terraconstructs 0.0.10 → 0.0.12

package/lib/aws/compute/aspects/require-imdsv2-aspect.js

@@ -0,0 +1,106 @@
+"use strict";
+var _a, _b;
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.LaunchTemplateRequireImdsv2Aspect = exports.InstanceRequireImdsv2Aspect = void 0;
+const JSII_RTTI_SYMBOL_1 = Symbol.for("jsii.rtti");
+// https://github.com/aws/aws-cdk/blob/v2.175.1/packages/aws-cdk-lib/aws-ec2/lib/aspects/require-imdsv2-aspect.ts
+const provider_aws_1 = require("@cdktf/provider-aws");
+const cdktf_1 = require("cdktf");
+const aws_stack_1 = require("../../aws-stack");
+const instance_1 = require("../instance");
+const launch_template_1 = require("../launch-template");
+/**
+ * Base class for Aspect that makes IMDSv2 required.
+ */
+class RequireImdsv2Aspect {
+    constructor(props) {
+        this.suppressWarnings = props?.suppressWarnings ?? false;
+    }
+    /**
+     * Adds a warning annotation to a node, unless `suppressWarnings` is true.
+     *
+     * @param node The scope to add the warning to.
+     * @param message The warning message.
+     */
+    warn(node, message) {
+        if (this.suppressWarnings !== true) {
+            // `@aws-cdk/aws-ec2:imdsv2${RequireImdsv2Aspect.name}`,
+            cdktf_1.Annotations.of(node).addWarning(`${RequireImdsv2Aspect.name} failed on node ${node.node.id}: ${message}`);
+        }
+    }
+}
+/**
+ * Aspect that applies IMDS configuration on EC2 Instance constructs.
+ *
+ * This aspect configures IMDS on an EC2 instance by creating a Launch Template with the
+ * IMDS configuration and associating that Launch Template with the instance. If an Instance
+ * is already associated with a Launch Template, a warning will (optionally) be added to the
+ * construct node and it will be skipped.
+ *
+ * To cover Instances already associated with Launch Templates, use `LaunchTemplateImdsAspect`.
+ */
+class InstanceRequireImdsv2Aspect extends RequireImdsv2Aspect {
+    constructor(props) {
+        super(props);
+        this.suppressLaunchTemplateWarning =
+            props?.suppressLaunchTemplateWarning ?? false;
+    }
+    visit(node) {
+        if (!(node instanceof instance_1.Instance)) {
+            return;
+        }
+        if (node.instance.launchTemplateInput !== undefined) {
+            this.warn(node, "Cannot toggle IMDSv1 because this Instance is associated with an existing Launch Template.");
+            return;
+        }
+        const lt = new provider_aws_1.launchTemplate.LaunchTemplate(node, "LaunchTemplate", {
+            metadataOptions: {
+                httpTokens: "required",
+            },
+        });
+        lt.name = aws_stack_1.AwsStack.uniqueId(lt);
+        node.instance.putLaunchTemplate({
+            name: lt.name,
+            version: lt.latestVersion.toString(),
+        });
+    }
+    warn(node, message) {
+        if (this.suppressLaunchTemplateWarning !== true) {
+            super.warn(node, message);
+        }
+    }
+}
+exports.InstanceRequireImdsv2Aspect = InstanceRequireImdsv2Aspect;
+_a = JSII_RTTI_SYMBOL_1;
+InstanceRequireImdsv2Aspect[_a] = { fqn: "terraconstructs.aws.compute.InstanceRequireImdsv2Aspect", version: "0.0.12" };
+/**
+ * Aspect that applies IMDS configuration on EC2 Launch Template constructs.
+ *
+ * @see https://registry.terraform.io/providers/hashicorp/aws/5.68.0/docs/resources/launch_template#metadata-options
+ * @see https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ec2-instance-metadata.html
+ */
+class LaunchTemplateRequireImdsv2Aspect extends RequireImdsv2Aspect {
+    constructor(props) {
+        super(props);
+    }
+    visit(node) {
+        if (!(node instanceof launch_template_1.LaunchTemplate)) {
+            return;
+        }
+        const lt = node.node.tryFindChild("Resource");
+        const metadataOptions = lt.metadataOptionsInput;
+        // // metaDataOptions is ComplexListObject and can never be a token
+        // if (Tokenization.isResolvable(metadataOptions)) {
+        //   this.warn(node, "LaunchTemplateData.MetadataOptions is a CDK token.");
+        //   return;
+        // }
+        lt.putMetadataOptions({
+            ...metadataOptions,
+            httpTokens: "required",
+        });
+    }
+}
+exports.LaunchTemplateRequireImdsv2Aspect = LaunchTemplateRequireImdsv2Aspect;
+_b = JSII_RTTI_SYMBOL_1;
+LaunchTemplateRequireImdsv2Aspect[_b] = { fqn: "terraconstructs.aws.compute.LaunchTemplateRequireImdsv2Aspect", version: "0.0.12" };
+//# sourceMappingURL=data:application/json;base64,eyJ2ZXJzaW9uIjozLCJmaWxlIjoicmVxdWlyZS1pbWRzdjItYXNwZWN0LmpzIiwic291cmNlUm9vdCI6IiIsInNvdXJjZXMiOlsiLi4vLi4vLi4vLi4vc3JjL2F3cy9jb21wdXRlL2FzcGVjdHMvcmVxdWlyZS1pbWRzdjItYXNwZWN0LnRzIl0sIm5hbWVzIjpbXSwibWFwcGluZ3MiOiI7Ozs7O0FBQUEsaUhBQWlIO0FBQ2pILHNEQUFxRDtBQUNyRCxpQ0FBNkM7QUFFN0MsK0NBQTJDO0FBQzNDLDBDQUF1QztBQUN2Qyx3REFBb0Q7QUFjcEQ7O0dBRUc7QUFDSCxNQUFlLG1CQUFtQjtJQUdoQyxZQUFZLEtBQWdDO1FBQzFDLElBQUksQ0FBQyxnQkFBZ0IsR0FBRyxLQUFLLEVBQUUsZ0JBQWdCLElBQUksS0FBSyxDQUFDO0lBQzNELENBQUM7SUFJRDs7Ozs7T0FLRztJQUNPLElBQUksQ0FBQyxJQUFnQixFQUFFLE9BQWU7UUFDOUMsSUFBSSxJQUFJLENBQUMsZ0JBQWdCLEtBQUssSUFBSSxFQUFFLENBQUM7WUFDbkMsd0RBQXdEO1lBQ3hELG1CQUFXLENBQUMsRUFBRSxDQUFDLElBQUksQ0FBQyxDQUFDLFVBQVUsQ0FDN0IsR0FBRyxtQkFBbUIsQ0FBQyxJQUFJLG1CQUFtQixJQUFJLENBQUMsSUFBSSxDQUFDLEVBQUUsS0FBSyxPQUFPLEVBQUUsQ0FDekUsQ0FBQztRQUNKLENBQUM7SUFDSCxDQUFDO0NBQ0Y7QUFtQkQ7Ozs7Ozs7OztHQVNHO0FBQ0gsTUFBYSwyQkFBNEIsU0FBUSxtQkFBbUI7SUFHbEUsWUFBWSxLQUF3QztRQUNsRCxLQUFLLENBQUMsS0FBSyxDQUFDLENBQUM7UUFDYixJQUFJLENBQUMsNkJBQTZCO1lBQ2hDLEtBQUssRUFBRSw2QkFBNkIsSUFBSSxLQUFLLENBQUM7SUFDbEQsQ0FBQztJQUVELEtBQUssQ0FBQyxJQUFnQjtRQUNwQixJQUFJLENBQUMsQ0FBQyxJQUFJLFlBQVksbUJBQVEsQ0FBQyxFQUFFLENBQUM7WUFDaEMsT0FBTztRQUNULENBQUM7UUFDRCxJQUFJLElBQUksQ0FBQyxRQUFRLENBQUMsbUJBQW1CLEtBQUssU0FBUyxFQUFFLENBQUM7WUFDcEQsSUFBSSxDQUFDLElBQUksQ0FDUCxJQUFJLEVBQ0osNEZBQTRGLENBQzdGLENBQUM7WUFDRixPQUFPO1FBQ1QsQ0FBQztRQUVELE1BQU0sRUFBRSxHQUFHLElBQUksNkJBQWMsQ0FBQyxjQUFjLENBQUMsSUFBSSxFQUFFLGdCQUFnQixFQUFFO1lBQ25FLGVBQWUsRUFBRTtnQkFDZixVQUFVLEVBQUUsVUFBVTthQUN2QjtTQUNGLENBQUMsQ0FBQztRQUNILEVBQUUsQ0FBQyxJQUFJLEdBQUcsb0JBQVEsQ0FBQyxRQUFRLENBQUMsRUFBRSxDQUFDLENBQUM7UUFDaEMsSUFBSSxDQUFDLFFBQVEsQ0FBQyxpQkFBaUIsQ0FBQztZQUM5QixJQUFJLEVBQUUsRUFBRSxDQUFDLElBQUk7WUFDYixPQUFPLEVBQUUsRUFBRSxDQUFDLGFBQWEsQ0FBQyxRQUFRLEVBQUU7U0FDckMsQ0FBQyxDQUFDO0lBQ0wsQ0FBQztJQUVTLElBQUksQ0FBQyxJQUFnQixFQUFFLE9BQWU7UUFDOUMsSUFBSSxJQUFJLENBQUMsNkJBQTZCLEtBQUssSUFBSSxFQUFFLENBQUM7WUFDaEQsS0FBSyxDQUFDLElBQUksQ0FBQyxJQUFJLEVBQUUsT0FBTyxDQUFDLENBQUM7UUFDNUIsQ0FBQztJQUNILENBQUM7O0FBckNILGtFQXNDQzs7O0FBUUQ7Ozs7O0dBS0c7QUFDSCxNQUFhLGlDQUFrQyxTQUFRLG1CQUFtQjtJQUN4RSxZQUFZLEtBQThDO1FBQ3hELEtBQUssQ0FBQyxLQUFLLENBQUMsQ0FBQztJQUNmLENBQUM7SUFFRCxLQUFLLENBQUMsSUFBZ0I7UUFDcEIsSUFBSSxDQUFDLENBQUMsSUFBSSxZQUFZLGdDQUFjLENBQUMsRUFBRSxDQUFDO1lBQ3RDLE9BQU87UUFDVCxDQUFDO1FBRUQsTUFBTSxFQUFFLEdBQUcsSUFBSSxDQUFDLElBQUksQ0FBQyxZQUFZLENBQy9CLFVBQVUsQ0FDc0IsQ0FBQztRQUNuQyxNQUFNLGVBQWUsR0FBRyxFQUFFLENBQUMsb0JBQW9CLENBQUM7UUFDaEQsbUVBQW1FO1FBQ25FLG9EQUFvRDtRQUNwRCwyRUFBMkU7UUFDM0UsWUFBWTtRQUNaLElBQUk7UUFFSixFQUFFLENBQUMsa0JBQWtCLENBQUM7WUFDcEIsR0FBRyxlQUFlO1lBQ2xCLFVBQVUsRUFBRSxVQUFVO1NBQ3ZCLENBQUMsQ0FBQztJQUNMLENBQUM7O0FBeEJILDhFQXlCQyIsInNvdXJjZXNDb250ZW50IjpbIi8vIGh0dHBzOi8vZ2l0aHViLmNvbS9hd3MvYXdzLWNkay9ibG9iL3YyLjE3NS4xL3BhY2thZ2VzL2F3cy1jZGstbGliL2F3cy1lYzIvbGliL2FzcGVjdHMvcmVxdWlyZS1pbWRzdjItYXNwZWN0LnRzXG5pbXBvcnQgeyBsYXVuY2hUZW1wbGF0ZSB9IGZyb20gXCJAY2RrdGYvcHJvdmlkZXItYXdzXCI7XG5pbXBvcnQgeyBJQXNwZWN0LCBBbm5vdGF0aW9ucyB9IGZyb20gXCJjZGt0ZlwiO1xuaW1wb3J0IHsgSUNvbnN0cnVjdCB9IGZyb20gXCJjb25zdHJ1Y3RzXCI7XG5pbXBvcnQgeyBBd3NTdGFjayB9IGZyb20gXCIuLi8uLi9hd3Mtc3RhY2tcIjtcbmltcG9ydCB7IEluc3RhbmNlIH0gZnJvbSBcIi4uL2luc3RhbmNlXCI7XG5pbXBvcnQgeyBMYXVuY2hUZW1wbGF0ZSB9IGZyb20gXCIuLi9sYXVuY2gtdGVtcGxhdGVcIjtcblxuLyoqXG4gKiBQcm9wZXJ0aWVzIGZvciBgUmVxdWlyZUltZHN2MkFzcGVjdGAuXG4gKi9cbmludGVyZmFjZSBSZXF1aXJlSW1kc3YyQXNwZWN0UHJvcHMge1xuICAvKipcbiAgICogV2hldGhlciB3YXJuaW5nIGFubm90YXRpb25zIGZyb20gdGhpcyBBc3BlY3Qgc2hvdWxkIGJlIHN1cHByZXNzZWQgb3Igbm90LlxuICAgKlxuICAgKiBAZGVmYXVsdCAtIGZhbHNlXG4gICAqL1xuICByZWFkb25seSBzdXBwcmVzc1dhcm5pbmdzPzogYm9vbGVhbjtcbn1cblxuLyoqXG4gKiBCYXNlIGNsYXNzIGZvciBBc3BlY3QgdGhhdCBtYWtlcyBJTURTdjIgcmVxdWlyZWQuXG4gKi9cbmFic3RyYWN0IGNsYXNzIFJlcXVpcmVJbWRzdjJBc3BlY3QgaW1wbGVtZW50cyBJQXNwZWN0IHtcbiAgcHJvdGVjdGVkIHJlYWRvbmx5IHN1cHByZXNzV2FybmluZ3M6IGJvb2xlYW47XG5cbiAgY29uc3RydWN0b3IocHJvcHM/OiBSZXF1aXJlSW1kc3YyQXNwZWN0UHJvcHMpIHtcbiAgICB0aGlzLnN1cHByZXNzV2FybmluZ3MgPSBwcm9wcz8uc3VwcHJlc3NXYXJuaW5ncyA/PyBmYWxzZTtcbiAgfVxuXG4gIGFic3RyYWN0IHZpc2l0KG5vZGU6IElDb25zdHJ1Y3QpOiB2b2lkO1xuXG4gIC8qKlxuICAgKiBBZGRzIGEgd2FybmluZyBhbm5vdGF0aW9uIHRvIGEgbm9kZSwgdW5sZXNzIGBzdXBwcmVzc1dhcm5pbmdzYCBpcyB0cnVlLlxuICAgKlxuICAgKiBAcGFyYW0gbm9kZSBUaGUgc2NvcGUgdG8gYWRkIHRoZSB3YXJuaW5nIHRvLlxuICAgKiBAcGFyYW0gbWVzc2FnZSBUaGUgd2FybmluZyBtZXNzYWdlLlxuICAgKi9cbiAgcHJvdGVjdGVkIHdhcm4obm9kZTogSUNvbnN0cnVjdCwgbWVzc2FnZTogc3RyaW5nKSB7XG4gICAgaWYgKHRoaXMuc3VwcHJlc3NXYXJuaW5ncyAhPT0gdHJ1ZSkge1xuICAgICAgLy8gYEBhd3MtY2RrL2F3cy1lYzI6aW1kc3YyJHtSZXF1aXJlSW1kc3YyQXNwZWN0Lm5hbWV9YCxcbiAgICAgIEFubm90YXRpb25zLm9mKG5vZGUpLmFkZFdhcm5pbmcoXG4gICAgICAgIGAke1JlcXVpcmVJbWRzdjJBc3BlY3QubmFtZX0gZmFpbGVkIG9uIG5vZGUgJHtub2RlLm5vZGUuaWR9OiAke21lc3NhZ2V9YCxcbiAgICAgICk7XG4gICAgfVxuICB9XG59XG5cbi8qKlxuICogUHJvcGVydGllcyBmb3IgYEluc3RhbmNlUmVxdWlyZUltZHN2MkFzcGVjdGAuXG4gKi9cbmV4cG9ydCBpbnRlcmZhY2UgSW5zdGFuY2VSZXF1aXJlSW1kc3YyQXNwZWN0UHJvcHNcbiAgZXh0ZW5kcyBSZXF1aXJlSW1kc3YyQXNwZWN0UHJvcHMge1xuICAvKipcbiAgICogV2hldGhlciB3YXJuaW5ncyB0aGF0IHdvdWxkIGJlIHJhaXNlZCB3aGVuIGFuIEluc3RhbmNlIGlzIGFzc29jaWF0ZWQgd2l0aCBhbiBleGlzdGluZyBMYXVuY2ggVGVtcGxhdGVcbiAgICogc2hvdWxkIGJlIHN1cHByZXNzZWQgb3Igbm90LlxuICAgKlxuICAgKiBZb3UgY2FuIHNldCB0aGlzIHRvIGB0cnVlYCBpZiBgTGF1bmNoVGVtcGxhdGVJbWRzQXNwZWN0YCBpcyBiZWluZyB1c2VkIGFsb25nc2lkZSB0aGlzIEFzcGVjdCB0b1xuICAgKiBzdXBwcmVzcyBmYWxzZS1wb3NpdGl2ZSB3YXJuaW5ncyBiZWNhdXNlIGFueSBMYXVuY2ggVGVtcGxhdGVzIGFzc29jaWF0ZWQgd2l0aCBJbnN0YW5jZXMgd2lsbCBzdGlsbCBiZSBjb3ZlcmVkLlxuICAgKlxuICAgKiBAZGVmYXVsdCAtIGZhbHNlXG4gICAqL1xuICByZWFkb25seSBzdXBwcmVzc0xhdW5jaFRlbXBsYXRlV2FybmluZz86IGJvb2xlYW47XG59XG5cbi8qKlxuICogQXNwZWN0IHRoYXQgYXBwbGllcyBJTURTIGNvbmZpZ3VyYXRpb24gb24gRUMyIEluc3RhbmNlIGNvbnN0cnVjdHMuXG4gKlxuICogVGhpcyBhc3BlY3QgY29uZmlndXJlcyBJTURTIG9uIGFuIEVDMiBpbnN0YW5jZSBieSBjcmVhdGluZyBhIExhdW5jaCBUZW1wbGF0ZSB3aXRoIHRoZVxuICogSU1EUyBjb25maWd1cmF0aW9uIGFuZCBhc3NvY2lhdGluZyB0aGF0IExhdW5jaCBUZW1wbGF0ZSB3aXRoIHRoZSBpbnN0YW5jZS4gSWYgYW4gSW5zdGFuY2VcbiAqIGlzIGFscmVhZHkgYXNzb2NpYXRlZCB3aXRoIGEgTGF1bmNoIFRlbXBsYXRlLCBhIHdhcm5pbmcgd2lsbCAob3B0aW9uYWxseSkgYmUgYWRkZWQgdG8gdGhlXG4gKiBjb25zdHJ1Y3Qgbm9kZSBhbmQgaXQgd2lsbCBiZSBza2lwcGVkLlxuICpcbiAqIFRvIGNvdmVyIEluc3RhbmNlcyBhbHJlYWR5IGFzc29jaWF0ZWQgd2l0aCBMYXVuY2ggVGVtcGxhdGVzLCB1c2UgYExhdW5jaFRlbXBsYXRlSW1kc0FzcGVjdGAuXG4gKi9cbmV4cG9ydCBjbGFzcyBJbnN0YW5jZVJlcXVpcmVJbWRzdjJBc3BlY3QgZXh0ZW5kcyBSZXF1aXJlSW1kc3YyQXNwZWN0IHtcbiAgcHJpdmF0ZSByZWFkb25seSBzdXBwcmVzc0xhdW5jaFRlbXBsYXRlV2FybmluZzogYm9vbGVhbjtcblxuICBjb25zdHJ1Y3Rvcihwcm9wcz86IEluc3RhbmNlUmVxdWlyZUltZHN2MkFzcGVjdFByb3BzKSB7XG4gICAgc3VwZXIocHJvcHMpO1xuICAgIHRoaXMuc3VwcHJlc3NMYXVuY2hUZW1wbGF0ZVdhcm5pbmcgPVxuICAgICAgcHJvcHM/LnN1cHByZXNzTGF1bmNoVGVtcGxhdGVXYXJuaW5nID8/IGZhbHNlO1xuICB9XG5cbiAgdmlzaXQobm9kZTogSUNvbnN0cnVjdCk6IHZvaWQge1xuICAgIGlmICghKG5vZGUgaW5zdGFuY2VvZiBJbnN0YW5jZSkpIHtcbiAgICAgIHJldHVybjtcbiAgICB9XG4gICAgaWYgKG5vZGUuaW5zdGFuY2UubGF1bmNoVGVtcGxhdGVJbnB1dCAhPT0gdW5kZWZpbmVkKSB7XG4gICAgICB0aGlzLndhcm4oXG4gICAgICAgIG5vZGUsXG4gICAgICAgIFwiQ2Fubm90IHRvZ2dsZSBJTURTdjEgYmVjYXVzZSB0aGlzIEluc3RhbmNlIGlzIGFzc29jaWF0ZWQgd2l0aCBhbiBleGlzdGluZyBMYXVuY2ggVGVtcGxhdGUuXCIsXG4gICAgICApO1xuICAgICAgcmV0dXJuO1xuICAgIH1cblxuICAgIGNvbnN0IGx0ID0gbmV3IGxhdW5jaFRlbXBsYXRlLkxhdW5jaFRlbXBsYXRlKG5vZGUsIFwiTGF1bmNoVGVtcGxhdGVcIiwge1xuICAgICAgbWV0YWRhdGFPcHRpb25zOiB7XG4gICAgICAgIGh0dHBUb2tlbnM6IFwicmVxdWlyZWRcIixcbiAgICAgIH0sXG4gICAgfSk7XG4gICAgbHQubmFtZSA9IEF3c1N0YWNrLnVuaXF1ZUlkKGx0KTtcbiAgICBub2RlLmluc3RhbmNlLnB1dExhdW5jaFRlbXBsYXRlKHtcbiAgICAgIG5hbWU6IGx0Lm5hbWUsXG4gICAgICB2ZXJzaW9uOiBsdC5sYXRlc3RWZXJzaW9uLnRvU3RyaW5nKCksXG4gICAgfSk7XG4gIH1cblxuICBwcm90ZWN0ZWQgd2Fybihub2RlOiBJQ29uc3RydWN0LCBtZXNzYWdlOiBzdHJpbmcpIHtcbiAgICBpZiAodGhpcy5zdXBwcmVzc0xhdW5jaFRlbXBsYXRlV2FybmluZyAhPT0gdHJ1ZSkge1xuICAgICAgc3VwZXIud2Fybihub2RlLCBtZXNzYWdlKTtcbiAgICB9XG4gIH1cbn1cblxuLyoqXG4gKiBQcm9wZXJ0aWVzIGZvciBgTGF1bmNoVGVtcGxhdGVSZXF1aXJlSW1kc3YyQXNwZWN0YC5cbiAqL1xuZXhwb3J0IGludGVyZmFjZSBMYXVuY2hUZW1wbGF0ZVJlcXVpcmVJbWRzdjJBc3BlY3RQcm9wc1xuICBleHRlbmRzIFJlcXVpcmVJbWRzdjJBc3BlY3RQcm9wcyB7fVxuXG4vKipcbiAqIEFzcGVjdCB0aGF0IGFwcGxpZXMgSU1EUyBjb25maWd1cmF0aW9uIG9uIEVDMiBMYXVuY2ggVGVtcGxhdGUgY29uc3RydWN0cy5cbiAqXG4gKiBAc2VlIGh0dHBzOi8vcmVnaXN0cnkudGVycmFmb3JtLmlvL3Byb3ZpZGVycy9oYXNoaWNvcnAvYXdzLzUuNjguMC9kb2NzL3Jlc291cmNlcy9sYXVuY2hfdGVtcGxhdGUjbWV0YWRhdGEtb3B0aW9uc1xuICogQHNlZSBodHRwczovL2RvY3MuYXdzLmFtYXpvbi5jb20vQVdTRUMyL2xhdGVzdC9Vc2VyR3VpZGUvZWMyLWluc3RhbmNlLW1ldGFkYXRhLmh0bWxcbiAqL1xuZXhwb3J0IGNsYXNzIExhdW5jaFRlbXBsYXRlUmVxdWlyZUltZHN2MkFzcGVjdCBleHRlbmRzIFJlcXVpcmVJbWRzdjJBc3BlY3Qge1xuICBjb25zdHJ1Y3Rvcihwcm9wcz86IExhdW5jaFRlbXBsYXRlUmVxdWlyZUltZHN2MkFzcGVjdFByb3BzKSB7XG4gICAgc3VwZXIocHJvcHMpO1xuICB9XG5cbiAgdmlzaXQobm9kZTogSUNvbnN0cnVjdCk6IHZvaWQge1xuICAgIGlmICghKG5vZGUgaW5zdGFuY2VvZiBMYXVuY2hUZW1wbGF0ZSkpIHtcbiAgICAgIHJldHVybjtcbiAgICB9XG5cbiAgICBjb25zdCBsdCA9IG5vZGUubm9kZS50cnlGaW5kQ2hpbGQoXG4gICAgICBcIlJlc291cmNlXCIsXG4gICAgKSBhcyBsYXVuY2hUZW1wbGF0ZS5MYXVuY2hUZW1wbGF0ZTtcbiAgICBjb25zdCBtZXRhZGF0YU9wdGlvbnMgPSBsdC5tZXRhZGF0YU9wdGlvbnNJbnB1dDtcbiAgICAvLyAvLyBtZXRhRGF0YU9wdGlvbnMgaXMgQ29tcGxleExpc3RPYmplY3QgYW5kIGNhbiBuZXZlciBiZSBhIHRva2VuXG4gICAgLy8gaWYgKFRva2VuaXphdGlvbi5pc1Jlc29sdmFibGUobWV0YWRhdGFPcHRpb25zKSkge1xuICAgIC8vICAgdGhpcy53YXJuKG5vZGUsIFwiTGF1bmNoVGVtcGxhdGVEYXRhLk1ldGFkYXRhT3B0aW9ucyBpcyBhIENESyB0b2tlbi5cIik7XG4gICAgLy8gICByZXR1cm47XG4gICAgLy8gfVxuXG4gICAgbHQucHV0TWV0YWRhdGFPcHRpb25zKHtcbiAgICAgIC4uLm1ldGFkYXRhT3B0aW9ucyxcbiAgICAgIGh0dHBUb2tlbnM6IFwicmVxdWlyZWRcIixcbiAgICB9KTtcbiAgfVxufVxuIl19

package/lib/aws/compute/bastion-host.d.ts

@@ -0,0 +1,172 @@
+import { Construct } from "constructs";
+import { InstanceType } from ".";
+import { Connections } from "./connections";
+import { IInstance, Instance, InstanceOutputs } from "./instance";
+import { IMachineImage } from "./machine-image";
+import { IPeer } from "./peer";
+import { ISecurityGroup } from "./security-group";
+import { BlockDevice } from "./volume";
+import { IVpc, SubnetSelection } from "./vpc";
+import { AwsConstructBase } from "../aws-construct";
+import { AwsStack } from "../aws-stack";
+import { IPrincipal, IRole } from "../iam";
+/**
+ * Properties of the bastion host
+ *
+ *
+ */
+export interface BastionHostLinuxProps {
+    /**
+     * In which AZ to place the instance within the VPC
+     *
+     * @default - Random zone.
