Interface GuVpcProps

Hierarchy

Properties

availabilityZones cidr defaultInstanceTenancy enableDnsHostnames enableDnsSupport flowLogs gatewayEndpoints maxAzs natGatewayProvider natGatewaySubnets natGateways ssmParameters ssmParametersNamespace subnetConfiguration vpcName vpnConnections vpnGateway vpnGatewayAsn vpnRoutePropagation

Properties

Optional Readonly availabilityZones

availabilityZones?: string[]

Availability zones this VPC spans.

Specify this option only if you do not specify maxAzs.

Default

  • a subset of AZs of the stack

Optional Readonly cidr

cidr?: string

The CIDR range to use for the VPC, e.g. '10.0.0.0/16'.

Should be a minimum of /28 and maximum size of /16. The range will be split across all subnets per Availability Zone.

Default

Vpc.DEFAULT_CIDR_RANGE

Optional Readonly defaultInstanceTenancy

defaultInstanceTenancy?: DefaultInstanceTenancy

The default tenancy of instances launched into the VPC.

By setting this to dedicated tenancy, instances will be launched on hardware dedicated to a single AWS customer, unless specifically specified at instance launch time. Please note, not all instance types are usable with Dedicated tenancy.

Default

DefaultInstanceTenancy.Default (shared) tenancy

Optional Readonly enableDnsHostnames

enableDnsHostnames?: boolean

Indicates whether the instances launched in the VPC get public DNS hostnames.

If this attribute is true, instances in the VPC get public DNS hostnames, but only if the enableDnsSupport attribute is also set to true.

Default

true

Optional Readonly enableDnsSupport

enableDnsSupport?: boolean

Indicates whether the DNS resolution is supported for the VPC.

If this attribute is false, the Amazon-provided DNS server in the VPC that resolves public DNS hostnames to IP addresses is not enabled. If this attribute is true, queries to the Amazon provided DNS server at the 169.254.169.253 IP address, or the reserved IP address at the base of the VPC IPv4 network range plus two will succeed.

Default

true

Optional Readonly flowLogs

flowLogs?: { [id: string]: FlowLogOptions }

Flow logs to add to this VPC.

Default

  • No flow logs.

Type declaration

  • [id: string]: FlowLogOptions

Optional Readonly gatewayEndpoints

gatewayEndpoints?: { [id: string]: GatewayVpcEndpointOptions }

Gateway endpoints to add to this VPC.

Default

  • None.

Type declaration

  • [id: string]: GatewayVpcEndpointOptions

Optional Readonly maxAzs

maxAzs?: number

Define the maximum number of AZs to use in this region

If the region has more AZs than you want to use (for example, because of EIP limits), pick a lower number here. The AZs will be sorted and picked from the start of the list.

If you pick a higher number than the number of AZs in the region, all AZs in the region will be selected. To use "all AZs" available to your account, use a high number (such as 99).

Be aware that environment-agnostic stacks will be created with access to only 2 AZs, so to use more than 2 AZs, be sure to specify the account and region on your stack.

Specify this option only if you do not specify availabilityZones.

Default

3

Optional Readonly natGatewayProvider

natGatewayProvider?: NatProvider

What type of NAT provider to use

Select between NAT gateways or NAT instances. NAT gateways may not be available in all AWS regions.

Default

NatProvider.gateway()

Optional Readonly natGatewaySubnets

natGatewaySubnets?: SubnetSelection

Configures the subnets which will have NAT Gateways/Instances

You can pick a specific group of subnets by specifying the group name; the picked subnets must be public subnets.

Only necessary if you have more than one public subnet group.

Default

  • All public subnets.

Optional Readonly natGateways

natGateways?: number

The number of NAT Gateways/Instances to create.

The type of NAT gateway or instance will be determined by the natGatewayProvider parameter.

You can set this number lower than the number of Availability Zones in your VPC in order to save on NAT cost. Be aware you may be charged for cross-AZ data traffic instead.

Default

  • One NAT gateway/instance per Availability Zone

Optional ssmParameters

ssmParameters?: boolean

Whether to add SSM Parameters containing VPC metadata, which are expected to exist by many other Guardian CDK patterns.

Defaults to 'true'.

Optional ssmParametersNamespace

ssmParametersNamespace?: string

An identifier for the VPC to namespace SSM parameters. Customise when you have multiple teams/VPCs in the same account.

This will be combined with the /account/vpc prefix for the full parameter name. e.g. '/account/vpc/primary'.

Defaults to 'primary'.

Optional Readonly subnetConfiguration

subnetConfiguration?: SubnetConfiguration[]

Configure the subnets to build for each AZ

Each entry in this list configures a Subnet Group; each group will contain a subnet for each Availability Zone.

For example, if you want 1 public subnet, 1 private subnet, and 1 isolated subnet in each AZ provide the following:

new ec2.Vpc(this, 'VPC', {
  subnetConfiguration: [
     {
       cidrMask: 24,
       name: 'ingress',
       subnetType: ec2.SubnetType.PUBLIC,
     },
     {
       cidrMask: 24,
       name: 'application',
       subnetType: ec2.SubnetType.PRIVATE_WITH_NAT,
     },
     {
       cidrMask: 28,
       name: 'rds',
       subnetType: ec2.SubnetType.PRIVATE_ISOLATED,
     }
  ]
});

Default

  • The VPC CIDR will be evenly divided between 1 public and 1 private subnet per AZ.

Optional Readonly vpcName

vpcName?: string

The VPC name.

Since the VPC resource doesn't support providing a physical name, the value provided here will be recorded in the Name tag

Default

this.node.path

Optional Readonly vpnConnections

vpnConnections?: { [id: string]: VpnConnectionOptions }

VPN connections to this VPC.

Default

  • No connections.

Type declaration

  • [id: string]: VpnConnectionOptions

Optional Readonly vpnGateway

vpnGateway?: boolean

Indicates whether a VPN gateway should be created and attached to this VPC.

Default

  • true when vpnGatewayAsn or vpnConnections is specified

Optional Readonly vpnGatewayAsn

vpnGatewayAsn?: number

The private Autonomous System Number (ASN) for the VPN gateway.

Default

  • Amazon default ASN.

Optional Readonly vpnRoutePropagation

vpnRoutePropagation?: SubnetSelection[]

Where to propagate VPN routes.

Default

  • On the route tables associated with private subnets. If no private subnets exists, isolated subnets are used. If no isolated subnets exists, public subnets are used.

Settings

Member Visibility

Theme

Generated using TypeDoc