Protected Optional Internal _vpnMutable private field for the vpnGatewayId
Readonly availabilityAZs for this VPC
Readonly dnsIndicates if instances launched in this VPC will have public DNS hostnames.
Readonly dnsIndicates if DNS support is enabled for this VPC.
Readonly envProtected incompleteIf this is set to true, don't error out on trying to select subnets
Readonly internetOptional Readonly internetInternet Gateway for the VPC. Note that in case the VPC is configured only
with ISOLATED subnets, this attribute will be undefined.
Readonly isolatedList of isolated subnets in this VPC
Readonly nodeThe tree node.
Protected Readonly physicalReturns a string-encoded token that resolves to the physical name that should be passed to the CloudFormation resource.
This value will resolve to one of the following:
"my-awesome-bucket")undefined, when a name should be generated by CloudFormationReadonly privateList of private subnets in this VPC
Readonly publicList of public subnets in this VPC
Readonly stackReadonly vpcReadonly vpcReadonly vpcReadonly vpcReadonly vpcReadonly vpcIdentifier for this VPC
Readonly vpcStatic Readonly DEFAULT_The default CIDR range used when creating VPCs. This can be overridden using VpcProps when creating a VPCNetwork resource. e.g. new VpcResource(this, { cidr: '192.168.0.0./16' })
Note this is specific to the IPv4 CIDR.
Static Readonly DEFAULT_The default subnet configuration
1 Public and 1 Private subnet per AZ evenly split
Static Readonly DEFAULT_The default subnet configuration if natGateways specified to be 0
1 Public and 1 Isolated Subnet per AZ evenly split
Returns the id of the VPN Gateway (if enabled)
Apply the given removal policy to this resource
The Removal Policy controls what happens to this resource when it stops being managed by CloudFormation, either because you've removed it from the CDK application or because you've made a change that requires the resource to be replaced.
The resource can be deleted (RemovalPolicy.DESTROY), or left in your AWS
account for data recovery and cleanup later (RemovalPolicy.RETAIN).
Protected generateProtected getReturns an environment-sensitive token that should be used for the
resource's "ARN" attribute (e.g. bucket.bucketArn).
Normally, this token will resolve to arnAttr, but if the resource is
referenced across environments, arnComponents will be used to synthesize
a concrete ARN with the resource's physical name. Make sure to reference
this.physicalName in arnComponents.
The CFN attribute which resolves to the ARN of the resource.
Commonly it will be called "Arn" (e.g. resource.attrArn), but sometimes
it's the CFN resource's ref.
The format of the ARN of this resource. You must
reference this.physicalName somewhere within the ARN in order for
cross-environment references to work.
Protected getReturns an environment-sensitive token that should be used for the
resource's "name" attribute (e.g. bucket.bucketName).
Normally, this token will resolve to nameAttr, but if the resource is
referenced across environments, it will be resolved to this.physicalName,
which will be a concrete name.
The CFN attribute which resolves to the resource's name.
Commonly this is the resource's ref.
Protected selectStatic fromImport an existing VPC by querying the AWS environment this stack is deployed to.
This function only needs to be used to use VPCs not defined in your CDK
application. If you are looking to share a VPC between stacks, you can
pass the Vpc object between stacks and use it as normal.
Calling this method will lead to a lookup when the CDK CLI is executed. You can therefore not use any values that will only be available at CloudFormation execution time (i.e., Tokens).
The VPC information will be cached in cdk.context.json and the same VPC
will be used on future runs. To refresh the lookup, you will have to
evict the value from the cache using the cdk context command. See
https://docs.aws.amazon.com/cdk/latest/guide/context.html for more information.
Static fromImport a VPC by supplying all attributes directly
NOTE: using fromVpcAttributes() with deploy-time parameters (like a Fn.importValue() or
CfnParameter to represent a list of subnet IDs) sometimes accidentally works. It happens
to work for constructs that need a list of subnets (like AutoScalingGroup and eks.Cluster)
but it does not work for constructs that need individual subnets (like
Instance). See https://github.com/aws/aws-cdk/issues/4118 for more
information.
Prefer to use Vpc.fromLookup() instead.
Static isChecks if x is a construct.
Use this method instead of instanceof to properly detect Construct
instances, even when the construct library is symlinked.
Explanation: in JavaScript, multiple copies of the constructs library on
disk are seen as independent, completely different libraries. As a
consequence, the class Construct in each copy of the constructs library
is seen as a different class, and an instance of one class will not test as
instanceof the other class. npm install will not create installations
like this, but users may manually symlink construct libraries together or
use a monorepo tool: in those cases, multiple copies of the constructs
library can be accidentally installed, and instanceof will behave
unpredictably. It is safest to avoid using instanceof, and using
this type-testing method instead.
Any object
true if x is an object created from a class which extends Construct.
Static isStatic isStatic Private setPrivate Programmatically sets the CDK context with a list of AZs for eu-west-1.
This means consuming stacks do NOT have to commit a cdk.context.json
file when using this construct in eu-west-1.
if the account ID has not been explicitly set on the parent GuStack
Construct which creates a Virtual Private Cloud.
NOTE: This construct requires an environment to be set to function correctly. Without this, an environment-agnostic template will be produced, which will only use two AZs even if the region contains more than that. To set this, set the
envprop when instantiating your stack.NOTE: If using this construct outside eu-west-1, you'll need to commit the
cdk.context.jsonfile that's created after synthesising locally.Be aware that account IDs are considered sensitive information and should NOT be committed to public repos.
The VPC is provisioned with a public and private subnet for each availability zone, with IPs spread evenly across these. Instances in private subnets cannot be accessed directly over the internet. You should locate services in instances in the private subnets, and provide HTTP(S) as required via load balancers living in the public subnets.
A CIDR block is a combined IP and network mask that specifies the IP addresses in your VPC. For testing purposes any (AWS supported) CIDR block will do, but for production you should:
A managed NAT is created for each private subnet to allow access to the internet.
For recommendations on how best to configure your VPC see: https://github.com/guardian/recommendations/blob/main/AWS.md#vpc
For more information on VPCs and AWS see: https://docs.aws.amazon.com/vpc/latest/userguide/VPC_Subnets.html.