NatInstanceProviderV2
- class aws_cdk.aws_ec2.NatInstanceProviderV2(*, instance_type, credit_specification=None, default_allowed_traffic=None, key_name=None, key_pair=None, machine_image=None, security_group=None, user_data=None)
Bases:
NatProvider
Modern NAT provider which uses NAT Instances.
The instance uses Amazon Linux 2023 as the operating system.
- ExampleMetadata:
infused
Example:
nat_gateway_provider = ec2.NatProvider.instance_v2( instance_type=ec2.InstanceType("t3.small"), default_allowed_traffic=ec2.NatTrafficDirection.NONE ) vpc = ec2.Vpc(self, "Vpc", nat_gateway_provider=nat_gateway_provider) security_group = ec2.SecurityGroup(self, "SecurityGroup", vpc=vpc, allow_all_outbound=False ) security_group.add_egress_rule(ec2.Peer.any_ipv4(), ec2.Port.tcp(443)) for gateway_instance in nat_gateway_provider.gateway_instances: gateway_instance.add_security_group(security_group)
- Parameters:
instance_type (
InstanceType
) – Instance type of the NAT instance.credit_specification (
Optional
[CpuCredits
]) – Specifying the CPU credit type for burstable EC2 instance types (T2, T3, T3a, etc). The unlimited CPU credit option is not supported for T3 instances with dedicated host (host
) tenancy. Default: - T2 instances are standard, while T3, T4g, and T3a instances are unlimited.default_allowed_traffic (
Optional
[NatTrafficDirection
]) – Direction to allow all traffic through the NAT instance by default. By default, inbound and outbound traffic is allowed. If you set this to another value than INBOUND_AND_OUTBOUND, you must configure the NAT instance’s security groups in another way, either by passing in a fully configured Security Group using thesecurityGroup
property, or by configuring it using the.securityGroup
or.connections
members after passing the NAT Instance Provider to a Vpc. Default: NatTrafficDirection.INBOUND_AND_OUTBOUNDkey_name (
Optional
[str
]) – (deprecated) Name of SSH keypair to grant access to instance. Default: - No SSH access will be possible.key_pair (
Optional
[IKeyPair
]) – The SSH keypair to grant access to the instance. Default: - No SSH access will be possible.machine_image (
Optional
[IMachineImage
]) – The machine image (AMI) to use. By default, will do an AMI lookup for the latest NAT instance image. If you have a specific AMI ID you want to use, pass aGenericLinuxImage
. For example:: ec2.NatProvider.instance({ instanceType: new ec2.InstanceType(‘t3.micro’), machineImage: new ec2.GenericLinuxImage({ ‘us-east-2’: ‘ami-0f9c61b5a562a16af’ }) }) Default: - Latest NAT instance imagesecurity_group (
Optional
[ISecurityGroup
]) – (deprecated) Security Group for NAT instances. Default: - A new security group will be createduser_data (
Optional
[UserData
]) – Custom user data to run on the NAT instances. Default: UserData.forLinux().addCommands(…NatInstanceProviderV2.DEFAULT_USER_DATA_COMMANDS); - Appropriate user data commands to initialize and configure the NAT instances
Methods
- configure_nat(*, nat_subnets, private_subnets, vpc)
Called by the VPC to configure NAT.
Don’t call this directly, the VPC will call it automatically.
- Parameters:
nat_subnets (
Sequence
[PublicSubnet
]) – The public subnets where the NAT providers need to be placed.private_subnets (
Sequence
[PrivateSubnet
]) – The private subnets that need to route through the NAT providers. There may be more private subnets than public subnets with NAT providers.vpc (
Vpc
) – The VPC we’re configuring NAT for.
- Return type:
None
- configure_subnet(subnet)
Configures subnet with the gateway.
Don’t call this directly, the VPC will call it automatically.
- Parameters:
subnet (
PrivateSubnet
) –- Return type:
None
Attributes
- DEFAULT_USER_DATA_COMMANDS = ['yum install iptables-services -y', 'systemctl enable iptables', 'systemctl start iptables', 'echo "net.ipv4.ip_forward=1" > /etc/sysctl.d/custom-ip-forwarding.conf', 'sudo sysctl -p /etc/sysctl.d/custom-ip-forwarding.conf', "sudo /sbin/iptables -t nat -A POSTROUTING -o $(route | awk '/^default/{print $NF}') -j MASQUERADE", 'sudo /sbin/iptables -F FORWARD', 'sudo service iptables save']
- configured_gateways
Return list of gateways spawned by the provider.
- connections
Manage the Security Groups associated with the NAT instances.
- gateway_instances
Array of gateway instances spawned by the provider after internal configuration.
- security_group
The Security Group associated with the NAT instances.
Static Methods
- classmethod gateway(*, eip_allocation_ids=None)
Use NAT Gateways to provide NAT services for your VPC.
NAT gateways are managed by AWS.
- Parameters:
eip_allocation_ids (
Optional
[Sequence
[str
]]) – EIP allocation IDs for the NAT gateways. Default: - No fixed EIPs allocated for the NAT gateways- See:
https://docs.aws.amazon.com/vpc/latest/userguide/vpc-nat-gateway.html
- Return type:
- classmethod instance(*, instance_type, credit_specification=None, default_allowed_traffic=None, key_name=None, key_pair=None, machine_image=None, security_group=None, user_data=None)
(deprecated) Use NAT instances to provide NAT services for your VPC.
