GatewayVpcEndpointOptions

class aws_cdk.aws_ec2.GatewayVpcEndpointOptions(*, service, subnets=None)

Bases: object

Options to add a gateway endpoint to a VPC.

Parameters:

• service (IGatewayVpcEndpointService) – The service to use for this gateway VPC endpoint.

• subnets (Optional[Sequence[Union[SubnetSelection, Dict[str, Any]]]]) – Where to add endpoint routing. By default, this endpoint will be routable from all subnets in the VPC. Specify a list of subnet selection objects here to be more specific. Default: - All subnets in the VPC

ExampleMetadata:

lit=aws-ec2/test/integ.vpc-endpoint.lit.ts infused

Example:

# Add gateway endpoints when creating the VPC
vpc = ec2.Vpc(self, "MyVpc",
    gateway_endpoints={
        "S3": cdk.aws_ec2.GatewayVpcEndpointOptions(
            service=ec2.GatewayVpcEndpointAwsService.S3
        )
    }
)

# Alternatively gateway endpoints can be added on the VPC
dynamo_db_endpoint = vpc.add_gateway_endpoint("DynamoDbEndpoint",
    service=ec2.GatewayVpcEndpointAwsService.DYNAMODB
)

# This allows to customize the endpoint policy
dynamo_db_endpoint.add_to_policy(
    iam.PolicyStatement( # Restrict to listing and describing tables
        principals=[iam.AnyPrincipal()],
        actions=["dynamodb:DescribeTable", "dynamodb:ListTables"],
        resources=["*"]))

# Add an interface endpoint
vpc.add_interface_endpoint("EcrDockerEndpoint",
    service=ec2.InterfaceVpcEndpointAwsService.ECR_DOCKER
)

Attributes

service

The service to use for this gateway VPC endpoint.

subnets

Where to add endpoint routing.

By default, this endpoint will be routable from all subnets in the VPC. Specify a list of subnet selection objects here to be more specific.

Default:

• All subnets in the VPC

Example:

# vpc: ec2.Vpc


vpc.add_gateway_endpoint("DynamoDbEndpoint",
    service=ec2.GatewayVpcEndpointAwsService.DYNAMODB,
    # Add only to ISOLATED subnets
    subnets=[ec2.SubnetSelection(subnet_type=ec2.SubnetType.PRIVATE_ISOLATED)
    ]
)