalancingv2.ApplicationProtocolVersion `field:"optional" json:"protocolVersion" yaml:"protocolVersion"`
}

type VPCProps 

type VPCProps struct {
	Subnets             *[]ISubnetsProps            `field:"required" json:"subnets" yaml:"subnets"`
	Vpc                 *awsec2.VpcProps            `field:"required" json:"vpc" yaml:"vpc"`
	NatEipAllocationIds *[]*string                  `field:"optional" json:"natEipAllocationIds" yaml:"natEipAllocationIds"`
	PeeringConfigs      *map[string]*PeeringConfig  `field:"optional" json:"peeringConfigs" yaml:"peeringConfigs"`
	UseNestedStacks     *bool                       `field:"optional" json:"useNestedStacks" yaml:"useNestedStacks"`
	VpcEndpoints        *[]*VpcEndpointConfig       `field:"optional" json:"vpcEndpoints" yaml:"vpcEndpoints"`
	VpcEndpointServices *[]*VpcEndpontServiceConfig `field:"optional" json:"vpcEndpointServices" yaml:"vpcEndpointServices"`
}

type VpcEndpointConfig added in v0.0.10 

type VpcEndpointConfig struct {
	Name                *string                       `field:"required" json:"name" yaml:"name"`
	Service             interface{}                   `field:"required" json:"service" yaml:"service"`
	SubnetGroupNames    *[]*string                    `field:"required" json:"subnetGroupNames" yaml:"subnetGroupNames"`
	AdditionalTags      *map[string]*string           `field:"optional" json:"additionalTags" yaml:"additionalTags"`
	ExternalSubnets     *[]IExternalVPEndpointSubnets `field:"optional" json:"externalSubnets" yaml:"externalSubnets"`
	IamPolicyStatements *[]awsiam.PolicyStatement     `field:"optional" json:"iamPolicyStatements" yaml:"iamPolicyStatements"`
	SecurityGroupRules  *[]*SecurityGroupRule         `field:"optional" json:"securityGroupRules" yaml:"securityGroupRules"`
}