NAT instances are managed by you, but in return allow more configuration.
Be aware that instances created using this provider will not be automatically replaced if they are stopped for any reason. You should implement your own NatProvider based on AutoScaling groups if you need that.
- Parameters:
instance_type (
InstanceType
) – Instance type of the NAT instance.credit_specification (
Optional
[CpuCredits
]) – Specifying the CPU credit type for burstable EC2 instance types (T2, T3, T3a, etc). The unlimited CPU credit option is not supported for T3 instances with dedicated host (host
) tenancy. Default: - T2 instances are standard, while T3, T4g, and T3a instances are unlimited.default_allowed_traffic (
Optional
[NatTrafficDirection
]) – Direction to allow all traffic through the NAT instance by default. By default, inbound and outbound traffic is allowed. If you set this to another value than INBOUND_AND_OUTBOUND, you must configure the NAT instance’s security groups in another way, either by passing in a fully configured Security Group using thesecurityGroup
property, or by configuring it using the.securityGroup
or.connections
members after passing the NAT Instance Provider to a Vpc. Default: NatTrafficDirection.INBOUND_AND_OUTBOUNDkey_name (
Optional
[str
]) – (deprecated) Name of SSH keypair to grant access to instance. Default: - No SSH access will be possible.key_pair (
Optional
[IKeyPair
]) – The SSH keypair to grant access to the instance. Default: - No SSH access will be possible.machine_image (
Optional
[IMachineImage
]) – The machine image (AMI) to use. By default, will do an AMI lookup for the latest NAT instance image. If you have a specific AMI ID you want to use, pass aGenericLinuxImage
. For example:: ec2.NatProvider.instance({ instanceType: new ec2.InstanceType(‘t3.micro’), machineImage: new ec2.GenericLinuxImage({ ‘us-east-2’: ‘ami-0f9c61b5a562a16af’ }) }) Default: - Latest NAT instance imagesecurity_group (
Optional
[ISecurityGroup
]) – (deprecated) Security Group for NAT instances. Default: - A new security group will be createduser_data (
Optional
[UserData
]) – Custom user data to run on the NAT instances. Default: UserData.forLinux().addCommands(…NatInstanceProviderV2.DEFAULT_USER_DATA_COMMANDS); - Appropriate user data commands to initialize and configure the NAT instances
- Deprecated:
- Return type:
use instanceV2. ‘instance’ is deprecated since NatInstanceProvider uses a instance image that has reached EOL on Dec 31 2023
- See:
https://docs.aws.amazon.com/vpc/latest/userguide/VPC_NAT_Instance.html
- Stability:
deprecated
- classmethod instance_v2(*, instance_type, credit_specification=None, default_allowed_traffic=None, key_name=None, key_pair=None, machine_image=None, security_group=None, user_data=None)
Use NAT instances to provide NAT services for your VPC.
NAT instances are managed by you, but in return allow more configuration.
Be aware that instances created using this provider will not be automatically replaced if they are stopped for any reason. You should implement your own NatProvider based on AutoScaling groups if you need that.
- Parameters:
instance_type (
InstanceType
) – Instance type of the NAT instance.credit_specification (
Optional
[CpuCredits
]) – Specifying the CPU credit type for burstable EC2 instance types (T2, T3, T3a, etc). The unlimited CPU credit option is not supported for T3 instances with dedicated host (host
) tenancy. Default: - T2 instances are standard, while T3, T4g, and T3a instances are unlimited.default_allowed_traffic (
Optional
[NatTrafficDirection
]) – Direction to allow all traffic through the NAT instance by default. By default, inbound and outbound traffic is allowed. If you set this to another value than INBOUND_AND_OUTBOUND, you must configure the NAT instance’s security groups in another way, either by passing in a fully configured Security Group using thesecurityGroup
property, or by configuring it using the.securityGroup
or.connections
members after passing the NAT Instance Provider to a Vpc. Default: NatTrafficDirection.INBOUND_AND_OUTBOUNDkey_name (
Optional
[str
]) – (deprecated) Name of SSH keypair to grant access to instance. Default: - No SSH access will be possible.key_pair (
Optional
[IKeyPair
]) – The SSH keypair to grant access to the instance. Default: - No SSH access will be possible.machine_image (
Optional
[IMachineImage
]) – The machine image (AMI) to use. By default, will do an AMI lookup for the latest NAT instance image. If you have a specific AMI ID you want to use, pass aGenericLinuxImage
. For example:: ec2.NatProvider.instance({ instanceType: new ec2.InstanceType(‘t3.micro’), machineImage: new ec2.GenericLinuxImage({ ‘us-east-2’: ‘ami-0f9c61b5a562a16af’ }) }) Default: - Latest NAT instance imagesecurity_group (
Optional
[ISecurityGroup
]) – (deprecated) Security Group for NAT instances. Default: - A new security group will be createduser_data (
Optional
[UserData
]) – Custom user data to run on the NAT instances. Default: UserData.forLinux().addCommands(…NatInstanceProviderV2.DEFAULT_USER_DATA_COMMANDS); - Appropriate user data commands to initialize and configure the NAT instances
- See:
https://docs.aws.amazon.com/vpc/latest/userguide/VPC_NAT_Instance.html
- Return type: