aws-cdk-lib.aws_ec2.InterfaceVpcEndpointOptions

interface InterfaceVpcEndpointOptions

LanguageType name
.NETAmazon.CDK.AWS.EC2.InterfaceVpcEndpointOptions
Gogithub.com/aws/aws-cdk-go/awscdk/v2/awsec2#InterfaceVpcEndpointOptions
Javasoftware.amazon.awscdk.services.ec2.InterfaceVpcEndpointOptions
Pythonaws_cdk.aws_ec2.InterfaceVpcEndpointOptions
TypeScript (source)aws-cdk-lib » aws_ec2 » InterfaceVpcEndpointOptions

Options to add an interface endpoint to a VPC.

Example

    // Add gateway endpoints when creating the VPC
    const vpc = new ec2.Vpc(this, 'MyVpc', {
      gatewayEndpoints: {
        S3: {
          service: ec2.GatewayVpcEndpointAwsService.S3,
        },
      },
    });

    // Alternatively gateway endpoints can be added on the VPC
    const dynamoDbEndpoint = vpc.addGatewayEndpoint('DynamoDbEndpoint', {
      service: ec2.GatewayVpcEndpointAwsService.DYNAMODB,
    });

    // This allows to customize the endpoint policy
    dynamoDbEndpoint.addToPolicy(
      new iam.PolicyStatement({ // Restrict to listing and describing tables
        principals: [new iam.AnyPrincipal()],
        actions: ['dynamodb:DescribeTable', 'dynamodb:ListTables'],
        resources: ['*'],
      }));

    // Add an interface endpoint
    vpc.addInterfaceEndpoint('EcrDockerEndpoint', {
      service: ec2.InterfaceVpcEndpointAwsService.ECR_DOCKER,

      // Uncomment the following to allow more fine-grained control over
      // who can access the endpoint via the '.connections' object.
      // open: false
    });

Properties

NameTypeDescription
serviceIInterfaceVpcEndpointServiceThe service to use for this interface VPC endpoint.
lookupSupportedAzs?booleanLimit to only those availability zones where the endpoint service can be created.
open?booleanWhether to automatically allow VPC traffic to the endpoint.
privateDnsEnabled?booleanWhether to associate a private hosted zone with the specified VPC.
securityGroups?ISecurityGroup[]The security groups to associate with this interface VPC endpoint.
subnets?SubnetSelectionThe subnets in which to create an endpoint network interface.

service

Type: IInterfaceVpcEndpointService

The service to use for this interface VPC endpoint.


lookupSupportedAzs?

Type: boolean (optional, default: false)

Limit to only those availability zones where the endpoint service can be created.

Setting this to 'true' requires a lookup to be performed at synthesis time. Account and region must be set on the containing stack for this to work.


open?

Type: boolean (optional, default: true)

Whether to automatically allow VPC traffic to the endpoint.

If enabled, all traffic to the endpoint from within the VPC will be automatically allowed. This is done based on the VPC's CIDR range.


privateDnsEnabled?

Type: boolean (optional, default: set by the instance of IInterfaceVpcEndpointService, or true if not defined by the instance of IInterfaceVpcEndpointService)

Whether to associate a private hosted zone with the specified VPC.

This allows you to make requests to the service using its default DNS hostname.


securityGroups?

Type: ISecurityGroup[] (optional, default: a new security group is created)

The security groups to associate with this interface VPC endpoint.


subnets?

Type: SubnetSelection (optional, default: private subnets)

The subnets in which to create an endpoint network interface.

At most one per availability zone.