UNPKG

@scloud/cdk-patterns

Version:

Serverless CDK patterns for common infrastructure needs

github.com/davidcarboni/scloud

davidcarboni/scloud

32 lines (31 loc) 2.05 kB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
import { InterfaceVpcEndpoint, InterfaceVpcEndpointAwsService, InterfaceVpcEndpointOptions, IVpc } from 'aws-cdk-lib/aws-ec2'; import { Construct } from 'constructs'; /** * Enable private access to AWS services using VPC endpoints. * * This avoids the need for a NAT gateway if for example you need to run a Fargase service in * a private subnet and it doesn't have internet access to pull the container from the public ECR enfpoint. * * THis Construct includes static methids for common services, but you can use the constructor to create different endpoints: * - s3 * - sqs * - ecr * - ecrDocker * - secretsManager * - cloudwatch * * https://docs.aws.amazon.com/vpc/latest/privatelink/create-interface-endpoint.html#create-interface-endpoint-aws * By default all vpc traffic will be allowed to the enpoint and private DNS will be enabled * You can pass o[ptions if you want to modify the default behaviour * Typically you'll want to set up an endpoint to avoing going via the Internet and needing a NAT gateway, * so the default behaviour is usually fine. */ export declare class PrivateEndpoint extends InterfaceVpcEndpoint { constructor(scope: Construct, id: string, vpc: IVpc, service: InterfaceVpcEndpointAwsService, options?: Partial<InterfaceVpcEndpointOptions>); static s3(scope: Construct, id: string, vpc: IVpc, options?: Partial<InterfaceVpcEndpointOptions>): PrivateEndpoint; static sqs(scope: Construct, id: string, vpc: IVpc, options?: Partial<InterfaceVpcEndpointOptions>): PrivateEndpoint; static ecr(scope: Construct, id: string, vpc: IVpc, options?: Partial<InterfaceVpcEndpointOptions>): PrivateEndpoint; static ecrDocker(scope: Construct, id: string, vpc: IVpc, options?: Partial<InterfaceVpcEndpointOptions>): PrivateEndpoint; static secretsManager(scope: Construct, id: string, vpc: IVpc, options?: Partial<InterfaceVpcEndpointOptions>): PrivateEndpoint; static cloudwatch(scope: Construct, id: string, vpc: IVpc, options?: Partial<InterfaceVpcEndpointOptions>): PrivateEndpoint; }