Interface NatInstanceProps
- All Superinterfaces:
software.amazon.jsii.JsiiSerializable
- All Known Implementing Classes:
NatInstanceProps.Jsii$Proxy
Example:
InstanceType instanceType; NatInstanceProviderV2 provider = NatProvider.instanceV2(NatInstanceProps.builder() .instanceType(instanceType) .defaultAllowedTraffic(NatTrafficDirection.OUTBOUND_ONLY) .build()); Vpc.Builder.create(this, "TheVPC") .natGatewayProvider(provider) .build(); provider.connections.allowFrom(Peer.ipv4("1.2.3.4/8"), Port.HTTP);
-
Nested Class Summary
Modifier and TypeInterfaceDescriptionstatic final class
A builder forNatInstanceProps
static final class
An implementation forNatInstanceProps
-
Method Summary
Modifier and TypeMethodDescriptionstatic NatInstanceProps.Builder
builder()
default Boolean
Whether to associate a public IP address to the primary network interface attached to this instance.default CpuCredits
Specifying the CPU credit type for burstable EC2 instance types (T2, T3, T3a, etc).default NatTrafficDirection
Direction to allow all traffic through the NAT instance by default.Instance type of the NAT instance.default String
Deprecated.default IKeyPair
The SSH keypair to grant access to the instance.default IMachineImage
The machine image (AMI) to use.default ISecurityGroup
Deprecated.- Cannot create a new security group before the VPC is created, and cannot create the VPC without the NAT provider.default UserData
Custom user data to run on the NAT instances.Methods inherited from interface software.amazon.jsii.JsiiSerializable
$jsii$toJson
-
Method Details
-
getInstanceType
Instance type of the NAT instance. -
getAssociatePublicIpAddress
Whether to associate a public IP address to the primary network interface attached to this instance.Default: undefined - No public IP address associated
-
getCreditSpecification
Specifying the CPU credit type for burstable EC2 instance types (T2, T3, T3a, etc).The unlimited CPU credit option is not supported for T3 instances with dedicated host (
host
) tenancy.Default: - T2 instances are standard, while T3, T4g, and T3a instances are unlimited.
-
getDefaultAllowedTraffic
Direction to allow all traffic through the NAT instance by default.By default, inbound and outbound traffic is allowed.
If you set this to another value than INBOUND_AND_OUTBOUND, you must configure the NAT instance's security groups in another way, either by passing in a fully configured Security Group using the
securityGroup
property, or by configuring it using the.securityGroup
or.connections
members after passing the NAT Instance Provider to a Vpc.Default: NatTrafficDirection.INBOUND_AND_OUTBOUND
-
getKeyName
Deprecated.- Use
keyPair
instead - https://docs.aws.amazon.com/cdk/api/v2/docs/aws-cdk-lib.aws_ec2-readme.html#using-an-existing-ec2-key-pair
(deprecated) Name of SSH keypair to grant access to instance.Default: - No SSH access will be possible.
- Use
-
getKeyPair
The SSH keypair to grant access to the instance.Default: - No SSH access will be possible.
-
getMachineImage
The machine image (AMI) to use.By default, will do an AMI lookup for the latest NAT instance image.
If you have a specific AMI ID you want to use, pass a
GenericLinuxImage
. For example:NatProvider.instance(NatInstanceProps.builder() .instanceType(new InstanceType("t3.micro")) .machineImage(new GenericLinuxImage(Map.of( "us-east-2", "ami-0f9c61b5a562a16af"))) .build());
Default: - Latest NAT instance image
-
getSecurityGroup
Deprecated.- Cannot create a new security group before the VPC is created, and cannot create the VPC without the NAT provider. Setinvalid @link
defaultAllowedTraffic
invalid @link
NatTrafficDirection.NONE
invalid @link
NatInstanceProviderV2.gatewayInstances
(deprecated) Security Group for NAT instances.Default: - A new security group will be created
Example:
NatInstanceProviderV2 natGatewayProvider = NatProvider.instanceV2(NatInstanceProps.builder() .instanceType(new InstanceType("t3.small")) .defaultAllowedTraffic(NatTrafficDirection.NONE) .build()); Vpc vpc = Vpc.Builder.create(this, "Vpc").natGatewayProvider(natGatewayProvider).build(); SecurityGroup securityGroup = SecurityGroup.Builder.create(this, "SecurityGroup") .vpc(vpc) .allowAllOutbound(false) .build(); securityGroup.addEgressRule(Peer.anyIpv4(), Port.tcp(443)); for (Object gatewayInstance : natGatewayProvider.getGatewayInstances()) { gatewayInstance.addSecurityGroup(securityGroup); }
-
getUserData
Custom user data to run on the NAT instances.Default: UserData.forLinux().addCommands(...NatInstanceProviderV2.DEFAULT_USER_DATA_COMMANDS); - Appropriate user data commands to initialize and configure the NAT instances
- See Also:
-
builder
- Returns:
- a
NatInstanceProps.Builder
ofNatInstanceProps
-
keyPair
instead - https://docs.aws.amazon.com/cdk/api/v2/docs/aws-cdk-lib.aws_ec2-readme.html#using-an-existing-ec2-key-pair