Package software.amazon.awscdk.services.ec2.alpha
Amazon VpcV2 Construct Library
---
The APIs of higher level constructs in this module are experimental and under active development. They are subject to non-backward compatible changes or removal in any future version. These are not subject to the Semantic Versioning model and breaking changes will be announced in the release notes. This means that while you may use them, you may need to update your source code when upgrading to a newer version of this package.
VpcV2
VpcV2
is a re-write of the ec2.Vpc
construct. This new construct enables higher level of customization
on the VPC being created. VpcV2
implements the existing IVpc
, therefore,
VpcV2
is compatible with other constructs that accepts IVpc
(e.g. ApplicationLoadBalancer
).
To create a VPC with both IPv4 and IPv6 support:
Stack stack = new Stack(); VpcV2.Builder.create(this, "Vpc") .primaryAddressBlock(IpAddresses.ipv4("10.0.0.0/24")) .secondaryAddressBlocks(List.of(IpAddresses.amazonProvidedIpv6(SecondaryAddressProps.builder().cidrBlockName("AmazonProvidedIpv6").build()))) .build();
VpcV2
does not automatically create subnets or allocate IP addresses, which is different from the Vpc
construct.
SubnetV2
SubnetV2
is a re-write of the ec2.Subnet
construct.
This new construct can be used to add subnets to a VpcV2
instance:
Stack stack = new Stack(); VpcV2 myVpc = VpcV2.Builder.create(this, "Vpc") .secondaryAddressBlocks(List.of(IpAddresses.amazonProvidedIpv6(SecondaryAddressProps.builder().cidrBlockName("AmazonProvidedIp").build()))) .build(); SubnetV2.Builder.create(this, "subnetA") .vpc(myVpc) .availabilityZone("us-east-1a") .ipv4CidrBlock(new IpCidr("10.0.0.0/24")) .ipv6CidrBlock(new IpCidr("2a05:d02c:25:4000::/60")) .subnetType(SubnetType.PRIVATE_ISOLATED) .build();
IP Addresses Management
By default VpcV2
uses 10.0.0.0/16
as the primary CIDR if none is defined.
Additional CIDRs can be adding to the VPC via the secondaryAddressBlocks
prop.
The following example illustrates the different options of defining the address blocks:
Stack stack = new Stack(); Ipam ipam = Ipam.Builder.create(this, "Ipam") .operatingRegion(List.of("us-west-1")) .build(); IIpamPool ipamPublicPool = ipam.publicScope.addPool("PublicPoolA", PoolOptions.builder() .addressFamily(AddressFamily.IP_V6) .awsService(AwsServiceName.EC2) .locale("us-west-1") .publicIpSource(IpamPoolPublicIpSource.AMAZON) .build()); ipamPublicPool.provisionCidr("PublicPoolACidrA", IpamPoolCidrProvisioningOptions.builder().netmaskLength(52).build()); IIpamPool ipamPrivatePool = ipam.privateScope.addPool("PrivatePoolA", PoolOptions.builder() .addressFamily(AddressFamily.IP_V4) .build()); ipamPrivatePool.provisionCidr("PrivatePoolACidrA", IpamPoolCidrProvisioningOptions.builder().netmaskLength(8).build()); VpcV2.Builder.create(this, "Vpc") .primaryAddressBlock(IpAddresses.ipv4("10.0.0.0/24")) .secondaryAddressBlocks(List.of(IpAddresses.amazonProvidedIpv6(SecondaryAddressProps.builder().cidrBlockName("AmazonIpv6").build()), IpAddresses.ipv6Ipam(IpamOptions.builder() .ipamPool(ipamPublicPool) .netmaskLength(52) .cidrBlockName("ipv6Ipam") .build()), IpAddresses.ipv4Ipam(IpamOptions.builder() .ipamPool(ipamPrivatePool) .netmaskLength(8) .cidrBlockName("ipv4Ipam") .build()))) .build();
Since VpcV2
does not create subnets automatically, users have full control over IP addresses allocation across subnets.
