Class BastionHostLinuxProps

Properties of the bastion host.

Inheritance

System.Object

BastionHostLinuxProps

Implements

IBastionHostLinuxProps

Namespace: Amazon.CDK.AWS.EC2

Assembly: Amazon.CDK.Lib.dll

Syntax (csharp)

public class BastionHostLinuxProps : Object, IBastionHostLinuxProps

Syntax (vb)

Public Class BastionHostLinuxProps
    Inherits Object
    Implements IBastionHostLinuxProps

Remarks

ExampleMetadata: fixture=with-vpc infused

Examples

var host = new BastionHostLinux(this, "BastionHost", new BastionHostLinuxProps {
    Vpc = vpc,
    BlockDevices = new [] { new BlockDevice {
        DeviceName = "/dev/sdh",
        Volume = BlockDeviceVolume.Ebs(10, new EbsDeviceOptions {
            Encrypted = true
        })
    } }
});

Synopsis

Constructors

BastionHostLinuxProps()

Properties

AvailabilityZone	In which AZ to place the instance within the VPC.
BlockDevices	Specifies how block devices are exposed to the instance. You can specify virtual devices and EBS volumes.
Init	Apply the given CloudFormation Init configuration to the instance at startup.
InitOptions	Use the given options for applying CloudFormation Init.
InstanceName	The name of the instance.
InstanceType	Type of instance to launch.
MachineImage	The machine image to use, assumed to have SSM Agent preinstalled.
RequireImdsv2	Whether IMDSv2 should be required on this instance.
SecurityGroup	Security Group to assign to this instance.
SubnetSelection	Select the subnets to run the bastion host in.
UserDataCausesReplacement	Determines whether changes to the UserData will force instance replacement.
Vpc	VPC to launch the instance in.

Constructors

BastionHostLinuxProps()

public BastionHostLinuxProps()

Properties

AvailabilityZone

In which AZ to place the instance within the VPC.

public string AvailabilityZone { get; set; }

Property Value

System.String

Remarks

Default: - Random zone.

BlockDevices

Specifies how block devices are exposed to the instance. You can specify virtual devices and EBS volumes.

public IBlockDevice[] BlockDevices { get; set; }

Property Value

IBlockDevice[]

Remarks

Each instance that is launched has an associated root device volume, either an Amazon EBS volume or an instance store volume. You can use block device mappings to specify additional EBS volumes or instance store volumes to attach to an instance when it is launched.

Default: - Uses the block device mapping of the AMI

See: https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/block-device-mapping-concepts.html

Init

Apply the given CloudFormation Init configuration to the instance at startup.

public CloudFormationInit Init { get; set; }

Property Value

CloudFormationInit

Remarks

Default: - no CloudFormation init

InitOptions

Use the given options for applying CloudFormation Init.

public IApplyCloudFormationInitOptions InitOptions { get; set; }

Property Value

IApplyCloudFormationInitOptions

Remarks

Describes the configsets to use and the timeout to wait

Default: - default options

InstanceName

The name of the instance.

public string InstanceName { get; set; }

Property Value

System.String

Remarks

Default: 'BastionHost'

InstanceType

Type of instance to launch.

public InstanceType InstanceType { get; set; }

Property Value

InstanceType

Remarks

Default: 't3.nano'

MachineImage

The machine image to use, assumed to have SSM Agent preinstalled.

public IMachineImage MachineImage { get; set; }

Property Value

IMachineImage

Remarks

Default: - An Amazon Linux 2023 image if the @aws-cdk/aws-ec2:bastionHostUseAmazonLinux2023ByDefault feature flag is enabled. Otherwise, an Amazon Linux 2 image. In both cases, the image is kept up-to-date automatically (the instance may be replaced on every deployment) and already has SSM Agent installed.

RequireImdsv2

Whether IMDSv2 should be required on this instance.

public Nullable<bool> RequireImdsv2 { get; set; }

Property Value

System.Nullable<System.Boolean>

Remarks

Default: - false

SecurityGroup

Security Group to assign to this instance.

public ISecurityGroup SecurityGroup { get; set; }

Property Value

ISecurityGroup

Remarks

Default: - create new security group with no inbound and all outbound traffic allowed

SubnetSelection

Select the subnets to run the bastion host in.

public ISubnetSelection SubnetSelection { get; set; }

Property Value

ISubnetSelection

Remarks

Set this to PUBLIC if you need to connect to this instance via the internet and cannot use SSM. You have to allow port 22 manually by using the connections field

Default: - private subnets of the supplied VPC

UserDataCausesReplacement

Determines whether changes to the UserData will force instance replacement.

public Nullable<bool> UserDataCausesReplacement { get; set; }

Property Value

System.Nullable<System.Boolean>

Remarks

Depending on the EC2 instance type, modifying the UserData may either restart or replace the instance:

Note that by default, restarting does not execute the updated UserData, so an alternative mechanism is needed to ensure the instance re-executes the UserData.

When set to true, the instance's Logical ID will depend on the UserData, causing CloudFormation to replace the instance if the UserData changes.

Default: - true if initOptions is specified, otherwise false.

Vpc

VPC to launch the instance in.

public IVpc Vpc { get; set; }

Property Value

IVpc

Implements

IBastionHostLinuxProps