UNPKG

aws-cdk-lib

Version:

Version 2 of the AWS Cloud Development Kit library

github.com/aws/aws-cdk

aws/aws-cdk

9 lines (8 loc) 14.6 kB
1
2
3
4
5
6
7
8
9
"use strict";var _a,_b,_c,_d,_e;Object.defineProperty(exports,"__esModule",{value:!0}),exports.NatInstanceImage=exports.NatInstanceProviderV2=exports.NatInstanceProvider=exports.NatGatewayProvider=exports.NatProvider=exports.NatTrafficDirection=void 0;var jsiiDeprecationWarnings=()=>{var tmp=require("../../.warnings.jsii.js");return jsiiDeprecationWarnings=()=>tmp,tmp};const JSII_RTTI_SYMBOL_1=Symbol.for("jsii.rtti");var connections_1=()=>{var tmp=require("./connections");return connections_1=()=>tmp,tmp},instance_1=()=>{var tmp=require("./instance");return instance_1=()=>tmp,tmp},instance_types_1=()=>{var tmp=require("./instance-types");return instance_types_1=()=>tmp,tmp},machine_image_1=()=>{var tmp=require("./machine-image");return machine_image_1=()=>tmp,tmp},port_1=()=>{var tmp=require("./port");return port_1=()=>tmp,tmp},security_group_1=()=>{var tmp=require("./security-group");return security_group_1=()=>tmp,tmp},user_data_1=()=>{var tmp=require("./user-data");return user_data_1=()=>tmp,tmp},vpc_1=()=>{var tmp=require("./vpc");return vpc_1=()=>tmp,tmp},iam=()=>{var tmp=require("../../aws-iam");return iam=()=>tmp,tmp},core_1=()=>{var tmp=require("../../core");return core_1=()=>tmp,tmp},NatTrafficDirection;(function(NatTrafficDirection2){NatTrafficDirection2.OUTBOUND_ONLY="OUTBOUND_ONLY",NatTrafficDirection2.INBOUND_AND_OUTBOUND="INBOUND_AND_OUTBOUND",NatTrafficDirection2.NONE="NONE"})(NatTrafficDirection||(exports.NatTrafficDirection=NatTrafficDirection={}));class NatProvider{static gateway(props={}){try{jsiiDeprecationWarnings().aws_cdk_lib_aws_ec2_NatGatewayProps(props)}catch(error){throw process.env.JSII_DEBUG!=="1"&&error.name==="DeprecationError"&&Error.captureStackTrace(error,this.gateway),error}return new NatGatewayProvider(props)}static instance(props){try{jsiiDeprecationWarnings().print("aws-cdk-lib.aws_ec2.NatProvider#instance",`use instanceV2. 'instance' is deprecated since NatInstanceProvider uses a instance image that has reached EOL on Dec 31 2023`),jsiiDeprecationWarnings().aws_cdk_lib_aws_ec2_NatInstanceProps(props)}catch(error){throw process.env.JSII_DEBUG!=="1"&&error.name==="DeprecationError"&&Error.captureStackTrace(error,this.instance),error}return new NatInstanceProvider(props)}static instanceV2(props){try{jsiiDeprecationWarnings().aws_cdk_lib_aws_ec2_NatInstanceProps(props)}catch(error){throw process.env.JSII_DEBUG!=="1"&&error.name==="DeprecationError"&&Error.captureStackTrace(error,this.instanceV2),error}return new NatInstanceProviderV2(props)}}exports.NatProvider=NatProvider,_a=JSII_RTTI_SYMBOL_1,NatProvider[_a]={fqn:"aws-cdk-lib.aws_ec2.NatProvider",version:"2.185.0"};class NatGatewayProvider extends NatProvider{constructor(props={}){super(),this.props=props,this.gateways=new PrefSet;try{jsiiDeprecationWarnings().aws_cdk_lib_aws_ec2_NatGatewayProps(props)}catch(error){throw process.env.JSII_DEBUG!=="1"&&error.name==="DeprecationError"&&Error.captureStackTrace(error,NatGatewayProvider),error}}configureNat(options){try{jsiiDeprecationWarnings().aws_cdk_lib_aws_ec2_ConfigureNatOptions(options)}catch(error){throw process.env.JSII_DEBUG!=="1"&&error.name==="DeprecationError"&&Error.captureStackTrace(error,this.configureNat),error}if(this.props.eipAllocationIds!=null&&!core_1().Token.isUnresolved(this.props.eipAllocationIds)&&this.props.eipAllocationIds.length<options.natSubnets.length)throw new Error(`Not enough NAT gateway EIP allocation IDs (${this.props.eipAllocationIds.length} provided) for the requested subnet count (${options.natSubnets.length} needed).