Routing
RouteTable
is a new construct that allows for route tables to be customized in a variety of ways. For instance, the following example shows how a custom route table can be created and appended to a subnet:
VpcV2 myVpc = new VpcV2(this, "Vpc"); RouteTable routeTable = RouteTable.Builder.create(this, "RouteTable") .vpc(myVpc) .build(); SubnetV2 subnet = SubnetV2.Builder.create(this, "Subnet") .vpc(myVpc) .routeTable(routeTable) .availabilityZone("eu-west-2a") .ipv4CidrBlock(new IpCidr("10.0.0.0/24")) .subnetType(SubnetType.PRIVATE_ISOLATED) .build();
Routes
can be created to link subnets to various different AWS services via gateways and endpoints. Each unique route target has its own dedicated construct that can be routed to a given subnet via the Route
construct. An example using the InternetGateway
construct can be seen below:
Stack stack = new Stack(); VpcV2 myVpc = new VpcV2(this, "Vpc"); RouteTable routeTable = RouteTable.Builder.create(this, "RouteTable") .vpc(myVpc) .build(); SubnetV2 subnet = SubnetV2.Builder.create(this, "Subnet") .vpc(myVpc) .availabilityZone("eu-west-2a") .ipv4CidrBlock(new IpCidr("10.0.0.0/24")) .subnetType(SubnetType.PRIVATE_ISOLATED) .build(); InternetGateway igw = InternetGateway.Builder.create(this, "IGW") .vpc(myVpc) .build(); Route.Builder.create(this, "IgwRoute") .routeTable(routeTable) .destination("0.0.0.0/0") .target(Map.of("gateway", igw)) .build();
Alternatively, Routes
can also be created via method addRoute
in the RouteTable
class. An example using the EgressOnlyInternetGateway
construct can be seen below:
Note: EgressOnlyInternetGateway
can only be used to set up outbound IPv6 routing.
Stack stack = new Stack(); VpcV2 myVpc = VpcV2.Builder.create(this, "Vpc") .primaryAddressBlock(IpAddresses.ipv4("10.1.0.0/16")) .secondaryAddressBlocks(List.of(IpAddresses.amazonProvidedIpv6(SecondaryAddressProps.builder() .cidrBlockName("AmazonProvided") .build()))) .build(); EgressOnlyInternetGateway eigw = EgressOnlyInternetGateway.Builder.create(this, "EIGW") .vpc(myVpc) .build(); RouteTable routeTable = RouteTable.Builder.create(this, "RouteTable") .vpc(myVpc) .build(); routeTable.addRoute("EIGW", "::/0", Map.of("gateway", eigw));
Other route targets may require a deeper set of parameters to set up properly. For instance, the example below illustrates how to set up a NatGateway
:
VpcV2 myVpc = new VpcV2(this, "Vpc"); RouteTable routeTable = RouteTable.Builder.create(this, "RouteTable") .vpc(myVpc) .build(); SubnetV2 subnet = SubnetV2.Builder.create(this, "Subnet") .vpc(myVpc) .availabilityZone("eu-west-2a") .ipv4CidrBlock(new IpCidr("10.0.0.0/24")) .subnetType(SubnetType.PRIVATE_ISOLATED) .build(); NatGateway natgw = NatGateway.Builder.create(this, "NatGW") .subnet(subnet) .vpc(myVpc) .connectivityType(NatConnectivityType.PRIVATE) .privateIpAddress("10.0.0.42") .build(); Route.Builder.create(this, "NatGwRoute") .routeTable(routeTable) .destination("0.0.0.0/0") .target(Map.of("gateway", natgw)) .build();
It is also possible to set up endpoints connecting other AWS services. For instance, the example below illustrates the linking of a Dynamo DB endpoint via the existing ec2.GatewayVpcEndpoint
construct as a route target:
Stack stack = new Stack(); VpcV2 myVpc = new VpcV2(this, "Vpc"); RouteTable routeTable = RouteTable.Builder.create(this, "RouteTable") .vpc(myVpc) .build(); SubnetV2 subnet = SubnetV2.Builder.create(this, "Subnet") .vpc(myVpc) .availabilityZone("eu-west-2a") .ipv4CidrBlock(new IpCidr("10.0.0.0/24")) .subnetType(SubnetType.PRIVATE) .build(); GatewayVpcEndpoint dynamoEndpoint = GatewayVpcEndpoint.Builder.create(this, "DynamoEndpoint") .service(GatewayVpcEndpointAwsService.DYNAMODB) .vpc(myVpc) .subnets(List.of(subnet)) .build(); Route.Builder.create(this, "DynamoDBRoute") .routeTable(routeTable) .destination("0.0.0.0/0") .target(Map.of("endpoint", dynamoEndpoint)) .build();
VPC Peering Connection
VPC peering connection allows you to connect two VPCs and route traffic between them using private IP addresses. The VpcV2 construct supports creating VPC peering connections through the VPCPeeringConnection
construct from the route
module.
