awsec2alpha

package module
v2.250.0-alpha.0 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Apr 14, 2026 License: Apache-2.0 Imports: 11 Imported by: 0

README

Amazon VpcV2 Construct Library

---

The APIs of higher level constructs in this module are in developer preview before they become stable. We will only make breaking changes to address unforeseen API issues. Therefore, these APIs are not subject to Semantic Versioning, and breaking changes will be announced in release notes. This means that while you may use them, you may need to update your source code when upgrading to a newer version of this package.

VpcV2

VpcV2 is a re-write of the ec2.Vpc construct. This new construct enables higher level of customization on the VPC being created. VpcV2 implements the existing IVpc, therefore, VpcV2 is compatible with other constructs that accepts IVpc (e.g. ApplicationLoadBalancer).

VpcV2 supports the addition of both primary and secondary addresses. The primary address must be an IPv4 address, which can be specified as a CIDR string or assigned from an IPAM pool. Secondary addresses can be either IPv4 or IPv6. By default, VpcV2 assigns 10.0.0.0/16 as the primary CIDR if no other CIDR is specified.

Below is an example of creating a VPC with both IPv4 and IPv6 support:

stack := awscdk.Newstack()
awsec2alpha.NewVpcV2(this, jsii.String("Vpc"), &VpcV2Props{
	PrimaryAddressBlock: awsec2alpha.IpAddresses_Ipv4(jsii.String("10.0.0.0/24")),
	SecondaryAddressBlocks: []IIpAddresses{
		awsec2alpha.IpAddresses_AmazonProvidedIpv6(&SecondaryAddressProps{
			CidrBlockName: jsii.String("AmazonProvidedIpv6"),
		}),
	},
})

VpcV2 does not automatically create subnets or allocate IP addresses, which is different from the Vpc construct.

SubnetV2

SubnetV2 is a re-write of the ec2.Subnet construct. This new construct can be used to add subnets to a VpcV2 instance: Note: When defining a subnet with SubnetV2, CDK automatically creates a new route table, unless a route table is explicitly provided as an input to the construct. To enable the mapPublicIpOnLaunch feature (which is false by default), set the property to true when creating the subnet.

stack := awscdk.Newstack()
myVpc := awsec2alpha.NewVpcV2(this, jsii.String("Vpc"), &VpcV2Props{
	SecondaryAddressBlocks: []IIpAddresses{
		awsec2alpha.IpAddresses_AmazonProvidedIpv6(&SecondaryAddressProps{
			CidrBlockName: jsii.String("AmazonProvidedIp"),
		}),
	},
})

awsec2alpha.NewSubnetV2(this, jsii.String("subnetA"), &SubnetV2Props{
	Vpc: myVpc,
	AvailabilityZone: jsii.String("us-east-1a"),
	Ipv4CidrBlock: awsec2alpha.NewIpCidr(jsii.String("10.0.0.0/24")),
	Ipv6CidrBlock: awsec2alpha.NewIpCidr(jsii.String("2a05:d02c:25:4000::/60")),
	SubnetType: awscdk.SubnetType_PUBLIC,
	MapPublicIpOnLaunch: jsii.Boolean(true),
})

Since VpcV2 does not create subnets automatically, users have full control over IP addresses allocation across subnets.

IP Addresses Management

Additional CIDRs can be added to the VPC via the secondaryAddressBlocks property. The following example illustrates the options of defining these secondary address blocks using IPAM:

Note: There’s currently an issue with IPAM pool deletion that may affect the cdk --destroy command. This is because IPAM takes time to detect when the IP address pool has been deallocated after the VPC is deleted. The current workaround is to wait until the IP address is fully deallocated from the pool before retrying the deletion. Below command can be used to check allocations for a pool using CLI

aws ec2 get-ipam-pool-allocations --ipam-pool-id <ipam-pool-id>

Ref: https://docs.aws.amazon.com/cli/latest/reference/ec2/get-ipam-pool-allocations.html

stack := awscdk.Newstack()
ipam := awsec2alpha.NewIpam(this, jsii.String("Ipam"), &IpamProps{
	OperatingRegions: []*string{
		jsii.String("us-west-1"),
	},
})
ipamPublicPool := ipam.PublicScope.AddPool(jsii.String("PublicPoolA"), &PoolOptions{
	AddressFamily: awsec2alpha.AddressFamily_IP_V6,
	AwsService: awsec2alpha.AwsServiceName_EC2,
	Locale: jsii.String("us-west-1"),
	PublicIpSource: awsec2alpha.IpamPoolPublicIpSource_AMAZON,
})
ipamPublicPool.ProvisionCidr(jsii.String("PublicPoolACidrA"), &IpamPoolCidrProvisioningOptions{
	NetmaskLength: jsii.Number(52),
})

ipamPrivatePool := ipam.PrivateScope.AddPool(jsii.String("PrivatePoolA"), &PoolOptions{
	AddressFamily: awsec2alpha.AddressFamily_IP_V4,
})
ipamPrivatePool.ProvisionCidr(jsii.String("PrivatePoolACidrA"), &IpamPoolCidrProvisioningOptions{
	NetmaskLength: jsii.Number(8),
})

awsec2alpha.NewVpcV2(this, jsii.String("Vpc"), &VpcV2Props{
	PrimaryAddressBlock: awsec2alpha.IpAddresses_Ipv4(jsii.String("10.0.0.0/24")),
	SecondaryAddressBlocks: []IIpAddresses{
		awsec2alpha.IpAddresses_AmazonProvidedIpv6(&SecondaryAddressProps{
			CidrBlockName: jsii.String("AmazonIpv6"),
		}),
		awsec2alpha.IpAddresses_Ipv6Ipam(&IpamOptions{
			IpamPool: ipamPublicPool,
			NetmaskLength: jsii.Number(52),
			CidrBlockName: jsii.String("ipv6Ipam"),
		}),
		awsec2alpha.IpAddresses_Ipv4Ipam(&IpamOptions{
			IpamPool: ipamPrivatePool,
			NetmaskLength: jsii.Number(8),
			CidrBlockName: jsii.String("ipv4Ipam"),
		}),
	},
})
Bring your own IPv6 addresses (BYOIP)

If you have your own IP address that you would like to use with EC2, you can set up an IPv6 pool via the AWS CLI, and use that pool ID in your application.

Once you have certified your IP address block with an ROA and have obtained an X-509 certificate, you can run the following command to provision your CIDR block in your AWS account:

aws ec2 provision-byoip-cidr --region <region> --cidr <your CIDR block> --cidr-authorization-context Message="1|aws|<account>|<your CIDR block>|<expiration date>|SHA256".Signature="<signature>"

When your BYOIP CIDR is provisioned, you can run the following command to retrieve your IPv6 pool ID, which will be used in your VPC declaration:

aws ec2 describe-byoip-cidr --region <region>

For more help on setting up your IPv6 address, please review the EC2 Documentation.

Once you have provisioned your address block, you can use the IPv6 in your VPC as follows:

myVpc := awsec2alpha.NewVpcV2(this, jsii.String("Vpc"), &VpcV2Props{
	PrimaryAddressBlock: awsec2alpha.IpAddresses_Ipv4(jsii.String("10.1.0.0/16")),
	SecondaryAddressBlocks: []IIpAddresses{
		awsec2alpha.IpAddresses_Ipv6ByoipPool(&Ipv6PoolSecondaryAddressProps{
			CidrBlockName: jsii.String("MyByoipCidrBlock"),
			Ipv6PoolId: jsii.String("ipv6pool-ec2-someHashValue"),
			Ipv6CidrBlock: jsii.String("2001:db8::/32"),
		}),
	},
	EnableDnsHostnames: jsii.Boolean(true),
	EnableDnsSupport: jsii.Boolean(true),
})

Routing

RouteTable is a new construct that allows for route tables to be customized in a variety of ways. Using this construct, a customized route table can be added to the subnets defined using SubnetV2. For instance, the following example shows how a custom route table can be created and appended to a SubnetV2:

myVpc := awsec2alpha.NewVpcV2(this, jsii.String("Vpc"))
routeTable := awsec2alpha.NewRouteTable(this, jsii.String("RouteTable"), &RouteTableProps{
	Vpc: myVpc,
})
subnet := awsec2alpha.NewSubnetV2(this, jsii.String("Subnet"), &SubnetV2Props{
	Vpc: myVpc,
	RouteTable: RouteTable,
	AvailabilityZone: jsii.String("eu-west-2a"),
	Ipv4CidrBlock: awsec2alpha.NewIpCidr(jsii.String("10.0.0.0/24")),
	SubnetType: awscdk.SubnetType_PRIVATE_ISOLATED,
})

Routes can be created to link subnets to various different AWS services via gateways and endpoints. Each unique route target has its own dedicated construct that can be routed to a given subnet via the Route construct. An example using the InternetGateway construct can be seen below:

stack := awscdk.Newstack()
myVpc := awsec2alpha.NewVpcV2(this, jsii.String("Vpc"))
routeTable := awsec2alpha.NewRouteTable(this, jsii.String("RouteTable"), &RouteTableProps{
	Vpc: myVpc,
})
subnet := awsec2alpha.NewSubnetV2(this, jsii.String("Subnet"), &SubnetV2Props{
	Vpc: myVpc,
	AvailabilityZone: jsii.String("eu-west-2a"),
	Ipv4CidrBlock: awsec2alpha.NewIpCidr(jsii.String("10.0.0.0/24")),
	SubnetType: awscdk.SubnetType_PRIVATE_ISOLATED,
})

igw := awsec2alpha.NewInternetGateway(this, jsii.String("IGW"), &InternetGatewayProps{
	Vpc: myVpc,
})
awsec2alpha.NewRoute(this, jsii.String("IgwRoute"), &RouteProps{
	RouteTable: RouteTable,
	Destination: jsii.String("0.0.0.0/0"),
	Target: map[string]iRouteTarget{
		"gateway": igw,
	},
})

Alternatively, Routes can also be created via method addRoute in the RouteTable class. An example using the EgressOnlyInternetGateway construct can be seen below: Note: EgressOnlyInternetGateway can only be used to set up outbound IPv6 routing.

stack := awscdk.Newstack()
myVpc := awsec2alpha.NewVpcV2(this, jsii.String("Vpc"), &VpcV2Props{
	PrimaryAddressBlock: awsec2alpha.IpAddresses_Ipv4(jsii.String("10.1.0.0/16")),
	SecondaryAddressBlocks: []IIpAddresses{
		awsec2alpha.IpAddresses_AmazonProvidedIpv6(&SecondaryAddressProps{
			CidrBlockName: jsii.String("AmazonProvided"),
		}),
	},
})

eigw := awsec2alpha.NewEgressOnlyInternetGateway(this, jsii.String("EIGW"), &EgressOnlyInternetGatewayProps{
	Vpc: myVpc,
})

routeTable := awsec2alpha.NewRouteTable(this, jsii.String("RouteTable"), &RouteTableProps{
	Vpc: myVpc,
})

routeTable.AddRoute(jsii.String("EIGW"), jsii.String("::/0"), map[string]iRouteTarget{
	"gateway": eigw,
})

Other route targets may require a deeper set of parameters to set up properly. For instance, the example below illustrates how to set up a NatGateway:

myVpc := awsec2alpha.NewVpcV2(this, jsii.String("Vpc"))
routeTable := awsec2alpha.NewRouteTable(this, jsii.String("RouteTable"), &RouteTableProps{
	Vpc: myVpc,
})
subnet := awsec2alpha.NewSubnetV2(this, jsii.String("Subnet"), &SubnetV2Props{
	Vpc: myVpc,
	AvailabilityZone: jsii.String("eu-west-2a"),
	Ipv4CidrBlock: awsec2alpha.NewIpCidr(jsii.String("10.0.0.0/24")),
	SubnetType: awscdk.SubnetType_PRIVATE_ISOLATED,
})

natgw := awsec2alpha.NewNatGateway(this, jsii.String("NatGW"), &NatGatewayProps{
	Subnet: subnet,
	Vpc: myVpc,
	ConnectivityType: awsec2alpha.NatConnectivityType_PRIVATE,
	PrivateIpAddress: jsii.String("10.0.0.42"),
})
awsec2alpha.NewRoute(this, jsii.String("NatGwRoute"), &RouteProps{
	RouteTable: RouteTable,
	Destination: jsii.String("0.0.0.0/0"),
	Target: map[string]iRouteTarget{
		"gateway": natgw,
	},
})

It is also possible to set up endpoints connecting other AWS services. For instance, the example below illustrates the linking of a Dynamo DB endpoint via the existing ec2.GatewayVpcEndpoint construct as a route target:

stack := awscdk.Newstack()
myVpc := awsec2alpha.NewVpcV2(this, jsii.String("Vpc"))
routeTable := awsec2alpha.NewRouteTable(this, jsii.String("RouteTable"), &RouteTableProps{
	Vpc: myVpc,
})
subnet := awsec2alpha.NewSubnetV2(this, jsii.String("Subnet"), &SubnetV2Props{
	Vpc: myVpc,
	AvailabilityZone: jsii.String("eu-west-2a"),
	Ipv4CidrBlock: awsec2alpha.NewIpCidr(jsii.String("10.0.0.0/24")),
	SubnetType: awscdk.SubnetType_PRIVATE,
})

dynamoEndpoint := ec2.NewGatewayVpcEndpoint(this, jsii.String("DynamoEndpoint"), &GatewayVpcEndpointProps{
	Service: ec2.GatewayVpcEndpointAwsService_DYNAMODB(),
	Vpc: myVpc,
	Subnets: []SubnetSelection{
		subnet,
	},
})
awsec2alpha.NewRoute(this, jsii.String("DynamoDBRoute"), &RouteProps{
	RouteTable: RouteTable,
	Destination: jsii.String("0.0.0.0/0"),
	Target: map[string]iVpcEndpoint{
		"endpoint": dynamoEndpoint,
	},
})

VPC Peering Connection

VPC peering connection allows you to connect two VPCs and route traffic between them using private IP addresses. The VpcV2 construct supports creating VPC peering connections through the VPCPeeringConnection construct from the route module.

Peering Connection cannot be established between two VPCs with overlapping CIDR ranges. Please make sure the two VPC CIDRs do not overlap with each other else it will throw an error.

For more information, see What is VPC peering?.

The following show examples of how to create a peering connection between two VPCs for all possible combinations of same-account or cross-account, and same-region or cross-region configurations.

Note: You cannot create a VPC peering connection between VPCs that have matching or overlapping CIDR blocks

Case 1: Same Account and Same Region Peering Connection

stack := awscdk.Newstack()

vpcA := awsec2alpha.NewVpcV2(this, jsii.String("VpcA"), &VpcV2Props{
	PrimaryAddressBlock: awsec2alpha.IpAddresses_Ipv4(jsii.String("10.0.0.0/16")),
})

vpcB := awsec2alpha.NewVpcV2(this, jsii.String("VpcB"), &VpcV2Props{
	PrimaryAddressBlock: awsec2alpha.IpAddresses_*Ipv4(jsii.String("10.1.0.0/16")),
})

peeringConnection := vpcA.CreatePeeringConnection(jsii.String("sameAccountSameRegionPeering"), &VPCPeeringConnectionOptions{
	AcceptorVpc: vpcB,
})

Case 2: Same Account and Cross Region Peering Connection

There is no difference from Case 1 when calling createPeeringConnection. The only change is that one of the VPCs are created in another stack with a different region. To establish cross region VPC peering connection, acceptorVpc needs to be imported to the requestor VPC stack using fromVpcV2Attributes method.

app := awscdk.NewApp()

stackA := awscdk.Newstack(app, jsii.String("VpcStackA"), &StackProps{
	Env: &Environment{
		Account: jsii.String("000000000000"),
		Region: jsii.String("us-east-1"),
	},
})
stackB := awscdk.Newstack(app, jsii.String("VpcStackB"), &StackProps{
	Env: &Environment{
		Account: jsii.String("000000000000"),
		Region: jsii.String("us-west-2"),
	},
})

vpcA := awsec2alpha.NewVpcV2(stackA, jsii.String("VpcA"), &VpcV2Props{
	PrimaryAddressBlock: awsec2alpha.IpAddresses_Ipv4(jsii.String("10.0.0.0/16")),
})

awsec2alpha.NewVpcV2(stackB, jsii.String("VpcB"), &VpcV2Props{
	PrimaryAddressBlock: awsec2alpha.IpAddresses_*Ipv4(jsii.String("10.1.0.0/16")),
})

vpcB := awsec2alpha.VpcV2_FromVpcV2Attributes(stackA, jsii.String("ImportedVpcB"), &VpcV2Attributes{
	VpcId: jsii.String("MockVpcBid"),
	VpcCidrBlock: jsii.String("10.1.0.0/16"),
	Region: jsii.String("us-west-2"),
	OwnerAccountId: jsii.String("000000000000"),
})

peeringConnection := vpcA.CreatePeeringConnection(jsii.String("sameAccountCrossRegionPeering"), &VPCPeeringConnectionOptions{
	AcceptorVpc: vpcB,
})

Case 3: Cross Account Peering Connection

For cross-account connections, the acceptor account needs an IAM role that grants the requestor account permission to initiate the connection. Create a new IAM role in the acceptor account using method createAcceptorVpcRole to provide the necessary permissions.

Once role is created in account, provide role arn for field peerRoleArn under method createPeeringConnection

stack := awscdk.Newstack()

acceptorVpc := awsec2alpha.NewVpcV2(this, jsii.String("VpcA"), &VpcV2Props{
	PrimaryAddressBlock: awsec2alpha.IpAddresses_Ipv4(jsii.String("10.0.0.0/16")),
})

acceptorRoleArn := acceptorVpc.CreateAcceptorVpcRole(jsii.String("000000000000"))

After creating an IAM role in the acceptor account, we can initiate the peering connection request from the requestor VPC. Import acceptorVpc to the stack using fromVpcV2Attributes method, it is recommended to specify owner account id of the acceptor VPC in case of cross account peering connection, if acceptor VPC is hosted in different region provide region value for import as well. The following code snippet demonstrates how to set up VPC peering between two VPCs in different AWS accounts using CDK:

stack := awscdk.Newstack()

acceptorVpc := awsec2alpha.VpcV2_FromVpcV2Attributes(this, jsii.String("acceptorVpc"), &VpcV2Attributes{
	VpcId: jsii.String("vpc-XXXX"),
	VpcCidrBlock: jsii.String("10.0.0.0/16"),
	Region: jsii.String("us-east-2"),
	OwnerAccountId: jsii.String("111111111111"),
})

acceptorRoleArn := "arn:aws:iam::111111111111:role/VpcPeeringRole"

requestorVpc := awsec2alpha.NewVpcV2(this, jsii.String("VpcB"), &VpcV2Props{
	PrimaryAddressBlock: awsec2alpha.IpAddresses_Ipv4(jsii.String("10.1.0.0/16")),
})

peeringConnection := requestorVpc.CreatePeeringConnection(jsii.String("crossAccountCrossRegionPeering"), &VPCPeeringConnectionOptions{
	AcceptorVpc: acceptorVpc,
	PeerRoleArn: acceptorRoleArn,
})
Route Table Configuration

After establishing the VPC peering connection, routes must be added to the respective route tables in the VPCs to enable traffic flow. If a route is added to the requestor stack, information will be able to flow from the requestor VPC to the acceptor VPC, but not in the reverse direction. For bi-directional communication, routes need to be added in both VPCs from their respective stacks.

For more information, see Update your route tables for a VPC peering connection.

stack := awscdk.Newstack()

acceptorVpc := awsec2alpha.NewVpcV2(this, jsii.String("VpcA"), &VpcV2Props{
	PrimaryAddressBlock: awsec2alpha.IpAddresses_Ipv4(jsii.String("10.0.0.0/16")),
})

requestorVpc := awsec2alpha.NewVpcV2(this, jsii.String("VpcB"), &VpcV2Props{
	PrimaryAddressBlock: awsec2alpha.IpAddresses_*Ipv4(jsii.String("10.1.0.0/16")),
})

peeringConnection := requestorVpc.CreatePeeringConnection(jsii.String("peeringConnection"), &VPCPeeringConnectionOptions{
	AcceptorVpc: acceptorVpc,
})

routeTable := awsec2alpha.NewRouteTable(this, jsii.String("RouteTable"), &RouteTableProps{
	Vpc: requestorVpc,
})

routeTable.AddRoute(jsii.String("vpcPeeringRoute"), jsii.String("10.0.0.0/16"), map[string]iRouteTarget{
	"gateway": peeringConnection,
})

This can also be done using AWS CLI. For more information, see create-route.

# Add a route to the requestor VPC route table
aws ec2 create-route --route-table-id rtb-requestor --destination-cidr-block 10.0.0.0/16 --vpc-peering-connection-id pcx-xxxxxxxx

# For bi-directional add a route in the acceptor vpc account as well
aws ec2 create-route --route-table-id rtb-acceptor --destination-cidr-block 10.1.0.0/16 --vpc-peering-connection-id pcx-xxxxxxxx
Deleting the Peering Connection

To delete a VPC peering connection, use the following command:

aws ec2 delete-vpc-peering-connection --vpc-peering-connection-id pcx-xxxxxxxx

For more information, see Delete a VPC peering connection.

Adding Egress-Only Internet Gateway to VPC

An egress-only internet gateway is a horizontally scaled, redundant, and highly available VPC component that allows outbound communication over IPv6 from instances in your VPC to the internet, and prevents the internet from initiating an IPv6 connection with your instances.

For more information see Enable outbound IPv6 traffic using an egress-only internet gateway.

VpcV2 supports adding an egress only internet gateway to VPC using the addEgressOnlyInternetGateway method.

By default, this method sets up a route to all outbound IPv6 address ranges, unless a specific destination is provided by the user. It can only be configured for IPv6-enabled VPCs. The Subnets parameter accepts a SubnetFilter, which can be based on a SubnetType in VpcV2. A new route will be added to the route tables of all subnets that match this filter.

stack := awscdk.Newstack()
myVpc := awsec2alpha.NewVpcV2(this, jsii.String("Vpc"), &VpcV2Props{
	PrimaryAddressBlock: awsec2alpha.IpAddresses_Ipv4(jsii.String("10.1.0.0/16")),
	SecondaryAddressBlocks: []IIpAddresses{
		awsec2alpha.IpAddresses_AmazonProvidedIpv6(&SecondaryAddressProps{
			CidrBlockName: jsii.String("AmazonProvided"),
		}),
	},
})
routeTable := awsec2alpha.NewRouteTable(this, jsii.String("RouteTable"), &RouteTableProps{
	Vpc: myVpc,
})
subnet := awsec2alpha.NewSubnetV2(this, jsii.String("Subnet"), &SubnetV2Props{
	Vpc: myVpc,
	AvailabilityZone: jsii.String("eu-west-2a"),
	Ipv4CidrBlock: awsec2alpha.NewIpCidr(jsii.String("10.0.0.0/24")),
	Ipv6CidrBlock: awsec2alpha.NewIpCidr(jsii.String("2001:db8:1::/64")),
	SubnetType: awscdk.SubnetType_PRIVATE,
})

myVpc.AddEgressOnlyInternetGateway(&EgressOnlyInternetGatewayOptions{
	Subnets: []SubnetSelection{
		&SubnetSelection{
			SubnetType: awscdk.SubnetType_PRIVATE,
		},
	},
	Destination: jsii.String("::/60"),
})

Adding NATGateway to the VPC

A NAT gateway is a Network Address Translation (NAT) service.You can use a NAT gateway so that instances in a private subnet can connect to services outside your VPC but external services cannot initiate a connection with those instances.

For more information, see NAT gateway basics.

When you create a NAT gateway, you specify one of the following connectivity types:

Public – (Default): Instances in private subnets can connect to the internet through a public NAT gateway, but cannot receive unsolicited inbound connections from the internet

Private: Instances in private subnets can connect to other VPCs or your on-premises network through a private NAT gateway.

To define the NAT gateway connectivity type as ConnectivityType.Public, you need to ensure that there is an IGW(Internet Gateway) attached to the subnet's VPC. Since a NATGW is associated with a particular subnet, providing subnet field in the input props is mandatory.

Additionally, you can set up a route in any route table with the target set to the NAT Gateway. The function addNatGateway returns a NATGateway object that you can reference later.

The code example below provides the definition for adding a NAT gateway to your subnet:

stack := awscdk.Newstack()
myVpc := awsec2alpha.NewVpcV2(this, jsii.String("Vpc"))
routeTable := awsec2alpha.NewRouteTable(this, jsii.String("RouteTable"), &RouteTableProps{
	Vpc: myVpc,
})
subnet := awsec2alpha.NewSubnetV2(this, jsii.String("Subnet"), &SubnetV2Props{
	Vpc: myVpc,
	AvailabilityZone: jsii.String("eu-west-2a"),
	Ipv4CidrBlock: awsec2alpha.NewIpCidr(jsii.String("10.0.0.0/24")),
	SubnetType: awscdk.SubnetType_PUBLIC,
})

myVpc.AddInternetGateway()
myVpc.AddNatGateway(&NatGatewayOptions{
	Subnet: subnet,
	ConnectivityType: awsec2alpha.NatConnectivityType_PUBLIC,
})

Enable VPNGateway for the VPC

A virtual private gateway is the endpoint on the VPC side of your VPN connection.

For more information, see What is AWS Site-to-Site VPN?.

VPN route propagation is a feature in Amazon Web Services (AWS) that automatically updates route tables in your Virtual Private Cloud (VPC) with routes learned from a VPN connection.

To enable VPN route propagation, use the vpnRoutePropagation property to specify the subnets as an input to the function. VPN route propagation will then be enabled for each subnet with the corresponding route table IDs.

Additionally, you can set up a route in any route table with the target set to the VPN Gateway. The function enableVpnGatewayV2 returns a VPNGatewayV2 object that you can reference later.

The code example below provides the definition for setting up a VPN gateway with vpnRoutePropagation enabled:

stack := awscdk.Newstack()
myVpc := awsec2alpha.NewVpcV2(this, jsii.String("Vpc"))
vpnGateway := myVpc.EnableVpnGatewayV2(&VPNGatewayV2Options{
	VpnRoutePropagation: []SubnetSelection{
		&SubnetSelection{
			SubnetType: awscdk.SubnetType_PUBLIC,
		},
	},
	Type: awscdk.VpnConnectionType_IPSEC_1,
})

routeTable := awsec2alpha.NewRouteTable(stack, jsii.String("routeTable"), &RouteTableProps{
	Vpc: myVpc,
})

awsec2alpha.NewRoute(stack, jsii.String("route"), &RouteProps{
	Destination: jsii.String("172.31.0.0/24"),
	Target: map[string]iRouteTarget{
		"gateway": vpnGateway,
	},
	RouteTable: routeTable,
})

Adding InternetGateway to the VPC

An internet gateway is a horizontally scaled, redundant, and highly available VPC component that allows communication between your VPC and the internet. It supports both IPv4 and IPv6 traffic.

For more information, see Enable VPC internet access using internet gateways.

You can add an internet gateway to a VPC using addInternetGateway method. By default, this method creates a route in all Public Subnets with outbound destination set to 0.0.0.0 for IPv4 and ::0 for IPv6 enabled VPC. Instead of using the default settings, you can configure a custom destination range by providing an optional input destination to the method. In addition to the custom IP range, you can also choose to filter subnets where default routes should be created.

The code example below shows how to add an internet gateway with a custom outbound destination IP range:

stack := awscdk.Newstack()
myVpc := awsec2alpha.NewVpcV2(this, jsii.String("Vpc"))

subnet := awsec2alpha.NewSubnetV2(this, jsii.String("Subnet"), &SubnetV2Props{
	Vpc: myVpc,
	AvailabilityZone: jsii.String("eu-west-2a"),
	Ipv4CidrBlock: awsec2alpha.NewIpCidr(jsii.String("10.0.0.0/24")),
	SubnetType: awscdk.SubnetType_PUBLIC,
})

myVpc.AddInternetGateway(&InternetGatewayOptions{
	Ipv4Destination: jsii.String("192.168.0.0/16"),
})

The following code examples demonstrates how to add an internet gateway with a custom outbound destination IP range for specific subnets:

stack := awscdk.Newstack()
myVpc := awsec2alpha.NewVpcV2(this, jsii.String("Vpc"))

mySubnet := awsec2alpha.NewSubnetV2(this, jsii.String("Subnet"), &SubnetV2Props{
	Vpc: myVpc,
	AvailabilityZone: jsii.String("eu-west-2a"),
	Ipv4CidrBlock: awsec2alpha.NewIpCidr(jsii.String("10.0.0.0/24")),
	SubnetType: awscdk.SubnetType_PUBLIC,
})

myVpc.AddInternetGateway(&InternetGatewayOptions{
	Ipv4Destination: jsii.String("192.168.0.0/16"),
	Subnets: []SubnetSelection{
		mySubnet,
	},
})

stack := awscdk.Newstack()
myVpc := awsec2alpha.NewVpcV2(this, jsii.String("Vpc"))

myVpc.AddInternetGateway(&InternetGatewayOptions{
	Ipv4Destination: jsii.String("192.168.0.0/16"),
	Subnets: []SubnetSelection{
		&SubnetSelection{
			SubnetType: awscdk.SubnetType_PRIVATE_WITH_EGRESS,
		},
	},
})

Importing an existing VPC

You can import an existing VPC and its subnets using the VpcV2.fromVpcV2Attributes() method or an individual subnet using SubnetV2.fromSubnetV2Attributes() method.

Importing a VPC

To import an existing VPC, use the VpcV2.fromVpcV2Attributes() method. You'll need to provide the VPC ID, primary CIDR block, and information about the subnets. You can import secondary address as well created through IPAM, BYOIP(IPv4) or enabled through Amazon Provided IPv6. You must provide VPC Id and its primary CIDR block for importing it.

If you wish to add a new subnet to imported VPC, new subnet's IP range(IPv4) will be validated against provided secondary and primary address block to confirm that it is within the range of VPC.

Here's an example of importing a VPC with only the required parameters

stack := awscdk.Newstack()

importedVpc := awsec2alpha.VpcV2_FromVpcV2Attributes(stack, jsii.String("ImportedVpc"), &VpcV2Attributes{
	VpcId: jsii.String("mockVpcID"),
	VpcCidrBlock: jsii.String("10.0.0.0/16"),
})

In case of cross account or cross region VPC, its recommended to provide region and ownerAccountId so that these values for the VPC can be used to populate correct arn value for the VPC. If a VPC region and account ID is not provided, then region and account configured in the stack will be used. Furthermore, these fields will be referenced later while setting up VPC peering connection, so its necessary to set these fields to a correct value.

Below is an example of importing a cross region and cross account VPC, VPC arn for this case would be 'arn:aws:ec2:us-west-2:123456789012:vpc/mockVpcID'

stack := awscdk.Newstack()

//Importing a cross account or cross region VPC
importedVpc := awsec2alpha.VpcV2_FromVpcV2Attributes(stack, jsii.String("ImportedVpc"), &VpcV2Attributes{
	VpcId: jsii.String("mockVpcID"),
	VpcCidrBlock: jsii.String("10.0.0.0/16"),
	OwnerAccountId: jsii.String("123456789012"),
	Region: jsii.String("us-west-2"),
})

Here's an example of how to import a VPC with multiple CIDR blocks, IPv6 support, and different subnet types:

In this example, we're importing a VPC with:

  • A primary CIDR block (10.1.0.0/16)
  • One secondary IPv4 CIDR block (10.2.0.0/16)
  • Two secondary address using IPAM pool (IPv4 and IPv6)
  • VPC has Amazon-provided IPv6 CIDR enabled
  • An isolated subnet in us-west-2a
  • A public subnet in us-west-2b
stack := awscdk.Newstack()

importedVpc := awsec2alpha.VpcV2_FromVpcV2Attributes(this, jsii.String("ImportedVPC"), &VpcV2Attributes{
	VpcId: jsii.String("vpc-XXX"),
	VpcCidrBlock: jsii.String("10.1.0.0/16"),
	SecondaryCidrBlocks: []VPCCidrBlockattributes{
		&VPCCidrBlockattributes{
			CidrBlock: jsii.String("10.2.0.0/16"),
			CidrBlockName: jsii.String("ImportedBlock1"),
		},
		&VPCCidrBlockattributes{
			Ipv6IpamPoolId: jsii.String("ipam-pool-XXX"),
			Ipv6NetmaskLength: jsii.Number(52),
			CidrBlockName: jsii.String("ImportedIpamIpv6"),
		},
		&VPCCidrBlockattributes{
			Ipv4IpamPoolId: jsii.String("ipam-pool-XXX"),
			Ipv4IpamProvisionedCidrs: []*string{
				jsii.String("10.2.0.0/16"),
			},
			CidrBlockName: jsii.String("ImportedIpamIpv4"),
		},
		&VPCCidrBlockattributes{
			AmazonProvidedIpv6CidrBlock: jsii.Boolean(true),
		},
	},
	Subnets: []SubnetV2Attributes{
		&SubnetV2Attributes{
			SubnetName: jsii.String("IsolatedSubnet2"),
			SubnetId: jsii.String("subnet-03cd773c0fe08ed26"),
			SubnetType: awscdk.SubnetType_PRIVATE_ISOLATED,
			AvailabilityZone: jsii.String("us-west-2a"),
			Ipv4CidrBlock: jsii.String("10.2.0.0/24"),
			RouteTableId: jsii.String("rtb-0871c310f98da2cbb"),
		},
		&SubnetV2Attributes{
			SubnetId: jsii.String("subnet-0fa477e01db27d820"),
			SubnetType: awscdk.SubnetType_PUBLIC,
			AvailabilityZone: jsii.String("us-west-2b"),
			Ipv4CidrBlock: jsii.String("10.3.0.0/24"),
			RouteTableId: jsii.String("rtb-014f3043098fe4b96"),
		},
	},
})

// You can now use the imported VPC in your stack

// Adding a new subnet to the imported VPC
importedSubnet := awsec2alpha.NewSubnetV2(this, jsii.String("NewSubnet"), &SubnetV2Props{
	AvailabilityZone: jsii.String("us-west-2a"),
	Ipv4CidrBlock: awsec2alpha.NewIpCidr(jsii.String("10.2.2.0/24")),
	Vpc: importedVpc,
	SubnetType: awscdk.SubnetType_PUBLIC,
})

// Adding gateways to the imported VPC
importedVpc.AddInternetGateway()
importedVpc.AddNatGateway(&NatGatewayOptions{
	Subnet: importedSubnet,
})
importedVpc.AddEgressOnlyInternetGateway()

You can add more subnets as needed by including additional entries in the isolatedSubnets, publicSubnets, or other subnet type arrays (e.g., privateSubnets).

Importing Subnets

You can also import individual subnets using the SubnetV2.fromSubnetV2Attributes() method. This is useful when you need to work with specific subnets independently of a VPC.

