interface NatInstanceProps
Language | Type name |
---|---|
![]() | Amazon.CDK.AWS.EC2.NatInstanceProps |
![]() | github.com/aws/aws-cdk-go/awscdk/v2/awsec2#NatInstanceProps |
![]() | software.amazon.awscdk.services.ec2.NatInstanceProps |
![]() | aws_cdk.aws_ec2.NatInstanceProps |
![]() | aws-cdk-lib » aws_ec2 » NatInstanceProps |
Properties for a NAT instance.
Example
declare const instanceType: ec2.InstanceType;
const provider = ec2.NatProvider.instanceV2({
instanceType,
defaultAllowedTraffic: ec2.NatTrafficDirection.OUTBOUND_ONLY,
});
new ec2.Vpc(this, 'TheVPC', {
natGatewayProvider: provider,
});
provider.connections.allowFrom(ec2.Peer.ipv4('1.2.3.4/8'), ec2.Port.HTTP);
Properties
Name | Type | Description |
---|---|---|
instance | Instance | Instance type of the NAT instance. |
associate | boolean | Whether to associate a public IP address to the primary network interface attached to this instance. |
credit | Cpu | Specifying the CPU credit type for burstable EC2 instance types (T2, T3, T3a, etc). |
default | Nat | Direction to allow all traffic through the NAT instance by default. |
key | string | Name of SSH keypair to grant access to instance. |
key | IKey | The SSH keypair to grant access to the instance. |
machine | IMachine | The machine image (AMI) to use. |
security | ISecurity | Security Group for NAT instances. |
user | User | Custom user data to run on the NAT instances. |
instanceType
Type:
Instance
Instance type of the NAT instance.
associatePublicIpAddress?
Type:
boolean
(optional, default: undefined - No public IP address associated)
Whether to associate a public IP address to the primary network interface attached to this instance.
creditSpecification?
Type:
Cpu
(optional, default: T2 instances are standard, while T3, T4g, and T3a instances are unlimited.)
Specifying the CPU credit type for burstable EC2 instance types (T2, T3, T3a, etc).
The unlimited CPU credit option is not supported for T3 instances with dedicated host (host
) tenancy.
defaultAllowedTraffic?
Type:
Nat
(optional, default: NatTrafficDirection.INBOUND_AND_OUTBOUND)
Direction to allow all traffic through the NAT instance by default.
By default, inbound and outbound traffic is allowed.
If you set this to another value than INBOUND_AND_OUTBOUND, you must
configure the NAT instance's security groups in another way, either by
passing in a fully configured Security Group using the securityGroup
property, or by configuring it using the .securityGroup
or
.connections
members after passing the NAT Instance Provider to a Vpc.
keyName?
⚠️ Deprecated: - Use keyPair
instead - https://docs.aws.amazon.com/cdk/api/v2/docs/aws-cdk-lib.aws_ec2-readme.html#using-an-existing-ec2-key-pair
Type:
string
(optional, default: No SSH access will be possible.)
Name of SSH keypair to grant access to instance.
keyPair?
Type:
IKey
(optional, default: No SSH access will be possible.)
The SSH keypair to grant access to the instance.
machineImage?
Type:
IMachine
(optional, default: Latest NAT instance image)
The machine image (AMI) to use.
By default, will do an AMI lookup for the latest NAT instance image.
If you have a specific AMI ID you want to use, pass a GenericLinuxImage
. For example:
ec2.NatProvider.instance({
instanceType: new ec2.InstanceType('t3.micro'),
machineImage: new ec2.GenericLinuxImage({
'us-east-2': 'ami-0f9c61b5a562a16af'
})
})
securityGroup?
⚠️ Deprecated: - Cannot create a new security group before the VPC is created, and cannot create the VPC without the NAT provider. Set {@link defaultAllowedTraffic } to {@link NatTrafficDirection.NONE } and use {@link NatInstanceProviderV2.gatewayInstances } to retrieve the instances on the fly and add security groups
Type:
ISecurity
(optional, default: A new security group will be created)
Security Group for NAT instances. Example
const natGatewayProvider = ec2.NatProvider.instanceV2({
instanceType: new ec2.InstanceType('t3.small'),
defaultAllowedTraffic: ec2.NatTrafficDirection.NONE,
});
const vpc = new ec2.Vpc(this, 'Vpc', { natGatewayProvider });
const securityGroup = new ec2.SecurityGroup(this, 'SecurityGroup', {
vpc,
allowAllOutbound: false,
});
securityGroup.addEgressRule(ec2.Peer.anyIpv4(), ec2.Port.tcp(443));
for (const gatewayInstance of natGatewayProvider.gatewayInstances) {
gatewayInstance.addSecurityGroup(securityGroup);
}
userData?
Type:
User
(optional, default: UserData.forLinux().addCommands(...NatInstanceProviderV2.DEFAULT_USER_DATA_COMMANDS); - Appropriate user data commands to initialize and configure the NAT instances)
Custom user data to run on the NAT instances.