UNPKG

aws-cdk-lib

Version:

Version 2 of the AWS Cloud Development Kit library

github.com/aws/aws-cdk

aws/aws-cdk

275 lines (274 loc) 7.08 kB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
import { Construct } from 'constructs'; import { AclCidr, AclTraffic } from './network-acl-types'; import { ISubnet, IVpc, SubnetSelection } from './vpc'; import { IResource, Resource } from '../../core'; /** * A NetworkAcl * * */ export interface INetworkAcl extends IResource { /** * ID for the current Network ACL * @attribute */ readonly networkAclId: string; /** * Add a new entry to the ACL */ addEntry(id: string, options: CommonNetworkAclEntryOptions): NetworkAclEntry; } /** * A NetworkAclBase that is not created in this template * * */ declare abstract class NetworkAclBase extends Resource implements INetworkAcl { abstract readonly networkAclId: string; /** * Add a new entry to the ACL */ addEntry(id: string, options: CommonNetworkAclEntryOptions): NetworkAclEntry; } /** * Properties to create NetworkAcl * * */ export interface NetworkAclProps { /** * The name of the NetworkAcl. * * Since the NetworkAcl resource doesn't support providing a physical name, the value provided here will be recorded in the `Name` tag. * * @default CDK generated name */ readonly networkAclName?: string; /** * The VPC in which to create the NetworkACL. */ readonly vpc: IVpc; /** * Subnets in the given VPC to associate the ACL with * * More subnets can always be added later by calling * `associateWithSubnets()`. * * @default - No subnets associated */ readonly subnetSelection?: SubnetSelection; } /** * Define a new custom network ACL * * By default, will deny all inbound and outbound traffic unless entries are * added explicitly allowing it. * * */ export declare class NetworkAcl extends NetworkAclBase { /** * Import an existing NetworkAcl into this app. */ static fromNetworkAclId(scope: Construct, id: string, networkAclId: string): INetworkAcl; /** * The ID of the NetworkACL * * @attribute */ readonly networkAclId: string; /** * The VPC ID for this NetworkACL * * @attribute */ readonly networkAclVpcId: string; private readonly networkAcl; private readonly vpc; constructor(scope: Construct, id: string, props: NetworkAclProps); /** * Associate the ACL with a given set of subnets */ associateWithSubnet(id: string, selection: SubnetSelection): void; } /** * What action to apply to traffic matching the ACL * * */ export declare enum Action { /** * Allow the traffic */ ALLOW = "allow", /** * Deny the traffic */ DENY = "deny" } /** * A NetworkAclEntry * * */ export interface INetworkAclEntry extends IResource { /** * The network ACL. */ readonly networkAcl: INetworkAcl; } /** * Base class for NetworkAclEntries * * */ declare abstract class NetworkAclEntryBase extends Resource implements INetworkAclEntry { abstract readonly networkAcl: INetworkAcl; } /** * Direction of traffic the AclEntry applies to * * */ export declare enum TrafficDirection { /** * Traffic leaving the subnet */ EGRESS = 0, /** * Traffic entering the subnet */ INGRESS = 1 } /** * Basic NetworkACL entry props * * */ export interface CommonNetworkAclEntryOptions { /** * The name of the NetworkAclEntry. * * It is not recommended to use an explicit group name. * * @default If you don't specify a NetworkAclName, AWS CloudFormation generates a * unique physical ID and uses that ID for the group name. */ readonly networkAclEntryName?: string; /** * The CIDR range to allow or deny. */ readonly cidr: AclCidr; /** * What kind of traffic this ACL rule applies to */ readonly traffic: AclTraffic; /** * Traffic direction, with respect to the subnet, this rule applies to * * @default TrafficDirection.INGRESS */ readonly direction?: TrafficDirection; /** * Whether to allow or deny traffic that matches the rule; valid values are "allow" or "deny". * * Any traffic that is not explicitly allowed is automatically denied in a custom * ACL, all traffic is automatically allowed in a default ACL. * * @default ALLOW */ readonly ruleAction?: Action; /** * Rule number to assign to the entry, such as 100. ACL entries are processed in ascending order by rule number. * Entries can't use the same rule number unless one is an egress rule and the other is an ingress rule. */ readonly ruleNumber: number; } /** * Properties to create NetworkAclEntry * * */ export interface NetworkAclEntryProps extends CommonNetworkAclEntryOptions { /** * The network ACL this entry applies to. */ readonly networkAcl: INetworkAcl; } /** * Define an entry in a Network ACL table * * */ export declare class NetworkAclEntry extends NetworkAclEntryBase { readonly networkAcl: INetworkAcl; constructor(scope: Construct, id: string, props: NetworkAclEntryProps); } /** * A SubnetNetworkAclAssociation * * */ export interface ISubnetNetworkAclAssociation extends IResource { /** * ID for the current SubnetNetworkAclAssociation * @attribute */ readonly subnetNetworkAclAssociationAssociationId: string; } /** * Properties to create a SubnetNetworkAclAssociation * * */ export interface SubnetNetworkAclAssociationProps { /** * The name of the SubnetNetworkAclAssociation. * * It is not recommended to use an explicit name. * * @default If you don't specify a SubnetNetworkAclAssociationName, AWS CloudFormation generates a * unique physical ID and uses that ID for the group name. */ readonly subnetNetworkAclAssociationName?: string; /** * The Network ACL this association is defined for * * @attribute */ readonly networkAcl: INetworkAcl; /** * ID of the Subnet * @attribute */ readonly subnet: ISubnet; } /** * Associate a network ACL with a subnet * * */ declare abstract class SubnetNetworkAclAssociationBase extends Resource implements ISubnetNetworkAclAssociation { abstract readonly subnetNetworkAclAssociationAssociationId: string; } export declare class SubnetNetworkAclAssociation extends SubnetNetworkAclAssociationBase { static fromSubnetNetworkAclAssociationAssociationId(scope: Construct, id: string, subnetNetworkAclAssociationAssociationId: string): ISubnetNetworkAclAssociation; /** * ID for the current SubnetNetworkAclAssociation * @attribute */ readonly subnetNetworkAclAssociationAssociationId: string; /** * ID for the current Network ACL * @attribute */ readonly networkAcl: INetworkAcl; /** * ID of the Subnet * @attribute */ readonly subnet: ISubnet; private association; constructor(scope: Construct, id: string, props: SubnetNetworkAclAssociationProps); } export {};