aws-cdk-lib.aws_ec2.Instance

class Instance (construct)

LanguageType name
.NETAmazon.CDK.AWS.EC2.Instance
Gogithub.com/aws/aws-cdk-go/awscdk/v2/awsec2#Instance
Javasoftware.amazon.awscdk.services.ec2.Instance
Pythonaws_cdk.aws_ec2.Instance
TypeScript (source)aws-cdk-lib » aws_ec2 » Instance

Implements IConstruct, IDependable, IResource, IInstance, IConnectable, IGrantable

This represents a single EC2 instance.

Example

declare const vpc: ec2.IVpc;
const lb = new elb.LoadBalancer(this, 'LB', {
  vpc,
  internetFacing: true,
});

// instance to add as the target for load balancer.
const instance = new ec2.Instance(this, 'targetInstance', {
  vpc: vpc,
  instanceType: ec2.InstanceType.of(ec2.InstanceClass.BURSTABLE2, ec2.InstanceSize.MICRO),
  machineImage: new ec2.AmazonLinuxImage({ generation: ec2.AmazonLinuxGeneration.AMAZON_LINUX_2 }),
});
lb.addTarget(new elb.InstanceTarget(instance));

Initializer

new Instance(scope: Construct, id: string, props: InstanceProps)

Parameters

  • scope Construct
  • id string
  • props InstanceProps

Construct Props

NameTypeDescription
instanceTypeInstanceTypeType of instance to launch.
machineImageIMachineImageAMI to launch.
vpcIVpcVPC to launch the instance in.
allowAllOutbound?booleanWhether the instance could initiate connections to anywhere by default.
associatePublicIpAddress?booleanWhether to associate a public IP address to the primary network interface attached to this instance.
availabilityZone?stringIn which AZ to place the instance within the VPC.
blockDevices?BlockDevice[]Specifies how block devices are exposed to the instance. You can specify virtual devices and EBS volumes.
detailedMonitoring?booleanWhether "Detailed Monitoring" is enabled for this instance Keep in mind that Detailed Monitoring results in extra charges.
init?CloudFormationInitApply the given CloudFormation Init configuration to the instance at startup.
initOptions?ApplyCloudFormationInitOptionsUse the given options for applying CloudFormation Init.
instanceName?stringThe name of the instance.
keyName?stringName of SSH keypair to grant access to instance.
privateIpAddress?stringDefines a private IP address to associate with an instance.
propagateTagsToVolumeOnCreation?booleanPropagate the EC2 instance tags to the EBS volumes.
requireImdsv2?booleanWhether IMDSv2 should be required on this instance.
resourceSignalTimeout?DurationThe length of time to wait for the resourceSignalCount.
role?IRoleAn IAM role to associate with the instance profile assigned to this Auto Scaling Group.
securityGroup?ISecurityGroupSecurity Group to assign to this instance.
sourceDestCheck?booleanSpecifies whether to enable an instance launched in a VPC to perform NAT.
ssmSessionPermissions?booleanAdd SSM session permissions to the instance role.
userData?UserDataSpecific UserData to use.
userDataCausesReplacement?booleanChanges to the UserData force replacement.
vpcSubnets?SubnetSelectionWhere to place the instance within the VPC.

instanceType

Type: InstanceType

Type of instance to launch.


machineImage

Type: IMachineImage

AMI to launch.


vpc

Type: IVpc

VPC to launch the instance in.


allowAllOutbound?

Type: boolean (optional, default: true)

Whether the instance could initiate connections to anywhere by default.

This property is only used when you do not provide a security group.


associatePublicIpAddress?

Type: boolean (optional, default: public IP address is automatically assigned based on default behavior)

Whether to associate a public IP address to the primary network interface attached to this instance.


availabilityZone?

Type: string (optional, default: Random zone.)

In which AZ to place the instance within the VPC.


blockDevices?

Type: BlockDevice[] (optional, default: Uses the block device mapping of the AMI)

Specifies how block devices are exposed to the instance. You can specify virtual devices and EBS volumes.

Each instance that is launched has an associated root device volume, either an Amazon EBS volume or an instance store volume. You can use block device mappings to specify additional EBS volumes or instance store volumes to attach to an instance when it is launched.

See also: https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/block-device-mapping-concepts.html


detailedMonitoring?

Type: boolean (optional, default: false)

Whether "Detailed Monitoring" is enabled for this instance Keep in mind that Detailed Monitoring results in extra charges.

See also: http://aws.amazon.com/cloudwatch/pricing/


init?

Type: CloudFormationInit (optional, default: no CloudFormation init)

Apply the given CloudFormation Init configuration to the instance at startup.


initOptions?

Type: ApplyCloudFormationInitOptions (optional, default: default options)

Use the given options for applying CloudFormation Init.

Describes the configsets to use and the timeout to wait


instanceName?

Type: string (optional, default: CDK generated name)

The name of the instance.


keyName?

Type: string (optional, default: No SSH access will be possible.)

Name of SSH keypair to grant access to instance.


privateIpAddress?

Type: string (optional, default: no association)

Defines a private IP address to associate with an instance.

Private IP should be available within the VPC that the instance is build within.


propagateTagsToVolumeOnCreation?

Type: boolean (optional, default: false)

Propagate the EC2 instance tags to the EBS volumes.


requireImdsv2?

Type: boolean (optional, default: false)

Whether IMDSv2 should be required on this instance.


resourceSignalTimeout?

Type: Duration (optional, default: Duration.minutes(5))

The length of time to wait for the resourceSignalCount.

The maximum value is 43200 (12 hours).


role?