`);let i=0;for(const sub of options.natSubnets){const eipAllocationId=this.props.eipAllocationIds?pickN(i,this.props.eipAllocationIds):void 0,gateway=sub.addNatGateway(eipAllocationId);this.gateways.add(sub.availabilityZone,gateway.ref),i++}for(const sub of options.privateSubnets)this.configureSubnet(sub)}configureSubnet(subnet){try{jsiiDeprecationWarnings().aws_cdk_lib_aws_ec2_PrivateSubnet(subnet)}catch(error){throw process.env.JSII_DEBUG!=="1"&&error.name==="DeprecationError"&&Error.captureStackTrace(error,this.configureSubnet),error}const az=subnet.availabilityZone,gatewayId=this.gateways.pick(az);subnet.addRoute("DefaultRoute",{routerType:vpc_1().RouterType.NAT_GATEWAY,routerId:gatewayId,enablesInternetConnectivity:!0})}get configuredGateways(){return this.gateways.values().map(x=>({az:x[0],gatewayId:x[1]}))}}exports.NatGatewayProvider=NatGatewayProvider,_b=JSII_RTTI_SYMBOL_1,NatGatewayProvider[_b]={fqn:"aws-cdk-lib.aws_ec2.NatGatewayProvider",version:"2.185.0"};class NatInstanceProvider extends NatProvider{constructor(props){super(),this.props=props,this.gateways=new PrefSet;try{jsiiDeprecationWarnings().print("aws-cdk-lib.aws_ec2.NatInstanceProvider",`use NatInstanceProviderV2. NatInstanceProvider is deprecated since the instance image used has reached EOL on Dec 31 2023`),jsiiDeprecationWarnings().aws_cdk_lib_aws_ec2_NatInstanceProps(props)}catch(error){throw process.env.JSII_DEBUG!=="1"&&error.name==="DeprecationError"&&Error.captureStackTrace(error,NatInstanceProvider),error}if(props.defaultAllowedTraffic!==void 0&&props.allowAllTraffic!==void 0)throw new Error("Can not specify both of 'defaultAllowedTraffic' and 'defaultAllowedTraffic'; prefer 'defaultAllowedTraffic'");if(props.keyName&&props.keyPair)throw new Error("Cannot specify both of 'keyName' and 'keyPair'; prefer 'keyPair'")}configureNat(options){try{jsiiDeprecationWarnings().print("aws-cdk-lib.aws_ec2.NatInstanceProvider#configureNat",`use NatInstanceProviderV2. NatInstanceProvider is deprecated since the instance image used has reached EOL on Dec 31 2023`),jsiiDeprecationWarnings().aws_cdk_lib_aws_ec2_ConfigureNatOptions(options)}catch(error){throw process.env.JSII_DEBUG!=="1"&&error.name==="DeprecationError"&&Error.captureStackTrace(error,this.configureNat),error}const defaultDirection=this.props.defaultAllowedTraffic??(this.props.allowAllTraffic??!0?NatTrafficDirection.INBOUND_AND_OUTBOUND:NatTrafficDirection.OUTBOUND_ONLY),machineImage=this.props.machineImage??new NatInstanceImage;this._securityGroup=this.props.securityGroup??new(security_group_1()).SecurityGroup(options.vpc,"NatSecurityGroup",{vpc:options.vpc,description:"Security Group for NAT instances",allowAllOutbound:isOutboundAllowed(defaultDirection)}),this._connections=new(connections_1()).Connections({securityGroups:[this._securityGroup]}),isInboundAllowed(defaultDirection)&&this.connections.allowFromAnyIpv4(port_1().Port.allTraffic());const role=new(iam()).Role(options.vpc,"NatRole",{assumedBy:new(iam()).ServicePrincipal("ec2.amazonaws.com")});for(const sub of options.natSubnets){const natInstance=new(instance_1()).Instance(sub,"NatInstance",{instanceType:this.props.instanceType,machineImage,sourceDestCheck:!1,vpc:options.vpc,vpcSubnets:{subnets:[sub]},securityGroup:this._securityGroup,role,keyPair:this.props.keyPair,keyName:this.props.keyName,creditSpecification:this.props.creditSpecification});this.gateways.add(sub.availabilityZone,natInstance)}for(const sub of options.privateSubnets)this.configureSubnet(sub)}get securityGroup(){try{jsiiDeprecationWarnings().print("aws-cdk-lib.aws_ec2.NatInstanceProvider#securityGroup",`use NatInstanceProviderV2. NatInstanceProvider is deprecated since the instance image used has reached EOL on Dec 31 2023`)}catch(error){throw process.env.JSII_DEBUG!