Peering Connection cannot be established between two VPCs with overlapping CIDR ranges. Please make sure the two VPC CIDRs do not overlap with each other else it will throw an error.
For more information, see What is VPC peering?.
The following show examples of how to create a peering connection between two VPCs for all possible combinations of same-account or cross-account, and same-region or cross-region configurations.
Note: You cannot create a VPC peering connection between VPCs that have matching or overlapping CIDR blocks
Case 1: Same Account and Same Region Peering Connection
Stack stack = new Stack(); VpcV2 vpcA = VpcV2.Builder.create(this, "VpcA") .primaryAddressBlock(IpAddresses.ipv4("10.0.0.0/16")) .build(); VpcV2 vpcB = VpcV2.Builder.create(this, "VpcB") .primaryAddressBlock(IpAddresses.ipv4("10.1.0.0/16")) .build(); VPCPeeringConnection peeringConnection = vpcA.createPeeringConnection("sameAccountSameRegionPeering", VPCPeeringConnectionOptions.builder() .acceptorVpc(vpcB) .build());
Case 2: Same Account and Cross Region Peering Connection
There is no difference from Case 1 when calling createPeeringConnection
. The only change is that one of the VPCs are created in another stack with a different region. To establish cross region VPC peering connection, acceptorVpc needs to be imported to the requestor VPC stack using fromVpcV2Attributes
method.
App app = new App(); Stack stackA = Stack.Builder.create(app, "VpcStackA").env(Environment.builder().account("000000000000").region("us-east-1").build()).build(); Stack stackB = Stack.Builder.create(app, "VpcStackB").env(Environment.builder().account("000000000000").region("us-west-2").build()).build(); VpcV2 vpcA = VpcV2.Builder.create(stackA, "VpcA") .primaryAddressBlock(IpAddresses.ipv4("10.0.0.0/16")) .build(); VpcV2.Builder.create(stackB, "VpcB") .primaryAddressBlock(IpAddresses.ipv4("10.1.0.0/16")) .build(); IVpcV2 vpcB = VpcV2.fromVpcV2Attributes(stackA, "ImportedVpcB", VpcV2Attributes.builder() .vpcId("MockVpcBid") .vpcCidrBlock("10.1.0.0/16") .region("us-west-2") .ownerAccountId("000000000000") .build()); VPCPeeringConnection peeringConnection = vpcA.createPeeringConnection("sameAccountCrossRegionPeering", VPCPeeringConnectionOptions.builder() .acceptorVpc(vpcB) .build());
Case 3: Cross Account Peering Connection
For cross-account connections, the acceptor account needs an IAM role that grants the requestor account permission to initiate the connection. Create a new IAM role in the acceptor account using method createAcceptorVpcRole
to provide the necessary permissions.
Once role is created in account, provide role arn for field peerRoleArn
under method createPeeringConnection
Stack stack = new Stack(); VpcV2 acceptorVpc = VpcV2.Builder.create(this, "VpcA") .primaryAddressBlock(IpAddresses.ipv4("10.0.0.0/16")) .build(); Role acceptorRoleArn = acceptorVpc.createAcceptorVpcRole("000000000000");
After creating an IAM role in the acceptor account, we can initiate the peering connection request from the requestor VPC. Import accpeptorVpc to the stack using fromVpcV2Attributes
method, it is recommended to specify owner account id of the acceptor VPC in case of cross account peering connection, if acceptor VPC is hosted in different region provide region value for import as well.