+     */
+    readonly availabilityZone?: string;
+    /**
+     * VPC to launch the instance in.
+     */
+    readonly vpc: IVpc;
+    /**
+     * The name of the instance
+     *
+     * @default 'BastionHost'
+     */
+    readonly instanceName?: string;
+    /**
+     * Select the subnets to run the bastion host in.
+     * Set this to PUBLIC if you need to connect to this instance via the internet and cannot use SSM.
+     * You have to allow port 22 manually by using the connections field
+     *
+     * @default - private subnets of the supplied VPC
+     */
+    readonly subnetSelection?: SubnetSelection;
+    /**
+     * Security Group to assign to this instance
+     *
+     * @default - create new security group with no inbound and all outbound traffic allowed
+     */
+    readonly securityGroup?: ISecurityGroup;
+    /**
+     * Type of instance to launch
+     * @default 't3.nano'
+     */
+    readonly instanceType?: InstanceType;
+    /**
+     * The machine image to use, assumed to have SSM Agent preinstalled.
+     *
+     * @default - An Amazon Linux 2023 image if the `@aws-cdk/aws-ec2:bastionHostUseAmazonLinux2023ByDefault` feature flag is enabled. Otherwise, an Amazon Linux 2 image. In both cases, the image is kept up-to-date automatically (the instance
+     * may be replaced on every deployment) and already has SSM Agent installed.
+     */
+    readonly machineImage?: IMachineImage;
+    /**
+     * Specifies how block devices are exposed to the instance. You can specify virtual devices and EBS volumes.
+     *
+     * Each instance that is launched has an associated root device volume,
+     * either an Amazon EBS volume or an instance store volume.
+     * You can use block device mappings to specify additional EBS volumes or
+     * instance store volumes to attach to an instance when it is launched.
+     *
+     * @see https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/block-device-mapping-concepts.html
+     *
+     * @default - Uses the block device mapping of the AMI
+     */
+    readonly blockDevices?: BlockDevice[];
+    /**
+     * Whether IMDSv2 should be required on this instance
+     *
+     * @default - false
+     */
+    readonly requireImdsv2?: boolean;
+    /**
+     * Determines whether changes to the UserData will force instance replacement.
+     *
+     * Depending on the EC2 instance type, modifying the UserData may either restart
+     * or replace the instance:
+     *
+     * - Instance store-backed instances are replaced.
+     * - EBS-backed instances are restarted.
+     *
+     * Note that by default, restarting does not execute the updated UserData, so an alternative
+     * mechanism is needed to ensure the instance re-executes the UserData.
+     *
+     * When set to `true`, the instance's Logical ID will depend on the UserData, causing
+     * CloudFormation to replace the instance if the UserData changes.
+     *
+     * @default - `true` if `initOptions` is specified, otherwise `false`.
+     */
+    readonly userDataCausesReplacement?: boolean;
+}
+/**
+ * This creates a linux bastion host you can use to connect to other instances or services in your VPC.
+ * The recommended way to connect to the bastion host is by using AWS Systems Manager Session Manager.
+ *
+ * The operating system is Amazon Linux 2 with the latest SSM agent installed
+ *
+ * You can also configure this bastion host to allow connections via SSH
+ *
+ *
+ * @resource aws_instance
+ */
+export declare class BastionHostLinux extends AwsConstructBase implements IInstance {
+    get instanceOutputs(): InstanceOutputs;
+    get outputs(): Record<string, any>;
+    readonly stack: AwsStack;
+    /**
+     * Allows specify security group connections for the instance.
+     */
+    readonly connections: Connections;
+    /**
+     * The IAM role assumed by the instance.
+     */
+    readonly role: IRole;
+    /**
+     * The principal to grant permissions to
+     */
+    readonly grantPrincipal: IPrincipal;
+    /**
+     * The underlying instance resource
+     */
+    readonly instance: Instance;
+    /**
+     * @attribute
+     */
+    readonly instanceId: string;
+    /**
+     * @attribute
+     */
+    readonly instanceAvailabilityZone: string;
+    /**
+     * @attribute
+     */
+    readonly instancePrivateDnsName: string;
+    /**
+     * @attribute
+     */
+    readonly instancePrivateIp: string;
+    /**
+     * @attribute
+     */
+    readonly instancePublicDnsName: string;
+    /**
+     * @attribute
+     */
+    readonly instancePublicIp: string;
+    constructor(scope: Construct, id: string, props: BastionHostLinuxProps);
+    /**
+     * Returns the AmazonLinuxCpuType corresponding to the given instance architecture
+     * @param architecture the instance architecture value to convert
+     */
+    private toAmazonLinuxCpuType;
+    /**
+     * Allow SSH access from the given peer or peers
+     *
+     * Necessary if you want to connect to the instance using ssh. If not
+     * called, you should use SSM Session Manager to connect to the instance.
+     */
+    allowSshAccessFrom(...peer: IPeer[]): void;
+    /**
+     * Returns the machine image to use for the bastion host, respecting the feature flag
+     * to default to Amazon Linux 2023 if enabled, otherwise defaulting to Amazon Linux 2.
+     */
+    private getMachineImage;
+}

package/lib/aws/compute/bastion-host.js

@@ -0,0 +1,114 @@
+"use strict";
+var _a;
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.BastionHostLinux = void 0;
+const JSII_RTTI_SYMBOL_1 = Symbol.for("jsii.rtti");
+// https://github.com/aws/aws-cdk/blob/v2.175.1/packages/aws-cdk-lib/aws-ec2/lib/bastion-host.ts
+const cdktf_1 = require("cdktf");
+const _1 = require(".");
+const instance_1 = require("./instance");
+const machine_image_1 = require("./machine-image");
+const port_1 = require("./port");
+const aws_construct_1 = require("../aws-construct");
+const aws_stack_1 = require("../aws-stack");
+const iam_1 = require("../iam");
+/**
+ * This creates a linux bastion host you can use to connect to other instances or services in your VPC.
+ * The recommended way to connect to the bastion host is by using AWS Systems Manager Session Manager.
+ *
+ * The operating system is Amazon Linux 2 with the latest SSM agent installed
+ *
+ * You can also configure this bastion host to allow connections via SSH
+ *
+ *
+ * @resource aws_instance
+ */
+class BastionHostLinux extends aws_construct_1.AwsConstructBase {
+    get instanceOutputs() {
+        return {
+            instanceId: this.instanceId,
+        };
+    }
+    get outputs() {
+        return this.instanceOutputs;
+    }
+    constructor(scope, id, props) {
+        super(scope, id);
+        this.stack = aws_stack_1.AwsStack.ofAwsConstruct(scope);
+        const instanceType = props.instanceType ??
+            _1.InstanceType.of(_1.InstanceClass.T3, _1.InstanceSize.NANO);
+        this.instance = new instance_1.Instance(this, "Resource", {
+            vpc: props.vpc,
+            availabilityZone: props.availabilityZone,
+            securityGroup: props.securityGroup,
+            instanceName: props.instanceName ?? "BastionHost",
+            instanceType,
+            machineImage: this.getMachineImage(this, instanceType, props),
+            vpcSubnets: props.subnetSelection ?? {},
+            blockDevices: props.blockDevices ?? undefined,
+            // init: props.init,
+            // initOptions: props.initOptions,
+            requireImdsv2: props.requireImdsv2 ?? false,
+            userDataCausesReplacement: props.userDataCausesReplacement,
+        });
+        this.instance.addToRolePolicy(new iam_1.PolicyStatement({
+            actions: [
+                "ssmmessages:*",
+                "ssm:UpdateInstanceInformation",
+                "ec2messages:*",
+            ],
+            resources: ["*"],
+        }));
+        this.connections = this.instance.connections;
+        this.role = this.instance.role;
+        this.grantPrincipal = this.instance.role;
+        this.instanceId = this.instance.instanceId;
+        this.instancePrivateIp = this.instance.instancePrivateIp;
+        this.instanceAvailabilityZone = this.instance.instanceAvailabilityZone;
+        this.instancePrivateDnsName = this.instance.instancePrivateDnsName;
+        this.instancePublicIp = this.instance.instancePublicIp;
+        this.instancePublicDnsName = this.instance.instancePublicDnsName;
+        new cdktf_1.TerraformOutput(this, "BastionHostId", {
+            description: "Instance ID of the bastion host. Use this to connect via SSM Session Manager",
+            value: this.instanceId,
+        });
+    }
+    /**
+     * Returns the AmazonLinuxCpuType corresponding to the given instance architecture
+     * @param architecture the instance architecture value to convert
+     */
+    toAmazonLinuxCpuType(architecture) {
+        if (architecture === _1.InstanceArchitecture.ARM_64) {
+            return machine_image_1.AmazonLinuxCpuType.ARM_64;
+        }
+        else if (architecture === _1.InstanceArchitecture.X86_64) {
+            return machine_image_1.AmazonLinuxCpuType.X86_64;
+        }
+        throw new Error(`Unsupported instance architecture '${architecture}'`);
+    }
+    /**
+     * Allow SSH access from the given peer or peers
+     *
+     * Necessary if you want to connect to the instance using ssh. If not
+     * called, you should use SSM Session Manager to connect to the instance.
+     */
+    allowSshAccessFrom(...peer) {
+        peer.forEach((p) => {
+            this.connections.allowFrom(p, port_1.Port.tcp(22), "SSH access");
+        });
+    }
+    /**
+     * Returns the machine image to use for the bastion host, respecting the feature flag
+     * to default to Amazon Linux 2023 if enabled, otherwise defaulting to Amazon Linux 2.
