@aws-cdk/aws-ec2
Advanced tools
Comparing version 0.39.0 to 1.0.0
{ | ||
"name": "@aws-cdk/aws-ec2", | ||
"version": "0.39.0", | ||
"version": "1.0.0", | ||
"description": "CDK Constructs for AWS EC2", | ||
@@ -68,22 +68,22 @@ "main": "lib/index.js", | ||
"devDependencies": { | ||
"@aws-cdk/assert": "^0.39.0", | ||
"cdk-build-tools": "^0.39.0", | ||
"cdk-integ-tools": "^0.39.0", | ||
"cfn2ts": "^0.39.0", | ||
"pkglint": "^0.39.0" | ||
"@aws-cdk/assert": "^1.0.0", | ||
"cdk-build-tools": "^1.0.0", | ||
"cdk-integ-tools": "^1.0.0", | ||
"cfn2ts": "^1.0.0", | ||
"pkglint": "^1.0.0" | ||
}, | ||
"dependencies": { | ||
"@aws-cdk/aws-cloudwatch": "^0.39.0", | ||
"@aws-cdk/aws-iam": "^0.39.0", | ||
"@aws-cdk/aws-ssm": "^0.39.0", | ||
"@aws-cdk/core": "^0.39.0", | ||
"@aws-cdk/cx-api": "^0.39.0" | ||
"@aws-cdk/aws-cloudwatch": "^1.0.0", | ||
"@aws-cdk/aws-iam": "^1.0.0", | ||
"@aws-cdk/aws-ssm": "^1.0.0", | ||
"@aws-cdk/core": "^1.0.0", | ||
"@aws-cdk/cx-api": "^1.0.0" | ||
}, | ||
"homepage": "https://github.com/awslabs/aws-cdk", | ||
"peerDependencies": { | ||
"@aws-cdk/aws-cloudwatch": "^0.39.0", | ||
"@aws-cdk/aws-iam": "^0.39.0", | ||
"@aws-cdk/aws-ssm": "^0.39.0", | ||
"@aws-cdk/core": "^0.39.0", | ||
"@aws-cdk/cx-api": "^0.39.0" | ||
"@aws-cdk/aws-cloudwatch": "^1.0.0", | ||
"@aws-cdk/aws-iam": "^1.0.0", | ||
"@aws-cdk/aws-ssm": "^1.0.0", | ||
"@aws-cdk/core": "^1.0.0", | ||
"@aws-cdk/cx-api": "^1.0.0" | ||
}, | ||
@@ -110,2 +110,2 @@ "engines": { | ||
"stability": "stable" | ||
} | ||
} |
125
README.md
@@ -8,4 +8,2 @@ ## Amazon EC2 Construct Library | ||
> **This is a _developer preview_ (public beta) module. Releases might lack important features and might have | ||
> future breaking changes.** | ||
@@ -55,3 +53,3 @@ --- | ||
name: 'Ingress', | ||
subnetType: SubnetType.Public, | ||
subnetType: ec2.SubnetType.PUBLIC, | ||
}, | ||
@@ -61,3 +59,3 @@ { | ||
name: 'Application', | ||
subnetType: SubnetType.Private, | ||
subnetType: ec2.SubnetType.PRIVATE, | ||
}, | ||
@@ -67,3 +65,3 @@ { | ||
name: 'Database', | ||
subnetType: SubnetType.Isolated, | ||
subnetType: ec2.SubnetType.ISOLATED, | ||
} | ||
@@ -79,17 +77,20 @@ ], | ||
availability zones will be the following: | ||
* IngressSubnet1: 10.0.0.0/24 | ||
* IngressSubnet2: 10.0.1.0/24 | ||
* IngressSubnet3: 10.0.2.0/24 | ||
* ApplicationSubnet1: 10.0.3.0/24 | ||
* ApplicationSubnet2: 10.0.4.0/24 | ||
* ApplicationSubnet3: 10.0.5.0/24 | ||
* DatabaseSubnet1: 10.0.6.0/28 | ||
* DatabaseSubnet2: 10.0.6.16/28 | ||
* DatabaseSubnet3: 10.0.6.32/28 | ||
Subnet Name |Type |IP Block |AZ|Features | ||
------------------|----------|--------------|--|-------- | ||
IngressSubnet1 |`PUBLIC` |`10.0.0.0/24` |#1|NAT Gateway | ||
IngressSubnet2 |`PUBLIC` |`10.0.1.0/24` |#2|NAT Gateway | ||
IngressSubnet3 |`PUBLIC` |`10.0.2.0/24` |#3|NAT Gateway | ||
ApplicationSubnet1|`PRIVATE` |`10.0.3.0/24` |#1|Route to NAT in IngressSubnet1 | ||
ApplicationSubnet2|`PRIVATE` |`10.0.4.0/24` |#2|Route to NAT in IngressSubnet2 | ||
ApplicationSubnet3|`PRIVATE` |`10.0.5.0/24` |#3|Route to NAT in IngressSubnet3 | ||
