Package software.amazon.awscdk.services.ec2

Interface NatInstanceProps

All Superinterfaces:

software.amazon.jsii.JsiiSerializable

All Known Implementing Classes:

NatInstanceProps.Jsii$Proxy

@Generated(value="jsii-pacmak/1.97.0 (build 729de35)",
           date="2024-04-24T21:00:28.940Z")
@Stability(Stable)
public interface NatInstanceProps
extends software.amazon.jsii.JsiiSerializable

Properties for a NAT instance.

Example:

 InstanceType instanceType;
 NatInstanceProviderV2 provider = NatProvider.instanceV2(NatInstanceProps.builder()
         .instanceType(instanceType)
         .defaultAllowedTraffic(NatTrafficDirection.OUTBOUND_ONLY)
         .build());
 Vpc.Builder.create(this, "TheVPC")
         .natGatewayProvider(provider)
         .build();
 provider.connections.allowFrom(Peer.ipv4("1.2.3.4/8"), Port.HTTP);
 

Nested Class Summary

Nested Classes

Modifier and Type	Interface	Description
static final class	NatInstanceProps.Builder	A builder for NatInstanceProps
static final class	NatInstanceProps.Jsii$Proxy	An implementation for NatInstanceProps

Method Summary

Modifier and Type	Method	Description
static NatInstanceProps.Builder	builder()
default CpuCredits	getCreditSpecification()	Specifying the CPU credit type for burstable EC2 instance types (T2, T3, T3a, etc).
default NatTrafficDirection	getDefaultAllowedTraffic()	Direction to allow all traffic through the NAT instance by default.
InstanceType	getInstanceType()	Instance type of the NAT instance.
default String	getKeyName()	Deprecated. Use keyPair instead - https://docs.aws.amazon.com/cdk/api/v2/docs/aws-cdk-lib.aws_ec2-readme.html#using-an-existing-ec2-key-pair
default IKeyPair	getKeyPair()	The SSH keypair to grant access to the instance.
default IMachineImage	getMachineImage()	The machine image (AMI) to use.
default ISecurityGroup	getSecurityGroup()	Deprecated. - Cannot create a new security group before the VPC is created, and cannot create the VPC without the NAT provider.
default UserData	getUserData()	Custom user data to run on the NAT instances.

Methods inherited from interface software.amazon.jsii.JsiiSerializable

$jsii$toJson

Method Details

getInstanceType

@Stability(Stable)
@NotNull
InstanceType getInstanceType()

Instance type of the NAT instance.

getCreditSpecification

@Stability(Stable)
@Nullable
default CpuCredits getCreditSpecification()

Specifying the CPU credit type for burstable EC2 instance types (T2, T3, T3a, etc).

The unlimited CPU credit option is not supported for T3 instances with dedicated host (host) tenancy.

Default: - T2 instances are standard, while T3, T4g, and T3a instances are unlimited.

getDefaultAllowedTraffic

@Stability(Stable)
@Nullable
default NatTrafficDirection getDefaultAllowedTraffic()

Direction to allow all traffic through the NAT instance by default.

By default, inbound and outbound traffic is allowed.

If you set this to another value than INBOUND_AND_OUTBOUND, you must configure the NAT instance's security groups in another way, either by passing in a fully configured Security Group using the securityGroup property, or by configuring it using the .securityGroup or .connections members after passing the NAT Instance Provider to a Vpc.

Default: NatTrafficDirection.INBOUND_AND_OUTBOUND

getKeyName

@Stability(Deprecated)
@Deprecated
@Nullable
default String getKeyName()

Deprecated.

• Use keyPair instead - https://docs.aws.amazon.com/cdk/api/v2/docs/aws-cdk-lib.aws_ec2-readme.html#using-an-existing-ec2-key-pair

(deprecated) Name of SSH keypair to grant access to instance.

Default: - No SSH access will be possible.

getKeyPair

@Stability(Stable)
@Nullable
default IKeyPair getKeyPair()

The SSH keypair to grant access to the instance.

Default: - No SSH access will be possible.

getMachineImage

@Stability(Stable)
@Nullable
default IMachineImage getMachineImage()

The machine image (AMI) to use.

By default, will do an AMI lookup for the latest NAT instance image.

If you have a specific AMI ID you want to use, pass a GenericLinuxImage. For example:

 NatProvider.instance(NatInstanceProps.builder()
         .instanceType(new InstanceType("t3.micro"))
         .machineImage(new GenericLinuxImage(Map.of(
                 "us-east-2", "ami-0f9c61b5a562a16af")))
         .build());
 

Default: - Latest NAT instance image

getSecurityGroup

@Stability(Deprecated)
@Deprecated
@Nullable
default ISecurityGroup getSecurityGroup()

Deprecated.

- Cannot create a new security group before the VPC is created, and cannot create the VPC without the NAT provider. Set

invalid @link

defaultAllowedTraffic

to

invalid @link

NatTrafficDirection.NONE

and use

invalid @link

NatInstanceProviderV2.gatewayInstances

to retrieve the instances on the fly and add security groups

(deprecated) Security Group for NAT instances.

Default: - A new security group will be created

Example:

 NatInstanceProviderV2 natGatewayProvider = NatProvider.instanceV2(NatInstanceProps.builder()
         .instanceType(new InstanceType("t3.small"))
         .defaultAllowedTraffic(NatTrafficDirection.NONE)
         .build());
 Vpc vpc = Vpc.Builder.create(this, "Vpc").natGatewayProvider(natGatewayProvider).build();
 SecurityGroup securityGroup = SecurityGroup.Builder.create(this, "SecurityGroup")
         .vpc(vpc)
         .allowAllOutbound(false)
         .build();
 securityGroup.addEgressRule(Peer.anyIpv4(), Port.tcp(443));
 for (Object gatewayInstance : natGatewayProvider.getGatewayInstances()) {
     gatewayInstance.addSecurityGroup(securityGroup);
 }
 

getUserData

@Stability(Stable)
@Nullable
default UserData getUserData()

Custom user data to run on the NAT instances.

Default: UserData.forLinux().addCommands(...NatInstanceProviderV2.DEFAULT_USER_DATA_COMMANDS); - Appropriate user data commands to initialize and configure the NAT instances

See Also:

• https://docs.aws.amazon.com/vpc/latest/userguide/VPC_NAT_Instance.html#create-nat-ami

builder

@Stability(Stable)
static NatInstanceProps.Builder builder()

Returns:

a NatInstanceProps.Builder of NatInstanceProps