+     */
+    getMachineImage(_scope, instanceType, props) {
+        const defaultMachineImage = machine_image_1.MachineImage.latestAmazonLinux2023({
+            cpuType: this.toAmazonLinuxCpuType(instanceType.architecture),
+        });
+        return props.machineImage ?? defaultMachineImage;
+    }
+}
+exports.BastionHostLinux = BastionHostLinux;
+_a = JSII_RTTI_SYMBOL_1;
+BastionHostLinux[_a] = { fqn: "terraconstructs.aws.compute.BastionHostLinux", version: "0.0.12" };
+//# sourceMappingURL=data:application/json;base64,eyJ2ZXJzaW9uIjozLCJmaWxlIjoiYmFzdGlvbi1ob3N0LmpzIiwic291cmNlUm9vdCI6IiIsInNvdXJjZXMiOlsiLi4vLi4vLi4vc3JjL2F3cy9jb21wdXRlL2Jhc3Rpb24taG9zdC50cyJdLCJuYW1lcyI6W10sIm1hcHBpbmdzIjoiOzs7OztBQUFBLGdHQUFnRztBQUVoRyxpQ0FBd0M7QUFFeEMsd0JBS1c7QUFHWCx5Q0FLb0I7QUFDcEIsbURBSXlCO0FBRXpCLGlDQUE4QjtBQUk5QixvREFBb0Q7QUFDcEQsNENBQXdDO0FBQ3hDLGdDQUE0RDtBQWtINUQ7Ozs7Ozs7Ozs7R0FVRztBQUNILE1BQWEsZ0JBQWlCLFNBQVEsZ0NBQWdCO0lBQ3BELElBQVcsZUFBZTtRQUN4QixPQUFPO1lBQ0wsVUFBVSxFQUFFLElBQUksQ0FBQyxVQUFVO1NBQzVCLENBQUM7SUFDSixDQUFDO0lBQ0QsSUFBVyxPQUFPO1FBQ2hCLE9BQU8sSUFBSSxDQUFDLGVBQWUsQ0FBQztJQUM5QixDQUFDO0lBc0RELFlBQVksS0FBZ0IsRUFBRSxFQUFVLEVBQUUsS0FBNEI7UUFDcEUsS0FBSyxDQUFDLEtBQUssRUFBRSxFQUFFLENBQUMsQ0FBQztRQUNqQixJQUFJLENBQUMsS0FBSyxHQUFHLG9CQUFRLENBQUMsY0FBYyxDQUFDLEtBQUssQ0FBQyxDQUFDO1FBQzVDLE1BQU0sWUFBWSxHQUNoQixLQUFLLENBQUMsWUFBWTtZQUNsQixlQUFZLENBQUMsRUFBRSxDQUFDLGdCQUFhLENBQUMsRUFBRSxFQUFFLGVBQVksQ0FBQyxJQUFJLENBQUMsQ0FBQztRQUN2RCxJQUFJLENBQUMsUUFBUSxHQUFHLElBQUksbUJBQVEsQ0FBQyxJQUFJLEVBQUUsVUFBVSxFQUFFO1lBQzdDLEdBQUcsRUFBRSxLQUFLLENBQUMsR0FBRztZQUNkLGdCQUFnQixFQUFFLEtBQUssQ0FBQyxnQkFBZ0I7WUFDeEMsYUFBYSxFQUFFLEtBQUssQ0FBQyxhQUFhO1lBQ2xDLFlBQVksRUFBRSxLQUFLLENBQUMsWUFBWSxJQUFJLGFBQWE7WUFDakQsWUFBWTtZQUNaLFlBQVksRUFBRSxJQUFJLENBQUMsZUFBZSxDQUFDLElBQUksRUFBRSxZQUFZLEVBQUUsS0FBSyxDQUFDO1lBQzdELFVBQVUsRUFBRSxLQUFLLENBQUMsZUFBZSxJQUFJLEVBQUU7WUFDdkMsWUFBWSxFQUFFLEtBQUssQ0FBQyxZQUFZLElBQUksU0FBUztZQUM3QyxvQkFBb0I7WUFDcEIsa0NBQWtDO1lBQ2xDLGFBQWEsRUFBRSxLQUFLLENBQUMsYUFBYSxJQUFJLEtBQUs7WUFDM0MseUJBQXlCLEVBQUUsS0FBSyxDQUFDLHlCQUF5QjtTQUMzRCxDQUFDLENBQUM7UUFDSCxJQUFJLENBQUMsUUFBUSxDQUFDLGVBQWUsQ0FDM0IsSUFBSSxxQkFBZSxDQUFDO1lBQ2xCLE9BQU8sRUFBRTtnQkFDUCxlQUFlO2dCQUNmLCtCQUErQjtnQkFDL0IsZUFBZTthQUNoQjtZQUNELFNBQVMsRUFBRSxDQUFDLEdBQUcsQ0FBQztTQUNqQixDQUFDLENBQ0gsQ0FBQztRQUNGLElBQUksQ0FBQyxXQUFXLEdBQUcsSUFBSSxDQUFDLFFBQVEsQ0FBQyxXQUFXLENBQUM7UUFDN0MsSUFBSSxDQUFDLElBQUksR0FBRyxJQUFJLENBQUMsUUFBUSxDQUFDLElBQUksQ0FBQztRQUMvQixJQUFJLENBQUMsY0FBYyxHQUFHLElBQUksQ0FBQyxRQUFRLENBQUMsSUFBSSxDQUFDO1FBQ3pDLElBQUksQ0FBQyxVQUFVLEdBQUcsSUFBSSxDQUFDLFFBQVEsQ0FBQyxVQUFVLENBQUM7UUFDM0MsSUFBSSxDQUFDLGlCQUFpQixHQUFHLElBQUksQ0FBQyxRQUFRLENBQUMsaUJBQWlCLENBQUM7UUFDekQsSUFBSSxDQUFDLHdCQUF3QixHQUFHLElBQUksQ0FBQyxRQUFRLENBQUMsd0JBQXdCLENBQUM7UUFDdkUsSUFBSSxDQUFDLHNCQUFzQixHQUFHLElBQUksQ0FBQyxRQUFRLENBQUMsc0JBQXNCLENBQUM7UUFDbkUsSUFBSSxDQUFDLGdCQUFnQixHQUFHLElBQUksQ0FBQyxRQUFRLENBQUMsZ0JBQWdCLENBQUM7UUFDdkQsSUFBSSxDQUFDLHFCQUFxQixHQUFHLElBQUksQ0FBQyxRQUFRLENBQUMscUJBQXFCLENBQUM7UUFFakUsSUFBSSx1QkFBZSxDQUFDLElBQUksRUFBRSxlQUFlLEVBQUU7WUFDekMsV0FBVyxFQUNULDhFQUE4RTtZQUNoRixLQUFLLEVBQUUsSUFBSSxDQUFDLFVBQVU7U0FDdkIsQ0FBQyxDQUFDO0lBQ0wsQ0FBQztJQUVEOzs7T0FHRztJQUNLLG9CQUFvQixDQUMxQixZQUFrQztRQUVsQyxJQUFJLFlBQVksS0FBSyx1QkFBb0IsQ0FBQyxNQUFNLEVBQUUsQ0FBQztZQUNqRCxPQUFPLGtDQUFrQixDQUFDLE1BQU0sQ0FBQztRQUNuQyxDQUFDO2FBQU0sSUFBSSxZQUFZLEtBQUssdUJBQW9CLENBQUMsTUFBTSxFQUFFLENBQUM7WUFDeEQsT0FBTyxrQ0FBa0IsQ0FBQyxNQUFNLENBQUM7UUFDbkMsQ0FBQztRQUVELE1BQU0sSUFBSSxLQUFLLENBQUMsc0NBQXNDLFlBQVksR0FBRyxDQUFDLENBQUM7SUFDekUsQ0FBQztJQUVEOzs7OztPQUtHO0lBQ0ksa0JBQWtCLENBQUMsR0FBRyxJQUFhO1FBQ3hDLElBQUksQ0FBQyxPQUFPLENBQUMsQ0FBQyxDQUFDLEVBQUUsRUFBRTtZQUNqQixJQUFJLENBQUMsV0FBVyxDQUFDLFNBQVMsQ0FBQyxDQUFDLEVBQUUsV0FBSSxDQUFDLEdBQUcsQ0FBQyxFQUFFLENBQUMsRUFBRSxZQUFZLENBQUMsQ0FBQztRQUM1RCxDQUFDLENBQUMsQ0FBQztJQUNMLENBQUM7SUFFRDs7O09BR0c7SUFDSyxlQUFlLENBQ3JCLE1BQWlCLEVBQ2pCLFlBQTBCLEVBQzFCLEtBQTRCO1FBRTVCLE1BQU0sbUJBQW1CLEdBQUcsNEJBQVksQ0FBQyxxQkFBcUIsQ0FBQztZQUM3RCxPQUFPLEVBQUUsSUFBSSxDQUFDLG9CQUFvQixDQUFDLFlBQVksQ0FBQyxZQUFZLENBQUM7U0FDOUQsQ0FBQyxDQUFDO1FBQ0gsT0FBTyxLQUFLLENBQUMsWUFBWSxJQUFJLG1CQUFtQixDQUFDO0lBQ25ELENBQUM7O0FBdEpILDRDQXVKQyIsInNvdXJjZXNDb250ZW50IjpbIi8vIGh0dHBzOi8vZ2l0aHViLmNvbS9hd3MvYXdzLWNkay9ibG9iL3YyLjE3NS4xL3BhY2thZ2VzL2F3cy1jZGstbGliL2F3cy1lYzIvbGliL2Jhc3Rpb24taG9zdC50c1xuXG5pbXBvcnQgeyBUZXJyYWZvcm1PdXRwdXQgfSBmcm9tIFwiY2RrdGZcIjtcbmltcG9ydCB7IENvbnN0cnVjdCB9IGZyb20gXCJjb25zdHJ1Y3RzXCI7XG5pbXBvcnQge1xuICBJbnN0YW5jZUFyY2hpdGVjdHVyZSxcbiAgSW5zdGFuY2VDbGFzcyxcbiAgSW5zdGFuY2VTaXplLFxuICBJbnN0YW5jZVR5cGUsXG59IGZyb20gXCIuXCI7XG4vLyBpbXBvcnQgeyBDbG91ZEZvcm1hdGlvbkluaXQgfSBmcm9tIFwiLi9jZm4taW5pdFwiO1xuaW1wb3J0IHsgQ29ubmVjdGlvbnMgfSBmcm9tIFwiLi9jb25uZWN0aW9uc1wiO1xuaW1wb3J0IHtcbiAgLy8gQXBwbHlDbG91ZEZvcm1hdGlvbkluaXRPcHRpb25zLFxuICBJSW5zdGFuY2UsXG4gIEluc3RhbmNlLFxuICBJbnN0YW5jZU91dHB1dHMsXG59IGZyb20gXCIuL2luc3RhbmNlXCI7XG5pbXBvcnQge1xuICBBbWF6b25MaW51eENwdVR5cGUsXG4gIElNYWNoaW5lSW1hZ2UsXG4gIE1hY2hpbmVJbWFnZSxcbn0gZnJvbSBcIi4vbWFjaGluZS1pbWFnZVwiO1xuaW1wb3J0IHsgSVBlZXIgfSBmcm9tIFwiLi9wZWVyXCI7XG5pbXBvcnQgeyBQb3J0IH0gZnJvbSBcIi4vcG9ydFwiO1xuaW1wb3J0IHsgSVNlY3VyaXR5R3JvdXAgfSBmcm9tIFwiLi9zZWN1cml0eS1ncm91cFwiO1xuaW1wb3J0IHsgQmxvY2tEZXZpY2UgfSBmcm9tIFwiLi92b2x1bWVcIjtcbmltcG9ydCB7IElWcGMsIFN1Ym5ldFNlbGVjdGlvbiB9IGZyb20gXCIuL3ZwY1wiO1xuaW1wb3J0IHsgQXdzQ29uc3RydWN0QmFzZSB9IGZyb20gXCIuLi9hd3MtY29uc3RydWN0XCI7XG5pbXBvcnQgeyBBd3NTdGFjayB9IGZyb20gXCIuLi9hd3Mtc3RhY2tcIjtcbmltcG9ydCB7IElQcmluY2lwYWwsIElSb2xlLCBQb2xpY3lTdGF0ZW1lbnQgfSBmcm9tIFwiLi4vaWFtXCI7XG5cbi8qKlxuICogUHJvcGVydGllcyBvZiB0aGUgYmFzdGlvbiBob3N0XG4gKlxuICpcbiAqL1xuZXhwb3J0IGludGVyZmFjZSBCYXN0aW9uSG9zdExpbnV4UHJvcHMge1xuICAvKipcbiAgICogSW4gd2hpY2ggQVogdG8gcGxhY2UgdGhlIGluc3RhbmNlIHdpdGhpbiB0aGUgVlBDXG4gICAqXG4gICAqIEBkZWZhdWx0IC0gUmFuZG9tIHpvbmUuXG4gICAqL1xuICByZWFkb25seSBhdmFpbGFiaWxpdHlab25lPzogc3RyaW5nO1xuXG4gIC8qKlxuICAgKiBWUEMgdG8gbGF1bmNoIHRoZSBpbnN0YW5jZSBpbi5cbiAgICovXG4gIHJlYWRvbmx5IHZwYzogSVZwYztcblxuICAvKipcbiAgICogVGhlIG5hbWUgb2YgdGhlIGluc3RhbmNlXG4gICAqXG4gICAqIEBkZWZhdWx0ICdCYXN0aW9uSG9zdCdcbiAgICovXG4gIHJlYWRvbmx5IGluc3RhbmNlTmFtZT86IHN0cmluZztcblxuICAvKipcbiAgICogU2VsZWN0IHRoZSBzdWJuZXRzIHRvIHJ1biB0aGUgYmFzdGlvbiBob3N0IGluLlxuICAgKiBTZXQgdGhpcyB0byBQVUJMSUMgaWYgeW91IG5lZWQgdG8gY29ubmVjdCB0byB0aGlzIGluc3RhbmNlIHZpYSB0aGUgaW50ZXJuZXQgYW5kIGNhbm5vdCB1c2UgU1NNLlxuICAgKiBZb3UgaGF2ZSB0byBhbGxvdyBwb3J0IDIyIG1hbnVhbGx5IGJ5IHVzaW5nIHRoZSBjb25uZWN0aW9ucyBmaWVsZFxuICAgKlxuICAgKiBAZGVmYXVsdCAtIHByaXZhdGUgc3VibmV0cyBvZiB0aGUgc3VwcGxpZWQgVlBDXG4gICAqL1xuICByZWFkb25seSBzdWJuZXRTZWxlY3Rpb24/OiBTdWJuZXRTZWxlY3Rpb247XG5cbiAgLyoqXG4gICAqIFNlY3VyaXR5IEdyb3VwIHRvIGFzc2lnbiB0byB0aGlzIGluc3RhbmNlXG4gICAqXG4gICAqIEBkZWZhdWx0IC0gY3JlYXRlIG5ldyBzZWN1cml0eSBncm91cCB3aXRoIG5vIGluYm91bmQgYW5kIGFsbCBvdXRib3VuZCB0cmFmZmljIGFsbG93ZWRcbiAgICovXG4gIHJlYWRvbmx5IHNlY3VyaXR5R3JvdXA/OiBJU2VjdXJpdHlHcm91cDtcblxuICAvKipcbiAgICogVHlwZSBvZiBpbnN0YW5jZSB0byBsYXVuY2hcbiAgICogQGRlZmF1bHQgJ3QzLm5hbm8nXG4gICAqL1xuICByZWFkb25seSBpbnN0YW5jZVR5cGU/OiBJbnN0YW5jZVR5cGU7XG5cbiAgLyoqXG4gICAqIFRoZSBtYWNoaW5lIGltYWdlIHRvIHVzZSwgYXNzdW1lZCB0byBoYXZlIFNTTSBBZ2VudCBwcmVpbnN0YWxsZWQuXG4gICAqXG4gICAqIEBkZWZhdWx0IC0gQW4gQW1hem9uIExpbnV4IDIwMjMgaW1hZ2UgaWYgdGhlIGBAYXdzLWNkay9hd3MtZWMyOmJhc3Rpb25Ib3N0VXNlQW1hem9uTGludXgyMDIzQnlEZWZhdWx0YCBmZWF0dXJlIGZsYWcgaXMgZW5hYmxlZC4gT3RoZXJ3aXNlLCBhbiBBbWF6b24gTGludXggMiBpbWFnZS4gSW4gYm90aCBjYXNlcywgdGhlIGltYWdlIGlzIGtlcHQgdXAtdG8tZGF0ZSBhdXRvbWF0aWNhbGx5ICh0aGUgaW5zdGFuY2VcbiAgICogbWF5IGJlIHJlcGxhY2VkIG9uIGV2ZXJ5IGRlcGxveW1lbnQpIGFuZCBhbHJlYWR5IGhhcyBTU00gQWdlbnQgaW5zdGFsbGVkLlxuICAgKi9cbiAgcmVhZG9ubHkgbWFjaGluZUltYWdlPzogSU1hY2hpbmVJbWFnZTtcblxuICAvKipcbiAgICogU3BlY2lmaWVzIGhvdyBibG9jayBkZXZpY2VzIGFyZSBleHBvc2VkIHRvIHRoZSBpbnN0YW5jZS4gWW91IGNhbiBzcGVjaWZ5IHZpcnR1YWwgZGV2aWNlcyBhbmQgRUJTIHZvbHVtZXMuXG4gICAqXG4gICAqIEVhY2ggaW5zdGFuY2UgdGhhdCBpcyBsYXVuY2hlZCBoYXMgYW4gYXNzb2NpYXRlZCByb290IGRldmljZSB2b2x1bWUsXG4gICAqIGVpdGhlciBhbiBBbWF6b24gRUJTIHZvbHVtZSBvciBhbiBpbnN0YW5jZSBzdG9yZSB2b2x1bWUuXG4gICAqIFlvdSBjYW4gdXNlIGJsb2NrIGRldmljZSBtYXBwaW5ncyB0byBzcGVjaWZ5IGFkZGl0aW9uYWwgRUJTIHZvbHVtZXMgb3JcbiAgICogaW5zdGFuY2Ugc3RvcmUgdm9sdW1lcyB0byBhdHRhY2ggdG8gYW4gaW5zdGFuY2Ugd2hlbiBpdCBpcyBsYXVuY2hlZC5cbiAgICpcbiAgICogQHNlZSBodHRwczovL2RvY3MuYXdzLmFtYXpvbi5jb20vQVdTRUMyL2xhdGVzdC9Vc2VyR3VpZGUvYmxvY2stZGV2aWNlLW1hcHBpbmctY29uY2VwdHMuaHRtbFxuICAgKlxuICAgKiBAZGVmYXVsdCAtIFVzZXMgdGhlIGJsb2NrIGRldmljZSBtYXBwaW5nIG9mIHRoZSBBTUlcbiAgICovXG4gIHJlYWRvbmx5IGJsb2NrRGV2aWNlcz86IEJsb2NrRGV2aWNlW107XG5cbiAgLy8gLyoqXG4gIC8vICAqIEFwcGx5IHRoZSBnaXZlbiBDbG91ZEZvcm1hdGlvbiBJbml0IGNvbmZpZ3VyYXRpb24gdG8gdGhlIGluc3RhbmNlIGF0IHN0YXJ0dXBcbiAgLy8gICpcbiAgLy8gICogQGRlZmF1bHQgLSBubyBDbG91ZEZvcm1hdGlvbiBpbml0XG4gIC8vICAqL1xuICAvLyByZWFkb25seSBpbml0PzogQ2xvdWRGb3JtYXRpb25Jbml0O1xuXG4gIC8vIC8qKlxuICAvLyAgKiBVc2UgdGhlIGdpdmVuIG9wdGlvbnMgZm9yIGFwcGx5aW5nIENsb3VkRm9ybWF0aW9uIEluaXRcbiAgLy8gICpcbiAgLy8gICogRGVzY3JpYmVzIHRoZSBjb25maWdzZXRzIHRvIHVzZSBhbmQgdGhlIHRpbWVvdXQgdG8gd2FpdFxuICAvLyAgKlxuICAvLyAgKiBAZGVmYXVsdCAtIGRlZmF1bHQgb3B0aW9uc1xuICAvLyAgKi9cbiAgLy8gcmVhZG9ubHkgaW5pdE9wdGlvbnM/OiBBcHBseUNsb3VkRm9ybWF0aW9uSW5pdE9wdGlvbnM7XG5cbiAgLyoqXG4gICAqIFdoZXRoZXIgSU1EU3YyIHNob3VsZCBiZSByZXF1aXJlZCBvbiB0aGlzIGluc3RhbmNlXG4gICAqXG4gICAqIEBkZWZhdWx0IC0gZmFsc2VcbiAgICovXG4gIHJlYWRvbmx5IHJlcXVpcmVJbWRzdjI/OiBib29sZWFuO1xuXG4gIC8qKlxuICAgKiBEZXRlcm1pbmVzIHdoZXRoZXIgY2hhbmdlcyB0byB0aGUgVXNlckRhdGEgd2lsbCBmb3JjZSBpbnN0YW5jZSByZXBsYWNlbWVudC5cbiAgICpcbiAgICogRGVwZW5kaW5nIG9uIHRoZSBFQzIgaW5zdGFuY2UgdHlwZSwgbW9kaWZ5aW5nIHRoZSBVc2VyRGF0YSBtYXkgZWl0aGVyIHJlc3RhcnRcbiAgICogb3IgcmVwbGFjZSB0aGUgaW5zdGFuY2U6XG4gICAqXG4gICAqIC0gSW5zdGFuY2Ugc3RvcmUtYmFja2VkIGluc3RhbmNlcyBhcmUgcmVwbGFjZWQuXG4gICAqIC0gRUJTLWJhY2tlZCBpbnN0YW5jZXMgYXJlIHJlc3RhcnRlZC5cbiAgICpcbiAgICogTm90ZSB0aGF0IGJ5IGRlZmF1bHQsIHJlc3RhcnRpbmcgZG9lcyBub3QgZXhlY3V0ZSB0aGUgdXBkYXRlZCBVc2VyRGF0YSwgc28gYW4gYWx0ZXJuYXRpdmVcbiAgICogbWVjaGFuaXNtIGlzIG5lZWRlZCB0byBlbnN1cmUgdGhlIGluc3RhbmNlIHJlLWV4ZWN1dGVzIHRoZSBVc2VyRGF0YS5cbiAgICpcbiAgICogV2hlbiBzZXQgdG8gYHRydWVgLCB0aGUgaW5zdGFuY2UncyBMb2dpY2FsIElEIHdpbGwgZGVwZW5kIG9uIHRoZSBVc2VyRGF0YSwgY2F1c2luZ1xuICAgKiBDbG91ZEZvcm1hdGlvbiB0byByZXBsYWNlIHRoZSBpbnN0YW5jZSBpZiB0aGUgVXNlckRhdGEgY2hhbmdlcy5cbiAgICpcbiAgICogQGRlZmF1bHQgLSBgdHJ1ZWAgaWYgYGluaXRPcHRpb25zYCBpcyBzcGVjaWZpZWQsIG90aGVyd2lzZSBgZmFsc2VgLlxuICAgKi9cbiAgcmVhZG9ubHkgdXNlckRhdGFDYXVzZXNSZXBsYWNlbWVudD86IGJvb2xlYW47XG59XG5cbi8qKlxuICogVGhpcyBjcmVhdGVzIGEgbGludXggYmFzdGlvbiBob3N0IHlvdSBjYW4gdXNlIHRvIGNvbm5lY3QgdG8gb3RoZXIgaW5zdGFuY2VzIG9yIHNlcnZpY2VzIGluIHlvdXIgVlBDLlxuICogVGhlIHJlY29tbWVuZGVkIHdheSB0byBjb25uZWN0IHRvIHRoZSBiYXN0aW9uIGhvc3QgaXMgYnkgdXNpbmcgQVdTIFN5c3RlbXMgTWFuYWdlciBTZXNzaW9uIE1hbmFnZXIuXG4gKlxuICogVGhlIG9wZXJhdGluZyBzeXN0ZW0gaXMgQW1hem9uIExpbnV4IDIgd2l0aCB0aGUgbGF0ZXN0IFNTTSBhZ2VudCBpbnN0YWxsZWRcbiAqXG4gKiBZb3UgY2FuIGFsc28gY29uZmlndXJlIHRoaXMgYmFzdGlvbiBob3N0IHRvIGFsbG93IGNvbm5lY3Rpb25zIHZpYSBTU0hcbiAqXG4gKlxuICogQHJlc291cmNlIGF3c19pbnN0YW5jZVxuICovXG5leHBvcnQgY2xhc3MgQmFzdGlvbkhvc3RMaW51eCBleHRlbmRzIEF3c0NvbnN0cnVjdEJhc2UgaW1wbGVtZW50cyBJSW5zdGFuY2Uge1xuICBwdWJsaWMgZ2V0IGluc3RhbmNlT3V0cHV0cygpOiBJbnN0YW5jZU91dHB1dHMge1xuICAgIHJldHVybiB7XG4gICAgICBpbnN0YW5jZUlkOiB0aGlzLmluc3RhbmNlSWQsXG4gICAgfTtcbiAgfVxuICBwdWJsaWMgZ2V0IG91dHB1dHMoKTogUmVjb3JkPHN0cmluZywgYW55PiB7XG4gICAgcmV0dXJuIHRoaXMuaW5zdGFuY2VPdXRwdXRzO1xuICB9XG5cbiAgcHVibGljIHJlYWRvbmx5IHN0YWNrOiBBd3NTdGFjaztcblxuICAvKipcbiAgICogQWxsb3dzIHNwZWNpZnkgc2VjdXJpdHkgZ3JvdXAgY29ubmVjdGlvbnMgZm9yIHRoZSBpbnN0YW5jZS5cbiAgICovXG4gIHB1YmxpYyByZWFkb25seSBjb25uZWN0aW9uczogQ29ubmVjdGlvbnM7XG5cbiAgLyoqXG4gICAqIFRoZSBJQU0gcm9sZSBhc3N