NatInstanceProps

class aws_cdk.aws_ec2.NatInstanceProps(*, instance_type, associate_public_ip_address=None, credit_specification=None, default_allowed_traffic=None, key_name=None, key_pair=None, machine_image=None, security_group=None, user_data=None)

Bases: object

Properties for a NAT instance.

Parameters:
  • instance_type (InstanceType) – Instance type of the NAT instance.

  • associate_public_ip_address (Optional[bool]) – Whether to associate a public IP address to the primary network interface attached to this instance. Default: undefined - No public IP address associated

  • credit_specification (Optional[CpuCredits]) – Specifying the CPU credit type for burstable EC2 instance types (T2, T3, T3a, etc). The unlimited CPU credit option is not supported for T3 instances with dedicated host (host) tenancy. Default: - T2 instances are standard, while T3, T4g, and T3a instances are unlimited.

  • default_allowed_traffic (Optional[NatTrafficDirection]) – Direction to allow all traffic through the NAT instance by default. By default, inbound and outbound traffic is allowed. If you set this to another value than INBOUND_AND_OUTBOUND, you must configure the NAT instance’s security groups in another way, either by passing in a fully configured Security Group using the securityGroup property, or by configuring it using the .securityGroup or .connections members after passing the NAT Instance Provider to a Vpc. Default: NatTrafficDirection.INBOUND_AND_OUTBOUND

  • key_name (Optional[str]) – (deprecated) Name of SSH keypair to grant access to instance. Default: - No SSH access will be possible.

  • key_pair (Optional[IKeyPair]) – The SSH keypair to grant access to the instance. Default: - No SSH access will be possible.

  • machine_image (Optional[IMachineImage]) – The machine image (AMI) to use. By default, will do an AMI lookup for the latest NAT instance image. If you have a specific AMI ID you want to use, pass a GenericLinuxImage. For example:: ec2.NatProvider.instance({ instanceType: new ec2.InstanceType(‘t3.micro’), machineImage: new ec2.GenericLinuxImage({ ‘us-east-2’: ‘ami-0f9c61b5a562a16af’ }) }) Default: - Latest NAT instance image

  • security_group (Optional[ISecurityGroup]) – (deprecated) Security Group for NAT instances. Default: - A new security group will be created

  • user_data (Optional[UserData]) – Custom user data to run on the NAT instances. Default: UserData.forLinux().addCommands(…NatInstanceProviderV2.DEFAULT_USER_DATA_COMMANDS); - Appropriate user data commands to initialize and configure the NAT instances

ExampleMetadata:

infused

Example:

# instance_type: ec2.InstanceType


provider = ec2.NatProvider.instance_v2(
    instance_type=instance_type,
    default_allowed_traffic=ec2.NatTrafficDirection.OUTBOUND_ONLY
)
ec2.Vpc(self, "TheVPC",
    nat_gateway_provider=provider
)
provider.connections.allow_from(ec2.Peer.ipv4("1.2.3.4/8"), ec2.Port.HTTP)

Attributes

associate_public_ip_address

Whether to associate a public IP address to the primary network interface attached to this instance.

Default:

undefined - No public IP address associated

credit_specification

Specifying the CPU credit type for burstable EC2 instance types (T2, T3, T3a, etc).

The unlimited CPU credit option is not supported for T3 instances with dedicated host (host) tenancy.

Default:
  • T2 instances are standard, while T3, T4g, and T3a instances are unlimited.

default_allowed_traffic

Direction to allow all traffic through the NAT instance by default.

By default, inbound and outbound traffic is allowed.

If you set this to another value than INBOUND_AND_OUTBOUND, you must configure the NAT instance’s security groups in another way, either by passing in a fully configured Security Group using the securityGroup property, or by configuring it using the .securityGroup or .connections members after passing the NAT Instance Provider to a Vpc.

Default:

NatTrafficDirection.INBOUND_AND_OUTBOUND

instance_type

Instance type of the NAT instance.

key_name

(deprecated) Name of SSH keypair to grant access to instance.

Default:
  • No SSH access will be possible.

Deprecated:
Stability:

deprecated

key_pair

The SSH keypair to grant access to the instance.

Default:
  • No SSH access will be possible.

machine_image

The machine image (AMI) to use.

By default, will do an AMI lookup for the latest NAT instance image.

If you have a specific AMI ID you want to use, pass a GenericLinuxImage. For example:

ec2.NatProvider.instance(
    instance_type=ec2.InstanceType("t3.micro"),
    machine_image=ec2.GenericLinuxImage({
        "us-east-2": "ami-0f9c61b5a562a16af"
    })
)
Default:
  • Latest NAT instance image

security_group

(deprecated) Security Group for NAT instances.

Default:
  • A new security group will be created

Deprecated:

  • Cannot create a new security group before the VPC is created,

and cannot create the VPC without the NAT provider. Set {@link defaultAllowedTraffic } to {@link NatTrafficDirection.NONE } and use {@link NatInstanceProviderV2.gatewayInstances } to retrieve the instances on the fly and add security groups

Stability:

deprecated

Example:

nat_gateway_provider = ec2.NatProvider.instance_v2(
    instance_type=ec2.InstanceType("t3.small"),
    default_allowed_traffic=ec2.NatTrafficDirection.NONE
)
vpc = ec2.Vpc(self, "Vpc", nat_gateway_provider=nat_gateway_provider)

security_group = ec2.SecurityGroup(self, "SecurityGroup",
    vpc=vpc,
    allow_all_outbound=False
)
security_group.add_egress_rule(ec2.Peer.any_ipv4(), ec2.Port.tcp(443))
for gateway_instance in nat_gateway_provider.gateway_instances:
    gateway_instance.add_security_group(security_group)
user_data

Custom user data to run on the NAT instances.

Default:

UserData.forLinux().addCommands(…NatInstanceProviderV2.DEFAULT_USER_DATA_COMMANDS); - Appropriate user data commands to initialize and configure the NAT instances

See:

https://docs.aws.amazon.com/vpc/latest/userguide/VPC_NAT_Instance.html#create-nat-ami