Here's an example of how to import a subnet:

awsec2alpha.SubnetV2_FromSubnetV2Attributes(this, jsii.String("ImportedSubnet"), &SubnetV2Attributes{
	SubnetId: jsii.String("subnet-0123456789abcdef0"),
	AvailabilityZone: jsii.String("us-west-2a"),
	Ipv4CidrBlock: jsii.String("10.2.0.0/24"),
	RouteTableId: jsii.String("rtb-0871c310f98da2cbb"),
	SubnetType: awscdk.SubnetType_PRIVATE_ISOLATED,
})

By importing existing VPCs and subnets, you can easily integrate your existing AWS infrastructure with new resources created through CDK. This is particularly useful when you need to work with pre-existing network configurations or when you're migrating existing infrastructure to CDK.

Tagging VPC and its components

By default, when a resource name is given to the construct, it automatically adds a tag with the key Name and the value set to the provided resource name. To add additional custom tags, use the Tag Manager, like this: Tags.of(myConstruct).add('key', 'value');.

For example, if the vpcName is set to TestVpc, the following code will add a tag to the VPC with key: Name and value: TestVpc.

vpc := awsec2alpha.NewVpcV2(this, jsii.String("VPC-integ-test-tag"), &VpcV2Props{
	PrimaryAddressBlock: awsec2alpha.IpAddresses_Ipv4(jsii.String("10.1.0.0/16")),
	EnableDnsHostnames: jsii.Boolean(true),
	EnableDnsSupport: jsii.Boolean(true),
	VpcName: jsii.String("CDKintegTestVPC"),
})

// Add custom tags if needed
awscdk.Tags_Of(vpc).Add(jsii.String("Environment"), jsii.String("Production"))

Transit Gateway

The AWS Transit Gateway construct library allows you to create and configure Transit Gateway resources using AWS CDK.

See AWS Transit Gateway Docs for more info.

Overview

The Transit Gateway construct (TransitGateway) is the main entry point for creating and managing your Transit Gateway infrastructure. It provides methods to create route tables, attach VPCs, and configure cross-account access.

The Transit Gateway construct library provides four main constructs:

  • TransitGateway: The central hub for your network connections
  • TransitGatewayRouteTable: Manages routing between attached networks
  • TransitGatewayVpcAttachment: Connects VPCs to the Transit Gateway
  • TransitGatewayRoute: Defines routing rules within your Transit Gateway
Basic Usage

To create a minimal deployable TransitGateway:

transitGateway := awsec2alpha.NewTransitGateway(this, jsii.String("MyTransitGateway"))
Default Transit Gateway Route Table

By default, TransitGateway is created with a default TransitGatewayRouteTable, for which automatic Associations and automatic Propagations are enabled.

Note: When you create a default Transit Gateway in AWS Console, a default Transit Gateway Route Table is automatically created by AWS. However, when using the CDK Transit Gateway L2 construct, the underlying L1 construct is configured with defaultRouteTableAssociation and defaultRouteTablePropagation explicitly disabled. This ensures that AWS does not create the default route table, allowing the CDK to define a custom default route table instead.

As a result, in the AWS Console, the Default association route table and Default propagation route table settings will appear as disabled. Despite this, the CDK still provides automatic association and propagation functionality through its internal implementation, which can be controlled using the defaultRouteTableAssociation and defaultRouteTablePropagation properties within the CDK.

You can disable the automatic Association/Propagation on the default TransitGatewayRouteTable via the TransitGateway properties. This will still create a default route table for you:

transitGateway := awsec2alpha.NewTransitGateway(this, jsii.String("MyTransitGateway"), &TransitGatewayProps{
	DefaultRouteTableAssociation: jsii.Boolean(false),
	DefaultRouteTablePropagation: jsii.Boolean(false),
})
Transit Gateway Route Table Management

Add additional Transit Gateway Route Tables using the addRouteTable() method:

transitGateway := awsec2alpha.NewTransitGateway(this, jsii.String("MyTransitGateway"))

routeTable := transitGateway.addRouteTable(jsii.String("CustomRouteTable"))
Attaching VPCs to the Transit Gateway

Currently only VPC to Transit Gateway attachments are supported.

Create an attachment from a VPC to the Transit Gateway using the attachVpc() method:

myVpc := awsec2alpha.NewVpcV2(this, jsii.String("Vpc"))
subnet1 := awsec2alpha.NewSubnetV2(this, jsii.String("Subnet"), &SubnetV2Props{
	Vpc: myVpc,
	AvailabilityZone: jsii.String("eu-west-2a"),
	Ipv4CidrBlock: awsec2alpha.NewIpCidr(jsii.String("10.0.0.0/24")),
	SubnetType: awscdk.SubnetType_PUBLIC,
})

subnet2 := awsec2alpha.NewSubnetV2(this, jsii.String("Subnet"), &SubnetV2Props{
	Vpc: myVpc,
	AvailabilityZone: jsii.String("eu-west-2a"),
	Ipv4CidrBlock: awsec2alpha.NewIpCidr(jsii.String("10.0.1.0/24")),
	SubnetType: awscdk.SubnetType_PUBLIC,
})

transitGateway := awsec2alpha.NewTransitGateway(this, jsii.String("MyTransitGateway"))

// Create a basic attachment
attachment := transitGateway.attachVpc(jsii.String("VpcAttachment"), &AttachVpcOptions{
	Vpc: myVpc,
	Subnets: []ISubnet{
		subnet1,
		subnet2,
	},
})

// Create an attachment with optional parameters
attachmentWithOptions := transitGateway.attachVpc(jsii.String("VpcAttachmentWithOptions"), &AttachVpcOptions{
	Vpc: myVpc,
	Subnets: []ISubnet{
		subnet1,
	},
	VpcAttachmentOptions: map[string]*bool{
		"dnsSupport": jsii.Boolean(true),
		"applianceModeSupport": jsii.Boolean(true),
		"ipv6Support": jsii.Boolean(true),
		"securityGroupReferencingSupport": jsii.Boolean(true),
	},
})

If you want to automatically associate and propagate routes with transit gateway route tables, you can pass the associationRouteTable and propagationRouteTables parameters. This will automatically create the necessary associations and propagations based on the provided route tables.

myVpc := awsec2alpha.NewVpcV2(this, jsii.String("Vpc"))
subnet1 := awsec2alpha.NewSubnetV2(this, jsii.String("Subnet"), &SubnetV2Props{
	Vpc: myVpc,
	AvailabilityZone: jsii.String("eu-west-2a"),
	Ipv4CidrBlock: awsec2alpha.NewIpCidr(jsii.String("10.0.0.0/24")),
	SubnetType: awscdk.SubnetType_PUBLIC,
})

subnet2 := awsec2alpha.NewSubnetV2(this, jsii.String("Subnet"), &SubnetV2Props{
	Vpc: myVpc,
	AvailabilityZone: jsii.String("eu-west-2a"),
	Ipv4CidrBlock: awsec2alpha.NewIpCidr(jsii.String("10.0.1.0/24")),
	SubnetType: awscdk.SubnetType_PUBLIC,
})

transitGateway := awsec2alpha.NewTransitGateway(this, jsii.String("MyTransitGateway"))
associationRouteTable := transitGateway.addRouteTable(jsii.String("AssociationRouteTable"))
propagationRouteTable1 := transitGateway.addRouteTable(jsii.String("PropagationRouteTable1"))
propagationRouteTable2 := transitGateway.addRouteTable(jsii.String("PropagationRouteTable2"))

// Create an attachment with automatically created association + propagations
attachmentWithRoutes := transitGateway.attachVpc(jsii.String("VpcAttachment"), &AttachVpcOptions{
	Vpc: myVpc,
	Subnets: []ISubnet{
		subnet1,
		subnet2,
	},
	AssociationRouteTable: associationRouteTable,
	PropagationRouteTables: []ITransitGatewayRouteTable{
		propagationRouteTable1,
		propagationRouteTable2,
	},
})

In this example, the associationRouteTable is set to associationRouteTable, and propagationRouteTables is set to an array containing propagationRouteTable1 and propagationRouteTable2. This triggers the automatic creation of route table associations and route propagations between the Transit Gateway and the specified route tables.

Adding static routes to the route table

Add static routes using either the addRoute() method to add an active route or addBlackholeRoute() to add a blackhole route:

transitGateway := awsec2alpha.NewTransitGateway(this, jsii.String("MyTransitGateway"))
routeTable := transitGateway.addRouteTable(jsii.String("CustomRouteTable"))

myVpc := awsec2alpha.NewVpcV2(this, jsii.String("Vpc"))
subnet := awsec2alpha.NewSubnetV2(this, jsii.String("Subnet"), &SubnetV2Props{
	Vpc: myVpc,
	AvailabilityZone: jsii.String("eu-west-2a"),
	Ipv4CidrBlock: awsec2alpha.NewIpCidr(jsii.String("10.0.0.0/24")),
	SubnetType: awscdk.SubnetType_PUBLIC,
})

attachment := transitGateway.attachVpc(jsii.String("VpcAttachment"), &AttachVpcOptions{
	Vpc: myVpc,
	Subnets: []ISubnet{
		subnet,
	},
})

// Add a static route to direct traffic
routeTable.AddRoute(jsii.String("StaticRoute"), attachment, jsii.String("10.0.0.0/16"))

// Block unwanted traffic with a blackhole route
routeTable.AddBlackholeRoute(jsii.String("BlackholeRoute"), jsii.String("172.16.0.0/16"))
Route Table Associations and Propagations

Configure route table associations and enable route propagation:

transitGateway := awsec2alpha.NewTransitGateway(this, jsii.String("MyTransitGateway"))
routeTable := transitGateway.addRouteTable(jsii.String("CustomRouteTable"))
myVpc := awsec2alpha.NewVpcV2(this, jsii.String("Vpc"))
subnet := awsec2alpha.NewSubnetV2(this, jsii.String("Subnet"), &SubnetV2Props{
	Vpc: myVpc,
	AvailabilityZone: jsii.String("eu-west-2a"),
	Ipv4CidrBlock: awsec2alpha.NewIpCidr(jsii.String("10.0.0.0/24")),
	SubnetType: awscdk.SubnetType_PUBLIC,
})
attachment := transitGateway.attachVpc(jsii.String("VpcAttachment"), &AttachVpcOptions{
	Vpc: myVpc,
	Subnets: []ISubnet{
		subnet,
	},
})

// Associate an attachment with a route table
routeTable.AddAssociation(jsii.String("Association"), attachment)

// Enable route propagation for an attachment
routeTable.EnablePropagation(jsii.String("Propagation"), attachment)

Associations — The linking of a Transit Gateway attachment to a specific route table, which determines which routes that attachment will use for routing decisions.

Propagation — The automatic advertisement of routes from an attachment to a route table, allowing the route table to learn about available network destinations.

Documentation

Overview

The CDK construct library for VPC V2

Index

Constants

This section is empty.

Variables

This section is empty.

Functions

func EgressOnlyInternetGateway_IsConstruct 

func EgressOnlyInternetGateway_IsConstruct(x interface{}) *bool

Checks if `x` is a construct.

Use this method instead of `instanceof` to properly detect `Construct` instances, even when the construct library is symlinked.

Explanation: in JavaScript, multiple copies of the `constructs` library on disk are seen as independent, completely different libraries. As a consequence, the class `Construct` in each copy of the `constructs` library is seen as a different class, and an instance of one class will not test as `instanceof` the other class. `npm install` will not create installations like this, but users may manually symlink construct libraries together or use a monorepo tool: in those cases, multiple copies of the `constructs` library can be accidentally installed, and `instanceof` will behave unpredictably. It is safest to avoid using `instanceof`, and using this type-testing method instead.

Returns: true if `x` is an object created from a class which extends `Construct`. Experimental.

func EgressOnlyInternetGateway_IsOwnedResource 

func EgressOnlyInternetGateway_IsOwnedResource(construct constructs.IConstruct) *bool

Returns true if the construct was created by CDK, and false otherwise. Experimental.

func EgressOnlyInternetGateway_IsResource 

func EgressOnlyInternetGateway_IsResource(construct constructs.IConstruct) *bool

Check whether the given construct is a Resource. Experimental.

func EgressOnlyInternetGateway_PROPERTY_INJECTION_ID 

func EgressOnlyInternetGateway_PROPERTY_INJECTION_ID() *string

func InternetGateway_IsConstruct 

func InternetGateway_IsConstruct(x interface{}) *bool

Checks if `x` is a construct.

Use this method instead of `instanceof` to properly detect `Construct` instances, even when the construct library is symlinked.

Explanation: in JavaScript, multiple copies of the `constructs` library on disk are seen as independent, completely different libraries. As a consequence, the class `Construct` in each copy of the `constructs` library is seen as a different class, and an instance of one class will not test as `instanceof` the other class. `npm install` will not create installations like this, but users may manually symlink construct libraries together or use a monorepo tool: in those cases, multiple copies of the `constructs` library can be accidentally installed, and `instanceof` will behave unpredictably. It is safest to avoid using `instanceof`, and using this type-testing method instead.

Returns: true if `x` is an object created from a class which extends `Construct`. Experimental.

func InternetGateway_IsOwnedResource 

func InternetGateway_IsOwnedResource(construct constructs.IConstruct) *bool

Returns true if the construct was created by CDK, and false otherwise. Experimental.

func InternetGateway_IsResource 

func InternetGateway_IsResource(construct constructs.IConstruct) *bool

Check whether the given construct is a Resource. Experimental.

func InternetGateway_PROPERTY_INJECTION_ID 

func InternetGateway_PROPERTY_INJECTION_ID() *string

func Ipam_IsConstruct 

func Ipam_IsConstruct(x interface{}) *bool

Checks if `x` is a construct.

Use this method instead of `instanceof` to properly detect `Construct` instances, even when the construct library is symlinked.

Explanation: in JavaScript, multiple copies of the `constructs` library on disk are seen as independent, completely different libraries. As a consequence, the class `Construct` in each copy of the `constructs` library is seen as a different class, and an instance of one class will not test as `instanceof` the other class. `npm install` will not create installations like this, but users may manually symlink construct libraries together or use a monorepo tool: in those cases, multiple copies of the `constructs` library can be accidentally installed, and `instanceof` will behave unpredictably. It is safest to avoid using `instanceof`, and using this type-testing method instead.

Returns: true if `x` is an object created from a class which extends `Construct`. Experimental.

func Ipam_IsOwnedResource 

func Ipam_IsOwnedResource(construct constructs.IConstruct) *bool

Returns true if the construct was created by CDK, and false otherwise. Experimental.

func Ipam_IsResource 

func Ipam_IsResource(construct constructs.IConstruct) *bool

Check whether the given construct is a Resource. Experimental.

func Ipam_PROPERTY_INJECTION_ID 

func Ipam_PROPERTY_INJECTION_ID() *string

func NatGateway_IsConstruct 

func NatGateway_IsConstruct(x interface{}) *bool

Checks if `x` is a construct.

Use this method instead of `instanceof` to properly detect `Construct` instances, even when the construct library is symlinked.

Explanation: in JavaScript, multiple copies of the `constructs` library on disk are seen as independent, completely different libraries. As a consequence, the class `Construct` in each copy of the `constructs` library is seen as a different class, and an instance of one class will not test as `instanceof` the other class. `npm install` will not create installations like this, but users may manually symlink construct libraries together or use a monorepo tool: in those cases, multiple copies of the `constructs` library can be accidentally installed, and `instanceof` will behave unpredictably. It is safest to avoid using `instanceof`, and using this type-testing method instead.

Returns: true if `x` is an object created from a class which extends `Construct`. Experimental.

func NatGateway_IsOwnedResource 

func NatGateway_IsOwnedResource(construct constructs.IConstruct) *bool

Returns true if the construct was created by CDK, and false otherwise. Experimental.

func NatGateway_IsResource 

func NatGateway_IsResource(construct constructs.IConstruct) *bool

Check whether the given construct is a Resource. Experimental.

func NatGateway_PROPERTY_INJECTION_ID 

func NatGateway_PROPERTY_INJECTION_ID() *string

func NewEgressOnlyInternetGateway_Override 

func NewEgressOnlyInternetGateway_Override(e EgressOnlyInternetGateway, scope constructs.Construct, id *string, props *EgressOnlyInternetGatewayProps)

Experimental.

func NewInternetGateway_Override 

func NewInternetGateway_Override(i InternetGateway, scope constructs.Construct, id *string, props *InternetGatewayProps)

Experimental.

func NewIpAddresses_Override 

func NewIpAddresses_Override(i IpAddresses)

Experimental.

func NewIpCidr_Override 

func NewIpCidr_Override(i IpCidr, props *string)

Experimental.

func NewIpam_Override 

func NewIpam_Override(i Ipam, scope constructs.Construct, id *string, props *IpamProps)

Experimental.

func NewNatGateway_Override 

func NewNatGateway_Override(n NatGateway, scope constructs.Construct, id *string, props *NatGatewayProps)

Experimental.

func NewRouteTable_Override 

func NewRouteTable_Override(r RouteTable, scope constructs.Construct, id *string, props *RouteTableProps)

Experimental.

func NewRouteTargetType_Override 

func NewRouteTargetType_Override(r RouteTargetType, props *RouteTargetProps)

Experimental.

func NewRoute_Override 

func NewRoute_Override(r Route, scope constructs.Construct, id *string, props *RouteProps)

Experimental.

func NewSubnetV2_Override 

func NewSubnetV2_Override(s SubnetV2, scope constructs.Construct, id *string, props *SubnetV2Props)

Constructs a new SubnetV2 instance. Experimental.

func NewTransitGatewayBlackholeRoute_Override 

func NewTransitGatewayBlackholeRoute_Override(t TransitGatewayBlackholeRoute, scope constructs.Construct, id *string, props *TransitGatewayBlackholeRouteProps)

Experimental.

func NewTransitGatewayRouteTableAssociation_Override 

func NewTransitGatewayRouteTableAssociation_Override(t TransitGatewayRouteTableAssociation, scope constructs.Construct, id *string, props *TransitGatewayRouteTableAssociationProps)

Experimental.

func NewTransitGatewayRouteTablePropagation_Override 

func NewTransitGatewayRouteTablePropagation_Override(t TransitGatewayRouteTablePropagation, scope constructs.Construct, id *string, props *TransitGatewayRouteTablePropagationProps)

Experimental.

func NewTransitGatewayRouteTable_Override 

func NewTransitGatewayRouteTable_Override(t TransitGatewayRouteTable, scope constructs.Construct, id *string, props *TransitGatewayRouteTableProps)

Experimental.

func NewTransitGatewayRoute_Override 

func NewTransitGatewayRoute_Override(t TransitGatewayRoute, scope constructs.Construct, id *string, props *TransitGatewayRouteProps)

Experimental.

func NewTransitGatewayVpcAttachment_Override 

func NewTransitGatewayVpcAttachment_Override(t TransitGatewayVpcAttachment, scope constructs.Construct, id *string, props *TransitGatewayVpcAttachmentProps)

Experimental.

func NewTransitGateway_Override 

func NewTransitGateway_Override(t TransitGateway, scope constructs.Construct, id *string, props *TransitGatewayProps)

Experimental.

func NewVPCPeeringConnection_Override 

func NewVPCPeeringConnection_Override(v VPCPeeringConnection, scope constructs.Construct, id *string, props *VPCPeeringConnectionProps)

Experimental.

func NewVPNGatewayV2_Override 

func NewVPNGatewayV2_Override(v VPNGatewayV2, scope constructs.Construct, id *string, props *VPNGatewayV2Props)

Experimental.

func NewVpcV2Base_Override 

func NewVpcV2Base_Override(v VpcV2Base, scope constructs.Construct, id *string, props *awscdk.ResourceProps)

Experimental.

func NewVpcV2_Override 

func NewVpcV2_Override(v VpcV2, scope constructs.Construct, id *string, props *VpcV2Props)

Experimental.

func RouteTable_IsConstruct 

func RouteTable_IsConstruct(x interface{}) *bool

Checks if `x` is a construct.

Use this method instead of `instanceof` to properly detect `Construct` instances, even when the construct library is symlinked.

Explanation: in JavaScript, multiple copies of the `constructs` library on disk are seen as independent, completely different libraries. As a consequence, the class `Construct` in each copy of the `constructs` library is seen as a different class, and an instance of one class will not test as `instanceof` the other class. `npm install` will not create installations like this, but users may manually symlink construct libraries together or use a monorepo tool: in those cases, multiple copies of the `constructs` library can be accidentally installed, and `instanceof` will behave unpredictably. It is safest to avoid using `instanceof`, and using this type-testing method instead.

Returns: true if `x` is an object created from a class which extends `Construct`. Experimental.

func RouteTable_IsOwnedResource 

func RouteTable_IsOwnedResource(construct constructs.IConstruct) *bool

Returns true if the construct was created by CDK, and false otherwise. Experimental.

func RouteTable_IsResource 

func RouteTable_IsResource(construct constructs.IConstruct) *bool

Check whether the given construct is a Resource. Experimental.

func RouteTable_PROPERTY_INJECTION_ID 

func RouteTable_PROPERTY_INJECTION_ID() *string

func Route_IsConstruct 

func Route_IsConstruct(x interface{}) *bool

Checks if `x` is a construct.

Use this method instead of `instanceof` to properly detect `Construct` instances, even when the construct library is symlinked.

Explanation: in JavaScript, multiple copies of the `constructs` library on disk are seen as independent, completely different libraries. As a consequence, the class `Construct` in each copy of the `constructs` library is seen as a different class, and an instance of one class will not test as `instanceof` the other class. `npm install` will not create installations like this, but users may manually symlink construct libraries together or use a monorepo tool: in those cases, multiple copies of the `constructs` library can be accidentally installed, and `instanceof` will behave unpredictably. It is safest to avoid using `instanceof`, and using this type-testing method instead.

Returns: true if `x` is an object created from a class which extends `Construct`. Experimental.

func Route_IsOwnedResource 

func Route_IsOwnedResource(construct constructs.IConstruct) *bool

Returns true if the construct was created by CDK, and false otherwise. Experimental.

func Route_IsResource 

func Route_IsResource(construct constructs.IConstruct) *bool

Check whether the given construct is a Resource. Experimental.

func Route_PROPERTY_INJECTION_ID 

func Route_PROPERTY_INJECTION_ID() *string

func SubnetV2_IsConstruct 

func SubnetV2_IsConstruct(x interface{}) *bool

Checks if `x` is a construct.

Use this method instead of `instanceof` to properly detect `Construct` instances, even when the construct library is symlinked.

Explanation: in JavaScript, multiple copies of the `constructs` library on disk are seen as independent, completely different libraries. As a consequence, the class `Construct` in each copy of the `constructs` library is seen as a different class, and an instance of one class will not test as `instanceof` the other class. `npm install` will not create installations like this, but users may manually symlink construct libraries together or use a monorepo tool: in those cases, multiple copies of the `constructs` library can be accidentally installed, and `instanceof` will behave unpredictably. It is safest to avoid using `instanceof`, and using this type-testing method instead.

Returns: true if `x` is an object created from a class which extends `Construct`. Experimental.

func SubnetV2_IsOwnedResource 

func SubnetV2_IsOwnedResource(construct constructs.IConstruct) *bool

Returns true if the construct was created by CDK, and false otherwise. Experimental.

func SubnetV2_IsResource 

func SubnetV2_IsResource(construct constructs.IConstruct) *bool

Check whether the given construct is a Resource. Experimental.

func SubnetV2_PROPERTY_INJECTION_ID 

func SubnetV2_PROPERTY_INJECTION_ID() *string

func TransitGatewayBlackholeRoute_IsConstruct 

func TransitGatewayBlackholeRoute_IsConstruct(x interface{}) *bool

Checks if `x` is a construct.

Use this method instead of `instanceof` to properly detect `Construct` instances, even when the construct library is symlinked.

Explanation: in JavaScript, multiple copies of the `constructs` library on disk are seen as independent, completely different libraries. As a consequence, the class `Construct` in each copy of the `constructs` library is seen as a different class, and an instance of one class will not test as `instanceof` the other class. `npm install` will not create installations like this, but users may manually symlink construct libraries together or use a monorepo tool: in those cases, multiple copies of the `constructs` library can be accidentally installed, and `instanceof` will behave unpredictably. It is safest to avoid using `instanceof`, and using this type-testing method instead.

Returns: true if `x` is an object created from a class which extends `Construct`. Experimental.

func TransitGatewayBlackholeRoute_IsOwnedResource 

func TransitGatewayBlackholeRoute_IsOwnedResource(construct constructs.IConstruct) *bool

Returns true if the construct was created by CDK, and false otherwise. Experimental.

func TransitGatewayBlackholeRoute_IsResource 

func TransitGatewayBlackholeRoute_IsResource(construct constructs.IConstruct) *bool

Check whether the given construct is a Resource. Experimental.

func TransitGatewayBlackholeRoute_PROPERTY_INJECTION_ID 

func TransitGatewayBlackholeRoute_PROPERTY_INJECTION_ID() *string

func TransitGatewayRouteTableAssociation_IsConstruct 

func TransitGatewayRouteTableAssociation_IsConstruct(x interface{}) *bool

Checks if `x` is a construct.

Use this method instead of `instanceof` to properly detect `Construct` instances, even when the construct library is symlinked.

Explanation: in JavaScript, multiple copies of the `constructs` library on disk are seen as independent, completely different libraries. As a consequence, the class `Construct` in each copy of the `constructs` library is seen as a different class, and an instance of one class will not test as `instanceof` the other class. `npm install` will not create installations like this, but users may manually symlink construct libraries together or use a monorepo tool: in those cases, multiple copies of the `constructs` library can be accidentally installed, and `instanceof` will behave unpredictably. It is safest to avoid using `instanceof`, and using this type-testing method instead.

Returns: true if `x` is an object created from a class which extends `Construct`. Experimental.

func TransitGatewayRouteTableAssociation_IsOwnedResource 

func TransitGatewayRouteTableAssociation_IsOwnedResource(construct constructs.IConstruct) *bool

Returns true if the construct was created by CDK, and false otherwise. Experimental.

func TransitGatewayRouteTableAssociation_IsResource 

func TransitGatewayRouteTableAssociation_IsResource(construct constructs.IConstruct) *bool

Check whether the given construct is a Resource. Experimental.

func TransitGatewayRouteTableAssociation_PROPERTY_INJECTION_ID 

func TransitGatewayRouteTableAssociation_PROPERTY_INJECTION_ID() *string

func TransitGatewayRouteTablePropagation_IsConstruct 

func TransitGatewayRouteTablePropagation_IsConstruct(x interface{}) *bool

Checks if `x` is a construct.

Use this method instead of `instanceof` to properly detect `Construct` instances, even when the construct library is symlinked.

Explanation: in JavaScript, multiple copies of the `constructs` library on disk are seen as independent, completely different libraries. As a consequence, the class `Construct` in each copy of the `constructs` library is seen as a different class, and an instance of one class will not test as `instanceof` the other class. `npm install` will not create installations like this, but users may manually symlink construct libraries together or use a monorepo tool: in those cases, multiple copies of the `constructs` library can be accidentally installed, and `instanceof` will behave unpredictably. It is safest to avoid using `instanceof`, and using this type-testing method instead.

Returns: true if `x` is an object created from a class which extends `Construct`. Experimental.

func TransitGatewayRouteTablePropagation_IsOwnedResource 

func TransitGatewayRouteTablePropagation_IsOwnedResource(construct constructs.IConstruct) *bool

Returns true if the construct was created by CDK, and false otherwise. Experimental.

func TransitGatewayRouteTablePropagation_IsResource 

func TransitGatewayRouteTablePropagation_IsResource(construct constructs.IConstruct) *bool

Check whether the given construct is a Resource. Experimental.

func TransitGatewayRouteTablePropagation_PROPERTY_INJECTION_ID 

func TransitGatewayRouteTablePropagation_PROPERTY_INJECTION_ID() *string

func TransitGatewayRouteTable_IsConstruct 

func TransitGatewayRouteTable_IsConstruct(x interface{}) *bool

Checks if `x` is a construct.

Use this method instead of `instanceof` to properly detect `Construct` instances, even when the construct library is symlinked.

Explanation: in JavaScript, multiple copies of the `constructs` library on disk are seen as independent, completely different libraries. As a consequence, the class `Construct` in each copy of the `constructs` library is seen as a different class, and an instance of one class will not test as `instanceof` the other class. `npm install` will not create installations like this, but users may manually symlink construct libraries together or use a monorepo tool: in those cases, multiple copies of the `constructs` library can be accidentally installed, and `instanceof` will behave unpredictably. It is safest to avoid using `instanceof`, and using this type-testing method instead.

Returns: true if `x` is an object created from a class which extends `Construct`. Experimental.

func TransitGatewayRouteTable_IsOwnedResource 

func TransitGatewayRouteTable_IsOwnedResource(construct constructs.IConstruct) *bool

Returns true if the construct was created by CDK, and false otherwise. Experimental.

func TransitGatewayRouteTable_IsResource 

func TransitGatewayRouteTable_IsResource(construct constructs.IConstruct) *bool

Check whether the given construct is a Resource. Experimental.

func TransitGatewayRouteTable_PROPERTY_INJECTION_ID 

func TransitGatewayRouteTable_PROPERTY_INJECTION_ID() *string

func TransitGatewayRoute_IsConstruct 

func TransitGatewayRoute_IsConstruct(x interface{}) *bool

Checks if `x` is a construct.

Use this method instead of `instanceof` to properly detect `Construct` instances, even when the construct library is symlinked.

Explanation: in JavaScript, multiple copies of the `constructs` library on disk are seen as independent, completely different libraries. As a consequence, the class `Construct` in each copy of the `constructs` library is seen as a different class, and an instance of one class will not test as `instanceof` the other class. `npm install` will not create installations like this, but users may manually symlink construct libraries together or use a monorepo tool: in those cases, multiple copies of the `constructs` library can be accidentally installed, and `instanceof` will behave unpredictably. It is safest to avoid using `instanceof`, and using this type-testing method instead.

Returns: true if `x` is an object created from a class which extends `Construct`. Experimental.

func TransitGatewayRoute_IsOwnedResource 

func TransitGatewayRoute_IsOwnedResource(construct constructs.IConstruct) *bool

Returns true if the construct was created by CDK, and false otherwise. Experimental.

func TransitGatewayRoute_IsResource 

func TransitGatewayRoute_IsResource(construct constructs.IConstruct) *bool

Check whether the given construct is a Resource. Experimental.

func TransitGatewayRoute_PROPERTY_INJECTION_ID 

func TransitGatewayRoute_PROPERTY_INJECTION_ID() *string

func TransitGatewayVpcAttachment_IsConstruct 

func TransitGatewayVpcAttachment_IsConstruct(x interface{}) *bool

Checks if `x` is a construct.

Use this method instead of `instanceof` to properly detect `Construct` instances, even when the construct library is symlinked.

Explanation: in JavaScript, multiple copies of the `constructs` library on disk are seen as independent, completely different libraries. As a consequence, the class `Construct` in each copy of the `constructs` library is seen as a different class, and an instance of one class will not test as `instanceof` the other class. `npm install` will not create installations like this, but users may manually symlink construct libraries together or use a monorepo tool: in those cases, multiple copies of the `constructs` library can be accidentally installed, and `instanceof` will behave unpredictably. It is safest to avoid using `instanceof`, and using this type-testing method instead.

Returns: true if `x` is an object created from a class which extends `Construct`. Experimental.

func TransitGatewayVpcAttachment_IsOwnedResource 

func TransitGatewayVpcAttachment_IsOwnedResource(construct constructs.IConstruct) *bool

Returns true if the construct was created by CDK, and false otherwise. Experimental.

func TransitGatewayVpcAttachment_IsResource 

func TransitGatewayVpcAttachment_IsResource(construct constructs.IConstruct) *bool

Check whether the given construct is a Resource. Experimental.

func TransitGatewayVpcAttachment_PROPERTY_INJECTION_ID 

func TransitGatewayVpcAttachment_PROPERTY_INJECTION_ID() *string

func TransitGateway_IsConstruct 

func TransitGateway_IsConstruct(x interface{}) *bool

Checks if `x` is a construct.

Use this method instead of `instanceof` to properly detect `Construct` instances, even when the construct library is symlinked.

Explanation: in JavaScript, multiple copies of the `constructs` library on disk are seen as independent, completely different libraries. As a consequence, the class `Construct` in each copy of the `constructs` library is seen as a different class, and an instance of one class will not test as `instanceof` the other class. `npm install` will not create installations like this, but users may manually symlink construct libraries together or use a monorepo tool: in those cases, multiple copies of the `constructs` library can be accidentally installed, and `instanceof` will behave unpredictably. It is safest to avoid using `instanceof`, and using this type-testing method instead.

Returns: true if `x` is an object created from a class which extends `Construct`. Experimental.

func TransitGateway_IsOwnedResource 

func TransitGateway_IsOwnedResource(construct constructs.IConstruct) *bool

Returns true if the construct was created by CDK, and false otherwise. Experimental.

func TransitGateway_IsResource 

func TransitGateway_IsResource(construct constructs.IConstruct) *bool

Check whether the given construct is a Resource. Experimental.

func TransitGateway_PROPERTY_INJECTION_ID 

func TransitGateway_PROPERTY_INJECTION_ID() *string

func VPCPeeringConnection_IsConstruct 

func VPCPeeringConnection_IsConstruct(x interface{}) *bool

Checks if `x` is a construct.

Use this method instead of `instanceof` to properly detect `Construct` instances, even when the construct library is symlinked.

Explanation: in JavaScript, multiple copies of the `constructs` library on disk are seen as independent, completely different libraries. As a consequence, the class `Construct` in each copy of the `constructs` library is seen as a different class, and an instance of one class will not test as `instanceof` the other class. `npm install` will not create installations like this, but users may manually symlink construct libraries together or use a monorepo tool: in those cases, multiple copies of the `constructs` library can be accidentally installed, and `instanceof` will behave unpredictably. It is safest to avoid using `instanceof`, and using this type-testing method instead.

Returns: true if `x` is an object created from a class which extends `Construct`. Experimental.

func VPCPeeringConnection_IsOwnedResource 

func VPCPeeringConnection_IsOwnedResource(construct constructs.IConstruct) *bool

Returns true if the construct was created by CDK, and false otherwise. Experimental.

func VPCPeeringConnection_IsResource 

func VPCPeeringConnection_IsResource(construct constructs.IConstruct) *bool

Check whether the given construct is a Resource. Experimental.

func VPCPeeringConnection_PROPERTY_INJECTION_ID 

func VPCPeeringConnection_PROPERTY_INJECTION_ID() *string

func VPNGatewayV2_IsConstruct 

func VPNGatewayV2_IsConstruct(x interface{}) *bool

Checks if `x` is a construct.

