aws-cdk-lib.aws_ec2.GatewayVpcEndpoint

class GatewayVpcEndpoint (construct)

LanguageType name
.NETAmazon.CDK.AWS.EC2.GatewayVpcEndpoint
Gogithub.com/aws/aws-cdk-go/awscdk/v2/awsec2#GatewayVpcEndpoint
Javasoftware.amazon.awscdk.services.ec2.GatewayVpcEndpoint
Pythonaws_cdk.aws_ec2.GatewayVpcEndpoint
TypeScript (source)aws-cdk-lib » aws_ec2 » GatewayVpcEndpoint

Implements IConstruct, IDependable, IResource, IVpcEndpoint, IGatewayVpcEndpoint

A gateway VPC endpoint.

Example

    // Add gateway endpoints when creating the VPC
    const vpc = new ec2.Vpc(this, 'MyVpc', {
      gatewayEndpoints: {
        S3: {
          service: ec2.GatewayVpcEndpointAwsService.S3,
        },
      },
    });

    // Alternatively gateway endpoints can be added on the VPC
    const dynamoDbEndpoint = vpc.addGatewayEndpoint('DynamoDbEndpoint', {
      service: ec2.GatewayVpcEndpointAwsService.DYNAMODB,
    });

    // This allows to customize the endpoint policy
    dynamoDbEndpoint.addToPolicy(
      new iam.PolicyStatement({ // Restrict to listing and describing tables
        principals: [new iam.AnyPrincipal()],
        actions: ['dynamodb:DescribeTable', 'dynamodb:ListTables'],
        resources: ['*'],
      }));

    // Add an interface endpoint
    vpc.addInterfaceEndpoint('EcrDockerEndpoint', {
      service: ec2.InterfaceVpcEndpointAwsService.ECR_DOCKER,

      // Uncomment the following to allow more fine-grained control over
      // who can access the endpoint via the '.connections' object.
      // open: false
    });

Initializer

new GatewayVpcEndpoint(scope: Construct, id: string, props: GatewayVpcEndpointProps)

Parameters

  • scope Construct
  • id string
  • props GatewayVpcEndpointProps

Construct Props

NameTypeDescription
serviceIGatewayVpcEndpointServiceThe service to use for this gateway VPC endpoint.
vpcIVpcThe VPC network in which the gateway endpoint will be used.
subnets?SubnetSelection[]Where to add endpoint routing.

service

Type: IGatewayVpcEndpointService

The service to use for this gateway VPC endpoint.


vpc

Type: IVpc

The VPC network in which the gateway endpoint will be used.


subnets?

Type: SubnetSelection[] (optional, default: All subnets in the VPC)

Where to add endpoint routing.

By default, this endpoint will be routable from all subnets in the VPC. Specify a list of subnet selection objects here to be more specific. Example

declare const vpc: ec2.Vpc;

vpc.addGatewayEndpoint('DynamoDbEndpoint', {
  service: ec2.GatewayVpcEndpointAwsService.DYNAMODB,
  // Add only to ISOLATED subnets
  subnets: [
    { subnetType: ec2.SubnetType.PRIVATE_ISOLATED }
  ]
});

Properties

NameTypeDescription
envResourceEnvironmentThe environment this resource belongs to.
nodeNodeThe tree node.
stackStackThe stack in which this resource is defined.
vpcEndpointCreationTimestampstringThe date and time the gateway VPC endpoint was created.
vpcEndpointDnsEntriesstring[]
vpcEndpointIdstringThe gateway VPC endpoint identifier.
vpcEndpointNetworkInterfaceIdsstring[]

env

Type: ResourceEnvironment

The environment this resource belongs to.

For resources that are created and managed by the CDK (generally, those created by creating new class instances like Role, Bucket, etc.), this is always the same as the environment of the stack they belong to; however, for imported resources (those obtained from static methods like fromRoleArn, fromBucketName, etc.), that might be different than the stack they were imported into.


node

Type: Node

The tree node.


stack

Type: Stack

The stack in which this resource is defined.


vpcEndpointCreationTimestamp

Type: string

The date and time the gateway VPC endpoint was created.


vpcEndpointDnsEntries

Type: string[]


vpcEndpointId

Type: string

The gateway VPC endpoint identifier.


vpcEndpointNetworkInterfaceIds

Type: string[]

Methods

NameDescription
addToPolicy(statement)Adds a statement to the policy document of the VPC endpoint. The statement must have a Principal.
applyRemovalPolicy(policy)Apply the given removal policy to this resource.
toString()Returns a string representation of this construct.
static fromGatewayVpcEndpointId(scope, id, gatewayVpcEndpointId)

addToPolicy(statement)

public addToPolicy(statement: PolicyStatement): void

Parameters

  • statement PolicyStatement — the IAM statement to add.

Adds a statement to the policy document of the VPC endpoint. The statement must have a Principal.

Not all interface VPC endpoints support policy. For more information see https://docs.aws.amazon.com/vpc/latest/userguide/vpce-interface.html


applyRemovalPolicy(policy)

public applyRemovalPolicy(policy: RemovalPolicy): void

Parameters

  • policy RemovalPolicy

Apply the given removal policy to this resource.

The Removal Policy controls what happens to this resource when it stops being managed by CloudFormation, either because you've removed it from the CDK application or because you've made a change that requires the resource to be replaced.

The resource can be deleted (RemovalPolicy.DESTROY), or left in your AWS account for data recovery and cleanup later (RemovalPolicy.RETAIN).


toString()

public toString(): string

Returns

  • string

Returns a string representation of this construct.


static fromGatewayVpcEndpointId(scope, id, gatewayVpcEndpointId)

public static fromGatewayVpcEndpointId(scope: Construct, id: string, gatewayVpcEndpointId: string): IGatewayVpcEndpoint

Parameters

  • scope Construct
  • id string
  • gatewayVpcEndpointId string

Returns

  • IGatewayVpcEndpoint