enum SubnetType
| Language | Type name |
|---|---|
 .NET | Amazon.CDK.AWS.EC2.SubnetType |
 Java | software.amazon.awscdk.services.ec2.SubnetType |
 Python | aws_cdk.aws_ec2.SubnetType |
 TypeScript (source) | @aws-cdk/aws-ec2 » SubnetType |
The type of Subnet.
Example
declare const vpc: ec2.Vpc;
const cluster = new docdb.DatabaseCluster(this, 'Database', {
masterUser: {
username: 'myuser', // NOTE: 'admin' is reserved by DocumentDB
excludeCharacters: '\"@/:', // optional, defaults to the set "\"@/" and is also used for eventually created rotations
secretName: '/myapp/mydocdb/masteruser', // optional, if you prefer to specify the secret name
},
instanceType: ec2.InstanceType.of(ec2.InstanceClass.R5, ec2.InstanceSize.LARGE),
vpcSubnets: {
subnetType: ec2.SubnetType.PUBLIC,
},
vpc,
});
Members
| Name | Description |
|---|---|
| ISOLATED | Isolated Subnets do not route traffic to the Internet (in this VPC), and as such, do not require NAT gateways. |
| PRIVATE_ISOLATED | Isolated Subnets do not route traffic to the Internet (in this VPC), and as such, do not require NAT gateways. |
| PRIVATE | Subnet that routes to the internet, but not vice versa. |
| PRIVATE_WITH_NAT | Subnet that routes to the internet (via a NAT gateway), but not vice versa. |
| PUBLIC | Subnet connected to the Internet. |
ISOLATED
Isolated Subnets do not route traffic to the Internet (in this VPC), and as such, do not require NAT gateways.
Isolated subnets can only connect to or be connected to from other instances in the same VPC. A default VPC configuration will not include isolated subnets.
This can be good for subnets with RDS or Elasticache instances, or which route Internet traffic through a peer VPC.
PRIVATE_ISOLATED
Isolated Subnets do not route traffic to the Internet (in this VPC), and as such, do not require NAT gateways.
Isolated subnets can only connect to or be connected to from other instances in the same VPC. A default VPC configuration will not include isolated subnets.
This can be good for subnets with RDS or Elasticache instances, or which route Internet traffic through a peer VPC.
PRIVATE
Subnet that routes to the internet, but not vice versa.
Instances in a private subnet can connect to the Internet, but will not
allow connections to be initiated from the Internet. NAT Gateway(s) are
required with this subnet type to route the Internet traffic through.
If a NAT Gateway is not required or desired, use SubnetType.PRIVATE_ISOLATED instead.
By default, a NAT gateway is created in every public subnet for maximum availability. Be aware that you will be charged for NAT gateways.
Normally a Private subnet will use a NAT gateway in the same AZ, but
if natGateways is used to reduce the number of NAT gateways, a NAT
gateway from another AZ will be used instead.
PRIVATE_WITH_NAT
Subnet that routes to the internet (via a NAT gateway), but not vice versa.
Instances in a private subnet can connect to the Internet, but will not
allow connections to be initiated from the Internet. NAT Gateway(s) are
required with this subnet type to route the Internet traffic through.
If a NAT Gateway is not required or desired, use SubnetType.PRIVATE_ISOLATED instead.
By default, a NAT gateway is created in every public subnet for maximum availability. Be aware that you will be charged for NAT gateways.
Normally a Private subnet will use a NAT gateway in the same AZ, but
if natGateways is used to reduce the number of NAT gateways, a NAT
gateway from another AZ will be used instead.
PUBLIC
Subnet connected to the Internet.
Instances in a Public subnet can connect to the Internet and can be connected to from the Internet as long as they are launched with public IPs (controlled on the AutoScalingGroup or other constructs that launch instances).
Public subnets route outbound traffic via an Internet Gateway.