Use this method instead of `instanceof` to properly detect `Construct` instances, even when the construct library is symlinked.

Explanation: in JavaScript, multiple copies of the `constructs` library on disk are seen as independent, completely different libraries. As a consequence, the class `Construct` in each copy of the `constructs` library is seen as a different class, and an instance of one class will not test as `instanceof` the other class. `npm install` will not create installations like this, but users may manually symlink construct libraries together or use a monorepo tool: in those cases, multiple copies of the `constructs` library can be accidentally installed, and `instanceof` will behave unpredictably. It is safest to avoid using `instanceof`, and using this type-testing method instead.

Returns: true if `x` is an object created from a class which extends `Construct`. Experimental.

func VPNGatewayV2_IsOwnedResource 

func VPNGatewayV2_IsOwnedResource(construct constructs.IConstruct) *bool

Returns true if the construct was created by CDK, and false otherwise. Experimental.

func VPNGatewayV2_IsResource 

func VPNGatewayV2_IsResource(construct constructs.IConstruct) *bool

Check whether the given construct is a Resource. Experimental.

func VPNGatewayV2_PROPERTY_INJECTION_ID 

func VPNGatewayV2_PROPERTY_INJECTION_ID() *string

func VpcV2Base_IsConstruct 

func VpcV2Base_IsConstruct(x interface{}) *bool

Checks if `x` is a construct.

Use this method instead of `instanceof` to properly detect `Construct` instances, even when the construct library is symlinked.

Explanation: in JavaScript, multiple copies of the `constructs` library on disk are seen as independent, completely different libraries. As a consequence, the class `Construct` in each copy of the `constructs` library is seen as a different class, and an instance of one class will not test as `instanceof` the other class. `npm install` will not create installations like this, but users may manually symlink construct libraries together or use a monorepo tool: in those cases, multiple copies of the `constructs` library can be accidentally installed, and `instanceof` will behave unpredictably. It is safest to avoid using `instanceof`, and using this type-testing method instead.

Returns: true if `x` is an object created from a class which extends `Construct`. Experimental.

func VpcV2Base_IsOwnedResource 

func VpcV2Base_IsOwnedResource(construct constructs.IConstruct) *bool

Returns true if the construct was created by CDK, and false otherwise. Experimental.

func VpcV2Base_IsResource 

func VpcV2Base_IsResource(construct constructs.IConstruct) *bool

Check whether the given construct is a Resource. Experimental.

func VpcV2_IsConstruct 

func VpcV2_IsConstruct(x interface{}) *bool

Checks if `x` is a construct.

Use this method instead of `instanceof` to properly detect `Construct` instances, even when the construct library is symlinked.

Explanation: in JavaScript, multiple copies of the `constructs` library on disk are seen as independent, completely different libraries. As a consequence, the class `Construct` in each copy of the `constructs` library is seen as a different class, and an instance of one class will not test as `instanceof` the other class. `npm install` will not create installations like this, but users may manually symlink construct libraries together or use a monorepo tool: in those cases, multiple copies of the `constructs` library can be accidentally installed, and `instanceof` will behave unpredictably. It is safest to avoid using `instanceof`, and using this type-testing method instead.

Returns: true if `x` is an object created from a class which extends `Construct`. Experimental.

func VpcV2_IsOwnedResource 

func VpcV2_IsOwnedResource(construct constructs.IConstruct) *bool

Returns true if the construct was created by CDK, and false otherwise. Experimental.

func VpcV2_IsResource 

func VpcV2_IsResource(construct constructs.IConstruct) *bool

Check whether the given construct is a Resource. Experimental.

func VpcV2_PROPERTY_INJECTION_ID 

func VpcV2_PROPERTY_INJECTION_ID() *string

Types

type AddressFamily 

type AddressFamily string

Represents the address family for IP addresses in an IPAM pool.

IP_V4 - Represents the IPv4 address family. IP_V6 - Represents the IPv6 address family.

Example: 

stack := awscdk.Newstack()
ipam := awsec2alpha.NewIpam(this, jsii.String("Ipam"), &IpamProps{
	OperatingRegions: []*string{
		jsii.String("us-west-1"),
	},
})
ipamPublicPool := ipam.PublicScope.AddPool(jsii.String("PublicPoolA"), &PoolOptions{
	AddressFamily: awsec2alpha.AddressFamily_IP_V6,
	AwsService: awsec2alpha.AwsServiceName_EC2,
	Locale: jsii.String("us-west-1"),
	PublicIpSource: awsec2alpha.IpamPoolPublicIpSource_AMAZON,
})
ipamPublicPool.ProvisionCidr(jsii.String("PublicPoolACidrA"), &IpamPoolCidrProvisioningOptions{
	NetmaskLength: jsii.Number(52),
})

ipamPrivatePool := ipam.PrivateScope.AddPool(jsii.String("PrivatePoolA"), &PoolOptions{
	AddressFamily: awsec2alpha.AddressFamily_IP_V4,
})
ipamPrivatePool.ProvisionCidr(jsii.String("PrivatePoolACidrA"), &IpamPoolCidrProvisioningOptions{
	NetmaskLength: jsii.Number(8),
})

awsec2alpha.NewVpcV2(this, jsii.String("Vpc"), &VpcV2Props{
	PrimaryAddressBlock: awsec2alpha.IpAddresses_Ipv4(jsii.String("10.0.0.0/24")),
	SecondaryAddressBlocks: []IIpAddresses{
		awsec2alpha.IpAddresses_AmazonProvidedIpv6(&SecondaryAddressProps{
			CidrBlockName: jsii.String("AmazonIpv6"),
		}),
		awsec2alpha.IpAddresses_Ipv6Ipam(&IpamOptions{
			IpamPool: ipamPublicPool,
			NetmaskLength: jsii.Number(52),
			CidrBlockName: jsii.String("ipv6Ipam"),
		}),
		awsec2alpha.IpAddresses_Ipv4Ipam(&IpamOptions{
			IpamPool: ipamPrivatePool,
			NetmaskLength: jsii.Number(8),
			CidrBlockName: jsii.String("ipv4Ipam"),
		}),
	},
})

See: https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ec2-ipampool.html#cfn-ec2-ipampool-addressfamily

Experimental. 

const (
	// Represents the IPv4 address family.
	//
	// Allowed under public and private pool.
	// Experimental.
	AddressFamily_IP_V4 AddressFamily = "IP_V4"
	// Represents the IPv6 address family.
	//
	// Only allowed under public pool.
	// Experimental.
	AddressFamily_IP_V6 AddressFamily = "IP_V6"
)

type AttachVpcOptions 

type AttachVpcOptions struct {
	// A list of one or more subnets to place the attachment in.
	//
	// It is recommended to specify more subnets for better availability.
	// Experimental.
	Subnets *[]awsec2.ISubnet `field:"required" json:"subnets" yaml:"subnets"`
	// A VPC attachment(s) will get assigned to.
	// Experimental.
	Vpc awsec2.IVpc `field:"required" json:"vpc" yaml:"vpc"`
	// An optional route table to associate with this VPC attachment.
	// Default: - No associations will be created unless it is for the default route table and automatic association is enabled.
	//
	// Experimental.
	AssociationRouteTable ITransitGatewayRouteTable `field:"optional" json:"associationRouteTable" yaml:"associationRouteTable"`
	// A list of optional route tables to propagate routes to.
	// Default: - No propagations will be created unless it is for the default route table and automatic propagation is enabled.
	//
	// Experimental.
	PropagationRouteTables *[]ITransitGatewayRouteTable `field:"optional" json:"propagationRouteTables" yaml:"propagationRouteTables"`
	// Physical name of this Transit Gateway VPC Attachment.
	// Default: - Assigned by CloudFormation.
	//
	// Experimental.
	TransitGatewayAttachmentName *string `field:"optional" json:"transitGatewayAttachmentName" yaml:"transitGatewayAttachmentName"`
	// The VPC attachment options.
	// Default: - All options are disabled.
	//
	// Experimental.
	VpcAttachmentOptions ITransitGatewayVpcAttachmentOptions `field:"optional" json:"vpcAttachmentOptions" yaml:"vpcAttachmentOptions"`
}

Options for creating an Attachment via the attachVpc() method.

Example: 

transitGateway := awsec2alpha.NewTransitGateway(this, jsii.String("MyTransitGateway"))
routeTable := transitGateway.addRouteTable(jsii.String("CustomRouteTable"))

myVpc := awsec2alpha.NewVpcV2(this, jsii.String("Vpc"))
subnet := awsec2alpha.NewSubnetV2(this, jsii.String("Subnet"), &SubnetV2Props{
	Vpc: myVpc,
	AvailabilityZone: jsii.String("eu-west-2a"),
	Ipv4CidrBlock: awsec2alpha.NewIpCidr(jsii.String("10.0.0.0/24")),
	SubnetType: awscdk.SubnetType_PUBLIC,
})

attachment := transitGateway.attachVpc(jsii.String("VpcAttachment"), &AttachVpcOptions{
	Vpc: myVpc,
	Subnets: []ISubnet{
		subnet,
	},
})

// Add a static route to direct traffic
routeTable.AddRoute(jsii.String("StaticRoute"), attachment, jsii.String("10.0.0.0/16"))

// Block unwanted traffic with a blackhole route
routeTable.AddBlackholeRoute(jsii.String("BlackholeRoute"), jsii.String("172.16.0.0/16"))

Experimental.

type AwsServiceName 

type AwsServiceName string

Limits which service in AWS that the pool can be used in. Experimental. 

const (
	// Allows users to use space for Elastic IP addresses and VPCs.
	// Experimental.
	AwsServiceName_EC2 AwsServiceName = "EC2"
)

type BaseTransitGatewayRouteProps 

type BaseTransitGatewayRouteProps struct {
	// The destination CIDR block for this route.
	//
	// Destination Cidr cannot overlap for static routes but is allowed for propagated routes.
	// When overlapping occurs, static routes take precedence over propagated routes.
	// Experimental.
	DestinationCidrBlock *string `field:"required" json:"destinationCidrBlock" yaml:"destinationCidrBlock"`
	// The transit gateway route table you want to install this route into.
	// Experimental.
	TransitGatewayRouteTable ITransitGatewayRouteTable `field:"required" json:"transitGatewayRouteTable" yaml:"transitGatewayRouteTable"`
	// Physical name of this Transit Gateway Route.
	// Default: - Assigned by CloudFormation.
	//
	// Experimental.
	TransitGatewayRouteName *string `field:"optional" json:"transitGatewayRouteName" yaml:"transitGatewayRouteName"`
}

Common properties for a Transit Gateway Route.

Example: 

// The code below shows an example of how to instantiate this type.
// The values are placeholders you should change.
import ec2_alpha "github.com/aws/aws-cdk-go/awsec2alpha"

var transitGatewayRouteTable TransitGatewayRouteTable

baseTransitGatewayRouteProps := &BaseTransitGatewayRouteProps{
	DestinationCidrBlock: jsii.String("destinationCidrBlock"),
	TransitGatewayRouteTable: transitGatewayRouteTable,

	// the properties below are optional
	TransitGatewayRouteName: jsii.String("transitGatewayRouteName"),
}

Experimental.

type EgressOnlyInternetGateway 

type EgressOnlyInternetGateway interface {
	awscdk.Resource
	IRouteTarget
	// The environment this resource belongs to.
	//
	// For resources that are created and managed in a Stack (those created by
	// creating new class instances like `new Role()`, `new Bucket()`, etc.), this
	// is always the same as the environment of the stack they belong to.
	//
	// For referenced resources (those obtained from referencing methods like
	// `Role.fromRoleArn()`, `Bucket.fromBucketName()`, etc.), they might be
	// different than the stack they were imported into.
	// Experimental.
	Env() *interfaces.ResourceEnvironment
	// The tree node.
	// Experimental.
	Node() constructs.Node
	// Returns a string-encoded token that resolves to the physical name that should be passed to the CloudFormation resource.
	//
	// This value will resolve to one of the following:
	// - a concrete value (e.g. `"my-awesome-bucket"`)
	// - `undefined`, when a name should be generated by CloudFormation
	// - a concrete name generated automatically during synthesis, in
	//   cross-environment scenarios.
	// Experimental.
	PhysicalName() *string
	// The egress-only internet gateway CFN resource.
	// Experimental.
	Resource() awsec2.CfnEgressOnlyInternetGateway
	// The ID of the route target.
	// Experimental.
	RouterTargetId() *string
	// The type of router used in the route.
	// Experimental.
	RouterType() awsec2.RouterType
	// The stack in which this resource is defined.
	// Experimental.
	Stack() awscdk.Stack
	// Apply the given removal policy to this resource.
	//
	// The Removal Policy controls what happens to this resource when it stops
	// being managed by CloudFormation, either because you've removed it from the
	// CDK application or because you've made a change that requires the resource
	// to be replaced.
	//
	// The resource can be deleted (`RemovalPolicy.DESTROY`), or left in your AWS
	// account for data recovery and cleanup later (`RemovalPolicy.RETAIN`).
	// Experimental.
	ApplyRemovalPolicy(policy awscdk.RemovalPolicy)
	// Experimental.
	GeneratePhysicalName() *string
	// Returns an environment-sensitive token that should be used for the resource's "ARN" attribute (e.g. `bucket.bucketArn`).
	//
	// Normally, this token will resolve to `arnAttr`, but if the resource is
	// referenced across environments, `arnComponents` will be used to synthesize
	// a concrete ARN with the resource's physical name. Make sure to reference
	// `this.physicalName` in `arnComponents`.
	// Experimental.
	GetResourceArnAttribute(arnAttr *string, arnComponents *awscdk.ArnComponents) *string
	// Returns an environment-sensitive token that should be used for the resource's "name" attribute (e.g. `bucket.bucketName`).
	//
	// Normally, this token will resolve to `nameAttr`, but if the resource is
	// referenced across environments, it will be resolved to `this.physicalName`,
	// which will be a concrete name.
	// Experimental.
	GetResourceNameAttribute(nameAttr *string) *string
	// Returns a string representation of this construct.
	// Experimental.
	ToString() *string
	// Applies one or more mixins to this construct.
	//
	// Mixins are applied in order. The list of constructs is captured at the
	// start of the call, so constructs added by a mixin will not be visited.
	// Use multiple `with()` calls if subsequent mixins should apply to added
	// constructs.
	// Experimental.
	With(mixins ...constructs.IMixin) constructs.IConstruct
}

Creates an egress-only internet gateway.

Example: 

stack := awscdk.Newstack()
myVpc := awsec2alpha.NewVpcV2(this, jsii.String("Vpc"), &VpcV2Props{
	PrimaryAddressBlock: awsec2alpha.IpAddresses_Ipv4(jsii.String("10.1.0.0/16")),
	SecondaryAddressBlocks: []IIpAddresses{
		awsec2alpha.IpAddresses_AmazonProvidedIpv6(&SecondaryAddressProps{
			CidrBlockName: jsii.String("AmazonProvided"),
		}),
	},
})

eigw := awsec2alpha.NewEgressOnlyInternetGateway(this, jsii.String("EIGW"), &EgressOnlyInternetGatewayProps{
	Vpc: myVpc,
})

routeTable := awsec2alpha.NewRouteTable(this, jsii.String("RouteTable"), &RouteTableProps{
	Vpc: myVpc,
})

routeTable.AddRoute(jsii.String("EIGW"), jsii.String("::/0"), map[string]iRouteTarget{
	"gateway": eigw,
})

Experimental.

func NewEgressOnlyInternetGateway 

func NewEgressOnlyInternetGateway(scope constructs.Construct, id *string, props *EgressOnlyInternetGatewayProps) EgressOnlyInternetGateway

Experimental.

type EgressOnlyInternetGatewayOptions 

type EgressOnlyInternetGatewayOptions struct {
	// Destination Ipv6 address for EGW route.
	// Default: - '::/0' all Ipv6 traffic.
	//
	// Experimental.
	Destination *string `field:"optional" json:"destination" yaml:"destination"`
	// The resource name of the egress-only internet gateway.
	//
	// Provided name will be used for tagging.
	// Default: - no name tag associated and provisioned without a resource name.
	//
	// Experimental.
	EgressOnlyInternetGatewayName *string `field:"optional" json:"egressOnlyInternetGatewayName" yaml:"egressOnlyInternetGatewayName"`
	// List of subnets where route to EGW will be added.
	// Default: - no route created.
	//
	// Experimental.
	Subnets *[]*awsec2.SubnetSelection `field:"optional" json:"subnets" yaml:"subnets"`
}

Options to define EgressOnlyInternetGateway for VPC.

Example: 

stack := awscdk.Newstack()
myVpc := awsec2alpha.NewVpcV2(this, jsii.String("Vpc"), &VpcV2Props{
	PrimaryAddressBlock: awsec2alpha.IpAddresses_Ipv4(jsii.String("10.1.0.0/16")),
	SecondaryAddressBlocks: []IIpAddresses{
		awsec2alpha.IpAddresses_AmazonProvidedIpv6(&SecondaryAddressProps{
			CidrBlockName: jsii.String("AmazonProvided"),
		}),
	},
})
routeTable := awsec2alpha.NewRouteTable(this, jsii.String("RouteTable"), &RouteTableProps{
	Vpc: myVpc,
})
subnet := awsec2alpha.NewSubnetV2(this, jsii.String("Subnet"), &SubnetV2Props{
	Vpc: myVpc,
	AvailabilityZone: jsii.String("eu-west-2a"),
	Ipv4CidrBlock: awsec2alpha.NewIpCidr(jsii.String("10.0.0.0/24")),
	Ipv6CidrBlock: awsec2alpha.NewIpCidr(jsii.String("2001:db8:1::/64")),
	SubnetType: awscdk.SubnetType_PRIVATE,
})

myVpc.AddEgressOnlyInternetGateway(&EgressOnlyInternetGatewayOptions{
	Subnets: []SubnetSelection{
		&SubnetSelection{
			SubnetType: awscdk.SubnetType_PRIVATE,
		},
	},
	Destination: jsii.String("::/60"),
})

Experimental.

type EgressOnlyInternetGatewayProps 

type EgressOnlyInternetGatewayProps struct {
	// The ID of the VPC for which to create the egress-only internet gateway.
	// Experimental.
	Vpc IVpcV2 `field:"required" json:"vpc" yaml:"vpc"`
	// The resource name of the egress-only internet gateway.
	// Default: - provisioned without a resource name.
	//
	// Experimental.
	EgressOnlyInternetGatewayName *string `field:"optional" json:"egressOnlyInternetGatewayName" yaml:"egressOnlyInternetGatewayName"`
}

Properties to define an egress-only internet gateway.

Example: 

stack := awscdk.Newstack()
myVpc := awsec2alpha.NewVpcV2(this, jsii.String("Vpc"), &VpcV2Props{
	PrimaryAddressBlock: awsec2alpha.IpAddresses_Ipv4(jsii.String("10.1.0.0/16")),
	SecondaryAddressBlocks: []IIpAddresses{
		awsec2alpha.IpAddresses_AmazonProvidedIpv6(&SecondaryAddressProps{
			CidrBlockName: jsii.String("AmazonProvided"),
		}),
	},
})

eigw := awsec2alpha.NewEgressOnlyInternetGateway(this, jsii.String("EIGW"), &EgressOnlyInternetGatewayProps{
	Vpc: myVpc,
})

routeTable := awsec2alpha.NewRouteTable(this, jsii.String("RouteTable"), &RouteTableProps{
	Vpc: myVpc,
})

routeTable.AddRoute(jsii.String("EIGW"), jsii.String("::/0"), map[string]iRouteTarget{
	"gateway": eigw,
})

Experimental.

type IIpAddresses 

type IIpAddresses interface {
	// Method to define the implementation logic of IP address allocation.
	// Experimental.
	AllocateVpcCidr() *VpcCidrOptions
}

Implements ip address allocation according to the IPAdress type. Experimental.

func IpAddresses_AmazonProvidedIpv6 

func IpAddresses_AmazonProvidedIpv6(props *SecondaryAddressProps) IIpAddresses

Amazon Provided Ipv6 range. Experimental.

func IpAddresses_Ipv4 

func IpAddresses_Ipv4(ipv4Cidr *string, props *SecondaryAddressProps) IIpAddresses

An IPv4 CIDR Range. Experimental.

func IpAddresses_Ipv4Ipam 

func IpAddresses_Ipv4Ipam(ipv4IpamOptions *IpamOptions) IIpAddresses

An Ipv4 Ipam Pool. Experimental.

func IpAddresses_Ipv6ByoipPool 

func IpAddresses_Ipv6ByoipPool(props *Ipv6PoolSecondaryAddressProps) IIpAddresses

A BYOIP IPv6 address pool. Experimental.

func IpAddresses_Ipv6Ipam 

func IpAddresses_Ipv6Ipam(ipv6IpamOptions *IpamOptions) IIpAddresses

An Ipv6 Ipam Pool. Experimental.

type IIpamPool 

type IIpamPool interface {
	// Function to associate a IPv6 address with IPAM pool.
	// Experimental.
	ProvisionCidr(id *string, options *IpamPoolCidrProvisioningOptions) awsec2.CfnIPAMPoolCidr
	// Pool CIDR for IPv6 to be provisioned with Public IP source set to 'Amazon'.
	// Experimental.
	IpamCidrs() *[]awsec2.CfnIPAMPoolCidr
	// Pool CIDR for IPv4 to be provisioned using IPAM Required to check for subnet IP range is within the VPC range.
	// Experimental.
	IpamIpv4Cidrs() *[]*string
	// Pool ID to be passed to the VPC construct.
	// Experimental.
	IpamPoolId() *string
}

Definition used to add or create a new IPAM pool. Experimental.

type IIpamScopeBase 

type IIpamScopeBase interface {
	// Function to add a new pool to an IPAM scope.
	// Experimental.
	AddPool(id *string, options *PoolOptions) IIpamPool
	// Reference to the current scope of stack to be passed in order to create a new IPAM pool.
	// Experimental.
	Scope() constructs.Construct
	// Default Scope ids created by the IPAM or a new Resource id.
	// Experimental.
	ScopeId() *string
	// Defines scope type can be either default or custom.
	// Experimental.
	ScopeType() IpamScopeType
}

Interface for IpamScope Class. Experimental.

type IRouteTarget 

type IRouteTarget interface {
	constructs.IDependable
	// The ID of the route target.
	// Experimental.
	RouterTargetId() *string
	// The type of router used in the route.
	// Experimental.
	RouterType() awsec2.RouterType
}

Interface to define a routing target, such as an egress-only internet gateway or VPC endpoint. Experimental.

type IRouteV2 

type IRouteV2 interface {
	awscdk.IResource
	// The IPv4 or IPv6 CIDR block used for the destination match.
	//
	// Routing decisions are based on the most specific match.
	// TODO: Look for strong IP type implementation here.
	// Experimental.
	Destination() *string
	// The ID of the route table for the route.
	// Experimental.
	RouteTable() awsec2.IRouteTable
	// The gateway or endpoint targeted by the route.
	// Experimental.
	Target() RouteTargetType
}

Interface to define a route. Experimental.

type ISubnetV2 

type ISubnetV2 interface {
	awsec2.ISubnet
	// The IPv6 CIDR block for this subnet.
	// Experimental.
	Ipv6CidrBlock() *string
	// The type of subnet (public or private) that this subnet represents.
	// Experimental.
	SubnetType() awsec2.SubnetType
}

Interface with additional properties for SubnetV2. Experimental.

func SubnetV2_FromSubnetV2Attributes 

func SubnetV2_FromSubnetV2Attributes(scope constructs.Construct, id *string, attrs *SubnetV2Attributes) ISubnetV2

Import an existing subnet to the VPC. Experimental.

type ITransitGateway 

type ITransitGateway interface {
	awscdk.IResource
	IRouteTarget
	// The default route table associated with the Transit Gateway.
	//
	// This route table is created by the CDK and is used to manage the routes
	// for attachments that do not have an explicitly defined route table association.
	// Experimental.
	DefaultRouteTable() ITransitGatewayRouteTable
	// Indicates whether new attachments are automatically associated with the default route table.
	//
	// If set to `true`, any VPC or VPN attachment will be automatically associated with
	// the default route table unless otherwise specified.
	// Experimental.
	DefaultRouteTableAssociation() *bool
	// Indicates whether route propagation to the default route table is enabled.
	//
	// When set to `true`, routes from attachments will be automatically propagated
	// to the default route table unless propagation is explicitly disabled.
	// Experimental.
	DefaultRouteTablePropagation() *bool
	// Whether or not DNS support is enabled on the Transit Gateway.
	// Experimental.
	DnsSupport() *bool
	// Whether or not security group referencing support is enabled on the Transit Gateway.
	// Experimental.
	SecurityGroupReferencingSupport() *bool
	// The Amazon Resource Name (ARN) of the Transit Gateway.
	//
	// The ARN uniquely identifies the Transit Gateway across AWS and is commonly
	// used for permissions and resource tracking.
	// Experimental.
	TransitGatewayArn() *string
	// The unique identifier of the Transit Gateway.
	//
	// This ID is automatically assigned by AWS upon creation of the Transit Gateway
	// and is used to reference it in various configurations and operations.
	// Experimental.
	TransitGatewayId() *string
}

Represents a Transit Gateway. Experimental.

type ITransitGatewayAssociation 

type ITransitGatewayAssociation interface {
	awscdk.IResource
	// The ID of the transit gateway route table association.
	// Experimental.
	TransitGatewayAssociationId() *string
}

Represents a Transit Gateway Route Table Association. Experimental.

type ITransitGatewayAttachment 

type ITransitGatewayAttachment interface {
	awscdk.IResource
	// The ID of the transit gateway attachment.
	// Experimental.
	TransitGatewayAttachmentId() *string
}

Represents a Transit Gateway Attachment. Experimental.

type ITransitGatewayRoute 

type ITransitGatewayRoute interface {
	awscdk.IResource
	// The destination CIDR block for this route.
	//
	// Destination Cidr cannot overlap for static routes but is allowed for propagated routes.
	// When overlapping occurs, static routes take precedence over propagated routes.
	// Experimental.
	DestinationCidrBlock() *string
	// The transit gateway route table this route belongs to.
	// Experimental.
	RouteTable() ITransitGatewayRouteTable
}

Represents a Transit Gateway Route. Experimental.

type ITransitGatewayRouteTable 

type ITransitGatewayRouteTable interface {
	awscdk.IResource
	awsec2.IRouteTable
	// Associate the provided Attachments with this route table.
	//
	// Returns: ITransitGatewayRouteTableAssociation.
	// Experimental.
	AddAssociation(id *string, transitGatewayAttachment ITransitGatewayAttachment) ITransitGatewayRouteTableAssociation
	// Add a blackhole route to this route table.
	//
	// Returns: ITransitGatewayRoute.
	// Experimental.
	AddBlackholeRoute(id *string, destinationCidr *string) ITransitGatewayRoute
	// Add an active route to this route table.
	//
	// Returns: ITransitGatewayRoute.
	// Experimental.
	AddRoute(id *string, transitGatewayAttachment ITransitGatewayAttachment, destinationCidr *string) ITransitGatewayRoute
	// Enable propagation from the provided Attachments to this route table.
	//
	// Returns: ITransitGatewayRouteTablePropagation.
	// Experimental.
	EnablePropagation(id *string, transitGatewayAttachment ITransitGatewayAttachment) ITransitGatewayRouteTablePropagation
}

Represents a Transit Gateway Route Table. Experimental.

type ITransitGatewayRouteTableAssociation 

type ITransitGatewayRouteTableAssociation interface {
	ITransitGatewayAssociation
}

Represents a Transit Gateway Route Table Association. Experimental.

type ITransitGatewayRouteTablePropagation 

type ITransitGatewayRouteTablePropagation interface {
	awscdk.IResource
	// The ID of the transit gateway route table propagation.
	// Experimental.
	TransitGatewayRouteTablePropagationId() *string
}

Represents a Transit Gateway Route Table Propagation. Experimental.

type ITransitGatewayVpcAttachment 

type ITransitGatewayVpcAttachment interface {
	ITransitGatewayAttachment
	// Add additional subnets to this attachment.
	// Experimental.
	AddSubnets(subnets *[]awsec2.ISubnet)
	// Remove subnets from this attachment.
	// Experimental.
	RemoveSubnets(subnets *[]awsec2.ISubnet)
}

Represents a Transit Gateway VPC Attachment. Experimental.

type ITransitGatewayVpcAttachmentOptions 

type ITransitGatewayVpcAttachmentOptions interface {
	// Enable or disable appliance mode support.
	// Default: - disable (false).
	//
	// Experimental.
	ApplianceModeSupport() *bool
	// Enable or disable DNS support.
	// Default: - disable (false).
	//
	// Experimental.
	DnsSupport() *bool
	// Enable or disable IPv6 support.
	// Default: - disable (false).
	//
	// Experimental.
	Ipv6Support() *bool
	// Enables you to reference a security group across VPCs attached to a transit gateway.
	// Default: - disable (false).
	//
	// Experimental.
	SecurityGroupReferencingSupport() *bool
}

Options for Transit Gateway VPC Attachment. Experimental.

type IVPCCidrBlock 

type IVPCCidrBlock interface {
	// Amazon Provided Ipv6.
	// Experimental.
	AmazonProvidedIpv6CidrBlock() *bool
	// The secondary IPv4 CIDR Block.
	// Default: - no CIDR block provided.
	//
	// Experimental.
	CidrBlock() *string
	// IPAM pool for IPv4 address type.
	// Experimental.
	Ipv4IpamPoolId() *string
	// The IPv6 CIDR block from the specified IPv6 address pool.
	// Experimental.
	Ipv6CidrBlock() *string
	// IPAM pool for IPv6 address type.
	// Experimental.
	Ipv6IpamPoolId() *string
	// The ID of the IPv6 address pool from which to allocate the IPv6 CIDR block.
	// Experimental.
	Ipv6Pool() *string
}

Interface to create L2 for VPC Cidr Block. Experimental.

type IVpcV2 

type IVpcV2 interface {
	awsec2.IVpc
	// Add an Egress only Internet Gateway to current VPC.
	//
	// Can only be used for ipv6 enabled VPCs.
	// For more information, see the {@link https://docs.aws.amazon.com/vpc/latest/userguide/egress-only-internet-gateway-basics.html}.
	// Experimental.
	AddEgressOnlyInternetGateway(options *EgressOnlyInternetGatewayOptions) EgressOnlyInternetGateway
	// Adds an Internet Gateway to current VPC.
	//
	// For more information, see the {@link https://docs.aws.amazon.com/vpc/latest/userguide/vpc-igw-internet-access.html}.
	// Default: - defines route for all ipv4('0.0.0.0') and ipv6 addresses('::/0')
	//
	// Experimental.
	AddInternetGateway(options *InternetGatewayOptions) InternetGateway
	// Adds a new NAT Gateway to VPC A NAT gateway is a Network Address Translation (NAT) service.
	//
	// NAT Gateway Connectivity can be of type `Public` or `Private`.
	// For more information, see the {@link https://docs.aws.amazon.com/vpc/latest/userguide/vpc-nat-gateway.html}.
	// Default: ConnectivityType.Public
	//
	// Experimental.
	AddNatGateway(options *NatGatewayOptions) NatGateway
	// Adds a new role to acceptor VPC account A cross account role is required for the VPC to peer with another account.
	//
	// For more information, see the {@link https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/peer-with-vpc-in-another-account.html}.
	// Experimental.
	CreateAcceptorVpcRole(requestorAccountId *string) awsiam.Role
	// Creates a new peering connection A peering connection is a private virtual network established between two VPCs.
	//
	// For more information, see the {@link https://docs.aws.amazon.com/vpc/latest/peering/what-is-vpc-peering.html}.
	// Experimental.
	CreatePeeringConnection(id *string, options *VPCPeeringConnectionOptions) VPCPeeringConnection
	// Adds VPN Gateway to VPC and set route propagation.
	//
	// For more information, see the {@link https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ec2-vpngateway.html}.
	// Default: - no route propagation.
	//
	// Experimental.
	EnableVpnGatewayV2(options *VPNGatewayV2Options) VPNGatewayV2
	// The primary IPv4 CIDR block associated with the VPC.
	//
	// Needed in order to validate the vpc range of subnet
	// current prop vpcCidrBlock refers to the token value
	// For more information, see the {@link https://docs.aws.amazon.com/vpc/latest/userguide/vpc-cidr-blocks.html#vpc-sizing-ipv4}.
	// Experimental.
	Ipv4CidrBlock() *string
	// IPv4 CIDR provisioned under pool Required to check for overlapping CIDRs after provisioning is complete under IPAM pool.
	// Experimental.
	Ipv4IpamProvisionedCidrs() *[]*string
	// The ID of the AWS account that owns the VPC.
	// Default: - the account id of the parent stack.
	//
	// Experimental.
	OwnerAccountId() *string
	// Optional to override inferred region.
	// Default: - current stack's environment region.
	//
	// Experimental.
	Region() *string
	// The secondary CIDR blocks associated with the VPC.
	//
	// For more information, see the {@link https://docs.aws.amazon.com/vpc/latest/userguide/vpc-cidr-blocks.html#vpc-resize}.
	// Experimental.
	SecondaryCidrBlock() *[]IVPCCidrBlock
	// VpcName to be used for tagging its components.
	// Experimental.
	VpcName() *string
}

Placeholder to see what extra props we might need, will be added to original IVPC. Experimental.

func VpcV2_FromVpcV2Attributes 

func VpcV2_FromVpcV2Attributes(scope constructs.Construct, id *string, attrs *VpcV2Attributes) IVpcV2

Create a VPC from existing attributes. Experimental.

type InternetGateway 

type InternetGateway interface {
	awscdk.Resource
	IRouteTarget
	// The environment this resource belongs to.
	//
	// For resources that are created and managed in a Stack (those created by
	// creating new class instances like `new Role()`, `new Bucket()`, etc.), this
	// is always the same as the environment of the stack they belong to.
	//
	// For referenced resources (those obtained from referencing methods like
	// `Role.fromRoleArn()`, `Bucket.fromBucketName()`, etc.), they might be
	// different than the stack they were imported into.
	// Experimental.
	Env() *interfaces.ResourceEnvironment
	// The tree node.
	// Experimental.
	Node() constructs.Node
	// Returns a string-encoded token that resolves to the physical name that should be passed to the CloudFormation resource.
	//
	// This value will resolve to one of the following:
	// - a concrete value (e.g. `"my-awesome-bucket"`)
	// - `undefined`, when a name should be generated by CloudFormation
	// - a concrete name generated automatically during synthesis, in
	//   cross-environment scenarios.
	// Experimental.
	PhysicalName() *string
	// The internet gateway CFN resource.
	// Experimental.
	Resource() awsec2.CfnInternetGateway
	// The ID of the route target.
	// Experimental.
	RouterTargetId() *string
	// The type of router used in the route.
	// Experimental.
	RouterType() awsec2.RouterType
	// The stack in which this resource is defined.
	// Experimental.
	Stack() awscdk.Stack
	// The ID of the VPC for which to create the internet gateway.
	// Experimental.
	VpcId() *string
	// Apply the given removal policy to this resource.
	//
	// The Removal Policy controls what happens to this resource when it stops
	// being managed by CloudFormation, either because you've removed it from the
	// CDK application or because you've made a change that requires the resource
	// to be replaced.
	//
	// The resource can be deleted (`RemovalPolicy.DESTROY`), or left in your AWS
	// account for data recovery and cleanup later (`RemovalPolicy.RETAIN`).
	// Experimental.
	ApplyRemovalPolicy(policy awscdk.RemovalPolicy)
	// Experimental.
	GeneratePhysicalName() *string
	// Returns an environment-sensitive token that should be used for the resource's "ARN" attribute (e.g. `bucket.bucketArn`).
	//
	// Normally, this token will resolve to `arnAttr`, but if the resource is
	// referenced across environments, `arnComponents` will be used to synthesize
	// a concrete ARN with the resource's physical name. Make sure to reference
	// `this.physicalName` in `arnComponents`.
	// Experimental.
	GetResourceArnAttribute(arnAttr *string, arnComponents *awscdk.ArnComponents) *string
	// Returns an environment-sensitive token that should be used for the resource's "name" attribute (e.g. `bucket.bucketName`).
	//
	// Normally, this token will resolve to `nameAttr`, but if the resource is
	// referenced across environments, it will be resolved to `this.physicalName`,
	// which will be a concrete name.
	// Experimental.
	GetResourceNameAttribute(nameAttr *string) *string
	// Returns a string representation of this construct.
	// Experimental.
	ToString() *string
	// Applies one or more mixins to this construct.
	//
	// Mixins are applied in order. The list of constructs is captured at the
	// start of the call, so constructs added by a mixin will not be visited.
	// Use multiple `with()` calls if subsequent mixins should apply to added
	// constructs.
	// Experimental.
	With(mixins ...constructs.IMixin) constructs.IConstruct
}

Creates an internet gateway.