=="1"&&error.name==="DeprecationError"&&Error.captureStackTrace(error,jsiiDeprecationWarnings().getPropertyDescriptor(this,"securityGroup").get),error}if(!this._securityGroup)throw new Error("Pass the NatInstanceProvider to a Vpc before accessing 'securityGroup'");return this._securityGroup}get connections(){try{jsiiDeprecationWarnings().print("aws-cdk-lib.aws_ec2.NatInstanceProvider#connections",`use NatInstanceProviderV2. NatInstanceProvider is deprecated since the instance image used has reached EOL on Dec 31 2023`)}catch(error){throw process.env.JSII_DEBUG!=="1"&&error.name==="DeprecationError"&&Error.captureStackTrace(error,jsiiDeprecationWarnings().getPropertyDescriptor(this,"connections").get),error}if(!this._connections)throw new Error("Pass the NatInstanceProvider to a Vpc before accessing 'connections'");return this._connections}get configuredGateways(){try{jsiiDeprecationWarnings().print("aws-cdk-lib.aws_ec2.NatInstanceProvider#configuredGateways",`use NatInstanceProviderV2. NatInstanceProvider is deprecated since the instance image used has reached EOL on Dec 31 2023`)}catch(error){throw process.env.JSII_DEBUG!=="1"&&error.name==="DeprecationError"&&Error.captureStackTrace(error,jsiiDeprecationWarnings().getPropertyDescriptor(this,"configuredGateways").get),error}return this.gateways.values().map(x=>({az:x[0],gatewayId:x[1].instanceId}))}configureSubnet(subnet){try{jsiiDeprecationWarnings().print("aws-cdk-lib.aws_ec2.NatInstanceProvider#configureSubnet",`use NatInstanceProviderV2. NatInstanceProvider is deprecated since the instance image used has reached EOL on Dec 31 2023`),jsiiDeprecationWarnings().aws_cdk_lib_aws_ec2_PrivateSubnet(subnet)}catch(error){throw process.env.JSII_DEBUG!=="1"&&error.name==="DeprecationError"&&Error.captureStackTrace(error,this.configureSubnet),error}const az=subnet.availabilityZone,gatewayId=this.gateways.pick(az).instanceId;subnet.addRoute("DefaultRoute",{routerType:vpc_1().RouterType.INSTANCE,routerId:gatewayId,enablesInternetConnectivity:!0})}}exports.NatInstanceProvider=NatInstanceProvider,_c=JSII_RTTI_SYMBOL_1,NatInstanceProvider[_c]={fqn:"aws-cdk-lib.aws_ec2.NatInstanceProvider",version:"2.185.0"};class PrefSet{constructor(){this.map={},this.vals=new Array,this.next=0}add(pref,value){this.map[pref]=value,this.vals.push([pref,value])}pick(pref){if(this.vals.length===0)throw new Error("Cannot pick, set is empty");return pref in this.map?this.map[pref]:this.vals[this.next++%this.vals.length][1]}values(){return this.vals}}class NatInstanceProviderV2 extends NatProvider{get gatewayInstances(){return this.gateways.values().map(([,instance])=>instance)}constructor(props){super(),this.props=props,this.gateways=new PrefSet;try{jsiiDeprecationWarnings().aws_cdk_lib_aws_ec2_NatInstanceProps(props)}catch(error){throw process.env.JSII_DEBUG!=="1"&&error.name==="DeprecationError"&&Error.captureStackTrace(error,NatInstanceProviderV2),error}if(props.defaultAllowedTraffic!==void 0&&props.allowAllTraffic!==void 0)throw new Error("Can not specify both of 'defaultAllowedTraffic' and 'defaultAllowedTraffic'; prefer 'defaultAllowedTraffic'");if(props.keyName&&props.keyPair)throw new Error("Cannot specify both of 'keyName' and 'keyPair'; prefer 'keyPair'")}configureNat(options){try{jsiiDeprecationWarnings().aws_cdk_lib_aws_ec2_ConfigureNatOptions(options)}catch(error){throw process.env.JSII_DEBUG!=="1"&&error.name==="DeprecationError"&&Error.captureStackTrace(error,this.configureNat),error}const defaultDirection=this.props.defaultAllowedTraffic??