The following code snippet demonstrates how to set up VPC peering between two VPCs in different AWS accounts using CDK:
Stack stack = new Stack(); IVpcV2 acceptorVpc = VpcV2.fromVpcV2Attributes(this, "acceptorVpc", VpcV2Attributes.builder() .vpcId("vpc-XXXX") .vpcCidrBlock("10.0.0.0/16") .region("us-east-2") .ownerAccountId("111111111111") .build()); String acceptorRoleArn = "arn:aws:iam::111111111111:role/VpcPeeringRole"; VpcV2 requestorVpc = VpcV2.Builder.create(this, "VpcB") .primaryAddressBlock(IpAddresses.ipv4("10.1.0.0/16")) .build(); VPCPeeringConnection peeringConnection = requestorVpc.createPeeringConnection("crossAccountCrossRegionPeering", VPCPeeringConnectionOptions.builder() .acceptorVpc(acceptorVpc) .peerRoleArn(acceptorRoleArn) .build());
Route Table Configuration
After establishing the VPC peering connection, routes must be added to the respective route tables in the VPCs to enable traffic flow. If a route is added to the requestor stack, information will be able to flow from the requestor VPC to the acceptor VPC, but not in the reverse direction. For bi-directional communication, routes need to be added in both VPCs from their respective stacks.
For more information, see Update your route tables for a VPC peering connection.
Stack stack = new Stack(); VpcV2 acceptorVpc = VpcV2.Builder.create(this, "VpcA") .primaryAddressBlock(IpAddresses.ipv4("10.0.0.0/16")) .build(); VpcV2 requestorVpc = VpcV2.Builder.create(this, "VpcB") .primaryAddressBlock(IpAddresses.ipv4("10.1.0.0/16")) .build(); VPCPeeringConnection peeringConnection = requestorVpc.createPeeringConnection("peeringConnection", VPCPeeringConnectionOptions.builder() .acceptorVpc(acceptorVpc) .build()); RouteTable routeTable = RouteTable.Builder.create(this, "RouteTable") .vpc(requestorVpc) .build(); routeTable.addRoute("vpcPeeringRoute", "10.0.0.0/16", Map.of("gateway", peeringConnection));
This can also be done using AWS CLI. For more information, see create-route.
# Add a route to the requestor VPC route table aws ec2 create-route --route-table-id rtb-requestor --destination-cidr-block 10.0.0.0/16 --vpc-peering-connection-id pcx-xxxxxxxx # For bi-directional add a route in the acceptor vpc account as well aws ec2 create-route --route-table-id rtb-acceptor --destination-cidr-block 10.1.0.0/16 --vpc-peering-connection-id pcx-xxxxxxxx
Deleting the Peering Connection
To delete a VPC peering connection, use the following command:
aws ec2 delete-vpc-peering-connection --vpc-peering-connection-id pcx-xxxxxxxx
For more information, see Delete a VPC peering connection.
Adding Egress-Only Internet Gateway to VPC
An egress-only internet gateway is a horizontally scaled, redundant, and highly available VPC component that allows outbound communication over IPv6 from instances in your VPC to the internet, and prevents the internet from initiating an IPv6 connection with your instances.
For more information see Enable outbound IPv6 traffic using an egress-only internet gateway.
VpcV2 supports adding an egress only internet gateway to VPC using the addEgressOnlyInternetGateway
method.
By default, this method sets up a route to all outbound IPv6 address ranges, unless a specific destination is provided by the user. It can only be configured for IPv6-enabled VPCs.
The Subnets
parameter accepts a SubnetFilter
, which can be based on a SubnetType
in VpcV2. A new route will be added to the route tables of all subnets that match this filter.