Example: 

stack := awscdk.Newstack()
myVpc := awsec2alpha.NewVpcV2(this, jsii.String("Vpc"))
routeTable := awsec2alpha.NewRouteTable(this, jsii.String("RouteTable"), &RouteTableProps{
	Vpc: myVpc,
})
subnet := awsec2alpha.NewSubnetV2(this, jsii.String("Subnet"), &SubnetV2Props{
	Vpc: myVpc,
	AvailabilityZone: jsii.String("eu-west-2a"),
	Ipv4CidrBlock: awsec2alpha.NewIpCidr(jsii.String("10.0.0.0/24")),
	SubnetType: awscdk.SubnetType_PRIVATE_ISOLATED,
})

igw := awsec2alpha.NewInternetGateway(this, jsii.String("IGW"), &InternetGatewayProps{
	Vpc: myVpc,
})
awsec2alpha.NewRoute(this, jsii.String("IgwRoute"), &RouteProps{
	RouteTable: RouteTable,
	Destination: jsii.String("0.0.0.0/0"),
	Target: map[string]iRouteTarget{
		"gateway": igw,
	},
})

Experimental.

func NewInternetGateway 

func NewInternetGateway(scope constructs.Construct, id *string, props *InternetGatewayProps) InternetGateway

Experimental.

type InternetGatewayOptions 

type InternetGatewayOptions struct {
	// The resource name of the internet gateway.
	//
	// Provided name will be used for tagging.
	// Default: - provisioned without a resource name.
	//
	// Experimental.
	InternetGatewayName *string `field:"optional" json:"internetGatewayName" yaml:"internetGatewayName"`
	// Destination Ipv6 address for EGW route.
	// Default: - '0.0.0.0' all Ipv4 traffic
	//
	// Experimental.
	Ipv4Destination *string `field:"optional" json:"ipv4Destination" yaml:"ipv4Destination"`
	// Destination Ipv6 address for EGW route.
	// Default: - '::/0' all Ipv6 traffic.
	//
	// Experimental.
	Ipv6Destination *string `field:"optional" json:"ipv6Destination" yaml:"ipv6Destination"`
	// List of subnets where route to IGW will be added.
	// Default: - route created for all subnets with Type `SubnetType.Public`
	//
	// Experimental.
	Subnets *[]*awsec2.SubnetSelection `field:"optional" json:"subnets" yaml:"subnets"`
}

Options to define InternetGateway for VPC.

Example: 

stack := awscdk.Newstack()
myVpc := awsec2alpha.NewVpcV2(this, jsii.String("Vpc"))

subnet := awsec2alpha.NewSubnetV2(this, jsii.String("Subnet"), &SubnetV2Props{
	Vpc: myVpc,
	AvailabilityZone: jsii.String("eu-west-2a"),
	Ipv4CidrBlock: awsec2alpha.NewIpCidr(jsii.String("10.0.0.0/24")),
	SubnetType: awscdk.SubnetType_PUBLIC,
})

myVpc.AddInternetGateway(&InternetGatewayOptions{
	Ipv4Destination: jsii.String("192.168.0.0/16"),
})

Experimental.

type InternetGatewayProps 

type InternetGatewayProps struct {
	// The ID of the VPC for which to create the internet gateway.
	// Experimental.
	Vpc IVpcV2 `field:"required" json:"vpc" yaml:"vpc"`
	// The resource name of the internet gateway.
	// Default: - provisioned without a resource name.
	//
	// Experimental.
	InternetGatewayName *string `field:"optional" json:"internetGatewayName" yaml:"internetGatewayName"`
}

Properties to define an internet gateway.

Example: 

stack := awscdk.Newstack()
myVpc := awsec2alpha.NewVpcV2(this, jsii.String("Vpc"))
routeTable := awsec2alpha.NewRouteTable(this, jsii.String("RouteTable"), &RouteTableProps{
	Vpc: myVpc,
})
subnet := awsec2alpha.NewSubnetV2(this, jsii.String("Subnet"), &SubnetV2Props{
	Vpc: myVpc,
	AvailabilityZone: jsii.String("eu-west-2a"),
	Ipv4CidrBlock: awsec2alpha.NewIpCidr(jsii.String("10.0.0.0/24")),
	SubnetType: awscdk.SubnetType_PRIVATE_ISOLATED,
})

igw := awsec2alpha.NewInternetGateway(this, jsii.String("IGW"), &InternetGatewayProps{
	Vpc: myVpc,
})
awsec2alpha.NewRoute(this, jsii.String("IgwRoute"), &RouteProps{
	RouteTable: RouteTable,
	Destination: jsii.String("0.0.0.0/0"),
	Target: map[string]iRouteTarget{
		"gateway": igw,
	},
})

Experimental.

type IpAddresses 

type IpAddresses interface {
}

IpAddress options to define VPC V2.

Example: 

// The code below shows an example of how to instantiate this type.
// The values are placeholders you should change.
import ec2_alpha "github.com/aws/aws-cdk-go/awsec2alpha"

ipAddresses := ec2_alpha.NewIpAddresses()

Experimental.

func NewIpAddresses 

func NewIpAddresses() IpAddresses

Experimental.

type IpCidr 

type IpCidr interface {
	// IPv6 CIDR range for the subnet Allowed only if IPv6 is enabled on VPc.
	// Experimental.
	Cidr() *string
}

IPv4 or IPv6 CIDR range for the subnet.

Example: 

myVpc := awsec2alpha.NewVpcV2(this, jsii.String("Vpc"))
routeTable := awsec2alpha.NewRouteTable(this, jsii.String("RouteTable"), &RouteTableProps{
	Vpc: myVpc,
})
subnet := awsec2alpha.NewSubnetV2(this, jsii.String("Subnet"), &SubnetV2Props{
	Vpc: myVpc,
	AvailabilityZone: jsii.String("eu-west-2a"),
	Ipv4CidrBlock: awsec2alpha.NewIpCidr(jsii.String("10.0.0.0/24")),
	SubnetType: awscdk.SubnetType_PRIVATE_ISOLATED,
})

natgw := awsec2alpha.NewNatGateway(this, jsii.String("NatGW"), &NatGatewayProps{
	Subnet: subnet,
	Vpc: myVpc,
	ConnectivityType: awsec2alpha.NatConnectivityType_PRIVATE,
	PrivateIpAddress: jsii.String("10.0.0.42"),
})
awsec2alpha.NewRoute(this, jsii.String("NatGwRoute"), &RouteProps{
	RouteTable: RouteTable,
	Destination: jsii.String("0.0.0.0/0"),
	Target: map[string]iRouteTarget{
		"gateway": natgw,
	},
})

Experimental.

func NewIpCidr 

func NewIpCidr(props *string) IpCidr

Experimental.

type Ipam 

type Ipam interface {
	awscdk.Resource
	// The environment this resource belongs to.
	//
	// For resources that are created and managed in a Stack (those created by
	// creating new class instances like `new Role()`, `new Bucket()`, etc.), this
	// is always the same as the environment of the stack they belong to.
	//
	// For referenced resources (those obtained from referencing methods like
	// `Role.fromRoleArn()`, `Bucket.fromBucketName()`, etc.), they might be
	// different than the stack they were imported into.
	// Experimental.
	Env() *interfaces.ResourceEnvironment
	// Access to Ipam resource id that can be used later to add a custom private scope to this IPAM.
	// Experimental.
	IpamId() *string
	// IPAM name to be used for tagging.
	// Default: - no tag specified.
	//
	// Experimental.
	IpamName() *string
	// The tree node.
	// Experimental.
	Node() constructs.Node
	// List of operating regions for IPAM.
	// Experimental.
	OperatingRegions() *[]*string
	// Returns a string-encoded token that resolves to the physical name that should be passed to the CloudFormation resource.
	//
	// This value will resolve to one of the following:
	// - a concrete value (e.g. `"my-awesome-bucket"`)
	// - `undefined`, when a name should be generated by CloudFormation
	// - a concrete name generated automatically during synthesis, in
	//   cross-environment scenarios.
	// Experimental.
	PhysicalName() *string
	// Provides access to default private IPAM scope through add pool method.
	//
	// Usage: To add an Ipam Pool to a default private scope.
	// See: https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ec2-ipamscope.html
	//
	// Experimental.
	PrivateScope() IIpamScopeBase
	// Provides access to default public IPAM scope through add pool method.
	//
	// Usage: To add an Ipam Pool to a default public scope.
	// See: https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ec2-ipamscope.html
	//
	// Experimental.
	PublicScope() IIpamScopeBase
	// List of scopes created under this IPAM.
	// Experimental.
	Scopes() *[]IIpamScopeBase
	// The stack in which this resource is defined.
	// Experimental.
	Stack() awscdk.Stack
	// Function to add custom scope to an existing IPAM Custom scopes can only be private.
	// Experimental.
	AddScope(scope constructs.Construct, id *string, options *IpamScopeOptions) IIpamScopeBase
	// Apply the given removal policy to this resource.
	//
	// The Removal Policy controls what happens to this resource when it stops
	// being managed by CloudFormation, either because you've removed it from the
	// CDK application or because you've made a change that requires the resource
	// to be replaced.
	//
	// The resource can be deleted (`RemovalPolicy.DESTROY`), or left in your AWS
	// account for data recovery and cleanup later (`RemovalPolicy.RETAIN`).
	// Experimental.
	ApplyRemovalPolicy(policy awscdk.RemovalPolicy)
	// Experimental.
	GeneratePhysicalName() *string
	// Returns an environment-sensitive token that should be used for the resource's "ARN" attribute (e.g. `bucket.bucketArn`).
	//
	// Normally, this token will resolve to `arnAttr`, but if the resource is
	// referenced across environments, `arnComponents` will be used to synthesize
	// a concrete ARN with the resource's physical name. Make sure to reference
	// `this.physicalName` in `arnComponents`.
	// Experimental.
	GetResourceArnAttribute(arnAttr *string, arnComponents *awscdk.ArnComponents) *string
	// Returns an environment-sensitive token that should be used for the resource's "name" attribute (e.g. `bucket.bucketName`).
	//
	// Normally, this token will resolve to `nameAttr`, but if the resource is
	// referenced across environments, it will be resolved to `this.physicalName`,
	// which will be a concrete name.
	// Experimental.
	GetResourceNameAttribute(nameAttr *string) *string
	// Returns a string representation of this construct.
	// Experimental.
	ToString() *string
	// Applies one or more mixins to this construct.
	//
	// Mixins are applied in order. The list of constructs is captured at the
	// start of the call, so constructs added by a mixin will not be visited.
	// Use multiple `with()` calls if subsequent mixins should apply to added
	// constructs.
	// Experimental.
	With(mixins ...constructs.IMixin) constructs.IConstruct
}

Creates new IPAM with default public and private scope.

Example: 

stack := awscdk.Newstack()
ipam := awsec2alpha.NewIpam(this, jsii.String("Ipam"), &IpamProps{
	OperatingRegions: []*string{
		jsii.String("us-west-1"),
	},
})
ipamPublicPool := ipam.PublicScope.AddPool(jsii.String("PublicPoolA"), &PoolOptions{
	AddressFamily: awsec2alpha.AddressFamily_IP_V6,
	AwsService: awsec2alpha.AwsServiceName_EC2,
	Locale: jsii.String("us-west-1"),
	PublicIpSource: awsec2alpha.IpamPoolPublicIpSource_AMAZON,
})
ipamPublicPool.ProvisionCidr(jsii.String("PublicPoolACidrA"), &IpamPoolCidrProvisioningOptions{
	NetmaskLength: jsii.Number(52),
})

ipamPrivatePool := ipam.PrivateScope.AddPool(jsii.String("PrivatePoolA"), &PoolOptions{
	AddressFamily: awsec2alpha.AddressFamily_IP_V4,
})
ipamPrivatePool.ProvisionCidr(jsii.String("PrivatePoolACidrA"), &IpamPoolCidrProvisioningOptions{
	NetmaskLength: jsii.Number(8),
})

awsec2alpha.NewVpcV2(this, jsii.String("Vpc"), &VpcV2Props{
	PrimaryAddressBlock: awsec2alpha.IpAddresses_Ipv4(jsii.String("10.0.0.0/24")),
	SecondaryAddressBlocks: []IIpAddresses{
		awsec2alpha.IpAddresses_AmazonProvidedIpv6(&SecondaryAddressProps{
			CidrBlockName: jsii.String("AmazonIpv6"),
		}),
		awsec2alpha.IpAddresses_Ipv6Ipam(&IpamOptions{
			IpamPool: ipamPublicPool,
			NetmaskLength: jsii.Number(52),
			CidrBlockName: jsii.String("ipv6Ipam"),
		}),
		awsec2alpha.IpAddresses_Ipv4Ipam(&IpamOptions{
			IpamPool: ipamPrivatePool,
			NetmaskLength: jsii.Number(8),
			CidrBlockName: jsii.String("ipv4Ipam"),
		}),
	},
})

See: https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ec2-ipamscope.html

Experimental.

func NewIpam 

func NewIpam(scope constructs.Construct, id *string, props *IpamProps) Ipam

Experimental.

type IpamOptions 

type IpamOptions struct {
	// Required to set Secondary cidr block resource name in order to generate unique logical id for the resource.
	// Experimental.
	CidrBlockName *string `field:"required" json:"cidrBlockName" yaml:"cidrBlockName"`
	// Ipv4 or an Ipv6 IPAM pool Only required when using AWS Ipam.
	// Default: - no pool attached to VPC secondary address.
	//
	// Experimental.
	IpamPool IIpamPool `field:"optional" json:"ipamPool" yaml:"ipamPool"`
	// CIDR Mask for Vpc Only required when using AWS Ipam.
	// Default: - no netmask length for IPAM attached to VPC secondary address.
	//
	// Experimental.
	NetmaskLength *float64 `field:"optional" json:"netmaskLength" yaml:"netmaskLength"`
}

Options for configuring an IP Address Manager (IPAM).

For more information, see the {@link https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ec2-ipam.html}.

Example: 

stack := awscdk.Newstack()
ipam := awsec2alpha.NewIpam(this, jsii.String("Ipam"), &IpamProps{
	OperatingRegions: []*string{
		jsii.String("us-west-1"),
	},
})
ipamPublicPool := ipam.PublicScope.AddPool(jsii.String("PublicPoolA"), &PoolOptions{
	AddressFamily: awsec2alpha.AddressFamily_IP_V6,
	AwsService: awsec2alpha.AwsServiceName_EC2,
	Locale: jsii.String("us-west-1"),
	PublicIpSource: awsec2alpha.IpamPoolPublicIpSource_AMAZON,
})
ipamPublicPool.ProvisionCidr(jsii.String("PublicPoolACidrA"), &IpamPoolCidrProvisioningOptions{
	NetmaskLength: jsii.Number(52),
})

ipamPrivatePool := ipam.PrivateScope.AddPool(jsii.String("PrivatePoolA"), &PoolOptions{
	AddressFamily: awsec2alpha.AddressFamily_IP_V4,
})
ipamPrivatePool.ProvisionCidr(jsii.String("PrivatePoolACidrA"), &IpamPoolCidrProvisioningOptions{
	NetmaskLength: jsii.Number(8),
})

awsec2alpha.NewVpcV2(this, jsii.String("Vpc"), &VpcV2Props{
	PrimaryAddressBlock: awsec2alpha.IpAddresses_Ipv4(jsii.String("10.0.0.0/24")),
	SecondaryAddressBlocks: []IIpAddresses{
		awsec2alpha.IpAddresses_AmazonProvidedIpv6(&SecondaryAddressProps{
			CidrBlockName: jsii.String("AmazonIpv6"),
		}),
		awsec2alpha.IpAddresses_Ipv6Ipam(&IpamOptions{
			IpamPool: ipamPublicPool,
			NetmaskLength: jsii.Number(52),
			CidrBlockName: jsii.String("ipv6Ipam"),
		}),
		awsec2alpha.IpAddresses_Ipv4Ipam(&IpamOptions{
			IpamPool: ipamPrivatePool,
			NetmaskLength: jsii.Number(8),
			CidrBlockName: jsii.String("ipv4Ipam"),
		}),
	},
})

Experimental.

type IpamPoolCidrProvisioningOptions 

type IpamPoolCidrProvisioningOptions struct {
	// Ipv6 CIDR block for the IPAM pool.
	// Default: - pool provisioned without netmask length, need netmask length in this case.
	//
	// Experimental.
	Cidr *string `field:"optional" json:"cidr" yaml:"cidr"`
	// Ipv6 Netmask length for the CIDR.
	// Default: - pool provisioned without netmask length, need cidr range in this case.
	//
	// Experimental.
	NetmaskLength *float64 `field:"optional" json:"netmaskLength" yaml:"netmaskLength"`
}

Options to provision CIDRs to an IPAM pool.

Used to create a new IpamPoolCidr.

Example: 

stack := awscdk.Newstack()
ipam := awsec2alpha.NewIpam(this, jsii.String("Ipam"), &IpamProps{
	OperatingRegions: []*string{
		jsii.String("us-west-1"),
	},
})
ipamPublicPool := ipam.PublicScope.AddPool(jsii.String("PublicPoolA"), &PoolOptions{
	AddressFamily: awsec2alpha.AddressFamily_IP_V6,
	AwsService: awsec2alpha.AwsServiceName_EC2,
	Locale: jsii.String("us-west-1"),
	PublicIpSource: awsec2alpha.IpamPoolPublicIpSource_AMAZON,
})
ipamPublicPool.ProvisionCidr(jsii.String("PublicPoolACidrA"), &IpamPoolCidrProvisioningOptions{
	NetmaskLength: jsii.Number(52),
})

ipamPrivatePool := ipam.PrivateScope.AddPool(jsii.String("PrivatePoolA"), &PoolOptions{
	AddressFamily: awsec2alpha.AddressFamily_IP_V4,
})
ipamPrivatePool.ProvisionCidr(jsii.String("PrivatePoolACidrA"), &IpamPoolCidrProvisioningOptions{
	NetmaskLength: jsii.Number(8),
})

awsec2alpha.NewVpcV2(this, jsii.String("Vpc"), &VpcV2Props{
	PrimaryAddressBlock: awsec2alpha.IpAddresses_Ipv4(jsii.String("10.0.0.0/24")),
	SecondaryAddressBlocks: []IIpAddresses{
		awsec2alpha.IpAddresses_AmazonProvidedIpv6(&SecondaryAddressProps{
			CidrBlockName: jsii.String("AmazonIpv6"),
		}),
		awsec2alpha.IpAddresses_Ipv6Ipam(&IpamOptions{
			IpamPool: ipamPublicPool,
			NetmaskLength: jsii.Number(52),
			CidrBlockName: jsii.String("ipv6Ipam"),
		}),
		awsec2alpha.IpAddresses_Ipv4Ipam(&IpamOptions{
			IpamPool: ipamPrivatePool,
			NetmaskLength: jsii.Number(8),
			CidrBlockName: jsii.String("ipv4Ipam"),
		}),
	},
})

See: https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ec2-ipampoolcidr.html

Experimental.

type IpamPoolPublicIpSource 

type IpamPoolPublicIpSource string

The IP address source for pools in the public scope.

Only used for provisioning IP address CIDRs to pools in the public scope.

Example: 

stack := awscdk.Newstack()
ipam := awsec2alpha.NewIpam(this, jsii.String("Ipam"), &IpamProps{
	OperatingRegions: []*string{
		jsii.String("us-west-1"),
	},
})
ipamPublicPool := ipam.PublicScope.AddPool(jsii.String("PublicPoolA"), &PoolOptions{
	AddressFamily: awsec2alpha.AddressFamily_IP_V6,
	AwsService: awsec2alpha.AwsServiceName_EC2,
	Locale: jsii.String("us-west-1"),
	PublicIpSource: awsec2alpha.IpamPoolPublicIpSource_AMAZON,
})
ipamPublicPool.ProvisionCidr(jsii.String("PublicPoolACidrA"), &IpamPoolCidrProvisioningOptions{
	NetmaskLength: jsii.Number(52),
})

ipamPrivatePool := ipam.PrivateScope.AddPool(jsii.String("PrivatePoolA"), &PoolOptions{
	AddressFamily: awsec2alpha.AddressFamily_IP_V4,
})
ipamPrivatePool.ProvisionCidr(jsii.String("PrivatePoolACidrA"), &IpamPoolCidrProvisioningOptions{
	NetmaskLength: jsii.Number(8),
})

awsec2alpha.NewVpcV2(this, jsii.String("Vpc"), &VpcV2Props{
	PrimaryAddressBlock: awsec2alpha.IpAddresses_Ipv4(jsii.String("10.0.0.0/24")),
	SecondaryAddressBlocks: []IIpAddresses{
		awsec2alpha.IpAddresses_AmazonProvidedIpv6(&SecondaryAddressProps{
			CidrBlockName: jsii.String("AmazonIpv6"),
		}),
		awsec2alpha.IpAddresses_Ipv6Ipam(&IpamOptions{
			IpamPool: ipamPublicPool,
			NetmaskLength: jsii.Number(52),
			CidrBlockName: jsii.String("ipv6Ipam"),
		}),
		awsec2alpha.IpAddresses_Ipv4Ipam(&IpamOptions{
			IpamPool: ipamPrivatePool,
			NetmaskLength: jsii.Number(8),
			CidrBlockName: jsii.String("ipv4Ipam"),
		}),
	},
})

See: https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ec2-ipampool.html#cfn-ec2-ipampool-publicipsource

Experimental. 

const (
	// BYOIP Ipv6 to be registered under IPAM.
	// Experimental.
	IpamPoolPublicIpSource_BYOIP IpamPoolPublicIpSource = "BYOIP"
	// Amazon Provided Ipv6 range.
	// Experimental.
	IpamPoolPublicIpSource_AMAZON IpamPoolPublicIpSource = "AMAZON"
)

type IpamProps 

type IpamProps struct {
	// Name of IPAM that can be used for tagging resource.
	// Default: - If no name provided, no tags will be added to the IPAM.
	//
	// Experimental.
	IpamName *string `field:"optional" json:"ipamName" yaml:"ipamName"`
	// The operating Regions for an IPAM.
	//
	// Operating Regions are AWS Regions where the IPAM is allowed to manage IP address CIDRs
	// For more information about operating Regions, see [Create an IPAM](https://docs.aws.amazon.com//vpc/latest/ipam/create-ipam.html) in the *Amazon VPC IPAM User Guide* .
	// See: https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ec2-ipam.html#cfn-ec2-ipam-operatingregions
	//
	// Default: - Stack.region if defined in the stack
	//
	// Experimental.
	OperatingRegions *[]*string `field:"optional" json:"operatingRegions" yaml:"operatingRegions"`
}

Options to create a new Ipam in the account.

Example: 

stack := awscdk.Newstack()
ipam := awsec2alpha.NewIpam(this, jsii.String("Ipam"), &IpamProps{
	OperatingRegions: []*string{
		jsii.String("us-west-1"),
	},
})
ipamPublicPool := ipam.PublicScope.AddPool(jsii.String("PublicPoolA"), &PoolOptions{
	AddressFamily: awsec2alpha.AddressFamily_IP_V6,
	AwsService: awsec2alpha.AwsServiceName_EC2,
	Locale: jsii.String("us-west-1"),
	PublicIpSource: awsec2alpha.IpamPoolPublicIpSource_AMAZON,
})
ipamPublicPool.ProvisionCidr(jsii.String("PublicPoolACidrA"), &IpamPoolCidrProvisioningOptions{
	NetmaskLength: jsii.Number(52),
})

ipamPrivatePool := ipam.PrivateScope.AddPool(jsii.String("PrivatePoolA"), &PoolOptions{
	AddressFamily: awsec2alpha.AddressFamily_IP_V4,
})
ipamPrivatePool.ProvisionCidr(jsii.String("PrivatePoolACidrA"), &IpamPoolCidrProvisioningOptions{
	NetmaskLength: jsii.Number(8),
})

awsec2alpha.NewVpcV2(this, jsii.String("Vpc"), &VpcV2Props{
	PrimaryAddressBlock: awsec2alpha.IpAddresses_Ipv4(jsii.String("10.0.0.0/24")),
	SecondaryAddressBlocks: []IIpAddresses{
		awsec2alpha.IpAddresses_AmazonProvidedIpv6(&SecondaryAddressProps{
			CidrBlockName: jsii.String("AmazonIpv6"),
		}),
		awsec2alpha.IpAddresses_Ipv6Ipam(&IpamOptions{
			IpamPool: ipamPublicPool,
			NetmaskLength: jsii.Number(52),
			CidrBlockName: jsii.String("ipv6Ipam"),
		}),
		awsec2alpha.IpAddresses_Ipv4Ipam(&IpamOptions{
			IpamPool: ipamPrivatePool,
			NetmaskLength: jsii.Number(8),
			CidrBlockName: jsii.String("ipv4Ipam"),
		}),
	},
})

Experimental.

type IpamScopeOptions 

type IpamScopeOptions struct {
	// IPAM scope name that will be used for tagging.
	// Default: - no tags will be added to the scope.
	//
	// Experimental.
	IpamScopeName *string `field:"optional" json:"ipamScopeName" yaml:"ipamScopeName"`
}

Being used in IPAM class to add pools to default scope created by IPAM.

Example: 

// The code below shows an example of how to instantiate this type.
// The values are placeholders you should change.
import ec2_alpha "github.com/aws/aws-cdk-go/awsec2alpha"

ipamScopeOptions := &IpamScopeOptions{
	IpamScopeName: jsii.String("ipamScopeName"),
}

Experimental.

type IpamScopeType 

type IpamScopeType string

Refers to two possible scope types under IPAM. Experimental. 

const (
	// Default scopes created by IPAM.
	// Experimental.
	IpamScopeType_DEFAULT IpamScopeType = "DEFAULT"
	// Custom scope created using method.
	// Experimental.
	IpamScopeType_CUSTOM IpamScopeType = "CUSTOM"
)

type Ipv6PoolSecondaryAddressProps 

type Ipv6PoolSecondaryAddressProps struct {
	// Required to set Secondary cidr block resource name in order to generate unique logical id for the resource.
	// Experimental.
	CidrBlockName *string `field:"required" json:"cidrBlockName" yaml:"cidrBlockName"`
	// A valid IPv6 CIDR block from the IPv6 address pool onboarded to AWS using BYOIP.
	//
	// The most specific IPv6 address range that you can bring is /48 for CIDRs that are publicly advertisable
	// and /56 for CIDRs that are not publicly advertisable.
	// See: https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ec2-byoip.html#byoip-definitions
	//
	// Experimental.
	Ipv6CidrBlock *string `field:"required" json:"ipv6CidrBlock" yaml:"ipv6CidrBlock"`
	// ID of the IPv6 address pool from which to allocate the IPv6 CIDR block.
	//
	// Note: BYOIP Pool ID is different from the IPAM Pool ID.
	// To onboard your IPv6 address range to your AWS account please refer to the below documentation.
	// See: https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/byoip-onboard.html
	//
	// Experimental.
	Ipv6PoolId *string `field:"required" json:"ipv6PoolId" yaml:"ipv6PoolId"`
}

Additional props needed for BYOIP IPv6 address props.

Example: 

myVpc := awsec2alpha.NewVpcV2(this, jsii.String("Vpc"), &VpcV2Props{
	PrimaryAddressBlock: awsec2alpha.IpAddresses_Ipv4(jsii.String("10.1.0.0/16")),
	SecondaryAddressBlocks: []IIpAddresses{
		awsec2alpha.IpAddresses_Ipv6ByoipPool(&Ipv6PoolSecondaryAddressProps{
			CidrBlockName: jsii.String("MyByoipCidrBlock"),
			Ipv6PoolId: jsii.String("ipv6pool-ec2-someHashValue"),
			Ipv6CidrBlock: jsii.String("2001:db8::/32"),
		}),
	},
	EnableDnsHostnames: jsii.Boolean(true),
	EnableDnsSupport: jsii.Boolean(true),
})

Experimental.

type NatConnectivityType 

type NatConnectivityType string

Indicates whether the NAT gateway supports public or private connectivity.

The default is public connectivity. See: https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ec2-natgateway.html#cfn-ec2-natgateway-connectivitytype

Example: 

myVpc := awsec2alpha.NewVpcV2(this, jsii.String("Vpc"))
routeTable := awsec2alpha.NewRouteTable(this, jsii.String("RouteTable"), &RouteTableProps{
	Vpc: myVpc,
})
subnet := awsec2alpha.NewSubnetV2(this, jsii.String("Subnet"), &SubnetV2Props{
	Vpc: myVpc,
	AvailabilityZone: jsii.String("eu-west-2a"),
	Ipv4CidrBlock: awsec2alpha.NewIpCidr(jsii.String("10.0.0.0/24")),
	SubnetType: awscdk.SubnetType_PRIVATE_ISOLATED,
})

natgw := awsec2alpha.NewNatGateway(this, jsii.String("NatGW"), &NatGatewayProps{
	Subnet: subnet,
	Vpc: myVpc,
	ConnectivityType: awsec2alpha.NatConnectivityType_PRIVATE,
	PrivateIpAddress: jsii.String("10.0.0.42"),
})
awsec2alpha.NewRoute(this, jsii.String("NatGwRoute"), &RouteProps{
	RouteTable: RouteTable,
	Destination: jsii.String("0.0.0.0/0"),
	Target: map[string]iRouteTarget{
		"gateway": natgw,
	},
})

Experimental. 

const (
	// Sets Connectivity type to PUBLIC.
	// Experimental.
	NatConnectivityType_PUBLIC NatConnectivityType = "PUBLIC"
	// Sets Connectivity type to PRIVATE.
	// Experimental.
	NatConnectivityType_PRIVATE NatConnectivityType = "PRIVATE"
)

type NatGateway 

type NatGateway interface {
	awscdk.Resource
	IRouteTarget
	// Indicates whether the NAT gateway supports public or private connectivity.
	// Default: public.
	//
	// Experimental.
	ConnectivityType() NatConnectivityType
	// Elastic IP created for allocation.
	// Experimental.
	Eip() awsec2.CfnEIP
	// The environment this resource belongs to.
	//
	// For resources that are created and managed in a Stack (those created by
	// creating new class instances like `new Role()`, `new Bucket()`, etc.), this
	// is always the same as the environment of the stack they belong to.
	//
	// For referenced resources (those obtained from referencing methods like
	// `Role.fromRoleArn()`, `Bucket.fromBucketName()`, etc.), they might be
	// different than the stack they were imported into.
	// Experimental.
	Env() *interfaces.ResourceEnvironment
	// The maximum amount of time to wait before forcibly releasing the IP addresses if connections are still in progress.
	// Default: '350 seconds'.
	//
	// Experimental.
	MaxDrainDuration() awscdk.Duration
	// Id of the NatGateway.
	// Experimental.
	NatGatewayId() *string
	// The tree node.
	// Experimental.
	Node() constructs.Node
	// Returns a string-encoded token that resolves to the physical name that should be passed to the CloudFormation resource.
	//
	// This value will resolve to one of the following:
	// - a concrete value (e.g. `"my-awesome-bucket"`)
	// - `undefined`, when a name should be generated by CloudFormation
	// - a concrete name generated automatically during synthesis, in
	//   cross-environment scenarios.
	// Experimental.
	PhysicalName() *string
	// The NAT gateway CFN resource.
	// Experimental.
	Resource() awsec2.CfnNatGateway
	// The ID of the route target.
	// Experimental.
	RouterTargetId() *string
	// The type of router used in the route.
	// Experimental.
	RouterType() awsec2.RouterType
	// The stack in which this resource is defined.
	// Experimental.
	Stack() awscdk.Stack
	// Apply the given removal policy to this resource.
	//
	// The Removal Policy controls what happens to this resource when it stops
	// being managed by CloudFormation, either because you've removed it from the
	// CDK application or because you've made a change that requires the resource
	// to be replaced.
	//
	// The resource can be deleted (`RemovalPolicy.DESTROY`), or left in your AWS
	// account for data recovery and cleanup later (`RemovalPolicy.RETAIN`).
	// Experimental.
	ApplyRemovalPolicy(policy awscdk.RemovalPolicy)
	// Experimental.
	GeneratePhysicalName() *string
	// Returns an environment-sensitive token that should be used for the resource's "ARN" attribute (e.g. `bucket.bucketArn`).
	//
	// Normally, this token will resolve to `arnAttr`, but if the resource is
	// referenced across environments, `arnComponents` will be used to synthesize
	// a concrete ARN with the resource's physical name. Make sure to reference
	// `this.physicalName` in `arnComponents`.
	// Experimental.
	GetResourceArnAttribute(arnAttr *string, arnComponents *awscdk.ArnComponents) *string
	// Returns an environment-sensitive token that should be used for the resource's "name" attribute (e.g. `bucket.bucketName`).
	//
	// Normally, this token will resolve to `nameAttr`, but if the resource is
	// referenced across environments, it will be resolved to `this.physicalName`,
	// which will be a concrete name.
	// Experimental.
	GetResourceNameAttribute(nameAttr *string) *string
	// Returns a string representation of this construct.
	// Experimental.
	ToString() *string
	// Applies one or more mixins to this construct.
	//
	// Mixins are applied in order. The list of constructs is captured at the
	// start of the call, so constructs added by a mixin will not be visited.
	// Use multiple `with()` calls if subsequent mixins should apply to added
	// constructs.
	// Experimental.
	With(mixins ...constructs.IMixin) constructs.IConstruct
}

Creates a network address translation (NAT) gateway.