DatabaseSubnet1 |`ISOLATED`|`10.0.6.0/28` |#1|Only routes within the VPC | ||
DatabaseSubnet2 |`ISOLATED`|`10.0.6.16/28`|#2|Only routes within the VPC | ||
DatabaseSubnet3 |`ISOLATED`|`10.0.6.32/28`|#3|Only routes within the VPC | ||
Each `Public` Subnet will have a NAT Gateway. Each `Private` Subnet will have a | ||
route to the NAT Gateway in the same availability zone. Each `Isolated` subnet | ||
will not have a route to the internet, but is routeable inside the VPC. The | ||
numbers [1-3] will consistently map to availability zones (e.g. IngressSubnet1 | ||
and ApplicationSubnet1 will be in the same avialbility zone). | ||
route to the NAT Gateway in the same availability zone. `Isolated` subnets | ||
will not have a route to the internet, but are routeable within the VPC. The | ||
numbers [1-3] will consistently map to availability zones (e.g. *IngressSubnet1* | ||
and *ApplicationSubnet1* will be in the same avialbility zone). | ||
@@ -119,3 +120,2 @@ `Isolated` Subnets provide simplified secure networking principles, but come at | ||
cidr: '10.0.0.0/16', | ||
natGateways: 1, | ||
subnetConfiguration: [ | ||
@@ -125,7 +125,7 @@ { | ||
name: 'Public', | ||
subnetType: SubnetType.Public, | ||
subnetType: ec2.SubnetType.PUBLIC, | ||
}, | ||
{ | ||
name: 'Application', | ||
subnetType: SubnetType.Private, | ||
subnetType: ec2.SubnetType.PRIVATE, | ||
}, | ||
@@ -135,3 +135,3 @@ { | ||
name: 'Database', | ||
subnetType: SubnetType.Isolated, | ||
subnetType: ec2.SubnetType.ISOLATED, | ||
} | ||
@@ -144,12 +144,15 @@ ], | ||
availability zones will be the following: | ||
* PublicSubnet1: 10.0.0.0/26 | ||
* PublicSubnet2: 10.0.0.64/26 | ||
* PublicSubnet3: 10.0.2.128/26 | ||
* DatabaseSubnet1: 10.0.0.192/27 | ||
* DatabaseSubnet2: 10.0.0.224/27 | ||
* DatabaseSubnet3: 10.0.1.0/27 | ||
* ApplicationSubnet1: 10.0.64.0/18 | ||
* ApplicationSubnet2: 10.0.128.0/18 | ||
* ApplicationSubnet3: 10.0.192.0/18 | ||
Subnet Name |Type | IP Block | ||
------------------|----------|---------------- | ||
PublicSubnet1 |`PUBLIC` |`10.0.0.0/26` | ||
PublicSubnet2 |`PUBLIC` |`10.0.0.64/26` | ||
PublicSubnet3 |`PUBLIC` |`10.0.2.128/26` | ||
DatabaseSubnet1 |`PRIVATE` |`10.0.0.192/27` | ||
DatabaseSubnet2 |`PRIVATE` |`10.0.0.224/27` | ||
DatabaseSubnet3 |`PRIVATE` |`10.0.1.0/27` | ||
ApplicationSubnet1|`ISOLATED`|`10.0.64.0/18` | ||
ApplicationSubnet2|`ISOLATED`|`10.0.128.0/18` | ||
ApplicationSubnet3|`ISOLATED`|`10.0.192.0/18` | ||
Any subnet configuration without a `cidrMask` will be counted up and allocated | ||
@@ -175,3 +178,3 @@ evenly across the remaining IP space. | ||
name: 'Public', | ||
subnetType: SubnetType.Public, | ||
subnetType: ec2.SubnetType.PUBLIC, | ||
natGateway: true, | ||
@@ -181,3 +184,3 @@ }, | ||
name: 'Application', | ||
subnetType: SubnetType.Private, | ||
subnetType: ec2.SubnetType.PRIVATE, | ||
}, | ||
@@ -187,3 +190,3 @@ { | ||
name: 'Database', | ||
subnetType: SubnetType.Isolated, | ||
subnetType: ec2.SubnetType.ISOLATED, | ||
} | ||
@@ -200,3 +203,3 @@ ], | ||
There are situations where the IP space for a subnet or number of subnets | ||