Stack stack = new Stack(); VpcV2 myVpc = VpcV2.Builder.create(this, "Vpc") .primaryAddressBlock(IpAddresses.ipv4("10.1.0.0/16")) .secondaryAddressBlocks(List.of(IpAddresses.amazonProvidedIpv6(SecondaryAddressProps.builder() .cidrBlockName("AmazonProvided") .build()))) .build(); RouteTable routeTable = RouteTable.Builder.create(this, "RouteTable") .vpc(myVpc) .build(); SubnetV2 subnet = SubnetV2.Builder.create(this, "Subnet") .vpc(myVpc) .availabilityZone("eu-west-2a") .ipv4CidrBlock(new IpCidr("10.0.0.0/24")) .ipv6CidrBlock(new IpCidr("2001:db8:1::/64")) .subnetType(SubnetType.PRIVATE) .build(); myVpc.addEgressOnlyInternetGateway(EgressOnlyInternetGatewayOptions.builder() .subnets(List.of(SubnetSelection.builder().subnetType(SubnetType.PRIVATE).build())) .destination("::/60") .build());
Adding NATGateway to the VPC
A NAT gateway is a Network Address Translation (NAT) service.You can use a NAT gateway so that instances in a private subnet can connect to services outside your VPC but external services cannot initiate a connection with those instances.
For more information, see NAT gateway basics.
When you create a NAT gateway, you specify one of the following connectivity types:
Public – (Default): Instances in private subnets can connect to the internet through a public NAT gateway, but cannot receive unsolicited inbound connections from the internet
Private: Instances in private subnets can connect to other VPCs or your on-premises network through a private NAT gateway.
To define the NAT gateway connectivity type as ConnectivityType.Public
, you need to ensure that there is an IGW(Internet Gateway) attached to the subnet's VPC.
Since a NATGW is associated with a particular subnet, providing subnet
field in the input props is mandatory.
Additionally, you can set up a route in any route table with the target set to the NAT Gateway. The function addNatGateway
returns a NATGateway
object that you can reference later.
The code example below provides the definition for adding a NAT gateway to your subnet:
Stack stack = new Stack(); VpcV2 myVpc = new VpcV2(this, "Vpc"); RouteTable routeTable = RouteTable.Builder.create(this, "RouteTable") .vpc(myVpc) .build(); SubnetV2 subnet = SubnetV2.Builder.create(this, "Subnet") .vpc(myVpc) .availabilityZone("eu-west-2a") .ipv4CidrBlock(new IpCidr("10.0.0.0/24")) .subnetType(SubnetType.PUBLIC) .build(); myVpc.addInternetGateway(); myVpc.addNatGateway(NatGatewayOptions.builder() .subnet(subnet) .connectivityType(NatConnectivityType.PUBLIC) .build());
Enable VPNGateway for the VPC
A virtual private gateway is the endpoint on the VPC side of your VPN connection.
For more information, see What is AWS Site-to-Site VPN?.
VPN route propagation is a feature in Amazon Web Services (AWS) that automatically updates route tables in your Virtual Private Cloud (VPC) with routes learned from a VPN connection.
To enable VPN route propogation, use the vpnRoutePropagation
property to specify the subnets as an input to the function. VPN route propagation will then be enabled for each subnet with the corresponding route table IDs.
Additionally, you can set up a route in any route table with the target set to the VPN Gateway. The function enableVpnGatewayV2
returns a VPNGatewayV2
object that you can reference later.
The code example below provides the definition for setting up a VPN gateway with vpnRoutePropogation
enabled:
Stack stack = new Stack(); VpcV2 myVpc = new VpcV2(this, "Vpc"); VPNGatewayV2 vpnGateway = myVpc.enableVpnGatewayV2(VPNGatewayV2Options.builder() .vpnRoutePropagation(List.of(SubnetSelection.builder().subnetType(SubnetType.PUBLIC).build())) .type(VpnConnectionType.IPSEC_1) .build()); RouteTable routeTable = RouteTable.Builder.create(stack, "routeTable") .vpc(myVpc) .build(); Route.Builder.create(stack, "route") .destination("172.31.0.0/24") .target(Map.of("gateway", vpnGateway)) .routeTable(routeTable) .build();
Adding InternetGateway to the VPC
An internet gateway is a horizontally scaled, redundant, and highly available VPC component that allows communication between your VPC and the internet. It supports both IPv4 and IPv6 traffic.
For more information, see Enable VPC internet access using internet gateways.
You can add an internet gateway to a VPC using addInternetGateway
method. By default, this method creates a route in all Public Subnets with outbound destination set to 0.0.0.0
for IPv4 and ::0
for IPv6 enabled VPC.
