class PrivateSubnet (construct)
| Language | Type name |
|---|---|
 .NET | Amazon.CDK.AWS.EC2.PrivateSubnet |
 Go | github.com/aws/aws-cdk-go/awscdk/v2/awsec2#PrivateSubnet |
 Java | software.amazon.awscdk.services.ec2.PrivateSubnet |
 Python | aws_cdk.aws_ec2.PrivateSubnet |
 TypeScript (source) | aws-cdk-lib » aws_ec2 » PrivateSubnet |
Implements
IConstruct, IDependable, IResource, ISubnet, IPrivate
Represents a private VPC subnet resource.
Example
// The code below shows an example of how to instantiate this type.
// The values are placeholders you should change.
import { aws_ec2 as ec2 } from 'aws-cdk-lib';
const privateSubnet = new ec2.PrivateSubnet(this, 'MyPrivateSubnet', {
availabilityZone: 'availabilityZone',
cidrBlock: 'cidrBlock',
vpcId: 'vpcId',
// the properties below are optional
assignIpv6AddressOnCreation: false,
ipv6CidrBlock: 'ipv6CidrBlock',
mapPublicIpOnLaunch: false,
});
Initializer
new PrivateSubnet(scope: Construct, id: string, props: PrivateSubnetProps)
Parameters
- scope
Construct - id
string - props
PrivateSubnet Props
Construct Props
| Name | Type | Description |
|---|---|---|
| availability | string | The availability zone for the subnet. |
| cidr | string | The CIDR notation for this subnet. |
| vpc | string | The VPC which this subnet is part of. |
| assign | boolean | Indicates whether a network interface created in this subnet receives an IPv6 address. |
| ipv6 | string | The IPv6 CIDR block. |
| map | boolean | Controls if a public IP is associated to an instance at launch. |
availabilityZone
Type:
string
The availability zone for the subnet.
cidrBlock
Type:
string
The CIDR notation for this subnet.
vpcId
Type:
string
The VPC which this subnet is part of.
assignIpv6AddressOnCreation?
Type:
boolean
(optional, default: false)
Indicates whether a network interface created in this subnet receives an IPv6 address.
If you specify AssignIpv6AddressOnCreation, you must also specify Ipv6CidrBlock.
ipv6CidrBlock?
Type:
string
(optional, default: no IPv6 CIDR block.)
The IPv6 CIDR block.
If you specify AssignIpv6AddressOnCreation, you must also specify Ipv6CidrBlock.
mapPublicIpOnLaunch?
Type:
boolean
(optional, default: true in Subnet.Public, false in Subnet.Private or Subnet.Isolated.)
Controls if a public IP is associated to an instance at launch.
Properties
| Name | Type | Description |
|---|---|---|
| availability | string | The Availability Zone the subnet is located in. |
| dependency | IDependable[] | Parts of this VPC subnet. |
| env | Resource | The environment this resource belongs to. |
| internet | IDependable | Dependable that can be depended upon to force internet connectivity established on the VPC. |
| ipv4 | string | The IPv4 CIDR block for this subnet. |
| network | INetwork | Network ACL associated with this Subnet. |
| node | Node | The tree node. |
| route | IRoute | The routeTableId attached to this subnet. |
| stack | Stack | The stack in which this resource is defined. |
| subnet | string | |
| subnet | string | The subnetId for this particular subnet. |
| subnet | string[] | |
| subnet | string | |
| subnet | string | The Amazon Resource Name (ARN) of the Outpost for this subnet (if one exists). |
| subnet | string |
availabilityZone
Type:
string
The Availability Zone the subnet is located in.
dependencyElements
Type:
IDependable[]
Parts of this VPC subnet.
env
Type:
Resource
The environment this resource belongs to.
For resources that are created and managed by the CDK (generally, those created by creating new class instances like Role, Bucket, etc.), this is always the same as the environment of the stack they belong to; however, for imported resources (those obtained from static methods like fromRoleArn, fromBucketName, etc.), that might be different than the stack they were imported into.
internetConnectivityEstablished
Type:
IDependable
Dependable that can be depended upon to force internet connectivity established on the VPC.
ipv4CidrBlock
Type:
string
The IPv4 CIDR block for this subnet.
networkAcl
Type:
INetwork
Network ACL associated with this Subnet.