1bWVkIGJ5IHRoZSBpbnN0YW5jZS5cbiAgICovXG4gIHB1YmxpYyByZWFkb25seSByb2xlOiBJUm9sZTtcblxuICAvKipcbiAgICogVGhlIHByaW5jaXBhbCB0byBncmFudCBwZXJtaXNzaW9ucyB0b1xuICAgKi9cbiAgcHVibGljIHJlYWRvbmx5IGdyYW50UHJpbmNpcGFsOiBJUHJpbmNpcGFsO1xuXG4gIC8qKlxuICAgKiBUaGUgdW5kZXJseWluZyBpbnN0YW5jZSByZXNvdXJjZVxuICAgKi9cbiAgcHVibGljIHJlYWRvbmx5IGluc3RhbmNlOiBJbnN0YW5jZTtcblxuICAvKipcbiAgICogQGF0dHJpYnV0ZVxuICAgKi9cbiAgcHVibGljIHJlYWRvbmx5IGluc3RhbmNlSWQ6IHN0cmluZztcblxuICAvKipcbiAgICogQGF0dHJpYnV0ZVxuICAgKi9cbiAgcHVibGljIHJlYWRvbmx5IGluc3RhbmNlQXZhaWxhYmlsaXR5Wm9uZTogc3RyaW5nO1xuXG4gIC8qKlxuICAgKiBAYXR0cmlidXRlXG4gICAqL1xuICBwdWJsaWMgcmVhZG9ubHkgaW5zdGFuY2VQcml2YXRlRG5zTmFtZTogc3RyaW5nO1xuXG4gIC8qKlxuICAgKiBAYXR0cmlidXRlXG4gICAqL1xuICBwdWJsaWMgcmVhZG9ubHkgaW5zdGFuY2VQcml2YXRlSXA6IHN0cmluZztcblxuICAvKipcbiAgICogQGF0dHJpYnV0ZVxuICAgKi9cbiAgcHVibGljIHJlYWRvbmx5IGluc3RhbmNlUHVibGljRG5zTmFtZTogc3RyaW5nO1xuXG4gIC8qKlxuICAgKiBAYXR0cmlidXRlXG4gICAqL1xuICBwdWJsaWMgcmVhZG9ubHkgaW5zdGFuY2VQdWJsaWNJcDogc3RyaW5nO1xuXG4gIGNvbnN0cnVjdG9yKHNjb3BlOiBDb25zdHJ1Y3QsIGlkOiBzdHJpbmcsIHByb3BzOiBCYXN0aW9uSG9zdExpbnV4UHJvcHMpIHtcbiAgICBzdXBlcihzY29wZSwgaWQpO1xuICAgIHRoaXMuc3RhY2sgPSBBd3NTdGFjay5vZkF3c0NvbnN0cnVjdChzY29wZSk7XG4gICAgY29uc3QgaW5zdGFuY2VUeXBlID1cbiAgICAgIHByb3BzLmluc3RhbmNlVHlwZSA/P1xuICAgICAgSW5zdGFuY2VUeXBlLm9mKEluc3RhbmNlQ2xhc3MuVDMsIEluc3RhbmNlU2l6ZS5OQU5PKTtcbiAgICB0aGlzLmluc3RhbmNlID0gbmV3IEluc3RhbmNlKHRoaXMsIFwiUmVzb3VyY2VcIiwge1xuICAgICAgdnBjOiBwcm9wcy52cGMsXG4gICAgICBhdmFpbGFiaWxpdHlab25lOiBwcm9wcy5hdmFpbGFiaWxpdHlab25lLFxuICAgICAgc2VjdXJpdHlHcm91cDogcHJvcHMuc2VjdXJpdHlHcm91cCxcbiAgICAgIGluc3RhbmNlTmFtZTogcHJvcHMuaW5zdGFuY2VOYW1lID8/IFwiQmFzdGlvbkhvc3RcIixcbiAgICAgIGluc3RhbmNlVHlwZSxcbiAgICAgIG1hY2hpbmVJbWFnZTogdGhpcy5nZXRNYWNoaW5lSW1hZ2UodGhpcywgaW5zdGFuY2VUeXBlLCBwcm9wcyksXG4gICAgICB2cGNTdWJuZXRzOiBwcm9wcy5zdWJuZXRTZWxlY3Rpb24gPz8ge30sXG4gICAgICBibG9ja0RldmljZXM6IHByb3BzLmJsb2NrRGV2aWNlcyA/PyB1bmRlZmluZWQsXG4gICAgICAvLyBpbml0OiBwcm9wcy5pbml0LFxuICAgICAgLy8gaW5pdE9wdGlvbnM6IHByb3BzLmluaXRPcHRpb25zLFxuICAgICAgcmVxdWlyZUltZHN2MjogcHJvcHMucmVxdWlyZUltZHN2MiA/PyBmYWxzZSxcbiAgICAgIHVzZXJEYXRhQ2F1c2VzUmVwbGFjZW1lbnQ6IHByb3BzLnVzZXJEYXRhQ2F1c2VzUmVwbGFjZW1lbnQsXG4gICAgfSk7XG4gICAgdGhpcy5pbnN0YW5jZS5hZGRUb1JvbGVQb2xpY3koXG4gICAgICBuZXcgUG9saWN5U3RhdGVtZW50KHtcbiAgICAgICAgYWN0aW9uczogW1xuICAgICAgICAgIFwic3NtbWVzc2FnZXM6KlwiLFxuICAgICAgICAgIFwic3NtOlVwZGF0ZUluc3RhbmNlSW5mb3JtYXRpb25cIixcbiAgICAgICAgICBcImVjMm1lc3NhZ2VzOipcIixcbiAgICAgICAgXSxcbiAgICAgICAgcmVzb3VyY2VzOiBbXCIqXCJdLFxuICAgICAgfSksXG4gICAgKTtcbiAgICB0aGlzLmNvbm5lY3Rpb25zID0gdGhpcy5pbnN0YW5jZS5jb25uZWN0aW9ucztcbiAgICB0aGlzLnJvbGUgPSB0aGlzLmluc3RhbmNlLnJvbGU7XG4gICAgdGhpcy5ncmFudFByaW5jaXBhbCA9IHRoaXMuaW5zdGFuY2Uucm9sZTtcbiAgICB0aGlzLmluc3RhbmNlSWQgPSB0aGlzLmluc3RhbmNlLmluc3RhbmNlSWQ7XG4gICAgdGhpcy5pbnN0YW5jZVByaXZhdGVJcCA9IHRoaXMuaW5zdGFuY2UuaW5zdGFuY2VQcml2YXRlSXA7XG4gICAgdGhpcy5pbnN0YW5jZUF2YWlsYWJpbGl0eVpvbmUgPSB0aGlzLmluc3RhbmNlLmluc3RhbmNlQXZhaWxhYmlsaXR5Wm9uZTtcbiAgICB0aGlzLmluc3RhbmNlUHJpdmF0ZURuc05hbWUgPSB0aGlzLmluc3RhbmNlLmluc3RhbmNlUHJpdmF0ZURuc05hbWU7XG4gICAgdGhpcy5pbnN0YW5jZVB1YmxpY0lwID0gdGhpcy5pbnN0YW5jZS5pbnN0YW5jZVB1YmxpY0lwO1xuICAgIHRoaXMuaW5zdGFuY2VQdWJsaWNEbnNOYW1lID0gdGhpcy5pbnN0YW5jZS5pbnN0YW5jZVB1YmxpY0Ruc05hbWU7XG5cbiAgICBuZXcgVGVycmFmb3JtT3V0cHV0KHRoaXMsIFwiQmFzdGlvbkhvc3RJZFwiLCB7XG4gICAgICBkZXNjcmlwdGlvbjpcbiAgICAgICAgXCJJbnN0YW5jZSBJRCBvZiB0aGUgYmFzdGlvbiBob3N0LiBVc2UgdGhpcyB0byBjb25uZWN0IHZpYSBTU00gU2Vzc2lvbiBNYW5hZ2VyXCIsXG4gICAgICB2YWx1ZTogdGhpcy5pbnN0YW5jZUlkLFxuICAgIH0pO1xuICB9XG5cbiAgLyoqXG4gICAqIFJldHVybnMgdGhlIEFtYXpvbkxpbnV4Q3B1VHlwZSBjb3JyZXNwb25kaW5nIHRvIHRoZSBnaXZlbiBpbnN0YW5jZSBhcmNoaXRlY3R1cmVcbiAgICogQHBhcmFtIGFyY2hpdGVjdHVyZSB0aGUgaW5zdGFuY2UgYXJjaGl0ZWN0dXJlIHZhbHVlIHRvIGNvbnZlcnRcbiAgICovXG4gIHByaXZhdGUgdG9BbWF6b25MaW51eENwdVR5cGUoXG4gICAgYXJjaGl0ZWN0dXJlOiBJbnN0YW5jZUFyY2hpdGVjdHVyZSxcbiAgKTogQW1hem9uTGludXhDcHVUeXBlIHtcbiAgICBpZiAoYXJjaGl0ZWN0dXJlID09PSBJbnN0YW5jZUFyY2hpdGVjdHVyZS5BUk1fNjQpIHtcbiAgICAgIHJldHVybiBBbWF6b25MaW51eENwdVR5cGUuQVJNXzY0O1xuICAgIH0gZWxzZSBpZiAoYXJjaGl0ZWN0dXJlID09PSBJbnN0YW5jZUFyY2hpdGVjdHVyZS5YODZfNjQpIHtcbiAgICAgIHJldHVybiBBbWF6b25MaW51eENwdVR5cGUuWDg2XzY0O1xuICAgIH1cblxuICAgIHRocm93IG5ldyBFcnJvcihgVW5zdXBwb3J0ZWQgaW5zdGFuY2UgYXJjaGl0ZWN0dXJlICcke2FyY2hpdGVjdHVyZX0nYCk7XG4gIH1cblxuICAvKipcbiAgICogQWxsb3cgU1NIIGFjY2VzcyBmcm9tIHRoZSBnaXZlbiBwZWVyIG9yIHBlZXJzXG4gICAqXG4gICAqIE5lY2Vzc2FyeSBpZiB5b3Ugd2FudCB0byBjb25uZWN0IHRvIHRoZSBpbnN0YW5jZSB1c2luZyBzc2guIElmIG5vdFxuICAgKiBjYWxsZWQsIHlvdSBzaG91bGQgdXNlIFNTTSBTZXNzaW9uIE1hbmFnZXIgdG8gY29ubmVjdCB0byB0aGUgaW5zdGFuY2UuXG4gICAqL1xuICBwdWJsaWMgYWxsb3dTc2hBY2Nlc3NGcm9tKC4uLnBlZXI6IElQZWVyW10pOiB2b2lkIHtcbiAgICBwZWVyLmZvckVhY2goKHApID0+IHtcbiAgICAgIHRoaXMuY29ubmVjdGlvbnMuYWxsb3dGcm9tKHAsIFBvcnQudGNwKDIyKSwgXCJTU0ggYWNjZXNzXCIpO1xuICAgIH0pO1xuICB9XG5cbiAgLyoqXG4gICAqIFJldHVybnMgdGhlIG1hY2hpbmUgaW1hZ2UgdG8gdXNlIGZvciB0aGUgYmFzdGlvbiBob3N0LCByZXNwZWN0aW5nIHRoZSBmZWF0dXJlIGZsYWdcbiAgICogdG8gZGVmYXVsdCB0byBBbWF6b24gTGludXggMjAyMyBpZiBlbmFibGVkLCBvdGhlcndpc2UgZGVmYXVsdGluZyB0byBBbWF6b24gTGludXggMi5cbiAgICovXG4gIHByaXZhdGUgZ2V0TWFjaGluZUltYWdlKFxuICAgIF9zY29wZTogQ29uc3RydWN0LFxuICAgIGluc3RhbmNlVHlwZTogSW5zdGFuY2VUeXBlLFxuICAgIHByb3BzOiBCYXN0aW9uSG9zdExpbnV4UHJvcHMsXG4gICk6IElNYWNoaW5lSW1hZ2Uge1xuICAgIGNvbnN0IGRlZmF1bHRNYWNoaW5lSW1hZ2UgPSBNYWNoaW5lSW1hZ2UubGF0ZXN0QW1hem9uTGludXgyMDIzKHtcbiAgICAgIGNwdVR5cGU6IHRoaXMudG9BbWF6b25MaW51eENwdVR5cGUoaW5zdGFuY2VUeXBlLmFyY2hpdGVjdHVyZSksXG4gICAgfSk7XG4gICAgcmV0dXJuIHByb3BzLm1hY2hpbmVJbWFnZSA/PyBkZWZhdWx0TWFjaGluZUltYWdlO1xuICB9XG59XG4iXX0=

package/lib/aws/compute/chain.js

@@ -64,5 +64,5 @@ class Chain {
 }
 exports.Chain = Chain;
 _a = JSII_RTTI_SYMBOL_1;
-Chain[_a] = { fqn: "terraconstructs.aws.compute.Chain", version: "0.0.10" };
