Amazon EC2

This creates a linux bastion host you can use to connect to other instances or services in your VPC. The recommended way to connect to the bastion host is by using AWS Systems Manager Session Manager. The operating system is Amazon Linux 2 with the latest SSM agent installed You can also configure this bastion host to allow connections via SSH

A client VPN authorization rule.

A client VPN connection.

A client VPN route.

A VPC flow log.

A gateway VPC endpoint.

This represents a single EC2 instance.

A interface VPC endpoint.

An EC2 Key Pair.

This represents an EC2 LaunchTemplate.

Define a new custom network ACL. By default, will deny all inbound and outbound traffic unless entries are added explicitly allowing it.

Define an entry in a Network ACL table.

Defines a placement group. Placement groups give you fine-grained control over where your instances are provisioned.

A managed prefix list.

Represents a private VPC subnet resource.

Represents a public VPC subnet resource.

Creates an Amazon EC2 security group within a VPC. Security Groups act like a firewall with a set of rules, and are associated with any AWS resource that has or creates Elastic Network Interfaces (ENIs). A typical example of a resource that has a security group is an Instance (or Auto Scaling Group of instances) If you are defining new infrastructure in CDK, there is a good chance you won't have to interact with this class at all. Like IAM Roles, Security Groups need to exist to control access between AWS resources, but CDK will automatically generate and populate them with least-privilege permissions for you so you can concentrate on your business logic. All Constructs that require Security Groups will create one for you if you don't specify one at construction. After construction, you can selectively allow connections to and between constructs via--for example-- the `instance.connections` object. Think of it as "allowing connections to your instance", rather than "adding ingress rules a security group". See the [Allowing Connections](https://docs.aws.amazon.com/cdk/api/latest/docs/aws-cdk-lib.aws_ec2-readme.html#allowing-connections) section in the library documentation for examples. Direct manipulation of the Security Group through `addIngressRule` and `addEgressRule` is possible, but mutation through the `.connections` object is recommended. If you peer two constructs with security groups this way, appropriate rules will be created in both. If you have an existing security group you want to use in your CDK application, you would import it like this: ```ts const securityGroup = ec2.SecurityGroup.fromSecurityGroupId(this, 'SG', 'sg-12345', { mutable: false }); ```

Represents a new VPC subnet resource.

Creates a new EBS Volume in AWS EC2.

Define an AWS Virtual Private Cloud. See the package-level documentation of this package for an overview of the various dimensions in which you can configure your VPC. For example: ```ts const vpc = new ec2.Vpc(this, 'TheVPC', { ipAddresses: ec2.IpAddresses.cidr('10.0.0.0/16'), }) // Iterate the private subnets const selection = vpc.selectSubnets({ subnetType: ec2.SubnetType.PRIVATE_WITH_EGRESS }); for (const subnet of selection.subnets) { // ... } ```

A VPC endpoint service.

Define a VPN Connection.

The VPN Gateway that shall be added to the VPC.