class InterfaceVpcEndpoint (construct)
Language | Type name |
---|---|
![]() | Amazon.CDK.AWS.EC2.InterfaceVpcEndpoint |
![]() | github.com/aws/aws-cdk-go/awscdk/v2/awsec2#InterfaceVpcEndpoint |
![]() | software.amazon.awscdk.services.ec2.InterfaceVpcEndpoint |
![]() | aws_cdk.aws_ec2.InterfaceVpcEndpoint |
![]() | aws-cdk-lib » aws_ec2 » InterfaceVpcEndpoint |
Implements
IConstruct
, IDependable
, IResource
, IVpc
, IInterface
, IConnectable
A interface VPC endpoint.
Example
declare const vpc: ec2.Vpc;
new ec2.InterfaceVpcEndpoint(this, 'VPC Endpoint', {
vpc,
service: new ec2.InterfaceVpcEndpointService('com.amazonaws.vpce.us-east-1.vpce-svc-uuddlrlrbastrtsvc', 443),
subnets: {
subnetType: ec2.SubnetType.PRIVATE_ISOLATED,
availabilityZones: ['us-east-1a', 'us-east-1c']
}
});
Initializer
new InterfaceVpcEndpoint(scope: Construct, id: string, props: InterfaceVpcEndpointProps)
Parameters
- scope
Construct
- id
string
- props
Interface
Vpc Endpoint Props
Construct Props
Name | Type | Description |
---|---|---|
service | IInterface | The service to use for this interface VPC endpoint. |
vpc | IVpc | The VPC network in which the interface endpoint will be used. |
lookup | boolean | Limit to only those availability zones where the endpoint service can be created. |
open? | boolean | Whether to automatically allow VPC traffic to the endpoint. |
private | boolean | Whether to associate a private hosted zone with the specified VPC. |
security | ISecurity [] | The security groups to associate with this interface VPC endpoint. |
subnets? | Subnet | The subnets in which to create an endpoint network interface. |
service
Type:
IInterface
The service to use for this interface VPC endpoint.
vpc
Type:
IVpc
The VPC network in which the interface endpoint will be used.
lookupSupportedAzs?
Type:
boolean
(optional, default: false)
Limit to only those availability zones where the endpoint service can be created.
Setting this to 'true' requires a lookup to be performed at synthesis time. Account and region must be set on the containing stack for this to work.
open?
Type:
boolean
(optional, default: true)
Whether to automatically allow VPC traffic to the endpoint.
If enabled, all traffic to the endpoint from within the VPC will be automatically allowed. This is done based on the VPC's CIDR range.
privateDnsEnabled?
Type:
boolean
(optional, default: set by the instance of IInterfaceVpcEndpointService, or true if
not defined by the instance of IInterfaceVpcEndpointService)
Whether to associate a private hosted zone with the specified VPC.
This allows you to make requests to the service using its default DNS hostname.
securityGroups?
Type:
ISecurity
[]
(optional, default: a new security group is created)
The security groups to associate with this interface VPC endpoint.
subnets?
Type:
Subnet
(optional, default: private subnets)
The subnets in which to create an endpoint network interface.
At most one per availability zone.
Properties
Name | Type | Description |
---|---|---|
connections | Connections | Access to network connections. |
env | Resource | The environment this resource belongs to. |
node | Node | The tree node. |
stack | Stack | The stack in which this resource is defined. |
vpc | string | The date and time the interface VPC endpoint was created. |
vpc | string[] | The DNS entries for the interface VPC endpoint. |
vpc | string | The interface VPC endpoint identifier. |
vpc | string[] | One or more network interfaces for the interface VPC endpoint. |
connections
Type:
Connections
Access to network connections.
env
Type:
Resource
The environment this resource belongs to.
For resources that are created and managed by the CDK (generally, those created by creating new class instances like Role, Bucket, etc.), this is always the same as the environment of the stack they belong to; however, for imported resources (those obtained from static methods like fromRoleArn, fromBucketName, etc.), that might be different than the stack they were imported into.
node
Type:
Node
The tree node.
stack
Type:
Stack
The stack in which this resource is defined.
vpcEndpointCreationTimestamp
Type:
string
The date and time the interface VPC endpoint was created.
vpcEndpointDnsEntries
Type:
string[]
The DNS entries for the interface VPC endpoint.
Each entry is a combination of the hosted zone ID and the DNS name. The entries are ordered as follows: regional public DNS, zonal public DNS, private DNS, and wildcard DNS. This order is not enforced for AWS Marketplace services.
The following is an example. In the first entry, the hosted zone ID is Z1HUB23UULQXV and the DNS name is vpce-01abc23456de78f9g-12abccd3.ec2.us-east-1.vpce.amazonaws.com.
["Z1HUB23UULQXV:vpce-01abc23456de78f9g-12abccd3.ec2.us-east-1.vpce.amazonaws.com", "Z1HUB23UULQXV:vpce-01abc23456de78f9g-12abccd3-us-east-1a.ec2.us-east-1.vpce.amazonaws.com", "Z1C12344VYDITB0:ec2.us-east-1.amazonaws.com"]
If you update the PrivateDnsEnabled or SubnetIds properties, the DNS entries in the list will change.
vpcEndpointId
Type:
string
The interface VPC endpoint identifier.
vpcEndpointNetworkInterfaceIds
Type:
string[]
One or more network interfaces for the interface VPC endpoint.
Methods
Name | Description |
---|---|
add | Adds a statement to the policy document of the VPC endpoint. The statement must have a Principal. |
apply | Apply the given removal policy to this resource. |
to | Returns a string representation of this construct. |
static from | Imports an existing interface VPC endpoint. |
addToPolicy(statement)
public addToPolicy(statement: PolicyStatement): void
Parameters
- statement
Policy
— the IAM statement to add.Statement
Adds a statement to the policy document of the VPC endpoint. The statement must have a Principal.
Not all interface VPC endpoints support policy. For more information see https://docs.aws.amazon.com/vpc/latest/userguide/vpce-interface.html
applyRemovalPolicy(policy)
public applyRemovalPolicy(policy: RemovalPolicy): void
Parameters
- policy
Removal
Policy
Apply the given removal policy to this resource.
The Removal Policy controls what happens to this resource when it stops being managed by CloudFormation, either because you've removed it from the CDK application or because you've made a change that requires the resource to be replaced.
The resource can be deleted (RemovalPolicy.DESTROY
), or left in your AWS
account for data recovery and cleanup later (RemovalPolicy.RETAIN
).
toString()
public toString(): string
Returns
string
Returns a string representation of this construct.
static fromInterfaceVpcEndpointAttributes(scope, id, attrs)
public static fromInterfaceVpcEndpointAttributes(scope: Construct, id: string, attrs: InterfaceVpcEndpointAttributes): IInterfaceVpcEndpoint
Parameters
- scope
Construct
- id
string
- attrs
Interface
Vpc Endpoint Attributes
Returns
Imports an existing interface VPC endpoint.