Example: 

myVpc := awsec2alpha.NewVpcV2(this, jsii.String("Vpc"))
routeTable := awsec2alpha.NewRouteTable(this, jsii.String("RouteTable"), &RouteTableProps{
	Vpc: myVpc,
})
subnet := awsec2alpha.NewSubnetV2(this, jsii.String("Subnet"), &SubnetV2Props{
	Vpc: myVpc,
	AvailabilityZone: jsii.String("eu-west-2a"),
	Ipv4CidrBlock: awsec2alpha.NewIpCidr(jsii.String("10.0.0.0/24")),
	SubnetType: awscdk.SubnetType_PRIVATE_ISOLATED,
})

natgw := awsec2alpha.NewNatGateway(this, jsii.String("NatGW"), &NatGatewayProps{
	Subnet: subnet,
	Vpc: myVpc,
	ConnectivityType: awsec2alpha.NatConnectivityType_PRIVATE,
	PrivateIpAddress: jsii.String("10.0.0.42"),
})
awsec2alpha.NewRoute(this, jsii.String("NatGwRoute"), &RouteProps{
	RouteTable: RouteTable,
	Destination: jsii.String("0.0.0.0/0"),
	Target: map[string]iRouteTarget{
		"gateway": natgw,
	},
})

Experimental.

func NewNatGateway 

func NewNatGateway(scope constructs.Construct, id *string, props *NatGatewayProps) NatGateway

Experimental.

type NatGatewayOptions 

type NatGatewayOptions struct {
	// The subnet in which the NAT gateway is located.
	// Experimental.
	Subnet ISubnetV2 `field:"required" json:"subnet" yaml:"subnet"`
	// AllocationID of Elastic IP address that's associated with the NAT gateway.
	//
	// This property is required for a public NAT
	// gateway and cannot be specified with a private NAT gateway.
	// Default: - attr.allocationID of a new Elastic IP created by default
	// //TODO: ADD L2 for elastic ip.
	//
	// Experimental.
	AllocationId *string `field:"optional" json:"allocationId" yaml:"allocationId"`
	// Indicates whether the NAT gateway supports public or private connectivity.
	// Default: NatConnectivityType.Public
	//
	// Experimental.
	ConnectivityType NatConnectivityType `field:"optional" json:"connectivityType" yaml:"connectivityType"`
	// The maximum amount of time to wait before forcibly releasing the IP addresses if connections are still in progress.
	// Default: Duration.seconds(350)
	//
	// Experimental.
	MaxDrainDuration awscdk.Duration `field:"optional" json:"maxDrainDuration" yaml:"maxDrainDuration"`
	// The resource name of the NAT gateway.
	// Default: - NATGW provisioned without any name.
	//
	// Experimental.
	NatGatewayName *string `field:"optional" json:"natGatewayName" yaml:"natGatewayName"`
	// The private IPv4 address to assign to the NAT gateway.
	// Default: - If you don't provide an address, a private IPv4 address will be automatically assigned.
	//
	// Experimental.
	PrivateIpAddress *string `field:"optional" json:"privateIpAddress" yaml:"privateIpAddress"`
	// Secondary EIP allocation IDs.
	// See: https://docs.aws.amazon.com/vpc/latest/userguide/vpc-nat-gateway.html#nat-gateway-creating
	//
	// Default: - no secondary allocation IDs attached to NATGW.
	//
	// Experimental.
	SecondaryAllocationIds *[]*string `field:"optional" json:"secondaryAllocationIds" yaml:"secondaryAllocationIds"`
	// The number of secondary private IPv4 addresses you want to assign to the NAT gateway.
	//
	// `SecondaryPrivateIpAddressCount` and `SecondaryPrivateIpAddresses` cannot be
	// set at the same time.
	// See: https://docs.aws.amazon.com/vpc/latest/userguide/vpc-nat-gateway.html#nat-gateway-creating
	//
	// Default: - no secondary allocation IDs associated with NATGW.
	//
	// Experimental.
	SecondaryPrivateIpAddressCount *float64 `field:"optional" json:"secondaryPrivateIpAddressCount" yaml:"secondaryPrivateIpAddressCount"`
	// Secondary private IPv4 addresses.
	//
	// `SecondaryPrivateIpAddressCount` and `SecondaryPrivateIpAddresses` cannot be
	// set at the same time.
	// See: https://docs.aws.amazon.com/vpc/latest/userguide/vpc-nat-gateway.html#nat-gateway-creating
	//
	// Default: - no secondary private IpAddresses associated with NATGW.
	//
	// Experimental.
	SecondaryPrivateIpAddresses *[]*string `field:"optional" json:"secondaryPrivateIpAddresses" yaml:"secondaryPrivateIpAddresses"`
}

Options to define a NAT gateway.

Example: 

stack := awscdk.Newstack()
myVpc := awsec2alpha.NewVpcV2(this, jsii.String("Vpc"))
routeTable := awsec2alpha.NewRouteTable(this, jsii.String("RouteTable"), &RouteTableProps{
	Vpc: myVpc,
})
subnet := awsec2alpha.NewSubnetV2(this, jsii.String("Subnet"), &SubnetV2Props{
	Vpc: myVpc,
	AvailabilityZone: jsii.String("eu-west-2a"),
	Ipv4CidrBlock: awsec2alpha.NewIpCidr(jsii.String("10.0.0.0/24")),
	SubnetType: awscdk.SubnetType_PUBLIC,
})

myVpc.AddInternetGateway()
myVpc.AddNatGateway(&NatGatewayOptions{
	Subnet: subnet,
	ConnectivityType: awsec2alpha.NatConnectivityType_PUBLIC,
})

Experimental.

type NatGatewayProps 

type NatGatewayProps struct {
	// The subnet in which the NAT gateway is located.
	// Experimental.
	Subnet ISubnetV2 `field:"required" json:"subnet" yaml:"subnet"`
	// AllocationID of Elastic IP address that's associated with the NAT gateway.
	//
	// This property is required for a public NAT
	// gateway and cannot be specified with a private NAT gateway.
	// Default: - attr.allocationID of a new Elastic IP created by default
	// //TODO: ADD L2 for elastic ip.
	//
	// Experimental.
	AllocationId *string `field:"optional" json:"allocationId" yaml:"allocationId"`
	// Indicates whether the NAT gateway supports public or private connectivity.
	// Default: NatConnectivityType.Public
	//
	// Experimental.
	ConnectivityType NatConnectivityType `field:"optional" json:"connectivityType" yaml:"connectivityType"`
	// The maximum amount of time to wait before forcibly releasing the IP addresses if connections are still in progress.
	// Default: Duration.seconds(350)
	//
	// Experimental.
	MaxDrainDuration awscdk.Duration `field:"optional" json:"maxDrainDuration" yaml:"maxDrainDuration"`
	// The resource name of the NAT gateway.
	// Default: - NATGW provisioned without any name.
	//
	// Experimental.
	NatGatewayName *string `field:"optional" json:"natGatewayName" yaml:"natGatewayName"`
	// The private IPv4 address to assign to the NAT gateway.
	// Default: - If you don't provide an address, a private IPv4 address will be automatically assigned.
	//
	// Experimental.
	PrivateIpAddress *string `field:"optional" json:"privateIpAddress" yaml:"privateIpAddress"`
	// Secondary EIP allocation IDs.
	// See: https://docs.aws.amazon.com/vpc/latest/userguide/vpc-nat-gateway.html#nat-gateway-creating
	//
	// Default: - no secondary allocation IDs attached to NATGW.
	//
	// Experimental.
	SecondaryAllocationIds *[]*string `field:"optional" json:"secondaryAllocationIds" yaml:"secondaryAllocationIds"`
	// The number of secondary private IPv4 addresses you want to assign to the NAT gateway.
	//
	// `SecondaryPrivateIpAddressCount` and `SecondaryPrivateIpAddresses` cannot be
	// set at the same time.
	// See: https://docs.aws.amazon.com/vpc/latest/userguide/vpc-nat-gateway.html#nat-gateway-creating
	//
	// Default: - no secondary allocation IDs associated with NATGW.
	//
	// Experimental.
	SecondaryPrivateIpAddressCount *float64 `field:"optional" json:"secondaryPrivateIpAddressCount" yaml:"secondaryPrivateIpAddressCount"`
	// Secondary private IPv4 addresses.
	//
	// `SecondaryPrivateIpAddressCount` and `SecondaryPrivateIpAddresses` cannot be
	// set at the same time.
	// See: https://docs.aws.amazon.com/vpc/latest/userguide/vpc-nat-gateway.html#nat-gateway-creating
	//
	// Default: - no secondary private IpAddresses associated with NATGW.
	//
	// Experimental.
	SecondaryPrivateIpAddresses *[]*string `field:"optional" json:"secondaryPrivateIpAddresses" yaml:"secondaryPrivateIpAddresses"`
	// The ID of the VPC in which the NAT gateway is located.
	// Default: - no elastic ip associated, required in case of public connectivity if `AllocationId` is not defined.
	//
	// Experimental.
	Vpc IVpcV2 `field:"optional" json:"vpc" yaml:"vpc"`
}

Properties to define a NAT gateway.

Example: 

myVpc := awsec2alpha.NewVpcV2(this, jsii.String("Vpc"))
routeTable := awsec2alpha.NewRouteTable(this, jsii.String("RouteTable"), &RouteTableProps{
	Vpc: myVpc,
})
subnet := awsec2alpha.NewSubnetV2(this, jsii.String("Subnet"), &SubnetV2Props{
	Vpc: myVpc,
	AvailabilityZone: jsii.String("eu-west-2a"),
	Ipv4CidrBlock: awsec2alpha.NewIpCidr(jsii.String("10.0.0.0/24")),
	SubnetType: awscdk.SubnetType_PRIVATE_ISOLATED,
})

natgw := awsec2alpha.NewNatGateway(this, jsii.String("NatGW"), &NatGatewayProps{
	Subnet: subnet,
	Vpc: myVpc,
	ConnectivityType: awsec2alpha.NatConnectivityType_PRIVATE,
	PrivateIpAddress: jsii.String("10.0.0.42"),
})
awsec2alpha.NewRoute(this, jsii.String("NatGwRoute"), &RouteProps{
	RouteTable: RouteTable,
	Destination: jsii.String("0.0.0.0/0"),
	Target: map[string]iRouteTarget{
		"gateway": natgw,
	},
})

Experimental.

type PoolOptions 

type PoolOptions struct {
	// addressFamily - The address family of the pool (ipv4 or ipv6).
	// Experimental.
	AddressFamily AddressFamily `field:"required" json:"addressFamily" yaml:"addressFamily"`
	// Limits which service in AWS that the pool can be used in.
	//
	// "ec2", for example, allows users to use space for Elastic IP addresses and VPCs.
	// See: https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ec2-ipampool.html#cfn-ec2-ipampool-awsservice
	//
	// Default: - required in case of an IPv6, throws an error if not provided.
	//
	// Experimental.
	AwsService AwsServiceName `field:"optional" json:"awsService" yaml:"awsService"`
	// IPAM Pool resource name to be used for tagging.
	// Default: - autogenerated by CDK if not provided.
	//
	// Experimental.
	IpamPoolName *string `field:"optional" json:"ipamPoolName" yaml:"ipamPoolName"`
	// Information about the CIDRs provisioned to the pool.
	// Default: - No CIDRs are provisioned.
	//
	// Experimental.
	Ipv4ProvisionedCidrs *[]*string `field:"optional" json:"ipv4ProvisionedCidrs" yaml:"ipv4ProvisionedCidrs"`
	// The locale (AWS Region) of the pool.
	//
	// Should be one of the IPAM operating region.
	//  Only resources in the same Region as the locale of the pool can get IP address allocations from the pool.
	// You can only allocate a CIDR for a VPC, for example, from an IPAM pool that shares a locale with the VPC’s Region.
	// Note that once you choose a Locale for a pool, you cannot modify it. If you choose an AWS Region for locale that has not been configured as an operating Region for the IPAM, you'll get an error.
	// See: https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ec2-ipampool.html#cfn-ec2-ipampool-locale
	//
	// Default: - Current operating region of IPAM.
	//
	// Experimental.
	Locale *string `field:"optional" json:"locale" yaml:"locale"`
	// The IP address source for pools in the public scope.
	//
	// Only used for IPv6 address
	// Only allowed values to this are 'byoip' or 'amazon'.
	// Default: amazon.
	//
	// Experimental.
	PublicIpSource IpamPoolPublicIpSource `field:"optional" json:"publicIpSource" yaml:"publicIpSource"`
}

Options for configuring an IPAM pool.

Example: 

stack := awscdk.Newstack()
ipam := awsec2alpha.NewIpam(this, jsii.String("Ipam"), &IpamProps{
	OperatingRegions: []*string{
		jsii.String("us-west-1"),
	},
})
ipamPublicPool := ipam.PublicScope.AddPool(jsii.String("PublicPoolA"), &PoolOptions{
	AddressFamily: awsec2alpha.AddressFamily_IP_V6,
	AwsService: awsec2alpha.AwsServiceName_EC2,
	Locale: jsii.String("us-west-1"),
	PublicIpSource: awsec2alpha.IpamPoolPublicIpSource_AMAZON,
})
ipamPublicPool.ProvisionCidr(jsii.String("PublicPoolACidrA"), &IpamPoolCidrProvisioningOptions{
	NetmaskLength: jsii.Number(52),
})

ipamPrivatePool := ipam.PrivateScope.AddPool(jsii.String("PrivatePoolA"), &PoolOptions{
	AddressFamily: awsec2alpha.AddressFamily_IP_V4,
})
ipamPrivatePool.ProvisionCidr(jsii.String("PrivatePoolACidrA"), &IpamPoolCidrProvisioningOptions{
	NetmaskLength: jsii.Number(8),
})

awsec2alpha.NewVpcV2(this, jsii.String("Vpc"), &VpcV2Props{
	PrimaryAddressBlock: awsec2alpha.IpAddresses_Ipv4(jsii.String("10.0.0.0/24")),
	SecondaryAddressBlocks: []IIpAddresses{
		awsec2alpha.IpAddresses_AmazonProvidedIpv6(&SecondaryAddressProps{
			CidrBlockName: jsii.String("AmazonIpv6"),
		}),
		awsec2alpha.IpAddresses_Ipv6Ipam(&IpamOptions{
			IpamPool: ipamPublicPool,
			NetmaskLength: jsii.Number(52),
			CidrBlockName: jsii.String("ipv6Ipam"),
		}),
		awsec2alpha.IpAddresses_Ipv4Ipam(&IpamOptions{
			IpamPool: ipamPrivatePool,
			NetmaskLength: jsii.Number(8),
			CidrBlockName: jsii.String("ipv4Ipam"),
		}),
	},
})

See: https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ec2-ipampool.html

Experimental.

type Route 

type Route interface {
	awscdk.Resource
	IRouteV2
	// The IPv4 or IPv6 CIDR block used for the destination match.
	//
	// Routing decisions are based on the most specific match.
	// Experimental.
	Destination() *string
	// The environment this resource belongs to.
	//
	// For resources that are created and managed in a Stack (those created by
	// creating new class instances like `new Role()`, `new Bucket()`, etc.), this
	// is always the same as the environment of the stack they belong to.
	//
	// For referenced resources (those obtained from referencing methods like
	// `Role.fromRoleArn()`, `Bucket.fromBucketName()`, etc.), they might be
	// different than the stack they were imported into.
	// Experimental.
	Env() *interfaces.ResourceEnvironment
	// The tree node.
	// Experimental.
	Node() constructs.Node
	// Returns a string-encoded token that resolves to the physical name that should be passed to the CloudFormation resource.
	//
	// This value will resolve to one of the following:
	// - a concrete value (e.g. `"my-awesome-bucket"`)
	// - `undefined`, when a name should be generated by CloudFormation
	// - a concrete name generated automatically during synthesis, in
	//   cross-environment scenarios.
	// Experimental.
	PhysicalName() *string
	// The route CFN resource.
	// Experimental.
	Resource() awsec2.CfnRoute
	// The route table for the route.
	// Experimental.
	RouteTable() awsec2.IRouteTable
	// The stack in which this resource is defined.
	// Experimental.
	Stack() awscdk.Stack
	// The gateway or endpoint targeted by the route.
	// Experimental.
	Target() RouteTargetType
	// The type of router the route is targeting.
	// Experimental.
	TargetRouterType() awsec2.RouterType
	// Apply the given removal policy to this resource.
	//
	// The Removal Policy controls what happens to this resource when it stops
	// being managed by CloudFormation, either because you've removed it from the
	// CDK application or because you've made a change that requires the resource
	// to be replaced.
	//
	// The resource can be deleted (`RemovalPolicy.DESTROY`), or left in your AWS
	// account for data recovery and cleanup later (`RemovalPolicy.RETAIN`).
	// Experimental.
	ApplyRemovalPolicy(policy awscdk.RemovalPolicy)
	// Experimental.
	GeneratePhysicalName() *string
	// Returns an environment-sensitive token that should be used for the resource's "ARN" attribute (e.g. `bucket.bucketArn`).
	//
	// Normally, this token will resolve to `arnAttr`, but if the resource is
	// referenced across environments, `arnComponents` will be used to synthesize
	// a concrete ARN with the resource's physical name. Make sure to reference
	// `this.physicalName` in `arnComponents`.
	// Experimental.
	GetResourceArnAttribute(arnAttr *string, arnComponents *awscdk.ArnComponents) *string
	// Returns an environment-sensitive token that should be used for the resource's "name" attribute (e.g. `bucket.bucketName`).
	//
	// Normally, this token will resolve to `nameAttr`, but if the resource is
	// referenced across environments, it will be resolved to `this.physicalName`,
	// which will be a concrete name.
	// Experimental.
	GetResourceNameAttribute(nameAttr *string) *string
	// Returns a string representation of this construct.
	// Experimental.
	ToString() *string
	// Applies one or more mixins to this construct.
	//
	// Mixins are applied in order. The list of constructs is captured at the
	// start of the call, so constructs added by a mixin will not be visited.
	// Use multiple `with()` calls if subsequent mixins should apply to added
	// constructs.
	// Experimental.
	With(mixins ...constructs.IMixin) constructs.IConstruct
}

Creates a new route with added functionality.

Example: 

myVpc := awsec2alpha.NewVpcV2(this, jsii.String("Vpc"))
routeTable := awsec2alpha.NewRouteTable(this, jsii.String("RouteTable"), &RouteTableProps{
	Vpc: myVpc,
})
subnet := awsec2alpha.NewSubnetV2(this, jsii.String("Subnet"), &SubnetV2Props{
	Vpc: myVpc,
	AvailabilityZone: jsii.String("eu-west-2a"),
	Ipv4CidrBlock: awsec2alpha.NewIpCidr(jsii.String("10.0.0.0/24")),
	SubnetType: awscdk.SubnetType_PRIVATE_ISOLATED,
})

natgw := awsec2alpha.NewNatGateway(this, jsii.String("NatGW"), &NatGatewayProps{
	Subnet: subnet,
	Vpc: myVpc,
	ConnectivityType: awsec2alpha.NatConnectivityType_PRIVATE,
	PrivateIpAddress: jsii.String("10.0.0.42"),
})
awsec2alpha.NewRoute(this, jsii.String("NatGwRoute"), &RouteProps{
	RouteTable: RouteTable,
	Destination: jsii.String("0.0.0.0/0"),
	Target: map[string]iRouteTarget{
		"gateway": natgw,
	},
})

Experimental.

func NewRoute 

func NewRoute(scope constructs.Construct, id *string, props *RouteProps) Route

Experimental.

type RouteProps 

type RouteProps struct {
	// The IPv4 or IPv6 CIDR block used for the destination match.
	//
	// Routing decisions are based on the most specific match.
	// Experimental.
	Destination *string `field:"required" json:"destination" yaml:"destination"`
	// The ID of the route table for the route.
	// Experimental.
	RouteTable awsec2.IRouteTable `field:"required" json:"routeTable" yaml:"routeTable"`
	// The gateway or endpoint targeted by the route.
	// Experimental.
	Target RouteTargetType `field:"required" json:"target" yaml:"target"`
	// The resource name of the route.
	// Default: - provisioned without a route name.
	//
	// Experimental.
	RouteName *string `field:"optional" json:"routeName" yaml:"routeName"`
}

Properties to define a route.

Example: 

myVpc := awsec2alpha.NewVpcV2(this, jsii.String("Vpc"))
routeTable := awsec2alpha.NewRouteTable(this, jsii.String("RouteTable"), &RouteTableProps{
	Vpc: myVpc,
})
subnet := awsec2alpha.NewSubnetV2(this, jsii.String("Subnet"), &SubnetV2Props{
	Vpc: myVpc,
	AvailabilityZone: jsii.String("eu-west-2a"),
	Ipv4CidrBlock: awsec2alpha.NewIpCidr(jsii.String("10.0.0.0/24")),
	SubnetType: awscdk.SubnetType_PRIVATE_ISOLATED,
})

natgw := awsec2alpha.NewNatGateway(this, jsii.String("NatGW"), &NatGatewayProps{
	Subnet: subnet,
	Vpc: myVpc,
	ConnectivityType: awsec2alpha.NatConnectivityType_PRIVATE,
	PrivateIpAddress: jsii.String("10.0.0.42"),
})
awsec2alpha.NewRoute(this, jsii.String("NatGwRoute"), &RouteProps{
	RouteTable: RouteTable,
	Destination: jsii.String("0.0.0.0/0"),
	Target: map[string]iRouteTarget{
		"gateway": natgw,
	},
})

Experimental.

type RouteTable 

type RouteTable interface {
	awscdk.Resource
	awsec2.IRouteTable
	// The environment this resource belongs to.
	//
	// For resources that are created and managed in a Stack (those created by
	// creating new class instances like `new Role()`, `new Bucket()`, etc.), this
	// is always the same as the environment of the stack they belong to.
	//
	// For referenced resources (those obtained from referencing methods like
	// `Role.fromRoleArn()`, `Bucket.fromBucketName()`, etc.), they might be
	// different than the stack they were imported into.
	// Experimental.
	Env() *interfaces.ResourceEnvironment
	// The tree node.
	// Experimental.
	Node() constructs.Node
	// Returns a string-encoded token that resolves to the physical name that should be passed to the CloudFormation resource.
	//
	// This value will resolve to one of the following:
	// - a concrete value (e.g. `"my-awesome-bucket"`)
	// - `undefined`, when a name should be generated by CloudFormation
	// - a concrete name generated automatically during synthesis, in
	//   cross-environment scenarios.
	// Experimental.
	PhysicalName() *string
	// The route table CFN resource.
	// Experimental.
	Resource() awsec2.CfnRouteTable
	// The ID of the route table.
	// Experimental.
	RouteTableId() *string
	// The stack in which this resource is defined.
	// Experimental.
	Stack() awscdk.Stack
	// Adds a new custom route to the route table.
	// Experimental.
	AddRoute(id *string, destination *string, target RouteTargetType, routeName *string)
	// Apply the given removal policy to this resource.
	//
	// The Removal Policy controls what happens to this resource when it stops
	// being managed by CloudFormation, either because you've removed it from the
	// CDK application or because you've made a change that requires the resource
	// to be replaced.
	//
	// The resource can be deleted (`RemovalPolicy.DESTROY`), or left in your AWS
	// account for data recovery and cleanup later (`RemovalPolicy.RETAIN`).
	// Experimental.
	ApplyRemovalPolicy(policy awscdk.RemovalPolicy)
	// Experimental.
	GeneratePhysicalName() *string
	// Returns an environment-sensitive token that should be used for the resource's "ARN" attribute (e.g. `bucket.bucketArn`).
	//
	// Normally, this token will resolve to `arnAttr`, but if the resource is
	// referenced across environments, `arnComponents` will be used to synthesize
	// a concrete ARN with the resource's physical name. Make sure to reference
	// `this.physicalName` in `arnComponents`.
	// Experimental.
	GetResourceArnAttribute(arnAttr *string, arnComponents *awscdk.ArnComponents) *string
	// Returns an environment-sensitive token that should be used for the resource's "name" attribute (e.g. `bucket.bucketName`).
	//
	// Normally, this token will resolve to `nameAttr`, but if the resource is
	// referenced across environments, it will be resolved to `this.physicalName`,
	// which will be a concrete name.
	// Experimental.
	GetResourceNameAttribute(nameAttr *string) *string
	// Returns a string representation of this construct.
	// Experimental.
	ToString() *string
	// Applies one or more mixins to this construct.
	//
	// Mixins are applied in order. The list of constructs is captured at the
	// start of the call, so constructs added by a mixin will not be visited.
	// Use multiple `with()` calls if subsequent mixins should apply to added
	// constructs.
	// Experimental.
	With(mixins ...constructs.IMixin) constructs.IConstruct
}

Creates a route table for the specified VPC.

Example: 

stack := awscdk.Newstack()
myVpc := awsec2alpha.NewVpcV2(this, jsii.String("Vpc"))
vpnGateway := myVpc.EnableVpnGatewayV2(&VPNGatewayV2Options{
	VpnRoutePropagation: []SubnetSelection{
		&SubnetSelection{
			SubnetType: awscdk.SubnetType_PUBLIC,
		},
	},
	Type: awscdk.VpnConnectionType_IPSEC_1,
})

routeTable := awsec2alpha.NewRouteTable(stack, jsii.String("routeTable"), &RouteTableProps{
	Vpc: myVpc,
})

awsec2alpha.NewRoute(stack, jsii.String("route"), &RouteProps{
	Destination: jsii.String("172.31.0.0/24"),
	Target: map[string]iRouteTarget{
		"gateway": vpnGateway,
	},
	RouteTable: routeTable,
})

Experimental.

func NewRouteTable 

func NewRouteTable(scope constructs.Construct, id *string, props *RouteTableProps) RouteTable

Experimental.

type RouteTableProps 

type RouteTableProps struct {
	// The ID of the VPC.
	// Experimental.
	Vpc IVpcV2 `field:"required" json:"vpc" yaml:"vpc"`
	// The resource name of the route table.
	// Default: - provisioned without a route table name.
	//
	// Experimental.
	RouteTableName *string `field:"optional" json:"routeTableName" yaml:"routeTableName"`
}

Properties to define a route table.

Example: 

stack := awscdk.Newstack()
myVpc := awsec2alpha.NewVpcV2(this, jsii.String("Vpc"))
vpnGateway := myVpc.EnableVpnGatewayV2(&VPNGatewayV2Options{
	VpnRoutePropagation: []SubnetSelection{
		&SubnetSelection{
			SubnetType: awscdk.SubnetType_PUBLIC,
		},
	},
	Type: awscdk.VpnConnectionType_IPSEC_1,
})

routeTable := awsec2alpha.NewRouteTable(stack, jsii.String("routeTable"), &RouteTableProps{
	Vpc: myVpc,
})

awsec2alpha.NewRoute(stack, jsii.String("route"), &RouteProps{
	Destination: jsii.String("172.31.0.0/24"),
	Target: map[string]iRouteTarget{
		"gateway": vpnGateway,
	},
	RouteTable: routeTable,
})

Experimental.

type RouteTargetProps 

type RouteTargetProps struct {
	// The endpoint route target.
	//
	// This is used for targets such as
	// VPC endpoints.
	// Default: - target is not set to an endpoint, in this case a gateway is needed.
	//
	// Experimental.
	Endpoint awsec2.IVpcEndpoint `field:"optional" json:"endpoint" yaml:"endpoint"`
	// The gateway route target.
	//
	// This is used for targets such as
	// egress-only internet gateway or VPC peering connection.
	// Default: - target is not set to a gateway, in this case an endpoint is needed.
	//
	// Experimental.
	Gateway IRouteTarget `field:"optional" json:"gateway" yaml:"gateway"`
}

The type of endpoint or gateway being targeted by the route.

Example: 

// The code below shows an example of how to instantiate this type.
// The values are placeholders you should change.
import ec2_alpha "github.com/aws/aws-cdk-go/awsec2alpha"
import "github.com/aws/aws-cdk-go/awscdk"

var routeTarget IRouteTarget
var vpcEndpoint VpcEndpoint

routeTargetProps := &RouteTargetProps{
	Endpoint: vpcEndpoint,
	Gateway: routeTarget,
}

Experimental.

type RouteTargetType 

type RouteTargetType interface {
	// The endpoint route target.
	//
	// This is used for targets such as
	// VPC endpoints.
	// Default: - target is not set to an endpoint, in this case a gateway is needed.
	//
	// Experimental.
	Endpoint() awsec2.IVpcEndpoint
	// The gateway route target.
	//
	// This is used for targets such as
	// egress-only internet gateway or VPC peering connection.
	// Default: - target is not set to a gateway, in this case an endpoint is needed.
	//
	// Experimental.
	Gateway() IRouteTarget
}

The gateway or endpoint targeted by the route.

Example: 

stack := awscdk.Newstack()
myVpc := awsec2alpha.NewVpcV2(this, jsii.String("Vpc"))
routeTable := awsec2alpha.NewRouteTable(this, jsii.String("RouteTable"), &RouteTableProps{
	Vpc: myVpc,
})
subnet := awsec2alpha.NewSubnetV2(this, jsii.String("Subnet"), &SubnetV2Props{
	Vpc: myVpc,
	AvailabilityZone: jsii.String("eu-west-2a"),
	Ipv4CidrBlock: awsec2alpha.NewIpCidr(jsii.String("10.0.0.0/24")),
	SubnetType: awscdk.SubnetType_PRIVATE_ISOLATED,
})

igw := awsec2alpha.NewInternetGateway(this, jsii.String("IGW"), &InternetGatewayProps{
	Vpc: myVpc,
})
awsec2alpha.NewRoute(this, jsii.String("IgwRoute"), &RouteProps{
	RouteTable: RouteTable,
	Destination: jsii.String("0.0.0.0/0"),
	Target: map[string]iRouteTarget{
		"gateway": igw,
	},
})

Experimental.

func NewRouteTargetType 

func NewRouteTargetType(props *RouteTargetProps) RouteTargetType

Experimental.

type SecondaryAddressProps 

type SecondaryAddressProps struct {
	// Required to set Secondary cidr block resource name in order to generate unique logical id for the resource.
	// Experimental.
	CidrBlockName *string `field:"required" json:"cidrBlockName" yaml:"cidrBlockName"`
}

Additional props needed for secondary Address.

Example: 

stack := awscdk.Newstack()
myVpc := awsec2alpha.NewVpcV2(this, jsii.String("Vpc"), &VpcV2Props{
	PrimaryAddressBlock: awsec2alpha.IpAddresses_Ipv4(jsii.String("10.1.0.0/16")),
	SecondaryAddressBlocks: []IIpAddresses{
		awsec2alpha.IpAddresses_AmazonProvidedIpv6(&SecondaryAddressProps{
			CidrBlockName: jsii.String("AmazonProvided"),
		}),
	},
})

eigw := awsec2alpha.NewEgressOnlyInternetGateway(this, jsii.String("EIGW"), &EgressOnlyInternetGatewayProps{
	Vpc: myVpc,
})

routeTable := awsec2alpha.NewRouteTable(this, jsii.String("RouteTable"), &RouteTableProps{
	Vpc: myVpc,
})

routeTable.AddRoute(jsii.String("EIGW"), jsii.String("::/0"), map[string]iRouteTarget{
	"gateway": eigw,
})

Experimental.

type SubnetV2 

type SubnetV2 interface {
	awscdk.Resource
	ISubnetV2
	// The Availability Zone the subnet is located in.
	// Experimental.
	AvailabilityZone() *string
	// The environment this resource belongs to.
	//
	// For resources that are created and managed in a Stack (those created by
	// creating new class instances like `new Role()`, `new Bucket()`, etc.), this
	// is always the same as the environment of the stack they belong to.
	//
	// For referenced resources (those obtained from referencing methods like
	// `Role.fromRoleArn()`, `Bucket.fromBucketName()`, etc.), they might be
	// different than the stack they were imported into.
	// Experimental.
	Env() *interfaces.ResourceEnvironment
	// Dependencies for internet connectivity This Property exposes the RouteTable-Subnet association so that other resources can depend on it.
	// Experimental.
	InternetConnectivityEstablished() constructs.IDependable
	// The IPv4 CIDR block for this subnet.
	// Experimental.
	Ipv4CidrBlock() *string
	// The IPv6 CIDR Block for this subnet.
	// Experimental.
	Ipv6CidrBlock() *string
	// Returns the Network ACL associated with this subnet.
	// Experimental.
	NetworkAcl() awsec2.INetworkAcl
	// The tree node.
	// Experimental.
	Node() constructs.Node
	// Returns a string-encoded token that resolves to the physical name that should be passed to the CloudFormation resource.
	//
	// This value will resolve to one of the following:
	// - a concrete value (e.g. `"my-awesome-bucket"`)
	// - `undefined`, when a name should be generated by CloudFormation
	// - a concrete name generated automatically during synthesis, in
	//   cross-environment scenarios.
	// Experimental.
	PhysicalName() *string
	// Return the Route Table associated with this subnet.
	// Experimental.
	RouteTable() awsec2.IRouteTable
	// The stack in which this resource is defined.
	// Experimental.
	Stack() awscdk.Stack
	// The subnetId for this particular subnet.
	// Experimental.
	SubnetId() *string
	// A reference to a Subnet resource.
	// Experimental.
	SubnetRef() *interfacesawsec2.SubnetReference
	// The type of subnet (public or private) that this subnet represents.
	// Experimental.
	SubnetType() awsec2.SubnetType
	// Apply the given removal policy to this resource.
	//
	// The Removal Policy controls what happens to this resource when it stops
	// being managed by CloudFormation, either because you've removed it from the
	// CDK application or because you've made a change that requires the resource
	// to be replaced.
	//
	// The resource can be deleted (`RemovalPolicy.DESTROY`), or left in your AWS
	// account for data recovery and cleanup later (`RemovalPolicy.RETAIN`).
	// Experimental.
	ApplyRemovalPolicy(policy awscdk.RemovalPolicy)
	// Associate a Network ACL with this subnet.
	// Experimental.
	AssociateNetworkAcl(id *string, acl awsec2.INetworkAcl)
	// Experimental.
	GeneratePhysicalName() *string
	// Returns an environment-sensitive token that should be used for the resource's "ARN" attribute (e.g. `bucket.bucketArn`).
	//
	// Normally, this token will resolve to `arnAttr`, but if the resource is
	// referenced across environments, `arnComponents` will be used to synthesize
	// a concrete ARN with the resource's physical name. Make sure to reference
	// `this.physicalName` in `arnComponents`.
	// Experimental.
	GetResourceArnAttribute(arnAttr *string, arnComponents *awscdk.ArnComponents) *string
	// Returns an environment-sensitive token that should be used for the resource's "name" attribute (e.g. `bucket.bucketName`).
	//
	// Normally, this token will resolve to `nameAttr`, but if the resource is
	// referenced across environments, it will be resolved to `this.physicalName`,
	// which will be a concrete name.
	// Experimental.
	GetResourceNameAttribute(nameAttr *string) *string
	// Returns a string representation of this construct.
	// Experimental.
	ToString() *string
	// Applies one or more mixins to this construct.
	//
	// Mixins are applied in order. The list of constructs is captured at the
	// start of the call, so constructs added by a mixin will not be visited.
	// Use multiple `with()` calls if subsequent mixins should apply to added
	// constructs.
	// Experimental.
	With(mixins ...constructs.IMixin) constructs.IConstruct
}

The SubnetV2 class represents a subnet within a VPC (Virtual Private Cloud) in AWS.