type VpcEndpointServiceNestedStack added in v0.0.18 

type VpcEndpointServiceNestedStack interface {
	awscdk.NestedStack
	// The AWS account into which this stack will be deployed.
	//
	// This value is resolved according to the following rules:
	//
	// 1. The value provided to `env.account` when the stack is defined. This can
	//    either be a concrete account (e.g. `585695031111`) or the
	//    `Aws.ACCOUNT_ID` token.
	// 3. `Aws.ACCOUNT_ID`, which represents the CloudFormation intrinsic reference
	//    `{ "Ref": "AWS::AccountId" }` encoded as a string token.
	//
	// Preferably, you should use the return value as an opaque string and not
	// attempt to parse it to implement your logic. If you do, you must first
	// check that it is a concrete value an not an unresolved token. If this
	// value is an unresolved token (`Token.isUnresolved(stack.account)` returns
	// `true`), this implies that the user wishes that this stack will synthesize
	// into an **account-agnostic template**. In this case, your code should either
	// fail (throw an error, emit a synth error using `Annotations.of(construct).addError()`) or
	// implement some other account-agnostic behavior.
	Account() *string
	// The ID of the cloud assembly artifact for this stack.
	ArtifactId() *string
	// Returns the list of AZs that are available in the AWS environment (account/region) associated with this stack.
	//
	// If the stack is environment-agnostic (either account and/or region are
	// tokens), this property will return an array with 2 tokens that will resolve
	// at deploy-time to the first two availability zones returned from CloudFormation's
	// `Fn::GetAZs` intrinsic function.
	//
	// If they are not available in the context, returns a set of dummy values and
	// reports them as missing, and let the CLI resolve them by calling EC2
	// `DescribeAvailabilityZones` on the target environment.
	//
	// To specify a different strategy for selecting availability zones override this method.
	AvailabilityZones() *[]*string
	// Indicates whether the stack requires bundling or not.
	BundlingRequired() *bool
	// Return the stacks this stack depends on.
	Dependencies() *[]awscdk.Stack
	// The environment coordinates in which this stack is deployed.
	//
	// In the form
	// `aws://account/region`. Use `stack.account` and `stack.region` to obtain
	// the specific values, no need to parse.
	//
	// You can use this value to determine if two stacks are targeting the same
	// environment.
	//
	// If either `stack.account` or `stack.region` are not concrete values (e.g.
	// `Aws.ACCOUNT_ID` or `Aws.REGION`) the special strings `unknown-account` and/or
	// `unknown-region` will be used respectively to indicate this stack is
	// region/account-agnostic.
	Environment() *string
	// Indicates if this is a nested stack, in which case `parentStack` will include a reference to it's parent.
	Nested() *bool
	// If this is a nested stack, returns it's parent stack.
	NestedStackParent() awscdk.Stack
	// If this is a nested stack, this represents its `AWS::CloudFormation::Stack` resource.
	//
	// `undefined` for top-level (non-nested) stacks.
	NestedStackResource() awscdk.CfnResource
	// The tree node.
	Node() constructs.Node
	// Returns the list of notification Amazon Resource Names (ARNs) for the current stack.
	NotificationArns() *[]*string
	// The partition in which this stack is defined.
	Partition() *string
	// The AWS region into which this stack will be deployed (e.g. `us-west-2`).
	//
	// This value is resolved according to the following rules:
	//
	// 1. The value provided to `env.region` when the stack is defined. This can
	//    either be a concrete region (e.g. `us-west-2`) or the `Aws.REGION`
	//    token.
	// 3. `Aws.REGION`, which is represents the CloudFormation intrinsic reference
	//    `{ "Ref": "AWS::Region" }` encoded as a string token.
	//
	// Preferably, you should use the return value as an opaque string and not
	// attempt to parse it to implement your logic. If you do, you must first
	// check that it is a concrete value an not an unresolved token. If this
	// value is an unresolved token (`Token.isUnresolved(stack.region)` returns
	// `true`), this implies that the user wishes that this stack will synthesize
	// into a **region-agnostic template**. In this case, your code should either
	// fail (throw an error, emit a synth error using `Annotations.of(construct).addError()`) or
	// implement some other region-agnostic behavior.
	Region() *string
	// An attribute that represents the ID of the stack.
	//
	// This is a context aware attribute:
	// - If this is referenced from the parent stack, it will return `{ "Ref": "LogicalIdOfNestedStackResource" }`.
	// - If this is referenced from the context of the nested stack, it will return `{ "Ref": "AWS::StackId" }`
	//
	// Example value: `arn:aws:cloudformation:us-east-2:123456789012:stack/mystack-mynestedstack-sggfrhxhum7w/f449b250-b969-11e0-a185-5081d0136786`.
	StackId() *string
	// An attribute that represents the name of the nested stack.
	//
	// This is a context aware attribute:
	// - If this is referenced from the parent stack, it will return a token that parses the name from the stack ID.
	// - If this is referenced from the context of the nested stack, it will return `{ "Ref": "AWS::StackName" }`
	//
	// Example value: `mystack-mynestedstack-sggfrhxhum7w`.
	StackName() *string
	// Synthesis method for this stack.
	Synthesizer() awscdk.IStackSynthesizer
	// Tags to be applied to the stack.
	Tags() awscdk.TagManager
	// The name of the CloudFormation template file emitted to the output directory during synthesis.
	//
	// Example value: `MyStack.template.json`
	TemplateFile() *string
	// Options for CloudFormation template (like version, transform, description).
	TemplateOptions() awscdk.ITemplateOptions
	// Whether termination protection is enabled for this stack.
	TerminationProtection() *bool
	SetTerminationProtection(val *bool)
	// The Amazon domain suffix for the region in which this stack is defined.
	UrlSuffix() *string
	// Add a dependency between this stack and another stack.
	//
	// This can be used to define dependencies between any two stacks within an
	// app, and also supports nested stacks.
	AddDependency(target awscdk.Stack, reason *string)
	// Adds an arbitrary key-value pair, with information you want to record about the stack.
	//
	// These get translated to the Metadata section of the generated template.
	// See: https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/metadata-section-structure.html
	//
	AddMetadata(key *string, value interface{})
	// Add a Transform to this stack. A Transform is a macro that AWS CloudFormation uses to process your template.
	//
	// Duplicate values are removed when stack is synthesized.
	//
	// Example:
	//   declare const stack: Stack;
	//
	//   stack.addTransform('AWS::Serverless-2016-10-31')
	//
	// See: https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/transform-section-structure.html
	//
	AddTransform(transform *string)
	// Returns the naming scheme used to allocate logical IDs.
	//
	// By default, uses
	// the `HashedAddressingScheme` but this method can be overridden to customize
	// this behavior.
	//
	// In order to make sure logical IDs are unique and stable, we hash the resource
	// construct tree path (i.e. toplevel/secondlevel/.../myresource) and add it as
	// a suffix to the path components joined without a separator (CloudFormation
	// IDs only allow alphanumeric characters).
	//
	// The result will be:
	//
	//   <path.join(”)><md5(path.join('/')>
	//     "human"      "hash"
	//
	// If the "human" part of the ID exceeds 240 characters, we simply trim it so
	// the total ID doesn't exceed CloudFormation's 255 character limit.
	//
	// We only take 8 characters from the md5 hash (0.000005 chance of collision).
	//
	// Special cases:
	//
	// - If the path only contains a single component (i.e. it's a top-level
	//   resource), we won't add the hash to it. The hash is not needed for
	//   disambiguation and also, it allows for a more straightforward migration an
	//   existing CloudFormation template to a CDK stack without logical ID changes
	//   (or renames).
	// - For aesthetic reasons, if the last components of the path are the same
	//   (i.e. `L1/L2/Pipeline/Pipeline`), they will be de-duplicated to make the
	//   resulting human portion of the ID more pleasing: `L1L2Pipeline<HASH>`
	//   instead of `L1L2PipelinePipeline<HASH>`
	// - If a component is named "Default" it will be omitted from the path. This
	//   allows refactoring higher level abstractions around constructs without affecting
	//   the IDs of already deployed resources.
	// - If a component is named "Resource" it will be omitted from the user-visible
	//   path, but included in the hash. This reduces visual noise in the human readable
	//   part of the identifier.
	AllocateLogicalId(cfnElement awscdk.CfnElement) *string
	// Create a CloudFormation Export for a string list value.
	//
	// Returns a string list representing the corresponding `Fn.importValue()`
	// expression for this Export. The export expression is automatically wrapped with an
	// `Fn::Join` and the import value with an `Fn::Split`, since CloudFormation can only
	// export strings. You can control the name for the export by passing the `name` option.
	//
	// If you don't supply a value for `name`, the value you're exporting must be
	// a Resource attribute (for example: `bucket.bucketName`) and it will be
	// given the same name as the automatic cross-stack reference that would be created
	// if you used the attribute in another Stack.
	//
	// One of the uses for this method is to *remove* the relationship between
	// two Stacks established by automatic cross-stack references. It will
	// temporarily ensure that the CloudFormation Export still exists while you
	// remove the reference from the consuming stack. After that, you can remove
	// the resource and the manual export.
	//
	// See `exportValue` for an example of this process.
	ExportStringListValue(exportedValue interface{}, options *awscdk.ExportValueOptions) *[]*string
	// Create a CloudFormation Export for a string value.
	//
	// Returns a string representing the corresponding `Fn.importValue()`
	// expression for this Export. You can control the name for the export by
	// passing the `name` option.
	//
	// If you don't supply a value for `name`, the value you're exporting must be
	// a Resource attribute (for example: `bucket.bucketName`) and it will be
	// given the same name as the automatic cross-stack reference that would be created
	// if you used the attribute in another Stack.
