UNPKG

@scloud/cdk-patterns

Version:

Serverless CDK patterns for common infrastructure needs

github.com/davidcarboni/scloud

davidcarboni/scloud

53 lines • 8.19 kB

JavaScript

"use strict"; Object.defineProperty(exports, "__esModule", { value: true }); exports.PrivateEndpoint = void 0; const aws_ec2_1 = require("aws-cdk-lib/aws-ec2"); /** * Enable private access to AWS services using VPC endpoints. * * This avoids the need for a NAT gateway if for example you need to run a Fargase service in * a private subnet and it doesn't have internet access to pull the container from the public ECR enfpoint. * * THis Construct includes static methids for common services, but you can use the constructor to create different endpoints: * - s3 * - sqs * - ecr * - ecrDocker * - secretsManager * - cloudwatch * * https://docs.aws.amazon.com/vpc/latest/privatelink/create-interface-endpoint.html#create-interface-endpoint-aws * By default all vpc traffic will be allowed to the enpoint and private DNS will be enabled * You can pass o[ptions if you want to modify the default behaviour * Typically you'll want to set up an endpoint to avoing going via the Internet and needing a NAT gateway, * so the default behaviour is usually fine. */ class PrivateEndpoint extends aws_ec2_1.InterfaceVpcEndpoint { constructor(scope, id, vpc, service, options = {}) { super(scope, id, { vpc, service, ...options, }); } static s3(scope, id, vpc, options = {}) { return new PrivateEndpoint(scope, id, vpc, aws_ec2_1.InterfaceVpcEndpointAwsService.S3, options); } static sqs(scope, id, vpc, options = {}) { return new PrivateEndpoint(scope, id, vpc, aws_ec2_1.InterfaceVpcEndpointAwsService.SQS, options); } static ecr(scope, id, vpc, options = {}) { return new PrivateEndpoint(scope, id, vpc, aws_ec2_1.InterfaceVpcEndpointAwsService.ECR, options); } static ecrDocker(scope, id, vpc, options = {}) { return new PrivateEndpoint(scope, id, vpc, aws_ec2_1.InterfaceVpcEndpointAwsService.ECR_DOCKER, options); } static secretsManager(scope, id, vpc, options = {}) { return