aws-cdk-lib.aws_ec2.InterfaceVpcEndpoint

class InterfaceVpcEndpoint (construct)

LanguageType name
.NETAmazon.CDK.AWS.EC2.InterfaceVpcEndpoint
Gogithub.com/aws/aws-cdk-go/awscdk/v2/awsec2#InterfaceVpcEndpoint
Javasoftware.amazon.awscdk.services.ec2.InterfaceVpcEndpoint
Pythonaws_cdk.aws_ec2.InterfaceVpcEndpoint
TypeScript (source)aws-cdk-lib » aws_ec2 » InterfaceVpcEndpoint

Implements IConstruct, IDependable, IResource, IVpcEndpoint, IInterfaceVpcEndpoint, IConnectable

A interface VPC endpoint.

Example

declare const vpc: ec2.Vpc;

new ec2.InterfaceVpcEndpoint(this, 'VPC Endpoint', {
  vpc,
  service: new ec2.InterfaceVpcEndpointService('com.amazonaws.vpce.us-east-1.vpce-svc-uuddlrlrbastrtsvc', 443),
  // Choose which availability zones to place the VPC endpoint in, based on
  // available AZs
  subnets: {
    availabilityZones: ['us-east-1a', 'us-east-1c']
  }
});

Initializer

new InterfaceVpcEndpoint(scope: Construct, id: string, props: InterfaceVpcEndpointProps)

Parameters

  • scope Construct
  • id string
  • props InterfaceVpcEndpointProps

Construct Props

NameTypeDescription
serviceIInterfaceVpcEndpointServiceThe service to use for this interface VPC endpoint.
vpcIVpcThe VPC network in which the interface endpoint will be used.
lookupSupportedAzs?booleanLimit to only those availability zones where the endpoint service can be created.
open?booleanWhether to automatically allow VPC traffic to the endpoint.
privateDnsEnabled?booleanWhether to associate a private hosted zone with the specified VPC.
securityGroups?ISecurityGroup[]The security groups to associate with this interface VPC endpoint.
subnets?SubnetSelectionThe subnets in which to create an endpoint network interface.

service

Type: IInterfaceVpcEndpointService

The service to use for this interface VPC endpoint.


vpc

Type: IVpc

The VPC network in which the interface endpoint will be used.


lookupSupportedAzs?

Type: boolean (optional, default: false)

Limit to only those availability zones where the endpoint service can be created.

Setting this to 'true' requires a lookup to be performed at synthesis time. Account and region must be set on the containing stack for this to work.


open?

Type: boolean (optional, default: true)

Whether to automatically allow VPC traffic to the endpoint.

If enabled, all traffic to the endpoint from within the VPC will be automatically allowed. This is done based on the VPC's CIDR range.


privateDnsEnabled?

Type: boolean (optional, default: set by the instance of IInterfaceVpcEndpointService, or true if not defined by the instance of IInterfaceVpcEndpointService)

Whether to associate a private hosted zone with the specified VPC.

This allows you to make requests to the service using its default DNS hostname.


securityGroups?

Type: ISecurityGroup[] (optional, default: a new security group is created)

The security groups to associate with this interface VPC endpoint.


subnets?

Type: SubnetSelection (optional, default: private subnets)

The subnets in which to create an endpoint network interface.

At most one per availability zone.

Properties

NameTypeDescription
connectionsConnectionsAccess to network connections.
envResourceEnvironmentThe environment this resource belongs to.
nodeNodeThe tree node.
stackStackThe stack in which this resource is defined.
vpcEndpointCreationTimestampstringThe date and time the interface VPC endpoint was created.
vpcEndpointDnsEntriesstring[]The DNS entries for the interface VPC endpoint.
vpcEndpointIdstringThe interface VPC endpoint identifier.
vpcEndpointNetworkInterfaceIdsstring[]One or more network interfaces for the interface VPC endpoint.

connections

Type: Connections

Access to network connections.


env

Type: ResourceEnvironment

The environment this resource belongs to.

For resources that are created and managed by the CDK (generally, those created by creating new class instances like Role, Bucket, etc.), this is always the same as the environment of the stack they belong to; however, for imported resources (those obtained from static methods like fromRoleArn, fromBucketName, etc.), that might be different than the stack they were imported into.


node

Type: Node

The tree node.


stack

Type: Stack

The stack in which this resource is defined.


vpcEndpointCreationTimestamp

Type: string

The date and time the interface VPC endpoint was created.


vpcEndpointDnsEntries

Type: string[]

The DNS entries for the interface VPC endpoint.

Each entry is a combination of the hosted zone ID and the DNS name. The entries are ordered as follows: regional public DNS, zonal public DNS, private DNS, and wildcard DNS. This order is not enforced for AWS Marketplace services.

The following is an example. In the first entry, the hosted zone ID is Z1HUB23UULQXV and the DNS name is vpce-01abc23456de78f9g-12abccd3.ec2.us-east-1.vpce.amazonaws.com.

["Z1HUB23UULQXV:vpce-01abc23456de78f9g-12abccd3.ec2.us-east-1.vpce.amazonaws.com", "Z1HUB23UULQXV:vpce-01abc23456de78f9g-12abccd3-us-east-1a.ec2.us-east-1.vpce.amazonaws.com", "Z1C12344VYDITB0:ec2.us-east-1.amazonaws.com"]

If you update the PrivateDnsEnabled or SubnetIds properties, the DNS entries in the list will change.


vpcEndpointId

Type: string

The interface VPC endpoint identifier.


vpcEndpointNetworkInterfaceIds

Type: string[]

One or more network interfaces for the interface VPC endpoint.

Methods

NameDescription
addToPolicy(statement)Adds a statement to the policy document of the VPC endpoint. The statement must have a Principal.
applyRemovalPolicy(policy)Apply the given removal policy to this resource.
toString()Returns a string representation of this construct.
static fromInterfaceVpcEndpointAttributes(scope, id, attrs)Imports an existing interface VPC endpoint.

addToPolicy(statement)

public addToPolicy(statement: PolicyStatement): void

Parameters

  • statement PolicyStatement — the IAM statement to add.

Adds a statement to the policy document of the VPC endpoint. The statement must have a Principal.

Not all interface VPC endpoints support policy. For more information see https://docs.aws.amazon.com/vpc/latest/userguide/vpce-interface.html


applyRemovalPolicy(policy)

public applyRemovalPolicy(policy: RemovalPolicy): void

Parameters

  • policy RemovalPolicy

Apply the given removal policy to this resource.

The Removal Policy controls what happens to this resource when it stops being managed by CloudFormation, either because you've removed it from the CDK application or because you've made a change that requires the resource to be replaced.

The resource can be deleted (RemovalPolicy.DESTROY), or left in your AWS account for data recovery and cleanup later (RemovalPolicy.RETAIN).


toString()

public toString(): string

Returns

  • string

Returns a string representation of this construct.


static fromInterfaceVpcEndpointAttributes(scope, id, attrs)

public static fromInterfaceVpcEndpointAttributes(scope: Construct, id: string, attrs: InterfaceVpcEndpointAttributes): IInterfaceVpcEndpoint

Parameters

  • scope Construct
  • id string
  • attrs InterfaceVpcEndpointAttributes

Returns

  • IInterfaceVpcEndpoint

Imports an existing interface VPC endpoint.