It extends the Resource class and implements the ISubnet interface.

Instances of this class can be used to create and manage subnets within a VpcV2 instance. Subnets can be configured with specific IP address ranges (IPv4 and IPv6), availability zones, and subnet types (e.g., public, private, isolated).

Example: 

myVpc := awsec2alpha.NewVpcV2(this, jsii.String("Vpc"))
routeTable := awsec2alpha.NewRouteTable(this, jsii.String("RouteTable"), &RouteTableProps{
	Vpc: myVpc,
})
subnet := awsec2alpha.NewSubnetV2(this, jsii.String("Subnet"), &SubnetV2Props{
	Vpc: myVpc,
	AvailabilityZone: jsii.String("eu-west-2a"),
	Ipv4CidrBlock: awsec2alpha.NewIpCidr(jsii.String("10.0.0.0/24")),
	SubnetType: awscdk.SubnetType_PRIVATE_ISOLATED,
})

natgw := awsec2alpha.NewNatGateway(this, jsii.String("NatGW"), &NatGatewayProps{
	Subnet: subnet,
	Vpc: myVpc,
	ConnectivityType: awsec2alpha.NatConnectivityType_PRIVATE,
	PrivateIpAddress: jsii.String("10.0.0.42"),
})
awsec2alpha.NewRoute(this, jsii.String("NatGwRoute"), &RouteProps{
	RouteTable: RouteTable,
	Destination: jsii.String("0.0.0.0/0"),
	Target: map[string]iRouteTarget{
		"gateway": natgw,
	},
})

Experimental.

func NewSubnetV2 

func NewSubnetV2(scope constructs.Construct, id *string, props *SubnetV2Props) SubnetV2

Constructs a new SubnetV2 instance. Experimental.

type SubnetV2Attributes 

type SubnetV2Attributes struct {
	// The Availability Zone this subnet is located in.
	// Default: - No AZ information, cannot use AZ selection features.
	//
	// Experimental.
	AvailabilityZone *string `field:"required" json:"availabilityZone" yaml:"availabilityZone"`
	// The IPv4 CIDR block associated with the subnet.
	// Default: - No CIDR information, cannot use CIDR filter features.
	//
	// Experimental.
	Ipv4CidrBlock *string `field:"required" json:"ipv4CidrBlock" yaml:"ipv4CidrBlock"`
	// The subnetId for this particular subnet.
	// Experimental.
	SubnetId *string `field:"required" json:"subnetId" yaml:"subnetId"`
	// The type of subnet (public or private) that this subnet represents.
	// Experimental.
	SubnetType awsec2.SubnetType `field:"required" json:"subnetType" yaml:"subnetType"`
	// The IPv4 CIDR block associated with the subnet.
	// Default: - No CIDR information, cannot use CIDR filter features.
	//
	// Experimental.
	Ipv6CidrBlock *string `field:"optional" json:"ipv6CidrBlock" yaml:"ipv6CidrBlock"`
	// The ID of the route table for this particular subnet.
	// Default: - No route table information, cannot create VPC endpoints.
	//
	// Experimental.
	RouteTableId *string `field:"optional" json:"routeTableId" yaml:"routeTableId"`
	// Name of the given subnet.
	// Default: - no subnet name.
	//
	// Experimental.
	SubnetName *string `field:"optional" json:"subnetName" yaml:"subnetName"`
}

Properties required to import a subnet.

Example: 

awsec2alpha.SubnetV2_FromSubnetV2Attributes(this, jsii.String("ImportedSubnet"), &SubnetV2Attributes{
	SubnetId: jsii.String("subnet-0123456789abcdef0"),
	AvailabilityZone: jsii.String("us-west-2a"),
	Ipv4CidrBlock: jsii.String("10.2.0.0/24"),
	RouteTableId: jsii.String("rtb-0871c310f98da2cbb"),
	SubnetType: awscdk.SubnetType_PRIVATE_ISOLATED,
})

Experimental.

type SubnetV2Props 

type SubnetV2Props struct {
	// Custom AZ for the subnet.
	// Experimental.
	AvailabilityZone *string `field:"required" json:"availabilityZone" yaml:"availabilityZone"`
	// ipv4 cidr to assign to this subnet.
	//
	// See https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ec2-subnet.html#cfn-ec2-subnet-cidrblock
	// Experimental.
	Ipv4CidrBlock IpCidr `field:"required" json:"ipv4CidrBlock" yaml:"ipv4CidrBlock"`
	// The type of Subnet to configure.
	//
	// The Subnet type will control the ability to route and connect to the
	// Internet.
	//
	// TODO: Add validation check `subnetType` when adding resources (e.g. cannot add NatGateway to private)
	// Experimental.
	SubnetType awsec2.SubnetType `field:"required" json:"subnetType" yaml:"subnetType"`
	// VPC Prop.
	// Experimental.
	Vpc IVpcV2 `field:"required" json:"vpc" yaml:"vpc"`
	// Indicates whether a network interface created in this subnet receives an IPv6 address.
	//
	// If you specify AssignIpv6AddressOnCreation, you must also specify Ipv6CidrBlock.
	// Default: - undefined in case not provided as an input.
	//
	// Experimental.
	AssignIpv6AddressOnCreation *bool `field:"optional" json:"assignIpv6AddressOnCreation" yaml:"assignIpv6AddressOnCreation"`
	// Name of the default RouteTable created by CDK to be used for tagging.
	// Default: - default route table name created by CDK as 'DefaultCDKRouteTable'.
	//
	// Experimental.
	DefaultRouteTableName *string `field:"optional" json:"defaultRouteTableName" yaml:"defaultRouteTableName"`
	// Ipv6 CIDR Range for subnet.
	// Default: - No Ipv6 address.
	//
	// Experimental.
	Ipv6CidrBlock IpCidr `field:"optional" json:"ipv6CidrBlock" yaml:"ipv6CidrBlock"`
	// Controls if instances launched into the subnet should be assigned a public IP address.
	//
	// This property can only be set for public subnets.
	// Default: - undefined in case not provided as an input.
	//
	// Experimental.
	MapPublicIpOnLaunch *bool `field:"optional" json:"mapPublicIpOnLaunch" yaml:"mapPublicIpOnLaunch"`
	// Custom Route for subnet.
	// Default: - a default route table created.
	//
	// Experimental.
	RouteTable awsec2.IRouteTable `field:"optional" json:"routeTable" yaml:"routeTable"`
	// Subnet name.
	// Default: - provisioned with an autogenerated name by CDK.
	//
	// Experimental.
	SubnetName *string `field:"optional" json:"subnetName" yaml:"subnetName"`
}

Properties to define subnet for VPC.

Example: 

myVpc := awsec2alpha.NewVpcV2(this, jsii.String("Vpc"))
routeTable := awsec2alpha.NewRouteTable(this, jsii.String("RouteTable"), &RouteTableProps{
	Vpc: myVpc,
})
subnet := awsec2alpha.NewSubnetV2(this, jsii.String("Subnet"), &SubnetV2Props{
	Vpc: myVpc,
	AvailabilityZone: jsii.String("eu-west-2a"),
	Ipv4CidrBlock: awsec2alpha.NewIpCidr(jsii.String("10.0.0.0/24")),
	SubnetType: awscdk.SubnetType_PRIVATE_ISOLATED,
})

natgw := awsec2alpha.NewNatGateway(this, jsii.String("NatGW"), &NatGatewayProps{
	Subnet: subnet,
	Vpc: myVpc,
	ConnectivityType: awsec2alpha.NatConnectivityType_PRIVATE,
	PrivateIpAddress: jsii.String("10.0.0.42"),
})
awsec2alpha.NewRoute(this, jsii.String("NatGwRoute"), &RouteProps{
	RouteTable: RouteTable,
	Destination: jsii.String("0.0.0.0/0"),
	Target: map[string]iRouteTarget{
		"gateway": natgw,
	},
})

Experimental.

type TransitGateway 

type TransitGateway interface {
	awscdk.Resource
	IRouteTarget
	ITransitGateway
	// The default route table associated with the Transit Gateway.
	//
	// This route table is created by the CDK and is used to manage the routes
	// for attachments that do not have an explicitly defined route table association.
	// Experimental.
	DefaultRouteTable() ITransitGatewayRouteTable
	// Indicates whether new attachments are automatically associated with the default route table.
	//
	// If set to `true`, any VPC or VPN attachment will be automatically associated with
	// the default route table unless otherwise specified.
	// Experimental.
	DefaultRouteTableAssociation() *bool
	// Indicates whether route propagation to the default route table is enabled.
	//
	// When set to `true`, routes from attachments will be automatically propagated
	// to the default route table unless propagation is explicitly disabled.
	// Experimental.
	DefaultRouteTablePropagation() *bool
	// Whether or not DNS support is enabled on the Transit Gateway.
	// Experimental.
	DnsSupport() *bool
	// The environment this resource belongs to.
	//
	// For resources that are created and managed in a Stack (those created by
	// creating new class instances like `new Role()`, `new Bucket()`, etc.), this
	// is always the same as the environment of the stack they belong to.
	//
	// For referenced resources (those obtained from referencing methods like
	// `Role.fromRoleArn()`, `Bucket.fromBucketName()`, etc.), they might be
	// different than the stack they were imported into.
	// Experimental.
	Env() *interfaces.ResourceEnvironment
	// The tree node.
	// Experimental.
	Node() constructs.Node
	// Returns a string-encoded token that resolves to the physical name that should be passed to the CloudFormation resource.
	//
	// This value will resolve to one of the following:
	// - a concrete value (e.g. `"my-awesome-bucket"`)
	// - `undefined`, when a name should be generated by CloudFormation
	// - a concrete name generated automatically during synthesis, in
	//   cross-environment scenarios.
	// Experimental.
	PhysicalName() *string
	// The ID of the route target.
	// Experimental.
	RouterTargetId() *string
	// The type of router used in the route.
	// Experimental.
	RouterType() awsec2.RouterType
	// Whether or not security group referencing support is enabled on the Transit Gateway.
	// Experimental.
	SecurityGroupReferencingSupport() *bool
	// The stack in which this resource is defined.
	// Experimental.
	Stack() awscdk.Stack
	// The Amazon Resource Name (ARN) of the Transit Gateway.
	//
	// The ARN uniquely identifies the Transit Gateway across AWS and is commonly
	// used for permissions and resource tracking.
	// Experimental.
	TransitGatewayArn() *string
	// The unique identifier of the Transit Gateway.
	//
	// This ID is automatically assigned by AWS upon creation of the Transit Gateway
	// and is used to reference it in various configurations and operations.
	// Experimental.
	TransitGatewayId() *string
	// Adds a new route table to the Transit Gateway.
	//
	// Returns: The created Transit Gateway route table.
	// Experimental.
	AddRouteTable(id *string) ITransitGatewayRouteTable
	// Apply the given removal policy to this resource.
	//
	// The Removal Policy controls what happens to this resource when it stops
	// being managed by CloudFormation, either because you've removed it from the
	// CDK application or because you've made a change that requires the resource
	// to be replaced.
	//
	// The resource can be deleted (`RemovalPolicy.DESTROY`), or left in your AWS
	// account for data recovery and cleanup later (`RemovalPolicy.RETAIN`).
	// Experimental.
	ApplyRemovalPolicy(policy awscdk.RemovalPolicy)
	// Attaches a VPC to the Transit Gateway.
	//
	// Returns: The created Transit Gateway VPC attachment.
	// Experimental.
	AttachVpc(id *string, options *AttachVpcOptions) ITransitGatewayVpcAttachment
	// Experimental.
	GeneratePhysicalName() *string
	// Returns an environment-sensitive token that should be used for the resource's "ARN" attribute (e.g. `bucket.bucketArn`).
	//
	// Normally, this token will resolve to `arnAttr`, but if the resource is
	// referenced across environments, `arnComponents` will be used to synthesize
	// a concrete ARN with the resource's physical name. Make sure to reference
	// `this.physicalName` in `arnComponents`.
	// Experimental.
	GetResourceArnAttribute(arnAttr *string, arnComponents *awscdk.ArnComponents) *string
	// Returns an environment-sensitive token that should be used for the resource's "name" attribute (e.g. `bucket.bucketName`).
	//
	// Normally, this token will resolve to `nameAttr`, but if the resource is
	// referenced across environments, it will be resolved to `this.physicalName`,
	// which will be a concrete name.
	// Experimental.
	GetResourceNameAttribute(nameAttr *string) *string
	// Returns a string representation of this construct.
	// Experimental.
	ToString() *string
	// Applies one or more mixins to this construct.
	//
	// Mixins are applied in order. The list of constructs is captured at the
	// start of the call, so constructs added by a mixin will not be visited.
	// Use multiple `with()` calls if subsequent mixins should apply to added
	// constructs.
	// Experimental.
	With(mixins ...constructs.IMixin) constructs.IConstruct
}

Creates a Transit Gateway.

Example: 

transitGateway := awsec2alpha.NewTransitGateway(this, jsii.String("MyTransitGateway"))
routeTable := transitGateway.addRouteTable(jsii.String("CustomRouteTable"))
myVpc := awsec2alpha.NewVpcV2(this, jsii.String("Vpc"))
subnet := awsec2alpha.NewSubnetV2(this, jsii.String("Subnet"), &SubnetV2Props{
	Vpc: myVpc,
	AvailabilityZone: jsii.String("eu-west-2a"),
	Ipv4CidrBlock: awsec2alpha.NewIpCidr(jsii.String("10.0.0.0/24")),
	SubnetType: awscdk.SubnetType_PUBLIC,
})
attachment := transitGateway.attachVpc(jsii.String("VpcAttachment"), &AttachVpcOptions{
	Vpc: myVpc,
	Subnets: []ISubnet{
		subnet,
	},
})

// Associate an attachment with a route table
routeTable.AddAssociation(jsii.String("Association"), attachment)

// Enable route propagation for an attachment
routeTable.EnablePropagation(jsii.String("Propagation"), attachment)

Experimental.

func NewTransitGateway 

func NewTransitGateway(scope constructs.Construct, id *string, props *TransitGatewayProps) TransitGateway

Experimental.

type TransitGatewayBlackholeRoute 

type TransitGatewayBlackholeRoute interface {
	awscdk.Resource
	ITransitGatewayRoute
	// The destination CIDR block for this route.
	//
	// Destination Cidr cannot overlap for static routes but is allowed for propagated routes.
	// When overlapping occurs, static routes take precedence over propagated routes.
	// Experimental.
	DestinationCidrBlock() *string
	// The environment this resource belongs to.
	//
	// For resources that are created and managed in a Stack (those created by
	// creating new class instances like `new Role()`, `new Bucket()`, etc.), this
	// is always the same as the environment of the stack they belong to.
	//
	// For referenced resources (those obtained from referencing methods like
	// `Role.fromRoleArn()`, `Bucket.fromBucketName()`, etc.), they might be
	// different than the stack they were imported into.
	// Experimental.
	Env() *interfaces.ResourceEnvironment
	// The tree node.
	// Experimental.
	Node() constructs.Node
	// Returns a string-encoded token that resolves to the physical name that should be passed to the CloudFormation resource.
	//
	// This value will resolve to one of the following:
	// - a concrete value (e.g. `"my-awesome-bucket"`)
	// - `undefined`, when a name should be generated by CloudFormation
	// - a concrete name generated automatically during synthesis, in
	//   cross-environment scenarios.
	// Experimental.
	PhysicalName() *string
	// The transit gateway route table this route belongs to.
	// Experimental.
	RouteTable() ITransitGatewayRouteTable
	// The stack in which this resource is defined.
	// Experimental.
	Stack() awscdk.Stack
	// Apply the given removal policy to this resource.
	//
	// The Removal Policy controls what happens to this resource when it stops
	// being managed by CloudFormation, either because you've removed it from the
	// CDK application or because you've made a change that requires the resource
	// to be replaced.
	//
	// The resource can be deleted (`RemovalPolicy.DESTROY`), or left in your AWS
	// account for data recovery and cleanup later (`RemovalPolicy.RETAIN`).
	// Experimental.
	ApplyRemovalPolicy(policy awscdk.RemovalPolicy)
	// Experimental.
	GeneratePhysicalName() *string
	// Returns an environment-sensitive token that should be used for the resource's "ARN" attribute (e.g. `bucket.bucketArn`).
	//
	// Normally, this token will resolve to `arnAttr`, but if the resource is
	// referenced across environments, `arnComponents` will be used to synthesize
	// a concrete ARN with the resource's physical name. Make sure to reference
	// `this.physicalName` in `arnComponents`.
	// Experimental.
	GetResourceArnAttribute(arnAttr *string, arnComponents *awscdk.ArnComponents) *string
	// Returns an environment-sensitive token that should be used for the resource's "name" attribute (e.g. `bucket.bucketName`).
	//
	// Normally, this token will resolve to `nameAttr`, but if the resource is
	// referenced across environments, it will be resolved to `this.physicalName`,
	// which will be a concrete name.
	// Experimental.
	GetResourceNameAttribute(nameAttr *string) *string
	// Returns a string representation of this construct.
	// Experimental.
	ToString() *string
	// Applies one or more mixins to this construct.
	//
	// Mixins are applied in order. The list of constructs is captured at the
	// start of the call, so constructs added by a mixin will not be visited.
	// Use multiple `with()` calls if subsequent mixins should apply to added
	// constructs.
	// Experimental.
	With(mixins ...constructs.IMixin) constructs.IConstruct
}

Create a Transit Gateway Blackhole Route.

Example: 

// The code below shows an example of how to instantiate this type.
// The values are placeholders you should change.
import ec2_alpha "github.com/aws/aws-cdk-go/awsec2alpha"

var transitGatewayRouteTable TransitGatewayRouteTable

transitGatewayBlackholeRoute := ec2_alpha.NewTransitGatewayBlackholeRoute(this, jsii.String("MyTransitGatewayBlackholeRoute"), &TransitGatewayBlackholeRouteProps{
	DestinationCidrBlock: jsii.String("destinationCidrBlock"),
	TransitGatewayRouteTable: transitGatewayRouteTable,

	// the properties below are optional
	TransitGatewayRouteName: jsii.String("transitGatewayRouteName"),
})

Experimental.

func NewTransitGatewayBlackholeRoute 

func NewTransitGatewayBlackholeRoute(scope constructs.Construct, id *string, props *TransitGatewayBlackholeRouteProps) TransitGatewayBlackholeRoute

Experimental.

type TransitGatewayBlackholeRouteProps 

type TransitGatewayBlackholeRouteProps struct {
	// The destination CIDR block for this route.
	//
	// Destination Cidr cannot overlap for static routes but is allowed for propagated routes.
	// When overlapping occurs, static routes take precedence over propagated routes.
	// Experimental.
	DestinationCidrBlock *string `field:"required" json:"destinationCidrBlock" yaml:"destinationCidrBlock"`
	// The transit gateway route table you want to install this route into.
	// Experimental.
	TransitGatewayRouteTable ITransitGatewayRouteTable `field:"required" json:"transitGatewayRouteTable" yaml:"transitGatewayRouteTable"`
	// Physical name of this Transit Gateway Route.
	// Default: - Assigned by CloudFormation.
	//
	// Experimental.
	TransitGatewayRouteName *string `field:"optional" json:"transitGatewayRouteName" yaml:"transitGatewayRouteName"`
}

Properties for a Transit Gateway Blackhole Route.

Example: 

// The code below shows an example of how to instantiate this type.
// The values are placeholders you should change.
import ec2_alpha "github.com/aws/aws-cdk-go/awsec2alpha"

var transitGatewayRouteTable TransitGatewayRouteTable

transitGatewayBlackholeRouteProps := &TransitGatewayBlackholeRouteProps{
	DestinationCidrBlock: jsii.String("destinationCidrBlock"),
	TransitGatewayRouteTable: transitGatewayRouteTable,

	// the properties below are optional
	TransitGatewayRouteName: jsii.String("transitGatewayRouteName"),
}

Experimental.

type TransitGatewayProps 

type TransitGatewayProps struct {
	// A private Autonomous System Number (ASN) for the Amazon side of a BGP session.
	//
	// The range is 64512 to 65534 for 16-bit ASNs.
	// Default: - undefined, 64512 is assigned by CloudFormation.
	//
	// Experimental.
	AmazonSideAsn *float64 `field:"optional" json:"amazonSideAsn" yaml:"amazonSideAsn"`
	// Enable or disable automatic acceptance of cross-account attachment requests.
	// Default: - disable (false).
	//
	// Experimental.
	AutoAcceptSharedAttachments *bool `field:"optional" json:"autoAcceptSharedAttachments" yaml:"autoAcceptSharedAttachments"`
	// Enable or disable automatic association with the default association route table.
	// Default: - enable (true).
	//
	// Experimental.
	DefaultRouteTableAssociation *bool `field:"optional" json:"defaultRouteTableAssociation" yaml:"defaultRouteTableAssociation"`
	// Enable or disable automatic propagation of routes to the default propagation route table.
	// Default: - enable (true).
	//
	// Experimental.
	DefaultRouteTablePropagation *bool `field:"optional" json:"defaultRouteTablePropagation" yaml:"defaultRouteTablePropagation"`
	// The description of the transit gateway.
	// Default: - no description.
	//
	// Experimental.
	Description *string `field:"optional" json:"description" yaml:"description"`
	// Enable or disable DNS support.
	//
	// If dnsSupport is enabled on a VPC Attachment, this also needs to be enabled for the feature to work.
	// Otherwise the resources will still deploy but the feature will not work.
	// Default: - enable (true).
	//
	// Experimental.
	DnsSupport *bool `field:"optional" json:"dnsSupport" yaml:"dnsSupport"`
	// Enable or disable security group referencing support.
	//
	// If securityGroupReferencingSupport is enabled on a VPC Attachment, this also needs to be enabled for the feature to work.
	// Otherwise the resources will still deploy but the feature will not work.
	// Default: - disable (false).
	//
	// Experimental.
	SecurityGroupReferencingSupport *bool `field:"optional" json:"securityGroupReferencingSupport" yaml:"securityGroupReferencingSupport"`
	// The transit gateway CIDR blocks.
	// Default: - none.
	//
	// Experimental.
	TransitGatewayCidrBlocks *[]*string `field:"optional" json:"transitGatewayCidrBlocks" yaml:"transitGatewayCidrBlocks"`
	// Physical name of this Transit Gateway.
	// Default: - Assigned by CloudFormation.
	//
	// Experimental.
	TransitGatewayName *string `field:"optional" json:"transitGatewayName" yaml:"transitGatewayName"`
}

Common properties for creating a Transit Gateway resource.

Example: 

transitGateway := awsec2alpha.NewTransitGateway(this, jsii.String("MyTransitGateway"), &TransitGatewayProps{
	DefaultRouteTableAssociation: jsii.Boolean(false),
	DefaultRouteTablePropagation: jsii.Boolean(false),
})

Experimental.

type TransitGatewayRoute 

type TransitGatewayRoute interface {
	awscdk.Resource
	ITransitGatewayRoute
	// The destination CIDR block for this route.
	//
	// Destination Cidr cannot overlap for static routes but is allowed for propagated routes.
	// When overlapping occurs, static routes take precedence over propagated routes.
	// Experimental.
	DestinationCidrBlock() *string
	// The environment this resource belongs to.
	//
	// For resources that are created and managed in a Stack (those created by
	// creating new class instances like `new Role()`, `new Bucket()`, etc.), this
	// is always the same as the environment of the stack they belong to.
	//
	// For referenced resources (those obtained from referencing methods like
	// `Role.fromRoleArn()`, `Bucket.fromBucketName()`, etc.), they might be
	// different than the stack they were imported into.
	// Experimental.
	Env() *interfaces.ResourceEnvironment
	// The tree node.
	// Experimental.
	Node() constructs.Node
	// Returns a string-encoded token that resolves to the physical name that should be passed to the CloudFormation resource.
	//
	// This value will resolve to one of the following:
	// - a concrete value (e.g. `"my-awesome-bucket"`)
	// - `undefined`, when a name should be generated by CloudFormation
	// - a concrete name generated automatically during synthesis, in
	//   cross-environment scenarios.
	// Experimental.
	PhysicalName() *string
	// The AWS CloudFormation resource representing the Transit Gateway Route.
	// Experimental.
	Resource() awsec2.CfnTransitGatewayRoute
	// The transit gateway route table this route belongs to.
	// Experimental.
	RouteTable() ITransitGatewayRouteTable
	// The stack in which this resource is defined.
	// Experimental.
	Stack() awscdk.Stack
	// Apply the given removal policy to this resource.
	//
	// The Removal Policy controls what happens to this resource when it stops
	// being managed by CloudFormation, either because you've removed it from the
	// CDK application or because you've made a change that requires the resource
	// to be replaced.
	//
	// The resource can be deleted (`RemovalPolicy.DESTROY`), or left in your AWS
	// account for data recovery and cleanup later (`RemovalPolicy.RETAIN`).
	// Experimental.
	ApplyRemovalPolicy(policy awscdk.RemovalPolicy)
	// Experimental.
	GeneratePhysicalName() *string
	// Returns an environment-sensitive token that should be used for the resource's "ARN" attribute (e.g. `bucket.bucketArn`).
	//
	// Normally, this token will resolve to `arnAttr`, but if the resource is
	// referenced across environments, `arnComponents` will be used to synthesize
	// a concrete ARN with the resource's physical name. Make sure to reference
	// `this.physicalName` in `arnComponents`.
	// Experimental.
	GetResourceArnAttribute(arnAttr *string, arnComponents *awscdk.ArnComponents) *string
	// Returns an environment-sensitive token that should be used for the resource's "name" attribute (e.g. `bucket.bucketName`).
	//
	// Normally, this token will resolve to `nameAttr`, but if the resource is
	// referenced across environments, it will be resolved to `this.physicalName`,
	// which will be a concrete name.
	// Experimental.
	GetResourceNameAttribute(nameAttr *string) *string
	// Returns a string representation of this construct.
	// Experimental.
	ToString() *string
	// Applies one or more mixins to this construct.
	//
	// Mixins are applied in order. The list of constructs is captured at the
	// start of the call, so constructs added by a mixin will not be visited.
	// Use multiple `with()` calls if subsequent mixins should apply to added
	// constructs.
	// Experimental.
	With(mixins ...constructs.IMixin) constructs.IConstruct
}

Create a Transit Gateway Active Route.

Example: 

// The code below shows an example of how to instantiate this type.
// The values are placeholders you should change.
import ec2_alpha "github.com/aws/aws-cdk-go/awsec2alpha"

var transitGatewayAttachment ITransitGatewayAttachment
var transitGatewayRouteTable TransitGatewayRouteTable

transitGatewayRoute := ec2_alpha.NewTransitGatewayRoute(this, jsii.String("MyTransitGatewayRoute"), &TransitGatewayRouteProps{
	DestinationCidrBlock: jsii.String("destinationCidrBlock"),
	TransitGatewayAttachment: transitGatewayAttachment,
	TransitGatewayRouteTable: transitGatewayRouteTable,

	// the properties below are optional
	TransitGatewayRouteName: jsii.String("transitGatewayRouteName"),
})

Experimental.

func NewTransitGatewayRoute 

func NewTransitGatewayRoute(scope constructs.Construct, id *string, props *TransitGatewayRouteProps) TransitGatewayRoute

Experimental.

type TransitGatewayRouteProps 

type TransitGatewayRouteProps struct {
	// The destination CIDR block for this route.
	//
	// Destination Cidr cannot overlap for static routes but is allowed for propagated routes.
	// When overlapping occurs, static routes take precedence over propagated routes.
	// Experimental.
	DestinationCidrBlock *string `field:"required" json:"destinationCidrBlock" yaml:"destinationCidrBlock"`
	// The transit gateway route table you want to install this route into.
	// Experimental.
	TransitGatewayRouteTable ITransitGatewayRouteTable `field:"required" json:"transitGatewayRouteTable" yaml:"transitGatewayRouteTable"`
	// Physical name of this Transit Gateway Route.
	// Default: - Assigned by CloudFormation.
	//
	// Experimental.
	TransitGatewayRouteName *string `field:"optional" json:"transitGatewayRouteName" yaml:"transitGatewayRouteName"`
	// The transit gateway attachment to route the traffic to.
	// Experimental.
	TransitGatewayAttachment ITransitGatewayAttachment `field:"required" json:"transitGatewayAttachment" yaml:"transitGatewayAttachment"`
}

Common properties for a Transit Gateway Route.

Example: 

// The code below shows an example of how to instantiate this type.
// The values are placeholders you should change.
import ec2_alpha "github.com/aws/aws-cdk-go/awsec2alpha"

var transitGatewayAttachment ITransitGatewayAttachment
var transitGatewayRouteTable TransitGatewayRouteTable

transitGatewayRouteProps := &TransitGatewayRouteProps{
	DestinationCidrBlock: jsii.String("destinationCidrBlock"),
	TransitGatewayAttachment: transitGatewayAttachment,
	TransitGatewayRouteTable: transitGatewayRouteTable,

	// the properties below are optional
	TransitGatewayRouteName: jsii.String("transitGatewayRouteName"),
}

Experimental.

type TransitGatewayRouteTable 

type TransitGatewayRouteTable interface {
	awscdk.Resource
	ITransitGatewayRouteTable
	// The environment this resource belongs to.
	//
	// For resources that are created and managed in a Stack (those created by
	// creating new class instances like `new Role()`, `new Bucket()`, etc.), this
	// is always the same as the environment of the stack they belong to.
	//
	// For referenced resources (those obtained from referencing methods like
	// `Role.fromRoleArn()`, `Bucket.fromBucketName()`, etc.), they might be
	// different than the stack they were imported into.
	// Experimental.
	Env() *interfaces.ResourceEnvironment
	// The tree node.
	// Experimental.
	Node() constructs.Node
	// Returns a string-encoded token that resolves to the physical name that should be passed to the CloudFormation resource.
	//
	// This value will resolve to one of the following:
	// - a concrete value (e.g. `"my-awesome-bucket"`)
	// - `undefined`, when a name should be generated by CloudFormation
	// - a concrete name generated automatically during synthesis, in
	//   cross-environment scenarios.
	// Experimental.
	PhysicalName() *string
	// Route table ID.
	// Experimental.
	RouteTableId() *string
	// The stack in which this resource is defined.
	// Experimental.
	Stack() awscdk.Stack
	// The Transit Gateway.
	// Experimental.
	TransitGateway() ITransitGateway
	// Associate the provided Attachments with this route table.
	// Experimental.
	AddAssociation(id *string, transitGatewayAttachment ITransitGatewayAttachment) ITransitGatewayRouteTableAssociation
	// Add a blackhole route to this route table.
	// Experimental.
	AddBlackholeRoute(id *string, destinationCidr *string) ITransitGatewayRoute
	// Add an active route to this route table.
	// Experimental.
	AddRoute(id *string, transitGatewayAttachment ITransitGatewayAttachment, destinationCidr *string) ITransitGatewayRoute
	// Apply the given removal policy to this resource.
	//
	// The Removal Policy controls what happens to this resource when it stops
	// being managed by CloudFormation, either because you've removed it from the
	// CDK application or because you've made a change that requires the resource
	// to be replaced.
	//
	// The resource can be deleted (`RemovalPolicy.DESTROY`), or left in your AWS
	// account for data recovery and cleanup later (`RemovalPolicy.RETAIN`).
	// Experimental.
	ApplyRemovalPolicy(policy awscdk.RemovalPolicy)
	// Enable propagation from the provided Attachments to this route table.
	// Experimental.
	EnablePropagation(id *string, transitGatewayAttachment ITransitGatewayAttachment) ITransitGatewayRouteTablePropagation
	// Experimental.
	GeneratePhysicalName() *string
	// Returns an environment-sensitive token that should be used for the resource's "ARN" attribute (e.g. `bucket.bucketArn`).
	//
	// Normally, this token will resolve to `arnAttr`, but if the resource is
	// referenced across environments, `arnComponents` will be used to synthesize
	// a concrete ARN with the resource's physical name. Make sure to reference
	// `this.physicalName` in `arnComponents`.
	// Experimental.
	GetResourceArnAttribute(arnAttr *string, arnComponents *awscdk.ArnComponents) *string
	// Returns an environment-sensitive token that should be used for the resource's "name" attribute (e.g. `bucket.bucketName`).
	//
	// Normally, this token will resolve to `nameAttr`, but if the resource is
	// referenced across environments, it will be resolved to `this.physicalName`,
	// which will be a concrete name.
	// Experimental.
	GetResourceNameAttribute(nameAttr *string) *string
	// Returns a string representation of this construct.
	// Experimental.
	ToString() *string
	// Applies one or more mixins to this construct.
	//
	// Mixins are applied in order. The list of constructs is captured at the
	// start of the call, so constructs added by a mixin will not be visited.
	// Use multiple `with()` calls if subsequent mixins should apply to added
	// constructs.
	// Experimental.
	With(mixins ...constructs.IMixin) constructs.IConstruct
}

Creates a Transit Gateway route table.