	//
	// One of the uses for this method is to *remove* the relationship between
	// two Stacks established by automatic cross-stack references. It will
	// temporarily ensure that the CloudFormation Export still exists while you
	// remove the reference from the consuming stack. After that, you can remove
	// the resource and the manual export.
	//
	// Here is how the process works. Let's say there are two stacks,
	// `producerStack` and `consumerStack`, and `producerStack` has a bucket
	// called `bucket`, which is referenced by `consumerStack` (perhaps because
	// an AWS Lambda Function writes into it, or something like that).
	//
	// It is not safe to remove `producerStack.bucket` because as the bucket is being
	// deleted, `consumerStack` might still be using it.
	//
	// Instead, the process takes two deployments:
	//
	// **Deployment 1: break the relationship**:
	//
	// - Make sure `consumerStack` no longer references `bucket.bucketName` (maybe the consumer
	//   stack now uses its own bucket, or it writes to an AWS DynamoDB table, or maybe you just
	//   remove the Lambda Function altogether).
	// - In the `ProducerStack` class, call `this.exportValue(this.bucket.bucketName)`. This
	//   will make sure the CloudFormation Export continues to exist while the relationship
	//   between the two stacks is being broken.
	// - Deploy (this will effectively only change the `consumerStack`, but it's safe to deploy both).
	//
	// **Deployment 2: remove the bucket resource**:
	//
	// - You are now free to remove the `bucket` resource from `producerStack`.
	// - Don't forget to remove the `exportValue()` call as well.
	// - Deploy again (this time only the `producerStack` will be changed -- the bucket will be deleted).
	ExportValue(exportedValue interface{}, options *awscdk.ExportValueOptions) *string
	// Creates an ARN from components.
	//
	// If `partition`, `region` or `account` are not specified, the stack's
	// partition, region and account will be used.
	//
	// If any component is the empty string, an empty string will be inserted
	// into the generated ARN at the location that component corresponds to.
	//
	// The ARN will be formatted as follows:
	//
	//   arn:{partition}:{service}:{region}:{account}:{resource}{sep}{resource-name}
	//
	// The required ARN pieces that are omitted will be taken from the stack that
	// the 'scope' is attached to. If all ARN pieces are supplied, the supplied scope
	// can be 'undefined'.
	FormatArn(components *awscdk.ArnComponents) *string
	// Allocates a stack-unique CloudFormation-compatible logical identity for a specific resource.
	//
	// This method is called when a `CfnElement` is created and used to render the
	// initial logical identity of resources. Logical ID renames are applied at
	// this stage.
	//
	// This method uses the protected method `allocateLogicalId` to render the
	// logical ID for an element. To modify the naming scheme, extend the `Stack`
	// class and override this method.
	GetLogicalId(element awscdk.CfnElement) *string
	// Look up a fact value for the given fact for the region of this stack.
	//
	// Will return a definite value only if the region of the current stack is resolved.
	// If not, a lookup map will be added to the stack and the lookup will be done at
	// CDK deployment time.
	//
	// What regions will be included in the lookup map is controlled by the
	// `@aws-cdk/core:target-partitions` context value: it must be set to a list
	// of partitions, and only regions from the given partitions will be included.
	// If no such context key is set, all regions will be included.
	//
	// This function is intended to be used by construct library authors. Application
	// builders can rely on the abstractions offered by construct libraries and do
	// not have to worry about regional facts.
	//
	// If `defaultValue` is not given, it is an error if the fact is unknown for
	// the given region.
	RegionalFact(factName *string, defaultValue *string) *string
	// Rename a generated logical identities.
	//
	// To modify the naming scheme strategy, extend the `Stack` class and
	// override the `allocateLogicalId` method.
	RenameLogicalId(oldId *string, newId *string)
	// Indicate that a context key was expected.
	//
	// Contains instructions which will be emitted into the cloud assembly on how
	// the key should be supplied.
	ReportMissingContextKey(report *cloudassemblyschema.MissingContext)
	// Resolve a tokenized value in the context of the current stack.
	Resolve(obj interface{}) interface{}
	// Assign a value to one of the nested stack parameters.
	SetParameter(name *string, value *string)
	// Splits the provided ARN into its components.
	//
	// Works both if 'arn' is a string like 'arn:aws:s3:::bucket',
	// and a Token representing a dynamic CloudFormation expression
	// (in which case the returned components will also be dynamic CloudFormation expressions,
	// encoded as Tokens).
	SplitArn(arn *string, arnFormat awscdk.ArnFormat) *awscdk.ArnComponents
	// Convert an object, potentially containing tokens, to a JSON string.
	ToJsonString(obj interface{}, space *float64) *string
	// Returns a string representation of this construct.
	ToString() *string
	// Convert an object, potentially containing tokens, to a YAML string.
	ToYamlString(obj interface{}) *string
}