Type: IRole (optional, default: A role will automatically be created, it can be accessed via the role property)

An IAM role to associate with the instance profile assigned to this Auto Scaling Group.

The role must be assumable by the service principal ec2.amazonaws.com: Example

const role = new iam.Role(this, 'MyRole', {
  assumedBy: new iam.ServicePrincipal('ec2.amazonaws.com')
});

securityGroup?

Type: ISecurityGroup (optional, default: create new security group)

Security Group to assign to this instance.


sourceDestCheck?

Type: boolean (optional, default: true)

Specifies whether to enable an instance launched in a VPC to perform NAT.

This controls whether source/destination checking is enabled on the instance. A value of true means that checking is enabled, and false means that checking is disabled. The value must be false for the instance to perform NAT.


ssmSessionPermissions?

Type: boolean (optional, default: false)

Add SSM session permissions to the instance role.

Setting this to true adds the necessary permissions to connect to the instance using SSM Session Manager. You can do this from the AWS Console.

NOTE: Setting this flag to true may not be enough by itself. You must also use an AMI that comes with the SSM Agent, or install the SSM Agent yourself. See Working with SSM Agent in the SSM Developer Guide.


userData?

Type: UserData (optional, default: A UserData object appropriate for the MachineImage's Operating System is created.)

Specific UserData to use.

The UserData may still be mutated after creation.


userDataCausesReplacement?

Type: boolean (optional, default: true iff initOptions is specified, false otherwise.)

Changes to the UserData force replacement.

Depending the EC2 instance type, changing UserData either restarts the instance or replaces the instance.

  • Instance store-backed instances are replaced.
  • EBS-backed instances are restarted.

By default, restarting does not execute the new UserData so you will need a different mechanism to ensure the instance is restarted.

Setting this to true will make the instance's Logical ID depend on the UserData, which will cause CloudFormation to replace it if the UserData changes.


vpcSubnets?

Type: SubnetSelection (optional, default: Private subnets.)

Where to place the instance within the VPC.

Properties

NameTypeDescription
connectionsConnectionsAllows specify security group connections for the instance.
envResourceEnvironmentThe environment this resource belongs to.
grantPrincipalIPrincipalThe principal to grant permissions to.
instanceCfnInstancethe underlying instance resource.
instanceAvailabilityZonestringThe availability zone the instance was launched in.
instanceIdstringThe instance's ID.
instancePrivateDnsNamestringPrivate DNS name for this instance.
instancePrivateIpstringPrivate IP for this instance.
instancePublicDnsNamestringPublicly-routable DNS name for this instance.
instancePublicIpstringPublicly-routable IP address for this instance.
nodeNodeThe tree node.
osTypeOperatingSystemTypeThe type of OS the instance is running.
roleIRoleThe IAM role assumed by the instance.
stackStackThe stack in which this resource is defined.
userDataUserDataUserData for the instance.

connections

Type: Connections

Allows specify security group connections for the instance.


env

Type: ResourceEnvironment

The environment this resource belongs to.

For resources that are created and managed by the CDK (generally, those created by creating new class instances like Role, Bucket, etc.), this is always the same as the environment of the stack they belong to; however, for imported resources (those obtained from static methods like fromRoleArn, fromBucketName, etc.), that might be different than the stack they were imported into.


grantPrincipal

Type: IPrincipal

The principal to grant permissions to.


instance

Type: CfnInstance

the underlying instance resource.


instanceAvailabilityZone

Type: string

The availability zone the instance was launched in.


instanceId

Type: string

The instance's ID.


instancePrivateDnsName

Type: string

Private DNS name for this instance.


instancePrivateIp

Type: string

Private IP for this instance.


instancePublicDnsName

Type: string

Publicly-routable DNS name for this instance.

(May be an empty string if the instance does not have a public name).


instancePublicIp

Type: string

Publicly-routable IP address for this instance.

(May be an empty string if the instance does not have a public IP).


node

Type: Node

The tree node.


osType

Type: OperatingSystemType

The type of OS the instance is running.


role

Type: IRole

The IAM role assumed by the instance.


stack

Type: Stack

The stack in which this resource is defined.


userData

Type: UserData

UserData for the instance.

Methods

NameDescription
addSecurityGroup(securityGroup)Add the security group to the instance.
addToRolePolicy(statement)Adds a statement to the IAM role assumed by the instance.
addUserData(...commands)Add command to the startup script of the instance.
applyRemovalPolicy(policy)Apply the given removal policy to this resource.
toString()Returns a string representation of this construct.

addSecurityGroup(securityGroup)

public addSecurityGroup(securityGroup: ISecurityGroup): void

Parameters

  • securityGroup ISecurityGroup — : The security group to add.

Add the security group to the instance.


addToRolePolicy(statement)

public addToRolePolicy(statement: PolicyStatement): void

Parameters

  • statement PolicyStatement

Adds a statement to the IAM role assumed by the instance.


addUserData(...commands)

public addUserData(...commands: string[]): void

Parameters

  • commands string

Add command to the startup script of the instance.

The command must be in the scripting language supported by the instance's OS (i.e. Linux/Windows).


applyRemovalPolicy(policy)

public applyRemovalPolicy(policy: RemovalPolicy): void

Parameters

  • policy RemovalPolicy

Apply the given removal policy to this resource.

The Removal Policy controls what happens to this resource when it stops being managed by CloudFormation, either because you've removed it from the CDK application or because you've made a change that requires the resource to be replaced.

The resource can be deleted (RemovalPolicy.DESTROY), or left in your AWS account for data recovery and cleanup later (RemovalPolicy.RETAIN).


toString()

public toString(): string

Returns

  • string

Returns a string representation of this construct.