new PrivateEndpoint(scope, id, vpc, aws_ec2_1.InterfaceVpcEndpointAwsService.SECRETS_MANAGER, options); } static cloudwatch(scope, id, vpc, options = {}) { return new PrivateEndpoint(scope, id, vpc, aws_ec2_1.InterfaceVpcEndpointAwsService.CLOUDWATCH_LOGS, options); } } exports.PrivateEndpoint = PrivateEndpoint; //# sourceMappingURL=data:application/json;base64,eyJ2ZXJzaW9uIjozLCJmaWxlIjoiVnBjRW5kcG9pbnQuanMiLCJzb3VyY2VSb290IjoiIiwic291cmNlcyI6WyIuLi9zcmMvVnBjRW5kcG9pbnQudHMiXSwibmFtZXMiOltdLCJtYXBwaW5ncyI6Ijs7O0FBQUEsaURBRTZCO0FBRzdCOzs7Ozs7Ozs7Ozs7Ozs7Ozs7O0dBbUJHO0FBQ0gsTUFBYSxlQUFnQixTQUFRLDhCQUFvQjtJQUN2RCxZQUNFLEtBQWdCLEVBQ2hCLEVBQVUsRUFDVixHQUFTLEVBQ1QsT0FBdUMsRUFDdkMsVUFBZ0QsRUFBRTtRQUVsRCxLQUFLLENBQUMsS0FBSyxFQUFFLEVBQUUsRUFBRTtZQUNmLEdBQUc7WUFDSCxPQUFPO1lBQ1AsR0FBRyxPQUFPO1NBQ1gsQ0FBQyxDQUFDO0lBQ0wsQ0FBQztJQUVELE1BQU0sQ0FBQyxFQUFFLENBQ1AsS0FBZ0IsRUFDaEIsRUFBVSxFQUNWLEdBQVMsRUFDVCxVQUFnRCxFQUFFO1FBRWxELE9BQU8sSUFBSSxlQUFlLENBQUMsS0FBSyxFQUFFLEVBQUUsRUFBRSxHQUFHLEVBQUUsd0NBQThCLENBQUMsRUFBRSxFQUFFLE9BQU8sQ0FBQyxDQUFDO0lBQ3pGLENBQUM7SUFFRCxNQUFNLENBQUMsR0FBRyxDQUNSLEtBQWdCLEVBQ2hCLEVBQVUsRUFDVixHQUFTLEVBQ1QsVUFBZ0QsRUFBRTtRQUVsRCxPQUFPLElBQUksZUFBZSxDQUFDLEtBQUssRUFBRSxFQUFFLEVBQUUsR0FBRyxFQUFFLHdDQUE4QixDQUFDLEdBQUcsRUFBRSxPQUFPLENBQUMsQ0FBQztJQUMxRixDQUFDO0lBRUQsTUFBTSxDQUFDLEdBQUcsQ0FDUixLQUFnQixFQUNoQixFQUFVLEVBQ1YsR0FBUyxFQUNULFVBQWdELEVBQUU7UUFFbEQsT0FBTyxJQUFJLGVBQWUsQ0FBQyxLQUFLLEVBQUUsRUFBRSxFQUFFLEdBQUcsRUFBRSx3Q0FBOEIsQ0FBQyxHQUFHLEVBQUUsT0FBTyxDQUFDLENBQUM7SUFDMUYsQ0FBQztJQUVELE1BQU0sQ0FBQyxTQUFTLENBQ2QsS0FBZ0IsRUFDaEIsRUFBVSxFQUNWLEdBQVMsRUFDVCxVQUFnRCxFQUFFO1FBRWxELE9BQU8sSUFBSSxlQUFlLENBQUMsS0FBSyxFQUFFLEVBQUUsRUFBRSxHQUFHLEVBQUUsd0NBQThCLENBQUMsVUFBVSxFQUFFLE9BQU8sQ0FBQyxDQUFDO0lBQ2pHLENBQUM7SUFFRCxNQUFNLENBQUMsY0FBYyxDQUNuQixLQUFnQixFQUNoQixFQUFVLEVBQ1YsR0FBUyxFQUNULFVBQWdELEVBQUU7UUFFbEQsT0FBTyxJQUFJLGVBQWUsQ0FBQyxLQUFLLEVBQUUsRUFBRSxFQUFFLEdBQUcsRUFBRSx3Q0FBOEIsQ0FBQyxlQUFlLEVBQUUsT0FBTyxDQUFDLENBQUM7SUFDdEcsQ0FBQztJQUVELE1BQU0sQ0FBQyxVQUFVLENBQ2YsS0FBZ0IsRUFDaEIsRUFBVSxFQUNWLEdBQVMsRUFDVCxVQUFnRCxFQUFFO1FBRWxELE9BQU8sSUFBSSxlQUFlLENBQUMsS0FBSyxFQUFFLEVBQUUsRUFBRSxHQUFHLEVBQUUsd0NBQThCLENBQUMsZUFBZSxFQUFFLE9BQU8sQ0FBQyxDQUFDO0lBQ3RHLENBQUM7Q0FDRjtBQXBFRCwwQ0FvRUMiLCJzb3VyY2VzQ29udGVudCI6WyJpbXBvcnQge1xuICBJbnRlcmZhY2VWcGNFbmRwb2ludCwgSW50ZXJmYWNlVnBjRW5kcG9pbnRBd3NTZXJ2aWNlLCBJbnRlcmZhY2VWcGNFbmRwb2ludE9wdGlvbnMsIElWcGMsXG59IGZyb20gJ2F3cy1jZGstbGliL2F3cy1lYzInO1xuaW1wb3J0IHsgQ29uc3RydWN0IH0gZnJvbSAnY29uc3RydWN0cyc7XG5cbi8qKlxuICogRW5hYmxlIHByaXZhdGUgYWNjZXNzIHRvIEFXUyBzZXJ2aWNlcyB1c2luZyBWUEMgZW5kcG9pbnRzLlxuICpcbiAqIFRoaXMgYXZvaWRzIHRoZSBuZWVkIGZvciBhIE5BVCBnYXRld2F5IGlmIGZvciBleGFtcGxlIHlvdSBuZWVkIHRvIHJ1biBhIEZhcmdhc2Ugc2VydmljZSBpblxuICogYSBwcml2YXRlIHN1Ym5ldCBhbmQgaXQgZG9lc24ndCBoYXZlIGludGVybmV0IGFjY2VzcyB0byBwdWxsIHRoZSBjb250YWluZXIgZnJvbSB0aGUgcHVibGljIEVDUiBlbmZwb2ludC5cbiAqXG4gKiBUSGlzIENvbnN0cnVjdCBpbmNsdWRlcyBzdGF0aWMgbWV0aGlkcyBmb3IgY29tbW9uIHNlcnZpY2VzLCBidXQgeW91IGNhbiB1c2UgdGhlIGNvbnN0cnVjdG9yIHRvIGNyZWF0ZSBkaWZmZXJlbnQgZW5kcG9pbnRzOlxuICogLSBzM1xuICogLSBzcXNcbiAqIC0gZWNyXG4gKiAtIGVjckRvY2tlclxuICogLSBzZWNyZXRzTWFuYWdlclxuICogLSBjbG91ZHdhdGNoXG4gKlxuICogaHR0cHM6Ly9kb2NzLmF3cy5hbWF6b24uY29tL3ZwYy9sYXRlc3QvcHJpdmF0ZWxpbmsvY3JlYXRlLWludGVyZmFjZS1lbmRwb2ludC5odG1sI2NyZWF0ZS1pbnRlcmZhY2UtZW5kcG9pbnQtYXdzXG4gKiBCeSBkZWZhdWx0IGFsbCB2cGMgdHJhZmZpYyB3aWxsIGJlIGFsbG93ZWQgdG8gdGhlIGVucG9pbnQgYW5kIHByaXZhdGUgRE5TIHdpbGwgYmUgZW5hYmxlZFxuICogWW91IGNhbiBwYXNzIG9bcHRpb25zIGlmIHlvdSB3YW50IHRvIG1vZGlmeSB0aGUgZGVmYXVsdCBiZWhhdmlvdXJcbiAqIFR5cGljYWxseSB5b3UnbGwgd2FudCB0byBzZXQgdXAgYW4gZW5kcG9pbnQgdG8gYXZvaW5nIGdvaW5nIHZpYSB0aGUgSW50ZXJuZXQgYW5kIG5lZWRpbmcgYSBOQVQgZ2F0ZXdheSxcbiAqIHNvIHRoZSBkZWZhdWx0IGJlaGF2aW91ciBpcyB1c3VhbGx5IGZpbmUuXG4gKi9cbmV4cG9ydCBjbGFzcyBQcml2YXRlRW5kcG9pbnQgZXh0ZW5kcyBJbnRlcmZhY2VWcGNFbmRwb2ludCB7XG4gIGNvbnN0cnVjdG9yKFxuICAgIHNjb3BlOiBDb25zdHJ1Y3QsXG4gICAgaWQ6IHN0cmluZyxcbiAgICB2cGM6IElWcGMsXG4gICAgc2VydmljZTogSW50ZXJmYWNlVnBjRW5kcG9pbnRBd3NTZXJ2aWNlLFxuICAgIG9wdGlvbnM6IFBhcnRpYWw8SW50ZXJmYWNlVnBjRW5kcG9pbnRPcHRpb25zPiA9IHt9LFxuICApIHtcbiAgICBzdXBlcihzY29wZSwgaWQsIHtcbiAgICAgIHZwYyxcbiAgICAgIHNlcnZpY2UsXG4gICAgICAuLi5vcHRpb25zLFxuICAgIH0pO1xuICB9XG5cbiAgc3RhdGljIHMzKFxuICAgIHNjb3BlOiBDb25zdHJ1Y3QsXG4gICAgaWQ6IHN0cmluZyxcbiAgICB2cGM6IElWcGMsXG4gICAgb3B0aW9uczogUGFydGlhbDxJbnRlcmZhY2VWcGNFbmRwb2ludE9wdGlvbnM+ID0ge30sXG4gICkge1xuICAgIHJldHVybiBuZXcgUHJpdmF0ZUVuZHBvaW50KHNjb3BlLCBpZCwgdnBjLCBJbnRlcmZhY2VWcGNFbmRwb2ludEF3c1NlcnZpY2UuUzMsIG9wdGlvbnMpO1xuICB9XG5cbiAgc3RhdGljIHNxcyhcbiAgICBzY29wZTogQ29uc3RydWN0LFxuICAgIGlkOiBzdHJpbmcsXG4gICAgdnBjOiBJVnBjLFxuICAgIG9wdGlvbnM6IFBhcnRpYWw8SW50ZXJmYWNlVnBjRW5kcG9pbnRPcHRpb25zPiA9IHt9LFxuICApIHtcbiAgICByZXR1cm4gbmV3IFByaXZhdGVFbmRwb2ludChzY29wZSwgaWQsIHZwYywgSW50ZXJmYWNlVnBjRW5kcG9pbnRBd3NTZXJ2aWNlLlNRUywgb3B0aW9ucyk7XG4gIH1cblxuICBzdGF0aWMgZWNyKFxuICAgIHNjb3BlOiBDb25zdHJ1Y3QsXG4gICAgaWQ6IHN0cmluZyxcbiAgICB2cGM6IElWcGMsXG4gICAgb3B0aW9uczogUGFydGlhbDxJbnRlcmZhY2VWcGNFbmRwb2ludE9wdGlvbnM+ID0ge30sXG4gICkge1xuICAgIHJldHVybiBuZXcgUHJpdmF0ZUVuZHBvaW50KHNjb3BlLCBpZCwgdnBjLCBJbnRlcmZhY2VWcGNFbmRwb2ludEF3c1NlcnZpY2UuRUNSLCBvcHRpb25zKTtcbiAgfVxuXG4gIHN0YXRpYyBlY3JEb2NrZXIoXG4gICAgc2NvcGU6IENvbnN0cnVjdCxcbiAgICBpZDogc3RyaW5nLFxuICAgIHZwYzogSVZwYyxcbiAgICBvcHRpb25zOiBQYXJ0aWFsPEludGVyZmFjZVZwY0VuZHBvaW50T3B0aW9ucz4gPSB7fSxcbiAgKSB7XG4gICAgcmV0dXJuIG5ldyBQcml2YXRlRW5kcG9pbnQoc2NvcGUsIGlkLCB2cGMsIEludGVyZmFjZVZwY0VuZHBvaW50QXdzU2VydmljZS5FQ1JfRE9DS0VSLCBvcHRpb25zKTtcbiAgfVxuXG4gIHN0YXRpYyBzZWNyZXRzTWFuYWdlcihcbiAgICBzY29wZTogQ29uc3RydWN0LFxuICAgIGlkOiBzdHJpbmcsXG4gICAgdnBjOiBJVnBjLFxuICAgIG9wdGlvbnM6IFBhcnRpYWw8SW50ZXJmYWNlVnBjRW5kcG9pbnRPcHRpb25zPiA9IHt9LFxuICApIHtcbiAgICByZXR1cm4gbmV3IFByaXZhdGVFbmRwb2ludChzY29wZSwgaWQsIHZwYywgSW50ZXJmYWNlVnBjRW5kcG9pbnRBd3NTZXJ2aWNlLlNFQ1JFVFNfTUFOQUdFUiwgb3B0aW9ucyk7XG4gIH1cblxuICBzdGF0aWMgY2xvdWR3YXRjaChcbiAgICBzY29wZTogQ29uc3RydWN0LFxuICAgIGlkOiBzdHJpbmcsXG4gICAgdnBjOiBJVnBjLFxuICAgIG9wdGlvbnM6IFBhcnRpYWw8SW50ZXJmYWNlVnBjRW5kcG9pbnRPcHRpb25zPiA9IHt9LFxuICApIHtcbiAgICByZXR1cm4gbmV3IFByaXZhdGVFbmRwb2ludChzY29wZSwgaWQsIHZwYywgSW50ZXJmYWNlVnBjRW5kcG9pbnRBd3NTZXJ2aWNlLkNMT1VEV0FUQ0hfTE9HUywgb3B0aW9ucyk7XG4gIH1cbn1cbiJdfQ==