will need to be reserved. This is useful in situations where subnets | ||
will need to be reserved. This is useful in situations where subnets | ||
would need to be added after the vpc is originally deployed, without causing | ||
@@ -215,3 +218,3 @@ IP renumbering for existing subnets. The IP space for a subnet may be reserved | ||
name: 'Public', | ||
subnetType: SubnetType.Public, | ||
subnetType: ec2.SubnetType.PUBLIC, | ||
}, | ||
@@ -221,3 +224,3 @@ { | ||
name: 'Application1', | ||
subnetType: SubnetType.Private, | ||
subnetType: ec2.SubnetType.PRIVATE, | ||
}, | ||
@@ -227,3 +230,3 @@ { | ||
name: 'Application2', | ||
subnetType: SubnetType.Private, | ||
subnetType: ec2.SubnetType.PRIVATE, | ||
reserved: true, | ||
@@ -234,3 +237,3 @@ }, | ||
name: 'Database', | ||
subnetType: SubnetType.Isolated, | ||
subnetType: ec2.SubnetType.ISOLATED, | ||
} | ||
@@ -245,3 +248,3 @@ ], | ||
importantly, this action would not cause the Database subnet to get renumbered, | ||
but rather the IP space that was previously reserved will be used for the | ||
but rather the IP space that was previously reserved will be used for the | ||
subnet provisioned for Application2. The `reserved` property also takes into | ||
@@ -253,4 +256,4 @@ consideration the number of availability zones when reserving IP space. | ||
If you are creating multiple `Stack`s inside the same CDK application, you | ||
can reuse a VPC defined in one Stack in another by using `export()` and | ||
`import()`: | ||
can reuse a VPC defined in one Stack in another by simply passing the VPC | ||
instance around: | ||
@@ -261,3 +264,3 @@ [sharing VPCs between stacks](test/integ.share-vpcs.lit.ts) | ||
If your VPC is created outside your CDK app, you can use `fromLookup()`: | ||
If your VPC is created outside your CDK app, you can use `Vpc.fromLookup()`: | ||
@@ -284,3 +287,3 @@ [importing existing VPCs](test/integ.import-default-vpc.lit.ts) | ||
}); | ||
mySecurityGroup.addIngressRule(new ec2.AnyIPv4(), new ec2.TcpPort(22), 'allow ssh access from the world'); | ||
mySecurityGroup.addIngressRule(ec2.Peer.anyIpv4(), ec2.Port.tcp(22), 'allow ssh access from the world'); | ||
``` | ||
@@ -299,9 +302,9 @@ | ||
// Allow connections from anywhere | ||
loadBalancer.connections.allowFromAnyIpv4(new ec2.TcpPort(443), 'Allow inbound HTTPS'); | ||
loadBalancer.connections.allowFromAnyIpv4(ec2.Port.tcp(443), 'Allow inbound HTTPS'); | ||
// The same, but an explicit IP address | ||
loadBalancer.connections.allowFrom(new ec2.CidrIpv4('1.2.3.4/32'), new ec2.TcpPort(443), 'Allow inbound HTTPS'); | ||
loadBalancer.connections.allowFrom(ec2.Peer.ipv4('1.2.3.4/32'), ec2.Port.tcp(443), 'Allow inbound HTTPS'); | ||
// Allow connection between AutoScalingGroups | ||
appFleet.connections.allowTo(dbFleet, new ec2.TcpPort(443), 'App can call database'); | ||
appFleet.connections.allowTo(dbFleet, ec2.Port.tcp(443), 'App can call database'); | ||
``` | ||
@@ -315,8 +318,8 @@ | ||
// Simple connection peers | ||
let peer = new ec2.CidrIp("10.0.0.0/16"); | ||
