aws-cdk-lib 2.52.0 → 2.52.1

package/aws-ec2/lib/volume.js

@@ -1,2 +1,2 @@
-"use strict";var _a,_b;Object.defineProperty(exports,"__esModule",{value:!0}),exports.Volume=exports.EbsDeviceVolumeType=exports.BlockDeviceVolume=void 0;const jsiiDeprecationWarnings=require("../../.warnings.jsii.js"),JSII_RTTI_SYMBOL_1=Symbol.for("jsii.rtti"),aws_iam_1=require("../../aws-iam"),aws_kms_1=require("../../aws-kms"),core_1=require("../../core"),helpers_internal_1=require("../../core/lib/helpers-internal"),ec2_generated_1=require("./ec2.generated");class BlockDeviceVolume{constructor(ebsDevice,virtualName){this.ebsDevice=ebsDevice,this.virtualName=virtualName;try{jsiiDeprecationWarnings.aws_cdk_lib_aws_ec2_EbsDeviceProps(ebsDevice)}catch(error){throw process.env.JSII_DEBUG!=="1"&&error.name==="DeprecationError"&&Error.captureStackTrace(error,BlockDeviceVolume),error}}static ebs(volumeSize,options={}){try{jsiiDeprecationWarnings.aws_cdk_lib_aws_ec2_EbsDeviceOptions(options)}catch(error){throw process.env.JSII_DEBUG!=="1"&&error.name==="DeprecationError"&&Error.captureStackTrace(error,this.ebs),error}return new this({...options,volumeSize})}static ebsFromSnapshot(snapshotId,options={}){try{jsiiDeprecationWarnings.aws_cdk_lib_aws_ec2_EbsDeviceSnapshotOptions(options)}catch(error){throw process.env.JSII_DEBUG!=="1"&&error.name==="DeprecationError"&&Error.captureStackTrace(error,this.ebsFromSnapshot),error}return new this({...options,snapshotId})}static ephemeral(volumeIndex){if(volumeIndex<0)throw new Error(`volumeIndex must be a number starting from 0, got "${volumeIndex}"`);return new this(void 0,`ephemeral${volumeIndex}`)}}exports.BlockDeviceVolume=BlockDeviceVolume,_a=JSII_RTTI_SYMBOL_1,BlockDeviceVolume[_a]={fqn:"aws-cdk-lib.aws_ec2.BlockDeviceVolume",version:"2.52.0"};var EbsDeviceVolumeType;(function(EbsDeviceVolumeType2){EbsDeviceVolumeType2.STANDARD="standard",EbsDeviceVolumeType2.IO1="io1",EbsDeviceVolumeType2.IO2="io2",EbsDeviceVolumeType2.GP2="gp2",EbsDeviceVolumeType2.GP3="gp3",EbsDeviceVolumeType2.ST1="st1",EbsDeviceVolumeType2.SC1="sc1",EbsDeviceVolumeType2.GENERAL_PURPOSE_SSD="gp2",EbsDeviceVolumeType2.GENERAL_PURPOSE_SSD_GP3="gp3",EbsDeviceVolumeType2.PROVISIONED_IOPS_SSD="io1",EbsDeviceVolumeType2.PROVISIONED_IOPS_SSD_IO2="io2",EbsDeviceVolumeType2.THROUGHPUT_OPTIMIZED_HDD="st1",EbsDeviceVolumeType2.COLD_HDD="sc1",EbsDeviceVolumeType2.MAGNETIC="standard"})(EbsDeviceVolumeType=exports.EbsDeviceVolumeType||(exports.EbsDeviceVolumeType={}));class VolumeBase extends core_1.Resource{grantAttachVolume(grantee,instances){const result=aws_iam_1.Grant.addToPrincipal({grantee,actions:["ec2:AttachVolume"],resourceArns:this.collectGrantResourceArns(instances)});return this.encryptionKey&&this.encryptionKey.grant(grantee,"kms:CreateGrant").principalStatement.addConditions({Bool:{"kms:GrantIsForAWSResource":!0},StringEquals:{"kms:ViaService":`ec2.${core_1.Stack.of(this).region}.amazonaws.com`,"kms:GrantConstraintType":"EncryptionContextSubset"}}),result}grantAttachVolumeByResourceTag(grantee,constructs,tagKeySuffix){const tagValue=this.calculateResourceTagValue([this,...constructs]),tagKey=`VolumeGrantAttach-${tagKeySuffix??tagValue.slice(0,10).toUpperCase()}`,grantCondition={};grantCondition[`ec2:ResourceTag/${tagKey}`]=tagValue;const result=this.grantAttachVolume(grantee);return result.principalStatement.addCondition("ForAnyValue:StringEquals",grantCondition),core_1.Tags.of(this).add(tagKey,tagValue),constructs.forEach(construct=>core_1.Tags.of(construct).add(tagKey,tagValue)),result}grantDetachVolume(grantee,instances){return aws_iam_1.Grant.addToPrincipal({grantee,actions:["ec2:DetachVolume"],resourceArns:this.collectGrantResourceArns(instances)})}grantDetachVolumeByResourceTag(grantee,constructs,tagKeySuffix){const tagValue=this.calculateResourceTagValue([this,...constructs]),tagKey=`VolumeGrantDetach-${tagKeySuffix??tagValue.slice(0,10).toUpperCase()}`,grantCondition={};grantCondition[`ec2:ResourceTag/${tagKey}`]=tagValue;const result=this.grantDetachVolume(grantee);return result.principalStatement.addCondition("ForAnyValue:StringEquals",grantCondition),core_1.Tags.of(this).add(tagKey,tagValue),constructs.forEach(construct=>core_1.Tags.of(construct).add(tagKey,tagValue)),result}collectGrantResourceArns(instances){const stack=core_1.Stack.of(this),resourceArns=[`arn:${stack.partition}:ec2:${stack.region}:${stack.account}:volume/${this.volumeId}`],instanceArnPrefix=`arn:${stack.partition}:ec2:${stack.region}:${stack.account}:instance`;return instances?instances.forEach(instance=>resourceArns.push(`${instanceArnPrefix}/${instance?.instanceId}`)):resourceArns.push(`${instanceArnPrefix}/*`),resourceArns}calculateResourceTagValue(constructs){return helpers_internal_1.md5hash(constructs.map(c=>core_1.Names.uniqueId(c)).join(""))}}class Volume extends VolumeBase{constructor(scope,id,props){super(scope,id,{physicalName:props.volumeName});try{jsiiDeprecationWarnings.aws_cdk_lib_aws_ec2_VolumeProps(props)}catch(error){throw process.env.JSII_DEBUG!=="1"&&error.name==="DeprecationError"&&Error.captureStackTrace(error,Volume),error}this.validateProps(props);const resource=new ec2_generated_1.CfnVolume(this,"Resource",{availabilityZone:props.availabilityZone,autoEnableIo:props.autoEnableIo,encrypted:props.encrypted,kmsKeyId:props.encryptionKey?.keyArn,iops:props.iops,multiAttachEnabled:props.enableMultiAttach??!1,size:props.size?.toGibibytes({rounding:core_1.SizeRoundingBehavior.FAIL}),snapshotId:props.snapshotId,volumeType:props.volumeType??EbsDeviceVolumeType.GENERAL_PURPOSE_SSD});if(resource.applyRemovalPolicy(props.removalPolicy),props.volumeName&&core_1.Tags.of(resource).add("Name",props.volumeName),this.volumeId=resource.ref,this.availabilityZone=props.availabilityZone,this.encryptionKey=props.encryptionKey,this.encryptionKey){const principal=new aws_kms_1.ViaServicePrincipal(`ec2.${core_1.Stack.of(this).region}.amazonaws.com`,new aws_iam_1.AccountRootPrincipal).withConditions({StringEquals:{"kms:CallerAccount":core_1.Stack.of(this).account}}),grant=this.encryptionKey.grant(principal,"kms:DescribeKey","kms:GenerateDataKeyWithoutPlainText");props.snapshotId&&grant.principalStatement?.addActions("kms:ReEncrypt*")}}static fromVolumeAttributes(scope,id,attrs){try{jsiiDeprecationWarnings.aws_cdk_lib_aws_ec2_VolumeAttributes(attrs)}catch(error){throw process.env.JSII_DEBUG!=="1"&&error.name==="DeprecationError"&&Error.captureStackTrace(error,this.fromVolumeAttributes),error}class Import extends VolumeBase{constructor(){super(...arguments),this.volumeId=attrs.volumeId,this.availabilityZone=attrs.availabilityZone,this.encryptionKey=attrs.encryptionKey}}if(!core_1.Token.isUnresolved(attrs.volumeId)&&!/^vol-[0-9a-fA-F]+$/.test(attrs.volumeId))throw new Error("`volumeId` does not match expected pattern. Expected `vol-<hexadecmial value>` (ex: `vol-05abe246af`) or a Token");return new Import(scope,id)}validateProps(props){try{jsiiDeprecationWarnings.aws_cdk_lib_aws_ec2_VolumeProps(props)}catch(error){throw process.env.JSII_DEBUG!=="1"&&error.name==="DeprecationError"&&Error.captureStackTrace(error,this.validateProps),error}if(!(props.size||props.snapshotId))throw new Error("Must provide at least one of `size` or `snapshotId`");if(props.snapshotId&&!core_1.Token.isUnresolved(props.snapshotId)&&!/^snap-[0-9a-fA-F]+$/.test(props.snapshotId))throw new Error("`snapshotId` does match expected pattern. Expected `snap-<hexadecmial value>` (ex: `snap-05abe246af`) or Token");if(props.encryptionKey&&!props.encrypted)throw new Error("`encrypted` must be true when providing an `encryptionKey`.");if(props.volumeType&&[EbsDeviceVolumeType.PROVISIONED_IOPS_SSD,EbsDeviceVolumeType.PROVISIONED_IOPS_SSD_IO2].includes(props.volumeType)&&!props.iops)throw new Error("`iops` must be specified if the `volumeType` is `PROVISIONED_IOPS_SSD` or `PROVISIONED_IOPS_SSD_IO2`.");if(props.iops){const volumeType=props.volumeType??EbsDeviceVolumeType.GENERAL_PURPOSE_SSD;if(![EbsDeviceVolumeType.PROVISIONED_IOPS_SSD,EbsDeviceVolumeType.PROVISIONED_IOPS_SSD_IO2,EbsDeviceVolumeType.GENERAL_PURPOSE_SSD_GP3].includes(volumeType))throw new Error("`iops` may only be specified if the `volumeType` is `PROVISIONED_IOPS_SSD`, `PROVISIONED_IOPS_SSD_IO2` or `GENERAL_PURPOSE_SSD_GP3`.");const iopsRanges={};iopsRanges[EbsDeviceVolumeType.GENERAL_PURPOSE_SSD_GP3]={Min:3e3,Max:16e3},iopsRanges[EbsDeviceVolumeType.PROVISIONED_IOPS_SSD]={Min:100,Max:64e3},iopsRanges[EbsDeviceVolumeType.PROVISIONED_IOPS_SSD_IO2]={Min:100,Max:64e3};const{Min,Max}=iopsRanges[volumeType];if(props.iops<Min||props.iops>Max)throw new Error(`\`${volumeType}\` volumes iops must be between ${Min} and ${Max}.`);const maximumRatios={};maximumRatios[EbsDeviceVolumeType.GENERAL_PURPOSE_SSD_GP3]=500,maximumRatios[EbsDeviceVolumeType.PROVISIONED_IOPS_SSD]=50,maximumRatios[EbsDeviceVolumeType.PROVISIONED_IOPS_SSD_IO2]=500;const maximumRatio=maximumRatios[volumeType];if(props.size&&props.iops>maximumRatio*props.size.toGibibytes({rounding:core_1.SizeRoundingBehavior.FAIL}))throw new Error(`\`${volumeType}\` volumes iops has a maximum ratio of ${maximumRatio} IOPS/GiB.`)}if(props.enableMultiAttach){const volumeType=props.volumeType??EbsDeviceVolumeType.GENERAL_PURPOSE_SSD;if(![EbsDeviceVolumeType.PROVISIONED_IOPS_SSD,EbsDeviceVolumeType.PROVISIONED_IOPS_SSD_IO2].includes(volumeType))throw new Error("multi-attach is supported exclusively on `PROVISIONED_IOPS_SSD` and `PROVISIONED_IOPS_SSD_IO2` volumes.")}if(props.size){const size=props.size.toGibibytes({rounding:core_1.SizeRoundingBehavior.FAIL}),sizeRanges={};sizeRanges[EbsDeviceVolumeType.GENERAL_PURPOSE_SSD]={Min:1,Max:16384},sizeRanges[EbsDeviceVolumeType.GENERAL_PURPOSE_SSD_GP3]={Min:1,Max:16384},sizeRanges[EbsDeviceVolumeType.PROVISIONED_IOPS_SSD]={Min:4,Max:16384},sizeRanges[EbsDeviceVolumeType.PROVISIONED_IOPS_SSD_IO2]={Min:4,Max:16384},sizeRanges[EbsDeviceVolumeType.THROUGHPUT_OPTIMIZED_HDD]={Min:125,Max:16384},sizeRanges[EbsDeviceVolumeType.COLD_HDD]={Min:125,Max:16384},sizeRanges[EbsDeviceVolumeType.MAGNETIC]={Min:1,Max:1024};const volumeType=props.volumeType??EbsDeviceVolumeType.GENERAL_PURPOSE_SSD,{Min,Max}=sizeRanges[volumeType];if(size<Min||size>Max)throw new Error(`\`${volumeType}\` volumes must be between ${Min} GiB and ${Max} GiB in size.`)}}}exports.Volume=Volume,_b=JSII_RTTI_SYMBOL_1,Volume[_b]={fqn:"aws-cdk-lib.aws_ec2.Volume",version:"2.52.0"};
+"use strict";var _a,_b;Object.defineProperty(exports,"__esModule",{value:!0}),exports.Volume=exports.EbsDeviceVolumeType=exports.BlockDeviceVolume=void 0;const jsiiDeprecationWarnings=require("../../.warnings.jsii.js"),JSII_RTTI_SYMBOL_1=Symbol.for("jsii.rtti"),aws_iam_1=require("../../aws-iam"),aws_kms_1=require("../../aws-kms"),core_1=require("../../core"),helpers_internal_1=require("../../core/lib/helpers-internal"),ec2_generated_1=require("./ec2.generated");class BlockDeviceVolume{constructor(ebsDevice,virtualName){this.ebsDevice=ebsDevice,this.virtualName=virtualName;try{jsiiDeprecationWarnings.aws_cdk_lib_aws_ec2_EbsDeviceProps(ebsDevice)}catch(error){throw process.env.JSII_DEBUG!=="1"&&error.name==="DeprecationError"&&Error.captureStackTrace(error,BlockDeviceVolume),error}}static ebs(volumeSize,options={}){try{jsiiDeprecationWarnings.aws_cdk_lib_aws_ec2_EbsDeviceOptions(options)}catch(error){throw process.env.JSII_DEBUG!=="1"&&error.name==="DeprecationError"&&Error.captureStackTrace(error,this.ebs),error}return new this({...options,volumeSize})}static ebsFromSnapshot(snapshotId,options={}){try{jsiiDeprecationWarnings.aws_cdk_lib_aws_ec2_EbsDeviceSnapshotOptions(options)}catch(error){throw process.env.JSII_DEBUG!=="1"&&error.name==="DeprecationError"&&Error.captureStackTrace(error,this.ebsFromSnapshot),error}return new this({...options,snapshotId})}static ephemeral(volumeIndex){if(volumeIndex<0)throw new Error(`volumeIndex must be a number starting from 0, got "${volumeIndex}"`);return new this(void 0,`ephemeral${volumeIndex}`)}}exports.BlockDeviceVolume=BlockDeviceVolume,_a=JSII_RTTI_SYMBOL_1,BlockDeviceVolume[_a]={fqn:"aws-cdk-lib.aws_ec2.BlockDeviceVolume",version:"2.52.1"};var EbsDeviceVolumeType;(function(EbsDeviceVolumeType2){EbsDeviceVolumeType2.STANDARD="standard",EbsDeviceVolumeType2.IO1="io1",EbsDeviceVolumeType2.IO2="io2",EbsDeviceVolumeType2.GP2="gp2",EbsDeviceVolumeType2.GP3="gp3",EbsDeviceVolumeType2.ST1="st1",EbsDeviceVolumeType2.SC1="sc1",EbsDeviceVolumeType2.GENERAL_PURPOSE_SSD="gp2",EbsDeviceVolumeType2.GENERAL_PURPOSE_SSD_GP3="gp3",EbsDeviceVolumeType2.PROVISIONED_IOPS_SSD="io1",EbsDeviceVolumeType2.PROVISIONED_IOPS_SSD_IO2="io2",EbsDeviceVolumeType2.THROUGHPUT_OPTIMIZED_HDD="st1",EbsDeviceVolumeType2.COLD_HDD="sc1",EbsDeviceVolumeType2.MAGNETIC="standard"})(EbsDeviceVolumeType=exports.EbsDeviceVolumeType||(exports.EbsDeviceVolumeType={}));class VolumeBase extends core_1.Resource{grantAttachVolume(grantee,instances){const result=aws_iam_1.Grant.addToPrincipal({grantee,actions:["ec2:AttachVolume"],resourceArns:this.collectGrantResourceArns(instances)});return this.encryptionKey&&this.encryptionKey.grant(grantee,"kms:CreateGrant").principalStatement.addConditions({Bool:{"kms:GrantIsForAWSResource":!0},StringEquals:{"kms:ViaService":`ec2.${core_1.Stack.of(this).region}.amazonaws.com`,"kms:GrantConstraintType":"EncryptionContextSubset"}}),result}grantAttachVolumeByResourceTag(grantee,constructs,tagKeySuffix){const tagValue=this.calculateResourceTagValue([this,...constructs]),tagKey=`VolumeGrantAttach-${tagKeySuffix??tagValue.slice(0,10).toUpperCase()}`,grantCondition={};grantCondition[`ec2:ResourceTag/${tagKey}`]=tagValue;const result=this.grantAttachVolume(grantee);return result.principalStatement.addCondition("ForAnyValue:StringEquals",grantCondition),core_1.Tags.of(this).add(tagKey,tagValue),constructs.forEach(construct=>core_1.Tags.of(construct).add(tagKey,tagValue)),result}grantDetachVolume(grantee,instances){return aws_iam_1.Grant.addToPrincipal({grantee,actions:["ec2:DetachVolume"],resourceArns:this.collectGrantResourceArns(instances)})}grantDetachVolumeByResourceTag(grantee,constructs,tagKeySuffix){const tagValue=this.calculateResourceTagValue([this,...constructs]),tagKey=`VolumeGrantDetach-${tagKeySuffix??tagValue.slice(0,10).toUpperCase()}`,grantCondition={};grantCondition[`ec2:ResourceTag/${tagKey}`]=tagValue;const result=this.grantDetachVolume(grantee);return result.principalStatement.addCondition("ForAnyValue:StringEquals",grantCondition),core_1.Tags.of(this).add(tagKey,tagValue),constructs.forEach(construct=>core_1.Tags.of(construct).add(tagKey,tagValue)),result}collectGrantResourceArns(instances){const stack=core_1.Stack.of(this),resourceArns=[`arn:${stack.partition}:ec2:${stack.region}:${stack.account}:volume/${this.volumeId}`],instanceArnPrefix=`arn:${stack.partition}:ec2:${stack.region}:${stack.account}:instance`;return instances?instances.forEach(instance=>resourceArns.push(`${instanceArnPrefix}/${instance?.instanceId}`)):resourceArns.push(`${instanceArnPrefix}/*`),resourceArns}calculateResourceTagValue(constructs){return helpers_internal_1.md5hash(constructs.map(c=>core_1.Names.uniqueId(c)).join(""))}}class Volume extends VolumeBase{constructor(scope,id,props){super(scope,id,{physicalName:props.volumeName});try{jsiiDeprecationWarnings.aws_cdk_lib_aws_ec2_VolumeProps(props)}catch(error){throw process.env.JSII_DEBUG!=="1"&&error.name==="DeprecationError"&&Error.captureStackTrace(error,Volume),error}this.validateProps(props);const resource=new ec2_generated_1.CfnVolume(this,"Resource",{availabilityZone:props.availabilityZone,autoEnableIo:props.autoEnableIo,encrypted:props.encrypted,kmsKeyId:props.encryptionKey?.keyArn,iops:props.iops,multiAttachEnabled:props.enableMultiAttach??!1,size:props.size?.toGibibytes({rounding:core_1.SizeRoundingBehavior.FAIL}),snapshotId:props.snapshotId,volumeType:props.volumeType??EbsDeviceVolumeType.GENERAL_PURPOSE_SSD});if(resource.applyRemovalPolicy(props.removalPolicy),props.volumeName&&core_1.Tags.of(resource).add("Name",props.volumeName),this.volumeId=resource.ref,this.availabilityZone=props.availabilityZone,this.encryptionKey=props.encryptionKey,this.encryptionKey){const principal=new aws_kms_1.ViaServicePrincipal(`ec2.${core_1.Stack.of(this).region}.amazonaws.com`,new aws_iam_1.AccountRootPrincipal).withConditions({StringEquals:{"kms:CallerAccount":core_1.Stack.of(this).account}}),grant=this.encryptionKey.grant(principal,"kms:DescribeKey","kms:GenerateDataKeyWithoutPlainText");props.snapshotId&&grant.principalStatement?.addActions("kms:ReEncrypt*")}}static fromVolumeAttributes(scope,id,attrs){try{jsiiDeprecationWarnings.aws_cdk_lib_aws_ec2_VolumeAttributes(attrs)}catch(error){throw process.env.JSII_DEBUG!=="1"&&error.name==="DeprecationError"&&Error.captureStackTrace(error,this.fromVolumeAttributes),error}class Import extends VolumeBase{constructor(){super(...arguments),this.volumeId=attrs.volumeId,this.availabilityZone=attrs.availabilityZone,this.encryptionKey=attrs.encryptionKey}}if(!core_1.Token.isUnresolved(attrs.volumeId)&&!/^vol-[0-9a-fA-F]+$/.test(attrs.volumeId))throw new Error("`volumeId` does not match expected pattern. Expected `vol-<hexadecmial value>` (ex: `vol-05abe246af`) or a Token");return new Import(scope,id)}validateProps(props){try{jsiiDeprecationWarnings.aws_cdk_lib_aws_ec2_VolumeProps(props)}catch(error){throw process.env.JSII_DEBUG!=="1"&&error.name==="DeprecationError"&&Error.captureStackTrace(error,this.validateProps),error}if(!(props.size||props.snapshotId))throw new Error("Must provide at least one of `size` or `snapshotId`");if(props.snapshotId&&!core_1.Token.isUnresolved(props.snapshotId)&&!/^snap-[0-9a-fA-F]+$/.test(props.snapshotId))throw new Error("`snapshotId` does match expected pattern. Expected `snap-<hexadecmial value>` (ex: `snap-05abe246af`) or Token");if(props.encryptionKey&&!props.encrypted)throw new Error("`encrypted` must be true when providing an `encryptionKey`.");if(props.volumeType&&[EbsDeviceVolumeType.PROVISIONED_IOPS_SSD,EbsDeviceVolumeType.PROVISIONED_IOPS_SSD_IO2].includes(props.volumeType)&&!props.iops)throw new Error("`iops` must be specified if the `volumeType` is `PROVISIONED_IOPS_SSD` or `PROVISIONED_IOPS_SSD_IO2`.");if(props.iops){const volumeType=props.volumeType??EbsDeviceVolumeType.GENERAL_PURPOSE_SSD;if(![EbsDeviceVolumeType.PROVISIONED_IOPS_SSD,EbsDeviceVolumeType.PROVISIONED_IOPS_SSD_IO2,EbsDeviceVolumeType.GENERAL_PURPOSE_SSD_GP3].includes(volumeType))throw new Error("`iops` may only be specified if the `volumeType` is `PROVISIONED_IOPS_SSD`, `PROVISIONED_IOPS_SSD_IO2` or `GENERAL_PURPOSE_SSD_GP3`.");const iopsRanges={};iopsRanges[EbsDeviceVolumeType.GENERAL_PURPOSE_SSD_GP3]={Min:3e3,Max:16e3},iopsRanges[EbsDeviceVolumeType.PROVISIONED_IOPS_SSD]={Min:100,Max:64e3},iopsRanges[EbsDeviceVolumeType.PROVISIONED_IOPS_SSD_IO2]={Min:100,Max:64e3};const{Min,Max}=iopsRanges[volumeType];if(props.iops<Min||props.iops>Max)throw new Error(`\`${volumeType}\` volumes iops must be between ${Min} and ${Max}.`);const maximumRatios={};maximumRatios[EbsDeviceVolumeType.GENERAL_PURPOSE_SSD_GP3]=500,maximumRatios[EbsDeviceVolumeType.PROVISIONED_IOPS_SSD]=50,maximumRatios[EbsDeviceVolumeType.PROVISIONED_IOPS_SSD_IO2]=500;const maximumRatio=maximumRatios[volumeType];if(props.size&&props.iops>maximumRatio*props.size.toGibibytes({rounding:core_1.SizeRoundingBehavior.FAIL}))throw new Error(`\`${volumeType}\` volumes iops has a maximum ratio of ${maximumRatio} IOPS/GiB.`)}if(props.enableMultiAttach){const volumeType=props.volumeType??EbsDeviceVolumeType.GENERAL_PURPOSE_SSD;if(![EbsDeviceVolumeType.PROVISIONED_IOPS_SSD,EbsDeviceVolumeType.PROVISIONED_IOPS_SSD_IO2].includes(volumeType))throw new Error("multi-attach is supported exclusively on `PROVISIONED_IOPS_SSD` and `PROVISIONED_IOPS_SSD_IO2` volumes.")}if(props.size){const size=props.size.toGibibytes({rounding:core_1.SizeRoundingBehavior.FAIL}),sizeRanges={};sizeRanges[EbsDeviceVolumeType.GENERAL_PURPOSE_SSD]={Min:1,Max:16384},sizeRanges[EbsDeviceVolumeType.GENERAL_PURPOSE_SSD_GP3]={Min:1,Max:16384},sizeRanges[EbsDeviceVolumeType.PROVISIONED_IOPS_SSD]={Min:4,Max:16384},sizeRanges[EbsDeviceVolumeType.PROVISIONED_IOPS_SSD_IO2]={Min:4,Max:16384},sizeRanges[EbsDeviceVolumeType.THROUGHPUT_OPTIMIZED_HDD]={Min:125,Max:16384},sizeRanges[EbsDeviceVolumeType.COLD_HDD]={Min:125,Max:16384},sizeRanges[EbsDeviceVolumeType.MAGNETIC]={Min:1,Max:1024};const volumeType=props.volumeType??EbsDeviceVolumeType.GENERAL_PURPOSE_SSD,{Min,Max}=sizeRanges[volumeType];if(size<Min||size>Max)throw new Error(`\`${volumeType}\` volumes must be between ${Min} GiB and ${Max} GiB in size.`)}}}exports.Volume=Volume,_b=JSII_RTTI_SYMBOL_1,Volume[_b]={fqn:"aws-cdk-lib.aws_ec2.Volume",version:"2.52.1"};
