CfnVPCEndpointProps¶
-
class
aws_cdk.aws_ec2.
CfnVPCEndpointProps
(*, service_name, vpc_id, policy_document=None, private_dns_enabled=None, route_table_ids=None, security_group_ids=None, subnet_ids=None, vpc_endpoint_type=None)¶ Bases:
object
Properties for defining a
CfnVPCEndpoint
.- Parameters
service_name (
str
) – The service name. To list the available services, use DescribeVpcEndpointServices . Otherwise, get the name from the service provider.vpc_id (
str
) – The ID of the VPC in which the endpoint will be used.policy_document (
Optional
[Any
]) – A policy that controls access to the service from the VPC. If this parameter is not specified, the default policy allows full access to the service. Endpoint policies are supported only for gateway and interface endpoints. For CloudFormation templates in YAML, you can provide the policy in JSON or YAML format. AWS CloudFormation converts YAML policies to JSON format before calling the API to create or modify the VPC endpoint.private_dns_enabled (
Union
[bool
,IResolvable
,None
]) – Indicate whether to associate a private hosted zone with the specified VPC. The private hosted zone contains a record set for the default public DNS name for the service for the Region (for example,kinesis.us-east-1.amazonaws.com
), which resolves to the private IP addresses of the endpoint network interfaces in the VPC. This enables you to make requests to the default public DNS name for the service instead of the public DNS names that are automatically generated by the VPC endpoint service. To use a private hosted zone, you must set the following VPC attributes totrue
:enableDnsHostnames
andenableDnsSupport
. This property is supported only for interface endpoints. Default:false
route_table_ids (
Optional
[Sequence
[str
]]) – The route table IDs. Routing is supported only for gateway endpoints.security_group_ids (
Optional
[Sequence
[str
]]) – The IDs of the security groups to associate with the endpoint network interface. Security groups are supported only for interface endpoints.subnet_ids (
Optional
[Sequence
[str
]]) – The ID of the subnets in which to create an endpoint network interface. You must specify this property for an interface endpoints or a Gateway Load Balancer endpoint. You can’t specify this property for a gateway endpoint. For a Gateway Load Balancer endpoint, you can specify only one subnet.vpc_endpoint_type (
Optional
[str
]) – The type of endpoint. Default: Gateway
- Link
http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ec2-vpcendpoint.html
- ExampleMetadata
fixture=_generated
Example:
# The code below shows an example of how to instantiate this type. # The values are placeholders you should change. import aws_cdk.aws_ec2 as ec2 # policy_document: Any cfn_vPCEndpoint_props = ec2.CfnVPCEndpointProps( service_name="serviceName", vpc_id="vpcId", # the properties below are optional policy_document=policy_document, private_dns_enabled=False, route_table_ids=["routeTableIds"], security_group_ids=["securityGroupIds"], subnet_ids=["subnetIds"], vpc_endpoint_type="vpcEndpointType" )
Attributes
-
policy_document
¶ A policy that controls access to the service from the VPC.
If this parameter is not specified, the default policy allows full access to the service. Endpoint policies are supported only for gateway and interface endpoints.
For CloudFormation templates in YAML, you can provide the policy in JSON or YAML format. AWS CloudFormation converts YAML policies to JSON format before calling the API to create or modify the VPC endpoint.
-
private_dns_enabled
¶ Indicate whether to associate a private hosted zone with the specified VPC.
The private hosted zone contains a record set for the default public DNS name for the service for the Region (for example,
kinesis.us-east-1.amazonaws.com
), which resolves to the private IP addresses of the endpoint network interfaces in the VPC. This enables you to make requests to the default public DNS name for the service instead of the public DNS names that are automatically generated by the VPC endpoint service.To use a private hosted zone, you must set the following VPC attributes to
true
:enableDnsHostnames
andenableDnsSupport
.This property is supported only for interface endpoints.
Default:
false
- Link
- Return type
Union
[bool
,IResolvable
,None
]
-
route_table_ids
¶ The route table IDs.
Routing is supported only for gateway endpoints.
- Link
- Return type
Optional
[List
[str
]]
-
security_group_ids
¶ The IDs of the security groups to associate with the endpoint network interface.
Security groups are supported only for interface endpoints.
- Link
- Return type
Optional
[List
[str
]]
-
service_name
¶ The service name.
To list the available services, use DescribeVpcEndpointServices . Otherwise, get the name from the service provider.
-
subnet_ids
¶ The ID of the subnets in which to create an endpoint network interface.
You must specify this property for an interface endpoints or a Gateway Load Balancer endpoint. You can’t specify this property for a gateway endpoint. For a Gateway Load Balancer endpoint, you can specify only one subnet.
- Link
- Return type
Optional
[List
[str
]]
-
vpc_endpoint_type
¶ The type of endpoint.
Default: Gateway
-
vpc_id
¶ The ID of the VPC in which the endpoint will be used.