Upon creation, this is the default ACL which allows all traffic, except explicit DENY entries that you add.
You can replace it with a custom ACL which denies all traffic except
the explicit ALLOW entries that you add by creating a NetworkAcl
object and calling associateNetworkAcl().
node
Type:
Node
The tree node.
routeTable
Type:
IRoute
The routeTableId attached to this subnet.
stack
Type:
Stack
The stack in which this resource is defined.
subnetAvailabilityZone
Type:
string
subnetId
Type:
string
The subnetId for this particular subnet.
subnetIpv6CidrBlocks
Type:
string[]
subnetNetworkAclAssociationId
Type:
string
subnetOutpostArn
Type:
string
The Amazon Resource Name (ARN) of the Outpost for this subnet (if one exists).
subnetVpcId
Type:
string
Methods
| Name | Description |
|---|---|
| add | Create a default route that points to a passed IGW, with a dependency on the IGW's attachment to the VPC. |
| add | Adds an entry to this subnets route table that points to the passed NATGatewayId. |
| add | Create a default IPv6 route that points to a passed EIGW. |
| add | Create a default IPv6 route that points to a passed IGW. |
| add | Adds an entry to this subnets route table that points to the passed NATGatewayId. |
| add | Adds an entry to this subnets route table. |
| apply | Apply the given removal policy to this resource. |
| associate | Associate a Network ACL with this subnet. |
| to | Returns a string representation of this construct. |
| static from |
addDefaultInternetRoute(gatewayId, gatewayAttachment)
public addDefaultInternetRoute(gatewayId: string, gatewayAttachment: IDependable): void
Parameters
- gatewayId
string— the logical ID (ref) of the gateway attached to your VPC. - gatewayAttachment
IDependable— the gateway attachment construct to be added as a dependency.
Create a default route that points to a passed IGW, with a dependency on the IGW's attachment to the VPC.
addDefaultNatRoute(natGatewayId)
public addDefaultNatRoute(natGatewayId: string): void
Parameters
- natGatewayId
string— The ID of the NAT gateway.
Adds an entry to this subnets route table that points to the passed NATGatewayId.
addIpv6DefaultEgressOnlyInternetRoute(gatewayId)
public addIpv6DefaultEgressOnlyInternetRoute(gatewayId: string): void
Parameters
- gatewayId
string— the logical ID (ref) of the gateway attached to your VPC.
Create a default IPv6 route that points to a passed EIGW.
addIpv6DefaultInternetRoute(gatewayId)
public addIpv6DefaultInternetRoute(gatewayId: string): void
Parameters
- gatewayId
string— the logical ID (ref) of the gateway attached to your VPC.
Create a default IPv6 route that points to a passed IGW.
addIpv6Nat64Route(natGatewayId)
public addIpv6Nat64Route(natGatewayId: string): void
Parameters
- natGatewayId
string— The ID of the NAT gateway.
Adds an entry to this subnets route table that points to the passed NATGatewayId.
Uses the known 64:ff9b::/96 prefix.
addRoute(id, options)
public addRoute(id: string, options: AddRouteOptions): void
Parameters
- id
string - options
AddRoute Options
Adds an entry to this subnets route table.
applyRemovalPolicy(policy)
public applyRemovalPolicy(policy: RemovalPolicy): void
Parameters
- policy
RemovalPolicy
Apply the given removal policy to this resource.
The Removal Policy controls what happens to this resource when it stops being managed by CloudFormation, either because you've removed it from the CDK application or because you've made a change that requires the resource to be replaced.
The resource can be deleted (RemovalPolicy.DESTROY), or left in your AWS
account for data recovery and cleanup later (RemovalPolicy.RETAIN).
associateNetworkAcl(id, networkAcl)
public associateNetworkAcl(id: string, networkAcl: INetworkAcl): void
Parameters
- id
string - networkAcl
INetworkAcl
Associate a Network ACL with this subnet.
toString()
public toString(): string
Returns
string
Returns a string representation of this construct.
static fromPrivateSubnetAttributes(scope, id, attrs)
public static fromPrivateSubnetAttributes(scope: Construct, id: string, attrs: PrivateSubnetAttributes): IPrivateSubnet
Parameters
- scope
Construct - id
string - attrs
PrivateSubnet Attributes
Returns