Instead of using the default settings, you can configure a custom destinatation range by providing an optional input destination
to the method.
The code example below shows how to add an internet gateway with a custom outbound destination IP range:
Stack stack = new Stack(); VpcV2 myVpc = new VpcV2(this, "Vpc"); SubnetV2 subnet = SubnetV2.Builder.create(this, "Subnet") .vpc(myVpc) .availabilityZone("eu-west-2a") .ipv4CidrBlock(new IpCidr("10.0.0.0/24")) .subnetType(SubnetType.PUBLIC) .build(); myVpc.addInternetGateway(InternetGatewayOptions.builder() .ipv4Destination("192.168.0.0/16") .build());
Importing an existing VPC
You can import an existing VPC and its subnets using the VpcV2.fromVpcV2Attributes()
method or an individual subnet using SubnetV2.fromSubnetV2Attributes()
method.
Importing a VPC
To import an existing VPC, use the VpcV2.fromVpcV2Attributes()
method. You'll need to provide the VPC ID, primary CIDR block, and information about the subnets. You can import secondary address as well created through IPAM, BYOIP(IPv4) or enabled through Amazon Provided IPv6. You must provide VPC Id and its primary CIDR block for importing it.
If you wish to add a new subnet to imported VPC, new subnet's IP range(IPv4) will be validated against provided secondary and primary address block to confirm that it is within the the range of VPC.
Here's an example of importing a VPC with only the required parameters
Stack stack = new Stack(); IVpcV2 importedVpc = VpcV2.fromVpcV2Attributes(stack, "ImportedVpc", VpcV2Attributes.builder() .vpcId("mockVpcID") .vpcCidrBlock("10.0.0.0/16") .build());
In case of cross account or cross region VPC, its recommended to provide region and ownerAccountId so that these values for the VPC can be used to populate correct arn value for the VPC. If a VPC region and account ID is not provided, then region and account configured in the stack will be used. Furthermore, these fields will be referenced later while setting up VPC peering connection, so its necessary to set these fields to a correct value.
Below is an example of importing a cross region and cross acount VPC, VPC arn for this case would be 'arn:aws:ec2:us-west-2:123456789012:vpc/mockVpcID'
Stack stack = new Stack(); //Importing a cross acount or cross region VPC IVpcV2 importedVpc = VpcV2.fromVpcV2Attributes(stack, "ImportedVpc", VpcV2Attributes.builder() .vpcId("mockVpcID") .vpcCidrBlock("10.0.0.0/16") .ownerAccountId("123456789012") .region("us-west-2") .build());
Here's an example of how to import a VPC with multiple CIDR blocks, IPv6 support, and different subnet types:
In this example, we're importing a VPC with:
- A primary CIDR block (10.1.0.0/16)
- One secondary IPv4 CIDR block (10.2.0.0/16)
- Two secondary address using IPAM pool (IPv4 and IPv6)
- VPC has Amazon-provided IPv6 CIDR enabled
- An isolated subnet in us-west-2a
- A public subnet in us-west-2b
Stack stack = new Stack(); IVpcV2 importedVpc = VpcV2.fromVpcV2Attributes(this, "ImportedVPC", VpcV2Attributes.builder() .vpcId("vpc-XXX") .vpcCidrBlock("10.1.0.0/16") .secondaryCidrBlocks(List.of(VPCCidrBlockattributes.builder() .cidrBlock("10.2.0.0/16") .cidrBlockName("ImportedBlock1") .build(), VPCCidrBlockattributes.builder() .ipv6IpamPoolId("ipam-pool-XXX") .ipv6NetmaskLength(52) .cidrBlockName("ImportedIpamIpv6") .build(), VPCCidrBlockattributes.builder() .ipv4IpamPoolId("ipam-pool-XXX") .ipv4IpamProvisionedCidrs(List.of("10.2.0.0/16")) .cidrBlockName("ImportedIpamIpv4") .build(), VPCCidrBlockattributes.builder() .amazonProvidedIpv6CidrBlock(true) .build())) .subnets(List.of(SubnetV2Attributes.builder() .subnetName("IsolatedSubnet2") .subnetId("subnet-03cd773c0fe08ed26") .subnetType(SubnetType.PRIVATE_ISOLATED) .availabilityZone("us-west-2a") .ipv4CidrBlock("10.2.0.0/24") .routeTableId("rtb-0871c310f98da2cbb") .build(), SubnetV2Attributes.builder() .subnetId("subnet-0fa477e01db27d820") .subnetType(SubnetType.PUBLIC) .availabilityZone("us-west-2b") .ipv4CidrBlock("10.3.0.0/24") .routeTableId("rtb-014f3043098fe4b96") .build())) .build()); // You can now use the imported VPC in your stack // Adding a new subnet to the imported VPC SubnetV2 importedSubnet = SubnetV2.Builder.create(this, "NewSubnet") .availabilityZone("us-west-2a") .ipv4CidrBlock(new IpCidr("10.2.2.0/24")) .vpc(importedVpc) .subnetType(SubnetType.PUBLIC) .build(); // Adding gateways to the imported VPC importedVpc.addInternetGateway(); importedVpc.addNatGateway(NatGatewayOptions.builder().subnet(importedSubnet).build()); importedVpc.addEgressOnlyInternetGateway();