 //# sourceMappingURL=volume.js.map

package/aws-ec2/lib/vpc-endpoint-service.js

@@ -1,2 +1,2 @@
-"use strict";var _a;Object.defineProperty(exports,"__esModule",{value:!0}),exports.VpcEndpointService=void 0;const jsiiDeprecationWarnings=require("../../.warnings.jsii.js"),JSII_RTTI_SYMBOL_1=Symbol.for("jsii.rtti"),core_1=require("../../core"),region_info_1=require("../../region-info"),ec2_generated_1=require("./ec2.generated");class VpcEndpointService extends core_1.Resource{constructor(scope,id,props){super(scope,id);try{jsiiDeprecationWarnings.aws_cdk_lib_aws_ec2_VpcEndpointServiceProps(props)}catch(error){throw process.env.JSII_DEBUG!=="1"&&error.name==="DeprecationError"&&Error.captureStackTrace(error,VpcEndpointService),error}if(props.vpcEndpointServiceLoadBalancers===void 0||props.vpcEndpointServiceLoadBalancers.length===0)throw new Error("VPC Endpoint Service must have at least one load balancer specified.");if(this.vpcEndpointServiceLoadBalancers=props.vpcEndpointServiceLoadBalancers,this.acceptanceRequired=props.acceptanceRequired??!0,props.allowedPrincipals&&props.whitelistedPrincipals)throw new Error("`whitelistedPrincipals` is deprecated; please use `allowedPrincipals` instead");this.allowedPrincipals=props.allowedPrincipals??props.whitelistedPrincipals??[],this.whitelistedPrincipals=this.allowedPrincipals,this.endpointService=new ec2_generated_1.CfnVPCEndpointService(this,id,{networkLoadBalancerArns:this.vpcEndpointServiceLoadBalancers.map(lb=>lb.loadBalancerArn),acceptanceRequired:this.acceptanceRequired}),this.vpcEndpointServiceId=this.endpointService.ref;const{region}=core_1.Stack.of(this),serviceNamePrefix=core_1.Token.isUnresolved(region)?region_info_1.Default.VPC_ENDPOINT_SERVICE_NAME_PREFIX:region_info_1.RegionInfo.get(region).vpcEndpointServiceNamePrefix??region_info_1.Default.VPC_ENDPOINT_SERVICE_NAME_PREFIX;this.vpcEndpointServiceName=core_1.Fn.join(".",[serviceNamePrefix,core_1.Aws.REGION,this.vpcEndpointServiceId]),this.allowedPrincipals.length>0&&new ec2_generated_1.CfnVPCEndpointServicePermissions(this,"Permissions",{serviceId:this.endpointService.ref,allowedPrincipals:this.allowedPrincipals.map(x=>x.arn)})}}exports.VpcEndpointService=VpcEndpointService,_a=JSII_RTTI_SYMBOL_1,VpcEndpointService[_a]={fqn:"aws-cdk-lib.aws_ec2.VpcEndpointService",version:"2.52.0"};
+"use strict";var _a;Object.defineProperty(exports,"__esModule",{value:!0}),exports.VpcEndpointService=void 0;const jsiiDeprecationWarnings=require("../../.warnings.jsii.js"),JSII_RTTI_SYMBOL_1=Symbol.for("jsii.rtti"),core_1=require("../../core"),region_info_1=require("../../region-info"),ec2_generated_1=require("./ec2.generated");class VpcEndpointService extends core_1.Resource{constructor(scope,id,props){super(scope,id);try{jsiiDeprecationWarnings.aws_cdk_lib_aws_ec2_VpcEndpointServiceProps(props)}catch(error){throw process.env.JSII_DEBUG!=="1"&&error.name==="DeprecationError"&&Error.captureStackTrace(error,VpcEndpointService),error}if(props.vpcEndpointServiceLoadBalancers===void 0||props.vpcEndpointServiceLoadBalancers.length===0)throw new Error("VPC Endpoint Service must have at least one load balancer specified.");if(this.vpcEndpointServiceLoadBalancers=props.vpcEndpointServiceLoadBalancers,this.acceptanceRequired=props.acceptanceRequired??!0,props.allowedPrincipals&&props.whitelistedPrincipals)throw new Error("`whitelistedPrincipals` is deprecated; please use `allowedPrincipals` instead");this.allowedPrincipals=props.allowedPrincipals??props.whitelistedPrincipals??[],this.whitelistedPrincipals=this.allowedPrincipals,this.endpointService=new ec2_generated_1.CfnVPCEndpointService(this,id,{networkLoadBalancerArns:this.vpcEndpointServiceLoadBalancers.map(lb=>lb.loadBalancerArn),acceptanceRequired:this.acceptanceRequired}),this.vpcEndpointServiceId=this.endpointService.ref;const{region}=core_1.Stack.of(this),serviceNamePrefix=core_1.Token.isUnresolved(region)?region_info_1.Default.VPC_ENDPOINT_SERVICE_NAME_PREFIX:region_info_1.RegionInfo.get(region).vpcEndpointServiceNamePrefix??region_info_1.Default.VPC_ENDPOINT_SERVICE_NAME_PREFIX;this.vpcEndpointServiceName=core_1.Fn.join(".",[serviceNamePrefix,core_1.Aws.REGION,this.vpcEndpointServiceId]),this.allowedPrincipals.length>0&&new ec2_generated_1.CfnVPCEndpointServicePermissions(this,"Permissions",{serviceId:this.endpointService.ref,allowedPrincipals:this.allowedPrincipals.map(x=>x.arn)})}}exports.VpcEndpointService=VpcEndpointService,_a=JSII_RTTI_SYMBOL_1,VpcEndpointService[_a]={fqn:"aws-cdk-lib.aws_ec2.VpcEndpointService",version:"2.52.1"};
 //# sourceMappingURL=vpc-endpoint-service.js.map

package/aws-ec2/lib/vpc-endpoint.js

@@ -1,2 +1,2 @@
-"use strict";var _a,_b,_c,_d,_e,_f;Object.defineProperty(exports,"__esModule",{value:!0}),exports.InterfaceVpcEndpoint=exports.InterfaceVpcEndpointAwsService=exports.InterfaceVpcEndpointService=exports.GatewayVpcEndpoint=exports.GatewayVpcEndpointAwsService=exports.VpcEndpointType=exports.VpcEndpoint=void 0;const jsiiDeprecationWarnings=require("../../.warnings.jsii.js"),JSII_RTTI_SYMBOL_1=Symbol.for("jsii.rtti"),iam=require("../../aws-iam"),cxschema=require("../../cloud-assembly-schema"),core_1=require("../../core"),connections_1=require("./connections"),ec2_generated_1=require("./ec2.generated"),peer_1=require("./peer"),port_1=require("./port"),security_group_1=require("./security-group"),util_1=require("./util");class VpcEndpoint extends core_1.Resource{addToPolicy(statement){try{jsiiDeprecationWarnings.aws_cdk_lib_aws_iam_PolicyStatement(statement)}catch(error){throw process.env.JSII_DEBUG!=="1"&&error.name==="DeprecationError"&&Error.captureStackTrace(error,this.addToPolicy),error}if(!statement.hasPrincipal)throw new Error("Statement must have a `Principal`.");this.policyDocument||(this.policyDocument=new iam.PolicyDocument),this.policyDocument.addStatements(statement)}}exports.VpcEndpoint=VpcEndpoint,_a=JSII_RTTI_SYMBOL_1,VpcEndpoint[_a]={fqn:"aws-cdk-lib.aws_ec2.VpcEndpoint",version:"2.52.0"};var VpcEndpointType;(function(VpcEndpointType2){VpcEndpointType2.INTERFACE="Interface",VpcEndpointType2.GATEWAY="Gateway"})(VpcEndpointType=exports.VpcEndpointType||(exports.VpcEndpointType={}));class GatewayVpcEndpointAwsService{constructor(name,prefix){this.name=`${prefix||"com.amazonaws"}.${core_1.Aws.REGION}.${name}`}}exports.GatewayVpcEndpointAwsService=GatewayVpcEndpointAwsService,_b=JSII_RTTI_SYMBOL_1,GatewayVpcEndpointAwsService[_b]={fqn:"aws-cdk-lib.aws_ec2.GatewayVpcEndpointAwsService",version:"2.52.0"},GatewayVpcEndpointAwsService.DYNAMODB=new GatewayVpcEndpointAwsService("dynamodb"),GatewayVpcEndpointAwsService.S3=new GatewayVpcEndpointAwsService("s3");class GatewayVpcEndpoint extends VpcEndpoint{constructor(scope,id,props){super(scope,id);try{jsiiDeprecationWarnings.aws_cdk_lib_aws_ec2_GatewayVpcEndpointProps(props)}catch(error){throw process.env.JSII_DEBUG!=="1"&&error.name==="DeprecationError"&&Error.captureStackTrace(error,GatewayVpcEndpoint),error}const subnets=props.subnets?util_1.flatten(props.subnets.map(s=>props.vpc.selectSubnets(s).subnets)):[...props.vpc.privateSubnets,...props.vpc.publicSubnets,...props.vpc.isolatedSubnets],routeTableIds=util_1.allRouteTableIds(subnets);if(routeTableIds.length===0)throw new Error("Can't add a gateway endpoint to VPC; route table IDs are not available");const endpoint=new ec2_generated_1.CfnVPCEndpoint(this,"Resource",{policyDocument:core_1.Lazy.any({produce:()=>this.policyDocument}),routeTableIds,serviceName:props.service.name,vpcEndpointType:VpcEndpointType.GATEWAY,vpcId:props.vpc.vpcId});this.vpcEndpointId=endpoint.ref,this.vpcEndpointCreationTimestamp=endpoint.attrCreationTimestamp,this.vpcEndpointDnsEntries=endpoint.attrDnsEntries,this.vpcEndpointNetworkInterfaceIds=endpoint.attrNetworkInterfaceIds}static fromGatewayVpcEndpointId(scope,id,gatewayVpcEndpointId){class Import extends VpcEndpoint{constructor(){super(...arguments),this.vpcEndpointId=gatewayVpcEndpointId}}return new Import(scope,id)}}exports.GatewayVpcEndpoint=GatewayVpcEndpoint,_c=JSII_RTTI_SYMBOL_1,GatewayVpcEndpoint[_c]={fqn:"aws-cdk-lib.aws_ec2.GatewayVpcEndpoint",version:"2.52.0"};class InterfaceVpcEndpointService{constructor(name,port){this.privateDnsDefault=!1,this.name=name,this.port=port||443}}exports.InterfaceVpcEndpointService=InterfaceVpcEndpointService,_d=JSII_RTTI_SYMBOL_1,InterfaceVpcEndpointService[_d]={fqn:"aws-cdk-lib.aws_ec2.InterfaceVpcEndpointService",version:"2.52.0"};class InterfaceVpcEndpointAwsService{constructor(name,prefix,port){this.privateDnsDefault=!0;const region=core_1.Lazy.uncachedString({produce:context=>core_1.Stack.of(context.scope).region}),defaultEndpointPrefix=core_1.Lazy.uncachedString({produce:context=>{const regionName=core_1.Stack.of(context.scope).region;return this.getDefaultEndpointPrefix(name,regionName)}}),defaultEndpointSuffix=core_1.Lazy.uncachedString({produce:context=>{const regionName=core_1.Stack.of(context.scope).region;return this.getDefaultEndpointSuffix(name,regionName)}});this.name=`${prefix||defaultEndpointPrefix}.${region}.${name}${defaultEndpointSuffix}`,this.shortName=name,this.port=port||443}getDefaultEndpointPrefix(name,region){return{"cn-north-1":["application-autoscaling","athena","autoscaling","awsconnector","cassandra","cloudformation","codedeploy-commands-secure","databrew","dms","ebs","ec2","ecr.api","ecr.dkr","elasticbeanstalk","elasticfilesystem","elasticfilesystem-fips","execute-api","imagebuilder","iotsitewise.api","iotsitewise.data","kinesis-streams","lambda","license-manager","monitoring","rds","redshift","redshift-data","s3","sagemaker.api","sagemaker.featurestore-runtime","sagemaker.runtime","servicecatalog","sms","sqs","states","sts","synthetics","transcribe","transcribestreaming","transfer","xray"],"cn-northwest-1":["application-autoscaling","athena","autoscaling","awsconnector","cassandra","cloudformation","codedeploy-commands-secure","databrew","dms","ebs","ec2","ecr.api","ecr.dkr","elasticbeanstalk","elasticfilesystem","elasticfilesystem-fips","execute-api","imagebuilder","kinesis-streams","lambda","license-manager","monitoring","rds","redshift","redshift-data","s3","sagemaker.api","sagemaker.featurestore-runtime","sagemaker.runtime","servicecatalog","sms","sqs","states","sts","synthetics","transcribe","transcribestreaming","transfer","workspaces","xray"]}[region]?.includes(name)?"cn.com.amazonaws":"com.amazonaws"}getDefaultEndpointSuffix(name,region){return{"cn-north-1":["transcribe"],"cn-northwest-1":["transcribe"]}[region]?.includes(name)?".cn":""}}exports.InterfaceVpcEndpointAwsService=InterfaceVpcEndpointAwsService,_e=JSII_RTTI_SYMBOL_1,InterfaceVpcEndpointAwsService[_e]={fqn:"aws-cdk-lib.aws_ec2.InterfaceVpcEndpointAwsService",version:"2.52.0"},InterfaceVpcEndpointAwsService.SAGEMAKER_STUDIO=new InterfaceVpcEndpointAwsService("studio","aws.sagemaker"),InterfaceVpcEndpointAwsService.SAGEMAKER_NOTEBOOK=new InterfaceVpcEndpointAwsService("notebook","aws.sagemaker"),InterfaceVpcEndpointAwsService.ACCESS_ANALYZER=new InterfaceVpcEndpointAwsService("access-analyzer"),InterfaceVpcEndpointAwsService.ACCOUNT_MANAGEMENT=new InterfaceVpcEndpointAwsService("account"),InterfaceVpcEndpointAwsService.APP_MESH=new InterfaceVpcEndpointAwsService("appmesh-envoy-management"),InterfaceVpcEndpointAwsService.APP_RUNNER=new InterfaceVpcEndpointAwsService("apprunner"),InterfaceVpcEndpointAwsService.APPLICATION_MIGRATION_SERVICE=new InterfaceVpcEndpointAwsService("mgn"),InterfaceVpcEndpointAwsService.ATHENA=new InterfaceVpcEndpointAwsService("athena"),InterfaceVpcEndpointAwsService.AUDIT_MANAGER=new InterfaceVpcEndpointAwsService("auditmanager"),InterfaceVpcEndpointAwsService.APPLICATION_AUTOSCALING=new InterfaceVpcEndpointAwsService("application-autoscaling"),InterfaceVpcEndpointAwsService.AUTOSCALING=new InterfaceVpcEndpointAwsService("autoscaling"),InterfaceVpcEndpointAwsService.AUTOSCALING_PLANS=new InterfaceVpcEndpointAwsService("autoscaling-plans"),InterfaceVpcEndpointAwsService.BATCH=new InterfaceVpcEndpointAwsService("batch"),InterfaceVpcEndpointAwsService.BILLING_CONDUCTOR=new InterfaceVpcEndpointAwsService("billingconductor"),InterfaceVpcEndpointAwsService.BRAKET=new InterfaceVpcEndpointAwsService("braket"),InterfaceVpcEndpointAwsService.PRIVATE_CERTIFICATE_AUTHORITY=new InterfaceVpcEndpointAwsService("acm-pca"),InterfaceVpcEndpointAwsService.CLOUD_DIRECTORY=new InterfaceVpcEndpointAwsService("clouddirectory"),InterfaceVpcEndpointAwsService.CLOUDFORMATION=new InterfaceVpcEndpointAwsService("cloudformation"),InterfaceVpcEndpointAwsService.CLOUDHSM=new InterfaceVpcEndpointAwsService("cloudhsmv2"),InterfaceVpcEndpointAwsService.CLOUDTRAIL=new InterfaceVpcEndpointAwsService("cloudtrail"),InterfaceVpcEndpointAwsService.CODEARTIFACT_API=new InterfaceVpcEndpointAwsService("codeartifact.api"),InterfaceVpcEndpointAwsService.CODEARTIFACT_REPOSITORIES=new InterfaceVpcEndpointAwsService("codeartifact.repositories"),InterfaceVpcEndpointAwsService.CODEBUILD=new InterfaceVpcEndpointAwsService("codebuild"),InterfaceVpcEndpointAwsService.CODEBUILD_FIPS=new InterfaceVpcEndpointAwsService("codebuild-fips"),InterfaceVpcEndpointAwsService.CODECOMMIT=new InterfaceVpcEndpointAwsService("codecommit"),InterfaceVpcEndpointAwsService.CODECOMMIT_FIPS=new InterfaceVpcEndpointAwsService("codecommit-fips"),InterfaceVpcEndpointAwsService.CODEGURU_PROFILER=new InterfaceVpcEndpointAwsService("codeguru-profiler"),InterfaceVpcEndpointAwsService.CODEGURU_REVIEWER=new InterfaceVpcEndpointAwsService("codeguru-reviewer"),InterfaceVpcEndpointAwsService.CODEPIPELINE=new InterfaceVpcEndpointAwsService("codepipeline"),InterfaceVpcEndpointAwsService.CODESTAR_CONNECTIONS=new InterfaceVpcEndpointAwsService("codestar-connections.api"),InterfaceVpcEndpointAwsService.COMPREHEND=new InterfaceVpcEndpointAwsService("comprehend"),InterfaceVpcEndpointAwsService.COMPREHEND_MEDICAL=new InterfaceVpcEndpointAwsService("comprehendmedical"),InterfaceVpcEndpointAwsService.CONFIG=new InterfaceVpcEndpointAwsService("config"),InterfaceVpcEndpointAwsService.DATA_EXCHANGE=new InterfaceVpcEndpointAwsService("dataexchange"),InterfaceVpcEndpointAwsService.DATASYNC=new InterfaceVpcEndpointAwsService("datasync"),InterfaceVpcEndpointAwsService.DEVOPS_GURU=new InterfaceVpcEndpointAwsService("devops-guru"),InterfaceVpcEndpointAwsService.EBS_DIRECT=new InterfaceVpcEndpointAwsService("ebs"),InterfaceVpcEndpointAwsService.EC2=new InterfaceVpcEndpointAwsService("ec2"),InterfaceVpcEndpointAwsService.EC2_MESSAGES=new InterfaceVpcEndpointAwsService("ec2messages"),InterfaceVpcEndpointAwsService.IMAGE_BUILDER=new InterfaceVpcEndpointAwsService("imagebuilder"),InterfaceVpcEndpointAwsService.ECR=new InterfaceVpcEndpointAwsService("ecr.api"),InterfaceVpcEndpointAwsService.ECR_DOCKER=new InterfaceVpcEndpointAwsService("ecr.dkr"),InterfaceVpcEndpointAwsService.ECS=new InterfaceVpcEndpointAwsService("ecs"),InterfaceVpcEndpointAwsService.ECS_AGENT=new InterfaceVpcEndpointAwsService("ecs-agent"),InterfaceVpcEndpointAwsService.ECS_TELEMETRY=new InterfaceVpcEndpointAwsService("ecs-telemetry"),InterfaceVpcEndpointAwsService.ELASTIC_FILESYSTEM=new InterfaceVpcEndpointAwsService("elasticfilesystem"),InterfaceVpcEndpointAwsService.ELASTIC_FILESYSTEM_FIPS=new InterfaceVpcEndpointAwsService("elasticfilesystem-fips"),InterfaceVpcEndpointAwsService.ELASTIC_INFERENCE_RUNTIME=new InterfaceVpcEndpointAwsService("elastic-inference.runtime"),InterfaceVpcEndpointAwsService.ELASTIC_LOAD_BALANCING=new InterfaceVpcEndpointAwsService("elasticloadbalancing"),InterfaceVpcEndpointAwsService.ELASTICACHE=new InterfaceVpcEndpointAwsService("elasticache"),InterfaceVpcEndpointAwsService.EMR=new InterfaceVpcEndpointAwsService("elasticmapreduce"),InterfaceVpcEndpointAwsService.EMR_EKS=new InterfaceVpcEndpointAwsService("emr-containers"),InterfaceVpcEndpointAwsService.EMR_SERVERLESS=new InterfaceVpcEndpointAwsService(".emr-serverless"),InterfaceVpcEndpointAwsService.CLOUDWATCH_EVENTS=new InterfaceVpcEndpointAwsService("events"),InterfaceVpcEndpointAwsService.APIGATEWAY=new InterfaceVpcEndpointAwsService("execute-api"),InterfaceVpcEndpointAwsService.FAULT_INJECTION_SIMULATOR=new InterfaceVpcEndpointAwsService("fis"),InterfaceVpcEndpointAwsService.FRAUD_DETECTOR=new InterfaceVpcEndpointAwsService("frauddetector"),InterfaceVpcEndpointAwsService.CODECOMMIT_GIT=new InterfaceVpcEndpointAwsService("git-codecommit"),InterfaceVpcEndpointAwsService.CODECOMMIT_GIT_FIPS=new InterfaceVpcEndpointAwsService("git-codecommit-fips"),InterfaceVpcEndpointAwsService.GLUE=new InterfaceVpcEndpointAwsService("glue"),InterfaceVpcEndpointAwsService.GLUE_DATABREW=new InterfaceVpcEndpointAwsService("databrew"),InterfaceVpcEndpointAwsService.GRAFANA=new InterfaceVpcEndpointAwsService("grafana"),InterfaceVpcEndpointAwsService.GROUNDSTATION=new InterfaceVpcEndpointAwsService("groundstation"),InterfaceVpcEndpointAwsService.HEALTHLAKE=new InterfaceVpcEndpointAwsService("healthlake"),InterfaceVpcEndpointAwsService.IAM_IDENTITY_CENTER=new InterfaceVpcEndpointAwsService("identitystore"),InterfaceVpcEndpointAwsService.IAM_ROLES_ANYWHERE=new InterfaceVpcEndpointAwsService("rolesanywhere"),InterfaceVpcEndpointAwsService.INSPECTOR=new InterfaceVpcEndpointAwsService("inspector2"),InterfaceVpcEndpointAwsService.IOT_CORE=new InterfaceVpcEndpointAwsService("iot.data"),InterfaceVpcEndpointAwsService.IOT_GREENGRASS=new InterfaceVpcEndpointAwsService("greengrass"),InterfaceVpcEndpointAwsService.KEYSPACES=new InterfaceVpcEndpointAwsService("cassandra","",9142),InterfaceVpcEndpointAwsService.KINESIS_STREAMS=new InterfaceVpcEndpointAwsService("kinesis-streams"),InterfaceVpcEndpointAwsService.KINESIS_FIREHOSE=new InterfaceVpcEndpointAwsService("kinesis-firehose"),InterfaceVpcEndpointAwsService.KMS=new InterfaceVpcEndpointAwsService("kms"),InterfaceVpcEndpointAwsService.CLOUDWATCH_LOGS=new InterfaceVpcEndpointAwsService("logs"),InterfaceVpcEndpointAwsService.CLOUDWATCH=new InterfaceVpcEndpointAwsService("monitoring"),InterfaceVpcEndpointAwsService.RDS=new InterfaceVpcEndpointAwsService("rds"),InterfaceVpcEndpointAwsService.ROBOMAKER=new InterfaceVpcEndpointAwsService("robomaker"),InterfaceVpcEndpointAwsService.RDS_DATA=new InterfaceVpcEndpointAwsService("rds-data"),InterfaceVpcEndpointAwsService.S3=new InterfaceVpcEndpointAwsService("s3"),InterfaceVpcEndpointAwsService.S3_OUTPOSTS=new InterfaceVpcEndpointAwsService("s3-outposts"),InterfaceVpcEndpointAwsService.SAGEMAKER_API=new InterfaceVpcEndpointAwsService("sagemaker.api"),InterfaceVpcEndpointAwsService.SAGEMAKER_RUNTIME=new InterfaceVpcEndpointAwsService("sagemaker.runtime"),InterfaceVpcEndpointAwsService.SAGEMAKER_RUNTIME_FIPS=new InterfaceVpcEndpointAwsService("sagemaker.runtime-fips"),InterfaceVpcEndpointAwsService.SECRETS_MANAGER=new InterfaceVpcEndpointAwsService("secretsmanager"),InterfaceVpcEndpointAwsService.SERVICE_CATALOG=new InterfaceVpcEndpointAwsService("servicecatalog"),InterfaceVpcEndpointAwsService.SES=new InterfaceVpcEndpointAwsService("email-smtp"),InterfaceVpcEndpointAwsService.SNS=new InterfaceVpcEndpointAwsService("sns"),InterfaceVpcEndpointAwsService.SQS=new InterfaceVpcEndpointAwsService("sqs"),InterfaceVpcEndpointAwsService.SSM=new InterfaceVpcEndpointAwsService("ssm"),InterfaceVpcEndpointAwsService.SSM_MESSAGES=new InterfaceVpcEndpointAwsService("ssmmessages"),InterfaceVpcEndpointAwsService.STS=new InterfaceVpcEndpointAwsService("sts"),InterfaceVpcEndpointAwsService.SNOW_DEVICE_MANAGEMENT=new InterfaceVpcEndpointAwsService("snow-device-management"),InterfaceVpcEndpointAwsService.TEXTRACT=new InterfaceVpcEndpointAwsService("textract"),InterfaceVpcEndpointAwsService.TEXTRACT_FIPS=new InterfaceVpcEndpointAwsService("textract-fips"),InterfaceVpcEndpointAwsService.TRANSFER=new InterfaceVpcEndpointAwsService("transfer.server"),InterfaceVpcEndpointAwsService.STORAGE_GATEWAY=new InterfaceVpcEndpointAwsService("storagegateway"),InterfaceVpcEndpointAwsService.REKOGNITION=new InterfaceVpcEndpointAwsService("rekognition"),InterfaceVpcEndpointAwsService.REKOGNITION_FIPS=new InterfaceVpcEndpointAwsService("rekognition-fips"),InterfaceVpcEndpointAwsService.STEP_FUNCTIONS=new InterfaceVpcEndpointAwsService("states"),InterfaceVpcEndpointAwsService.LAMBDA=new InterfaceVpcEndpointAwsService("lambda"),InterfaceVpcEndpointAwsService.TRANSCRIBE=new InterfaceVpcEndpointAwsService("transcribe"),InterfaceVpcEndpointAwsService.WORKSPACES=new InterfaceVpcEndpointAwsService("workspaces"),InterfaceVpcEndpointAwsService.XRAY=new InterfaceVpcEndpointAwsService("xray"),InterfaceVpcEndpointAwsService.SECURITYHUB=new InterfaceVpcEndpointAwsService("securityhub"),InterfaceVpcEndpointAwsService.EMAIL_SMTP=new InterfaceVpcEndpointAwsService("email-smtp");class InterfaceVpcEndpoint extends VpcEndpoint{constructor(scope,id,props){super(scope,id);try{jsiiDeprecationWarnings.aws_cdk_lib_aws_ec2_InterfaceVpcEndpointProps(props)}catch(error){throw process.env.JSII_DEBUG!