VpcProps

class aws_cdk.aws_ec2.VpcProps(*, cidr=None, default_instance_tenancy=None, enable_dns_hostnames=None, enable_dns_support=None, gateway_endpoints=None, max_azs=None, nat_gateway_provider=None, nat_gateways=None, nat_gateway_subnets=None, subnet_configuration=None, vpn_connections=None, vpn_gateway=None, vpn_gateway_asn=None, vpn_route_propagation=None)

Bases: object

__init__(*, cidr=None, default_instance_tenancy=None, enable_dns_hostnames=None, enable_dns_support=None, gateway_endpoints=None, max_azs=None, nat_gateway_provider=None, nat_gateways=None, nat_gateway_subnets=None, subnet_configuration=None, vpn_connections=None, vpn_gateway=None, vpn_gateway_asn=None, vpn_route_propagation=None)

Configuration for Vpc.

Parameters
  • cidr (Optional[str]) – The CIDR range to use for the VPC, e.g. ‘10.0.0.0/16’. Should be a minimum of /28 and maximum size of /16. The range will be split across all subnets per Availability Zone. Default: Vpc.DEFAULT_CIDR_RANGE

  • default_instance_tenancy (Optional[DefaultInstanceTenancy]) – The default tenancy of instances launched into the VPC. By setting this to dedicated tenancy, instances will be launched on hardware dedicated to a single AWS customer, unless specifically specified at instance launch time. Please note, not all instance types are usable with Dedicated tenancy. Default: DefaultInstanceTenancy.Default (shared) tenancy

  • enable_dns_hostnames (Optional[bool]) – Indicates whether the instances launched in the VPC get public DNS hostnames. If this attribute is true, instances in the VPC get public DNS hostnames, but only if the enableDnsSupport attribute is also set to true. Default: true

  • enable_dns_support (Optional[bool]) – Indicates whether the DNS resolution is supported for the VPC. If this attribute is false, the Amazon-provided DNS server in the VPC that resolves public DNS hostnames to IP addresses is not enabled. If this attribute is true, queries to the Amazon provided DNS server at the 169.254.169.253 IP address, or the reserved IP address at the base of the VPC IPv4 network range plus two will succeed. Default: true

  • gateway_endpoints (Optional[Mapping[str, GatewayVpcEndpointOptions]]) – Gateway endpoints to add to this VPC. Default: - None.

  • max_azs (Union[int, float, None]) – Define the maximum number of AZs to use in this region. If the region has more AZs than you want to use (for example, because of EIP limits), pick a lower number here. The AZs will be sorted and picked from the start of the list. If you pick a higher number than the number of AZs in the region, all AZs in the region will be selected. To use “all AZs” available to your account, use a high number (such as 99). Be aware that environment-agnostic stacks will be created with access to only 2 AZs, so to use more than 2 AZs, be sure to specify the account and region on your stack. Default: 3

  • nat_gateway_provider (Optional[NatProvider]) – What type of NAT provider to use. Select between NAT gateways or NAT instances. NAT gateways may not be available in all AWS regions. Default: NatProvider.gateway()

  • nat_gateways (Union[int, float, None]) – The number of NAT Gateways/Instances to create. The type of NAT gateway or instance will be determined by the natGatewayProvider parameter. You can set this number lower than the number of Availability Zones in your VPC in order to save on NAT cost. Be aware you may be charged for cross-AZ data traffic instead. Default: - One NAT gateway/instance per Availability Zone

  • nat_gateway_subnets (Optional[SubnetSelection]) – Configures the subnets which will have NAT Gateways/Instances. You can pick a specific group of subnets by specifying the group name; the picked subnets must be public subnets. Only necessary if you have more than one public subnet group. Default: - All public subnets.

  • subnet_configuration (Optional[List[SubnetConfiguration]]) – Configure the subnets to build for each AZ. Each entry in this list configures a Subnet Group; each group will contain a subnet for each Availability Zone. For example, if you want 1 public subnet, 1 private subnet, and 1 isolated subnet in each AZ provide the following:: subnetConfiguration: [ { cidrMask: 24, name: ‘ingress’, subnetType: SubnetType.PUBLIC, }, { cidrMask: 24, name: ‘application’, subnetType: SubnetType.PRIVATE, }, { cidrMask: 28, name: ‘rds’, subnetType: SubnetType.ISOLATED, } ] Default: - The VPC CIDR will be evenly divided between 1 public and 1 private subnet per AZ.

  • vpn_connections (Optional[Mapping[str, VpnConnectionOptions]]) – VPN connections to this VPC. Default: - No connections.

  • vpn_gateway (Optional[bool]) – Indicates whether a VPN gateway should be created and attached to this VPC. Default: - true when vpnGatewayAsn or vpnConnections is specified.

