CfnVPCEndpointProps
- class aws_cdk.aws_ec2.CfnVPCEndpointProps(*, service_name, vpc_id, policy_document=None, private_dns_enabled=None, route_table_ids=None, security_group_ids=None, subnet_ids=None, vpc_endpoint_type=None)
Bases:
objectProperties for defining a
CfnVPCEndpoint.- Parameters
service_name (
str) – The service name.vpc_id (
str) – The ID of the VPC for the endpoint.policy_document (
Optional[Any]) – A policy that controls access to the service from the VPC. If this parameter is not specified, the default policy allows full access to the service. Endpoint policies are supported only for gateway and interface endpoints. For CloudFormation templates in YAML, you can provide the policy in JSON or YAML format. AWS CloudFormation converts YAML policies to JSON format before calling the API to create or modify the VPC endpoint.private_dns_enabled (
Union[bool,IResolvable,None]) – Indicate whether to associate a private hosted zone with the specified VPC. The private hosted zone contains a record set for the default public DNS name for the service for the Region (for example,kinesis.us-east-1.amazonaws.com), which resolves to the private IP addresses of the endpoint network interfaces in the VPC. This enables you to make requests to the default public DNS name for the service instead of the public DNS names that are automatically generated by the VPC endpoint service. To use a private hosted zone, you must set the following VPC attributes totrue:enableDnsHostnamesandenableDnsSupport. This property is supported only for interface endpoints. Default:falseroute_table_ids (
Optional[Sequence[str]]) – The IDs of the route tables. Routing is supported only for gateway endpoints.security_group_ids (
Optional[Sequence[str]]) – The IDs of the security groups to associate with the endpoint network interfaces. If this parameter is not specified, we use the default security group for the VPC. Security groups are supported only for interface endpoints.subnet_ids (
Optional[Sequence[str]]) – The IDs of the subnets in which to create endpoint network interfaces. You must specify this property for an interface endpoint or a Gateway Load Balancer endpoint. You can’t specify this property for a gateway endpoint. For a Gateway Load Balancer endpoint, you can specify only one subnet.vpc_endpoint_type (
Optional[str]) – The type of endpoint. Default: Gateway
- Link
http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ec2-vpcendpoint.html
- ExampleMetadata
fixture=_generated
Example:
# The code below shows an example of how to instantiate this type. # The values are placeholders you should change. import aws_cdk.aws_ec2 as ec2 # policy_document: Any cfn_vPCEndpoint_props = ec2.CfnVPCEndpointProps( service_name="serviceName", vpc_id="vpcId", # the properties below are optional policy_document=policy_document, private_dns_enabled=False, route_table_ids=["routeTableIds"], security_group_ids=["securityGroupIds"], subnet_ids=["subnetIds"], vpc_endpoint_type="vpcEndpointType" )
Attributes
- policy_document
A policy that controls access to the service from the VPC.
If this parameter is not specified, the default policy allows full access to the service. Endpoint policies are supported only for gateway and interface endpoints.
For CloudFormation templates in YAML, you can provide the policy in JSON or YAML format. AWS CloudFormation converts YAML policies to JSON format before calling the API to create or modify the VPC endpoint.
- private_dns_enabled
Indicate whether to associate a private hosted zone with the specified VPC.
The private hosted zone contains a record set for the default public DNS name for the service for the Region (for example,
kinesis.us-east-1.amazonaws.com), which resolves to the private IP addresses of the endpoint network interfaces in the VPC. This enables you to make requests to the default public DNS name for the service instead of the public DNS names that are automatically generated by the VPC endpoint service.To use a private hosted zone, you must set the following VPC attributes to
true:enableDnsHostnamesandenableDnsSupport.This property is supported only for interface endpoints.
Default:
false
- route_table_ids
The IDs of the route tables.
Routing is supported only for gateway endpoints.
- security_group_ids
The IDs of the security groups to associate with the endpoint network interfaces.
If this parameter is not specified, we use the default security group for the VPC. Security groups are supported only for interface endpoints.
- service_name
The service name.
- subnet_ids
The IDs of the subnets in which to create endpoint network interfaces.
You must specify this property for an interface endpoint or a Gateway Load Balancer endpoint. You can’t specify this property for a gateway endpoint. For a Gateway Load Balancer endpoint, you can specify only one subnet.
- vpc_endpoint_type
The type of endpoint.
Default: Gateway
- vpc_id
The ID of the VPC for the endpoint.