=="1"&&error.name==="DeprecationError"&&Error.captureStackTrace(error,InterfaceVpcEndpoint),error}const securityGroups=props.securityGroups||[new security_group_1.SecurityGroup(this,"SecurityGroup",{vpc:props.vpc})];this.securityGroupId=securityGroups[0].securityGroupId,this.connections=new connections_1.Connections({defaultPort:port_1.Port.tcp(props.service.port),securityGroups}),props.open!==!1&&this.connections.allowDefaultPortFrom(peer_1.Peer.ipv4(props.vpc.vpcCidrBlock));const subnetIds=this.endpointSubnets(props),endpoint=new ec2_generated_1.CfnVPCEndpoint(this,"Resource",{privateDnsEnabled:props.privateDnsEnabled??props.service.privateDnsDefault??!0,policyDocument:core_1.Lazy.any({produce:()=>this.policyDocument}),securityGroupIds:securityGroups.map(s=>s.securityGroupId),serviceName:props.service.name,vpcEndpointType:VpcEndpointType.INTERFACE,subnetIds,vpcId:props.vpc.vpcId});this.vpcEndpointId=endpoint.ref,this.vpcEndpointCreationTimestamp=endpoint.attrCreationTimestamp,this.vpcEndpointDnsEntries=endpoint.attrDnsEntries,this.vpcEndpointNetworkInterfaceIds=endpoint.attrNetworkInterfaceIds}static fromInterfaceVpcEndpointAttributes(scope,id,attrs){try{jsiiDeprecationWarnings.aws_cdk_lib_aws_ec2_InterfaceVpcEndpointAttributes(attrs)}catch(error){throw process.env.JSII_DEBUG!=="1"&&error.name==="DeprecationError"&&Error.captureStackTrace(error,this.fromInterfaceVpcEndpointAttributes),error}const securityGroups=attrs.securityGroupId?[security_group_1.SecurityGroup.fromSecurityGroupId(scope,"SecurityGroup",attrs.securityGroupId)]:attrs.securityGroups;class Import extends core_1.Resource{constructor(){super(...arguments),this.vpcEndpointId=attrs.vpcEndpointId,this.connections=new connections_1.Connections({defaultPort:port_1.Port.tcp(attrs.port),securityGroups})}}return new Import(scope,id)}endpointSubnets(props){const lookupSupportedAzs=props.lookupSupportedAzs??!1,subnetSelection=props.vpc.selectSubnets({...props.subnets,onePerAz:!0}),subnets=subnetSelection.subnets;if(!subnetSelection.isPendingLookup&&subnetSelection.subnets.length==0)throw new Error("Cannot create a VPC Endpoint with no subnets");if(!lookupSupportedAzs)return subnetSelection.subnetIds;const lookupServiceName=core_1.Token.isUnresolved(props.service.name)&&props.service instanceof InterfaceVpcEndpointAwsService?core_1.Stack.of(this).resolve(props.service.name):props.service.name;this.validateCanLookupSupportedAzs(subnets,lookupServiceName);const availableAZs=this.availableAvailabilityZones(lookupServiceName),filteredSubnets=subnets.filter(s=>availableAZs.includes(s.availabilityZone));if(filteredSubnets.length==0)throw new Error(`lookupSupportedAzs returned ${availableAZs} but subnets have AZs ${subnets.map(s=>s.availabilityZone)}`);return filteredSubnets.map(s=>s.subnetId)}validateCanLookupSupportedAzs(subnets,serviceName){const agnosticAcct=core_1.Token.isUnresolved(this.env.account),agnosticRegion=core_1.Token.isUnresolved(this.env.region),agnosticService=core_1.Token.isUnresolved(serviceName),agnosticSubnets=subnets.some(s=>core_1.Token.isUnresolved(s.availabilityZone)),agnosticSubnetList=core_1.Token.isUnresolved(subnets.map(s=>s.availabilityZone));if(agnosticAcct||agnosticRegion)throw new Error("Cannot look up VPC endpoint availability zones if account/region are not specified");if(agnosticService)throw new Error(`Cannot lookup AZs for a service name with a Token: ${serviceName}`);if(agnosticSubnets||agnosticSubnetList){const agnostic=subnets.filter(s=>core_1.Token.isUnresolved(s.availabilityZone));throw new Error(`lookupSupportedAzs cannot filter on subnets with Token AZs: ${agnostic}`)}}availableAvailabilityZones(serviceName){const availableAZs=core_1.ContextProvider.getValue(this,{provider:cxschema.ContextProvider.ENDPOINT_SERVICE_AVAILABILITY_ZONE_PROVIDER,dummyValue:this.stack.availabilityZones,props:{serviceName}}).value;if(!Array.isArray(availableAZs))throw new Error(`Discovered AZs for endpoint service ${serviceName} must be an array`);return availableAZs}}exports.InterfaceVpcEndpoint=InterfaceVpcEndpoint,_f=JSII_RTTI_SYMBOL_1,InterfaceVpcEndpoint[_f]={fqn:"aws-cdk-lib.aws_ec2.InterfaceVpcEndpoint",version:"2.52.0"};
+"use strict";var _a,_b,_c,_d,_e,_f;Object.defineProperty(exports,"__esModule",{value:!0}),exports.InterfaceVpcEndpoint=exports.InterfaceVpcEndpointAwsService=exports.InterfaceVpcEndpointService=exports.GatewayVpcEndpoint=exports.GatewayVpcEndpointAwsService=exports.VpcEndpointType=exports.VpcEndpoint=void 0;const jsiiDeprecationWarnings=require("../../.warnings.jsii.js"),JSII_RTTI_SYMBOL_1=Symbol.for("jsii.rtti"),iam=require("../../aws-iam"),cxschema=require("../../cloud-assembly-schema"),core_1=require("../../core"),connections_1=require("./connections"),ec2_generated_1=require("./ec2.generated"),peer_1=require("./peer"),port_1=require("./port"),security_group_1=require("./security-group"),util_1=require("./util");class VpcEndpoint extends core_1.Resource{addToPolicy(statement){try{jsiiDeprecationWarnings.aws_cdk_lib_aws_iam_PolicyStatement(statement)}catch(error){throw process.env.JSII_DEBUG!=="1"&&error.name==="DeprecationError"&&Error.captureStackTrace(error,this.addToPolicy),error}if(!statement.hasPrincipal)throw new Error("Statement must have a `Principal`.");this.policyDocument||(this.policyDocument=new iam.PolicyDocument),this.policyDocument.addStatements(statement)}}exports.VpcEndpoint=VpcEndpoint,_a=JSII_RTTI_SYMBOL_1,VpcEndpoint[_a]={fqn:"aws-cdk-lib.aws_ec2.VpcEndpoint",version:"2.52.1"};var VpcEndpointType;(function(VpcEndpointType2){VpcEndpointType2.INTERFACE="Interface",VpcEndpointType2.GATEWAY="Gateway"})(VpcEndpointType=exports.VpcEndpointType||(exports.VpcEndpointType={}));class GatewayVpcEndpointAwsService{constructor(name,prefix){this.name=`${prefix||"com.amazonaws"}.${core_1.Aws.REGION}.${name}`}}exports.GatewayVpcEndpointAwsService=GatewayVpcEndpointAwsService,_b=JSII_RTTI_SYMBOL_1,GatewayVpcEndpointAwsService[_b]={fqn:"aws-cdk-lib.aws_ec2.GatewayVpcEndpointAwsService",version:"2.52.1"},GatewayVpcEndpointAwsService.DYNAMODB=new GatewayVpcEndpointAwsService("dynamodb"),GatewayVpcEndpointAwsService.S3=new GatewayVpcEndpointAwsService("s3");class GatewayVpcEndpoint extends VpcEndpoint{constructor(scope,id,props){super(scope,id);try{jsiiDeprecationWarnings.aws_cdk_lib_aws_ec2_GatewayVpcEndpointProps(props)}catch(error){throw process.env.JSII_DEBUG!=="1"&&error.name==="DeprecationError"&&Error.captureStackTrace(error,GatewayVpcEndpoint),error}const subnets=props.subnets?util_1.flatten(props.subnets.map(s=>props.vpc.selectSubnets(s).subnets)):[...props.vpc.privateSubnets,...props.vpc.publicSubnets,...props.vpc.isolatedSubnets],routeTableIds=util_1.allRouteTableIds(subnets);if(routeTableIds.length===0)throw new Error("Can't add a gateway endpoint to VPC; route table IDs are not available");const endpoint=new ec2_generated_1.CfnVPCEndpoint(this,"Resource",{policyDocument:core_1.Lazy.any({produce:()=>this.policyDocument}),routeTableIds,serviceName:props.service.name,vpcEndpointType:VpcEndpointType.GATEWAY,vpcId:props.vpc.vpcId});this.vpcEndpointId=endpoint.ref,this.vpcEndpointCreationTimestamp=endpoint.attrCreationTimestamp,this.vpcEndpointDnsEntries=endpoint.attrDnsEntries,this.vpcEndpointNetworkInterfaceIds=endpoint.attrNetworkInterfaceIds}static fromGatewayVpcEndpointId(scope,id,gatewayVpcEndpointId){class Import extends VpcEndpoint{constructor(){super(...arguments),this.vpcEndpointId=gatewayVpcEndpointId}}return new Import(scope,id)}}exports.GatewayVpcEndpoint=GatewayVpcEndpoint,_c=JSII_RTTI_SYMBOL_1,GatewayVpcEndpoint[_c]={fqn:"aws-cdk-lib.aws_ec2.GatewayVpcEndpoint",version:"2.52.1"};class InterfaceVpcEndpointService{constructor(name,port){this.privateDnsDefault=!1,this.name=name,this.port=port||443}}exports.InterfaceVpcEndpointService=InterfaceVpcEndpointService,_d=JSII_RTTI_SYMBOL_1,InterfaceVpcEndpointService[_d]={fqn:"aws-cdk-lib.aws_ec2.InterfaceVpcEndpointService",version:"2.52.1"};class InterfaceVpcEndpointAwsService{constructor(name,prefix,port){this.privateDnsDefault=!0;const region=core_1.Lazy.uncachedString({produce:context=>core_1.Stack.of(context.scope).region}),defaultEndpointPrefix=core_1.Lazy.uncachedString({produce:context=>{const regionName=core_1.Stack.of(context.scope).region;return this.getDefaultEndpointPrefix(name,regionName)}}),defaultEndpointSuffix=core_1.Lazy.uncachedString({produce:context=>{const regionName=core_1.Stack.of(context.scope).region;return this.getDefaultEndpointSuffix(name,regionName)}});this.name=`${prefix||defaultEndpointPrefix}.${region}.${name}${defaultEndpointSuffix}`,this.shortName=name,this.port=port||443}getDefaultEndpointPrefix(name,region){return{"cn-north-1":["application-autoscaling","athena","autoscaling","awsconnector","cassandra","cloudformation","codedeploy-commands-secure","databrew","dms","ebs","ec2","ecr.api","ecr.dkr","elasticbeanstalk","elasticfilesystem","elasticfilesystem-fips","execute-api","imagebuilder","iotsitewise.api","iotsitewise.data","kinesis-streams","lambda","license-manager","monitoring","rds","redshift","redshift-data","s3","sagemaker.api","sagemaker.featurestore-runtime","sagemaker.runtime","servicecatalog","sms","sqs","states","sts","synthetics","transcribe","transcribestreaming","transfer","xray"],"cn-northwest-1":["application-autoscaling","athena","autoscaling","awsconnector","cassandra","cloudformation","codedeploy-commands-secure","databrew","dms","ebs","ec2","ecr.api","ecr.dkr","elasticbeanstalk","elasticfilesystem","elasticfilesystem-fips","execute-api","imagebuilder","kinesis-streams","lambda","license-manager","monitoring","rds","redshift","redshift-data","s3","sagemaker.api","sagemaker.featurestore-runtime","sagemaker.runtime","servicecatalog","sms","sqs","states","sts","synthetics","transcribe","transcribestreaming","transfer","workspaces","xray"]}[region]?.includes(name)?"cn.com.amazonaws":"com.amazonaws"}getDefaultEndpointSuffix(name,region){return{"cn-north-1":["transcribe"],"cn-northwest-1":["transcribe"]}[region]?.includes(name)?".cn":""}}exports.InterfaceVpcEndpointAwsService=InterfaceVpcEndpointAwsService,_e=JSII_RTTI_SYMBOL_1,InterfaceVpcEndpointAwsService[_e]={fqn:"aws-cdk-lib.aws_ec2.InterfaceVpcEndpointAwsService",version:"2.52.1"},InterfaceVpcEndpointAwsService.SAGEMAKER_STUDIO=new InterfaceVpcEndpointAwsService("studio","aws.sagemaker"),InterfaceVpcEndpointAwsService.SAGEMAKER_NOTEBOOK=new InterfaceVpcEndpointAwsService("notebook","aws.sagemaker"),InterfaceVpcEndpointAwsService.ACCESS_ANALYZER=new InterfaceVpcEndpointAwsService("access-analyzer"),InterfaceVpcEndpointAwsService.ACCOUNT_MANAGEMENT=new InterfaceVpcEndpointAwsService("account"),InterfaceVpcEndpointAwsService.APP_MESH=new InterfaceVpcEndpointAwsService("appmesh-envoy-management"),InterfaceVpcEndpointAwsService.APP_RUNNER=new InterfaceVpcEndpointAwsService("apprunner"),InterfaceVpcEndpointAwsService.APPLICATION_MIGRATION_SERVICE=new InterfaceVpcEndpointAwsService("mgn"),InterfaceVpcEndpointAwsService.ATHENA=new InterfaceVpcEndpointAwsService("athena"),InterfaceVpcEndpointAwsService.AUDIT_MANAGER=new InterfaceVpcEndpointAwsService("auditmanager"),InterfaceVpcEndpointAwsService.APPLICATION_AUTOSCALING=new InterfaceVpcEndpointAwsService("application-autoscaling"),InterfaceVpcEndpointAwsService.AUTOSCALING=new InterfaceVpcEndpointAwsService("autoscaling"),InterfaceVpcEndpointAwsService.AUTOSCALING_PLANS=new InterfaceVpcEndpointAwsService("autoscaling-plans"),InterfaceVpcEndpointAwsService.BATCH=new InterfaceVpcEndpointAwsService("batch"),InterfaceVpcEndpointAwsService.BILLING_CONDUCTOR=new InterfaceVpcEndpointAwsService("billingconductor"),InterfaceVpcEndpointAwsService.BRAKET=new InterfaceVpcEndpointAwsService("braket"),InterfaceVpcEndpointAwsService.PRIVATE_CERTIFICATE_AUTHORITY=new InterfaceVpcEndpointAwsService("acm-pca"),InterfaceVpcEndpointAwsService.CLOUD_DIRECTORY=new InterfaceVpcEndpointAwsService("clouddirectory"),InterfaceVpcEndpointAwsService.CLOUDFORMATION=new InterfaceVpcEndpointAwsService("cloudformation"),InterfaceVpcEndpointAwsService.CLOUDHSM=new InterfaceVpcEndpointAwsService("cloudhsmv2"),InterfaceVpcEndpointAwsService.CLOUDTRAIL=new InterfaceVpcEndpointAwsService("cloudtrail"),InterfaceVpcEndpointAwsService.CODEARTIFACT_API=new InterfaceVpcEndpointAwsService("codeartifact.api"),InterfaceVpcEndpointAwsService.CODEARTIFACT_REPOSITORIES=new InterfaceVpcEndpointAwsService("codeartifact.repositories"),InterfaceVpcEndpointAwsService.CODEBUILD=new InterfaceVpcEndpointAwsService("codebuild"),InterfaceVpcEndpointAwsService.CODEBUILD_FIPS=new InterfaceVpcEndpointAwsService("codebuild-fips"),InterfaceVpcEndpointAwsService.CODECOMMIT=new InterfaceVpcEndpointAwsService("codecommit"),InterfaceVpcEndpointAwsService.CODECOMMIT_FIPS=new InterfaceVpcEndpointAwsService("codecommit-fips"),InterfaceVpcEndpointAwsService.CODEGURU_PROFILER=new InterfaceVpcEndpointAwsService("codeguru-profiler"),InterfaceVpcEndpointAwsService.CODEGURU_REVIEWER=new InterfaceVpcEndpointAwsService("codeguru-reviewer"),InterfaceVpcEndpointAwsService.CODEPIPELINE=new InterfaceVpcEndpointAwsService("codepipeline"),InterfaceVpcEndpointAwsService.CODESTAR_CONNECTIONS=new InterfaceVpcEndpointAwsService("codestar-connections.api"),InterfaceVpcEndpointAwsService.COMPREHEND=new InterfaceVpcEndpointAwsService("comprehend"),InterfaceVpcEndpointAwsService.COMPREHEND_MEDICAL=new InterfaceVpcEndpointAwsService("comprehendmedical"),InterfaceVpcEndpointAwsService.CONFIG=new InterfaceVpcEndpointAwsService("config"),InterfaceVpcEndpointAwsService.DATA_EXCHANGE=new InterfaceVpcEndpointAwsService("dataexchange"),InterfaceVpcEndpointAwsService.DATASYNC=new InterfaceVpcEndpointAwsService("datasync"),InterfaceVpcEndpointAwsService.DEVOPS_GURU=new InterfaceVpcEndpointAwsService("devops-guru"),InterfaceVpcEndpointAwsService.EBS_DIRECT=new InterfaceVpcEndpointAwsService("ebs"),InterfaceVpcEndpointAwsService.EC2=new InterfaceVpcEndpointAwsService("ec2"),InterfaceVpcEndpointAwsService.EC2_MESSAGES=new InterfaceVpcEndpointAwsService("ec2messages"),InterfaceVpcEndpointAwsService.IMAGE_BUILDER=new InterfaceVpcEndpointAwsService("imagebuilder"),InterfaceVpcEndpointAwsService.ECR=new InterfaceVpcEndpointAwsService("ecr.api"),InterfaceVpcEndpointAwsService.ECR_DOCKER=new InterfaceVpcEndpointAwsService("ecr.dkr"),InterfaceVpcEndpointAwsService.ECS=new InterfaceVpcEndpointAwsService("ecs"),InterfaceVpcEndpointAwsService.ECS_AGENT=new InterfaceVpcEndpointAwsService("ecs-agent"),InterfaceVpcEndpointAwsService.ECS_TELEMETRY=new InterfaceVpcEndpointAwsService("ecs-telemetry"),InterfaceVpcEndpointAwsService.ELASTIC_FILESYSTEM=new InterfaceVpcEndpointAwsService("elasticfilesystem"),InterfaceVpcEndpointAwsService.ELASTIC_FILESYSTEM_FIPS=new InterfaceVpcEndpointAwsService("elasticfilesystem-fips"),InterfaceVpcEndpointAwsService.ELASTIC_INFERENCE_RUNTIME=new InterfaceVpcEndpointAwsService("elastic-inference.runtime"),InterfaceVpcEndpointAwsService.ELASTIC_LOAD_BALANCING=new InterfaceVpcEndpointAwsService("elasticloadbalancing"),InterfaceVpcEndpointAwsService.ELASTICACHE=new InterfaceVpcEndpointAwsService("elasticache"),InterfaceVpcEndpointAwsService.EMR=new InterfaceVpcEndpointAwsService("elasticmapreduce"),InterfaceVpcEndpointAwsService.EMR_EKS=new InterfaceVpcEndpointAwsService("emr-containers"),InterfaceVpcEndpointAwsService.EMR_SERVERLESS=new InterfaceVpcEndpointAwsService(".emr-serverless"),InterfaceVpcEndpointAwsService.CLOUDWATCH_EVENTS=new InterfaceVpcEndpointAwsService("events"),InterfaceVpcEndpointAwsService.APIGATEWAY=new InterfaceVpcEndpointAwsService("execute-api"),InterfaceVpcEndpointAwsService.FAULT_INJECTION_SIMULATOR=new InterfaceVpcEndpointAwsService("fis"),InterfaceVpcEndpointAwsService.FRAUD_DETECTOR=new InterfaceVpcEndpointAwsService("frauddetector"),InterfaceVpcEndpointAwsService.CODECOMMIT_GIT=new InterfaceVpcEndpointAwsService("git-codecommit"),InterfaceVpcEndpointAwsService.CODECOMMIT_GIT_FIPS=new InterfaceVpcEndpointAwsService("git-codecommit-fips"),InterfaceVpcEndpointAwsService.GLUE=new InterfaceVpcEndpointAwsService("glue"),InterfaceVpcEndpointAwsService.GLUE_DATABREW=new InterfaceVpcEndpointAwsService("databrew"),InterfaceVpcEndpointAwsService.GRAFANA=new InterfaceVpcEndpointAwsService("grafana"),InterfaceVpcEndpointAwsService.GROUNDSTATION=new InterfaceVpcEndpointAwsService("groundstation"),InterfaceVpcEndpointAwsService.HEALTHLAKE=new InterfaceVpcEndpointAwsService("healthlake"),InterfaceVpcEndpointAwsService.IAM_IDENTITY_CENTER=new InterfaceVpcEndpointAwsService("identitystore"),InterfaceVpcEndpointAwsService.IAM_ROLES_ANYWHERE=new InterfaceVpcEndpointAwsService("rolesanywhere"),InterfaceVpcEndpointAwsService.INSPECTOR=new InterfaceVpcEndpointAwsService("inspector2"),InterfaceVpcEndpointAwsService.IOT_CORE=new InterfaceVpcEndpointAwsService("iot.data"),InterfaceVpcEndpointAwsService.IOT_GREENGRASS=new InterfaceVpcEndpointAwsService("greengrass"),InterfaceVpcEndpointAwsService.KEYSPACES=new InterfaceVpcEndpointAwsService("cassandra","",9142),InterfaceVpcEndpointAwsService.KINESIS_STREAMS=new InterfaceVpcEndpointAwsService("kinesis-streams"),InterfaceVpcEndpointAwsService.KINESIS_FIREHOSE=new InterfaceVpcEndpointAwsService("kinesis-firehose"),InterfaceVpcEndpointAwsService.KMS=new InterfaceVpcEndpointAwsService("kms"),InterfaceVpcEndpointAwsService.CLOUDWATCH_LOGS=new InterfaceVpcEndpointAwsService("logs"),InterfaceVpcEndpointAwsService.CLOUDWATCH=new InterfaceVpcEndpointAwsService("monitoring"),InterfaceVpcEndpointAwsService.RDS=new InterfaceVpcEndpointAwsService("rds"),InterfaceVpcEndpointAwsService.ROBOMAKER=new InterfaceVpcEndpointAwsService("robomaker"),InterfaceVpcEndpointAwsService.RDS_DATA=new InterfaceVpcEndpointAwsService("rds-data"),InterfaceVpcEndpointAwsService.S3=new InterfaceVpcEndpointAwsService("s3"),InterfaceVpcEndpointAwsService.S3_OUTPOSTS=new InterfaceVpcEndpointAwsService("s3-outposts"),InterfaceVpcEndpointAwsService.SAGEMAKER_API=new InterfaceVpcEndpointAwsService("sagemaker.api"),InterfaceVpcEndpointAwsService.SAGEMAKER_RUNTIME=new InterfaceVpcEndpointAwsService("sagemaker.runtime"),InterfaceVpcEndpointAwsService.SAGEMAKER_RUNTIME_FIPS=new InterfaceVpcEndpointAwsService("sagemaker.runtime-fips"),InterfaceVpcEndpointAwsService.SECRETS_MANAGER=new InterfaceVpcEndpointAwsService("secretsmanager"),InterfaceVpcEndpointAwsService.SERVICE_CATALOG=new InterfaceVpcEndpointAwsService("servicecatalog"),InterfaceVpcEndpointAwsService.SES=new InterfaceVpcEndpointAwsService("email-smtp"),InterfaceVpcEndpointAwsService.SNS=new InterfaceVpcEndpointAwsService("sns"),InterfaceVpcEndpointAwsService.SQS=new InterfaceVpcEndpointAwsService("sqs"),InterfaceVpcEndpointAwsService.SSM=new InterfaceVpcEndpointAwsService("ssm"),InterfaceVpcEndpointAwsService.SSM_MESSAGES=new InterfaceVpcEndpointAwsService("ssmmessages"),InterfaceVpcEndpointAwsService.STS=new InterfaceVpcEndpointAwsService("sts"),InterfaceVpcEndpointAwsService.SNOW_DEVICE_MANAGEMENT=new InterfaceVpcEndpointAwsService("snow-device-management"),InterfaceVpcEndpointAwsService.TEXTRACT=new InterfaceVpcEndpointAwsService("textract"),InterfaceVpcEndpointAwsService.TEXTRACT_FIPS=new InterfaceVpcEndpointAwsService("textract-fips"),InterfaceVpcEndpointAwsService.TRANSFER=new InterfaceVpcEndpointAwsService("transfer.server"),InterfaceVpcEndpointAwsService.STORAGE_GATEWAY=new InterfaceVpcEndpointAwsService("storagegateway"),InterfaceVpcEndpointAwsService.REKOGNITION=new InterfaceVpcEndpointAwsService("rekognition"),InterfaceVpcEndpointAwsService.REKOGNITION_FIPS=new InterfaceVpcEndpointAwsService("rekognition-fips"),InterfaceVpcEndpointAwsService.STEP_FUNCTIONS=new InterfaceVpcEndpointAwsService("states"),InterfaceVpcEndpointAwsService.LAMBDA=new InterfaceVpcEndpointAwsService("lambda"),InterfaceVpcEndpointAwsService.TRANSCRIBE=new InterfaceVpcEndpointAwsService("transcribe"),InterfaceVpcEndpointAwsService.WORKSPACES=new InterfaceVpcEndpointAwsService("workspaces"),InterfaceVpcEndpointAwsService.XRAY=new InterfaceVpcEndpointAwsService("xray"),InterfaceVpcEndpointAwsService.SECURITYHUB=new InterfaceVpcEndpointAwsService("securityhub"),InterfaceVpcEndpointAwsService.EMAIL_SMTP=new InterfaceVpcEndpointAwsService("email-smtp");class InterfaceVpcEndpoint extends VpcEndpoint{constructor(scope,id,props){super(scope,id);try{jsiiDeprecationWarnings.aws_cdk_lib_aws_ec2_InterfaceVpcEndpointProps(props)}catch(error){throw process.env.JSII_DEBUG!