NatInstanceProvider

class aws_cdk.aws_ec2.NatInstanceProvider(*, instance_type, allow_all_traffic=None, default_allowed_traffic=None, key_name=None, machine_image=None, security_group=None)

Bases: aws_cdk.aws_ec2.NatProvider

NAT provider which uses NAT Instances.

Parameters

  • instance_type (InstanceType) – Instance type of the NAT instance.

  • allow_all_traffic (Optional[bool]) – (deprecated) Allow all inbound traffic through the NAT instance. If you set this to false, you must configure the NAT instance’s security groups in another way, either by passing in a fully configured Security Group using the securityGroup property, or by configuring it using the .securityGroup or .connections members after passing the NAT Instance Provider to a Vpc. Default: true

  • default_allowed_traffic (Optional[NatTrafficDirection]) – Direction to allow all traffic through the NAT instance by default. By default, inbound and outbound traffic is allowed. If you set this to another value than INBOUND_AND_OUTBOUND, you must configure the NAT instance’s security groups in another way, either by passing in a fully configured Security Group using the securityGroup property, or by configuring it using the .securityGroup or .connections members after passing the NAT Instance Provider to a Vpc. Default: NatTrafficDirection.INBOUND_AND_OUTBOUND

  • key_name (Optional[str]) – Name of SSH keypair to grant access to instance. Default: - No SSH access will be possible.

  • machine_image (Optional[IMachineImage]) – The machine image (AMI) to use. By default, will do an AMI lookup for the latest NAT instance image. If you have a specific AMI ID you want to use, pass a GenericLinuxImage. For example:: ec2.NatProvider.instance({ instanceType: new ec2.InstanceType(‘t3.micro’), machineImage: new ec2.GenericLinuxImage({ ‘us-east-2’: ‘ami-0f9c61b5a562a16af’ }) }) Default: - Latest NAT instance image

  • security_group (Optional[ISecurityGroup]) – Security Group for NAT instances. Default: - A new security group will be created

Methods

configure_nat(*, nat_subnets, private_subnets, vpc)

Called by the VPC to configure NAT.

Don’t call this directly, the VPC will call it automatically.

Parameters

  • nat_subnets (Sequence[PublicSubnet]) – The public subnets where the NAT providers need to be placed.

  • private_subnets (Sequence[PrivateSubnet]) – The private subnets that need to route through the NAT providers. There may be more private subnets than public subnets with NAT providers.

  • vpc (Vpc) – The VPC we’re configuring NAT for.

Return type

None

configure_subnet(subnet)

Configures subnet with the gateway.

Don’t call this directly, the VPC will call it automatically.

Parameters

subnet (PrivateSubnet) –

Return type

None

Attributes

configured_gateways

Return list of gateways spawned by the provider.

Return type

List[GatewayConfig]

connections

Manage the Security Groups associated with the NAT instances.

Return type

Connections

security_group

The Security Group associated with the NAT instances.

Return type

ISecurityGroup

Static Methods

classmethod gateway(*, eip_allocation_ids=None)

Use NAT Gateways to provide NAT services for your VPC.

NAT gateways are managed by AWS.

Parameters

eip_allocation_ids (Optional[Sequence[str]]) – EIP allocation IDs for the NAT gateways. Default: - No fixed EIPs allocated for the NAT gateways

See

https://docs.aws.amazon.com/vpc/latest/userguide/vpc-nat-gateway.html

Return type

NatProvider

classmethod instance(*, instance_type, allow_all_traffic=None, default_allowed_traffic=None, key_name=None, machine_image=None, security_group=None)

Use NAT instances to provide NAT services for your VPC.

NAT instances are managed by you, but in return allow more configuration.

Be aware that instances created using this provider will not be automatically replaced if they are stopped for any reason. You should implement your own NatProvider based on AutoScaling groups if you need that.

Parameters

  • instance_type (InstanceType) – Instance type of the NAT instance.

  • allow_all_traffic (Optional[bool]) – (deprecated) Allow all inbound traffic through the NAT instance. If you set this to false, you must configure the NAT instance’s security groups in another way, either by passing in a fully configured Security Group using the securityGroup property, or by configuring it using the .securityGroup or .connections members after passing the NAT Instance Provider to a Vpc. Default: true

  • default_allowed_traffic (Optional[NatTrafficDirection]) – Direction to allow all traffic through the NAT instance by default. By default, inbound and outbound traffic is allowed. If you set this to another value than INBOUND_AND_OUTBOUND, you must configure the NAT instance’s security groups in another way, either by passing in a fully configured Security Group using the securityGroup property, or by configuring it using the .securityGroup or .connections members after passing the NAT Instance Provider to a Vpc. Default: NatTrafficDirection.INBOUND_AND_OUTBOUND

  • key_name (Optional[str]) – Name of SSH keypair to grant access to instance. Default: - No SSH access will be possible.

  • machine_image (Optional[IMachineImage]) – The machine image (AMI) to use. By default, will do an AMI lookup for the latest NAT instance image. If you have a specific AMI ID you want to use, pass a GenericLinuxImage. For example:: ec2.NatProvider.instance({ instanceType: new ec2.InstanceType(‘t3.micro’), machineImage: new ec2.GenericLinuxImage({ ‘us-east-2’: ‘ami-0f9c61b5a562a16af’ }) }) Default: - Latest NAT instance image

  • security_group (Optional[ISecurityGroup]) – Security Group for NAT instances. Default: - A new security group will be created

See

https://docs.aws.amazon.com/vpc/latest/userguide/VPC_NAT_Instance.html

Return type

NatInstanceProvider