UNPKG

cdk-twingate

Version:

![GitHub Workflow Status](https://img.shields.io/github/actions/workflow/status/Hawxy/cdk-twingate/build.yml?label=Build%20%26%20Release&style=flat-square) [![npm](https://img.shields.io/npm/v/cdk-twingate?style=flat-square)](https://www.npmjs.com/package

github.com/Hawxy/cdk-twingate

Hawxy/cdk-twingate

95 lines (94 loc) 2.92 kB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
import { AmazonLinuxCpuType, Instance, InstanceType, ISecurityGroup, IVpc, SubnetSelection } from 'aws-cdk-lib/aws-ec2'; import { ISecret } from 'aws-cdk-lib/aws-secretsmanager'; import { Construct } from 'constructs'; export interface SecretsManagerKeys { /** * Secret manager location where the twingate auth key is stored. Must be in the standard key/value JSON format. */ readonly secret: ISecret; /** * The key of the access token value located within the provided secret. */ readonly accessTokenKey: string; /** * The key of the refresh token value located within the provided secret. */ readonly refreshTokenKey: string; } export interface UnsafeStringKeys { /** * Provides an access token as a plaintext string. */ readonly accessToken: string; /** * Provides an api key as a plaintext string. */ readonly refreshToken: string; } export interface TwingateCredentials { /** * Fetches the credentials from secrets manager. This value will be fetched during EC2 startup. */ readonly secretsManager?: SecretsManagerKeys; /** * Provides credentials as plaintext strings. * CAUTION: This option will expose the credentials in your CDK template. */ readonly unsafeStringKeys?: UnsafeStringKeys; } export interface TwingateConnectorProps { /** * VPC to launch the instance in. */ readonly vpc: IVpc; /** * The full domain of your Twingate instance, ie https://mycompany.twingate.com */ readonly twingateDomain: string; /** * Credential settings for the twingate auth keys. One type must be used. */ readonly twingateCredentials: TwingateCredentials; /** * In which AZ to place the instance within the VPC. * * @default - Random zone. */ readonly availabilityZone?: string; /** * The name of the instance. * * @default RandomlyGenerated */ readonly instanceName?: string; /** * Select the subnets to run the EC2 in. * PUBLIC subnets are used by default to support P2P connections. * * @default - PUBLIC subnets of the supplied VPC */ readonly subnetSelection?: SubnetSelection; /** * Security Group to assign to this instance. * * @default - Creates a new security group with all outbound traffic permitted. */ readonly securityGroup?: ISecurityGroup; /** * Type of instance to launch. * * @default 't3a.micro' */ readonly instanceType?: InstanceType; /** * CPU Type of the instance. * * @default AmazonLinuxCpuType.X86_64 */ readonly cpuType?: AmazonLinuxCpuType; } export declare class TwingateConnector extends Construct { readonly bastion: Instance; constructor(scope: Construct, id: string, props: TwingateConnectorProps); private computeCredentials; }