(this.props.allowAllTraffic??!0?NatTrafficDirection.INBOUND_AND_OUTBOUND:NatTrafficDirection.OUTBOUND_ONLY),machineImage=this.props.machineImage||new(machine_image_1()).AmazonLinuxImage({generation:machine_image_1().AmazonLinuxGeneration.AMAZON_LINUX_2023,cpuType:this.props.instanceType.architecture==instance_types_1().InstanceArchitecture.ARM_64?machine_image_1().AmazonLinuxCpuType.ARM_64:void 0});this._securityGroup=this.props.securityGroup??new(security_group_1()).SecurityGroup(options.vpc,"NatSecurityGroup",{vpc:options.vpc,description:"Security Group for NAT instances",allowAllOutbound:isOutboundAllowed(defaultDirection)}),this._connections=new(connections_1()).Connections({securityGroups:[this._securityGroup]}),isInboundAllowed(defaultDirection)&&this.connections.allowFromAnyIpv4(port_1().Port.allTraffic());let userData=this.props.userData;userData||(userData=user_data_1().UserData.forLinux(),userData.addCommands(...NatInstanceProviderV2.DEFAULT_USER_DATA_COMMANDS));for(const sub of options.natSubnets){const natInstance=new(instance_1()).Instance(sub,"NatInstance",{instanceType:this.props.instanceType,machineImage,sourceDestCheck:!1,vpc:options.vpc,vpcSubnets:{subnets:[sub]},associatePublicIpAddress:this.props.associatePublicIpAddress,securityGroup:this._securityGroup,keyPair:this.props.keyPair,keyName:this.props.keyName,creditSpecification:this.props.creditSpecification,userData});this.gateways.add(sub.availabilityZone,natInstance)}for(const sub of options.privateSubnets)this.configureSubnet(sub)}get securityGroup(){if(!this._securityGroup)throw new Error("Pass the NatInstanceProvider to a Vpc before accessing 'securityGroup'");return this._securityGroup}get connections(){if(!this._connections)throw new Error("Pass the NatInstanceProvider to a Vpc before accessing 'connections'");return this._connections}get configuredGateways(){return this.gateways.values().map(x=>({az:x[0],gatewayId:x[1].instanceId}))}configureSubnet(subnet){try{jsiiDeprecationWarnings().aws_cdk_lib_aws_ec2_PrivateSubnet(subnet)}catch(error){throw process.env.JSII_DEBUG!=="1"&&error.name==="DeprecationError"&&Error.captureStackTrace(error,this.configureSubnet),error}const az=subnet.availabilityZone,gatewayId=this.gateways.pick(az).instanceId;subnet.addRoute("DefaultRoute",{routerType:vpc_1().RouterType.INSTANCE,routerId:gatewayId,enablesInternetConnectivity:!0})}}exports.NatInstanceProviderV2=NatInstanceProviderV2,_d=JSII_RTTI_SYMBOL_1,NatInstanceProviderV2[_d]={fqn:"aws-cdk-lib.aws_ec2.NatInstanceProviderV2",version:"2.185.0"},NatInstanceProviderV2.DEFAULT_USER_DATA_COMMANDS=["yum install iptables-services -y","systemctl enable iptables","systemctl start iptables",'echo "net.ipv4.ip_forward=1" > /etc/sysctl.d/custom-ip-forwarding.conf',"sudo sysctl -p /etc/sysctl.d/custom-ip-forwarding.conf","sudo /sbin/iptables -t nat -A POSTROUTING -o $(route | awk '/^default/{print $NF}') -j MASQUERADE","sudo /sbin/iptables -F FORWARD","sudo service iptables save"];class NatInstanceImage extends machine_image_1().LookupMachineImage{constructor(){super({name:"amzn-ami-vpc-nat-*",owners:["amazon"]})}}exports.NatInstanceImage=NatInstanceImage,_e=JSII_RTTI_SYMBOL_1,NatInstanceImage[_e]={fqn:"aws-cdk-lib.aws_ec2.NatInstanceImage",version:"2.185.0"};function isOutboundAllowed(direction){return direction===NatTrafficDirection.INBOUND_AND_OUTBOUND||direction===NatTrafficDirection.OUTBOUND_ONLY}function isInboundAllowed(direction){return direction===NatTrafficDirection.INBOUND_AND_OUTBOUND}function pickN(i,xs){if(core_1().Token.isUnresolved(xs))return core_1().Fn.select(i,xs);if(i>=xs.length)throw new Error(`Cannot get element ${i} from ${xs}`);return xs[i]}