let peer = new ec2.AnyIPv4(); | ||
let peer = new ec2.CidrIpv6("::0/0"); | ||
let peer = new ec2.AnyIPv6(); | ||
let peer = new ec2.PrefixList("pl-12345"); | ||
fleet.connections.allowTo(peer, new ec2.TcpPort(443), 'Allow outbound HTTPS'); | ||
let peer = ec2.Peer.ipv4("10.0.0.0/16"); | ||
let peer = ec2.Peer.anyIpv4(); | ||
let peer = ec2.ipv6("::0/0"); | ||
let peer = ec2.anyIpv6(); | ||
let peer = ec2.prefixList("pl-12345"); | ||
fleet.connections.allowTo(peer, ec2.Port.tcp(443), 'Allow outbound HTTPS'); | ||
``` | ||
@@ -328,5 +331,5 @@ | ||
// These automatically create appropriate ingress and egress rules in both security groups | ||
fleet1.connections.allowTo(fleet2, new ec2.TcpPort(80), 'Allow between fleets'); | ||
fleet1.connections.allowTo(fleet2, ec2.Port.tcp(80), 'Allow between fleets'); | ||
fleet.connections.allowTcpPort(80), 'Allow from load balancer'); | ||
fleet.connections.allowFromAnyIpv4(ec2.Port.tcp(80), 'Allow from load balancer'); | ||
``` | ||
@@ -340,6 +343,6 @@ | ||
```ts | ||
new ec2.TcpPort(80) | ||
new ec2.TcpPortRange(60000, 65535) | ||
new ec2.TcpAllPorts() | ||
new ec2.AllConnections() | ||
ec2.Port.tcp(80) | ||
ec2.tcpRange(60000, 65535) | ||
ec2.allTcp() | ||
ec2.allTraffic() | ||
``` | ||
@@ -358,3 +361,3 @@ | ||
`allowDefaultPortFrom()` and omit the port specifier. If the argument has an associated default port, call | ||
`allowToDefaultPort()`. | ||
`allowDefaultPortTo()`. | ||
@@ -368,3 +371,3 @@ For example: | ||
// Port implicit in peer | ||
fleet.connections.allowToDefaultPort(rdsDatabase, 'Fleet can access database'); | ||
fleet.connections.allowDefaultPortTo(rdsDatabase, 'Fleet can access database'); | ||
``` | ||
@@ -371,0 +374,0 @@ |
Sorry, the diff of this file is not supported yet
Sorry, the diff of this file is too big to display
License Policy Violation
LicenseThis package is not allowed per your license policy. Review the package's license to ensure compliance.
Found 1 instance in 1 package
License Policy Violation
LicenseThis package is not allowed per your license policy. Review the package's license to ensure compliance.
Found 1 instance in 1 package
No v1
QualityPackage is not semver >=1. This means it is not stable and does not support ^ ranges.
Found 1 instance in 1 package
3838795
0
423
+ Added@aws-cdk/aws-cloudwatch@1.204.0(transitive)
+ Added@aws-cdk/aws-iam@1.204.0(transitive)
+ Added@aws-cdk/aws-kms@1.204.0(transitive)
+ Added@aws-cdk/aws-ssm@1.204.0(transitive)
+ Added@aws-cdk/cloud-assembly-schema@1.204.0(transitive)
+ Added@aws-cdk/core@1.204.0(transitive)
+ Added@aws-cdk/cx-api@1.204.0(transitive)
+ Added@aws-cdk/region-info@1.204.0(transitive)
+ Addedconstructs@3.4.344(transitive)
- Removed@aws-cdk/aws-cloudwatch@0.39.0(transitive)
- Removed@aws-cdk/aws-iam@0.39.0(transitive)
- Removed@aws-cdk/aws-ssm@0.39.0(transitive)
- Removed@aws-cdk/core@0.39.0(transitive)
- Removed@aws-cdk/cx-api@0.39.0(transitive)
- Removed@aws-cdk/region-info@0.39.0(transitive)
Updated@aws-cdk/aws-iam@^1.0.0
Updated@aws-cdk/aws-ssm@^1.0.0
Updated@aws-cdk/core@^1.0.0
Updated@aws-cdk/cx-api@^1.0.0