aws-cdk.aws-ec2-alpha 2.156.0a0

The CDK construct library for VPC V2

Amazon VpcV2 Construct Library

---

The APIs of higher level constructs in this module are experimental and under active development. They are subject to non-backward compatible changes or removal in any future version. These are not subject to the Semantic Versioning model and breaking changes will be announced in the release notes. This means that while you may use them, you may need to update your source code when upgrading to a newer version of this package.

---

VpcV2

VpcV2 is a re-write of the ec2.Vpc construct. This new construct enables higher level of customization on the VPC being created. VpcV2 implements the existing IVpc, therefore, VpcV2 is compatible with other constructs that accepts IVpc (e.g. ApplicationLoadBalancer).

To create a VPC with both IPv4 and IPv6 support:

stack = Stack()
vpc_v2.VpcV2(self, "Vpc",
    primary_address_block=vpc_v2.IpAddresses.ipv4("10.0.0.0/24"),
    secondary_address_blocks=[
        vpc_v2.IpAddresses.amazon_provided_ipv6(cidr_block_name="AmazonProvidedIpv6")
    ]
)

VpcV2 does not automatically create subnets or allocate IP addresses, which is different from the Vpc construct.

Importing existing VPC in an account into CDK as a VpcV2 is not yet supported.

SubnetV2

SubnetV2 is a re-write of the ec2.Subnet construct. This new construct can be used to add subnets to a VpcV2 instance:

stack = Stack()
my_vpc = vpc_v2.VpcV2(self, "Vpc",
    secondary_address_blocks=[
        vpc_v2.IpAddresses.amazon_provided_ipv6(cidr_block_name="AmazonProvidedIp")
    ]
)

vpc_v2.SubnetV2(self, "subnetA",
    vpc=my_vpc,
    availability_zone="us-east-1a",
    ipv4_cidr_block=vpc_v2.IpCidr("10.0.0.0/24"),
    ipv6_cidr_block=vpc_v2.IpCidr("2a05:d02c:25:4000::/60"),
    subnet_type=ec2.SubnetType.PRIVATE_ISOLATED
)

Same as VpcV2, importing existing subnets is not yet supported.

IP Addresses Management

By default VpcV2 uses 10.0.0.0/16 as the primary CIDR if none is defined. Additional CIDRs can be adding to the VPC via the secondaryAddressBlocks prop. The following example illustrates the different options of defining the address blocks:

stack = Stack()
ipam = Ipam(self, "Ipam",
    operating_region=["us-west-1"]
)
ipam_public_pool = ipam.public_scope.add_pool("PublicPoolA",
    address_family=vpc_v2.AddressFamily.IP_V6,
    aws_service=AwsServiceName.EC2,
    locale="us-west-1",
    public_ip_source=vpc_v2.IpamPoolPublicIpSource.AMAZON
)
ipam_public_pool.provision_cidr("PublicPoolACidrA", netmask_length=52)

ipam_private_pool = ipam.private_scope.add_pool("PrivatePoolA",
    address_family=vpc_v2.AddressFamily.IP_V4
)
ipam_private_pool.provision_cidr("PrivatePoolACidrA", netmask_length=8)

vpc_v2.VpcV2(self, "Vpc",
    primary_address_block=vpc_v2.IpAddresses.ipv4("10.0.0.0/24"),
    secondary_address_blocks=[
        vpc_v2.IpAddresses.amazon_provided_ipv6(cidr_block_name="AmazonIpv6"),
        vpc_v2.IpAddresses.ipv6_ipam(
            ipam_pool=ipam_public_pool,
            netmask_length=52,
            cidr_block_name="ipv6Ipam"
        ),
        vpc_v2.IpAddresses.ipv4_ipam(
            ipam_pool=ipam_private_pool,
            netmask_length=8,
            cidr_block_name="ipv4Ipam"
        )
    ]
)

Since VpcV2 does not create subnets automatically, users have full control over IP addresses allocation across subnets.

Routing

RouteTable is a new construct that allows for route tables to be customized in a variety of ways. For instance, the following example shows how a custom route table can be created and appended to a subnet:

my_vpc = vpc_v2.VpcV2(self, "Vpc")
route_table = vpc_v2.RouteTable(self, "RouteTable",
    vpc=my_vpc
)
subnet = vpc_v2.SubnetV2(self, "Subnet",
    vpc=my_vpc,
    route_table=route_table,
    availability_zone="eu-west-2a",
    ipv4_cidr_block=IpCidr("10.0.0.0/24"),
    subnet_type=ec2.SubnetType.PRIVATE_ISOLATED
)

Routes can be created to link subnets to various different AWS services via gateways and endpoints. Each unique route target has its own dedicated construct that can be routed to a given subnet via the Route construct. An example using the InternetGateway construct can be seen below:

stack = Stack()
my_vpc = vpc_v2.VpcV2(self, "Vpc")
route_table = vpc_v2.RouteTable(self, "RouteTable",
    vpc=my_vpc
)
subnet = vpc_v2.SubnetV2(self, "Subnet",
    vpc=my_vpc,
    availability_zone="eu-west-2a",
    ipv4_cidr_block=IpCidr("10.0.0.0/24"),
    subnet_type=ec2.SubnetType.PRIVATE_ISOLATED
)

igw = vpc_v2.InternetGateway(self, "IGW",
    vpc=my_vpc
)
vpc_v2.Route(self, "IgwRoute",
    route_table=route_table,
    destination="0.0.0.0/0",
    target={"gateway": igw}
)

Other route targets may require a deeper set of parameters to set up properly. For instance, the example below illustrates how to set up a NatGateway:

my_vpc = vpc_v2.VpcV2(self, "Vpc")
route_table = vpc_v2.RouteTable(self, "RouteTable",
    vpc=my_vpc
)
subnet = vpc_v2.SubnetV2(self, "Subnet",
    vpc=my_vpc,
    availability_zone="eu-west-2a",
    ipv4_cidr_block=IpCidr("10.0.0.0/24"),
    subnet_type=ec2.SubnetType.PRIVATE_ISOLATED
)

natgw = vpc_v2.NatGateway(self, "NatGW",
    subnet=subnet,
    vpc=my_vpc,
    connectivity_type=NatConnectivityType.PRIVATE,
    private_ip_address="10.0.0.42"
)
vpc_v2.Route(self, "NatGwRoute",
    route_table=route_table,
    destination="0.0.0.0/0",
    target={"gateway": natgw}
)

It is also possible to set up endpoints connecting other AWS services. For instance, the example below illustrates the linking of a Dynamo DB endpoint via the existing ec2.GatewayVpcEndpoint construct as a route target:

my_vpc = vpc_v2.VpcV2(self, "Vpc")
route_table = vpc_v2.RouteTable(self, "RouteTable",
    vpc=my_vpc
)
subnet = vpc_v2.SubnetV2(self, "Subnet",
    vpc=my_vpc,
    availability_zone="eu-west-2a",
    ipv4_cidr_block=IpCidr("10.0.0.0/24"),
    subnet_type=ec2.SubnetType.PRIVATE
)

dynamo_endpoint = ec2.GatewayVpcEndpoint(self, "DynamoEndpoint",
    service=ec2.GatewayVpcEndpointAwsService.DYNAMODB,
    vpc=my_vpc,
    subnets=[subnet]
)
vpc_v2.Route(self, "DynamoDBRoute",
    route_table=route_table,
    destination="0.0.0.0/0",
    target={"endpoint": dynamo_endpoint}
)