How to use the @aws-cdk/aws-ec2.SubnetType function in @aws-cdk/aws-ec2
To help you get started, we’ve selected a few @aws-cdk/aws-ec2 examples, based on popular ways it is used in public projects.
Secure your code as it's written. Use Snyk Code to scan source code in minutes - no build needed - and fix issues immediately.
duo-labs / cloudmapper / auditor / lib / cloudmapperauditor-stack.js View on Github 
var config = yaml.safeLoad(fs.readFileSync('./s3_bucket_files/cdk_app.yaml', 'utf8'));
if (config['s3_bucket'] == 'MYCOMPANY-cloudmapper') {
console.log("You must configure the CDK app by editing ./s3_bucket_files/cdk_app.yaml");
process.exit(1);
}
// Create VPC to run everything in. We make this public just because we don't
// want to spend $30/mo on a NAT gateway.
const vpc = new ec2.Vpc(this, 'CloudMapperVpc', {
maxAzs: 1,
natGateways: 0,
subnetConfiguration: [
{
name: 'Public',
subnetType: ec2.SubnetType.PUBLIC
}
]
});
// Define the ECS task
const cluster = new ecs.Cluster(this, 'Cluster', { vpc });
const taskDefinition = new ecs.FargateTaskDefinition(this, 'taskDefinition', {});
taskDefinition.addContainer('cloudmapper-container', {
image: ecs.ContainerImage.fromAsset('./resources'),
memoryLimitMiB: 512,
cpu: 256,
environment: {
S3_BUCKET: config['s3_bucket'],
MINIMUM_ALERT_SEVERITY: config['minimum_alert_severity']iam.ManagedPolicy.fromAwsManagedPolicyName('AmazonEKSServicePolicy'),
],
});
const securityGroup = props.securityGroup || new ec2.SecurityGroup(this, 'ControlPlaneSecurityGroup', {
vpc: this.vpc,
description: 'EKS Control Plane Security Group',
});
this.connections = new ec2.Connections({
securityGroups: [securityGroup],
defaultPort: ec2.Port.tcp(443), // Control Plane has an HTTPS API
});
// Get subnetIds for all selected subnets
const placements = props.vpcSubnets || [{ subnetType: ec2.SubnetType.PUBLIC }, { subnetType: ec2.SubnetType.PRIVATE }];
const subnetIds = [...new Set(Array().concat(...placements.map(s => this.vpc.selectSubnets(s).subnetIds)))];
const clusterProps: CfnClusterProps = {
name: this.physicalName,
roleArn: this.role.roleArn,
version: props.version,
resourcesVpcConfig: {
securityGroupIds: [securityGroup.securityGroupId],
subnetIds
}
};
let resource;
this.kubectlEnabled = props.kubectlEnabled === undefined ? true : props.kubectlEnabled;
if (this.kubectlEnabled) {
resource = new ClusterResource(this, 'Resource', clusterProps);protected configureAwsVpcNetworking(
vpc: ec2.IVpc,
assignPublicIp?: boolean,
subnetSelection?: ec2.SubnetSelection,
securityGroup?: ec2.ISecurityGroup) {
if (subnetSelection === undefined) {
subnetSelection = { subnetType: assignPublicIp ? ec2.SubnetType.PUBLIC : ec2.SubnetType.PRIVATE };
}
// If none is given here, one will be created later on during bind()
this.securityGroup = securityGroup;
this.networkConfiguration = {
AwsvpcConfiguration: {
AssignPublicIp: assignPublicIp !== undefined ? (assignPublicIp ? 'ENABLED' : 'DISABLED') : undefined,
Subnets: vpc.selectSubnets(subnetSelection).subnetIds,
SecurityGroups: cdk.Lazy.listValue({ produce: () => [this.securityGroup!.securityGroupId] }),
}
};
}// This IAM privilege has no paths or conditions
resources: ["*"],
actions: ['secretsmanager:GetSecretValue'],
conditions: {'ForAnyValue:StringLike':{'secretsmanager:SecretId': '*cloudmapper-slack-webhook*'}}
}));
// Create rule to trigger this be run every 24 hours
new events.Rule(this, "scheduled_run", {
ruleName: "cloudmapper_scheduler",
// Run at 2am EST (6am UTC) every night
schedule: events.Schedule.expression("cron(0 6 * * ? *)"),
description: "Starts the CloudMapper auditing task every night",
targets: [new targets.EcsTask({
cluster: cluster,
taskDefinition: taskDefinition,
