UNPKG

aws-cdk-lib

Version:

Version 2 of the AWS Cloud Development Kit library

github.com/aws/aws-cdk

aws/aws-cdk

138 lines (137 loc) 4.73 kB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
import { IPeer } from './peer'; import { Port } from './port'; import { ISecurityGroup } from './security-group'; /** * The goal of this module is to make possible to write statements like this: * * ```ts * database.connections.allowFrom(fleet); * fleet.connections.allowTo(database); * rdgw.connections.allowFromCidrIp('0.3.1.5/86'); * rgdw.connections.allowTrafficTo(fleet, new AllPorts()); * ``` * * The insight here is that some connecting peers have information on what ports should * be involved in the connection, and some don't. */ /** * An object that has a Connections object */ export interface IConnectable { /** * The network connections associated with this resource. */ readonly connections: Connections; } /** * Properties to intialize a new Connections object */ export interface ConnectionsProps { /** * Class that represents the rule by which others can connect to this connectable * * This object is required, but will be derived from securityGroup if that is passed. * * @default Derived from securityGroup if set. */ readonly peer?: IPeer; /** * What securityGroup(s) this object is managing connections for * * @default No security groups */ readonly securityGroups?: ISecurityGroup[]; /** * Default port range for initiating connections to and from this object * * @default - No default port */ readonly defaultPort?: Port; } /** * Manage the allowed network connections for constructs with Security Groups. * * Security Groups can be thought of as a firewall for network-connected * devices. This class makes it easy to allow network connections to and * from security groups, and between security groups individually. When * establishing connectivity between security groups, it will automatically * add rules in both security groups * * This object can manage one or more security groups. */ export declare class Connections implements IConnectable { readonly connections: Connections; /** * The default port configured for this connection peer, if available */ readonly defaultPort?: Port; /** * Underlying securityGroup for this Connections object, if present * * May be empty if this Connections object is not managing a SecurityGroup, * but simply representing a Connectable peer. */ private readonly _securityGroups; /** * The rule that defines how to represent this peer in a security group */ private readonly _securityGroupRules; /** * When doing bidirectional grants between Connections, make sure we don't recursive infinitely */ private skip; /** * When doing bidirectional grants between Security Groups in different stacks, put the rule on the other SG */ private remoteRule; constructor(props?: ConnectionsProps); get securityGroups(): ISecurityGroup[]; /** * Add a security group to the list of security groups managed by this object */ addSecurityGroup(...securityGroups: ISecurityGroup[]): void; /** * Allow connections to the peer on the given port */ allowTo(other: IConnectable, portRange: Port, description?: string): void; /** * Allow connections from the peer on the given port */ allowFrom(other: IConnectable, portRange: Port, description?: string): void; /** * Allow hosts inside the security group to connect to each other on the given port */ allowInternally(portRange: Port, description?: string): void; /** * Allow to all IPv4 ranges */ allowToAnyIpv4(portRange: Port, description?: string): void; /** * Allow from any IPv4 ranges */ allowFromAnyIpv4(portRange: Port, description?: string): void; /** * Allow connections from the peer on our default port * * Even if the peer has a default port, we will always use our default port. */ allowDefaultPortFrom(other: IConnectable, description?: string): void; /** * Allow hosts inside the security group to connect to each other */ allowDefaultPortInternally(description?: string): void; /** * Allow default connections from all IPv4 ranges */ allowDefaultPortFromAnyIpv4(description?: string): void; /** * Allow connections to the security group on their default port */ allowToDefaultPort(other: IConnectable, description?: string): void; /** * Allow connections from the peer on our default port * * Even if the peer has a default port, we will always use our default port. */ allowDefaultPortTo(other: IConnectable, description?: string): void; }