+Chain[_a] = { fqn: "terraconstructs.aws.compute.Chain", version: "0.0.12" };
 //# sourceMappingURL=data:application/json;base64,eyJ2ZXJzaW9uIjozLCJmaWxlIjoiY2hhaW4uanMiLCJzb3VyY2VSb290IjoiIiwic291cmNlcyI6WyIuLi8uLi8uLi9zcmMvYXdzL2NvbXB1dGUvY2hhaW4udHMiXSwibmFtZXMiOltdLCJtYXBwaW5ncyI6Ijs7Ozs7QUFBQSxtR0FBbUc7QUFFbkcsZ0RBQTREO0FBSTVEOzs7OztHQUtHO0FBQ0gsTUFBYSxLQUFLO0lBQ2hCOztPQUVHO0lBQ0ksTUFBTSxDQUFDLEtBQUssQ0FBQyxLQUFpQjtRQUNuQyxPQUFPLElBQUksS0FBSyxDQUFDLEtBQUssQ0FBQyxVQUFVLEVBQUUsS0FBSyxDQUFDLFNBQVMsRUFBRSxLQUFLLENBQUMsQ0FBQztJQUM3RCxDQUFDO0lBRUQ7O09BRUc7SUFDSSxNQUFNLENBQUMsUUFBUSxDQUFDLEtBQWlCLEVBQUUsSUFBZ0I7UUFDeEQsT0FBTyxJQUFJLEtBQUssQ0FBQyxLQUFLLENBQUMsVUFBVSxFQUFFLElBQUksQ0FBQyxTQUFTLEVBQUUsSUFBSSxDQUFDLENBQUM7SUFDM0QsQ0FBQztJQUVEOztPQUVHO0lBQ0ksTUFBTSxDQUFDLE1BQU0sQ0FDbEIsVUFBaUIsRUFDakIsU0FBc0IsRUFDdEIsU0FBcUI7UUFFckIsT0FBTyxJQUFJLEtBQUssQ0FBQyxVQUFVLEVBQUUsU0FBUyxFQUFFLFNBQVMsQ0FBQyxDQUFDO0lBQ3JELENBQUM7SUFpQkQsWUFDRSxVQUFpQixFQUNqQixTQUFzQixFQUNMLFNBQXFCO1FBQXJCLGNBQVMsR0FBVCxTQUFTLENBQVk7UUFFdEMsSUFBSSxDQUFDLEVBQUUsR0FBRyxTQUFTLENBQUMsRUFBRSxDQUFDO1FBQ3ZCLElBQUksQ0FBQyxVQUFVLEdBQUcsVUFBVSxDQUFDO1FBQzdCLElBQUksQ0FBQyxTQUFTLEdBQUcsU0FBUyxDQUFDO0lBQzdCLENBQUM7SUFFRDs7T0FFRztJQUNJLElBQUksQ0FBQyxJQUFnQjtRQUMxQixJQUFJLElBQUksQ0FBQyxTQUFTLENBQUMsTUFBTSxLQUFLLENBQUMsRUFBRSxDQUFDO1lBQ2hDLE1BQU0sSUFBSSxLQUFLLENBQ2IsNkNBQTZDLElBQUksQ0FBQyxTQUFTLENBQUMsRUFBRSxxQkFBcUIsQ0FDcEYsQ0FBQztRQUNKLENBQUM7UUFFRCxLQUFLLE1BQU0sUUFBUSxJQUFJLElBQUksQ0FBQyxTQUFTLEVBQUUsQ0FBQztZQUN0QyxRQUFRLENBQUMsSUFBSSxDQUFDLElBQUksQ0FBQyxDQUFDO1FBQ3RCLENBQUM7UUFFRCxPQUFPLElBQUksS0FBSyxDQUFDLElBQUksQ0FBQyxVQUFVLEVBQUUsSUFBSSxDQUFDLFNBQVMsRUFBRSxJQUFJLENBQUMsQ0FBQztJQUMxRCxDQUFDO0lBRUQ7Ozs7Ozs7OztPQVNHO0lBQ0ksYUFBYSxDQUFDLEVBQVUsRUFBRSxRQUF1QixFQUFFO1FBQ3hELE9BQU8sSUFBSSxtQkFBUSxDQUFDLElBQUksQ0FBQyxVQUFVLEVBQUUsRUFBRSxFQUFFLEtBQUssQ0FBQyxDQUFDLE1BQU0sQ0FBQyxJQUFJLENBQUMsQ0FBQztJQUMvRCxDQUFDOztBQWhGSCxzQkFpRkMiLCJzb3VyY2VzQ29udGVudCI6WyIvLyBodHRwczovL2dpdGh1Yi5jb20vYXdzL2F3cy1jZGsvYmxvYi92Mi4xNjAuMC9wYWNrYWdlcy9hd3MtY2RrLWxpYi9hd3Mtc3RlcGZ1bmN0aW9ucy9saWIvY2hhaW4udHNcblxuaW1wb3J0IHsgUGFyYWxsZWwsIFBhcmFsbGVsUHJvcHMgfSBmcm9tIFwiLi9zdGF0ZXMvcGFyYWxsZWxcIjtcbmltcG9ydCB7IFN0YXRlIH0gZnJvbSBcIi4vc3RhdGVzL3N0YXRlXCI7XG5pbXBvcnQgeyBJQ2hhaW5hYmxlLCBJTmV4dGFibGUgfSBmcm9tIFwiLi90eXBlc1wiO1xuXG4vKipcbiAqIEEgY29sbGVjdGlvbiBvZiBzdGF0ZXMgdG8gY2hhaW4gb250b1xuICpcbiAqIEEgQ2hhaW4gaGFzIGEgc3RhcnQgYW5kIHplcm8gb3IgbW9yZSBjaGFpbmFibGUgZW5kcy4gSWYgdGhlcmUgYXJlXG4gKiB6ZXJvIGVuZHMsIGNhbGxpbmcgbmV4dCgpIG9uIHRoZSBDaGFpbiB3aWxsIGZhaWwuXG4gKi9cbmV4cG9ydCBjbGFzcyBDaGFpbiBpbXBsZW1lbnRzIElDaGFpbmFibGUge1xuICAvKipcbiAgICogQmVnaW4gYSBuZXcgQ2hhaW4gZnJvbSBvbmUgY2hhaW5hYmxlXG4gICAqL1xuICBwdWJsaWMgc3RhdGljIHN0YXJ0KHN0YXRlOiBJQ2hhaW5hYmxlKSB7XG4gICAgcmV0dXJuIG5ldyBDaGFpbihzdGF0ZS5zdGFydFN0YXRlLCBzdGF0ZS5lbmRTdGF0ZXMsIHN0YXRlKTtcbiAgfVxuXG4gIC8qKlxuICAgKiBNYWtlIGEgQ2hhaW4gd2l0aCB0aGUgc3RhcnQgZnJvbSBvbmUgY2hhaW4gYW5kIHRoZSBlbmRzIGZyb20gYW5vdGhlclxuICAgKi9cbiAgcHVibGljIHN0YXRpYyBzZXF1ZW5jZShzdGFydDogSUNoYWluYWJsZSwgbmV4dDogSUNoYWluYWJsZSkge1xuICAgIHJldHVybiBuZXcgQ2hhaW4oc3RhcnQuc3RhcnRTdGF0ZSwgbmV4dC5lbmRTdGF0ZXMsIG5leHQpO1xuICB9XG5cbiAgLyoqXG4gICAqIE1ha2UgYSBDaGFpbiB3aXRoIHNwZWNpZmljIHN0YXJ0IGFuZCBlbmQgc3RhdGVzLCBhbmQgYSBsYXN0LWFkZGVkIENoYWluYWJsZVxuICAgKi9cbiAgcHVibGljIHN0YXRpYyBjdXN0b20oXG4gICAgc3RhcnRTdGF0ZTogU3RhdGUsXG4gICAgZW5kU3RhdGVzOiBJTmV4dGFibGVbXSxcbiAgICBsYXN0QWRkZWQ6IElDaGFpbmFibGUsXG4gICkge1xuICAgIHJldHVybiBuZXcgQ2hhaW4oc3RhcnRTdGF0ZSwgZW5kU3RhdGVzLCBsYXN0QWRkZWQpO1xuICB9XG5cbiAgLyoqXG4gICAqIElkZW50aWZ5IHRoaXMgQ2hhaW5cbiAgICovXG4gIHB1YmxpYyByZWFkb25seSBpZDogc3RyaW5nO1xuXG4gIC8qKlxuICAgKiBUaGUgc3RhcnQgc3RhdGUgb2YgdGhpcyBjaGFpblxuICAgKi9cbiAgcHVibGljIHJlYWRvbmx5IHN0YXJ0U3RhdGU6IFN0YXRlO1xuXG4gIC8qKlxuICAgKiBUaGUgY2hhaW5hYmxlIGVuZCBzdGF0ZShzKSBvZiB0aGlzIGNoYWluXG4gICAqL1xuICBwdWJsaWMgcmVhZG9ubHkgZW5kU3RhdGVzOiBJTmV4dGFibGVbXTtcblxuICBwcml2YXRlIGNvbnN0cnVjdG9yKFxuICAgIHN0YXJ0U3RhdGU6IFN0YXRlLFxuICAgIGVuZFN0YXRlczogSU5leHRhYmxlW10sXG4gICAgcHJpdmF0ZSByZWFkb25seSBsYXN0QWRkZWQ6IElDaGFpbmFibGUsXG4gICkge1xuICAgIHRoaXMuaWQgPSBsYXN0QWRkZWQuaWQ7XG4gICAgdGhpcy5zdGFydFN0YXRlID0gc3RhcnRTdGF0ZTtcbiAgICB0aGlzLmVuZFN0YXRlcyA9IGVuZFN0YXRlcztcbiAgfVxuXG4gIC8qKlxuICAgKiBDb250aW51ZSBub3JtYWwgZXhlY3V0aW9uIHdpdGggdGhlIGdpdmVuIHN0YXRlXG4gICAqL1xuICBwdWJsaWMgbmV4dChuZXh0OiBJQ2hhaW5hYmxlKTogQ2hhaW4ge1xuICAgIGlmICh0aGlzLmVuZFN0YXRlcy5sZW5ndGggPT09IDApIHtcbiAgICAgIHRocm93IG5ldyBFcnJvcihcbiAgICAgICAgYENhbm5vdCBhZGQgdG8gY2hhaW46IGxhc3Qgc3RhdGUgaW4gY2hhaW4gKCR7dGhpcy5sYXN0QWRkZWQuaWR9KSBkb2VzIG5vdCBhbGxvdyBpdGAsXG4gICAgICApO1xuICAgIH1cblxuICAgIGZvciAoY29uc3QgZW5kU3RhdGUgb2YgdGhpcy5lbmRTdGF0ZXMpIHtcbiAgICAgIGVuZFN0YXRlLm5leHQobmV4dCk7XG4gICAgfVxuXG4gICAgcmV0dXJuIG5ldyBDaGFpbih0aGlzLnN0YXJ0U3RhdGUsIG5leHQuZW5kU3RhdGVzLCBuZXh0KTtcbiAgfVxuXG4gIC8qKlxuICAgKiBSZXR1cm4gYSBzaW5nbGUgc3RhdGUgdGhhdCBlbmNvbXBhc3NlcyBhbGwgc3RhdGVzIGluIHRoZSBjaGFpblxuICAgKlxuICAgKiBUaGlzIGNhbiBiZSB1c2VkIHRvIGFkZCBlcnJvciBoYW5kbGluZyB0byBhIHNlcXVlbmNlIG9mIHN0YXRlcy5cbiAgICpcbiAgICogQmUgYXdhcmUgdGhhdCB0aGlzIGNoYW5nZXMgdGhlIHJlc3VsdCBvZiB0aGUgaW5uZXIgc3RhdGUgbWFjaGluZVxuICAgKiB0byBiZSBhbiBhcnJheSB3aXRoIHRoZSByZXN1bHQgb2YgdGhlIHN0YXRlIG1hY2hpbmUgaW4gaXQuIEFkanVzdFxuICAgKiB5b3VyIHBhdGhzIGFjY29yZGluZ2x5LiBGb3IgZXhhbXBsZSwgY2hhbmdlICdvdXRwdXRQYXRoJyB0b1xuICAgKiAnJFswXScuXG4gICAqL1xuICBwdWJsaWMgdG9TaW5nbGVTdGF0ZShpZDogc3RyaW5nLCBwcm9wczogUGFyYWxsZWxQcm9wcyA9IHt9KTogUGFyYWxsZWwge1xuICAgIHJldHVybiBuZXcgUGFyYWxsZWwodGhpcy5zdGFydFN0YXRlLCBpZCwgcHJvcHMpLmJyYW5jaCh0aGlzKTtcbiAgfVxufVxuIl19

package/lib/aws/compute/cidr-splits.d.ts

@@ -0,0 +1,49 @@
+/**
+ * Return the splits necessary to allocate the given sequence of cidrs in the given order
+ *
+ * The entire block is of size 'rootNetmask', and subsequent blocks will be allocated
+ * from it sized according to the sizes in the 'netmasks' array.
