Skip to content

Latest commit

 

History

History
606 lines (365 loc) · 21.5 KB

API.md

File metadata and controls

606 lines (365 loc) · 21.5 KB

API Reference

Constructs

SecurityGroup

Initializers 

import { SecurityGroup } from '@pepperize/cdk-security-group'

new SecurityGroup(scope: Construct, id: string, props: SecurityGroupProps)
Name Type Description
scope constructs.Construct No description.
id string No description.
props SecurityGroupProps No description.
scopeRequired
  • Type: constructs.Construct
idRequired
  • Type: string
propsRequired

Methods

Name Description
toString Returns a string representation of this construct.
applyRemovalPolicy Apply the given removal policy to this resource.
addEgressRule Add an egress rule for the current security group.
addIngressRule Add an ingress rule for the current security group.
toEgressRuleConfig Produce the egress rule JSON for the given connection.
toIngressRuleConfig Produce the ingress rule JSON for the given connection.
toString 
public toString(): string

Returns a string representation of this construct.

applyRemovalPolicy 
public applyRemovalPolicy(policy: RemovalPolicy): void

Apply the given removal policy to this resource.

The Removal Policy controls what happens to this resource when it stops being managed by CloudFormation, either because you've removed it from the CDK application or because you've made a change that requires the resource to be replaced.

The resource can be deleted (RemovalPolicy.DESTROY), or left in your AWS account for data recovery and cleanup later (RemovalPolicy.RETAIN).

policyRequired
  • Type: aws-cdk-lib.RemovalPolicy
addEgressRule 
public addEgressRule(peer: IPeer, connection: Port, description?: string, remoteRule?: boolean): void

Add an egress rule for the current security group.

remoteRule controls where the Rule object is created if the peer is also a securityGroup and they are in different stack. If false (default) the rule object is created under the current SecurityGroup object. If true and the peer is also a SecurityGroup, the rule object is created under the remote SecurityGroup object.

peerRequired
  • Type: aws-cdk-lib.aws_ec2.IPeer
connectionRequired
  • Type: aws-cdk-lib.aws_ec2.Port
descriptionOptional
  • Type: string
remoteRuleOptional
  • Type: boolean
addIngressRule 
public addIngressRule(peer: IPeer, connection: Port, description?: string, remoteRule?: boolean): void

Add an ingress rule for the current security group.

remoteRule controls where the Rule object is created if the peer is also a securityGroup and they are in different stack. If false (default) the rule object is created under the current SecurityGroup object. If true and the peer is also a SecurityGroup, the rule object is created under the remote SecurityGroup object.

peerRequired
  • Type: aws-cdk-lib.aws_ec2.IPeer
connectionRequired
  • Type: aws-cdk-lib.aws_ec2.Port
descriptionOptional
  • Type: string
remoteRuleOptional
  • Type: boolean
toEgressRuleConfig 
public toEgressRuleConfig(): any

Produce the egress rule JSON for the given connection.

toIngressRuleConfig 
public toIngressRuleConfig(): any

Produce the ingress rule JSON for the given connection.

Static Functions

Name Description
isConstruct Checks if x is a construct.
isResource Check whether the given construct is a Resource.
fromLookupById Look up a security group by id.
fromLookupByName Look up a security group by name.
fromSecurityGroupId Import an existing security group into this app.
isSecurityGroup Return whether the indicated object is a security group.
isConstruct 
import { SecurityGroup } from '@pepperize/cdk-security-group'

SecurityGroup.isConstruct(x: any)

Checks if x is a construct.

xRequired
  • Type: any

Any object.

isResource 
import { SecurityGroup } from '@pepperize/cdk-security-group'

SecurityGroup.isResource(construct: IConstruct)

Check whether the given construct is a Resource.

constructRequired
  • Type: constructs.IConstruct
fromLookupById 
import { SecurityGroup } from '@pepperize/cdk-security-group'

SecurityGroup.fromLookupById(scope: Construct, id: string, securityGroupId: string)

Look up a security group by id.

scopeRequired
  • Type: constructs.Construct
idRequired
  • Type: string
securityGroupIdRequired
  • Type: string
fromLookupByName 
import { SecurityGroup } from '@pepperize/cdk-security-group'

SecurityGroup.fromLookupByName(scope: Construct, id: string, securityGroupName: string, vpc: IVpc)

Look up a security group by name.

scopeRequired
  • Type: constructs.Construct
idRequired
  • Type: string
securityGroupNameRequired
  • Type: string
vpcRequired
  • Type: aws-cdk-lib.aws_ec2.IVpc
fromSecurityGroupId 
import { SecurityGroup } from '@pepperize/cdk-security-group'

SecurityGroup.fromSecurityGroupId(scope: Construct, id: string, securityGroupId: string, options?: SecurityGroupImportOptions)

Import an existing security group into this app.

This method will assume that the Security Group has a rule in it which allows all outbound traffic, and so will not add egress rules to the imported Security Group (only ingress rules).