Example: 

// The code below shows an example of how to instantiate this type.
// The values are placeholders you should change.
import ec2_alpha "github.com/aws/aws-cdk-go/awsec2alpha"

var transitGateway TransitGateway

transitGatewayRouteTable := ec2_alpha.NewTransitGatewayRouteTable(this, jsii.String("MyTransitGatewayRouteTable"), &TransitGatewayRouteTableProps{
	TransitGateway: transitGateway,

	// the properties below are optional
	TransitGatewayRouteTableName: jsii.String("transitGatewayRouteTableName"),
})

Experimental.

func NewTransitGatewayRouteTable 

func NewTransitGatewayRouteTable(scope constructs.Construct, id *string, props *TransitGatewayRouteTableProps) TransitGatewayRouteTable

Experimental.

type TransitGatewayRouteTableAssociation 

type TransitGatewayRouteTableAssociation interface {
	awscdk.Resource
	ITransitGatewayAssociation
	// The environment this resource belongs to.
	//
	// For resources that are created and managed in a Stack (those created by
	// creating new class instances like `new Role()`, `new Bucket()`, etc.), this
	// is always the same as the environment of the stack they belong to.
	//
	// For referenced resources (those obtained from referencing methods like
	// `Role.fromRoleArn()`, `Bucket.fromBucketName()`, etc.), they might be
	// different than the stack they were imported into.
	// Experimental.
	Env() *interfaces.ResourceEnvironment
	// The tree node.
	// Experimental.
	Node() constructs.Node
	// Returns a string-encoded token that resolves to the physical name that should be passed to the CloudFormation resource.
	//
	// This value will resolve to one of the following:
	// - a concrete value (e.g. `"my-awesome-bucket"`)
	// - `undefined`, when a name should be generated by CloudFormation
	// - a concrete name generated automatically during synthesis, in
	//   cross-environment scenarios.
	// Experimental.
	PhysicalName() *string
	// The stack in which this resource is defined.
	// Experimental.
	Stack() awscdk.Stack
	// The ID of the transit gateway route table association.
	// Experimental.
	TransitGatewayAssociationId() *string
	// Apply the given removal policy to this resource.
	//
	// The Removal Policy controls what happens to this resource when it stops
	// being managed by CloudFormation, either because you've removed it from the
	// CDK application or because you've made a change that requires the resource
	// to be replaced.
	//
	// The resource can be deleted (`RemovalPolicy.DESTROY`), or left in your AWS
	// account for data recovery and cleanup later (`RemovalPolicy.RETAIN`).
	// Experimental.
	ApplyRemovalPolicy(policy awscdk.RemovalPolicy)
	// Experimental.
	GeneratePhysicalName() *string
	// Returns an environment-sensitive token that should be used for the resource's "ARN" attribute (e.g. `bucket.bucketArn`).
	//
	// Normally, this token will resolve to `arnAttr`, but if the resource is
	// referenced across environments, `arnComponents` will be used to synthesize
	// a concrete ARN with the resource's physical name. Make sure to reference
	// `this.physicalName` in `arnComponents`.
	// Experimental.
	GetResourceArnAttribute(arnAttr *string, arnComponents *awscdk.ArnComponents) *string
	// Returns an environment-sensitive token that should be used for the resource's "name" attribute (e.g. `bucket.bucketName`).
	//
	// Normally, this token will resolve to `nameAttr`, but if the resource is
	// referenced across environments, it will be resolved to `this.physicalName`,
	// which will be a concrete name.
	// Experimental.
	GetResourceNameAttribute(nameAttr *string) *string
	// Returns a string representation of this construct.
	// Experimental.
	ToString() *string
	// Applies one or more mixins to this construct.
	//
	// Mixins are applied in order. The list of constructs is captured at the
	// start of the call, so constructs added by a mixin will not be visited.
	// Use multiple `with()` calls if subsequent mixins should apply to added
	// constructs.
	// Experimental.
	With(mixins ...constructs.IMixin) constructs.IConstruct
}

Create a Transit Gateway Route Table Association.

Example: 

// The code below shows an example of how to instantiate this type.
// The values are placeholders you should change.
import ec2_alpha "github.com/aws/aws-cdk-go/awsec2alpha"

var transitGatewayAttachment ITransitGatewayAttachment
var transitGatewayRouteTable TransitGatewayRouteTable

transitGatewayRouteTableAssociation := ec2_alpha.NewTransitGatewayRouteTableAssociation(this, jsii.String("MyTransitGatewayRouteTableAssociation"), &TransitGatewayRouteTableAssociationProps{
	TransitGatewayRouteTable: transitGatewayRouteTable,
	TransitGatewayVpcAttachment: transitGatewayAttachment,

	// the properties below are optional
	TransitGatewayRouteTableAssociationName: jsii.String("transitGatewayRouteTableAssociationName"),
})

Experimental.

func NewTransitGatewayRouteTableAssociation 

func NewTransitGatewayRouteTableAssociation(scope constructs.Construct, id *string, props *TransitGatewayRouteTableAssociationProps) TransitGatewayRouteTableAssociation

Experimental.

type TransitGatewayRouteTableAssociationProps 

type TransitGatewayRouteTableAssociationProps struct {
	// The ID of the transit gateway route table association.
	// Experimental.
	TransitGatewayRouteTable ITransitGatewayRouteTable `field:"required" json:"transitGatewayRouteTable" yaml:"transitGatewayRouteTable"`
	// The ID of the transit gateway route table association.
	// Experimental.
	TransitGatewayVpcAttachment ITransitGatewayAttachment `field:"required" json:"transitGatewayVpcAttachment" yaml:"transitGatewayVpcAttachment"`
	// Physical name of this association.
	// Default: - Assigned by CloudFormation.
	//
	// Experimental.
	TransitGatewayRouteTableAssociationName *string `field:"optional" json:"transitGatewayRouteTableAssociationName" yaml:"transitGatewayRouteTableAssociationName"`
}

Common properties for a Transit Gateway Route Table Association.

Example: 

// The code below shows an example of how to instantiate this type.
// The values are placeholders you should change.
import ec2_alpha "github.com/aws/aws-cdk-go/awsec2alpha"

var transitGatewayAttachment ITransitGatewayAttachment
var transitGatewayRouteTable TransitGatewayRouteTable

transitGatewayRouteTableAssociationProps := &TransitGatewayRouteTableAssociationProps{
	TransitGatewayRouteTable: transitGatewayRouteTable,
	TransitGatewayVpcAttachment: transitGatewayAttachment,

	// the properties below are optional
	TransitGatewayRouteTableAssociationName: jsii.String("transitGatewayRouteTableAssociationName"),
}

Experimental.

type TransitGatewayRouteTablePropagation 

type TransitGatewayRouteTablePropagation interface {
	awscdk.Resource
	ITransitGatewayRouteTablePropagation
	// The environment this resource belongs to.
	//
	// For resources that are created and managed in a Stack (those created by
	// creating new class instances like `new Role()`, `new Bucket()`, etc.), this
	// is always the same as the environment of the stack they belong to.
	//
	// For referenced resources (those obtained from referencing methods like
	// `Role.fromRoleArn()`, `Bucket.fromBucketName()`, etc.), they might be
	// different than the stack they were imported into.
	// Experimental.
	Env() *interfaces.ResourceEnvironment
	// The tree node.
	// Experimental.
	Node() constructs.Node
	// Returns a string-encoded token that resolves to the physical name that should be passed to the CloudFormation resource.
	//
	// This value will resolve to one of the following:
	// - a concrete value (e.g. `"my-awesome-bucket"`)
	// - `undefined`, when a name should be generated by CloudFormation
	// - a concrete name generated automatically during synthesis, in
	//   cross-environment scenarios.
	// Experimental.
	PhysicalName() *string
	// The stack in which this resource is defined.
	// Experimental.
	Stack() awscdk.Stack
	// The ID of the transit gateway route table propagation.
	// Experimental.
	TransitGatewayRouteTablePropagationId() *string
	// Apply the given removal policy to this resource.
	//
	// The Removal Policy controls what happens to this resource when it stops
	// being managed by CloudFormation, either because you've removed it from the
	// CDK application or because you've made a change that requires the resource
	// to be replaced.
	//
	// The resource can be deleted (`RemovalPolicy.DESTROY`), or left in your AWS
	// account for data recovery and cleanup later (`RemovalPolicy.RETAIN`).
	// Experimental.
	ApplyRemovalPolicy(policy awscdk.RemovalPolicy)
	// Experimental.
	GeneratePhysicalName() *string
	// Returns an environment-sensitive token that should be used for the resource's "ARN" attribute (e.g. `bucket.bucketArn`).
	//
	// Normally, this token will resolve to `arnAttr`, but if the resource is
	// referenced across environments, `arnComponents` will be used to synthesize
	// a concrete ARN with the resource's physical name. Make sure to reference
	// `this.physicalName` in `arnComponents`.
	// Experimental.
	GetResourceArnAttribute(arnAttr *string, arnComponents *awscdk.ArnComponents) *string
	// Returns an environment-sensitive token that should be used for the resource's "name" attribute (e.g. `bucket.bucketName`).
	//
	// Normally, this token will resolve to `nameAttr`, but if the resource is
	// referenced across environments, it will be resolved to `this.physicalName`,
	// which will be a concrete name.
	// Experimental.
	GetResourceNameAttribute(nameAttr *string) *string
	// Returns a string representation of this construct.
	// Experimental.
	ToString() *string
	// Applies one or more mixins to this construct.
	//
	// Mixins are applied in order. The list of constructs is captured at the
	// start of the call, so constructs added by a mixin will not be visited.
	// Use multiple `with()` calls if subsequent mixins should apply to added
	// constructs.
	// Experimental.
	With(mixins ...constructs.IMixin) constructs.IConstruct
}

Create a Transit Gateway Route Table Propagation.

Example: 

// The code below shows an example of how to instantiate this type.
// The values are placeholders you should change.
import ec2_alpha "github.com/aws/aws-cdk-go/awsec2alpha"

var transitGatewayAttachment ITransitGatewayAttachment
var transitGatewayRouteTable TransitGatewayRouteTable

transitGatewayRouteTablePropagation := ec2_alpha.NewTransitGatewayRouteTablePropagation(this, jsii.String("MyTransitGatewayRouteTablePropagation"), &TransitGatewayRouteTablePropagationProps{
	TransitGatewayRouteTable: transitGatewayRouteTable,
	TransitGatewayVpcAttachment: transitGatewayAttachment,

	// the properties below are optional
	TransitGatewayRouteTablePropagationName: jsii.String("transitGatewayRouteTablePropagationName"),
})

Experimental.

func NewTransitGatewayRouteTablePropagation 

func NewTransitGatewayRouteTablePropagation(scope constructs.Construct, id *string, props *TransitGatewayRouteTablePropagationProps) TransitGatewayRouteTablePropagation

Experimental.

type TransitGatewayRouteTablePropagationProps 

type TransitGatewayRouteTablePropagationProps struct {
	// The ID of the transit gateway route table propagation.
	// Experimental.
	TransitGatewayRouteTable ITransitGatewayRouteTable `field:"required" json:"transitGatewayRouteTable" yaml:"transitGatewayRouteTable"`
	// The ID of the transit gateway route table propagation.
	// Experimental.
	TransitGatewayVpcAttachment ITransitGatewayAttachment `field:"required" json:"transitGatewayVpcAttachment" yaml:"transitGatewayVpcAttachment"`
	// Physical name of this propagation.
	// Default: - Assigned by CloudFormation.
	//
	// Experimental.
	TransitGatewayRouteTablePropagationName *string `field:"optional" json:"transitGatewayRouteTablePropagationName" yaml:"transitGatewayRouteTablePropagationName"`
}

Common properties for a Transit Gateway Route Table Propagation.

Example: 

// The code below shows an example of how to instantiate this type.
// The values are placeholders you should change.
import ec2_alpha "github.com/aws/aws-cdk-go/awsec2alpha"

var transitGatewayAttachment ITransitGatewayAttachment
var transitGatewayRouteTable TransitGatewayRouteTable

transitGatewayRouteTablePropagationProps := &TransitGatewayRouteTablePropagationProps{
	TransitGatewayRouteTable: transitGatewayRouteTable,
	TransitGatewayVpcAttachment: transitGatewayAttachment,

	// the properties below are optional
	TransitGatewayRouteTablePropagationName: jsii.String("transitGatewayRouteTablePropagationName"),
}

Experimental.

type TransitGatewayRouteTableProps 

type TransitGatewayRouteTableProps struct {
	// The Transit Gateway that this route table belongs to.
	// Experimental.
	TransitGateway ITransitGateway `field:"required" json:"transitGateway" yaml:"transitGateway"`
	// Physical name of this Transit Gateway Route Table.
	// Default: - Assigned by CloudFormation.
	//
	// Experimental.
	TransitGatewayRouteTableName *string `field:"optional" json:"transitGatewayRouteTableName" yaml:"transitGatewayRouteTableName"`
}

Common properties for creating a Transit Gateway Route Table resource.

Example: 

// The code below shows an example of how to instantiate this type.
// The values are placeholders you should change.
import ec2_alpha "github.com/aws/aws-cdk-go/awsec2alpha"

var transitGateway TransitGateway

transitGatewayRouteTableProps := &TransitGatewayRouteTableProps{
	TransitGateway: transitGateway,

	// the properties below are optional
	TransitGatewayRouteTableName: jsii.String("transitGatewayRouteTableName"),
}

Experimental.

type TransitGatewayVpcAttachment 

type TransitGatewayVpcAttachment interface {
	awscdk.Resource
	ITransitGatewayAttachment
	ITransitGatewayVpcAttachment
	// The environment this resource belongs to.
	//
	// For resources that are created and managed in a Stack (those created by
	// creating new class instances like `new Role()`, `new Bucket()`, etc.), this
	// is always the same as the environment of the stack they belong to.
	//
	// For referenced resources (those obtained from referencing methods like
	// `Role.fromRoleArn()`, `Bucket.fromBucketName()`, etc.), they might be
	// different than the stack they were imported into.
	// Experimental.
	Env() *interfaces.ResourceEnvironment
	// The tree node.
	// Experimental.
	Node() constructs.Node
	// Returns a string-encoded token that resolves to the physical name that should be passed to the CloudFormation resource.
	//
	// This value will resolve to one of the following:
	// - a concrete value (e.g. `"my-awesome-bucket"`)
	// - `undefined`, when a name should be generated by CloudFormation
	// - a concrete name generated automatically during synthesis, in
	//   cross-environment scenarios.
	// Experimental.
	PhysicalName() *string
	// The stack in which this resource is defined.
	// Experimental.
	Stack() awscdk.Stack
	// The ID of the transit gateway attachment.
	// Experimental.
	TransitGatewayAttachmentId() *string
	// Add additional subnets to this attachment.
	// Experimental.
	AddSubnets(subnets *[]awsec2.ISubnet)
	// Apply the given removal policy to this resource.
	//
	// The Removal Policy controls what happens to this resource when it stops
	// being managed by CloudFormation, either because you've removed it from the
	// CDK application or because you've made a change that requires the resource
	// to be replaced.
	//
	// The resource can be deleted (`RemovalPolicy.DESTROY`), or left in your AWS
	// account for data recovery and cleanup later (`RemovalPolicy.RETAIN`).
	// Experimental.
	ApplyRemovalPolicy(policy awscdk.RemovalPolicy)
	// Experimental.
	GeneratePhysicalName() *string
	// Returns an environment-sensitive token that should be used for the resource's "ARN" attribute (e.g. `bucket.bucketArn`).
	//
	// Normally, this token will resolve to `arnAttr`, but if the resource is
	// referenced across environments, `arnComponents` will be used to synthesize
	// a concrete ARN with the resource's physical name. Make sure to reference
	// `this.physicalName` in `arnComponents`.
	// Experimental.
	GetResourceArnAttribute(arnAttr *string, arnComponents *awscdk.ArnComponents) *string
	// Returns an environment-sensitive token that should be used for the resource's "name" attribute (e.g. `bucket.bucketName`).
	//
	// Normally, this token will resolve to `nameAttr`, but if the resource is
	// referenced across environments, it will be resolved to `this.physicalName`,
	// which will be a concrete name.
	// Experimental.
	GetResourceNameAttribute(nameAttr *string) *string
	// Remove additional subnets to this attachment.
	// Experimental.
	RemoveSubnets(subnets *[]awsec2.ISubnet)
	// Returns a string representation of this construct.
	// Experimental.
	ToString() *string
	// Applies one or more mixins to this construct.
	//
	// Mixins are applied in order. The list of constructs is captured at the
	// start of the call, so constructs added by a mixin will not be visited.
	// Use multiple `with()` calls if subsequent mixins should apply to added
	// constructs.
	// Experimental.
	With(mixins ...constructs.IMixin) constructs.IConstruct
}

Creates a Transit Gateway VPC Attachment.

Example: 

// The code below shows an example of how to instantiate this type.
// The values are placeholders you should change.
import ec2_alpha "github.com/aws/aws-cdk-go/awsec2alpha"
import "github.com/aws/aws-cdk-go/awscdk"

var subnet Subnet
var transitGateway TransitGateway
var transitGatewayVpcAttachmentOptions ITransitGatewayVpcAttachmentOptions
var vpc Vpc

transitGatewayVpcAttachment := ec2_alpha.NewTransitGatewayVpcAttachment(this, jsii.String("MyTransitGatewayVpcAttachment"), &TransitGatewayVpcAttachmentProps{
	Subnets: []ISubnet{
		subnet,
	},
	TransitGateway: transitGateway,
	Vpc: vpc,

	// the properties below are optional
	TransitGatewayAttachmentName: jsii.String("transitGatewayAttachmentName"),
	VpcAttachmentOptions: transitGatewayVpcAttachmentOptions,
})

Experimental.

func NewTransitGatewayVpcAttachment 

func NewTransitGatewayVpcAttachment(scope constructs.Construct, id *string, props *TransitGatewayVpcAttachmentProps) TransitGatewayVpcAttachment

Experimental.

type TransitGatewayVpcAttachmentProps 

type TransitGatewayVpcAttachmentProps struct {
	// A list of one or more subnets to place the attachment in.
	//
	// It is recommended to specify more subnets for better availability.
	// Experimental.
	Subnets *[]awsec2.ISubnet `field:"required" json:"subnets" yaml:"subnets"`
	// The transit gateway this attachment gets assigned to.
	// Experimental.
	TransitGateway ITransitGateway `field:"required" json:"transitGateway" yaml:"transitGateway"`
	// A VPC attachment(s) will get assigned to.
	// Experimental.
	Vpc awsec2.IVpc `field:"required" json:"vpc" yaml:"vpc"`
	// Physical name of this Transit Gateway VPC Attachment.
	// Default: - Assigned by CloudFormation.
	//
	// Experimental.
	TransitGatewayAttachmentName *string `field:"optional" json:"transitGatewayAttachmentName" yaml:"transitGatewayAttachmentName"`
	// The VPC attachment options.
	// Default: - All options are disabled.
	//
	// Experimental.
	VpcAttachmentOptions ITransitGatewayVpcAttachmentOptions `field:"optional" json:"vpcAttachmentOptions" yaml:"vpcAttachmentOptions"`
}

Common properties for creating a Transit Gateway VPC Attachment resource.

Example: 

// The code below shows an example of how to instantiate this type.
// The values are placeholders you should change.
import ec2_alpha "github.com/aws/aws-cdk-go/awsec2alpha"
import "github.com/aws/aws-cdk-go/awscdk"

var subnet Subnet
var transitGateway TransitGateway
var transitGatewayVpcAttachmentOptions ITransitGatewayVpcAttachmentOptions
var vpc Vpc

transitGatewayVpcAttachmentProps := &TransitGatewayVpcAttachmentProps{
	Subnets: []ISubnet{
		subnet,
	},
	TransitGateway: transitGateway,
	Vpc: vpc,

	// the properties below are optional
	TransitGatewayAttachmentName: jsii.String("transitGatewayAttachmentName"),
	VpcAttachmentOptions: transitGatewayVpcAttachmentOptions,
}

Experimental.

type VPCCidrBlockattributes 

type VPCCidrBlockattributes struct {
	// Amazon Provided Ipv6.
	// Default: false.
	//
	// Experimental.
	AmazonProvidedIpv6CidrBlock *bool `field:"optional" json:"amazonProvidedIpv6CidrBlock" yaml:"amazonProvidedIpv6CidrBlock"`
	// The secondary IPv4 CIDR Block.
	// Default: - no CIDR block provided.
	//
	// Experimental.
	CidrBlock *string `field:"optional" json:"cidrBlock" yaml:"cidrBlock"`
	// The secondary IPv4 CIDR Block.
	// Default: - no CIDR block provided.
	//
	// Experimental.
	CidrBlockName *string `field:"optional" json:"cidrBlockName" yaml:"cidrBlockName"`
	// IPAM pool for IPv4 address type.
	// Default: - no IPAM pool Id provided for IPv4.
	//
	// Experimental.
	Ipv4IpamPoolId *string `field:"optional" json:"ipv4IpamPoolId" yaml:"ipv4IpamPoolId"`
	// IPv4 CIDR provisioned under pool Required to check for overlapping CIDRs after provisioning is complete under IPAM pool.
	// Default: - no IPAM IPv4 CIDR range is provisioned using IPAM.
	//
	// Experimental.
	Ipv4IpamProvisionedCidrs *[]*string `field:"optional" json:"ipv4IpamProvisionedCidrs" yaml:"ipv4IpamProvisionedCidrs"`
	// Net mask length for IPv4 address type.
	// Default: - no Net mask length configured for IPv4.
	//
	// Experimental.
	Ipv4NetmaskLength *float64 `field:"optional" json:"ipv4NetmaskLength" yaml:"ipv4NetmaskLength"`
	// The IPv6 CIDR block from the specified IPv6 address pool.
	// Default: - No IPv6 CIDR block associated with VPC.
	//
	// Experimental.
	Ipv6CidrBlock *string `field:"optional" json:"ipv6CidrBlock" yaml:"ipv6CidrBlock"`
	// IPAM pool for IPv6 address type.
	// Default: - no IPAM pool Id provided for IPv6.
	//
	// Experimental.
	Ipv6IpamPoolId *string `field:"optional" json:"ipv6IpamPoolId" yaml:"ipv6IpamPoolId"`
	// Net mask length for IPv6 address type.
	// Default: - no Net mask length configured for IPv6.
	//
	// Experimental.
	Ipv6NetmaskLength *float64 `field:"optional" json:"ipv6NetmaskLength" yaml:"ipv6NetmaskLength"`
	// The ID of the IPv6 address pool from which to allocate the IPv6 CIDR block.
	//
	// Note: BYOIP Pool ID is different than IPAM Pool ID.
	// Default: - No BYOIP pool associated with VPC.
	//
	// Experimental.
	Ipv6Pool *string `field:"optional" json:"ipv6Pool" yaml:"ipv6Pool"`
}

Attributes for VPCCidrBlock used for defining a new CIDR Block and also for importing an existing CIDR.

Example: 

// The code below shows an example of how to instantiate this type.
// The values are placeholders you should change.
import ec2_alpha "github.com/aws/aws-cdk-go/awsec2alpha"

vPCCidrBlockattributes := &VPCCidrBlockattributes{
	AmazonProvidedIpv6CidrBlock: jsii.Boolean(false),
	CidrBlock: jsii.String("cidrBlock"),
	CidrBlockName: jsii.String("cidrBlockName"),
	Ipv4IpamPoolId: jsii.String("ipv4IpamPoolId"),
	Ipv4IpamProvisionedCidrs: []*string{
		jsii.String("ipv4IpamProvisionedCidrs"),
	},
	Ipv4NetmaskLength: jsii.Number(123),
	Ipv6CidrBlock: jsii.String("ipv6CidrBlock"),
	Ipv6IpamPoolId: jsii.String("ipv6IpamPoolId"),
	Ipv6NetmaskLength: jsii.Number(123),
	Ipv6Pool: jsii.String("ipv6Pool"),
}

Experimental.

type VPCPeeringConnection 

type VPCPeeringConnection interface {
	awscdk.Resource
	IRouteTarget
	// The environment this resource belongs to.
	//
	// For resources that are created and managed in a Stack (those created by
	// creating new class instances like `new Role()`, `new Bucket()`, etc.), this
	// is always the same as the environment of the stack they belong to.
	//
	// For referenced resources (those obtained from referencing methods like
	// `Role.fromRoleArn()`, `Bucket.fromBucketName()`, etc.), they might be
	// different than the stack they were imported into.
	// Experimental.
	Env() *interfaces.ResourceEnvironment
	// The tree node.
	// Experimental.
	Node() constructs.Node
	// Returns a string-encoded token that resolves to the physical name that should be passed to the CloudFormation resource.
	//
	// This value will resolve to one of the following:
	// - a concrete value (e.g. `"my-awesome-bucket"`)
	// - `undefined`, when a name should be generated by CloudFormation
	// - a concrete name generated automatically during synthesis, in
	//   cross-environment scenarios.
	// Experimental.
	PhysicalName() *string
	// The VPC peering connection CFN resource.
	// Experimental.
	Resource() awsec2.CfnVPCPeeringConnection
	// The ID of the route target.
	// Experimental.
	RouterTargetId() *string
	// The type of router used in the route.
	// Experimental.
	RouterType() awsec2.RouterType
	// The stack in which this resource is defined.
	// Experimental.
	Stack() awscdk.Stack
	// Apply the given removal policy to this resource.
	//
	// The Removal Policy controls what happens to this resource when it stops
	// being managed by CloudFormation, either because you've removed it from the
	// CDK application or because you've made a change that requires the resource
	// to be replaced.
	//
	// The resource can be deleted (`RemovalPolicy.DESTROY`), or left in your AWS
	// account for data recovery and cleanup later (`RemovalPolicy.RETAIN`).
	// Experimental.
	ApplyRemovalPolicy(policy awscdk.RemovalPolicy)
	// Experimental.
	GeneratePhysicalName() *string
	// Returns an environment-sensitive token that should be used for the resource's "ARN" attribute (e.g. `bucket.bucketArn`).
	//
	// Normally, this token will resolve to `arnAttr`, but if the resource is
	// referenced across environments, `arnComponents` will be used to synthesize
	// a concrete ARN with the resource's physical name. Make sure to reference
	// `this.physicalName` in `arnComponents`.
	// Experimental.
	GetResourceArnAttribute(arnAttr *string, arnComponents *awscdk.ArnComponents) *string
	// Returns an environment-sensitive token that should be used for the resource's "name" attribute (e.g. `bucket.bucketName`).
	//
	// Normally, this token will resolve to `nameAttr`, but if the resource is
	// referenced across environments, it will be resolved to `this.physicalName`,
	// which will be a concrete name.
	// Experimental.
	GetResourceNameAttribute(nameAttr *string) *string
	// Returns a string representation of this construct.
	// Experimental.
	ToString() *string
	// Applies one or more mixins to this construct.
	//
	// Mixins are applied in order. The list of constructs is captured at the
	// start of the call, so constructs added by a mixin will not be visited.
	// Use multiple `with()` calls if subsequent mixins should apply to added
	// constructs.
	// Experimental.
	With(mixins ...constructs.IMixin) constructs.IConstruct
}

Creates a peering connection between two VPCs.

Example: 

stack := awscdk.Newstack()

acceptorVpc := awsec2alpha.NewVpcV2(this, jsii.String("VpcA"), &VpcV2Props{
	PrimaryAddressBlock: awsec2alpha.IpAddresses_Ipv4(jsii.String("10.0.0.0/16")),
})

requestorVpc := awsec2alpha.NewVpcV2(this, jsii.String("VpcB"), &VpcV2Props{
	PrimaryAddressBlock: awsec2alpha.IpAddresses_*Ipv4(jsii.String("10.1.0.0/16")),
})

peeringConnection := requestorVpc.CreatePeeringConnection(jsii.String("peeringConnection"), &VPCPeeringConnectionOptions{
	AcceptorVpc: acceptorVpc,
})

routeTable := awsec2alpha.NewRouteTable(this, jsii.String("RouteTable"), &RouteTableProps{
	Vpc: requestorVpc,
})

routeTable.AddRoute(jsii.String("vpcPeeringRoute"), jsii.String("10.0.0.0/16"), map[string]iRouteTarget{
	"gateway": peeringConnection,
})

Experimental.

func NewVPCPeeringConnection 

func NewVPCPeeringConnection(scope constructs.Construct, id *string, props *VPCPeeringConnectionProps) VPCPeeringConnection

Experimental.

type VPCPeeringConnectionOptions 

type VPCPeeringConnectionOptions struct {
	// The VPC that is accepting the peering connection.
	// Experimental.
	AcceptorVpc IVpcV2 `field:"required" json:"acceptorVpc" yaml:"acceptorVpc"`
	// The role arn created in the acceptor account.
	// Default: - no peerRoleArn needed if not cross account connection.
	//
	// Experimental.
	PeerRoleArn *string `field:"optional" json:"peerRoleArn" yaml:"peerRoleArn"`
	// The resource name of the peering connection.
	// Default: - peering connection provisioned without any name.
	//
	// Experimental.
	VpcPeeringConnectionName *string `field:"optional" json:"vpcPeeringConnectionName" yaml:"vpcPeeringConnectionName"`
}

Options to define a VPC peering connection.

Example: 

stack := awscdk.Newstack()

acceptorVpc := awsec2alpha.NewVpcV2(this, jsii.String("VpcA"), &VpcV2Props{
	PrimaryAddressBlock: awsec2alpha.IpAddresses_Ipv4(jsii.String("10.0.0.0/16")),
})

requestorVpc := awsec2alpha.NewVpcV2(this, jsii.String("VpcB"), &VpcV2Props{
	PrimaryAddressBlock: awsec2alpha.IpAddresses_*Ipv4(jsii.String("10.1.0.0/16")),
})

peeringConnection := requestorVpc.CreatePeeringConnection(jsii.String("peeringConnection"), &VPCPeeringConnectionOptions{
	AcceptorVpc: acceptorVpc,
})

routeTable := awsec2alpha.NewRouteTable(this, jsii.String("RouteTable"), &RouteTableProps{
	Vpc: requestorVpc,
})

routeTable.AddRoute(jsii.String("vpcPeeringRoute"), jsii.String("10.0.0.0/16"), map[string]iRouteTarget{
	"gateway": peeringConnection,
})

Experimental.

type VPCPeeringConnectionProps 

type VPCPeeringConnectionProps struct {
	// The VPC that is accepting the peering connection.
	// Experimental.
	AcceptorVpc IVpcV2 `field:"required" json:"acceptorVpc" yaml:"acceptorVpc"`
	// The role arn created in the acceptor account.
	// Default: - no peerRoleArn needed if not cross account connection.
	//
	// Experimental.
	PeerRoleArn *string `field:"optional" json:"peerRoleArn" yaml:"peerRoleArn"`
	// The resource name of the peering connection.
	// Default: - peering connection provisioned without any name.
	//
	// Experimental.
	VpcPeeringConnectionName *string `field:"optional" json:"vpcPeeringConnectionName" yaml:"vpcPeeringConnectionName"`
	// The VPC that is requesting the peering connection.
	// Experimental.
	RequestorVpc IVpcV2 `field:"required" json:"requestorVpc" yaml:"requestorVpc"`
}

Properties to define a VPC peering connection.

Example: 

// The code below shows an example of how to instantiate this type.
// The values are placeholders you should change.
import ec2_alpha "github.com/aws/aws-cdk-go/awsec2alpha"

var vpcV2 VpcV2

vPCPeeringConnectionProps := &VPCPeeringConnectionProps{
	AcceptorVpc: vpcV2,
	RequestorVpc: vpcV2,

	// the properties below are optional
	PeerRoleArn: jsii.String("peerRoleArn"),
	VpcPeeringConnectionName: jsii.String("vpcPeeringConnectionName"),
}

Experimental.

type VPNGatewayV2 

type VPNGatewayV2 interface {
	awscdk.Resource
	IRouteTarget
	// The environment this resource belongs to.
	//
	// For resources that are created and managed in a Stack (those created by
	// creating new class instances like `new Role()`, `new Bucket()`, etc.), this
	// is always the same as the environment of the stack they belong to.
	//
	// For referenced resources (those obtained from referencing methods like
	// `Role.fromRoleArn()`, `Bucket.fromBucketName()`, etc.), they might be
	// different than the stack they were imported into.
	// Experimental.
	Env() *interfaces.ResourceEnvironment
	// The tree node.
	// Experimental.
	Node() constructs.Node
	// Returns a string-encoded token that resolves to the physical name that should be passed to the CloudFormation resource.
	//
	// This value will resolve to one of the following:
	// - a concrete value (e.g. `"my-awesome-bucket"`)
	// - `undefined`, when a name should be generated by CloudFormation
	// - a concrete name generated automatically during synthesis, in
	//   cross-environment scenarios.
	// Experimental.
	PhysicalName() *string
	// The VPN gateway CFN resource.
	// Experimental.
	Resource() awsec2.CfnVPNGateway
	// The ID of the route target.
	// Experimental.
	RouterTargetId() *string
	// The type of router used in the route.
	// Experimental.
	RouterType() awsec2.RouterType
	// The stack in which this resource is defined.
	// Experimental.
	Stack() awscdk.Stack
	// The ID of the VPC for which to create the VPN gateway.
	// Experimental.
	VpcId() *string
	// Apply the given removal policy to this resource.
	//
	// The Removal Policy controls what happens to this resource when it stops
	// being managed by CloudFormation, either because you've removed it from the
	// CDK application or because you've made a change that requires the resource
	// to be replaced.
	//
	// The resource can be deleted (`RemovalPolicy.DESTROY`), or left in your AWS
	// account for data recovery and cleanup later (`RemovalPolicy.RETAIN`).
	// Experimental.
	ApplyRemovalPolicy(policy awscdk.RemovalPolicy)
	// Experimental.
	GeneratePhysicalName() *string
	// Returns an environment-sensitive token that should be used for the resource's "ARN" attribute (e.g. `bucket.bucketArn`).
	//
	// Normally, this token will resolve to `arnAttr`, but if the resource is
	// referenced across environments, `arnComponents` will be used to synthesize
	// a concrete ARN with the resource's physical name. Make sure to reference
	// `this.physicalName` in `arnComponents`.
	// Experimental.
	GetResourceArnAttribute(arnAttr *string, arnComponents *awscdk.ArnComponents) *string
	// Returns an environment-sensitive token that should be used for the resource's "name" attribute (e.g. `bucket.bucketName`).
	//
	// Normally, this token will resolve to `nameAttr`, but if the resource is
	// referenced across environments, it will be resolved to `this.physicalName`,
	// which will be a concrete name.
	// Experimental.
	GetResourceNameAttribute(nameAttr *string) *string
	// Returns a string representation of this construct.
	// Experimental.
	ToString() *string
	// Applies one or more mixins to this construct.
	//
	// Mixins are applied in order. The list of constructs is captured at the
	// start of the call, so constructs added by a mixin will not be visited.
	// Use multiple `with()` calls if subsequent mixins should apply to added
	// constructs.
	// Experimental.
	With(mixins ...constructs.IMixin) constructs.IConstruct
}

Creates a virtual private gateway.

