aws-cdk-lib/aws-ec2/lib/bastion-host.js

Version 2 of the AWS Cloud Development Kit library

"use strict";var __runInitializers=exports&&exports.__runInitializers||function(thisArg,initializers,value){for(var useValue=arguments.length>2,i=0;i<initializers.length;i++)value=useValue?initializers[i].call(thisArg,value):initializers[i].call(thisArg);return useValue?value:void 0},__esDecorate=exports&&exports.__esDecorate||function(ctor,descriptorIn,decorators,contextIn,initializers,extraInitializers){function accept(f){if(f!==void 0&&typeof f!="function")throw new TypeError("Function expected");return f}for(var kind=contextIn.kind,key=kind==="getter"?"get":kind==="setter"?"set":"value",target=!descriptorIn&&ctor?contextIn.static?ctor:ctor.prototype:null,descriptor=descriptorIn||(target?Object.getOwnPropertyDescriptor(target,contextIn.name):{}),_,done=!1,i=decorators.length-1;i>=0;i--){var context={};for(var p in contextIn)context[p]=p==="access"?{}:contextIn[p];for(var p in contextIn.access)context.access[p]=contextIn.access[p];context.addInitializer=function(f){if(done)throw new TypeError("Cannot add initializers after decoration has completed");extraInitializers.push(accept(f||null))};var result=(0,decorators[i])(kind==="accessor"?{get:descriptor.get,set:descriptor.set}:descriptor[key],context);if(kind==="accessor"){if(result===void 0)continue;if(result===null||typeof result!="object")throw new TypeError("Object expected");(_=accept(result.get))&&(descriptor.get=_),(_=accept(result.set))&&(descriptor.set=_),(_=accept(result.init))&&initializers.unshift(_)}else(_=accept(result))&&(kind==="field"?initializers.unshift(_):descriptor[key]=_)}target&&Object.defineProperty(target,contextIn.name,descriptor),done=!0};Object.defineProperty(exports,"__esModule",{value:!0}),exports.BastionHostLinux=void 0;var jsiiDeprecationWarnings=()=>{var tmp=require("../../.warnings.jsii.js");return jsiiDeprecationWarnings=()=>tmp,tmp};const JSII_RTTI_SYMBOL_1=Symbol.for("jsii.rtti");var _1=()=>{var tmp=require(".");return _1=()=>tmp,tmp},instance_1=()=>{var tmp=require("./instance");return instance_1=()=>tmp,tmp},machine_image_1=()=>{var tmp=require("./machine-image");return machine_image_1=()=>tmp,tmp},port_1=()=>{var tmp=require("./port");return port_1=()=>tmp,tmp},aws_iam_1=()=>{var tmp=require("../../aws-iam");return aws_iam_1=()=>tmp,tmp},core_1=()=>{var tmp=require("../../core");return core_1=()=>tmp,tmp},metadata_resource_1=()=>{var tmp=require("../../core/lib/metadata-resource");return metadata_resource_1=()=>tmp,tmp},prop_injectable_1=()=>{var tmp=require("../../core/lib/prop-injectable");return prop_injectable_1=()=>tmp,tmp},cx_api_1=()=>{var tmp=require("../../cx-api");return cx_api_1=()=>tmp,tmp};let BastionHostLinux=(()=>{let _classDecorators=[prop_injectable_1().propertyInjectable],_classDescriptor,_classExtraInitializers=[],_classThis,_classSuper=core_1().Resource,_instanceExtraInitializers=[],_allowSshAccessFrom_decorators;var BastionHostLinux2=class extends _classSuper{static{_classThis=this}static{const _metadata=typeof Symbol=="function"&&Symbol.metadata?Object.create(_classSuper[Symbol.metadata]??null):void 0;_allowSshAccessFrom_decorators=[(0,metadata_resource_1().MethodMetadata)()],__esDecorate(this,null,_allowSshAccessFrom_decorators,{kind:"method",name:"allowSshAccessFrom",static:!1,private:!1,access:{has:obj=>"allowSshAccessFrom"in