=="1"&&error.name==="DeprecationError"&&Error.captureStackTrace(error,InterfaceVpcEndpoint),error}const securityGroups=props.securityGroups||[new security_group_1.SecurityGroup(this,"SecurityGroup",{vpc:props.vpc})];this.securityGroupId=securityGroups[0].securityGroupId,this.connections=new connections_1.Connections({defaultPort:port_1.Port.tcp(props.service.port),securityGroups}),props.open!==!1&&this.connections.allowDefaultPortFrom(peer_1.Peer.ipv4(props.vpc.vpcCidrBlock));const subnetIds=this.endpointSubnets(props),endpoint=new ec2_generated_1.CfnVPCEndpoint(this,"Resource",{privateDnsEnabled:props.privateDnsEnabled??props.service.privateDnsDefault??!0,policyDocument:core_1.Lazy.any({produce:()=>this.policyDocument}),securityGroupIds:securityGroups.map(s=>s.securityGroupId),serviceName:props.service.name,vpcEndpointType:VpcEndpointType.INTERFACE,subnetIds,vpcId:props.vpc.vpcId});this.vpcEndpointId=endpoint.ref,this.vpcEndpointCreationTimestamp=endpoint.attrCreationTimestamp,this.vpcEndpointDnsEntries=endpoint.attrDnsEntries,this.vpcEndpointNetworkInterfaceIds=endpoint.attrNetworkInterfaceIds}static fromInterfaceVpcEndpointAttributes(scope,id,attrs){try{jsiiDeprecationWarnings.aws_cdk_lib_aws_ec2_InterfaceVpcEndpointAttributes(attrs)}catch(error){throw process.env.JSII_DEBUG!=="1"&&error.name==="DeprecationError"&&Error.captureStackTrace(error,this.fromInterfaceVpcEndpointAttributes),error}const securityGroups=attrs.securityGroupId?[security_group_1.SecurityGroup.fromSecurityGroupId(scope,"SecurityGroup",attrs.securityGroupId)]:attrs.securityGroups;class Import extends core_1.Resource{constructor(){super(...arguments),this.vpcEndpointId=attrs.vpcEndpointId,this.connections=new connections_1.Connections({defaultPort:port_1.Port.tcp(attrs.port),securityGroups})}}return new Import(scope,id)}endpointSubnets(props){const lookupSupportedAzs=props.lookupSupportedAzs??!1,subnetSelection=props.vpc.selectSubnets({...props.subnets,onePerAz:!0}),subnets=subnetSelection.subnets;if(!subnetSelection.isPendingLookup&&subnetSelection.subnets.length==0)throw new Error("Cannot create a VPC Endpoint with no subnets");if(!lookupSupportedAzs)return subnetSelection.subnetIds;const lookupServiceName=core_1.Token.isUnresolved(props.service.name)&&props.service instanceof InterfaceVpcEndpointAwsService?core_1.Stack.of(this).resolve(props.service.name):props.service.name;this.validateCanLookupSupportedAzs(subnets,lookupServiceName);const availableAZs=this.availableAvailabilityZones(lookupServiceName),filteredSubnets=subnets.filter(s=>availableAZs.includes(s.availabilityZone));if(filteredSubnets.length==0)throw new Error(`lookupSupportedAzs returned ${availableAZs} but subnets have AZs ${subnets.map(s=>s.availabilityZone)}`);return filteredSubnets.map(s=>s.subnetId)}validateCanLookupSupportedAzs(subnets,serviceName){const agnosticAcct=core_1.Token.isUnresolved(this.env.account),agnosticRegion=core_1.Token.isUnresolved(this.env.region),agnosticService=core_1.Token.isUnresolved(serviceName),agnosticSubnets=subnets.some(s=>core_1.Token.isUnresolved(s.availabilityZone)),agnosticSubnetList=core_1.Token.isUnresolved(subnets.map(s=>s.availabilityZone));if(agnosticAcct||agnosticRegion)throw new Error("Cannot look up VPC endpoint availability zones if account/region are not specified");if(agnosticService)throw new Error(`Cannot lookup AZs for a service name with a Token: ${serviceName}`);if(agnosticSubnets||agnosticSubnetList){const agnostic=subnets.filter(s=>core_1.Token.isUnresolved(s.availabilityZone));throw new Error(`lookupSupportedAzs cannot filter on subnets with Token AZs: ${agnostic}`)}}availableAvailabilityZones(serviceName){const availableAZs=core_1.ContextProvider.getValue(this,{provider:cxschema.ContextProvider.ENDPOINT_SERVICE_AVAILABILITY_ZONE_PROVIDER,dummyValue:this.stack.availabilityZones,props:{serviceName}}).value;if(!Array.isArray(availableAZs))throw new Error(`Discovered AZs for endpoint service ${serviceName} must be an array`);return availableAZs}}exports.InterfaceVpcEndpoint=InterfaceVpcEndpoint,_f=JSII_RTTI_SYMBOL_1,InterfaceVpcEndpoint[_f]={fqn:"aws-cdk-lib.aws_ec2.InterfaceVpcEndpoint",version:"2.52.1"};
 //# sourceMappingURL=vpc-endpoint.js.map

package/aws-ec2/lib/vpc-flow-logs.js

@@ -1,2 +1,2 @@
-"use strict";var _a,_b,_c,_d;Object.defineProperty(exports,"__esModule",{value:!0}),exports.FlowLog=exports.LogFormat=exports.FlowLogMaxAggregationInterval=exports.FlowLogDestination=exports.FlowLogFileFormat=exports.FlowLogResourceType=exports.FlowLogDestinationType=exports.FlowLogTrafficType=void 0;const jsiiDeprecationWarnings=require("../../.warnings.jsii.js"),JSII_RTTI_SYMBOL_1=Symbol.for("jsii.rtti"),iam=require("../../aws-iam"),logs=require("../../aws-logs"),s3=require("../../aws-s3"),core_1=require("../../core"),cx_api_1=require("../../cx-api"),ec2_generated_1=require("./ec2.generated");var FlowLogTrafficType;(function(FlowLogTrafficType2){FlowLogTrafficType2.ACCEPT="ACCEPT",FlowLogTrafficType2.ALL="ALL",FlowLogTrafficType2.REJECT="REJECT"})(FlowLogTrafficType=exports.FlowLogTrafficType||(exports.FlowLogTrafficType={}));var FlowLogDestinationType;(function(FlowLogDestinationType2){FlowLogDestinationType2.CLOUD_WATCH_LOGS="cloud-watch-logs",FlowLogDestinationType2.S3="s3"})(FlowLogDestinationType=exports.FlowLogDestinationType||(exports.FlowLogDestinationType={}));class FlowLogResourceType{static fromSubnet(subnet){try{jsiiDeprecationWarnings.aws_cdk_lib_aws_ec2_ISubnet(subnet)}catch(error){throw process.env.JSII_DEBUG!=="1"&&error.name==="DeprecationError"&&Error.captureStackTrace(error,this.fromSubnet),error}return{resourceType:"Subnet",resourceId:subnet.subnetId}}static fromVpc(vpc){try{jsiiDeprecationWarnings.aws_cdk_lib_aws_ec2_IVpc(vpc)}catch(error){throw process.env.JSII_DEBUG!=="1"&&error.name==="DeprecationError"&&Error.captureStackTrace(error,this.fromVpc),error}return{resourceType:"VPC",resourceId:vpc.vpcId}}static fromNetworkInterfaceId(id){return{resourceType:"NetworkInterface",resourceId:id}}}exports.FlowLogResourceType=FlowLogResourceType,_a=JSII_RTTI_SYMBOL_1,FlowLogResourceType[_a]={fqn:"aws-cdk-lib.aws_ec2.FlowLogResourceType",version:"2.52.0"};var FlowLogFileFormat;(function(FlowLogFileFormat2){FlowLogFileFormat2.PLAIN_TEXT="plain-text",FlowLogFileFormat2.PARQUET="parquet"})(FlowLogFileFormat=exports.FlowLogFileFormat||(exports.FlowLogFileFormat={}));class FlowLogDestination{static toCloudWatchLogs(logGroup,iamRole){try{jsiiDeprecationWarnings.aws_cdk_lib_aws_logs_ILogGroup(logGroup),jsiiDeprecationWarnings.aws_cdk_lib_aws_iam_IRole(iamRole)}catch(error){throw process.env.JSII_DEBUG!=="1"&&error.name==="DeprecationError"&&Error.captureStackTrace(error,this.toCloudWatchLogs),error}return new CloudWatchLogsDestination({logDestinationType:FlowLogDestinationType.CLOUD_WATCH_LOGS,logGroup,iamRole})}static toS3(bucket,keyPrefix,options){try{jsiiDeprecationWarnings.aws_cdk_lib_aws_s3_IBucket(bucket),jsiiDeprecationWarnings.aws_cdk_lib_aws_ec2_S3DestinationOptions(options)}catch(error){throw process.env.JSII_DEBUG!=="1"&&error.name==="DeprecationError"&&Error.captureStackTrace(error,this.toS3),error}return new S3Destination({logDestinationType:FlowLogDestinationType.S3,s3Bucket:bucket,keyPrefix,destinationOptions:options})}}exports.FlowLogDestination=FlowLogDestination,_b=JSII_RTTI_SYMBOL_1,FlowLogDestination[_b]={fqn:"aws-cdk-lib.aws_ec2.FlowLogDestination",version:"2.52.0"};class S3Destination extends FlowLogDestination{constructor(props){super(),this.props=props}bind(scope,_flowLog){let s3Bucket;if(this.props.s3Bucket===void 0?s3Bucket=new s3.Bucket(scope,"Bucket",{encryption:s3.BucketEncryption.UNENCRYPTED,removalPolicy:core_1.RemovalPolicy.RETAIN}):s3Bucket=this.props.s3Bucket,core_1.FeatureFlags.of(scope).isEnabled(cx_api_1.S3_CREATE_DEFAULT_LOGGING_POLICY)){const stack=core_1.Stack.of(scope);let keyPrefix=this.props.keyPrefix??"";keyPrefix&&!keyPrefix.endsWith("/")&&(keyPrefix=keyPrefix+"/");const prefix=this.props.destinationOptions?.hiveCompatiblePartitions?s3Bucket.arnForObjects(`${keyPrefix}AWSLogs/aws-account-id=${stack.account}/*`):s3Bucket.arnForObjects(`${keyPrefix}AWSLogs/${stack.account}/*`);s3Bucket.addToResourcePolicy(new iam.PolicyStatement({effect:iam.Effect.ALLOW,principals:[new iam.ServicePrincipal("delivery.logs.amazonaws.com")],resources:[prefix],actions:["s3:PutObject"],conditions:{StringEquals:{"s3:x-amz-acl":"bucket-owner-full-control","aws:SourceAccount":stack.account},ArnLike:{"aws:SourceArn":stack.formatArn({service:"logs",resource:"*"})}}})),s3Bucket.addToResourcePolicy(new iam.PolicyStatement({effect:iam.Effect.ALLOW,principals:[new iam.ServicePrincipal("delivery.logs.amazonaws.com")],resources:[s3Bucket.bucketArn],actions:["s3:GetBucketAcl","s3:ListBucket"],conditions:{StringEquals:{"aws:SourceAccount":stack.account},ArnLike:{"aws:SourceArn":stack.formatArn({service:"logs",resource:"*"})}}}))}return{logDestinationType:FlowLogDestinationType.S3,s3Bucket,keyPrefix:this.props.keyPrefix,destinationOptions:this.props.destinationOptions?.fileFormat||this.props.destinationOptions?.perHourPartition||this.props.destinationOptions?.hiveCompatiblePartitions?{fileFormat:this.props.destinationOptions.fileFormat??FlowLogFileFormat.PLAIN_TEXT,perHourPartition:this.props.destinationOptions.perHourPartition??!1,hiveCompatiblePartitions:this.props.destinationOptions.hiveCompatiblePartitions??!1}:void 0}}}class CloudWatchLogsDestination extends FlowLogDestination{constructor(props){super(),this.props=props}bind(scope,_flowLog){let iamRole,logGroup;return this.props.iamRole===void 0?iamRole=new iam.Role(scope,"IAMRole",{roleName:core_1.PhysicalName.GENERATE_IF_NEEDED,assumedBy:new iam.ServicePrincipal("vpc-flow-logs.amazonaws.com")}):iamRole=this.props.iamRole,this.props.logGroup===void 0?logGroup=new logs.LogGroup(scope,"LogGroup"):logGroup=this.props.logGroup,iamRole.addToPrincipalPolicy(new iam.PolicyStatement({actions:["logs:CreateLogStream","logs:PutLogEvents","logs:DescribeLogStreams"],effect:iam.Effect.ALLOW,resources:[logGroup.logGroupArn]})),iamRole.addToPrincipalPolicy(new iam.PolicyStatement({actions:["iam:PassRole"],effect:iam.Effect.ALLOW,resources:[iamRole.roleArn]})),{logDestinationType:FlowLogDestinationType.CLOUD_WATCH_LOGS,logGroup,iamRole}}}var FlowLogMaxAggregationInterval;(function(FlowLogMaxAggregationInterval2){FlowLogMaxAggregationInterval2[FlowLogMaxAggregationInterval2.ONE_MINUTE=60]="ONE_MINUTE",FlowLogMaxAggregationInterval2[FlowLogMaxAggregationInterval2.TEN_MINUTES=600]="TEN_MINUTES"})(FlowLogMaxAggregationInterval=exports.FlowLogMaxAggregationInterval||(exports.FlowLogMaxAggregationInterval={}));class LogFormat{constructor(value){this.value=value}static custom(formatString){return new LogFormat(formatString)}static field(field){return new LogFormat(`\${${field}}`)}}exports.LogFormat=LogFormat,_c=JSII_RTTI_SYMBOL_1,LogFormat[_c]={fqn:"aws-cdk-lib.aws_ec2.LogFormat",version:"2.52.0"},LogFormat.VERSION=new LogFormat("${version}"),LogFormat.ACCOUNT_ID=new LogFormat("${account-id}"),LogFormat.INTERFACE_ID=new LogFormat("${interface-id"),LogFormat.SRC_ADDR=new LogFormat("${srcaddr}"),LogFormat.DST_ADDR=new LogFormat("${dstaddr}"),LogFormat.SRC_PORT=new LogFormat("${srcport}"),LogFormat.DST_PORT=new LogFormat("${dstport}"),LogFormat.PROTOCOL=new LogFormat("${protocol}"),LogFormat.PACKETS=new LogFormat("${packets}"),LogFormat.BYTES=new LogFormat("${bytes}"),LogFormat.PKT_SRC_ADDR=new LogFormat("${pkt-srcaddr}"),LogFormat.PKT_DST_ADDR=new LogFormat("${pkt-dstaddr}"),LogFormat.REGION=new LogFormat("${region}"),LogFormat.AZ_ID=new LogFormat("${az-id}"),LogFormat.SUBLOCATION_TYPE=new LogFormat("${sublocation-type}"),LogFormat.SUBLOCATION_ID=new LogFormat("${sublocation-id}"),LogFormat.PKT_SRC_AWS_SERVICE=new LogFormat("${pkt-src-aws-service}"),LogFormat.PKT_DST_AWS_SERVICE=new LogFormat("${pkt-dst-aws-service}"),LogFormat.FLOW_DIRECTION=new LogFormat("${flow-direction}"),LogFormat.TRAFFIC_PATH=new LogFormat("${traffic-path}"),LogFormat.ALL_DEFAULT_FIELDS=new LogFormat("${version} ${account-id} ${interface-id} ${srcaddr} ${dstaddr} ${srcport} ${dstport} ${protocol} ${packets} ${bytes} ${start} ${end} ${action} ${log-status}");class FlowLogBase extends core_1.Resource{}class FlowLog extends FlowLogBase{constructor(scope,id,props){super(scope,id,{physicalName:props.flowLogName});try{jsiiDeprecationWarnings.aws_cdk_lib_aws_ec2_FlowLogProps(props)}catch(error){throw process.env.JSII_DEBUG!=="1"&&error.name==="DeprecationError"&&Error.captureStackTrace(error,FlowLog),error}const destinationConfig=(props.destination||FlowLogDestination.toCloudWatchLogs()).bind(this,this);this.logGroup=destinationConfig.logGroup,this.bucket=destinationConfig.s3Bucket,this.iamRole=destinationConfig.iamRole,this.keyPrefix=destinationConfig.keyPrefix;let logDestination;this.bucket&&(logDestination=this.keyPrefix?this.bucket.arnForObjects(this.keyPrefix):this.bucket.bucketArn);let customLogFormat;props.logFormat&&(customLogFormat=props.logFormat.map(elm=>elm.value).join(" "));const flowLog=new ec2_generated_1.CfnFlowLog(this,"FlowLog",{destinationOptions:destinationConfig.destinationOptions,deliverLogsPermissionArn:this.iamRole?this.iamRole.roleArn:void 0,logDestinationType:destinationConfig.logDestinationType,logGroupName:this.logGroup?this.logGroup.logGroupName:void 0,maxAggregationInterval:props.maxAggregationInterval,resourceId:props.resourceType.resourceId,resourceType:props.resourceType.resourceType,trafficType:props.trafficType?props.trafficType:FlowLogTrafficType.ALL,logFormat:customLogFormat,logDestination});this.flowLogId=flowLog.ref,this.node.defaultChild=flowLog}static fromFlowLogId(scope,id,flowLogId){class Import extends FlowLogBase{constructor(){super(...arguments),this.flowLogId=flowLogId}}return new Import(scope,id)}}exports.FlowLog=FlowLog,_d=JSII_RTTI_SYMBOL_1,FlowLog[_d]={fqn:"aws-cdk-lib.aws_ec2.FlowLog",version:"2.52.0"};
+"use strict";var _a,_b,_c,_d;Object.defineProperty(exports,"__esModule",{value:!0}),exports.FlowLog=exports.LogFormat=exports.FlowLogMaxAggregationInterval=exports.FlowLogDestination=exports.FlowLogFileFormat=exports.FlowLogResourceType=exports.FlowLogDestinationType=exports.FlowLogTrafficType=void 0;const jsiiDeprecationWarnings=require("../../.warnings.jsii.js"),JSII_RTTI_SYMBOL_1=Symbol.for("jsii.rtti"),iam=require("../../aws-iam"),logs=require("../../aws-logs"),s3=require("../../aws-s3"),core_1=require("../../core"),cx_api_1=require("../../cx-api"),ec2_generated_1=require("./ec2.generated");var FlowLogTrafficType;(function(FlowLogTrafficType2){FlowLogTrafficType2.ACCEPT="ACCEPT",FlowLogTrafficType2.ALL="ALL",FlowLogTrafficType2.REJECT="REJECT"})(FlowLogTrafficType=exports.FlowLogTrafficType||(exports.FlowLogTrafficType={}));var FlowLogDestinationType;(function(FlowLogDestinationType2){FlowLogDestinationType2.CLOUD_WATCH_LOGS="cloud-watch-logs",FlowLogDestinationType2.S3="s3"})(FlowLogDestinationType=exports.FlowLogDestinationType||(exports.FlowLogDestinationType={}));class FlowLogResourceType{static fromSubnet(subnet){try{jsiiDeprecationWarnings.aws_cdk_lib_aws_ec2_ISubnet(subnet)}catch(error){throw process.env.JSII_DEBUG!=="1"&&error.name==="DeprecationError"&&Error.captureStackTrace(error,this.fromSubnet),error}return{resourceType:"Subnet",resourceId:subnet.subnetId}}static fromVpc(vpc){try{jsiiDeprecationWarnings.aws_cdk_lib_aws_ec2_IVpc(vpc)}catch(error){throw process.env.JSII_DEBUG!=="1"&&error.name==="DeprecationError"&&Error.captureStackTrace(error,this.fromVpc),error}return{resourceType:"VPC",resourceId:vpc.vpcId}}static fromNetworkInterfaceId(id){return{resourceType:"NetworkInterface",resourceId:id}}}exports.FlowLogResourceType=FlowLogResourceType,_a=JSII_RTTI_SYMBOL_1,FlowLogResourceType[_a]={fqn:"aws-cdk-lib.aws_ec2.FlowLogResourceType",version:"2.52.1"};var FlowLogFileFormat;(function(FlowLogFileFormat2){FlowLogFileFormat2.PLAIN_TEXT="plain-text",FlowLogFileFormat2.PARQUET="parquet"})(FlowLogFileFormat=exports.FlowLogFileFormat||(exports.FlowLogFileFormat={}));class FlowLogDestination{static toCloudWatchLogs(logGroup,iamRole){try{jsiiDeprecationWarnings.aws_cdk_lib_aws_logs_ILogGroup(logGroup),jsiiDeprecationWarnings.aws_cdk_lib_aws_iam_IRole(iamRole)}catch(error){throw process.env.JSII_DEBUG!=="1"&&error.name==="DeprecationError"&&Error.captureStackTrace(error,this.toCloudWatchLogs),error}return new CloudWatchLogsDestination({logDestinationType:FlowLogDestinationType.CLOUD_WATCH_LOGS,logGroup,iamRole})}static toS3(bucket,keyPrefix,options){try{jsiiDeprecationWarnings.aws_cdk_lib_aws_s3_IBucket(bucket),jsiiDeprecationWarnings.aws_cdk_lib_aws_ec2_S3DestinationOptions(options)}catch(error){throw process.env.JSII_DEBUG!=="1"&&error.name==="DeprecationError"&&Error.captureStackTrace(error,this.toS3),error}return new S3Destination({logDestinationType:FlowLogDestinationType.S3,s3Bucket:bucket,keyPrefix,destinationOptions:options})}}exports.FlowLogDestination=FlowLogDestination,_b=JSII_RTTI_SYMBOL_1,FlowLogDestination[_b]={fqn:"aws-cdk-lib.aws_ec2.FlowLogDestination",version:"2.52.1"};class S3Destination extends FlowLogDestination{constructor(props){super(),this.props=props}bind(scope,_flowLog){let s3Bucket;if(this.props.s3Bucket===void 0?s3Bucket=new s3.Bucket(scope,"Bucket",{encryption:s3.BucketEncryption.UNENCRYPTED,removalPolicy:core_1.RemovalPolicy.RETAIN}):s3Bucket=this.props.s3Bucket,core_1.FeatureFlags.of(scope).isEnabled(cx_api_1.S3_CREATE_DEFAULT_LOGGING_POLICY)){const stack=core_1.Stack.of(scope);let keyPrefix=this.props.keyPrefix??"";keyPrefix&&!keyPrefix.endsWith("/")&&(keyPrefix=keyPrefix+"/");const prefix=this.props.destinationOptions?.hiveCompatiblePartitions?s3Bucket.arnForObjects(`${keyPrefix}AWSLogs/aws-account-id=${stack.account}/*`):s3Bucket.arnForObjects(`${keyPrefix}AWSLogs/${stack.account}/*`);s3Bucket.addToResourcePolicy(new iam.PolicyStatement({effect:iam.Effect.ALLOW,principals:[new iam.ServicePrincipal("delivery.logs.amazonaws.com")],resources:[prefix],actions:["s3:PutObject"],conditions:{StringEquals:{"s3:x-amz-acl":"bucket-owner-full-control","aws:SourceAccount":stack.account},ArnLike:{"aws:SourceArn":stack.formatArn({service:"logs",resource:"*"})}}})),s3Bucket.addToResourcePolicy(new iam.PolicyStatement({effect:iam.Effect.ALLOW,principals:[new iam.ServicePrincipal("delivery.logs.amazonaws.com")],resources:[s3Bucket.bucketArn],actions:["s3:GetBucketAcl","s3:ListBucket"],conditions:{StringEquals:{"aws:SourceAccount":stack.account},ArnLike:{"aws:SourceArn":stack.formatArn({service:"logs",resource:"*"})}}}))}return{logDestinationType:FlowLogDestinationType.S3,s3Bucket,keyPrefix:this.props.keyPrefix,destinationOptions:this.props.destinationOptions?.fileFormat||this.props.destinationOptions?.perHourPartition||this.props.destinationOptions?.hiveCompatiblePartitions?