Example: 

stack := awscdk.Newstack()
myVpc := awsec2alpha.NewVpcV2(this, jsii.String("Vpc"))
vpnGateway := myVpc.EnableVpnGatewayV2(&VPNGatewayV2Options{
	VpnRoutePropagation: []SubnetSelection{
		&SubnetSelection{
			SubnetType: awscdk.SubnetType_PUBLIC,
		},
	},
	Type: awscdk.VpnConnectionType_IPSEC_1,
})

routeTable := awsec2alpha.NewRouteTable(stack, jsii.String("routeTable"), &RouteTableProps{
	Vpc: myVpc,
})

awsec2alpha.NewRoute(stack, jsii.String("route"), &RouteProps{
	Destination: jsii.String("172.31.0.0/24"),
	Target: map[string]iRouteTarget{
		"gateway": vpnGateway,
	},
	RouteTable: routeTable,
})

Experimental.

func NewVPNGatewayV2 

func NewVPNGatewayV2(scope constructs.Construct, id *string, props *VPNGatewayV2Props) VPNGatewayV2

Experimental.

type VPNGatewayV2Options 

type VPNGatewayV2Options struct {
	// The type of VPN connection the virtual private gateway supports.
	// See: https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ec2-vpngateway.html#cfn-ec2-vpngateway-type
	//
	// Experimental.
	Type awsec2.VpnConnectionType `field:"required" json:"type" yaml:"type"`
	// The private Autonomous System Number (ASN) for the Amazon side of a BGP session.
	// Default: - no ASN set for BGP session.
	//
	// Experimental.
	AmazonSideAsn *float64 `field:"optional" json:"amazonSideAsn" yaml:"amazonSideAsn"`
	// The resource name of the VPN gateway.
	// Default: - resource provisioned without any name.
	//
	// Experimental.
	VpnGatewayName *string `field:"optional" json:"vpnGatewayName" yaml:"vpnGatewayName"`
	// Subnets where the route propagation should be added.
	// Default: - no propagation for routes.
	//
	// Experimental.
	VpnRoutePropagation *[]*awsec2.SubnetSelection `field:"optional" json:"vpnRoutePropagation" yaml:"vpnRoutePropagation"`
}

Options to define VPNGatewayV2 for VPC.

Example: 

stack := awscdk.Newstack()
myVpc := awsec2alpha.NewVpcV2(this, jsii.String("Vpc"))
vpnGateway := myVpc.EnableVpnGatewayV2(&VPNGatewayV2Options{
	VpnRoutePropagation: []SubnetSelection{
		&SubnetSelection{
			SubnetType: awscdk.SubnetType_PUBLIC,
		},
	},
	Type: awscdk.VpnConnectionType_IPSEC_1,
})

routeTable := awsec2alpha.NewRouteTable(stack, jsii.String("routeTable"), &RouteTableProps{
	Vpc: myVpc,
})

awsec2alpha.NewRoute(stack, jsii.String("route"), &RouteProps{
	Destination: jsii.String("172.31.0.0/24"),
	Target: map[string]iRouteTarget{
		"gateway": vpnGateway,
	},
	RouteTable: routeTable,
})

Experimental.

type VPNGatewayV2Props 

type VPNGatewayV2Props struct {
	// The type of VPN connection the virtual private gateway supports.
	// See: https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ec2-vpngateway.html#cfn-ec2-vpngateway-type
	//
	// Experimental.
	Type awsec2.VpnConnectionType `field:"required" json:"type" yaml:"type"`
	// The private Autonomous System Number (ASN) for the Amazon side of a BGP session.
	// Default: - no ASN set for BGP session.
	//
	// Experimental.
	AmazonSideAsn *float64 `field:"optional" json:"amazonSideAsn" yaml:"amazonSideAsn"`
	// The resource name of the VPN gateway.
	// Default: - resource provisioned without any name.
	//
	// Experimental.
	VpnGatewayName *string `field:"optional" json:"vpnGatewayName" yaml:"vpnGatewayName"`
	// Subnets where the route propagation should be added.
	// Default: - no propagation for routes.
	//
	// Experimental.
	VpnRoutePropagation *[]*awsec2.SubnetSelection `field:"optional" json:"vpnRoutePropagation" yaml:"vpnRoutePropagation"`
	// The ID of the VPC for which to create the VPN gateway.
	// Experimental.
	Vpc IVpcV2 `field:"required" json:"vpc" yaml:"vpc"`
}

Properties to define a VPN gateway.

Example: 

// The code below shows an example of how to instantiate this type.
// The values are placeholders you should change.
import ec2_alpha "github.com/aws/aws-cdk-go/awsec2alpha"
import "github.com/aws/aws-cdk-go/awscdk"

var subnet Subnet
var subnetFilter SubnetFilter
var vpcV2 VpcV2

vPNGatewayV2Props := &VPNGatewayV2Props{
	Type: awscdk.Aws_ec2.VpnConnectionType_IPSEC_1,
	Vpc: vpcV2,

	// the properties below are optional
	AmazonSideAsn: jsii.Number(123),
	VpnGatewayName: jsii.String("vpnGatewayName"),
	VpnRoutePropagation: []SubnetSelection{
		&SubnetSelection{
			AvailabilityZones: []*string{
				jsii.String("availabilityZones"),
			},
			OnePerAz: jsii.Boolean(false),
			SubnetFilters: []SubnetFilter{
				subnetFilter,
			},
			SubnetGroupName: jsii.String("subnetGroupName"),
			Subnets: []ISubnet{
				subnet,
			},
			SubnetType: awscdk.*Aws_ec2.SubnetType_PRIVATE_ISOLATED,
		},
	},
}

Experimental.

type VpcCidrOptions 

type VpcCidrOptions struct {
	// Use amazon provided IP range.
	// Default: false.
	//
	// Experimental.
	AmazonProvided *bool `field:"optional" json:"amazonProvided" yaml:"amazonProvided"`
	// Required to set Secondary cidr block resource name in order to generate unique logical id for the resource.
	// Default: - no name for primary addresses.
	//
	// Experimental.
	CidrBlockName *string `field:"optional" json:"cidrBlockName" yaml:"cidrBlockName"`
	// Dependency to associate Ipv6 CIDR block.
	// Default: - No dependency.
	//
	// Experimental.
	Dependencies *[]awscdk.CfnResource `field:"optional" json:"dependencies" yaml:"dependencies"`
	// IPv4 CIDR Block.
	// Default: '10.0.0.0/16'
	//
	// Experimental.
	Ipv4CidrBlock *string `field:"optional" json:"ipv4CidrBlock" yaml:"ipv4CidrBlock"`
	// Ipv4 IPAM Pool.
	// Default: - Only required when using IPAM Ipv4.
	//
	// Experimental.
	Ipv4IpamPool IIpamPool `field:"optional" json:"ipv4IpamPool" yaml:"ipv4IpamPool"`
	// IPv4 CIDR provisioned under pool Required to check for overlapping CIDRs after provisioning is complete under IPAM pool.
	// Default: - no IPAM IPv4 CIDR range is provisioned using IPAM.
	//
	// Experimental.
	Ipv4IpamProvisionedCidrs *[]*string `field:"optional" json:"ipv4IpamProvisionedCidrs" yaml:"ipv4IpamProvisionedCidrs"`
	// CIDR Mask for Vpc.
	// Default: - Only required when using IPAM Ipv4.
	//
	// Experimental.
	Ipv4NetmaskLength *float64 `field:"optional" json:"ipv4NetmaskLength" yaml:"ipv4NetmaskLength"`
	// IPv6 CIDR block from the BOYIP IPv6 address pool.
	// Default: - None.
	//
	// Experimental.
	Ipv6CidrBlock *string `field:"optional" json:"ipv6CidrBlock" yaml:"ipv6CidrBlock"`
	// Ipv6 IPAM pool id for VPC range, can only be defined under public scope.
	// Default: - no pool id.
	//
	// Experimental.
	Ipv6IpamPool IIpamPool `field:"optional" json:"ipv6IpamPool" yaml:"ipv6IpamPool"`
	// CIDR Mask for Vpc.
	// Default: - Only required when using AWS Ipam.
	//
	// Experimental.
	Ipv6NetmaskLength *float64 `field:"optional" json:"ipv6NetmaskLength" yaml:"ipv6NetmaskLength"`
	// ID of the BYOIP IPv6 address pool from which to allocate the IPv6 CIDR block.
	// Default: - None.
	//
	// Experimental.
	Ipv6PoolId *string `field:"optional" json:"ipv6PoolId" yaml:"ipv6PoolId"`
}

Consolidated return parameters to pass to VPC construct.

Example: 

// The code below shows an example of how to instantiate this type.
// The values are placeholders you should change.
import ec2_alpha "github.com/aws/aws-cdk-go/awsec2alpha"
import cdk "github.com/aws/aws-cdk-go/awscdk"

var cfnResource CfnResource
var ipamPool IIpamPool

vpcCidrOptions := &VpcCidrOptions{
	AmazonProvided: jsii.Boolean(false),
	CidrBlockName: jsii.String("cidrBlockName"),
	Dependencies: []CfnResource{
		cfnResource,
	},
	Ipv4CidrBlock: jsii.String("ipv4CidrBlock"),
	Ipv4IpamPool: ipamPool,
	Ipv4IpamProvisionedCidrs: []*string{
		jsii.String("ipv4IpamProvisionedCidrs"),
	},
	Ipv4NetmaskLength: jsii.Number(123),
	Ipv6CidrBlock: jsii.String("ipv6CidrBlock"),
	Ipv6IpamPool: ipamPool,
	Ipv6NetmaskLength: jsii.Number(123),
	Ipv6PoolId: jsii.String("ipv6PoolId"),
}

Experimental.

type VpcV2 

type VpcV2 interface {
	VpcV2Base
	// AZs for this VPC.
	// Experimental.
	AvailabilityZones() *[]*string
	// Indicates if instances launched in this VPC will have public DNS hostnames.
	// Experimental.
	DnsHostnamesEnabled() *bool
	// Indicates if DNS support is enabled for this VPC.
	// Experimental.
	DnsSupportEnabled() *bool
	// Returns the id of the Egress Only Internet Gateway (if enabled).
	// Experimental.
	EgressOnlyInternetGatewayId() *string
	// The environment this resource belongs to.
	//
	// For resources that are created and managed in a Stack (those created by
	// creating new class instances like `new Role()`, `new Bucket()`, etc.), this
	// is always the same as the environment of the stack they belong to.
	//
	// For referenced resources (those obtained from referencing methods like
	// `Role.fromRoleArn()`, `Bucket.fromBucketName()`, etc.), they might be
	// different than the stack they were imported into.
	// Experimental.
	Env() *interfaces.ResourceEnvironment
	// If this is set to true, don't error out on trying to select subnets.
	// Experimental.
	IncompleteSubnetDefinition() *bool
	// Experimental.
	SetIncompleteSubnetDefinition(val *bool)
	// To define dependency on internet connectivity.
	// Experimental.
	InternetConnectivityEstablished() constructs.IDependable
	// Returns the id of the Internet Gateway (if enabled).
	// Experimental.
	InternetGatewayId() *string
	// The provider of ipv4 addresses.
	// Experimental.
	IpAddresses() IIpAddresses
	// The primary IPv4 CIDR block associated with the VPC.
	//
	// Needed in order to validate the vpc range of subnet
	// current prop vpcCidrBlock refers to the token value
	// For more information, see the {@link https://docs.aws.amazon.com/vpc/latest/userguide/vpc-cidr-blocks.html#vpc-sizing-ipv4}.
	// Experimental.
	Ipv4CidrBlock() *string
	// IPv4 CIDR provisioned using IPAM pool Required to check for overlapping CIDRs after provisioning is complete under IPAM.
	// Experimental.
	Ipv4IpamProvisionedCidrs() *[]*string
	// The IPv6 CIDR blocks for the VPC.
	//
	// See https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ec2-vpc.html#aws-resource-ec2-vpc-return-values
	// Experimental.
	Ipv6CidrBlocks() *[]*string
	// Isolated Subnets that are part of this VPC.
	// Experimental.
	IsolatedSubnets() *[]awsec2.ISubnet
	// The tree node.
	// Experimental.
	Node() constructs.Node
	// Identifier of the owner for this VPC.
	// Experimental.
	OwnerAccountId() *string
	// Returns a string-encoded token that resolves to the physical name that should be passed to the CloudFormation resource.
	//
	// This value will resolve to one of the following:
	// - a concrete value (e.g. `"my-awesome-bucket"`)
	// - `undefined`, when a name should be generated by CloudFormation
	// - a concrete name generated automatically during synthesis, in
	//   cross-environment scenarios.
	// Experimental.
	PhysicalName() *string
	// Public Subnets that are part of this VPC.
	// Experimental.
	PrivateSubnets() *[]awsec2.ISubnet
	// Public Subnets that are part of this VPC.
	// Experimental.
	PublicSubnets() *[]awsec2.ISubnet
	// Region for this VPC.
	// Experimental.
	Region() *string
	// The AWS CloudFormation resource representing the VPC.
	// Experimental.
	Resource() awsec2.CfnVPC
	// reference to all secondary blocks attached.
	// Experimental.
	SecondaryCidrBlock() *[]IVPCCidrBlock
	// The stack in which this resource is defined.
	// Experimental.
	Stack() awscdk.Stack
	// For validation to define IPv6 subnets, set to true in case of Amazon Provided IPv6 cidr range if true, IPv6 addresses can be attached to the subnets.
	// Default: false.
	//
	// Experimental.
	UseIpv6() *bool
	// Arn of this VPC.
	// Experimental.
	VpcArn() *string
	// CIDR range for this VPC.
	// Experimental.
	VpcCidrBlock() *string
	// Identifier for this VPC.
	// Experimental.
	VpcId() *string
	// VpcName to be used for tagging its components.
	// Experimental.
	VpcName() *string
	// A reference to a VPC resource.
	// Experimental.
	VpcRef() *interfacesawsec2.VPCReference
	// Returns the id of the VPN Gateway (if enabled).
	// Experimental.
	VpnGatewayId() *string
	// Adds a new client VPN endpoint to this VPC.
	// Experimental.
	AddClientVpnEndpoint(id *string, options *awsec2.ClientVpnEndpointOptions) awsec2.ClientVpnEndpoint
	// Adds a new Egress Only Internet Gateway to this VPC and defines a new route to the route table of given subnets.
	// Default: - in case of no input subnets, no route is created.
	//
	// Experimental.
	AddEgressOnlyInternetGateway(options *EgressOnlyInternetGatewayOptions) EgressOnlyInternetGateway
	// Adds a new flow log to this VPC.
	// Experimental.
	AddFlowLog(id *string, options *awsec2.FlowLogOptions) awsec2.FlowLog
	// Adds a new gateway endpoint to this VPC.
	// Experimental.
	AddGatewayEndpoint(id *string, options *awsec2.GatewayVpcEndpointOptions) awsec2.GatewayVpcEndpoint
	// Adds a new interface endpoint to this VPC.
	// Experimental.
	AddInterfaceEndpoint(id *string, options *awsec2.InterfaceVpcEndpointOptions) awsec2.InterfaceVpcEndpoint
	// Adds a new Internet Gateway to this VPC.
	// Default: - creates a new route for public subnets(with all outbound access) to the Internet Gateway.
	//
	// Experimental.
	AddInternetGateway(options *InternetGatewayOptions) InternetGateway
	// Adds a new NAT Gateway to the given subnet of this VPC of given subnets.
	// Experimental.
	AddNatGateway(options *NatGatewayOptions) NatGateway
	// Adds a new VPN connection to this VPC.
	// Experimental.
	AddVpnConnection(id *string, options *awsec2.VpnConnectionOptions) awsec2.VpnConnection
	// Apply the given removal policy to this resource.
	//
	// The Removal Policy controls what happens to this resource when it stops
	// being managed by CloudFormation, either because you've removed it from the
	// CDK application or because you've made a change that requires the resource
	// to be replaced.
	//
	// The resource can be deleted (`RemovalPolicy.DESTROY`), or left in your AWS
	// account for data recovery and cleanup later (`RemovalPolicy.RETAIN`).
	// Experimental.
	ApplyRemovalPolicy(policy awscdk.RemovalPolicy)
	// Creates peering connection role for acceptor VPC.
	// Experimental.
	CreateAcceptorVpcRole(requestorAccountId *string) awsiam.Role
	// Creates a peering connection.
	// Experimental.
	CreatePeeringConnection(id *string, options *VPCPeeringConnectionOptions) VPCPeeringConnection
	// Adds a VPN Gateway to this VPC.
	// Deprecated: use enableVpnGatewayV2 for compatibility with VPCV2.Route
	EnableVpnGateway(options *awsec2.EnableVpnGatewayOptions)
	// Adds VPNGAtewayV2 to this VPC.
	// Experimental.
	EnableVpnGatewayV2(options *VPNGatewayV2Options) VPNGatewayV2
	// Experimental.
	GeneratePhysicalName() *string
	// Returns an environment-sensitive token that should be used for the resource's "ARN" attribute (e.g. `bucket.bucketArn`).
	//
	// Normally, this token will resolve to `arnAttr`, but if the resource is
	// referenced across environments, `arnComponents` will be used to synthesize
	// a concrete ARN with the resource's physical name. Make sure to reference
	// `this.physicalName` in `arnComponents`.
	// Experimental.
	GetResourceArnAttribute(arnAttr *string, arnComponents *awscdk.ArnComponents) *string
	// Returns an environment-sensitive token that should be used for the resource's "name" attribute (e.g. `bucket.bucketName`).
	//
	// Normally, this token will resolve to `nameAttr`, but if the resource is
	// referenced across environments, it will be resolved to `this.physicalName`,
	// which will be a concrete name.
	// Experimental.
	GetResourceNameAttribute(nameAttr *string) *string
	// Return the subnets appropriate for the placement strategy.
	// Experimental.
	SelectSubnetObjects(selection *awsec2.SubnetSelection) *[]awsec2.ISubnet
	// Return information on the subnets appropriate for the given selection strategy.
	//
	// Requires that at least one subnet is matched, throws a descriptive
	// error message otherwise.
	// Experimental.
	SelectSubnets(selection *awsec2.SubnetSelection) *awsec2.SelectedSubnets
	// Returns a string representation of this construct.
	// Experimental.
	ToString() *string
	// Applies one or more mixins to this construct.
	//
	// Mixins are applied in order. The list of constructs is captured at the
	// start of the call, so constructs added by a mixin will not be visited.
	// Use multiple `with()` calls if subsequent mixins should apply to added
	// constructs.
	// Experimental.
	With(mixins ...constructs.IMixin) constructs.IConstruct
}

This class provides a foundation for creating and configuring a VPC with advanced features such as IPAM (IP Address Management) and IPv6 support.

For more information, see the {@link https://docs.aws.amazon.com/cdk/api/v2/docs/aws-cdk-lib.aws_ec2.Vpc.html AWS CDK Documentation on VPCs}.

Example: 

stack := awscdk.Newstack()
myVpc := awsec2alpha.NewVpcV2(this, jsii.String("Vpc"), &VpcV2Props{
	PrimaryAddressBlock: awsec2alpha.IpAddresses_Ipv4(jsii.String("10.1.0.0/16")),
	SecondaryAddressBlocks: []IIpAddresses{
		awsec2alpha.IpAddresses_AmazonProvidedIpv6(&SecondaryAddressProps{
			CidrBlockName: jsii.String("AmazonProvided"),
		}),
	},
})

eigw := awsec2alpha.NewEgressOnlyInternetGateway(this, jsii.String("EIGW"), &EgressOnlyInternetGatewayProps{
	Vpc: myVpc,
})

routeTable := awsec2alpha.NewRouteTable(this, jsii.String("RouteTable"), &RouteTableProps{
	Vpc: myVpc,
})

routeTable.AddRoute(jsii.String("EIGW"), jsii.String("::/0"), map[string]iRouteTarget{
	"gateway": eigw,
})

Experimental.

func NewVpcV2 

func NewVpcV2(scope constructs.Construct, id *string, props *VpcV2Props) VpcV2

Experimental.

type VpcV2Attributes 

type VpcV2Attributes struct {
	// Primary VPC CIDR Block of the imported VPC Can only be IPv4.
	// Experimental.
	VpcCidrBlock *string `field:"required" json:"vpcCidrBlock" yaml:"vpcCidrBlock"`
	// The VPC ID Refers to physical Id of the resource.
	// Experimental.
	VpcId *string `field:"required" json:"vpcId" yaml:"vpcId"`
	// The ID of the AWS account that owns the imported VPC required in case of cross account VPC as given value will be used to set field account for imported VPC, which then later can be used for establishing VPC peering connection.
	// Default: - constructed with stack account value.
	//
	// Experimental.
	OwnerAccountId *string `field:"optional" json:"ownerAccountId" yaml:"ownerAccountId"`
	// Region in which imported VPC is hosted required in case of cross region VPC as given value will be used to set field region for imported VPC, which then later can be used for establishing VPC peering connection.
	// Default: - constructed with stack region value.
	//
	// Experimental.
	Region *string `field:"optional" json:"region" yaml:"region"`
	// Import Secondary CIDR blocks associated with VPC.
	// Default: - No secondary IP address.
	//
	// Experimental.
	SecondaryCidrBlocks *[]*VPCCidrBlockattributes `field:"optional" json:"secondaryCidrBlocks" yaml:"secondaryCidrBlocks"`
	// Subnets associated with imported VPC.
	// Default: - no subnets provided to be imported.
	//
	// Experimental.
	Subnets *[]*SubnetV2Attributes `field:"optional" json:"subnets" yaml:"subnets"`
	// A VPN Gateway is attached to the VPC.
	// Default: - No VPN Gateway.
	//
	// Experimental.
	VpnGatewayId *string `field:"optional" json:"vpnGatewayId" yaml:"vpnGatewayId"`
}

Options to import a VPC created outside of CDK stack.

Example: 

stack := awscdk.Newstack()

acceptorVpc := awsec2alpha.VpcV2_FromVpcV2Attributes(this, jsii.String("acceptorVpc"), &VpcV2Attributes{
	VpcId: jsii.String("vpc-XXXX"),
	VpcCidrBlock: jsii.String("10.0.0.0/16"),
	Region: jsii.String("us-east-2"),
	OwnerAccountId: jsii.String("111111111111"),
})

acceptorRoleArn := "arn:aws:iam::111111111111:role/VpcPeeringRole"

requestorVpc := awsec2alpha.NewVpcV2(this, jsii.String("VpcB"), &VpcV2Props{
	PrimaryAddressBlock: awsec2alpha.IpAddresses_Ipv4(jsii.String("10.1.0.0/16")),
})

peeringConnection := requestorVpc.CreatePeeringConnection(jsii.String("crossAccountCrossRegionPeering"), &VPCPeeringConnectionOptions{
	AcceptorVpc: acceptorVpc,
	PeerRoleArn: acceptorRoleArn,
})

Experimental.

type VpcV2Base 

type VpcV2Base interface {
	awscdk.Resource
	IVpcV2
	// AZs for this VPC.
	// Experimental.
	AvailabilityZones() *[]*string
	// Returns the id of the Egress Only Internet Gateway (if enabled).
	// Experimental.
	EgressOnlyInternetGatewayId() *string
	// The environment this resource belongs to.
	//
	// For resources that are created and managed in a Stack (those created by
	// creating new class instances like `new Role()`, `new Bucket()`, etc.), this
	// is always the same as the environment of the stack they belong to.
	//
	// For referenced resources (those obtained from referencing methods like
	// `Role.fromRoleArn()`, `Bucket.fromBucketName()`, etc.), they might be
	// different than the stack they were imported into.
	// Experimental.
	Env() *interfaces.ResourceEnvironment
	// If this is set to true, don't error out on trying to select subnets.
	// Experimental.
	IncompleteSubnetDefinition() *bool
	// Experimental.
	SetIncompleteSubnetDefinition(val *bool)
	// Dependable that can be depended upon to force internet connectivity established on the VPC.
	// Experimental.
	InternetConnectivityEstablished() constructs.IDependable
	// Returns the id of the Internet Gateway (if enabled).
	// Experimental.
	InternetGatewayId() *string
	// The primary IPv4 CIDR block associated with the VPC.
	//
	// Needed in order to validate the vpc range of subnet
	// current prop vpcCidrBlock refers to the token value
	// For more information, see the {@link https://docs.aws.amazon.com/vpc/latest/userguide/vpc-cidr-blocks.html#vpc-sizing-ipv4}.
	// Experimental.
	Ipv4CidrBlock() *string
	// IPv4 CIDR provisioned under pool Required to check for overlapping CIDRs after provisioning is complete under IPAM pool.
	// Experimental.
	Ipv4IpamProvisionedCidrs() *[]*string
	// List of isolated subnets in this VPC.
	// Experimental.
	IsolatedSubnets() *[]awsec2.ISubnet
	// The tree node.
	// Experimental.
	Node() constructs.Node
	// Identifier of the owner for this VPC.
	// Experimental.
	OwnerAccountId() *string
	// Returns a string-encoded token that resolves to the physical name that should be passed to the CloudFormation resource.
	//
	// This value will resolve to one of the following:
	// - a concrete value (e.g. `"my-awesome-bucket"`)
	// - `undefined`, when a name should be generated by CloudFormation
	// - a concrete name generated automatically during synthesis, in
	//   cross-environment scenarios.
	// Experimental.
	PhysicalName() *string
	// List of private subnets in this VPC.
	// Experimental.
	PrivateSubnets() *[]awsec2.ISubnet
	// List of public subnets in this VPC.
	// Experimental.
	PublicSubnets() *[]awsec2.ISubnet
	// Region for this VPC.
	// Experimental.
	Region() *string
	// Secondary IPs for the VPC, can be multiple Ipv4 or Ipv6 Ipv4 should be within RFC#1918 range.
	// Experimental.
	SecondaryCidrBlock() *[]IVPCCidrBlock
	// The stack in which this resource is defined.
	// Experimental.
	Stack() awscdk.Stack
	// Arn of this VPC.
	// Experimental.
	VpcArn() *string
	// CIDR range for this VPC.
	// Experimental.
	VpcCidrBlock() *string
	// Identifier for this VPC.
	// Experimental.
	VpcId() *string
	// VpcName to be used for tagging its components.
	// Experimental.
	VpcName() *string
	// A reference to a VPC resource.
	// Experimental.
	VpcRef() *interfacesawsec2.VPCReference
	// Returns the id of the VPN Gateway (if enabled).
	// Experimental.
	VpnGatewayId() *string
	// Adds a new client VPN endpoint to this VPC.
	// Experimental.
	AddClientVpnEndpoint(id *string, options *awsec2.ClientVpnEndpointOptions) awsec2.ClientVpnEndpoint
	// Adds a new Egress Only Internet Gateway to this VPC and defines a new route to the route table of given subnets.
	// Default: - in case of no input subnets, no route is created.
	//
	// Experimental.
	AddEgressOnlyInternetGateway(options *EgressOnlyInternetGatewayOptions) EgressOnlyInternetGateway
	// Adds a new flow log to this VPC.
	// Experimental.
	AddFlowLog(id *string, options *awsec2.FlowLogOptions) awsec2.FlowLog
	// Adds a new gateway endpoint to this VPC.
	// Experimental.
	AddGatewayEndpoint(id *string, options *awsec2.GatewayVpcEndpointOptions) awsec2.GatewayVpcEndpoint
	// Adds a new interface endpoint to this VPC.
	// Experimental.
	AddInterfaceEndpoint(id *string, options *awsec2.InterfaceVpcEndpointOptions) awsec2.InterfaceVpcEndpoint
	// Adds a new Internet Gateway to this VPC.
	// Default: - creates a new route for public subnets(with all outbound access) to the Internet Gateway.
	//
	// Experimental.
	AddInternetGateway(options *InternetGatewayOptions) InternetGateway
	// Adds a new NAT Gateway to the given subnet of this VPC of given subnets.
	// Experimental.
	AddNatGateway(options *NatGatewayOptions) NatGateway
	// Adds a new VPN connection to this VPC.
	// Experimental.
	AddVpnConnection(id *string, options *awsec2.VpnConnectionOptions) awsec2.VpnConnection
	// Apply the given removal policy to this resource.
	//
	// The Removal Policy controls what happens to this resource when it stops
	// being managed by CloudFormation, either because you've removed it from the
	// CDK application or because you've made a change that requires the resource
	// to be replaced.
	//
	// The resource can be deleted (`RemovalPolicy.DESTROY`), or left in your AWS
	// account for data recovery and cleanup later (`RemovalPolicy.RETAIN`).
	// Experimental.
	ApplyRemovalPolicy(policy awscdk.RemovalPolicy)
	// Creates peering connection role for acceptor VPC.
	// Experimental.
	CreateAcceptorVpcRole(requestorAccountId *string) awsiam.Role
	// Creates a peering connection.
	// Experimental.
	CreatePeeringConnection(id *string, options *VPCPeeringConnectionOptions) VPCPeeringConnection
	// Adds a VPN Gateway to this VPC.
	// Deprecated: use enableVpnGatewayV2 for compatibility with VPCV2.Route
	EnableVpnGateway(options *awsec2.EnableVpnGatewayOptions)
	// Adds VPNGAtewayV2 to this VPC.
	// Experimental.
	EnableVpnGatewayV2(options *VPNGatewayV2Options) VPNGatewayV2
	// Experimental.
	GeneratePhysicalName() *string
	// Returns an environment-sensitive token that should be used for the resource's "ARN" attribute (e.g. `bucket.bucketArn`).
	//
	// Normally, this token will resolve to `arnAttr`, but if the resource is
	// referenced across environments, `arnComponents` will be used to synthesize
	// a concrete ARN with the resource's physical name. Make sure to reference
	// `this.physicalName` in `arnComponents`.
	// Experimental.
	GetResourceArnAttribute(arnAttr *string, arnComponents *awscdk.ArnComponents) *string
	// Returns an environment-sensitive token that should be used for the resource's "name" attribute (e.g. `bucket.bucketName`).
	//
	// Normally, this token will resolve to `nameAttr`, but if the resource is
	// referenced across environments, it will be resolved to `this.physicalName`,
	// which will be a concrete name.
	// Experimental.
	GetResourceNameAttribute(nameAttr *string) *string
	// Return the subnets appropriate for the placement strategy.
	// Experimental.
	SelectSubnetObjects(selection *awsec2.SubnetSelection) *[]awsec2.ISubnet
	// Return information on the subnets appropriate for the given selection strategy.
	//
	// Requires that at least one subnet is matched, throws a descriptive
	// error message otherwise.
	// Experimental.
	SelectSubnets(selection *awsec2.SubnetSelection) *awsec2.SelectedSubnets
	// Returns a string representation of this construct.
	// Experimental.
	ToString() *string
	// Applies one or more mixins to this construct.
	//
	// Mixins are applied in order. The list of constructs is captured at the
	// start of the call, so constructs added by a mixin will not be visited.
	// Use multiple `with()` calls if subsequent mixins should apply to added
	// constructs.
	// Experimental.
	With(mixins ...constructs.IMixin) constructs.IConstruct
}

Base class for creating a VPC (Virtual Private Cloud) in AWS.

For more information, see the {@link https://docs.aws.amazon.com/cdk/api/v2/docs/aws-cdk-lib.aws_ec2.Vpc.html AWS CDK Documentation on VPCs}. Experimental.

type VpcV2Props 

type VpcV2Props struct {
	// The default tenancy of instances launched into the VPC.
	//
	// By setting this to dedicated tenancy, instances will be launched on
	// hardware dedicated to a single AWS customer, unless specifically specified
	// at instance launch time. Please note, not all instance types are usable
	// with Dedicated tenancy.
	// Default: DefaultInstanceTenancy.Default (shared) tenancy
	//
	// Experimental.
	DefaultInstanceTenancy awsec2.DefaultInstanceTenancy `field:"optional" json:"defaultInstanceTenancy" yaml:"defaultInstanceTenancy"`
	// Indicates whether the instances launched in the VPC get DNS hostnames.
	// Default: true.
	//
	// Experimental.
	EnableDnsHostnames *bool `field:"optional" json:"enableDnsHostnames" yaml:"enableDnsHostnames"`
	// Indicates whether the DNS resolution is supported for the VPC.
	// Default: true.
	//
	// Experimental.
	EnableDnsSupport *bool `field:"optional" json:"enableDnsSupport" yaml:"enableDnsSupport"`
	// A must IPv4 CIDR block for the VPC.
	// See: https://docs.aws.amazon.com/vpc/latest/userguide/vpc-cidr-blocks.html
	//
	// Default: - Ipv4 CIDR Block ('10.0.0.0/16')
	//
	// Experimental.
	PrimaryAddressBlock IIpAddresses `field:"optional" json:"primaryAddressBlock" yaml:"primaryAddressBlock"`
	// The secondary CIDR blocks associated with the VPC.
	//
	// Can be  IPv4 or IPv6, two IPv4 ranges must follow RFC#1918 convention
	// For more information,.
	// See: https://docs.aws.amazon.com/vpc/latest/userguide/vpc-cidr-blocks.html#vpc-resize}.
	//
	// Default: - No secondary IP address.
	//
	// Experimental.
	SecondaryAddressBlocks *[]IIpAddresses `field:"optional" json:"secondaryAddressBlocks" yaml:"secondaryAddressBlocks"`
	// Physical name for the VPC.
	// Default: - autogenerated by CDK.
	//
	// Experimental.
	VpcName *string `field:"optional" json:"vpcName" yaml:"vpcName"`
}

Properties to define VPC [disable-awslint:from-method].

Example: 

stack := awscdk.Newstack()
myVpc := awsec2alpha.NewVpcV2(this, jsii.String("Vpc"), &VpcV2Props{
	PrimaryAddressBlock: awsec2alpha.IpAddresses_Ipv4(jsii.String("10.1.0.0/16")),
	SecondaryAddressBlocks: []IIpAddresses{
		awsec2alpha.IpAddresses_AmazonProvidedIpv6(&SecondaryAddressProps{
			CidrBlockName: jsii.String("AmazonProvided"),
		}),
	},
})

eigw := awsec2alpha.NewEgressOnlyInternetGateway(this, jsii.String("EIGW"), &EgressOnlyInternetGatewayProps{
	Vpc: myVpc,
})

routeTable := awsec2alpha.NewRouteTable(this, jsii.String("RouteTable"), &RouteTableProps{
	Vpc: myVpc,
})

routeTable.AddRoute(jsii.String("EIGW"), jsii.String("::/0"), map[string]iRouteTarget{
	"gateway": eigw,
})

Experimental.

Source Files

View all Source files

Directories

Path Synopsis
Package jsii contains the functionaility needed for jsii packages to initialize their dependencies and themselves.
 Package jsii contains the functionaility needed for jsii packages to initialize their dependencies and themselves.

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.