CfnVPCEndpointProps

class aws_cdk.aws_ec2.CfnVPCEndpointProps(*, service_name, vpc_id, policy_document=None, private_dns_enabled=None, route_table_ids=None, security_group_ids=None, subnet_ids=None, vpc_endpoint_type=None)

Bases: object

Properties for defining a CfnVPCEndpoint.

Parameters
  • service_name (str) – The service name.

  • vpc_id (str) – The ID of the VPC for the endpoint.

  • policy_document (Optional[Any]) – A policy that controls access to the service from the VPC. If this parameter is not specified, the default policy allows full access to the service. Endpoint policies are supported only for gateway and interface endpoints. For CloudFormation templates in YAML, you can provide the policy in JSON or YAML format. AWS CloudFormation converts YAML policies to JSON format before calling the API to create or modify the VPC endpoint.

  • private_dns_enabled (Union[bool, IResolvable, None]) – Indicate whether to associate a private hosted zone with the specified VPC. The private hosted zone contains a record set for the default public DNS name for the service for the Region (for example, kinesis.us-east-1.amazonaws.com ), which resolves to the private IP addresses of the endpoint network interfaces in the VPC. This enables you to make requests to the default public DNS name for the service instead of the public DNS names that are automatically generated by the VPC endpoint service. To use a private hosted zone, you must set the following VPC attributes to true : enableDnsHostnames and enableDnsSupport . This property is supported only for interface endpoints. Default: false

  • route_table_ids (Optional[Sequence[str]]) – The IDs of the route tables. Routing is supported only for gateway endpoints.

  • security_group_ids (Optional[Sequence[str]]) – The IDs of the security groups to associate with the endpoint network interfaces. If this parameter is not specified, we use the default security group for the VPC. Security groups are supported only for interface endpoints.

  • subnet_ids (Optional[Sequence[str]]) – The IDs of the subnets in which to create endpoint network interfaces. You must specify this property for an interface endpoint or a Gateway Load Balancer endpoint. You can’t specify this property for a gateway endpoint. For a Gateway Load Balancer endpoint, you can specify only one subnet.

  • vpc_endpoint_type (Optional[str]) – The type of endpoint. Default: Gateway

Link

http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ec2-vpcendpoint.html

ExampleMetadata

fixture=_generated

Example:

# The code below shows an example of how to instantiate this type.
# The values are placeholders you should change.
import aws_cdk.aws_ec2 as ec2

# policy_document: Any

cfn_vPCEndpoint_props = ec2.CfnVPCEndpointProps(
    service_name="serviceName",
    vpc_id="vpcId",

    # the properties below are optional
    policy_document=policy_document,
    private_dns_enabled=False,
    route_table_ids=["routeTableIds"],
    security_group_ids=["securityGroupIds"],
    subnet_ids=["subnetIds"],
    vpc_endpoint_type="vpcEndpointType"
)

Attributes

policy_document

A policy that controls access to the service from the VPC.

If this parameter is not specified, the default policy allows full access to the service. Endpoint policies are supported only for gateway and interface endpoints.

For CloudFormation templates in YAML, you can provide the policy in JSON or YAML format. AWS CloudFormation converts YAML policies to JSON format before calling the API to create or modify the VPC endpoint.

Link

http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ec2-vpcendpoint.html#cfn-ec2-vpcendpoint-policydocument

private_dns_enabled

Indicate whether to associate a private hosted zone with the specified VPC.

The private hosted zone contains a record set for the default public DNS name for the service for the Region (for example, kinesis.us-east-1.amazonaws.com ), which resolves to the private IP addresses of the endpoint network interfaces in the VPC. This enables you to make requests to the default public DNS name for the service instead of the public DNS names that are automatically generated by the VPC endpoint service.

To use a private hosted zone, you must set the following VPC attributes to true : enableDnsHostnames and enableDnsSupport .

This property is supported only for interface endpoints.

Default: false

Link

http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ec2-vpcendpoint.html#cfn-ec2-vpcendpoint-privatednsenabled

route_table_ids

The IDs of the route tables.

Routing is supported only for gateway endpoints.

Link

http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ec2-vpcendpoint.html#cfn-ec2-vpcendpoint-routetableids

security_group_ids

The IDs of the security groups to associate with the endpoint network interfaces.

If this parameter is not specified, we use the default security group for the VPC. Security groups are supported only for interface endpoints.

Link

http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ec2-vpcendpoint.html#cfn-ec2-vpcendpoint-securitygroupids

service_name

The service name.

Link

http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ec2-vpcendpoint.html#cfn-ec2-vpcendpoint-servicename

subnet_ids

The IDs of the subnets in which to create endpoint network interfaces.

You must specify this property for an interface endpoint or a Gateway Load Balancer endpoint. You can’t specify this property for a gateway endpoint. For a Gateway Load Balancer endpoint, you can specify only one subnet.

Link

http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ec2-vpcendpoint.html#cfn-ec2-vpcendpoint-subnetids

vpc_endpoint_type

The type of endpoint.

Default: Gateway

Link

http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ec2-vpcendpoint.html#cfn-ec2-vpcendpoint-vpcendpointtype

vpc_id

The ID of the VPC for the endpoint.

Link

http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ec2-vpcendpoint.html#cfn-ec2-vpcendpoint-vpcid