func NewVpcEndpointServiceNestedStack added in v0.0.18 

func NewVpcEndpointServiceNestedStack(scope constructs.Construct, id *string, props *VpcEndpointServiceNestedStackProps) VpcEndpointServiceNestedStack

type VpcEndpointServiceNestedStackProps added in v0.0.18 

type VpcEndpointServiceNestedStackProps struct {
	// A description of the stack.
	// Default: - No description.
	//
	Description *string `field:"optional" json:"description" yaml:"description"`
	// The Simple Notification Service (SNS) topics to publish stack related events.
	// Default: - notifications are not sent for this stack.
	//
	NotificationArns *[]*string `field:"optional" json:"notificationArns" yaml:"notificationArns"`
	// The set value pairs that represent the parameters passed to CloudFormation when this nested stack is created.
	//
	// Each parameter has a name corresponding
	// to a parameter defined in the embedded template and a value representing
	// the value that you want to set for the parameter.
	//
	// The nested stack construct will automatically synthesize parameters in order
	// to bind references from the parent stack(s) into the nested stack.
	// Default: - no user-defined parameters are passed to the nested stack.
	//
	Parameters *map[string]*string `field:"optional" json:"parameters" yaml:"parameters"`
	// Policy to apply when the nested stack is removed.
	//
	// The default is `Destroy`, because all Removal Policies of resources inside the
	// Nested Stack should already have been set correctly. You normally should
	// not need to set this value.
	// Default: RemovalPolicy.DESTROY
	//
	RemovalPolicy awscdk.RemovalPolicy `field:"optional" json:"removalPolicy" yaml:"removalPolicy"`
	// The length of time that CloudFormation waits for the nested stack to reach the CREATE_COMPLETE state.
	//
	// When CloudFormation detects that the nested stack has reached the
	// CREATE_COMPLETE state, it marks the nested stack resource as
	// CREATE_COMPLETE in the parent stack and resumes creating the parent stack.
	// If the timeout period expires before the nested stack reaches
	// CREATE_COMPLETE, CloudFormation marks the nested stack as failed and rolls
	// back both the nested stack and parent stack.
	// Default: - no timeout.
	//
	Timeout                   awscdk.Duration              `field:"optional" json:"timeout" yaml:"timeout"`
	Subnets                   *map[string]*[]awsec2.Subnet `field:"required" json:"subnets" yaml:"subnets"`
	Vpc                       awsec2.Vpc                   `field:"required" json:"vpc" yaml:"vpc"`
	VpcEndpointServiceConfigs *[]*VpcEndpontServiceConfig  `field:"required" json:"vpcEndpointServiceConfigs" yaml:"vpcEndpointServiceConfigs"`
}

type VpcEndpontServiceConfig added in v0.0.13 

type VpcEndpontServiceConfig struct {
	Alb                *LoadBalancerConfig        `field:"required" json:"alb" yaml:"alb"`
	Name               *string                    `field:"required" json:"name" yaml:"name"`
	Nlb                *NetworkLoadBalancerConfig `field:"required" json:"nlb" yaml:"nlb"`
	AcceptanceRequired *bool                      `field:"optional" json:"acceptanceRequired" yaml:"acceptanceRequired"`
	AdditionalTags     *map[string]*string        `field:"optional" json:"additionalTags" yaml:"additionalTags"`
	AllowedPrincipals  *[]*string                 `field:"optional" json:"allowedPrincipals" yaml:"allowedPrincipals"`
}

Source Files

View all Source files

Directories

Path Synopsis
Package jsii contains the functionaility needed for jsii packages to initialize their dependencies and themselves.
 Package jsii contains the functionaility needed for jsii packages to initialize their dependencies and themselves.

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.