Protected Optional Internal_vpnMutable private field for the vpnGatewayId
ReadonlyavailabilityAZs for this VPC
ReadonlydnsIndicates if instances launched in this VPC will have public DNS hostnames.
ReadonlydnsIndicates if DNS support is enabled for this VPC.
ReadonlyenvThe environment this resource belongs to. For resources that are created and managed by the CDK (generally, those created by creating new class instances like Role, Bucket, etc.), this is always the same as the environment of the stack they belong to; however, for imported resources (those obtained from static methods like fromRoleArn, fromBucketName, etc.), that might be different than the stack they were imported into.
ProtectedincompleteIf this is set to true, don't error out on trying to select subnets
ReadonlyinternetDependencies for internet connectivity
Optional ReadonlyinternetInternet Gateway for the VPC. Note that in case the VPC is configured only
with ISOLATED subnets, this attribute will be undefined.
ReadonlyisolatedList of isolated subnets in this VPC
ReadonlynodeThe tree node.
Protected ReadonlyphysicalReturns a string-encoded token that resolves to the physical name that should be passed to the CloudFormation resource.
This value will resolve to one of the following:
"my-awesome-bucket")undefined, when a name should be generated by CloudFormationReadonlyprivateList of private subnets in this VPC
ReadonlypublicList of public subnets in this VPC
ReadonlystackThe stack in which this resource is defined.
ReadonlyvpcReadonlyvpcReadonlyvpcReadonlyvpcReadonlyvpcReadonlyvpcIdentifier for this VPC
ReadonlyvpcStatic ReadonlyDEFAULT_The default CIDR range used when creating VPCs. This can be overridden using VpcProps when creating a VPCNetwork resource. e.g. new VpcResource(this, { cidr: '192.168.0.0./16' })
Note this is specific to the IPv4 CIDR.
Static ReadonlyDEFAULT_The default subnet configuration
1 Public and 1 Private subnet per AZ evenly split
Static ReadonlyDEFAULT_The default subnet configuration if natGateways specified to be 0
1 Public and 1 Isolated Subnet per AZ evenly split
Returns the id of the VPN Gateway (if enabled)
Apply the given removal policy to this resource
The Removal Policy controls what happens to this resource when it stops being managed by CloudFormation, either because you've removed it from the CDK application or because you've made a change that requires the resource to be replaced.
The resource can be deleted (RemovalPolicy.DESTROY), or left in your AWS
account for data recovery and cleanup later (RemovalPolicy.RETAIN).
ProtectedgenerateProtectedgetReturns an environment-sensitive token that should be used for the
resource's "ARN" attribute (e.g. bucket.bucketArn).
Normally, this token will resolve to arnAttr, but if the resource is
referenced across environments, arnComponents will be used to synthesize
a concrete ARN with the resource's physical name. Make sure to reference
this.physicalName in arnComponents.
The CFN attribute which resolves to the ARN of the resource.
Commonly it will be called "Arn" (e.g. resource.attrArn), but sometimes
it's the CFN resource's ref.
The format of the ARN of this resource. You must
reference this.physicalName somewhere within the ARN in order for
cross-environment references to work.
ProtectedgetReturns an environment-sensitive token that should be used for the
resource's "name" attribute (e.g. bucket.bucketName).
Normally, this token will resolve to nameAttr, but if the resource is
referenced across environments, it will be resolved to this.physicalName,
which will be a concrete name.
The CFN attribute which resolves to the resource's name.
Commonly this is the resource's ref.
ProtectedselectStaticfromImport an existing VPC by querying the AWS environment this stack is deployed to.
This function only needs to be used to use VPCs not defined in your CDK
application. If you are looking to share a VPC between stacks, you can
pass the Vpc object between stacks and use it as normal.
Calling this method will lead to a lookup when the CDK CLI is executed. You can therefore not use any values that will only be available at CloudFormation execution time (i.e., Tokens).
The VPC information will be cached in cdk.context.json and the same VPC
will be used on future runs. To refresh the lookup, you will have to
evict the value from the cache using the cdk context command. See
https://docs.aws.amazon.com/cdk/latest/guide/context.html for more information.
StaticfromImport a VPC by supplying all attributes directly
NOTE: using fromVpcAttributes() with deploy-time parameters (like a Fn.importValue() or
CfnParameter to represent a list of subnet IDs) sometimes accidentally works. It happens
to work for constructs that need a list of subnets (like AutoScalingGroup and eks.Cluster)
but it does not work for constructs that need individual subnets (like
Instance). See https://github.com/aws/aws-cdk/issues/4118 for more
information.
Prefer to use Vpc.fromLookup() instead.
StaticisChecks if x is a construct.
Use this method instead of instanceof to properly detect Construct
instances, even when the construct library is symlinked.
Explanation: in JavaScript, multiple copies of the constructs library on
disk are seen as independent, completely different libraries. As a
consequence, the class Construct in each copy of the constructs library
is seen as a different class, and an instance of one class will not test as
instanceof the other class. npm install will not create installations
like this, but users may manually symlink construct libraries together or
use a monorepo tool: in those cases, multiple copies of the constructs
library can be accidentally installed, and instanceof will behave
unpredictably. It is safest to avoid using instanceof, and using
this type-testing method instead.
Any object
true if x is an object created from a class which extends Construct.
StaticisStaticis
Construct which creates a Virtual Private Cloud.
NOTE: This construct requires an environment to be set to function correctly. Without this, an environment-agnostic template will be produced, which will only use two AZs even if the region contains more than that. To set this, set the
envprop when instantiating your stack.NOTE: If using this construct outside eu-west-1, you'll need to commit the
cdk.context.jsonfile that's created after synthesising locally.Be aware that account IDs are considered sensitive information and should NOT be committed to public repos.
The VPC is provisioned with a public and private subnet for each availability zone, with IPs spread evenly across these. Instances in private subnets cannot be accessed directly over the internet. You should locate services in instances in the private subnets, and provide HTTP(S) as required via load balancers living in the public subnets.
A CIDR block is a combined IP and network mask that specifies the IP addresses in your VPC. For testing purposes any (AWS supported) CIDR block will do, but for production you should:
A managed NAT is created for each private subnet to allow access to the internet.
For recommendations on how best to configure your VPC see: https://github.com/guardian/recommendations/blob/main/AWS.md#vpc
For more information on VPCs and AWS see: https://docs.aws.amazon.com/vpc/latest/userguide/VPC_Subnets.html.