You can add more subnets as needed by including additional entries in the isolatedSubnets
, publicSubnets
, or other subnet type arrays (e.g., privateSubnets
).
Importing Subnets
You can also import individual subnets using the SubnetV2.fromSubnetV2Attributes()
method. This is useful when you need to work with specific subnets independently of a VPC.
Here's an example of how to import a subnet:
SubnetV2.fromSubnetV2Attributes(this, "ImportedSubnet", SubnetV2Attributes.builder() .subnetId("subnet-0123456789abcdef0") .availabilityZone("us-west-2a") .ipv4CidrBlock("10.2.0.0/24") .routeTableId("rtb-0871c310f98da2cbb") .subnetType(SubnetType.PRIVATE_ISOLATED) .build());
By importing existing VPCs and subnets, you can easily integrate your existing AWS infrastructure with new resources created through CDK. This is particularly useful when you need to work with pre-existing network configurations or when you're migrating existing infrastructure to CDK.
-
ClassDescription(experimental) Represents the address family for IP addresses in an IPAM pool.(experimental) Limits which service in AWS that the pool can be used in.(experimental) Creates an egress-only internet gateway.(experimental) A fluent builder for
EgressOnlyInternetGateway
.(experimental) Options to define EgressOnlyInternetGateway for VPC.A builder forEgressOnlyInternetGatewayOptions
An implementation forEgressOnlyInternetGatewayOptions
(experimental) Properties to define an egress-only internet gateway.A builder forEgressOnlyInternetGatewayProps
An implementation forEgressOnlyInternetGatewayProps
(experimental) Implements ip address allocation according to the IPAdress type.Internal default implementation forIIpAddresses
.A proxy class which represents a concrete javascript instance of this type.(experimental) Definition used to add or create a new IPAM pool.Internal default implementation forIIpamPool
.A proxy class which represents a concrete javascript instance of this type.(experimental) Interface for IpamScope Class.Internal default implementation forIIpamScopeBase
.A proxy class which represents a concrete javascript instance of this type.(experimental) Creates an internet gateway.(experimental) A fluent builder forInternetGateway
.(experimental) Options to define InternetGateway for VPC.A builder forInternetGatewayOptions
An implementation forInternetGatewayOptions
(experimental) Properties to define an internet gateway.A builder forInternetGatewayProps
An implementation forInternetGatewayProps
(experimental) IpAddress options to define VPC V2.(experimental) Creates new IPAM with default public and private scope.(experimental) A fluent builder forIpam
.(experimental) Options for configuring an IP Address Manager (IPAM).A builder forIpamOptions
An implementation forIpamOptions
(experimental) Options to provision CIDRs to an IPAM pool.A builder forIpamPoolCidrProvisioningOptions
An implementation forIpamPoolCidrProvisioningOptions
(experimental) The IP address source for pools in the public scope.(experimental) Options to create a new Ipam in the account.A builder forIpamProps
An implementation forIpamProps
(experimental) Being used in IPAM class to add pools to default scope created by IPAM.A builder forIpamScopeOptions
An implementation forIpamScopeOptions
(experimental) Refers to two possible scope types under IPAM.(experimental) IPv4 or IPv6 CIDR range for the subnet.(experimental) Interface to define a routing target, such as an egress-only internet gateway or VPC endpoint.Internal default implementation forIRouteTarget
.A proxy class which represents a concrete javascript instance of this type.(experimental) Interface to define a route.Internal default implementation forIRouteV2