{fileFormat:this.props.destinationOptions.fileFormat??FlowLogFileFormat.PLAIN_TEXT,perHourPartition:this.props.destinationOptions.perHourPartition??!1,hiveCompatiblePartitions:this.props.destinationOptions.hiveCompatiblePartitions??!1}:void 0}}}class CloudWatchLogsDestination extends FlowLogDestination{constructor(props){super(),this.props=props}bind(scope,_flowLog){let iamRole,logGroup;return this.props.iamRole===void 0?iamRole=new iam.Role(scope,"IAMRole",{roleName:core_1.PhysicalName.GENERATE_IF_NEEDED,assumedBy:new iam.ServicePrincipal("vpc-flow-logs.amazonaws.com")}):iamRole=this.props.iamRole,this.props.logGroup===void 0?logGroup=new logs.LogGroup(scope,"LogGroup"):logGroup=this.props.logGroup,iamRole.addToPrincipalPolicy(new iam.PolicyStatement({actions:["logs:CreateLogStream","logs:PutLogEvents","logs:DescribeLogStreams"],effect:iam.Effect.ALLOW,resources:[logGroup.logGroupArn]})),iamRole.addToPrincipalPolicy(new iam.PolicyStatement({actions:["iam:PassRole"],effect:iam.Effect.ALLOW,resources:[iamRole.roleArn]})),{logDestinationType:FlowLogDestinationType.CLOUD_WATCH_LOGS,logGroup,iamRole}}}var FlowLogMaxAggregationInterval;(function(FlowLogMaxAggregationInterval2){FlowLogMaxAggregationInterval2[FlowLogMaxAggregationInterval2.ONE_MINUTE=60]="ONE_MINUTE",FlowLogMaxAggregationInterval2[FlowLogMaxAggregationInterval2.TEN_MINUTES=600]="TEN_MINUTES"})(FlowLogMaxAggregationInterval=exports.FlowLogMaxAggregationInterval||(exports.FlowLogMaxAggregationInterval={}));class LogFormat{constructor(value){this.value=value}static custom(formatString){return new LogFormat(formatString)}static field(field){return new LogFormat(`\${${field}}`)}}exports.LogFormat=LogFormat,_c=JSII_RTTI_SYMBOL_1,LogFormat[_c]={fqn:"aws-cdk-lib.aws_ec2.LogFormat",version:"2.52.1"},LogFormat.VERSION=new LogFormat("${version}"),LogFormat.ACCOUNT_ID=new LogFormat("${account-id}"),LogFormat.INTERFACE_ID=new LogFormat("${interface-id"),LogFormat.SRC_ADDR=new LogFormat("${srcaddr}"),LogFormat.DST_ADDR=new LogFormat("${dstaddr}"),LogFormat.SRC_PORT=new LogFormat("${srcport}"),LogFormat.DST_PORT=new LogFormat("${dstport}"),LogFormat.PROTOCOL=new LogFormat("${protocol}"),LogFormat.PACKETS=new LogFormat("${packets}"),LogFormat.BYTES=new LogFormat("${bytes}"),LogFormat.PKT_SRC_ADDR=new LogFormat("${pkt-srcaddr}"),LogFormat.PKT_DST_ADDR=new LogFormat("${pkt-dstaddr}"),LogFormat.REGION=new LogFormat("${region}"),LogFormat.AZ_ID=new LogFormat("${az-id}"),LogFormat.SUBLOCATION_TYPE=new LogFormat("${sublocation-type}"),LogFormat.SUBLOCATION_ID=new LogFormat("${sublocation-id}"),LogFormat.PKT_SRC_AWS_SERVICE=new LogFormat("${pkt-src-aws-service}"),LogFormat.PKT_DST_AWS_SERVICE=new LogFormat("${pkt-dst-aws-service}"),LogFormat.FLOW_DIRECTION=new LogFormat("${flow-direction}"),LogFormat.TRAFFIC_PATH=new LogFormat("${traffic-path}"),LogFormat.ALL_DEFAULT_FIELDS=new LogFormat("${version} ${account-id} ${interface-id} ${srcaddr} ${dstaddr} ${srcport} ${dstport} ${protocol} ${packets} ${bytes} ${start} ${end} ${action} ${log-status}");class FlowLogBase extends core_1.Resource{}class FlowLog extends FlowLogBase{constructor(scope,id,props){super(scope,id,{physicalName:props.flowLogName});try{jsiiDeprecationWarnings.aws_cdk_lib_aws_ec2_FlowLogProps(props)}catch(error){throw process.env.JSII_DEBUG!=="1"&&error.name==="DeprecationError"&&Error.captureStackTrace(error,FlowLog),error}const destinationConfig=(props.destination||FlowLogDestination.toCloudWatchLogs()).bind(this,this);this.logGroup=destinationConfig.logGroup,this.bucket=destinationConfig.s3Bucket,this.iamRole=destinationConfig.iamRole,this.keyPrefix=destinationConfig.keyPrefix;let logDestination;this.bucket&&(logDestination=this.keyPrefix?this.bucket.arnForObjects(this.keyPrefix):this.bucket.bucketArn);let customLogFormat;props.logFormat&&(customLogFormat=props.logFormat.map(elm=>elm.value).join(" "));const flowLog=new ec2_generated_1.CfnFlowLog(this,"FlowLog",{destinationOptions:destinationConfig.destinationOptions,deliverLogsPermissionArn:this.iamRole?this.iamRole.roleArn:void 0,logDestinationType:destinationConfig.logDestinationType,logGroupName:this.logGroup?this.logGroup.logGroupName:void 0,maxAggregationInterval:props.maxAggregationInterval,resourceId:props.resourceType.resourceId,resourceType:props.resourceType.resourceType,trafficType:props.trafficType?props.trafficType:FlowLogTrafficType.ALL,logFormat:customLogFormat,logDestination});this.flowLogId=flowLog.ref,this.node.defaultChild=flowLog}static fromFlowLogId(scope,id,flowLogId){class Import extends FlowLogBase{constructor(){super(...arguments),this.flowLogId=flowLogId}}return new Import(scope,id)}}exports.FlowLog=FlowLog,_d=JSII_RTTI_SYMBOL_1,FlowLog[_d]={fqn:"aws-cdk-lib.aws_ec2.FlowLog",version:"2.52.1"};
 //# sourceMappingURL=vpc-flow-logs.js.map

package/aws-ec2/lib/vpc.js

@@ -1,2 +1,2 @@
-"use strict";var _a,_b,_c,_d;Object.defineProperty(exports,"__esModule",{value:!0}),exports.PrivateSubnet=exports.PublicSubnet=exports.RouterType=exports.Subnet=exports.Vpc=exports.DefaultInstanceTenancy=exports.SubnetType=void 0;const jsiiDeprecationWarnings=require("../../.warnings.jsii.js"),JSII_RTTI_SYMBOL_1=Symbol.for("jsii.rtti"),cxschema=require("../../cloud-assembly-schema"),core_1=require("../../core"),cxapi=require("../../cx-api"),constructs_1=require("constructs"),client_vpn_endpoint_1=require("./client-vpn-endpoint"),ec2_generated_1=require("./ec2.generated"),ip_addresses_1=require("./ip-addresses"),nat_1=require("./nat"),network_acl_1=require("./network-acl"),subnet_1=require("./subnet"),util_1=require("./util"),vpc_endpoint_1=require("./vpc-endpoint"),vpc_flow_logs_1=require("./vpc-flow-logs"),vpn_1=require("./vpn"),VPC_SUBNET_SYMBOL=Symbol.for("@aws-cdk/aws-ec2.VpcSubnet"),FAKE_AZ_NAME="fake-az";var SubnetType;(function(SubnetType2){SubnetType2.PRIVATE_ISOLATED="Isolated",SubnetType2.ISOLATED="Deprecated_Isolated",SubnetType2.PRIVATE_WITH_EGRESS="Private",SubnetType2.PRIVATE_WITH_NAT="Deprecated_Private_NAT",SubnetType2.PRIVATE="Deprecated_Private",SubnetType2.PUBLIC="Public"})(SubnetType=exports.SubnetType||(exports.SubnetType={}));class VpcBase extends core_1.Resource{constructor(){super(...arguments),this.natDependencies=new Array,this.incompleteSubnetDefinition=!1}selectSubnets(selection={}){const subnets=this.selectSubnetObjects(selection),pubs=new Set(this.publicSubnets);return{subnetIds:subnets.map(s=>s.subnetId),get availabilityZones(){return subnets.map(s=>s.availabilityZone)},internetConnectivityEstablished:tap(new CompositeDependable,d=>subnets.forEach(s=>d.add(s.internetConnectivityEstablished))),subnets,hasPublic:subnets.some(s=>pubs.has(s)),isPendingLookup:this.incompleteSubnetDefinition}}enableVpnGateway(options){if(this.vpnGatewayId)throw new Error("The VPN Gateway has already been enabled.");const vpnGateway=new vpn_1.VpnGateway(this,"VpnGateway",{amazonSideAsn:options.amazonSideAsn,type:vpn_1.VpnConnectionType.IPSEC_1});this._vpnGatewayId=vpnGateway.gatewayId;const attachment=new ec2_generated_1.CfnVPCGatewayAttachment(this,"VPCVPNGW",{vpcId:this.vpcId,vpnGatewayId:this._vpnGatewayId}),vpnRoutePropagation=options.vpnRoutePropagation??[{}],routeTableIds=util_1.allRouteTableIds(util_1.flatten(vpnRoutePropagation.map(s=>this.selectSubnets(s).subnets)));routeTableIds.length===0&&core_1.Annotations.of(this).addError(`enableVpnGateway: no subnets matching selection: '${JSON.stringify(vpnRoutePropagation)}'. Select other subnets to add routes to.`),new ec2_generated_1.CfnVPNGatewayRoutePropagation(this,"RoutePropagation",{routeTableIds,vpnGatewayId:this._vpnGatewayId}).node.addDependency(attachment)}addVpnConnection(id,options){return new vpn_1.VpnConnection(this,id,{vpc:this,...options})}addClientVpnEndpoint(id,options){return new client_vpn_endpoint_1.ClientVpnEndpoint(this,id,{...options,vpc:this})}addInterfaceEndpoint(id,options){return new vpc_endpoint_1.InterfaceVpcEndpoint(this,id,{vpc:this,...options})}addGatewayEndpoint(id,options){return new vpc_endpoint_1.GatewayVpcEndpoint(this,id,{vpc:this,...options})}addFlowLog(id,options){return new vpc_flow_logs_1.FlowLog(this,id,{resourceType:vpc_flow_logs_1.FlowLogResourceType.fromVpc(this),...options})}get vpnGatewayId(){return this._vpnGatewayId}selectSubnetObjects(selection={}){if(selection=this.reifySelectionDefaults(selection),selection.subnets!==void 0)return selection.subnets;let subnets;if(selection.subnetGroupName!==void 0)subnets=this.selectSubnetObjectsByName(selection.subnetGroupName);else{const type=selection.subnetType||SubnetType.PRIVATE_WITH_EGRESS;subnets=this.selectSubnetObjectsByType(type)}return subnets=this.applySubnetFilters(subnets,selection.subnetFilters??[]),subnets}applySubnetFilters(subnets,filters){let filtered=subnets;for(const filter of filters)filtered=filter.selectSubnets(filtered);return filtered}selectSubnetObjectsByName(groupName){const allSubnets=[...this.publicSubnets,...this.privateSubnets,...this.isolatedSubnets],subnets=allSubnets.filter(s=>util_1.subnetGroupNameFromConstructId(s)===groupName);if(subnets.length===0&&!this.incompleteSubnetDefinition){const names=Array.from(new Set(allSubnets.map(util_1.subnetGroupNameFromConstructId)));throw new Error(`There are no subnet groups with name '${groupName}' in this VPC. Available names: ${names}`)}return subnets}selectSubnetObjectsByType(subnetType){const allSubnets={[SubnetType.PRIVATE_ISOLATED]:this.isolatedSubnets,[SubnetType.ISOLATED]:this.isolatedSubnets,[SubnetType.PRIVATE_WITH_NAT]:this.privateSubnets,[SubnetType.PRIVATE_WITH_EGRESS]:this.privateSubnets,[SubnetType.PRIVATE]:this.privateSubnets,[SubnetType.PUBLIC]:this.publicSubnets},subnets=allSubnets[subnetType];if(subnets.length===0&&!this.incompleteSubnetDefinition){const availableTypes=Object.entries(allSubnets).filter(([_,subs])=>subs.length>0).map(([typeName,_])=>typeName);throw new Error(`There are no '${subnetType}' subnet groups in this VPC. Available types: ${availableTypes}`)}return subnets}reifySelectionDefaults(placement){if(placement.subnetName!==void 0){if(placement.subnetGroupName!==void 0)throw new Error("Please use only 'subnetGroupName' ('subnetName' is deprecated and has the same behavior)");core_1.Annotations.of(this).addWarning("Usage of 'subnetName' in SubnetSelection is deprecated, use 'subnetGroupName' instead"),placement={...placement,subnetGroupName:placement.subnetName}}const providedSelections=["subnets","subnetType","subnetGroupName"].filter(key=>placement[key]!==void 0);if(providedSelections.length>1)throw new Error(`Only one of '${providedSelections}' can be supplied to subnet selection.`);if(placement.subnetType===void 0&&placement.subnetGroupName===void 0&&placement.subnets===void 0){let subnetType=this.privateSubnets.length?SubnetType.PRIVATE_WITH_EGRESS:this.isolatedSubnets.length?SubnetType.PRIVATE_ISOLATED:SubnetType.PUBLIC;placement={...placement,subnetType}}let subnetFilters=placement.subnetFilters??[];placement.availabilityZones!==void 0&&subnetFilters.push(subnet_1.SubnetFilter.availabilityZones(placement.availabilityZones)),placement.onePerAz&&subnetFilters.push(subnet_1.SubnetFilter.onePerAz()),placement={...placement,subnetFilters,availabilityZones:void 0,onePerAz:void 0};const{availabilityZones,onePerAz,...rest}=placement;return rest}}const NAME_TAG="Name";var DefaultInstanceTenancy;(function(DefaultInstanceTenancy2){DefaultInstanceTenancy2.DEFAULT="default",DefaultInstanceTenancy2.DEDICATED="dedicated"})(DefaultInstanceTenancy=exports.DefaultInstanceTenancy||(exports.DefaultInstanceTenancy={}));class Vpc extends VpcBase{constructor(scope,id,props={}){super(scope,id),this.publicSubnets=[],this.privateSubnets=[],this.isolatedSubnets=[],this.subnetConfiguration=[],this._internetConnectivityEstablished=new constructs_1.DependencyGroup;try{jsiiDeprecationWarnings.aws_cdk_lib_aws_ec2_VpcProps(props)}catch(error){throw process.env.JSII_DEBUG!=="1"&&error.name==="DeprecationError"&&Error.captureStackTrace(error,Vpc),error}const stack=core_1.Stack.of(this);if(props.enableDnsHostnames&&!props.enableDnsSupport)throw new Error("To use DNS Hostnames, DNS Support must be enabled, however, it was explicitly disabled.");if(props.availabilityZones&&props.maxAzs)throw new Error("Vpc supports 'availabilityZones' or 'maxAzs', but not both.");const cidrBlock=ifUndefined(props.cidr,Vpc.DEFAULT_CIDR_RANGE);if(core_1.Token.isUnresolved(cidrBlock))throw new Error("'cidr' property must be a concrete CIDR string, got a Token (we need to parse it for automatic subdivision)");if(props.ipAddresses&&props.cidr)throw new Error("supply at most one of ipAddresses or cidr");this.ipAddresses=props.ipAddresses??ip_addresses_1.IpAddresses.cidr(cidrBlock),this.dnsHostnamesEnabled=props.enableDnsHostnames==null?!0:props.enableDnsHostnames,this.dnsSupportEnabled=props.enableDnsSupport==null?!0:props.enableDnsSupport;const instanceTenancy=props.defaultInstanceTenancy||"default";this.internetConnectivityEstablished=this._internetConnectivityEstablished;const vpcIpAddressOptions=this.ipAddresses.allocateVpcCidr();if(this.resource=new ec2_generated_1.CfnVPC(this,"Resource",{cidrBlock:vpcIpAddressOptions.cidrBlock,ipv4IpamPoolId:vpcIpAddressOptions.ipv4IpamPoolId,ipv4NetmaskLength:vpcIpAddressOptions.ipv4NetmaskLength,enableDnsHostnames:this.dnsHostnamesEnabled,enableDnsSupport:this.dnsSupportEnabled,instanceTenancy}),this.vpcDefaultNetworkAcl=this.resource.attrDefaultNetworkAcl,this.vpcCidrBlockAssociations=this.resource.attrCidrBlockAssociations,this.vpcCidrBlock=this.resource.attrCidrBlock,this.vpcDefaultSecurityGroup=this.resource.attrDefaultSecurityGroup,this.vpcIpv6CidrBlocks=this.resource.attrIpv6CidrBlocks,core_1.Tags.of(this).add(NAME_TAG,props.vpcName||this.node.path),props.availabilityZones){const resolvedStackAzs=stack.availabilityZones.filter(az=>!core_1.Token.isUnresolved(az));if(!(resolvedStackAzs.length===0||props.availabilityZones.every(az=>core_1.Token.isUnresolved(az)||resolvedStackAzs.includes(az))))throw new Error(`Given VPC 'availabilityZones' ${props.availabilityZones} must be a subset of the stack's availability zones ${stack.availabilityZones}`);this.availabilityZones=props.availabilityZones}else{const maxAZs=props.maxAzs??3;this.availabilityZones=stack.availabilityZones.slice(0,maxAZs)}for(let i=0;props.reservedAzs&&i<props.reservedAzs;i++)this.availabilityZones.push(FAKE_AZ_NAME);this.vpcId=this.resource.ref,this.vpcArn=core_1.Arn.format({service:"ec2",resource:"vpc",resourceName:this.vpcId},stack);const defaultSubnet=props.natGateways===0?Vpc.DEFAULT_SUBNETS_NO_NAT:Vpc.DEFAULT_SUBNETS;this.subnetConfiguration=ifUndefined(props.subnetConfiguration,defaultSubnet);const natGatewayPlacement=props.natGatewaySubnets||{subnetType:SubnetType.PUBLIC},natGatewayCount=determineNatGatewayCount(props.natGateways,this.subnetConfiguration,this.availabilityZones.length);if(this.createSubnets(),this.subnetConfiguration.filter(subnet=>subnet.subnetType!==SubnetType.PRIVATE_ISOLATED&&subnet.subnetType!==SubnetType.ISOLATED).length>0){const igw=new ec2_generated_1.CfnInternetGateway(this,"IGW",{});this.internetGatewayId=igw.ref,this._internetConnectivityEstablished.add(igw);const att=new ec2_generated_1.CfnVPCGatewayAttachment(this,"VPCGW",{internetGatewayId:igw.ref,vpcId:this.resource.ref});if(this.publicSubnets.forEach(publicSubnet=>{publicSubnet.addDefaultInternetRoute(igw.ref,att)}),natGatewayCount>0){const provider=props.natGatewayProvider||nat_1.NatProvider.gateway();this.createNatGateways(provider,natGatewayCount,natGatewayPlacement)}}if(props.vpnGateway&&this.publicSubnets.length===0&&this.privateSubnets.length===0&&this.isolatedSubnets.length===0)throw new Error("Can not enable the VPN gateway while the VPC has no subnets at all");if((props.vpnConnections||props.vpnGatewayAsn)&&props.vpnGateway===!1)throw new Error("Cannot specify `vpnConnections` or `vpnGatewayAsn` when `vpnGateway` is set to false.");if(props.vpnGateway||props.vpnConnections||props.vpnGatewayAsn){this.enableVpnGateway({amazonSideAsn:props.vpnGatewayAsn,type:vpn_1.VpnConnectionType.IPSEC_1,vpnRoutePropagation:props.vpnRoutePropagation});const vpnConnections=props.vpnConnections||{};for(const[connectionId,connection]of Object.entries(vpnConnections))this.addVpnConnection(connectionId,connection)}if(props.gatewayEndpoints){const gatewayEndpoints=props.gatewayEndpoints||{};for(const[endpointId,endpoint]of Object.entries(gatewayEndpoints))this.addGatewayEndpoint(endpointId,endpoint)}if(props.flowLogs){const flowLogs=props.flowLogs||{};for(const[flowLogId,flowLog]of Object.entries(flowLogs))this.addFlowLog(flowLogId,flowLog)}}static fromVpcAttributes(scope,id,attrs){try{jsiiDeprecationWarnings.aws_cdk_lib_aws_ec2_VpcAttributes(attrs)}catch(error){throw process.env.JSII_DEBUG!=="1"&&error.name==="DeprecationError"&&Error.captureStackTrace(error,this.fromVpcAttributes),error}return new ImportedVpc(scope,id,attrs,!1)}static fromLookup(scope,id,options){try{jsiiDeprecationWarnings.aws_cdk_lib_aws_ec2_VpcLookupOptions(options)}catch(error){throw process.env.JSII_DEBUG!=="1"&&error.name==="DeprecationError"&&Error.captureStackTrace(error,this.fromLookup),error}if(core_1.Token.isUnresolved(options.vpcId)||core_1.Token.isUnresolved(options.vpcName)||Object.values(options.tags||{}).some(core_1.Token.isUnresolved)||Object.keys(options.tags||{}).some(core_1.Token.isUnresolved))throw new Error("All arguments to Vpc.fromLookup() must be concrete (no Tokens)");const filter=makeTagFilter(options.tags);options.vpcId&&(filter["vpc-id"]=options.vpcId),options.vpcName&&(filter["tag:Name"]=options.vpcName),options.isDefault!==void 0&&(filter.isDefault=options.isDefault?"true":"false");const overrides={};options.region&&(overrides.region=options.region);const attributes=core_1.ContextProvider.getValue(scope,{provider:cxschema.ContextProvider.VPC_PROVIDER,props:{...overrides,filter,returnAsymmetricSubnets:!0,subnetGroupNameTag:options.subnetGroupNameTag},dummyValue:void 0}).value;return new LookedUpVpc(scope,id,attributes??DUMMY_VPC_PROPS,attributes===void 0);function makeTagFilter(tags){const result={};for(const[name,value]of Object.entries(tags||{}))result[`tag:${name}`]=value;return result}}addS3Endpoint(id,subnets){return new vpc_endpoint_1.GatewayVpcEndpoint(this,id,{service:vpc_endpoint_1.GatewayVpcEndpointAwsService.S3,vpc:this,subnets})}addDynamoDbEndpoint(id,subnets){return new vpc_endpoint_1.GatewayVpcEndpoint(this,id,{service:vpc_endpoint_1.GatewayVpcEndpointAwsService.DYNAMODB,vpc:this,subnets})}createNatGateways(provider,natCount,placement){const natSubnets=this.selectSubnetObjects(placement);for(const sub of natSubnets)if(this.publicSubnets.indexOf(sub)===-1)throw new Error(`natGatewayPlacement ${placement} contains non public subnet ${sub}`);provider.configureNat({vpc:this,natSubnets:natSubnets.slice(0,natCount),privateSubnets:this.privateSubnets})}createSubnets(){const requestedSubnets=[];this.subnetConfiguration.forEach(configuration=>this.availabilityZones.forEach((az,index)=>{requestedSubnets.push({availabilityZone:az,subnetConstructId:util_1.subnetId(configuration.name,index),configuration})}));const{allocatedSubnets}=this.ipAddresses.allocateSubnetsCidr({vpcCidr:this.vpcCidrBlock,requestedSubnets});if(allocatedSubnets.length!=requestedSubnets.length)throw new Error("Incomplete Subnet Allocation; response array dose not equal input array");this.createSubnetResources(requestedSubnets,allocatedSubnets)}createSubnetResources(requestedSubnets,allocatedSubnets){allocatedSubnets.forEach((allocated,i)=>{const{configuration:subnetConfig,subnetConstructId,availabilityZone}=requestedSubnets[i];if(subnetConfig.reserved===!0||availabilityZone===FAKE_AZ_NAME)return;let mapPublicIpOnLaunch=!1;if(subnetConfig.subnetType!==SubnetType.PUBLIC&&subnetConfig.mapPublicIpOnLaunch!==void 0)throw new Error(`${subnetConfig.subnetType} subnet cannot include mapPublicIpOnLaunch parameter`);subnetConfig.subnetType===SubnetType.PUBLIC&&(mapPublicIpOnLaunch=subnetConfig.mapPublicIpOnLaunch!==void 0?subnetConfig.mapPublicIpOnLaunch:!0);const subnetProps={availabilityZone,vpcId:this.vpcId,cidrBlock:allocated.cidr,mapPublicIpOnLaunch};let subnet;switch(subnetConfig.subnetType){case SubnetType.PUBLIC:const publicSubnet=new PublicSubnet(this,subnetConstructId,subnetProps);this.publicSubnets.push(publicSubnet),subnet=publicSubnet;break;case SubnetType.PRIVATE_WITH_EGRESS:case SubnetType.PRIVATE_WITH_NAT:case SubnetType.PRIVATE:const privateSubnet=new PrivateSubnet(this,subnetConstructId,subnetProps);this.privateSubnets.push(privateSubnet),subnet=privateSubnet;break;case SubnetType.PRIVATE_ISOLATED:case SubnetType.ISOLATED:const isolatedSubnet=new PrivateSubnet(this,subnetConstructId,subnetProps);this.isolatedSubnets.push(isolatedSubnet),subnet=isolatedSubnet;break;default:throw new Error(`Unrecognized subnet type: ${subnetConfig.subnetType}`)}const includeResourceTypes=[ec2_generated_1.CfnSubnet.CFN_RESOURCE_TYPE_NAME];core_1.Tags.of(subnet).add(SUBNETNAME_TAG,subnetConfig.name,{includeResourceTypes}),core_1.Tags.of(subnet).add(SUBNETTYPE_TAG,subnetTypeTagValue(subnetConfig.subnetType),{includeResourceTypes})})}}exports.Vpc=Vpc,_a=JSII_RTTI_SYMBOL_1,Vpc[_a]={fqn:"aws-cdk-lib.aws_ec2.Vpc",version:"2.52.0"},Vpc.DEFAULT_CIDR_RANGE="10.0.0.0/16",Vpc.DEFAULT_SUBNETS=[{subnetType:SubnetType.PUBLIC,name:util_1.defaultSubnetName(SubnetType.PUBLIC)},{subnetType:SubnetType.PRIVATE_WITH_EGRESS,name:util_1.defaultSubnetName(SubnetType.PRIVATE_WITH_EGRESS)}],Vpc.DEFAULT_SUBNETS_NO_NAT=[{subnetType:SubnetType.PUBLIC,name:util_1.defaultSubnetName(SubnetType.PUBLIC)},{subnetType:SubnetType.PRIVATE_ISOLATED,name:util_1.defaultSubnetName(SubnetType.PRIVATE_ISOLATED)}];const SUBNETTYPE_TAG="aws-cdk:subnet-type",SUBNETNAME_TAG="aws-cdk:subnet-name";function subnetTypeTagValue(type){switch(type){case SubnetType.PUBLIC:return"Public";case SubnetType.PRIVATE_WITH_EGRESS:case SubnetType.PRIVATE_WITH_NAT:case SubnetType.PRIVATE:return"Private";case SubnetType.PRIVATE_ISOLATED:case SubnetType.ISOLATED:return"Isolated"}}class Subnet extends core_1.Resource{constructor(scope,id,props){super(scope,id),this.dependencyElements=[],this._internetConnectivityEstablished=new constructs_1.DependencyGroup;try{jsiiDeprecationWarnings.aws_cdk_lib_aws_ec2_SubnetProps(props)}catch(error){throw process.env.JSII_DEBUG!