Interface IInterfaceVpcEndpointOptions
Options to add an interface endpoint to a VPC.
Namespace: Amazon.CDK.AWS.EC2
Assembly: Amazon.CDK.Lib.dll
Syntax (csharp)
public interface IInterfaceVpcEndpointOptions
Syntax (vb)
Public Interface IInterfaceVpcEndpointOptions
Remarks
ExampleMetadata: lit=aws-ec2/test/integ.vpc-endpoint.lit.ts infused
Examples
// Add gateway endpoints when creating the VPC
var vpc = new Vpc(this, "MyVpc", new VpcProps {
GatewayEndpoints = new Dictionary<string, GatewayVpcEndpointOptions> {
{ "S3", new GatewayVpcEndpointOptions {
Service = GatewayVpcEndpointAwsService.S3
} }
}
});
// Alternatively gateway endpoints can be added on the VPC
var dynamoDbEndpoint = vpc.AddGatewayEndpoint("DynamoDbEndpoint", new GatewayVpcEndpointOptions {
Service = GatewayVpcEndpointAwsService.DYNAMODB
});
// This allows to customize the endpoint policy
dynamoDbEndpoint.AddToPolicy(
new PolicyStatement(new PolicyStatementProps { // Restrict to listing and describing tables
Principals = new [] { new AnyPrincipal() },
Actions = new [] { "dynamodb:DescribeTable", "dynamodb:ListTables" },
Resources = new [] { "*" } }));
// Add an interface endpoint
vpc.AddInterfaceEndpoint("EcrDockerEndpoint", new InterfaceVpcEndpointOptions {
Service = InterfaceVpcEndpointAwsService.ECR_DOCKER
});
Synopsis
Properties
LookupSupportedAzs | Limit to only those availability zones where the endpoint service can be created. |
Open | Whether to automatically allow VPC traffic to the endpoint. |
PrivateDnsEnabled | Whether to associate a private hosted zone with the specified VPC. |
SecurityGroups | The security groups to associate with this interface VPC endpoint. |
Service | The service to use for this interface VPC endpoint. |
Subnets | The subnets in which to create an endpoint network interface. |
Properties
LookupSupportedAzs
Limit to only those availability zones where the endpoint service can be created.
virtual Nullable<bool> LookupSupportedAzs { get; }
Property Value
System.Nullable<System.Boolean>
Remarks
Setting this to 'true' requires a lookup to be performed at synthesis time. Account and region must be set on the containing stack for this to work.
Default: false
Open
Whether to automatically allow VPC traffic to the endpoint.
virtual Nullable<bool> Open { get; }
Property Value
System.Nullable<System.Boolean>
Remarks
If enabled, all traffic to the endpoint from within the VPC will be automatically allowed. This is done based on the VPC's CIDR range.
Default: true
PrivateDnsEnabled
Whether to associate a private hosted zone with the specified VPC.
virtual Nullable<bool> PrivateDnsEnabled { get; }
Property Value
System.Nullable<System.Boolean>
Remarks
This allows you to make requests to the service using its default DNS hostname.
Default: set by the instance of IInterfaceVpcEndpointService, or true if not defined by the instance of IInterfaceVpcEndpointService
SecurityGroups
The security groups to associate with this interface VPC endpoint.
virtual ISecurityGroup[] SecurityGroups { get; }
Property Value
Remarks
Default: - a new security group is created
Service
The service to use for this interface VPC endpoint.
IInterfaceVpcEndpointService Service { get; }
Property Value
Subnets
The subnets in which to create an endpoint network interface.
virtual ISubnetSelection Subnets { get; }
Property Value
Remarks
At most one per availability zone.
Default: - private subnets