subnetSelection: {subnetType: ec2.SubnetType.PUBLIC}
})]
});
// Create rule to trigger this manually
new events.Rule(this, "manual_run", {
ruleName: "cloudmapper_manual_run",
eventPattern: {source: ['cloudmapper']},
description: "Allows CloudMapper auditing to be manually started",
targets: [new targets.EcsTask({
cluster: cluster,
taskDefinition: taskDefinition,
subnetSelection: {subnetType: ec2.SubnetType.PUBLIC}
})]
});
// Create alarm for any errorsif (this.taskDefinition.isFargateCompatible) {
policyStatements.push(new iam.PolicyStatement({
actions: ['iam:PassRole'],
resources: [this.taskDefinition.taskRole.roleArn]
}));
}
const arn = this.cluster.clusterArn;
const role = singletonEventRole(this.taskDefinition, policyStatements);
const containerOverrides = this.props.containerOverrides && this.props.containerOverrides
.map(({ containerName, ...overrides }) => ({ name: containerName, ...overrides }));
const input = { containerOverrides };
const taskCount = this.taskCount;
const taskDefinitionArn = this.taskDefinition.taskDefinitionArn;
const subnetSelection = this.props.subnetSelection || { subnetType: ec2.SubnetType.PRIVATE };
const assignPublicIp = subnetSelection.subnetType === ec2.SubnetType.PUBLIC ? 'ENABLED' : 'DISABLED';
const baseEcsParameters = { taskCount, taskDefinitionArn };
const ecsParameters: events.CfnRule.EcsParametersProperty = this.taskDefinition.networkMode === ecs.NetworkMode.AWS_VPC
? {
...baseEcsParameters,
launchType: this.taskDefinition.isEc2Compatible ? 'EC2' : 'FARGATE',
networkConfiguration: {
awsVpcConfiguration: {
subnets: this.props.cluster.vpc.selectSubnets(subnetSelection).subnetIds,
assignPublicIp,
securityGroups: this.securityGroup && [this.securityGroup.securityGroupId]
}
}
}policyStatements.push(new iam.PolicyStatement({
actions: ['iam:PassRole'],
resources: [this.taskDefinition.taskRole.roleArn]
}));
}
const arn = this.cluster.clusterArn;
const role = singletonEventRole(this.taskDefinition, policyStatements);
const containerOverrides = this.props.containerOverrides && this.props.containerOverrides
.map(({ containerName, ...overrides }) => ({ name: containerName, ...overrides }));
const input = { containerOverrides };
const taskCount = this.taskCount;
const taskDefinitionArn = this.taskDefinition.taskDefinitionArn;
const subnetSelection = this.props.subnetSelection || { subnetType: ec2.SubnetType.PRIVATE };
const assignPublicIp = subnetSelection.subnetType === ec2.SubnetType.PUBLIC ? 'ENABLED' : 'DISABLED';
const baseEcsParameters = { taskCount, taskDefinitionArn };
const ecsParameters: events.CfnRule.EcsParametersProperty = this.taskDefinition.networkMode === ecs.NetworkMode.AWS_VPC
? {
...baseEcsParameters,
launchType: this.taskDefinition.isEc2Compatible ? 'EC2' : 'FARGATE',
networkConfiguration: {
awsVpcConfiguration: {
subnets: this.props.cluster.vpc.selectSubnets(subnetSelection).subnetIds,
assignPublicIp,
securityGroups: this.securityGroup && [this.securityGroup.securityGroupId]
}
}
}
: baseEcsParameters;@aws-cdk/aws-ec2
The CDK Construct Library for AWS::EC2
Package Health Score
67 / 100Popular @aws-cdk/aws-ec2 functions
- @aws-cdk/aws-ec2.AmazonLinuxGeneration
- @aws-cdk/aws-ec2.AnyIPv4
- @aws-cdk/aws-ec2.Connections
- @aws-cdk/aws-ec2.InstanceSize
- @aws-cdk/aws-ec2.InstanceType
- @aws-cdk/aws-ec2.OperatingSystemType
- @aws-cdk/aws-ec2.Port
- @aws-cdk/aws-ec2.Port.tcp
- @aws-cdk/aws-ec2.SecurityGroup
- @aws-cdk/aws-ec2.Subnet
- @aws-cdk/aws-ec2.Subnet.isVpcSubnet
- @aws-cdk/aws-ec2.SubnetType
- @aws-cdk/aws-ec2.SubnetType.ISOLATED
- @aws-cdk/aws-ec2.SubnetType.PRIVATE
- @aws-cdk/aws-ec2.TcpPort
- @aws-cdk/aws-ec2.UserData
- @aws-cdk/aws-ec2.Vpc
- @aws-cdk/aws-ec2.VpcNetwork
- @aws-cdk/aws-ec2.VpcNetworkProvider