=="1"&&error.name==="DeprecationError"&&Error.captureStackTrace(error,Subnet),error}Object.defineProperty(this,VPC_SUBNET_SYMBOL,{value:!0}),core_1.Tags.of(this).add(NAME_TAG,this.node.path),this.availabilityZone=props.availabilityZone,this.ipv4CidrBlock=props.cidrBlock;const subnet=new ec2_generated_1.CfnSubnet(this,"Subnet",{vpcId:props.vpcId,cidrBlock:props.cidrBlock,availabilityZone:props.availabilityZone,mapPublicIpOnLaunch:props.mapPublicIpOnLaunch});this.subnetId=subnet.ref,this.subnetVpcId=subnet.attrVpcId,this.subnetAvailabilityZone=subnet.attrAvailabilityZone,this.subnetIpv6CidrBlocks=subnet.attrIpv6CidrBlocks,this.subnetOutpostArn=subnet.attrOutpostArn,this._networkAcl=network_acl_1.NetworkAcl.fromNetworkAclId(this,"Acl",subnet.attrNetworkAclAssociationId),this.subnetNetworkAclAssociationId=core_1.Lazy.string({produce:()=>this._networkAcl.networkAclId}),this.node.defaultChild=subnet;const table=new ec2_generated_1.CfnRouteTable(this,"RouteTable",{vpcId:props.vpcId});this.routeTable={routeTableId:table.ref};const routeAssoc=new ec2_generated_1.CfnSubnetRouteTableAssociation(this,"RouteTableAssociation",{subnetId:this.subnetId,routeTableId:table.ref});this._internetConnectivityEstablished.add(routeAssoc),this.internetConnectivityEstablished=this._internetConnectivityEstablished}static isVpcSubnet(x){return VPC_SUBNET_SYMBOL in x}static fromSubnetAttributes(scope,id,attrs){try{jsiiDeprecationWarnings.aws_cdk_lib_aws_ec2_SubnetAttributes(attrs)}catch(error){throw process.env.JSII_DEBUG!=="1"&&error.name==="DeprecationError"&&Error.captureStackTrace(error,this.fromSubnetAttributes),error}return new ImportedSubnet(scope,id,attrs)}static fromSubnetId(scope,id,subnetId){return this.fromSubnetAttributes(scope,id,{subnetId})}addDefaultInternetRoute(gatewayId,gatewayAttachment){const route=new ec2_generated_1.CfnRoute(this,"DefaultRoute",{routeTableId:this.routeTable.routeTableId,destinationCidrBlock:"0.0.0.0/0",gatewayId});route.node.addDependency(gatewayAttachment),this._internetConnectivityEstablished.add(route)}get networkAcl(){return this._networkAcl}addDefaultNatRoute(natGatewayId){this.addRoute("DefaultRoute",{routerType:RouterType.NAT_GATEWAY,routerId:natGatewayId,enablesInternetConnectivity:!0})}addRoute(id,options){try{jsiiDeprecationWarnings.aws_cdk_lib_aws_ec2_AddRouteOptions(options)}catch(error){throw process.env.JSII_DEBUG!=="1"&&error.name==="DeprecationError"&&Error.captureStackTrace(error,this.addRoute),error}if(options.destinationCidrBlock&&options.destinationIpv6CidrBlock)throw new Error("Cannot specify both 'destinationCidrBlock' and 'destinationIpv6CidrBlock'");const route=new ec2_generated_1.CfnRoute(this,id,{routeTableId:this.routeTable.routeTableId,destinationCidrBlock:options.destinationCidrBlock||(options.destinationIpv6CidrBlock===void 0?"0.0.0.0/0":void 0),destinationIpv6CidrBlock:options.destinationIpv6CidrBlock,[routerTypeToPropName(options.routerType)]:options.routerId});options.enablesInternetConnectivity&&this._internetConnectivityEstablished.add(route)}associateNetworkAcl(id,networkAcl){try{jsiiDeprecationWarnings.aws_cdk_lib_aws_ec2_INetworkAcl(networkAcl)}catch(error){throw process.env.JSII_DEBUG!=="1"&&error.name==="DeprecationError"&&Error.captureStackTrace(error,this.associateNetworkAcl),error}this._networkAcl=networkAcl;const scope=networkAcl instanceof constructs_1.Construct?networkAcl:this,other=networkAcl instanceof constructs_1.Construct?this:networkAcl;new network_acl_1.SubnetNetworkAclAssociation(scope,id+core_1.Names.nodeUniqueId(other.node),{networkAcl,subnet:this})}}exports.Subnet=Subnet,_b=JSII_RTTI_SYMBOL_1,Subnet[_b]={fqn:"aws-cdk-lib.aws_ec2.Subnet",version:"2.52.0"};var RouterType;(function(RouterType2){RouterType2.CARRIER_GATEWAY="CarrierGateway",RouterType2.EGRESS_ONLY_INTERNET_GATEWAY="EgressOnlyInternetGateway",RouterType2.GATEWAY="Gateway",RouterType2.INSTANCE="Instance",RouterType2.LOCAL_GATEWAY="LocalGateway",RouterType2.NAT_GATEWAY="NatGateway",RouterType2.NETWORK_INTERFACE="NetworkInterface",RouterType2.TRANSIT_GATEWAY="TransitGateway",RouterType2.VPC_PEERING_CONNECTION="VpcPeeringConnection",RouterType2.VPC_ENDPOINT="VpcEndpoint"})(RouterType=exports.RouterType||(exports.RouterType={}));function routerTypeToPropName(routerType){return{[RouterType.CARRIER_GATEWAY]:"carrierGatewayId",[RouterType.EGRESS_ONLY_INTERNET_GATEWAY]:"egressOnlyInternetGatewayId",[RouterType.GATEWAY]:"gatewayId",[RouterType.INSTANCE]:"instanceId",[RouterType.LOCAL_GATEWAY]:"localGatewayId",[RouterType.NAT_GATEWAY]:"natGatewayId",[RouterType.NETWORK_INTERFACE]:"networkInterfaceId",[RouterType.TRANSIT_GATEWAY]:"transitGatewayId",[RouterType.VPC_PEERING_CONNECTION]:"vpcPeeringConnectionId",[RouterType.VPC_ENDPOINT]:"vpcEndpointId"}[routerType]}class PublicSubnet extends Subnet{constructor(scope,id,props){super(scope,id,props);try{jsiiDeprecationWarnings.aws_cdk_lib_aws_ec2_PublicSubnetProps(props)}catch(error){throw process.env.JSII_DEBUG!=="1"&&error.name==="DeprecationError"&&Error.captureStackTrace(error,PublicSubnet),error}}static fromPublicSubnetAttributes(scope,id,attrs){try{jsiiDeprecationWarnings.aws_cdk_lib_aws_ec2_PublicSubnetAttributes(attrs)}catch(error){throw process.env.JSII_DEBUG!=="1"&&error.name==="DeprecationError"&&Error.captureStackTrace(error,this.fromPublicSubnetAttributes),error}return new ImportedSubnet(scope,id,attrs)}addNatGateway(eipAllocationId){const ngw=new ec2_generated_1.CfnNatGateway(this,"NATGateway",{subnetId:this.subnetId,allocationId:eipAllocationId??new ec2_generated_1.CfnEIP(this,"EIP",{domain:"vpc"}).attrAllocationId});return ngw.node.addDependency(this.internetConnectivityEstablished),ngw}}exports.PublicSubnet=PublicSubnet,_c=JSII_RTTI_SYMBOL_1,PublicSubnet[_c]={fqn:"aws-cdk-lib.aws_ec2.PublicSubnet",version:"2.52.0"};class PrivateSubnet extends Subnet{constructor(scope,id,props){super(scope,id,props);try{jsiiDeprecationWarnings.aws_cdk_lib_aws_ec2_PrivateSubnetProps(props)}catch(error){throw process.env.JSII_DEBUG!=="1"&&error.name==="DeprecationError"&&Error.captureStackTrace(error,PrivateSubnet),error}}static fromPrivateSubnetAttributes(scope,id,attrs){try{jsiiDeprecationWarnings.aws_cdk_lib_aws_ec2_PrivateSubnetAttributes(attrs)}catch(error){throw process.env.JSII_DEBUG!=="1"&&error.name==="DeprecationError"&&Error.captureStackTrace(error,this.fromPrivateSubnetAttributes),error}return new ImportedSubnet(scope,id,attrs)}}exports.PrivateSubnet=PrivateSubnet,_d=JSII_RTTI_SYMBOL_1,PrivateSubnet[_d]={fqn:"aws-cdk-lib.aws_ec2.PrivateSubnet",version:"2.52.0"};function ifUndefined(value,defaultValue){return value??defaultValue}class ImportedVpc extends VpcBase{constructor(scope,id,props,isIncomplete){super(scope,id,{region:props.region}),this.internetConnectivityEstablished=new constructs_1.DependencyGroup,this.vpcId=props.vpcId,this.vpcArn=core_1.Arn.format({service:"ec2",resource:"vpc",resourceName:this.vpcId},core_1.Stack.of(this)),this.cidr=props.vpcCidrBlock,this.availabilityZones=props.availabilityZones,this._vpnGatewayId=props.vpnGatewayId,this.incompleteSubnetDefinition=isIncomplete;for(const k of Object.keys(props))Array.isArray(props[k])&&core_1.Token.isUnresolved(props[k])&&core_1.Annotations.of(this).addWarning(`fromVpcAttributes: '${k}' is a list token: the imported VPC will not work with constructs that require a list of subnets at synthesis time. Use 'Vpc.fromLookup()' or 'Fn.importListValue' instead.`);const pub=new util_1.ImportSubnetGroup(props.publicSubnetIds,props.publicSubnetNames,props.publicSubnetRouteTableIds,SubnetType.PUBLIC,this.availabilityZones,"publicSubnetIds","publicSubnetNames","publicSubnetRouteTableIds"),priv=new util_1.ImportSubnetGroup(props.privateSubnetIds,props.privateSubnetNames,props.privateSubnetRouteTableIds,SubnetType.PRIVATE_WITH_EGRESS,this.availabilityZones,"privateSubnetIds","privateSubnetNames","privateSubnetRouteTableIds"),iso=new util_1.ImportSubnetGroup(props.isolatedSubnetIds,props.isolatedSubnetNames,props.isolatedSubnetRouteTableIds,SubnetType.PRIVATE_ISOLATED,this.availabilityZones,"isolatedSubnetIds","isolatedSubnetNames","isolatedSubnetRouteTableIds");this.publicSubnets=pub.import(this),this.privateSubnets=priv.import(this),this.isolatedSubnets=iso.import(this)}get vpcCidrBlock(){if(this.cidr===void 0)throw new Error("Cannot perform this operation: 'vpcCidrBlock' was not supplied when creating this VPC");return this.cidr}}class LookedUpVpc extends VpcBase{constructor(scope,id,props,isIncomplete){super(scope,id,{region:props.region}),this.internetConnectivityEstablished=new constructs_1.DependencyGroup,this.vpcId=props.vpcId,this.vpcArn=core_1.Arn.format({service:"ec2",resource:"vpc",resourceName:this.vpcId},core_1.Stack.of(this)),this.cidr=props.vpcCidrBlock,this._vpnGatewayId=props.vpnGatewayId,this.incompleteSubnetDefinition=isIncomplete;const subnetGroups=props.subnetGroups||[],availabilityZones=Array.from(new Set(flatMap(subnetGroups,subnetGroup=>subnetGroup.subnets.map(subnet=>subnet.availabilityZone))));availabilityZones.sort((az1,az2)=>az1.localeCompare(az2)),this.availabilityZones=availabilityZones,this.publicSubnets=this.extractSubnetsOfType(subnetGroups,cxapi.VpcSubnetGroupType.PUBLIC),this.privateSubnets=this.extractSubnetsOfType(subnetGroups,cxapi.VpcSubnetGroupType.PRIVATE),this.isolatedSubnets=this.extractSubnetsOfType(subnetGroups,cxapi.VpcSubnetGroupType.ISOLATED)}get vpcCidrBlock(){if(this.cidr===void 0)throw new Error("Cannot perform this operation: 'vpcCidrBlock' was not found when looking up this VPC. Use a newer version of the CDK CLI and clear the old context value.");return this.cidr}extractSubnetsOfType(subnetGroups,subnetGroupType){return flatMap(subnetGroups.filter(subnetGroup=>subnetGroup.type===subnetGroupType),subnetGroup=>this.subnetGroupToSubnets(subnetGroup))}subnetGroupToSubnets(subnetGroup){const ret=new Array;for(let i=0;i<subnetGroup.subnets.length;i++){const vpcSubnet=subnetGroup.subnets[i];ret.push(Subnet.fromSubnetAttributes(this,`${subnetGroup.name}Subnet${i+1}`,{availabilityZone:vpcSubnet.availabilityZone,subnetId:vpcSubnet.subnetId,routeTableId:vpcSubnet.routeTableId,ipv4CidrBlock:vpcSubnet.cidr}))}return ret}}function flatMap(xs,fn){const ret=new Array;for(const x of xs)ret.push(...fn(x));return ret}class CompositeDependable{constructor(){this.dependables=new Array;const self=this;constructs_1.Dependable.implement(this,{get dependencyRoots(){const ret=new Array;for(const dep of self.dependables)ret.push(...constructs_1.Dependable.of(dep).dependencyRoots);return ret}})}add(dep){this.dependables.push(dep)}}function tap(x,fn){return fn(x),x}class ImportedSubnet extends core_1.Resource{constructor(scope,id,attrs){if(super(scope,id),this.internetConnectivityEstablished=new constructs_1.DependencyGroup,!attrs.routeTableId){const ref=core_1.Token.isUnresolved(attrs.subnetId)||core_1.Token.isUnresolved([attrs.subnetId])?`at '${constructs_1.Node.of(scope).path}/${id}'`:`'${attrs.subnetId}'`;core_1.Annotations.of(this).addWarning(`No routeTableId was provided to the subnet ${ref}. Attempting to read its .routeTable.routeTableId will return null/undefined. (More info: https://github.com/aws/aws-cdk/pull/3171)`)}this._ipv4CidrBlock=attrs.ipv4CidrBlock,this._availabilityZone=attrs.availabilityZone,this.subnetId=attrs.subnetId,this.routeTable={routeTableId:attrs.routeTableId}}get availabilityZone(){if(!this._availabilityZone)throw new Error("You cannot reference a Subnet's availability zone if it was not supplied. Add the availabilityZone when importing using Subnet.fromSubnetAttributes()");return this._availabilityZone}get ipv4CidrBlock(){if(!this._ipv4CidrBlock)throw new Error("You cannot reference an imported Subnet's IPv4 CIDR if it was not supplied. Add the ipv4CidrBlock when importing using Subnet.fromSubnetAttributes()");return this._ipv4CidrBlock}associateNetworkAcl(id,networkAcl){const scope=networkAcl instanceof constructs_1.Construct?networkAcl:this,other=networkAcl instanceof constructs_1.Construct?this:networkAcl;new network_acl_1.SubnetNetworkAclAssociation(scope,id+core_1.Names.nodeUniqueId(other.node),{networkAcl,subnet:this})}}function determineNatGatewayCount(requestedCount,subnetConfig,azCount){const hasPrivateSubnets=subnetConfig.some(c=>(c.subnetType===SubnetType.PRIVATE_WITH_EGRESS||c.subnetType===SubnetType.PRIVATE||c.subnetType===SubnetType.PRIVATE_WITH_NAT)&&!c.reserved),hasPublicSubnets=subnetConfig.some(c=>c.subnetType===SubnetType.PUBLIC),hasCustomEgress=subnetConfig.some(c=>c.subnetType===SubnetType.PRIVATE_WITH_EGRESS),count=requestedCount!==void 0?Math.min(requestedCount,azCount):hasPrivateSubnets?azCount:0;if(count===0&&hasPrivateSubnets&&!hasCustomEgress)throw new Error("If you do not want NAT gateways (natGateways=0), make sure you don't configure any PRIVATE(_WITH_NAT) subnets in 'subnetConfiguration' (make them PUBLIC or ISOLATED instead)");if(count>0&&!hasPublicSubnets)throw new Error(`If you configure PRIVATE subnets in 'subnetConfiguration', you must also configure PUBLIC subnets to put the NAT gateways into (got ${JSON.stringify(subnetConfig)}.`);return count}const DUMMY_VPC_PROPS={availabilityZones:[],vpcCidrBlock:"1.2.3.4/5",isolatedSubnetIds:void 0,isolatedSubnetNames:void 0,isolatedSubnetRouteTableIds:void 0,privateSubnetIds:void 0,privateSubnetNames:void 0,privateSubnetRouteTableIds:void 0,publicSubnetIds:void 0,publicSubnetNames:void 0,publicSubnetRouteTableIds:void 0,subnetGroups:[{name:"Public",type:cxapi.VpcSubnetGroupType.PUBLIC,subnets:[{availabilityZone:"dummy1a",subnetId:"s-12345",routeTableId:"rtb-12345s",cidr:"1.2.3.4/5"},{availabilityZone:"dummy1b",subnetId:"s-67890",routeTableId:"rtb-67890s",cidr:"1.2.3.4/5"}]},{name:"Private",type:cxapi.VpcSubnetGroupType.PRIVATE,subnets:[{availabilityZone:"dummy1a",subnetId:"p-12345",routeTableId:"rtb-12345p",cidr:"1.2.3.4/5"},{availabilityZone:"dummy1b",subnetId:"p-67890",routeTableId:"rtb-57890p",cidr:"1.2.3.4/5"}]},{name:"Isolated",type:cxapi.VpcSubnetGroupType.ISOLATED,subnets:[{availabilityZone:"dummy1a",subnetId:"p-12345",routeTableId:"rtb-12345p",cidr:"1.2.3.4/5"},{availabilityZone:"dummy1b",subnetId:"p-67890",routeTableId:"rtb-57890p",cidr:"1.2.3.4/5"}]}],vpcId:"vpc-12345"};
+"use strict";var _a,_b,_c,_d;Object.defineProperty(exports,"__esModule",{value:!0}),exports.PrivateSubnet=exports.PublicSubnet=exports.RouterType=exports.Subnet=exports.Vpc=exports.DefaultInstanceTenancy=exports.SubnetType=void 0;const jsiiDeprecationWarnings=require("../../.warnings.jsii.js"),JSII_RTTI_SYMBOL_1=Symbol.for("jsii.rtti"),cxschema=require("../../cloud-assembly-schema"),core_1=require("../../core"),cxapi=require("../../cx-api"),constructs_1=require("constructs"),client_vpn_endpoint_1=require("./client-vpn-endpoint"),ec2_generated_1=require("./ec2.generated"),ip_addresses_1=require("./ip-addresses"),nat_1=require("./nat"),network_acl_1=require("./network-acl"),subnet_1=require("./subnet"),util_1=require("./util"),vpc_endpoint_1=require("./vpc-endpoint"),vpc_flow_logs_1=require("./vpc-flow-logs"),vpn_1=require("./vpn"),VPC_SUBNET_SYMBOL=Symbol.for("@aws-cdk/aws-ec2.VpcSubnet"),FAKE_AZ_NAME="fake-az";var SubnetType;(function(SubnetType2){SubnetType2.PRIVATE_ISOLATED="Isolated",SubnetType2.ISOLATED="Deprecated_Isolated",SubnetType2.PRIVATE_WITH_EGRESS="Private",SubnetType2.PRIVATE_WITH_NAT="Deprecated_Private_NAT",SubnetType2.PRIVATE="Deprecated_Private",SubnetType2.PUBLIC="Public"})(SubnetType=exports.SubnetType||(exports.SubnetType={}));class VpcBase extends core_1.Resource{constructor(){super(...arguments),this.natDependencies=new Array,this.incompleteSubnetDefinition=!1}selectSubnets(selection={}){const subnets=this.selectSubnetObjects(selection),pubs=new Set(this.publicSubnets);return{subnetIds:subnets.map(s=>s.subnetId),get availabilityZones(){return subnets.map(s=>s.availabilityZone)},internetConnectivityEstablished:tap(new CompositeDependable,d=>subnets.forEach(s=>d.add(s.internetConnectivityEstablished))),subnets,hasPublic:subnets.some(s=>pubs.has(s)),isPendingLookup:this.incompleteSubnetDefinition}}enableVpnGateway(options){if(this.vpnGatewayId)throw new Error("The VPN Gateway has already been enabled.");const vpnGateway=new vpn_1.VpnGateway(this,"VpnGateway",{amazonSideAsn:options.amazonSideAsn,type:vpn_1.VpnConnectionType.IPSEC_1});this._vpnGatewayId=vpnGateway.gatewayId;const attachment=new ec2_generated_1.CfnVPCGatewayAttachment(this,"VPCVPNGW",{vpcId:this.vpcId,vpnGatewayId:this._vpnGatewayId}),vpnRoutePropagation=options.vpnRoutePropagation??[{}],routeTableIds=util_1.allRouteTableIds(util_1.flatten(vpnRoutePropagation.map(s=>this.selectSubnets(s).subnets)));routeTableIds.length===0&&core_1.Annotations.of(this).addError(`enableVpnGateway: no subnets matching selection: '${JSON.stringify(vpnRoutePropagation)}'. Select other subnets to add routes to.`),new ec2_generated_1.CfnVPNGatewayRoutePropagation(this,"RoutePropagation",{routeTableIds,vpnGatewayId:this._vpnGatewayId}).node.addDependency(attachment)}addVpnConnection(id,options){return new vpn_1.VpnConnection(this,id,{vpc:this,...options})}addClientVpnEndpoint(id,options){return new client_vpn_endpoint_1.ClientVpnEndpoint(this,id,{...options,vpc:this})}addInterfaceEndpoint(id,options){return new vpc_endpoint_1.InterfaceVpcEndpoint(this,id,{vpc:this,...options})}addGatewayEndpoint(id,options){return new vpc_endpoint_1.GatewayVpcEndpoint(this,id,{vpc:this,...options})}addFlowLog(id,options){return new vpc_flow_logs_1.FlowLog(this,id,{resourceType:vpc_flow_logs_1.FlowLogResourceType.fromVpc(this),...options})}get vpnGatewayId(){return this._vpnGatewayId}selectSubnetObjects(selection={}){if(selection=this.reifySelectionDefaults(selection),selection.subnets!==void 0)return selection.subnets;let subnets;if(selection.subnetGroupName!==void 0)subnets=this.selectSubnetObjectsByName(selection.subnetGroupName);else{const type=selection.subnetType||SubnetType.PRIVATE_WITH_EGRESS;subnets=this.selectSubnetObjectsByType(type)}return subnets=this.applySubnetFilters(subnets,selection.subnetFilters??[]),subnets}applySubnetFilters(subnets,filters){let filtered=subnets;for(const filter of filters)filtered=filter.selectSubnets(filtered);return filtered}selectSubnetObjectsByName(groupName){const allSubnets=[...this.publicSubnets,...this.privateSubnets,...this.isolatedSubnets],subnets=allSubnets.filter(s=>util_1.subnetGroupNameFromConstructId(s)===groupName);if(subnets.length===0&&!this.incompleteSubnetDefinition){const names=Array.from(new Set(allSubnets.map(util_1.subnetGroupNameFromConstructId)));throw new Error(`There are no subnet groups with name '${groupName}' in this VPC. Available names: ${names}`)}return subnets}selectSubnetObjectsByType(subnetType){const allSubnets={[SubnetType.PRIVATE_ISOLATED]:this.isolatedSubnets,[SubnetType.ISOLATED]:this.isolatedSubnets,[SubnetType.PRIVATE_WITH_NAT]:this.privateSubnets,[SubnetType.PRIVATE_WITH_EGRESS]:this.privateSubnets,[SubnetType.PRIVATE]:this.privateSubnets,[SubnetType.PUBLIC]:this.publicSubnets},subnets=allSubnets[subnetType];if(subnets.length===0&&!this.incompleteSubnetDefinition){const availableTypes=Object.entries(allSubnets).filter(([_,subs])=>subs.length>0).map(([typeName,_])=>typeName);throw new Error(`There are no '${subnetType}' subnet groups in this VPC. Available types: ${availableTypes}`)}return subnets}reifySelectionDefaults(placement){if(placement.subnetName!==void 0){if(placement.subnetGroupName!==void 0)throw new Error("Please use only 'subnetGroupName' ('subnetName' is deprecated and has the same behavior)");core_1.Annotations.of(this).addWarning("Usage of 'subnetName' in SubnetSelection is deprecated, use 'subnetGroupName' instead"),placement={...placement,subnetGroupName:placement.subnetName}}const providedSelections=["subnets","subnetType","subnetGroupName"].filter(key=>placement[key]!==void 0);if(providedSelections.length>1)throw new Error(`Only one of '${providedSelections}' can be supplied to subnet selection.`);if(placement.subnetType===void 0&&placement.subnetGroupName===void 0&&placement.subnets===void 0){let subnetType=this.privateSubnets.length?SubnetType.PRIVATE_WITH_EGRESS:this.isolatedSubnets.length?SubnetType.PRIVATE_ISOLATED:SubnetType.PUBLIC;placement={...placement,subnetType}}let subnetFilters=placement.subnetFilters??[];placement.availabilityZones!