IVpc

class aws_cdk.aws_ec2.IVpc(*args, **kwds)

Bases: aws_cdk.core.IResource, typing_extensions.Protocol

Methods

add_flow_log(id, *, destination=None, traffic_type=None)

Adds a new Flow Log to this VPC.

Parameters

  • id (str) –

  • destination (Optional[FlowLogDestination]) – (experimental) Specifies the type of destination to which the flow log data is to be published. Flow log data can be published to CloudWatch Logs or Amazon S3 Default: FlowLogDestinationType.toCloudWatchLogs()

  • traffic_type (Optional[FlowLogTrafficType]) – (experimental) The type of traffic to log. You can log traffic that the resource accepts or rejects, or all traffic. Default: ALL

Return type

FlowLog

add_gateway_endpoint(id, *, service, subnets=None)

Adds a new gateway endpoint to this VPC.

Parameters

  • id (str) –

  • service (IGatewayVpcEndpointService) – The service to use for this gateway VPC endpoint.

  • subnets (Optional[List[SubnetSelection]]) – Where to add endpoint routing. By default, this endpoint will be routable from all subnets in the VPC. Specify a list of subnet selection objects here to be more specific. Default: - All subnets in the VPC

Return type

GatewayVpcEndpoint

add_interface_endpoint(id, *, service, lookup_supported_azs=None, open=None, private_dns_enabled=None, security_groups=None, subnets=None)

Adds a new interface endpoint to this VPC.

Parameters

  • id (str) –

  • service (IInterfaceVpcEndpointService) – The service to use for this interface VPC endpoint.

  • lookup_supported_azs (Optional[bool]) – Limit to only those availability zones where the endpoint service can be created. Setting this to ‘true’ requires a lookup to be performed at synthesis time. Account and region must be set on the containing stack for this to work. Default: false

  • open (Optional[bool]) – Whether to automatically allow VPC traffic to the endpoint. If enabled, all traffic to the endpoint from within the VPC will be automatically allowed. This is done based on the VPC’s CIDR range. Default: true

  • private_dns_enabled (Optional[bool]) – Whether to associate a private hosted zone with the specified VPC. This allows you to make requests to the service using its default DNS hostname. Default: set by the instance of IInterfaceVpcEndpointService, or true if not defined by the instance of IInterfaceVpcEndpointService

  • security_groups (Optional[List[ISecurityGroup]]) – The security groups to associate with this interface VPC endpoint. Default: - a new security group is created

  • subnets (Optional[SubnetSelection]) – The subnets in which to create an endpoint network interface. At most one per availability zone. Default: - private subnets

Return type

InterfaceVpcEndpoint

add_vpn_connection(id, *, ip, asn=None, static_routes=None, tunnel_options=None)

Adds a new VPN connection to this VPC.

Parameters

  • id (str) –

  • ip (str) – The ip address of the customer gateway.

  • asn (Union[int, float, None]) – The ASN of the customer gateway. Default: 65000

  • static_routes (Optional[List[str]]) – The static routes to be routed from the VPN gateway to the customer gateway. Default: Dynamic routing (BGP)

  • tunnel_options (Optional[List[VpnTunnelOption]]) – The tunnel options for the VPN connection. At most two elements (one per tunnel). Duplicates not allowed. Default: Amazon generated tunnel options

Return type

VpnConnection

enable_vpn_gateway(*, vpn_route_propagation=None, type, amazon_side_asn=None)

Adds a VPN Gateway to this VPC.

Parameters

  • vpn_route_propagation (Optional[List[SubnetSelection]]) – Provide an array of subnets where the route propagation should be added. Default: noPropagation

  • type (str) – Default type ipsec.1.

  • amazon_side_asn (Union[int, float, None]) – Explicitly specify an Asn or let aws pick an Asn for you. Default: 65000

Return type

None

select_subnets(*, availability_zones=None, one_per_az=None, subnet_filters=None, subnet_group_name=None, subnet_name=None, subnets=None, subnet_type=None)

Return information on the subnets appropriate for the given selection strategy.

Requires that at least one subnet is matched, throws a descriptive error message otherwise.

Parameters

  • availability_zones (Optional[List[str]]) – Select subnets only in the given AZs. Default: no filtering on AZs is done

  • one_per_az (Optional[bool]) – If true, return at most one subnet per AZ. Default: false

  • subnet_filters (Optional[List[SubnetFilter]]) – List of provided subnet filters. Default: - none

  • subnet_group_name (Optional[str]) – Select the subnet group with the given name. Select the subnet group with the given name. This only needs to be used if you have multiple subnet groups of the same type and you need to distinguish between them. Otherwise, prefer subnetType. This field does not select individual subnets, it selects all subnets that share the given subnet group name. This is the name supplied in subnetConfiguration. At most one of subnetType and subnetGroupName can be supplied. Default: - Selection by type instead of by name

  • subnet_name (Optional[str]) – (deprecated) Alias for subnetGroupName. Select the subnet group with the given name. This only needs to be used if you have multiple subnet groups of the same type and you need to distinguish between them.

  • subnets (Optional[List[ISubnet]]) – Explicitly select individual subnets. Use this if you don’t want to automatically use all subnets in a group, but have a need to control selection down to individual subnets. Cannot be specified together with subnetType or subnetGroupName. Default: - Use all subnets in a selected group (all private subnets by default)

  • subnet_type (Optional[SubnetType]) – Select all subnets of the given type. At most one of subnetType and subnetGroupName can be supplied. Default: SubnetType.PRIVATE (or ISOLATED or PUBLIC if there are no PRIVATE subnets)

Return type

SelectedSubnets

Attributes

availability_zones

AZs for this VPC.

Return type

List[str]

env

The environment this resource belongs to.

For resources that are created and managed by the CDK (generally, those created by creating new class instances like Role, Bucket, etc.), this is always the same as the environment of the stack they belong to; however, for imported resources (those obtained from static methods like fromRoleArn, fromBucketName, etc.), that might be different than the stack they were imported into.

Return type

ResourceEnvironment

internet_connectivity_established

Dependable that can be depended upon to force internet connectivity established on the VPC.

Return type

IDependable

isolated_subnets

List of isolated subnets in this VPC.

Return type

List[ISubnet]

node

The construct tree node for this construct.

Return type

ConstructNode

private_subnets

List of private subnets in this VPC.

Return type

List[ISubnet]

public_subnets

List of public subnets in this VPC.

Return type

List[ISubnet]

stack

The stack in which this resource is defined.

Return type

Stack

vpc_cidr_block

CIDR range for this VPC.

Attribute

true

Return type

str

vpc_id

Identifier for this VPC.

Attribute

true

Return type

str

vpn_gateway_id

Identifier for the VPN gateway.

Return type

Optional[str]