Class InterfaceVpcEndpointOptions
Options to add an interface endpoint to a VPC.
Implements
Inherited Members
Namespace: Amazon.CDK.AWS.EC2
Assembly: Amazon.CDK.Lib.dll
Syntax (csharp)
public class InterfaceVpcEndpointOptions : IInterfaceVpcEndpointOptionsSyntax (vb)
Public Class InterfaceVpcEndpointOptions Implements IInterfaceVpcEndpointOptionsRemarks
ExampleMetadata: lit=aws-ec2/test/integ.vpc-endpoint.lit.ts infused
Examples
// Add gateway endpoints when creating the VPC
var vpc = new Vpc(this, "MyVpc", new VpcProps {
GatewayEndpoints = new Dictionary<string, GatewayVpcEndpointOptions> {
{ "S3", new GatewayVpcEndpointOptions {
Service = GatewayVpcEndpointAwsService.S3
} }
}
});
// Alternatively gateway endpoints can be added on the VPC
var dynamoDbEndpoint = vpc.AddGatewayEndpoint("DynamoDbEndpoint", new GatewayVpcEndpointOptions {
Service = GatewayVpcEndpointAwsService.DYNAMODB
});
// This allows to customize the endpoint policy
dynamoDbEndpoint.AddToPolicy(
new PolicyStatement(new PolicyStatementProps { // Restrict to listing and describing tables
Principals = new [] { new AnyPrincipal() },
Actions = new [] { "dynamodb:DescribeTable", "dynamodb:ListTables" },
Resources = new [] { "*" } }));
// Add an interface endpoint
vpc.AddInterfaceEndpoint("EcrDockerEndpoint", new InterfaceVpcEndpointOptions {
Service = InterfaceVpcEndpointAwsService.ECR_DOCKER
});Synopsis
Constructors
| InterfaceVpcEndpointOptions() | Options to add an interface endpoint to a VPC. |
Properties
| DnsRecordIpType | Type of DNS records created for the VPC endpoint. |
| IpAddressType | The IP address type for the endpoint. |
| LookupSupportedAzs | Limit to only those availability zones where the endpoint service can be created. |
| Open | Whether to automatically allow VPC traffic to the endpoint. |
| PrivateDnsEnabled | Whether to associate a private hosted zone with the specified VPC. |
| PrivateDnsOnlyForInboundResolverEndpoint | Whether to enable private DNS only for inbound endpoints. |
| SecurityGroups | The security groups to associate with this interface VPC endpoint. |
| Service | The service to use for this interface VPC endpoint. |
| ServiceRegion | The region where the VPC endpoint service is located. |
| Subnets | The subnets in which to create an endpoint network interface. |
Constructors
InterfaceVpcEndpointOptions()
Options to add an interface endpoint to a VPC.
public InterfaceVpcEndpointOptions()Remarks
ExampleMetadata: lit=aws-ec2/test/integ.vpc-endpoint.lit.ts infused
Examples
// Add gateway endpoints when creating the VPC
var vpc = new Vpc(this, "MyVpc", new VpcProps {
GatewayEndpoints = new Dictionary<string, GatewayVpcEndpointOptions> {
{ "S3", new GatewayVpcEndpointOptions {
Service = GatewayVpcEndpointAwsService.S3
} }
}
});
// Alternatively gateway endpoints can be added on the VPC
var dynamoDbEndpoint = vpc.AddGatewayEndpoint("DynamoDbEndpoint", new GatewayVpcEndpointOptions {
Service = GatewayVpcEndpointAwsService.DYNAMODB
});
// This allows to customize the endpoint policy
dynamoDbEndpoint.AddToPolicy(
new PolicyStatement(new PolicyStatementProps { // Restrict to listing and describing tables
Principals = new [] { new AnyPrincipal() },
Actions = new [] { "dynamodb:DescribeTable", "dynamodb:ListTables" },
Resources = new [] { "*" } }));
// Add an interface endpoint
vpc.AddInterfaceEndpoint("EcrDockerEndpoint", new InterfaceVpcEndpointOptions {
Service = InterfaceVpcEndpointAwsService.ECR_DOCKER
});Properties
DnsRecordIpType
Type of DNS records created for the VPC endpoint.
public VpcEndpointDnsRecordIpType? DnsRecordIpType { get; set; }Property Value
Remarks
Default: not specified
IpAddressType
The IP address type for the endpoint.
public VpcEndpointIpAddressType? IpAddressType { get; set; }Property Value
Remarks
Default: not specified
LookupSupportedAzs
Limit to only those availability zones where the endpoint service can be created.
public bool? LookupSupportedAzs { get; set; }Property Value
bool?
Remarks
Setting this to 'true' requires a lookup to be performed at synthesis time. Account and region must be set on the containing stack for this to work.
Default: false
Open
Whether to automatically allow VPC traffic to the endpoint.
public bool? Open { get; set; }Property Value
bool?
Remarks
If enabled, all traffic to the endpoint from within the VPC will be automatically allowed. This is done based on the VPC's CIDR range.
Default: true
PrivateDnsEnabled
Whether to associate a private hosted zone with the specified VPC.
public bool? PrivateDnsEnabled { get; set; }Property Value
bool?
Remarks
This allows you to make requests to the service using its default DNS hostname.
Default: set by the instance of IInterfaceVpcEndpointService, or true if not defined by the instance of IInterfaceVpcEndpointService
PrivateDnsOnlyForInboundResolverEndpoint
Whether to enable private DNS only for inbound endpoints.
public VpcEndpointPrivateDnsOnlyForInboundResolverEndpoint? PrivateDnsOnlyForInboundResolverEndpoint { get; set; }Property Value
VpcEndpointPrivateDnsOnlyForInboundResolverEndpoint?
Remarks
Default: not specified
SecurityGroups
The security groups to associate with this interface VPC endpoint.
public ISecurityGroup[]? SecurityGroups { get; set; }Property Value
Remarks
Default: - a new security group is created
Service
The service to use for this interface VPC endpoint.
public IInterfaceVpcEndpointService Service { get; set; }Property Value
Remarks
ExampleMetadata: lit=aws-ec2/test/integ.vpc-endpoint.lit.ts infused
ServiceRegion
The region where the VPC endpoint service is located.
public string? ServiceRegion { get; set; }Property Value
Remarks
Only needs to be specified for cross-region VPC endpoints.
Default: - Same region as the interface VPC endpoint
Subnets
The subnets in which to create an endpoint network interface.
public ISubnetSelection? Subnets { get; set; }Property Value
Remarks
At most one per availability zone.
Default: - private subnets