  • vpn_gateway_asn (Union[int, float, None]) – The private Autonomous System Number (ASN) for the VPN gateway. Default: - Amazon default ASN.

  • vpn_route_propagation (Optional[List[SubnetSelection]]) – Where to propagate VPN routes. Default: - On the route tables associated with private subnets.

Attributes

cidr

The CIDR range to use for the VPC, e.g. ‘10.0.0.0/16’.

Should be a minimum of /28 and maximum size of /16. The range will be split across all subnets per Availability Zone.

default :default: Vpc.DEFAULT_CIDR_RANGE

Return type

Optional[str]

default_instance_tenancy

The default tenancy of instances launched into the VPC.

By setting this to dedicated tenancy, instances will be launched on hardware dedicated to a single AWS customer, unless specifically specified at instance launch time. Please note, not all instance types are usable with Dedicated tenancy.

default :default: DefaultInstanceTenancy.Default (shared) tenancy

Return type

Optional[DefaultInstanceTenancy]

enable_dns_hostnames

Indicates whether the instances launched in the VPC get public DNS hostnames.

If this attribute is true, instances in the VPC get public DNS hostnames, but only if the enableDnsSupport attribute is also set to true.

default :default: true

Return type

Optional[bool]

enable_dns_support

Indicates whether the DNS resolution is supported for the VPC.

If this attribute is false, the Amazon-provided DNS server in the VPC that resolves public DNS hostnames to IP addresses is not enabled. If this attribute is true, queries to the Amazon provided DNS server at the 169.254.169.253 IP address, or the reserved IP address at the base of the VPC IPv4 network range plus two will succeed.

default :default: true

Return type

Optional[bool]

gateway_endpoints

Gateway endpoints to add to this VPC.

default :default: - None.

Return type

Optional[Mapping[str, GatewayVpcEndpointOptions]]

max_azs

Define the maximum number of AZs to use in this region.

If the region has more AZs than you want to use (for example, because of EIP limits), pick a lower number here. The AZs will be sorted and picked from the start of the list.

If you pick a higher number than the number of AZs in the region, all AZs in the region will be selected. To use “all AZs” available to your account, use a high number (such as 99).

Be aware that environment-agnostic stacks will be created with access to only 2 AZs, so to use more than 2 AZs, be sure to specify the account and region on your stack.

default :default: 3

Return type

Union[int, float, None]

nat_gateway_provider

What type of NAT provider to use.

Select between NAT gateways or NAT instances. NAT gateways may not be available in all AWS regions.

default :default: NatProvider.gateway()

stability :stability: experimental

Return type

Optional[NatProvider]

nat_gateway_subnets

Configures the subnets which will have NAT Gateways/Instances.

You can pick a specific group of subnets by specifying the group name; the picked subnets must be public subnets.

Only necessary if you have more than one public subnet group.

default :default: - All public subnets.

Return type

Optional[SubnetSelection]

nat_gateways

The number of NAT Gateways/Instances to create.

The type of NAT gateway or instance will be determined by the natGatewayProvider parameter.

You can set this number lower than the number of Availability Zones in your VPC in order to save on NAT cost. Be aware you may be charged for cross-AZ data traffic instead.

default :default: - One NAT gateway/instance per Availability Zone

Return type

Union[int, float, None]

subnet_configuration

Configure the subnets to build for each AZ.

Each entry in this list configures a Subnet Group; each group will contain a subnet for each Availability Zone.

For example, if you want 1 public subnet, 1 private subnet, and 1 isolated subnet in each AZ provide the following:

# Example may have issues. See https://github.com/aws/jsii/issues/826
subnetConfiguration: [
    {
      cidrMask: 24,
      name: 'ingress',
      subnetType: SubnetType.PUBLIC,
    },
    {
      cidrMask: 24,
      name: 'application',
      subnetType: SubnetType.PRIVATE,
    },
    {
      cidrMask: 28,
      name: 'rds',
      subnetType: SubnetType.ISOLATED,
    }
]

default :default:

  • The VPC CIDR will be evenly divided between 1 public and 1 private subnet per AZ.

Return type

Optional[List[SubnetConfiguration]]

vpn_connections

VPN connections to this VPC.

default :default: - No connections.

Return type

Optional[Mapping[str, VpnConnectionOptions]]

vpn_gateway

Indicates whether a VPN gateway should be created and attached to this VPC.

default :default: - true when vpnGatewayAsn or vpnConnections is specified.

Return type

Optional[bool]

vpn_gateway_asn

The private Autonomous System Number (ASN) for the VPN gateway.

default :default: - Amazon default ASN.

Return type

Union[int, float, None]

vpn_route_propagation

Where to propagate VPN routes.

default :default: - On the route tables associated with private subnets.

Return type

Optional[List[SubnetSelection]]