If your existing Security Group needs to have egress rules added, pass the allowAllOutbound: false option on import.

scopeRequired
  • Type: constructs.Construct
idRequired
  • Type: string
securityGroupIdRequired
  • Type: string
optionsOptional
  • Type: aws-cdk-lib.aws_ec2.SecurityGroupImportOptions
isSecurityGroup 
import { SecurityGroup } from '@pepperize/cdk-security-group'

SecurityGroup.isSecurityGroup(x: any)

Return whether the indicated object is a security group.

xRequired
  • Type: any

Properties

Name Type Description
node constructs.Node The tree node.
env aws-cdk-lib.ResourceEnvironment The environment this resource belongs to.
stack aws-cdk-lib.Stack The stack in which this resource is defined.
allowAllOutbound boolean Whether the SecurityGroup has been configured to allow all outbound traffic.
canInlineRule boolean Whether the rule can be inlined into a SecurityGroup or not.
connections aws-cdk-lib.aws_ec2.Connections The network connections associated with this resource.
securityGroupId string The ID of the security group.
securityGroupVpcId string The VPC ID this security group is part of.
uniqueId string A unique identifier for this connection peer.
defaultPort aws-cdk-lib.aws_ec2.Port No description.
securityGroupName string An attribute that represents the security group name.
nodeRequired 
public readonly node: Node;
  • Type: constructs.Node

The tree node.

envRequired 
public readonly env: ResourceEnvironment;
  • Type: aws-cdk-lib.ResourceEnvironment

The environment this resource belongs to.

For resources that are created and managed by the CDK (generally, those created by creating new class instances like Role, Bucket, etc.), this is always the same as the environment of the stack they belong to; however, for imported resources (those obtained from static methods like fromRoleArn, fromBucketName, etc.), that might be different than the stack they were imported into.

stackRequired 
public readonly stack: Stack;
  • Type: aws-cdk-lib.Stack

The stack in which this resource is defined.

allowAllOutboundRequired 
public readonly allowAllOutbound: boolean;
  • Type: boolean

Whether the SecurityGroup has been configured to allow all outbound traffic.

canInlineRuleRequired 
public readonly canInlineRule: boolean;
  • Type: boolean

Whether the rule can be inlined into a SecurityGroup or not.

connectionsRequired 
public readonly connections: Connections;
  • Type: aws-cdk-lib.aws_ec2.Connections

The network connections associated with this resource.

securityGroupIdRequired 
public readonly securityGroupId: string;
  • Type: string

The ID of the security group.

securityGroupVpcIdRequired 
public readonly securityGroupVpcId: string;
  • Type: string

The VPC ID this security group is part of.

uniqueIdRequired 
public readonly uniqueId: string;
  • Type: string

A unique identifier for this connection peer.

defaultPortOptional 
public readonly defaultPort: Port;
  • Type: aws-cdk-lib.aws_ec2.Port
securityGroupNameRequired 
public readonly securityGroupName: string;
  • Type: string

An attribute that represents the security group name.

Structs

SecurityGroupProps

Initializer 

import { SecurityGroupProps } from '@pepperize/cdk-security-group'

const securityGroupProps: SecurityGroupProps = { ... }

Properties

Name Type Description
vpc aws-cdk-lib.aws_ec2.IVpc The VPC in which to create the security group.
allowAllOutbound boolean Whether to allow all outbound traffic by default.
description string A description of the security group.
disableInlineRules boolean Whether to disable inline ingress and egress rule optimization.
securityGroupName string The name of the security group.
vpcRequired 
public readonly vpc: IVpc;
  • Type: aws-cdk-lib.aws_ec2.IVpc

The VPC in which to create the security group.

allowAllOutboundOptional 
public readonly allowAllOutbound: boolean;
  • Type: boolean
  • Default: true

Whether to allow all outbound traffic by default.

If this is set to true, there will only be a single egress rule which allows all outbound traffic. If this is set to false, no outbound traffic will be allowed by default and all egress traffic must be explicitly authorized.

descriptionOptional 
public readonly description: string;
  • Type: string
  • Default: The default name will be the construct's CDK path.

A description of the security group.

disableInlineRulesOptional 
public readonly disableInlineRules: boolean;
  • Type: boolean
  • Default: false

Whether to disable inline ingress and egress rule optimization.

If this is set to true, ingress and egress rules will not be declared under the SecurityGroup in cloudformation, but will be separate elements.

Inlining rules is an optimization for producing smaller stack templates. Sometimes this is not desirable, for example when security group access is managed via tags.

The default value can be overriden globally by setting the context variable '@aws-cdk/aws-ec2.securityGroupDisableInlineRules'.

securityGroupNameOptional 
public readonly securityGroupName: string;
  • Type: string
  • Default: If you don't specify a GroupName, AWS CloudFormation generates a unique physical ID and uses that ID for the group name.

The name of the security group.

For valid values, see the GroupName parameter of the CreateSecurityGroup action in the Amazon EC2 API Reference.

It is not recommended to use an explicit group name.