StaticPrivateIpServer

class aws_rfdk.StaticPrivateIpServer(scope, id, *, instance_type, machine_image, vpc, block_devices=None, key_name=None, private_ip_address=None, resource_signal_timeout=None, role=None, security_group=None, user_data=None, vpc_subnets=None)

Bases: constructs.Construct

This construct provides a single instance, provided by an Auto Scaling Group (ASG), that has an attached Elastic Network Interface (ENI) that is providing a private ip address.

This ENI is automatically re-attached to the instance if the instance is replaced by the ASG.

The ENI provides an unchanging private IP address that can always be used to connect to the instance regardless of how many times the instance has been replaced. Furthermore, the ENI has a MAC address that remains unchanged unless the ENI is destroyed.

Essentially, this provides an instance with an unchanging private IP address that will automatically recover from termination. This instance is suitable for use as an application server, such as a license server, that must always be reachable by the same IP address.

Resources Deployed

  • Auto Scaling Group (ASG) with min & max capacity of 1 instance.

  • Elastic Network Interface (ENI).

  • Security Group for the ASG.

  • Instance Role and corresponding IAM Policy.

  • SNS Topic & Role for instance-launch lifecycle events – max one of each per stack.

  • Lambda function, with role, to attach the ENI in response to instance-launch lifecycle events – max one per stack.

Security Considerations

  • The AWS Lambda that is deployed through this construct will be created from a deployment package that is uploaded to your CDK bootstrap bucket during deployment. You must limit write access to your CDK bootstrap bucket to prevent an attacker from modifying the actions performed by this Lambda. We strongly recommend that you either enable Amazon S3 server access logging on your CDK bootstrap bucket, or enable AWS CloudTrail on your account to assist in post-incident analysis of compromised production environments.

  • The AWS Lambda that is deployed through this construct has broad IAM permissions to attach any Elastic Network Interface (ENI) to any instance. You should not grant any additional actors/principals the ability to modify or execute this Lambda.

  • The SNS Topic that is deployed through this construct controls the execution of the Lambda discussed above. Principals that can publish messages to this SNS Topic will be able to trigger the Lambda to run. You should not allow any additional principals to publish messages to this SNS Topic.

Parameters

  • scope (Construct) –

  • id (str) –

  • instance_type (InstanceType) – The type of instance to launch.

  • machine_image (IMachineImage) – The AMI to launch the instance with.

  • vpc (IVpc) – VPC in which to launch the instance.

  • block_devices (Optional[Sequence[Union[BlockDevice, Dict[str, Any]]]]) – Specifies how block devices are exposed to the instance. You can specify virtual devices and EBS volumes. Each instance that is launched has an associated root device volume, either an Amazon EBS volume or an instance store volume. You can use block device mappings to specify additional EBS volumes or instance store volumes to attach to an instance when it is launched. Default: Uses the block device mapping of the AMI.

  • key_name (Optional[str]) – Name of the EC2 SSH keypair to grant access to the instance. Default: No SSH access will be possible.

  • private_ip_address (Optional[str]) – The specific private IP address to assign to the Elastic Network Interface of this instance. Default: An IP address is randomly assigned from the subnet.

  • resource_signal_timeout (Optional[Duration]) – The length of time to wait for the instance to signal successful deployment during the initial deployment, or update, of your stack. The maximum value is 12 hours. Default: The deployment does not require a success signal from the instance.

  • role (Optional[IRole]) – An IAM role to associate with the instance profile that is assigned to this instance. The role must be assumable by the service principal ec2.amazonaws.com Default: A role will automatically be created, it can be accessed via the role property.

  • security_group (Optional[ISecurityGroup]) – The security group to assign to this instance. Default: A new security group is created for this instance.

  • user_data (Optional[UserData]) – Specific UserData to use. UserData is a script that is run automatically by the instance the very first time that a new instance is started. The UserData may be mutated after creation. Default: A UserData that is appropriate to the {@link machineImage }’s operating system is created.

  • vpc_subnets (Union[SubnetSelection, Dict[str, Any], None]) – Where to place the instance within the VPC. Default: The instance is placed within a Private subnet.

Methods

to_string()

Returns a string representation of this construct.

Return type

str

Attributes

autoscaling_group

The Auto Scaling Group that contains the instance this construct creates.

Return type

AutoScalingGroup

connections

Allows for providing security group connections to/from this instance.

Return type

Connections

grant_principal

The principal to grant permission to.

Granting permissions to this principal will grant those permissions to the instance role.

Return type

IPrincipal

node

The tree node.

Return type

Node

os_type

The type of operating system that the instance is running.

Return type

OperatingSystemType

private_ip_address

The Private IP address that has been assigned to the ENI.

Return type

str

role

The IAM role that is assumed by the instance.

Return type

IRole

user_data

The UserData for this instance.

UserData is a script that is run automatically by the instance the very first time that a new instance is started.

Return type

UserData

Static Methods

classmethod is_construct(x)

Checks if x is a construct.

Use this method instead of instanceof to properly detect Construct instances, even when the construct library is symlinked.

Explanation: in JavaScript, multiple copies of the constructs library on disk are seen as independent, completely different libraries. As a consequence, the class Construct in each copy of the constructs library is seen as a different class, and an instance of one class will not test as instanceof the other class. npm install will not create installations like this, but users may manually symlink construct libraries together or use a monorepo tool: in those cases, multiple copies of the constructs library can be accidentally installed, and instanceof will behave unpredictably. It is safest to avoid using instanceof, and using this type-testing method instead.

Parameters

x (Any) – Any object.

Return type

bool

Returns

true if x is an object created from a class which extends Construct.