==void 0&&subnetFilters.push(subnet_1.SubnetFilter.availabilityZones(placement.availabilityZones)),placement.onePerAz&&subnetFilters.push(subnet_1.SubnetFilter.onePerAz()),placement={...placement,subnetFilters,availabilityZones:void 0,onePerAz:void 0};const{availabilityZones,onePerAz,...rest}=placement;return rest}}const NAME_TAG="Name";var DefaultInstanceTenancy;(function(DefaultInstanceTenancy2){DefaultInstanceTenancy2.DEFAULT="default",DefaultInstanceTenancy2.DEDICATED="dedicated"})(DefaultInstanceTenancy=exports.DefaultInstanceTenancy||(exports.DefaultInstanceTenancy={}));class Vpc extends VpcBase{constructor(scope,id,props={}){super(scope,id),this.publicSubnets=[],this.privateSubnets=[],this.isolatedSubnets=[],this.subnetConfiguration=[],this._internetConnectivityEstablished=new constructs_1.DependencyGroup;try{jsiiDeprecationWarnings.aws_cdk_lib_aws_ec2_VpcProps(props)}catch(error){throw process.env.JSII_DEBUG!=="1"&&error.name==="DeprecationError"&&Error.captureStackTrace(error,Vpc),error}const stack=core_1.Stack.of(this);if(props.enableDnsHostnames&&!props.enableDnsSupport)throw new Error("To use DNS Hostnames, DNS Support must be enabled, however, it was explicitly disabled.");if(props.availabilityZones&&props.maxAzs)throw new Error("Vpc supports 'availabilityZones' or 'maxAzs', but not both.");const cidrBlock=ifUndefined(props.cidr,Vpc.DEFAULT_CIDR_RANGE);if(core_1.Token.isUnresolved(cidrBlock))throw new Error("'cidr' property must be a concrete CIDR string, got a Token (we need to parse it for automatic subdivision)");if(props.ipAddresses&&props.cidr)throw new Error("supply at most one of ipAddresses or cidr");this.ipAddresses=props.ipAddresses??ip_addresses_1.IpAddresses.cidr(cidrBlock),this.dnsHostnamesEnabled=props.enableDnsHostnames==null?!0:props.enableDnsHostnames,this.dnsSupportEnabled=props.enableDnsSupport==null?!0:props.enableDnsSupport;const instanceTenancy=props.defaultInstanceTenancy||"default";this.internetConnectivityEstablished=this._internetConnectivityEstablished;const vpcIpAddressOptions=this.ipAddresses.allocateVpcCidr();if(this.resource=new ec2_generated_1.CfnVPC(this,"Resource",{cidrBlock:vpcIpAddressOptions.cidrBlock,ipv4IpamPoolId:vpcIpAddressOptions.ipv4IpamPoolId,ipv4NetmaskLength:vpcIpAddressOptions.ipv4NetmaskLength,enableDnsHostnames:this.dnsHostnamesEnabled,enableDnsSupport:this.dnsSupportEnabled,instanceTenancy}),this.vpcDefaultNetworkAcl=this.resource.attrDefaultNetworkAcl,this.vpcCidrBlockAssociations=this.resource.attrCidrBlockAssociations,this.vpcCidrBlock=this.resource.attrCidrBlock,this.vpcDefaultSecurityGroup=this.resource.attrDefaultSecurityGroup,this.vpcIpv6CidrBlocks=this.resource.attrIpv6CidrBlocks,core_1.Tags.of(this).add(NAME_TAG,props.vpcName||this.node.path),props.availabilityZones){const resolvedStackAzs=stack.availabilityZones.filter(az=>!core_1.Token.isUnresolved(az));if(!(resolvedStackAzs.length===0||props.availabilityZones.every(az=>core_1.Token.isUnresolved(az)||resolvedStackAzs.includes(az))))throw new Error(`Given VPC 'availabilityZones' ${props.availabilityZones} must be a subset of the stack's availability zones ${stack.availabilityZones}`);this.availabilityZones=props.availabilityZones}else{const maxAZs=props.maxAzs??3;this.availabilityZones=stack.availabilityZones.slice(0,maxAZs)}for(let i=0;props.reservedAzs&&i<props.reservedAzs;i++)this.availabilityZones.push(FAKE_AZ_NAME);this.vpcId=this.resource.ref,this.vpcArn=core_1.Arn.format({service:"ec2",resource:"vpc",resourceName:this.vpcId},stack);const defaultSubnet=props.natGateways===0?Vpc.DEFAULT_SUBNETS_NO_NAT:Vpc.DEFAULT_SUBNETS;this.subnetConfiguration=ifUndefined(props.subnetConfiguration,defaultSubnet);const natGatewayPlacement=props.natGatewaySubnets||{subnetType:SubnetType.PUBLIC},natGatewayCount=determineNatGatewayCount(props.natGateways,this.subnetConfiguration,this.availabilityZones.length);if(this.createSubnets(),this.subnetConfiguration.filter(subnet=>subnet.subnetType!==SubnetType.PRIVATE_ISOLATED&&subnet.subnetType!==SubnetType.ISOLATED).length>0){const igw=new ec2_generated_1.CfnInternetGateway(this,"IGW",{});this.internetGatewayId=igw.ref,this._internetConnectivityEstablished.add(igw);const att=new ec2_generated_1.CfnVPCGatewayAttachment(this,"VPCGW",{internetGatewayId:igw.ref,vpcId:this.resource.ref});if(this.publicSubnets.forEach(publicSubnet=>{publicSubnet.addDefaultInternetRoute(igw.ref,att)}),natGatewayCount>0){const provider=props.natGatewayProvider||nat_1.NatProvider.gateway();this.createNatGateways(provider,natGatewayCount,natGatewayPlacement)}}if(props.vpnGateway&&this.publicSubnets.length===0&&this.privateSubnets.length===0&&this.isolatedSubnets.length===0)throw new Error("Can not enable the VPN gateway while the VPC has no subnets at all");if((props.vpnConnections||props.vpnGatewayAsn)&&props.vpnGateway===!1)throw new Error("Cannot specify `vpnConnections` or `vpnGatewayAsn` when `vpnGateway` is set to false.");if(props.vpnGateway||props.vpnConnections||props.vpnGatewayAsn){this.enableVpnGateway({amazonSideAsn:props.vpnGatewayAsn,type:vpn_1.VpnConnectionType.IPSEC_1,vpnRoutePropagation:props.vpnRoutePropagation});const vpnConnections=props.vpnConnections||{};for(const[connectionId,connection]of Object.entries(vpnConnections))this.addVpnConnection(connectionId,connection)}if(props.gatewayEndpoints){const gatewayEndpoints=props.gatewayEndpoints||{};for(const[endpointId,endpoint]of Object.entries(gatewayEndpoints))this.addGatewayEndpoint(endpointId,endpoint)}if(props.flowLogs){const flowLogs=props.flowLogs||{};for(const[flowLogId,flowLog]of Object.entries(flowLogs))this.addFlowLog(flowLogId,flowLog)}}static fromVpcAttributes(scope,id,attrs){try{jsiiDeprecationWarnings.aws_cdk_lib_aws_ec2_VpcAttributes(attrs)}catch(error){throw process.env.JSII_DEBUG!=="1"&&error.name==="DeprecationError"&&Error.captureStackTrace(error,this.fromVpcAttributes),error}return new ImportedVpc(scope,id,attrs,!1)}static fromLookup(scope,id,options){try{jsiiDeprecationWarnings.aws_cdk_lib_aws_ec2_VpcLookupOptions(options)}catch(error){throw process.env.JSII_DEBUG!=="1"&&error.name==="DeprecationError"&&Error.captureStackTrace(error,this.fromLookup),error}if(core_1.Token.isUnresolved(options.vpcId)||core_1.Token.isUnresolved(options.vpcName)||Object.values(options.tags||{}).some(core_1.Token.isUnresolved)||Object.keys(options.tags||{}).some(core_1.Token.isUnresolved))throw new Error("All arguments to Vpc.fromLookup() must be concrete (no Tokens)");const filter=makeTagFilter(options.tags);options.vpcId&&(filter["vpc-id"]=options.vpcId),options.vpcName&&(filter["tag:Name"]=options.vpcName),options.isDefault!==void 0&&(filter.isDefault=options.isDefault?"true":"false");const overrides={};options.region&&(overrides.region=options.region);const attributes=core_1.ContextProvider.getValue(scope,{provider:cxschema.ContextProvider.VPC_PROVIDER,props:{...overrides,filter,returnAsymmetricSubnets:!0,subnetGroupNameTag:options.subnetGroupNameTag},dummyValue:void 0}).value;return new LookedUpVpc(scope,id,attributes??DUMMY_VPC_PROPS,attributes===void 0);function makeTagFilter(tags){const result={};for(const[name,value]of Object.entries(tags||{}))result[`tag:${name}`]=value;return result}}addS3Endpoint(id,subnets){return new vpc_endpoint_1.GatewayVpcEndpoint(this,id,{service:vpc_endpoint_1.GatewayVpcEndpointAwsService.S3,vpc:this,subnets})}addDynamoDbEndpoint(id,subnets){return new vpc_endpoint_1.GatewayVpcEndpoint(this,id,{service:vpc_endpoint_1.GatewayVpcEndpointAwsService.DYNAMODB,vpc:this,subnets})}createNatGateways(provider,natCount,placement){const natSubnets=this.selectSubnetObjects(placement);for(const sub of natSubnets)if(this.publicSubnets.indexOf(sub)===-1)throw new Error(`natGatewayPlacement ${placement} contains non public subnet ${sub}`);provider.configureNat({vpc:this,natSubnets:natSubnets.slice(0,natCount),privateSubnets:this.privateSubnets})}createSubnets(){const requestedSubnets=[];this.subnetConfiguration.forEach(configuration=>this.availabilityZones.forEach((az,index)=>{requestedSubnets.push({availabilityZone:az,subnetConstructId:util_1.subnetId(configuration.name,index),configuration})}));const{allocatedSubnets}=this.ipAddresses.allocateSubnetsCidr({vpcCidr:this.vpcCidrBlock,requestedSubnets});if(allocatedSubnets.length!=requestedSubnets.length)throw new Error("Incomplete Subnet Allocation; response array dose not equal input array");this.createSubnetResources(requestedSubnets,allocatedSubnets)}createSubnetResources(requestedSubnets,allocatedSubnets){allocatedSubnets.forEach((allocated,i)=>{const{configuration:subnetConfig,subnetConstructId,availabilityZone}=requestedSubnets[i];if(subnetConfig.reserved===!0||availabilityZone===FAKE_AZ_NAME)return;let mapPublicIpOnLaunch=!1;if(subnetConfig.subnetType!==SubnetType.PUBLIC&&subnetConfig.mapPublicIpOnLaunch!==void 0)throw new Error(`${subnetConfig.subnetType} subnet cannot include mapPublicIpOnLaunch parameter`);subnetConfig.subnetType===SubnetType.PUBLIC&&(mapPublicIpOnLaunch=subnetConfig.mapPublicIpOnLaunch!==void 0?subnetConfig.mapPublicIpOnLaunch:!0);const subnetProps={availabilityZone,vpcId:this.vpcId,cidrBlock:allocated.cidr,mapPublicIpOnLaunch};let subnet;switch(subnetConfig.subnetType){case SubnetType.PUBLIC:const publicSubnet=new PublicSubnet(this,subnetConstructId,subnetProps);this.publicSubnets.push(publicSubnet),subnet=publicSubnet;break;case SubnetType.PRIVATE_WITH_EGRESS:case SubnetType.PRIVATE_WITH_NAT:case SubnetType.PRIVATE:const privateSubnet=new PrivateSubnet(this,subnetConstructId,subnetProps);this.privateSubnets.push(privateSubnet),subnet=privateSubnet;break;case SubnetType.PRIVATE_ISOLATED:case SubnetType.ISOLATED:const isolatedSubnet=new PrivateSubnet(this,subnetConstructId,subnetProps);this.isolatedSubnets.push(isolatedSubnet),subnet=isolatedSubnet;break;default:throw new Error(`Unrecognized subnet type: ${subnetConfig.subnetType}`)}const includeResourceTypes=[ec2_generated_1.CfnSubnet.CFN_RESOURCE_TYPE_NAME];core_1.Tags.of(subnet).add(SUBNETNAME_TAG,subnetConfig.name,{includeResourceTypes}),core_1.Tags.of(subnet).add(SUBNETTYPE_TAG,subnetTypeTagValue(subnetConfig.subnetType),{includeResourceTypes})})}}exports.Vpc=Vpc,_a=JSII_RTTI_SYMBOL_1,Vpc[_a]={fqn:"aws-cdk-lib.aws_ec2.Vpc",version:"2.52.1"},Vpc.DEFAULT_CIDR_RANGE="10.0.0.0/16",Vpc.DEFAULT_SUBNETS=[{subnetType:SubnetType.PUBLIC,name:util_1.defaultSubnetName(SubnetType.PUBLIC)},{subnetType:SubnetType.PRIVATE_WITH_EGRESS,name:util_1.defaultSubnetName(SubnetType.PRIVATE_WITH_EGRESS)}],Vpc.DEFAULT_SUBNETS_NO_NAT=[{subnetType:SubnetType.PUBLIC,name:util_1.defaultSubnetName(SubnetType.PUBLIC)},{subnetType:SubnetType.PRIVATE_ISOLATED,name:util_1.defaultSubnetName(SubnetType.PRIVATE_ISOLATED)}];const SUBNETTYPE_TAG="aws-cdk:subnet-type",SUBNETNAME_TAG="aws-cdk:subnet-name";function subnetTypeTagValue(type){switch(type){case SubnetType.PUBLIC:return"Public";case SubnetType.PRIVATE_WITH_EGRESS:case SubnetType.PRIVATE_WITH_NAT:case SubnetType.PRIVATE:return"Private";case SubnetType.PRIVATE_ISOLATED:case SubnetType.ISOLATED:return"Isolated"}}class Subnet extends core_1.Resource{constructor(scope,id,props){super(scope,id),this.dependencyElements=[],this._internetConnectivityEstablished=new constructs_1.DependencyGroup;try{jsiiDeprecationWarnings.aws_cdk_lib_aws_ec2_SubnetProps(props)}catch(error){throw process.env.JSII_DEBUG!=="1"&&error.name==="DeprecationError"&&Error.captureStackTrace(error,Subnet),error}Object.defineProperty(this,VPC_SUBNET_SYMBOL,{value:!0}),core_1.Tags.of(this).add(NAME_TAG,this.node.path),this.availabilityZone=props.availabilityZone,this.ipv4CidrBlock=props.cidrBlock;const subnet=new ec2_generated_1.CfnSubnet(this,"Subnet",{vpcId:props.vpcId,cidrBlock:props.cidrBlock,availabilityZone:props.availabilityZone,mapPublicIpOnLaunch:props.mapPublicIpOnLaunch});this.subnetId=subnet.ref,this.subnetVpcId=subnet.attrVpcId,this.subnetAvailabilityZone=subnet.attrAvailabilityZone,this.subnetIpv6CidrBlocks=subnet.attrIpv6CidrBlocks,this.subnetOutpostArn=subnet.attrOutpostArn,this._networkAcl=network_acl_1.NetworkAcl.fromNetworkAclId(this,"Acl",subnet.attrNetworkAclAssociationId),this.subnetNetworkAclAssociationId=core_1.Lazy.string({produce:()=>this._networkAcl.networkAclId}),this.node.defaultChild=subnet;const table=new ec2_generated_1.CfnRouteTable(this,"RouteTable",{vpcId:props.vpcId});this.routeTable={routeTableId:table.ref};const routeAssoc=new ec2_generated_1.CfnSubnetRouteTableAssociation(this,"RouteTableAssociation",{subnetId:this.subnetId,routeTableId:table.ref});this._internetConnectivityEstablished.add(routeAssoc),this.internetConnectivityEstablished=this._internetConnectivityEstablished}static isVpcSubnet(x){return VPC_SUBNET_SYMBOL in x}static fromSubnetAttributes(scope,id,attrs){try{jsiiDeprecationWarnings.aws_cdk_lib_aws_ec2_SubnetAttributes(attrs)}catch(error){throw process.env.JSII_DEBUG!=="1"&&error.name==="DeprecationError"&&Error.captureStackTrace(error,this.fromSubnetAttributes),error}return new ImportedSubnet(scope,id,attrs)}static fromSubnetId(scope,id,subnetId){return this.fromSubnetAttributes(scope,id,{subnetId})}addDefaultInternetRoute(gatewayId,gatewayAttachment){const route=new ec2_generated_1.CfnRoute(this,"DefaultRoute",{routeTableId:this.routeTable.routeTableId,destinationCidrBlock:"0.0.0.0/0",gatewayId});route.node.addDependency(gatewayAttachment),this._internetConnectivityEstablished.add(route)}get networkAcl(){return this._networkAcl}addDefaultNatRoute(natGatewayId){this.addRoute("DefaultRoute",{routerType:RouterType.NAT_GATEWAY,routerId:natGatewayId,enablesInternetConnectivity:!0})}addRoute(id,options){try{jsiiDeprecationWarnings.aws_cdk_lib_aws_ec2_AddRouteOptions(options)}catch(error){throw process.env.JSII_DEBUG!=="1"&&error.name==="DeprecationError"&&Error.captureStackTrace(error,this.addRoute),error}if(options.destinationCidrBlock&&options.destinationIpv6CidrBlock)throw new Error("Cannot specify both 'destinationCidrBlock' and 'destinationIpv6CidrBlock'");const route=new ec2_generated_1.CfnRoute(this,id,{routeTableId:this.routeTable.routeTableId,destinationCidrBlock:options.destinationCidrBlock||(options.destinationIpv6CidrBlock===void 0?"0.0.0.0/0":void 0),destinationIpv6CidrBlock:options.destinationIpv6CidrBlock,[routerTypeToPropName(options.routerType)]:options.routerId});options.enablesInternetConnectivity&&this._internetConnectivityEstablished.add(route)}associateNetworkAcl(id,networkAcl){try{jsiiDeprecationWarnings.aws_cdk_lib_aws_ec2_INetworkAcl(networkAcl)}catch(error){throw process.env.JSII_DEBUG!=="1"&&error.name==="DeprecationError"&&Error.captureStackTrace(error,this.associateNetworkAcl),error}this._networkAcl=networkAcl;const scope=networkAcl instanceof constructs_1.Construct?networkAcl:this,other=networkAcl instanceof constructs_1.Construct?this:networkAcl;new network_acl_1.SubnetNetworkAclAssociation(scope,id+core_1.Names.nodeUniqueId(other.node),{networkAcl,subnet:this})}}exports.Subnet=Subnet,_b=JSII_RTTI_SYMBOL_1,Subnet[_b]={fqn:"aws-cdk-lib.aws_ec2.Subnet",version:"2.52.1"};var RouterType;(function(RouterType2){RouterType2.CARRIER_GATEWAY="CarrierGateway",RouterType2.EGRESS_ONLY_INTERNET_GATEWAY="EgressOnlyInternetGateway",RouterType2.GATEWAY="Gateway",RouterType2.INSTANCE="Instance",RouterType2.LOCAL_GATEWAY="LocalGateway",RouterType2.NAT_GATEWAY="NatGateway",RouterType2.NETWORK_INTERFACE="NetworkInterface",RouterType2.TRANSIT_GATEWAY="TransitGateway",RouterType2.VPC_PEERING_CONNECTION="VpcPeeringConnection",RouterType2.VPC_ENDPOINT="VpcEndpoint"})(RouterType=exports.RouterType||(exports.RouterType={}));function routerTypeToPropName(routerType){return{[RouterType.CARRIER_GATEWAY]:"carrierGatewayId",[RouterType.EGRESS_ONLY_INTERNET_GATEWAY]:"egressOnlyInternetGatewayId",[RouterType.GATEWAY]:"gatewayId",[RouterType.INSTANCE]:"instanceId",[RouterType.LOCAL_GATEWAY]:"localGatewayId",[RouterType.NAT_GATEWAY]:"natGatewayId",[RouterType.NETWORK_INTERFACE]:"networkInterfaceId",[RouterType.TRANSIT_GATEWAY]:"transitGatewayId",[RouterType.VPC_PEERING_CONNECTION]:"vpcPeeringConnectionId",[RouterType.VPC_ENDPOINT]:"vpcEndpointId"}[routerType]}class PublicSubnet extends Subnet{constructor(scope,id,props){super(scope,id,props);try{jsiiDeprecationWarnings.aws_cdk_lib_aws_ec2_PublicSubnetProps(props)}catch(error){throw process.env.JSII_DEBUG!=="1"&&error.name==="DeprecationError"&&Error.captureStackTrace(error,PublicSubnet),error}}static fromPublicSubnetAttributes(scope,id,attrs){try{jsiiDeprecationWarnings.aws_cdk_lib_aws_ec2_PublicSubnetAttributes(attrs)}catch(error){throw process.env.JSII_DEBUG!=="1"&&error.name==="DeprecationError"&&Error.captureStackTrace(error,this.fromPublicSubnetAttributes),error}return new ImportedSubnet(scope,id,attrs)}addNatGateway(eipAllocationId){const ngw=new ec2_generated_1.CfnNatGateway(this,"NATGateway",{subnetId:this.subnetId,allocationId:eipAllocationId??new ec2_generated_1.CfnEIP(this,"EIP",{domain:"vpc"}).attrAllocationId});return ngw.node.addDependency(this.internetConnectivityEstablished),ngw}}exports.PublicSubnet=PublicSubnet,_c=JSII_RTTI_SYMBOL_1,PublicSubnet[_c]={fqn:"aws-cdk-lib.aws_ec2.PublicSubnet",version:"2.52.1"};class PrivateSubnet extends Subnet{constructor(scope,id,props){super(scope,id,props);try{jsiiDeprecationWarnings.aws_cdk_lib_aws_ec2_PrivateSubnetProps(props)}catch(error){throw process.env.JSII_DEBUG!=="1"&&error.name==="DeprecationError"&&Error.captureStackTrace(error,PrivateSubnet),error}}static fromPrivateSubnetAttributes(scope,id,attrs){try{jsiiDeprecationWarnings.aws_cdk_lib_aws_ec2_PrivateSubnetAttributes(attrs)}catch(error){throw process.env.JSII_DEBUG!=="1"&&error.name==="DeprecationError"&&Error.captureStackTrace(error,this.fromPrivateSubnetAttributes),error}return new ImportedSubnet(scope,id,attrs)}}exports.PrivateSubnet=PrivateSubnet,_d=JSII_RTTI_SYMBOL_1,PrivateSubnet[_d]={fqn:"aws-cdk-lib.aws_ec2.PrivateSubnet",version:"2.52.1"};function ifUndefined(value,defaultValue){return value??defaultValue}class ImportedVpc extends VpcBase{constructor(scope,id,props,isIncomplete){super(scope,id,{region:props.region}),this.internetConnectivityEstablished=new constructs_1.DependencyGroup,this.vpcId=props.vpcId,this.vpcArn=core_1.Arn.format({service:"ec2",resource:"vpc",resourceName:this.vpcId},core_1.Stack.of(this)),this.cidr=props.vpcCidrBlock,this.availabilityZones=props.availabilityZones,this._vpnGatewayId=props.vpnGatewayId,this.incompleteSubnetDefinition=isIncomplete;for(const k of Object.keys(props))Array.isArray(props[k])&&core_1.Token.isUnresolved(props[k])&&core_1.Annotations.of(this).addWarning(`fromVpcAttributes: '${k}' is a list token: the imported VPC will not work with constructs that require a list of subnets at synthesis time. Use 'Vpc.fromLookup()' or 'Fn.importListValue' instead.`);const pub=new util_1.ImportSubnetGroup(props.publicSubnetIds,props.publicSubnetNames,props.publicSubnetRouteTableIds,SubnetType.PUBLIC,this.availabilityZones,"publicSubnetIds","publicSubnetNames","publicSubnetRouteTableIds"),priv=new util_1.ImportSubnetGroup(props.privateSubnetIds,props.privateSubnetNames,props.privateSubnetRouteTableIds,SubnetType.PRIVATE_WITH_EGRESS,this.availabilityZones,"privateSubnetIds","privateSubnetNames","privateSubnetRouteTableIds"),iso=new util_1.ImportSubnetGroup(props.isolatedSubnetIds,props.isolatedSubnetNames,props.isolatedSubnetRouteTableIds,SubnetType.PRIVATE_ISOLATED,this.availabilityZones,"isolatedSubnetIds","isolatedSubnetNames","isolatedSubnetRouteTableIds");this.publicSubnets=pub.import(this),this.privateSubnets=priv.import(this),this.isolatedSubnets=iso.import(this)}get vpcCidrBlock(){if(this.cidr===void 0)throw new Error("Cannot perform this operation: 'vpcCidrBlock' was not supplied when creating this VPC");return this.cidr}}class LookedUpVpc extends VpcBase{constructor(scope,id,props,isIncomplete){super(scope,id,{region:props.region}),this.internetConnectivityEstablished=new constructs_1.DependencyGroup,this.vpcId=props.vpcId,this.vpcArn=core_1.Arn.format({service:"ec2",resource:"vpc",resourceName:this.vpcId},core_1.Stack.of(this)),this.cidr=props.vpcCidrBlock,this._vpnGatewayId=props.vpnGatewayId,this.incompleteSubnetDefinition=isIncomplete;const subnetGroups=props.subnetGroups||[],availabilityZones=Array.from(new Set(flatMap(subnetGroups,subnetGroup=>subnetGroup.subnets.map(subnet=>subnet.availabilityZone))));availabilityZones.sort((az1,az2)=>az1.localeCompare(az2)),this.availabilityZones=availabilityZones,this.publicSubnets=this.extractSubnetsOfType(subnetGroups,cxapi.VpcSubnetGroupType.PUBLIC),this.privateSubnets=this.extractSubnetsOfType(subnetGroups,cxapi.VpcSubnetGroupType.PRIVATE),this.isolatedSubnets=this.extractSubnetsOfType(subnetGroups,cxapi.VpcSubnetGroupType.ISOLATED)}get vpcCidrBlock(){if(this.cidr===void 0)throw new Error("Cannot perform this operation: 'vpcCidrBlock' was not found when looking up this VPC. Use a newer version of the CDK CLI and clear the old context value.");return this.cidr}extractSubnetsOfType(subnetGroups,subnetGroupType){return flatMap(subnetGroups.filter(subnetGroup=>subnetGroup.type===subnetGroupType),subnetGroup=>this.subnetGroupToSubnets(subnetGroup))}subnetGroupToSubnets(subnetGroup){const ret=new Array;for(let i=0;i<subnetGroup.subnets.length;i++){const vpcSubnet=subnetGroup.subnets[i];ret.push(Subnet.fromSubnetAttributes(this,`${subnetGroup.name}Subnet${i+1}`,{availabilityZone:vpcSubnet.availabilityZone,subnetId:vpcSubnet.subnetId,routeTableId:vpcSubnet.routeTableId,ipv4CidrBlock:vpcSubnet.cidr}))}return ret}}function flatMap(xs,fn){const ret=new Array;for(const x of xs)ret.push(...fn(x));return ret}class CompositeDependable{constructor(){this.dependables=new Array;const self=this;constructs_1.Dependable.implement(this,{get dependencyRoots(){const ret=new Array;for(const dep of self.dependables)ret.push(...constructs_1.Dependable.of(dep).dependencyRoots);return ret}})}add(dep){this.dependables.push(dep)}}function tap(x,fn){return fn(x),x}class ImportedSubnet extends core_1.Resource{constructor(scope,id,attrs){if(super(scope,id),this.internetConnectivityEstablished=new constructs_1.DependencyGroup,!attrs.routeTableId){const ref=core_1.Token.isUnresolved(attrs.subnetId)||core_1.Token.isUnresolved([attrs.subnetId])?`at '${constructs_1.Node.of(scope).path}/${id}'`:`'${attrs.subnetId}'`;core_1.Annotations.of(this).addWarning(`No routeTableId was provided to the subnet ${ref}. Attempting to read its .routeTable.routeTableId will return null/undefined. (More info: https://github.com/aws/aws-cdk/pull/3171)`)}this._ipv4CidrBlock=attrs.ipv4CidrBlock,this._availabilityZone=attrs.availabilityZone,this.subnetId=attrs.subnetId,this.routeTable={routeTableId:attrs.routeTableId}}get availabilityZone(){if(!this._availabilityZone)throw new Error("You cannot reference a Subnet's availability zone if it was not supplied. Add the availabilityZone when importing using Subnet.fromSubnetAttributes()");return this._availabilityZone}get ipv4CidrBlock(){if(!this._ipv4CidrBlock)throw new Error("You cannot reference an imported Subnet's IPv4 CIDR if it was not supplied. Add the ipv4CidrBlock when importing using Subnet.fromSubnetAttributes()");return this._ipv4CidrBlock}associateNetworkAcl(id,networkAcl){const scope=networkAcl instanceof constructs_1.Construct?networkAcl:this,other=networkAcl instanceof constructs_1.Construct?this:networkAcl;new network_acl_1.SubnetNetworkAclAssociation(scope,id+core_1.Names.nodeUniqueId(other.node),{networkAcl,subnet:this})}}function determineNatGatewayCount(requestedCount,subnetConfig,azCount){const hasPrivateSubnets=subnetConfig.some(c=>(c.subnetType===SubnetType.PRIVATE_WITH_EGRESS||c.subnetType===SubnetType.PRIVATE||c.subnetType===SubnetType.PRIVATE_WITH_NAT)&&!c.reserved),hasPublicSubnets=subnetConfig.some(c=>c.subnetType===SubnetType.PUBLIC),hasCustomEgress=subnetConfig.some(c=>c.subnetType===SubnetType.PRIVATE_WITH_EGRESS),count=requestedCount!==void 0?Math.min(requestedCount,azCount):hasPrivateSubnets?azCount:0;if(count===0&&hasPrivateSubnets&&!hasCustomEgress)throw new Error("If you do not want NAT gateways (natGateways=0), make sure you don't configure any PRIVATE(_WITH_NAT) subnets in 'subnetConfiguration' (make them PUBLIC or ISOLATED instead)");if(count>0&&!hasPublicSubnets)throw new Error(`If you configure PRIVATE subnets in 'subnetConfiguration', you must also configure PUBLIC subnets to put the NAT gateways into (got ${JSON.stringify(subnetConfig)}.`);return count}const DUMMY_VPC_PROPS={availabilityZones:[],vpcCidrBlock:"1.2.3.4/5",isolatedSubnetIds:void 0,isolatedSubnetNames:void 0,isolatedSubnetRouteTableIds:void 0,privateSubnetIds:void 0,privateSubnetNames:void 0,privateSubnetRouteTableIds:void 0,publicSubnetIds:void 0,publicSubnetNames:void 0,publicSubnetRouteTableIds:void 0,subnetGroups:[{name:"Public",type:cxapi.VpcSubnetGroupType.PUBLIC,subnets:[{availabilityZone:"dummy1a",subnetId:"s-12345",routeTableId:"rtb-12345s",cidr:"1.2.3.4/5"},{availabilityZone:"dummy1b",subnetId:"s-67890",routeTableId:"rtb-67890s",cidr:"1.2.3.4/5"}]},{name:"Private",type:cxapi.VpcSubnetGroupType.PRIVATE,subnets:[{availabilityZone:"dummy1a",subnetId:"p-12345",routeTableId:"rtb-12345p",cidr:"1.2.3.4/5"},{availabilityZone:"dummy1b",subnetId:"p-67890",routeTableId:"rtb-57890p",cidr:"1.2.3.4/5"}]},{name:"Isolated",type:cxapi.VpcSubnetGroupType.ISOLATED,subnets:[{availabilityZone:"dummy1a",subnetId:"p-12345",routeTableId:"rtb-12345p",cidr:"1.2.3.4/5"},{availabilityZone:"dummy1b",subnetId:"p-67890",routeTableId:"rtb-57890p",cidr:"1.2.3.4/5"}]}],vpcId:"vpc-12345"};
 //# sourceMappingURL=vpc.js.map

package/aws-ec2/lib/vpn.js

@@ -1,2 +1,2 @@
-"use strict";var _a,_b,_c;Object.defineProperty(exports,"__esModule",{value:!0}),exports.RESERVED_TUNNEL_INSIDE_CIDR=exports.VpnConnection=exports.VpnConnectionBase=exports.VpnGateway=exports.VpnConnectionType=void 0;const jsiiDeprecationWarnings=require("../../.warnings.jsii.js"),JSII_RTTI_SYMBOL_1=Symbol.for("jsii.rtti"),net=require("net"),cloudwatch=require("../../aws-cloudwatch"),core_1=require("../../core"),ec2_generated_1=require("./ec2.generated");var VpnConnectionType;(function(VpnConnectionType2){VpnConnectionType2.IPSEC_1="ipsec.1",VpnConnectionType2.DUMMY="dummy"})(VpnConnectionType=exports.VpnConnectionType||(exports.VpnConnectionType={}));class VpnGateway extends core_1.Resource{constructor(scope,id,props){super(scope,id);try{jsiiDeprecationWarnings.aws_cdk_lib_aws_ec2_VpnGatewayProps(props)}catch(error){throw process.env.JSII_DEBUG!=="1"&&error.name==="DeprecationError"&&Error.captureStackTrace(error,VpnGateway),error}const vpnGW=new ec2_generated_1.CfnVPNGateway(this,"Default",props);this.gatewayId=vpnGW.ref}}exports.VpnGateway=VpnGateway,_a=JSII_RTTI_SYMBOL_1,VpnGateway[_a]={fqn:"aws-cdk-lib.aws_ec2.VpnGateway",version:"2.52.0"};class VpnConnectionBase extends core_1.Resource{}exports.VpnConnectionBase=VpnConnectionBase,_b=JSII_RTTI_SYMBOL_1,VpnConnectionBase[_b]={fqn:"aws-cdk-lib.aws_ec2.VpnConnectionBase",version:"2.52.0"};class VpnConnection extends VpnConnectionBase{constructor(scope,id,props){super(scope,id);try{jsiiDeprecationWarnings.aws_cdk_lib_aws_ec2_VpnConnectionProps(props)}catch(error){throw process.env.JSII_DEBUG!=="1"&&error.name==="DeprecationError"&&Error.captureStackTrace(error,VpnConnection),error}if(props.vpc.vpnGatewayId||props.vpc.enableVpnGateway({type:"ipsec.1",amazonSideAsn:props.asn}),!core_1.Token.isUnresolved(props.ip)&&!net.isIPv4(props.ip))throw new Error(`The \`ip\` ${props.ip} is not a valid IPv4 address.`);const type=VpnConnectionType.IPSEC_1,bgpAsn=props.asn||65e3,customerGateway=new ec2_generated_1.CfnCustomerGateway(this,"CustomerGateway",{bgpAsn,ipAddress:props.ip,type});if(this.customerGatewayId=customerGateway.ref,this.customerGatewayAsn=bgpAsn,this.customerGatewayIp=props.ip,props.tunnelOptions){if(props.tunnelOptions.length>2)throw new Error("Cannot specify more than two `tunnelOptions`");if(props.tunnelOptions.length===2&&props.tunnelOptions[0].tunnelInsideCidr===props.tunnelOptions[1].tunnelInsideCidr)throw new Error(`Same ${props.tunnelOptions[0].tunnelInsideCidr} \`tunnelInsideCidr\` cannot be used for both tunnels.`);props.tunnelOptions.forEach((options,index)=>{if(options.preSharedKey&&options.preSharedKeySecret)throw new Error("Specify at most one of 'preSharedKey' and 'preSharedKeySecret'.");if(options.preSharedKey&&!core_1.Token.isUnresolved(options.preSharedKey)&&!/^[a-zA-Z1-9._][a-zA-Z\d._]{7,63}$/.test(options.preSharedKey))throw new Error(`The \`preSharedKey\` ${options.preSharedKey} for tunnel ${index+1} is invalid. Allowed characters are alphanumeric characters and ._. Must be between 8 and 64 characters in length and cannot start with zero (0).`);if(options.tunnelInsideCidr){if(exports.RESERVED_TUNNEL_INSIDE_CIDR.includes(options.tunnelInsideCidr))throw new Error(`The \`tunnelInsideCidr\` ${options.tunnelInsideCidr} for tunnel ${index+1} is a reserved inside CIDR.`);if(!/^169\.254\.\d{1,3}\.\d{1,3}\/30$/.test(options.tunnelInsideCidr))throw new Error(`The \`tunnelInsideCidr\` ${options.tunnelInsideCidr} for tunnel ${index+1} is not a size /30 CIDR block from the 169.254.0.0/16 range.`)}})}const vpnConnection=new ec2_generated_1.CfnVPNConnection(this,"Resource",{type,customerGatewayId:customerGateway.ref,staticRoutesOnly:!!props.staticRoutes,vpnGatewayId:props.vpc.vpnGatewayId,vpnTunnelOptionsSpecifications:props.tunnelOptions?.map(t=>({preSharedKey:t.preSharedKeySecret?.unsafeUnwrap()??t.preSharedKey,tunnelInsideCidr:t.tunnelInsideCidr}))});this.vpnId=vpnConnection.ref,props.staticRoutes&&props.staticRoutes.forEach(route=>{new ec2_generated_1.CfnVPNConnectionRoute(this,`Route${route.replace(/[^\d]/g,"")}`,{destinationCidrBlock:route,vpnConnectionId:this.vpnId})})}static fromVpnConnectionAttributes(scope,id,attrs){try{jsiiDeprecationWarnings.aws_cdk_lib_aws_ec2_VpnConnectionAttributes(attrs)}catch(error){throw process.env.JSII_DEBUG!=="1"&&error.name==="DeprecationError"&&Error.captureStackTrace(error,this.fromVpnConnectionAttributes),error}class Import extends VpnConnectionBase{constructor(){super(...arguments),this.vpnId=attrs.vpnId,this.customerGatewayId=attrs.customerGatewayId,this.customerGatewayIp=attrs.customerGatewayIp,this.customerGatewayAsn=attrs.customerGatewayAsn}}return new Import(scope,id)}static metricAll(metricName,props){try{jsiiDeprecationWarnings.aws_cdk_lib_aws_cloudwatch_MetricOptions(props)}catch(error){throw process.env.JSII_DEBUG!=="1"&&error.name==="DeprecationError"&&Error.captureStackTrace(error,this.metricAll),error}return new cloudwatch.Metric({namespace:"AWS/VPN",metricName,...props})}static metricAllTunnelState(props){try{jsiiDeprecationWarnings.aws_cdk_lib_aws_cloudwatch_MetricOptions(props)}catch(error){throw process.env.JSII_DEBUG!=="1"&&error.name==="DeprecationError"&&Error.captureStackTrace(error,this.metricAllTunnelState),error}return this.metricAll("TunnelState",{statistic:"avg",...props})}static metricAllTunnelDataIn(props){try{jsiiDeprecationWarnings.aws_cdk_lib_aws_cloudwatch_MetricOptions(props)}catch(error){throw process.env.JSII_DEBUG!=="1"&&error.name==="DeprecationError"&&Error.captureStackTrace(error,this.metricAllTunnelDataIn),error}return this.metricAll("TunnelDataIn",{statistic:"sum",...props})}static metricAllTunnelDataOut(props){try{jsiiDeprecationWarnings.aws_cdk_lib_aws_cloudwatch_MetricOptions(props)}catch(error){throw process.env.JSII_DEBUG!=="1"&&error.name==="DeprecationError"&&Error.captureStackTrace(error,this.metricAllTunnelDataOut),error}return this.metricAll("TunnelDataOut",{statistic:"sum",...props})}}exports.VpnConnection=VpnConnection,_c=JSII_RTTI_SYMBOL_1,VpnConnection[_c]={fqn:"aws-cdk-lib.aws_ec2.VpnConnection",version:"2.52.0"},exports.RESERVED_TUNNEL_INSIDE_CIDR=["169.254.0.0/30","169.254.1.0/30","169.254.2.0/30","169.254.3.0/30","169.254.4.0/30","169.254.5.0/30","169.254.169.252/30"];
+"use strict";var _a,_b,_c;Object.defineProperty(exports,"__esModule",{value:!0}),exports.RESERVED_TUNNEL_INSIDE_CIDR=exports.VpnConnection=exports.VpnConnectionBase=exports.VpnGateway=exports.VpnConnectionType=void 0;const jsiiDeprecationWarnings=require("../../.warnings.jsii.js"),JSII_RTTI_SYMBOL_1=Symbol.for("jsii.rtti"),net=require("net"),cloudwatch=require("../../aws-cloudwatch"),core_1=require("../../core"),ec2_generated_1=require("./ec2.generated");var VpnConnectionType;(function(VpnConnectionType2){VpnConnectionType2.IPSEC_1="ipsec.1",VpnConnectionType2.DUMMY="dummy"})(VpnConnectionType=exports.VpnConnectionType||(exports.VpnConnectionType={}));class VpnGateway extends core_1.Resource{constructor(scope,id,props){super(scope,id);try{jsiiDeprecationWarnings.aws_cdk_lib_aws_ec2_VpnGatewayProps(props)}catch(error){throw process.env.JSII_DEBUG!=="1"&&error.name==="DeprecationError"&&Error.captureStackTrace(error,VpnGateway),error}const vpnGW=new ec2_generated_1.CfnVPNGateway(this,"Default",props);this.gatewayId=vpnGW.ref}}exports.VpnGateway=VpnGateway,_a=JSII_RTTI_SYMBOL_1,VpnGateway[_a]={fqn:"aws-cdk-lib.aws_ec2.VpnGateway",version:"2.52.1"};class VpnConnectionBase extends core_1.Resource{}exports.VpnConnectionBase=VpnConnectionBase,_b=JSII_RTTI_SYMBOL_1,VpnConnectionBase[_b]={fqn:"aws-cdk-lib.aws_ec2.VpnConnectionBase",version:"2.52.1"};class VpnConnection extends VpnConnectionBase{constructor(scope,id,props){super(scope,id);try{jsiiDeprecationWarnings.aws_cdk_lib_aws_ec2_VpnConnectionProps(props)}catch(error){throw process.env.JSII_DEBUG!=="1"&&error.name==="DeprecationError"&&Error.captureStackTrace(error,VpnConnection),error}if(props.vpc.vpnGatewayId||props.vpc.enableVpnGateway({type:"ipsec.1",amazonSideAsn:props.asn}),!core_1.Token.isUnresolved(props.ip)&&!net.isIPv4(props.ip))throw new Error(`The \`ip\` ${props.ip} is not a valid IPv4 address.`);const type=VpnConnectionType.IPSEC_1,bgpAsn=props.asn||65e3,customerGateway=new ec2_generated_1.CfnCustomerGateway(this,"CustomerGateway",{bgpAsn,ipAddress:props.ip,type});if(this.customerGatewayId=customerGateway.ref,this.customerGatewayAsn=bgpAsn,this.customerGatewayIp=props.ip,props.tunnelOptions){if(props.tunnelOptions.length>2)throw new Error("Cannot specify more than two `tunnelOptions`");if(props.tunnelOptions.length===2&&props.tunnelOptions[0].tunnelInsideCidr===props.tunnelOptions[1].tunnelInsideCidr)throw new Error(`Same ${props.tunnelOptions[0].tunnelInsideCidr} \`tunnelInsideCidr\` cannot be used for both tunnels.`);props.tunnelOptions.forEach((options,index)=>{if(options.preSharedKey&&options.preSharedKeySecret)throw new Error("Specify at most one of 'preSharedKey' and 'preSharedKeySecret'.");if(options.preSharedKey&&!core_1.Token.isUnresolved(options.preSharedKey)&&!/^[a-zA-Z1-9._][a-zA-Z\d._]{7,63}$/.test(options.preSharedKey))throw new Error(`The \`preSharedKey\` ${options.preSharedKey} for tunnel ${index+1} is invalid. Allowed characters are alphanumeric characters and ._. Must be between 8 and 64 characters in length and cannot start with zero (0).`);if(options.tunnelInsideCidr){if(exports.RESERVED_TUNNEL_INSIDE_CIDR.includes(options.tunnelInsideCidr))throw new Error(`The \`tunnelInsideCidr\` ${options.tunnelInsideCidr} for tunnel ${index+1} is a reserved inside CIDR.`);if(!/^169\.254\.\d{1,3}\.\d{1,3}\/30$/.test(options.tunnelInsideCidr))throw new Error(`The \`tunnelInsideCidr\` ${options.tunnelInsideCidr} for tunnel ${index+1} is not a size /30 CIDR block from the 169.254.0.0/16 range.`)}})}const vpnConnection=new ec2_generated_1.CfnVPNConnection(this,"Resource",{type,customerGatewayId:customerGateway.ref,staticRoutesOnly:!!props.staticRoutes,vpnGatewayId:props.vpc.vpnGatewayId,vpnTunnelOptionsSpecifications:props.tunnelOptions?.map(t=>({preSharedKey:t.preSharedKeySecret?.unsafeUnwrap()??t.preSharedKey,tunnelInsideCidr:t.tunnelInsideCidr}))});this.vpnId=vpnConnection.ref,props.staticRoutes&&props.staticRoutes.forEach(route=>{new ec2_generated_1.CfnVPNConnectionRoute(this,`Route${route.replace(/[^\d]/g,"")}`,{destinationCidrBlock:route,vpnConnectionId:this.vpnId})})}static fromVpnConnectionAttributes(scope,id,attrs){try{jsiiDeprecationWarnings.aws_cdk_lib_aws_ec2_VpnConnectionAttributes(attrs)}catch(error){throw process.env.JSII_DEBUG!=="1"&&error.name==="DeprecationError"&&Error.captureStackTrace(error,this.fromVpnConnectionAttributes),error}class Import extends VpnConnectionBase{constructor(){super(...arguments),this.vpnId=attrs.vpnId,this.customerGatewayId=attrs.customerGatewayId,this.customerGatewayIp=attrs.customerGatewayIp,this.customerGatewayAsn=attrs.customerGatewayAsn}}return new Import(scope,id)}static metricAll(metricName,props){try{jsiiDeprecationWarnings.aws_cdk_lib_aws_cloudwatch_MetricOptions(props)}catch(error){throw process.env.JSII_DEBUG!=="1"&&error.name==="DeprecationError"&&Error.captureStackTrace(error,this.metricAll),error}return new cloudwatch.Metric({namespace:"AWS/VPN",metricName,...props})}static metricAllTunnelState(props){try{jsiiDeprecationWarnings.aws_cdk_lib_aws_cloudwatch_MetricOptions(props)}catch(error){throw process.env.JSII_DEBUG!=="1"&&error.name==="DeprecationError"&&Error.captureStackTrace(error,this.metricAllTunnelState),error}return this.metricAll("TunnelState",{statistic:"avg",...props})}static metricAllTunnelDataIn(props){try{jsiiDeprecationWarnings.aws_cdk_lib_aws_cloudwatch_MetricOptions(props)}catch(error){throw process.env.JSII_DEBUG!=="1"&&error.name==="DeprecationError"&&Error.captureStackTrace(error,this.metricAllTunnelDataIn),error}return this.metricAll("TunnelDataIn",{statistic:"sum",...props})}static metricAllTunnelDataOut(props){try{jsiiDeprecationWarnings.aws_cdk_lib_aws_cloudwatch_MetricOptions(props)}catch(error){throw process.env.JSII_DEBUG!=="1"&&error.name==="DeprecationError"&&Error.captureStackTrace(error,this.metricAllTunnelDataOut),error}return this.metricAll("TunnelDataOut",{statistic:"sum",...props})}}exports.VpnConnection=VpnConnection,_c=JSII_RTTI_SYMBOL_1,VpnConnection[_c]={fqn:"aws-cdk-lib.aws_ec2.VpnConnection",version:"2.52.1"},exports.RESERVED_TUNNEL_INSIDE_CIDR=["169.254.0.0/30","169.254.1.0/30","169.254.2.0/30","169.254.3.0/30","169.254.4.0/30","169.254.5.0/30","169.254.169.252/30"];
 //# sourceMappingURL=vpn.js.map

package/aws-ecr/lib/auth-token.js

@@ -1,2 +1,2 @@
-"use strict";var _a,_b;Object.defineProperty(exports,"__esModule",{value:!0}),exports.PublicGalleryAuthorizationToken=exports.AuthorizationToken=void 0;const jsiiDeprecationWarnings=require("../../.warnings.jsii.js"),JSII_RTTI_SYMBOL_1=Symbol.for("jsii.rtti"),iam=require("../../aws-iam");class AuthorizationToken{constructor(){}static grantRead(grantee){try{jsiiDeprecationWarnings.aws_cdk_lib_aws_iam_IGrantable(grantee)}catch(error){throw process.env.JSII_DEBUG!=="1"&&error.name==="DeprecationError"&&Error.captureStackTrace(error,this.grantRead),error}grantee.grantPrincipal.addToPrincipalPolicy(new iam.PolicyStatement({actions:["ecr:GetAuthorizationToken"],resources:["*"]}))}}exports.AuthorizationToken=AuthorizationToken,_a=JSII_RTTI_SYMBOL_1,AuthorizationToken[_a]={fqn:"aws-cdk-lib.aws_ecr.AuthorizationToken",version:"2.52.0"};class PublicGalleryAuthorizationToken{constructor(){}static grantRead(grantee){try{jsiiDeprecationWarnings.aws_cdk_lib_aws_iam_IGrantable(grantee)}catch(error){throw process.env.JSII_DEBUG!=="1"&&error.name==="DeprecationError"&&Error.captureStackTrace(error,this.grantRead),error}grantee.grantPrincipal.addToPrincipalPolicy(new iam.PolicyStatement({actions:["ecr-public:GetAuthorizationToken","sts:GetServiceBearerToken"],resources:["*"]}))}}exports.PublicGalleryAuthorizationToken=PublicGalleryAuthorizationToken,_b=JSII_RTTI_SYMBOL_1,PublicGalleryAuthorizationToken[_b]={fqn:"aws-cdk-lib.aws_ecr.PublicGalleryAuthorizationToken",version:"2.52.0"};
+"use strict";var _a,_b;Object.defineProperty(exports,"__esModule",{value:!0}),exports.PublicGalleryAuthorizationToken=exports.AuthorizationToken=void 0;const jsiiDeprecationWarnings=require("../../.warnings.jsii.js"),JSII_RTTI_SYMBOL_1=Symbol.for("jsii.rtti"),iam=require("../../aws-iam");class AuthorizationToken{constructor(){}static grantRead(grantee){try{jsiiDeprecationWarnings.aws_cdk_lib_aws_iam_IGrantable(grantee)}catch(error){throw process.env.JSII_DEBUG!=="1"&&error.name==="DeprecationError"&&Error.captureStackTrace(error,this.grantRead),error}grantee.grantPrincipal.addToPrincipalPolicy(new iam.PolicyStatement({actions:["ecr:GetAuthorizationToken"],resources:["*"]}))}}exports.AuthorizationToken=AuthorizationToken,_a=JSII_RTTI_SYMBOL_1,AuthorizationToken[_a]={fqn:"aws-cdk-lib.aws_ecr.AuthorizationToken",version:"2.52.1"};class PublicGalleryAuthorizationToken{constructor(){}static grantRead(grantee){try{jsiiDeprecationWarnings.aws_cdk_lib_aws_iam_IGrantable(grantee)}catch(error){throw process.env.JSII_DEBUG!=="1"&&error.name==="DeprecationError"&&Error.captureStackTrace(error,this.grantRead),error}grantee.grantPrincipal.addToPrincipalPolicy(new iam.PolicyStatement({actions:["ecr-public:GetAuthorizationToken","sts:GetServiceBearerToken"],resources:["*"]}))}}exports.PublicGalleryAuthorizationToken=PublicGalleryAuthorizationToken,_b=JSII_RTTI_SYMBOL_1,PublicGalleryAuthorizationToken[_b]={fqn:"aws-cdk-lib.aws_ecr.PublicGalleryAuthorizationToken",version:"2.52.1"};
 //# sourceMappingURL=auth-token.js.map