.A proxy class which represents a concrete javascript instance of this type.(experimental) Interface with additional properties for SubnetV2.Internal default implementation forISubnetV2
.A proxy class which represents a concrete javascript instance of this type.(experimental) Interface to create L2 for VPC Cidr Block.Internal default implementation forIVPCCidrBlock
.A proxy class which represents a concrete javascript instance of this type.(experimental) Placeholder to see what extra props we might need, will be added to original IVPC.Internal default implementation forIVpcV2
.A proxy class which represents a concrete javascript instance of this type.(experimental) Indicates whether the NAT gateway supports public or private connectivity.(experimental) Creates a network address translation (NAT) gateway.(experimental) A fluent builder forNatGateway
.(experimental) Options to define a NAT gateway.A builder forNatGatewayOptions
An implementation forNatGatewayOptions
(experimental) Properties to define a NAT gateway.A builder forNatGatewayProps
An implementation forNatGatewayProps
(experimental) Options for configuring an IPAM pool.A builder forPoolOptions
An implementation forPoolOptions
(experimental) Creates a new route with added functionality.(experimental) A fluent builder forRoute
.(experimental) Properties to define a route.A builder forRouteProps
An implementation forRouteProps
(experimental) Creates a route table for the specified VPC.(experimental) A fluent builder forRouteTable
.(experimental) Properties to define a route table.A builder forRouteTableProps
An implementation forRouteTableProps
(experimental) The type of endpoint or gateway being targeted by the route.A builder forRouteTargetProps
An implementation forRouteTargetProps
(experimental) The gateway or endpoint targeted by the route.(experimental) A fluent builder forRouteTargetType
.(experimental) Additional props needed for secondary Address.A builder forSecondaryAddressProps
An implementation forSecondaryAddressProps
(experimental) The SubnetV2 class represents a subnet within a VPC (Virtual Private Cloud) in AWS.(experimental) A fluent builder forSubnetV2
.(experimental) Properties required to import a subnet.A builder forSubnetV2Attributes
An implementation forSubnetV2Attributes
(experimental) Properties to define subnet for VPC.A builder forSubnetV2Props
An implementation forSubnetV2Props
(experimental) Attributes for VPCCidrBlock used for defining a new CIDR Block and also for importing an existing CIDR.A builder forVPCCidrBlockattributes
An implementation forVPCCidrBlockattributes
(experimental) Consolidated return parameters to pass to VPC construct.A builder forVpcCidrOptions
An implementation forVpcCidrOptions
(experimental) Creates a peering connection between two VPCs.(experimental) A fluent builder forVPCPeeringConnection
.(experimental) Options to define a VPC peering connection.A builder forVPCPeeringConnectionOptions
An implementation forVPCPeeringConnectionOptions
(experimental) Properties to define a VPC peering connection.A builder forVPCPeeringConnectionProps
An implementation forVPCPeeringConnectionProps
(experimental) This class provides a foundation for creating and configuring a VPC with advanced features such as IPAM (IP Address Management) and IPv6 support.(experimental) A fluent builder forVpcV2
.(experimental) Options to import a VPC created outside of CDK stack.A builder forVpcV2Attributes
An implementation forVpcV2Attributes
(experimental) Base class for creating a VPC (Virtual Private Cloud) in AWS.(experimental) Properties to define VPC [disable-awslint:from-method].A builder forVpcV2Props
An implementation forVpcV2Props
(experimental) Creates a virtual private gateway.(experimental) A fluent builder forVPNGatewayV2
.(experimental) Options to define VPNGatewayV2 for VPC.A builder forVPNGatewayV2Options
An implementation forVPNGatewayV2Options
(experimental) Properties to define a VPN gateway.A builder forVPNGatewayV2Props
An implementation forVPNGatewayV2Props