obj,get:obj=>obj.allowSshAccessFrom},metadata:_metadata},null,_instanceExtraInitializers),__esDecorate(null,_classDescriptor={value:_classThis},_classDecorators,{kind:"class",name:_classThis.name,metadata:_metadata},null,_classExtraInitializers),BastionHostLinux2=_classThis=_classDescriptor.value,_metadata&&Object.defineProperty(_classThis,Symbol.metadata,{enumerable:!0,configurable:!0,writable:!0,value:_metadata})}static[JSII_RTTI_SYMBOL_1]={fqn:"aws-cdk-lib.aws_ec2.BastionHostLinux",version:"2.233.0"};static PROPERTY_INJECTION_ID="aws-cdk-lib.aws-ec2.BastionHostLinux";stack=__runInitializers(this,_instanceExtraInitializers);connections;role;grantPrincipal;instance;instanceId;instanceAvailabilityZone;instancePrivateDnsName;instancePrivateIp;instancePublicDnsName;instancePublicIp;constructor(scope,id,props){super(scope,id);try{jsiiDeprecationWarnings().aws_cdk_lib_aws_ec2_BastionHostLinuxProps(props)}catch(error){throw process.env.JSII_DEBUG!=="1"&&error.name==="DeprecationError"&&Error.captureStackTrace(error,BastionHostLinux2),error}(0,metadata_resource_1().addConstructMetadata)(this,props),this.stack=core_1().Stack.of(scope);const instanceType=props.instanceType??_1().InstanceType.of(_1().InstanceClass.T3,_1().InstanceSize.NANO);this.instance=new(instance_1()).Instance(this,"Resource",{vpc:props.vpc,availabilityZone:props.availabilityZone,securityGroup:props.securityGroup,instanceName:props.instanceName??"BastionHost",instanceType,machineImage:this.getMachineImage(this,instanceType,props),vpcSubnets:props.subnetSelection??{},blockDevices:props.blockDevices??void 0,init:props.init,initOptions:props.initOptions,requireImdsv2:props.requireImdsv2??!1,userDataCausesReplacement:props.userDataCausesReplacement}),this.instance.addToRolePolicy(new(aws_iam_1()).PolicyStatement({actions:["ssmmessages:*","ssm:UpdateInstanceInformation","ec2messages:*"],resources:["*"]})),this.connections=this.instance.connections,this.role=this.instance.role,this.grantPrincipal=this.instance.role,this.instanceId=this.instance.instanceId,this.instancePrivateIp=this.instance.instancePrivateIp,this.instanceAvailabilityZone=this.instance.instanceAvailabilityZone,this.instancePrivateDnsName=this.instance.instancePrivateDnsName,this.instancePublicIp=this.instance.instancePublicIp,this.instancePublicDnsName=this.instance.instancePublicDnsName,new(core_1()).CfnOutput(this,"BastionHostId",{description:"Instance ID of the bastion host. Use this to connect via SSM Session Manager",value:this.instanceId})}get instanceRef(){return{instanceId:this.instanceId}}toAmazonLinuxCpuType(architecture){if(architecture===_1().InstanceArchitecture.ARM_64)return machine_image_1().AmazonLinuxCpuType.ARM_64;if(architecture===_1().InstanceArchitecture.X86_64)return machine_image_1().AmazonLinuxCpuType.X86_64;throw new(core_1()).UnscopedValidationError(`Unsupported instance architecture '${architecture}'`)}allowSshAccessFrom(...peer){try{jsiiDeprecationWarnings().aws_cdk_lib_aws_ec2_IPeer(peer)}catch(error){throw process.env.JSII_DEBUG!=="1"&&error.name==="DeprecationError"&&Error.captureStackTrace(error,this.allowSshAccessFrom),error}peer.forEach(p=>{this.connections.allowFrom(p,port_1().Port.tcp(22),"SSH access")})}getMachineImage(scope,instanceType,props){const defaultMachineImage=core_1().FeatureFlags.of(scope).isEnabled(cx_api_1().BASTION_HOST_USE_AMAZON_LINUX_2023_BY_DEFAULT)?machine_image_1().MachineImage.latestAmazonLinux2023({cpuType:this.toAmazonLinuxCpuType(instanceType.architecture)}):machine_image_1().MachineImage.latestAmazonLinux2({cpuType:this.toAmazonLinuxCpuType(instanceType.architecture)});return props.machineImage??defaultMachineImage}static{__runInitializers(_classThis,_classExtraInitializers)}};return BastionHostLinux2=_classThis})();exports.BastionHostLinux=BastionHostLinux;