NatInstanceProps
- class aws_cdk.aws_ec2.NatInstanceProps(*, instance_type, credit_specification=None, default_allowed_traffic=None, key_name=None, key_pair=None, machine_image=None, security_group=None, user_data=None)
Bases:
object
Properties for a NAT instance.
- Parameters:
instance_type (
InstanceType
) – Instance type of the NAT instance.credit_specification (
Optional
[CpuCredits
]) – Specifying the CPU credit type for burstable EC2 instance types (T2, T3, T3a, etc). The unlimited CPU credit option is not supported for T3 instances with dedicated host (host
) tenancy. Default: - T2 instances are standard, while T3, T4g, and T3a instances are unlimited.default_allowed_traffic (
Optional
[NatTrafficDirection
]) – Direction to allow all traffic through the NAT instance by default. By default, inbound and outbound traffic is allowed. If you set this to another value than INBOUND_AND_OUTBOUND, you must configure the NAT instance’s security groups in another way, either by passing in a fully configured Security Group using thesecurityGroup
property, or by configuring it using the.securityGroup
or.connections
members after passing the NAT Instance Provider to a Vpc. Default: NatTrafficDirection.INBOUND_AND_OUTBOUNDkey_name (
Optional
[str
]) – (deprecated) Name of SSH keypair to grant access to instance. Default: - No SSH access will be possible.key_pair (
Optional
[IKeyPair
]) – The SSH keypair to grant access to the instance. Default: - No SSH access will be possible.machine_image (
Optional
[IMachineImage
]) – The machine image (AMI) to use. By default, will do an AMI lookup for the latest NAT instance image. If you have a specific AMI ID you want to use, pass aGenericLinuxImage
. For example:: ec2.NatProvider.instance({ instanceType: new ec2.InstanceType(‘t3.micro’), machineImage: new ec2.GenericLinuxImage({ ‘us-east-2’: ‘ami-0f9c61b5a562a16af’ }) }) Default: - Latest NAT instance imagesecurity_group (
Optional
[ISecurityGroup
]) – (deprecated) Security Group for NAT instances. Default: - A new security group will be createduser_data (
Optional
[UserData
]) – Custom user data to run on the NAT instances. Default: UserData.forLinux().addCommands(…NatInstanceProviderV2.DEFAULT_USER_DATA_COMMANDS); - Appropriate user data commands to initialize and configure the NAT instances
- ExampleMetadata:
infused
Example:
# instance_type: ec2.InstanceType provider = ec2.NatProvider.instance_v2( instance_type=instance_type, default_allowed_traffic=ec2.NatTrafficDirection.OUTBOUND_ONLY ) ec2.Vpc(self, "TheVPC", nat_gateway_provider=provider ) provider.connections.allow_from(ec2.Peer.ipv4("1.2.3.4/8"), ec2.Port.HTTP)
Attributes
- credit_specification
Specifying the CPU credit type for burstable EC2 instance types (T2, T3, T3a, etc).
The unlimited CPU credit option is not supported for T3 instances with dedicated host (
host
) tenancy.- Default:
T2 instances are standard, while T3, T4g, and T3a instances are unlimited.
- default_allowed_traffic
Direction to allow all traffic through the NAT instance by default.
By default, inbound and outbound traffic is allowed.
If you set this to another value than INBOUND_AND_OUTBOUND, you must configure the NAT instance’s security groups in another way, either by passing in a fully configured Security Group using the
securityGroup
property, or by configuring it using the.securityGroup
or.connections
members after passing the NAT Instance Provider to a Vpc.- Default:
NatTrafficDirection.INBOUND_AND_OUTBOUND
- instance_type
Instance type of the NAT instance.
- key_name
(deprecated) Name of SSH keypair to grant access to instance.
- Default:
No SSH access will be possible.
- Deprecated:
- Stability:
deprecated
- key_pair
The SSH keypair to grant access to the instance.
- Default:
No SSH access will be possible.
- machine_image
The machine image (AMI) to use.
By default, will do an AMI lookup for the latest NAT instance image.
If you have a specific AMI ID you want to use, pass a
GenericLinuxImage
. For example:ec2.NatProvider.instance( instance_type=ec2.InstanceType("t3.micro"), machine_image=ec2.GenericLinuxImage({ "us-east-2": "ami-0f9c61b5a562a16af" }) )
- Default:
Latest NAT instance image
- security_group
(deprecated) Security Group for NAT instances.
- Default:
A new security group will be created
- Deprecated:
Cannot create a new security group before the VPC is created,
and cannot create the VPC without the NAT provider. Set {@link defaultAllowedTraffic } to {@link NatTrafficDirection.NONE } and use {@link NatInstanceProviderV2.gatewayInstances } to retrieve the instances on the fly and add security groups
- Stability:
deprecated
Example:
nat_gateway_provider = ec2.NatProvider.instance_v2( instance_type=ec2.InstanceType("t3.small"), default_allowed_traffic=ec2.NatTrafficDirection.NONE ) vpc = ec2.Vpc(self, "Vpc", nat_gateway_provider=nat_gateway_provider) security_group = ec2.SecurityGroup(self, "SecurityGroup", vpc=vpc, allow_all_outbound=False ) security_group.add_egress_rule(ec2.Peer.any_ipv4(), ec2.Port.tcp(443)) for gateway_instance in nat_gateway_provider.gateway_instances: gateway_instance.add_security_group(security_group)
- user_data
Custom user data to run on the NAT instances.
- Default:
UserData.forLinux().addCommands(…NatInstanceProviderV2.DEFAULT_USER_DATA_COMMANDS); - Appropriate user data commands to initialize and configure the NAT instances
- See:
https://docs.aws.amazon.com/vpc/latest/userguide/VPC_NAT_Instance.html#create-nat-ami