+ *
+ * The return value is a list of `CidrSplit` objects, which represent
+ * invocations of a pair of `Fn.select(Fn.cidr(...))` operations.
+ *
+ * Strategy: walk through the IP block space, clipping to the next possible
+ * start of a block of the given size, then allocate it. Here is an unrealistic
+ * example (with a weird ordering of the netmasks to show how clipping and hence
+ * space wasting plays out in practice):
+ *
+ *                               root space  /16
+ * ┌──────────────────────────────────────────────────────────────────────────────────────────────┐
+ * │                                                                                              │
+ *   A  /21             B  /19
+ * ┌───┬───┬───┬───┬───────────────┬───────────────┬───┬───────────┬───────────────┬──────────────┐
+ * │ A │ A │ A │###│       B       │       B       │ A │###########│       B       │     ....     │
+ * └───┴───┴───┴───┴───────────────┴───────────────┴───┴───────────┴───────────────┴──────────────┘
+ *              ^^^______ wasted space _________________^^^^^^
+ */
+export declare function calculateCidrSplits(rootNetmask: number, netmasks: number[]): CidrSplit[];
+/**
+ * A representation of a pair of `Fn.select(Fn.cidr())` invocations
+ */
+export interface CidrSplit {
+    /**
+     * The netmask of this block size
+     * (If you want a /24, netmask=24).
+     */
+    readonly netmask: number;
+    /**
+     * newbits = (childNetmask - rootNetmask), i.e. how many additional bits
+     * beyond the root's netmask we're subdividing by.
+     *
+     * Used directly by Terraform's `cidrsubnet(...)`.
+     */
+    readonly newbits: number;
+    /**
+     * How many parts the mask needs to be split into
+     */
+    readonly count: number;
+    /**
+     * What subnet index to select from the split
+     */
+    readonly index: number;
+}

package/lib/aws/compute/cidr-splits.js

@@ -0,0 +1,59 @@
+"use strict";
+// https://github.com/aws/aws-cdk/blob/v2.175.1/packages/aws-cdk-lib/aws-ec2/lib/cidr-splits.ts
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.calculateCidrSplits = calculateCidrSplits;
+/**
+ * Return the splits necessary to allocate the given sequence of cidrs in the given order
+ *
+ * The entire block is of size 'rootNetmask', and subsequent blocks will be allocated
+ * from it sized according to the sizes in the 'netmasks' array.
+ *
+ * The return value is a list of `CidrSplit` objects, which represent
+ * invocations of a pair of `Fn.select(Fn.cidr(...))` operations.
+ *
+ * Strategy: walk through the IP block space, clipping to the next possible
+ * start of a block of the given size, then allocate it. Here is an unrealistic
+ * example (with a weird ordering of the netmasks to show how clipping and hence
+ * space wasting plays out in practice):
+ *
+ *                               root space  /16
+ * ┌──────────────────────────────────────────────────────────────────────────────────────────────┐
+ * │                                                                                              │
+ *   A  /21             B  /19
+ * ┌───┬───┬───┬───┬───────────────┬───────────────┬───┬───────────┬───────────────┬──────────────┐
+ * │ A │ A │ A │###│       B       │       B       │ A │###########│       B       │     ....     │
+ * └───┴───┴───┴───┴───────────────┴───────────────┴───┴───────────┴───────────────┴──────────────┘
+ *              ^^^______ wasted space _________________^^^^^^
+ */
+function calculateCidrSplits(rootNetmask, netmasks) {
+    // NOTE: Terraform cidrsubnets() function does the same thing, but forces TF Tokens
+    // Local implementation of this logic allows more powerful configuration through constructs
+    // ref: https://developer.hashicorp.com/terraform/language/v1.7.x/functions/cidrsubnets
+    const ret = new Array();
+    let offset = 0;
+    for (const netmask of netmasks) {
+        const size = Math.pow(2, 32 - netmask);
+        // Clip offset to the next block of the given size
+        offset = nextMultiple(offset, size);
+        const count = Math.pow(2, netmask - rootNetmask);
+        const newbits = netmask - rootNetmask;
+        // if newbits is negative, it means the child netmask is bigger than the root netmask
+        // this will be caught by offset > Math.pow(2, 32 - rootNetmask) check below
+        ret.push({
+            count,
+            netmask,
+            newbits,
+            index: offset / size,
+        });
+        // Consume
+        offset += size;
+    }
+    if (offset > Math.pow(2, 32 - rootNetmask)) {
+        throw new Error(`IP space of size /${rootNetmask} not big enough to allocate subnets of sizes ${netmasks.map((x) => `/${x}`)}`);
+    }
+    return ret;
+}
+function nextMultiple(current, multiple) {
+    return Math.ceil(current / multiple) * multiple;
+}
+//# sourceMappingURL=data:application/json;base64,eyJ2ZXJzaW9uIjozLCJmaWxlIjoiY2lkci1zcGxpdHMuanMiLCJzb3VyY2VSb290IjoiIiwic291cmNlcyI6WyIuLi8uLi8uLi9zcmMvYXdzL2NvbXB1dGUvY2lkci1zcGxpdHMudHMiXSwibmFtZXMiOltdLCJtYXBwaW5ncyI6IjtBQUFBLCtGQUErRjs7QUF5Qi9GLGtEQXNDQztBQTdERDs7Ozs7Ozs7Ozs7Ozs7Ozs7Ozs7OztHQXNCRztBQUNILFNBQWdCLG1CQUFtQixDQUNqQyxXQUFtQixFQUNuQixRQUFrQjtJQUVsQixtRkFBbUY7SUFDbkYsMkZBQTJGO0lBQzNGLHVGQUF1RjtJQUN2RixNQUFNLEdBQUcsR0FBRyxJQUFJLEtBQUssRUFBYSxDQUFDO0lBRW5DLElBQUksTUFBTSxHQUFHLENBQUMsQ0FBQztJQUNmLEtBQUssTUFBTSxPQUFPLElBQUksUUFBUSxFQUFFLENBQUM7UUFDL0IsTUFBTSxJQUFJLEdBQUcsSUFBSSxDQUFDLEdBQUcsQ0FBQyxDQUFDLEVBQUUsRUFBRSxHQUFHLE9BQU8sQ0FBQyxDQUFDO1FBRXZDLGtEQUFrRDtRQUNsRCxNQUFNLEdBQUcsWUFBWSxDQUFDLE1BQU0sRUFBRSxJQUFJLENBQUMsQ0FBQztRQUVwQyxNQUFNLEtBQUssR0FBRyxJQUFJLENBQUMsR0FBRyxDQUFDLENBQUMsRUFBRSxPQUFPLEdBQUcsV0FBVyxDQUFDLENBQUM7UUFDakQsTUFBTSxPQUFPLEdBQUcsT0FBTyxHQUFHLFdBQVcsQ0FBQztRQUN0QyxxRkFBcUY7UUFDckYsNEVBQTRFO1FBQzVFLEdBQUcsQ0FBQyxJQUFJLENBQUM7WUFDUCxLQUFLO1lBQ0wsT0FBTztZQUNQLE9BQU87WUFDUCxLQUFLLEVBQUUsTUFBTSxHQUFHLElBQUk7U0FDckIsQ0FBQyxDQUFDO1FBRUgsVUFBVTtRQUNWLE1BQU0sSUFBSSxJQUFJLENBQUM7SUFDakIsQ0FBQztJQUVELElBQUksTUFBTSxHQUFHLElBQUksQ0FBQyxHQUFHLENBQUMsQ0FBQyxFQUFFLEVBQUUsR0FBRyxXQUFXLENBQUMsRUFBRSxDQUFDO1FBQzNDLE1BQU0sSUFBSSxLQUFLLENBQ2IscUJBQXFCLFdBQVcsZ0RBQWdELFFBQVEsQ0FBQyxHQUFHLENBQUMsQ0FBQyxDQUFDLEVBQUUsRUFBRSxDQUFDLElBQUksQ0FBQyxFQUFFLENBQUMsRUFBRSxDQUMvRyxDQUFDO0lBQ0osQ0FBQztJQUVELE9BQU8sR0FBRyxDQUFDO0FBQ2IsQ0FBQztBQUVELFNBQVMsWUFBWSxDQUFDLE9BQWUsRUFBRSxRQUFnQjtJQUNyRCxPQUFPLElBQUksQ0FBQyxJQUFJLENBQUMsT0FBTyxHQUFHLFFBQVEsQ0FBQyxHQUFHLFFBQVEsQ0FBQztBQUNsRCxDQUFDIiwic291cmNlc0NvbnRlbnQiOlsiLy8gaHR0cHM6Ly9naXRodWIuY29tL2F3cy9hd3MtY2RrL2Jsb2IvdjIuMTc1LjEvcGFja2FnZXMvYXdzLWNkay1saWIvYXdzLWVjMi9saWIvY2lkci1zcGxpdHMudHNcblxuLyoqXG4gKiBSZXR1cm4gdGhlIHNwbGl0cyBuZWNlc3NhcnkgdG8gYWxsb2NhdGUgdGhlIGdpdmVuIHNlcXVlbmNlIG9mIGNpZHJzIGluIHRoZSBnaXZlbiBvcmRlclxuICpcbiAqIFRoZSBlbnRpcmUgYmxvY2sgaXMgb2Ygc2l6ZSAncm9vdE5ldG1hc2snLCBhbmQgc3Vic2VxdWVudCBibG9ja3Mgd2lsbCBiZSBhbGxvY2F0ZWRcbiAqIGZyb20gaXQgc2l6ZWQgYWNjb3JkaW5nIHRvIHRoZSBzaXplcyBpbiB0aGUgJ25ldG1hc2tzJyBhcnJheS5cbiAqXG4gKiBUaGUgcmV0dXJuIHZhbHVlIGlzIGEgbGlzdCBvZiBgQ2lkclNwbGl0YCBvYmplY3RzLCB3aGljaCByZXByZXNlbnRcbiAqIGludm9jYXRpb25zIG9mIGEgcGFpciBvZiBgRm4uc2VsZWN0KEZuLmNpZHIoLi4uKSlgIG9wZXJhdGlvbnMuXG4gKlxuICogU3RyYXRlZ3k6IHdhbGsgdGhyb3VnaCB0aGUgSVAgYmxvY2sgc3BhY2UsIGNsaXBwaW5nIHRvIHRoZSBuZXh0IHBvc3NpYmxlXG4gKiBzdGFydCBvZiBhIGJsb2NrIG9mIHRoZSBnaXZlbiBzaXplLCB0aGVuIGFsbG9jYXRlIGl0LiBIZXJlIGlzIGFuIHVucmVhbGlzdGljXG4gKiBleGFtcGxlICh3aXRoIGEgd2VpcmQgb3JkZXJpbmcgb2YgdGhlIG5ldG1hc2tzIHRvIHNob3cgaG93IGNsaXBwaW5nIGFuZCBoZW5jZVxuICogc3BhY2Ugd2FzdGluZyBwbGF5cyBvdXQgaW4gcHJhY3RpY2UpOlxuICpcbiAqICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIHJvb3Qgc3BhY2UgIC8xNlxuICog4pSM4pSA4pSA4pSA4pSA4pSA4pSA4pSA4pSA4pSA4pSA4pSA4pSA4pSA4pSA4pSA4pSA4pSA4pSA4pSA4pSA4pSA4pSA4pSA4pSA4pSA4pSA4pSA4pSA4pSA4pSA4pSA4pSA4pSA4pSA4pSA4pSA4pSA4pSA4pSA4pSA4pSA4pSA4pSA4pSA4pSA4pSA4pSA4pSA4pSA4pSA4pSA4pSA4pSA4pSA4pSA4pSA4pSA4pSA4pSA4pSA4pSA4pSA4pSA4pSA4pSA4pSA4pSA4pSA4pSA4pSA4pSA4pSA4pSA4pSA4pSA4pSA4pSA4pSA4pSA4pSA4pSA4pSA4pSA4pSA4pSA4pSA4pSA4pSA4pSA4pSA4pSA4pSA4pSA4pSA4pSQXG4gKiDilIIgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAg4pSCXG4gKiAgIEEgIC8yMSAgICAgICAgICAgICBCICAvMTlcbiAqIOKUjOKUgOKUgOKUgOKUrOKUgOKUgOKUgOKUrOKUgOKUgOKUgOKUrOKUgOKUgOKUgOKUrOKUgOKUgOKUgOKUgOKUgOKUgOKUgOKUgOKUgOKUgOKUgOKUgOKUgOKUgOKUgOKUrOKUgOKUgOKUgOKUgOKUgOKUgOKUgOKUgOKUgOKUgOKUgOKUgOKUgOKUgOKUgOKUrOKUgOKUgOKUgOKUrOKUgOKUgOKUgOKUgOKUgOKUgOKUgOKUgOKUgOKUgOKUgOKUrOKUgOKUgOKUgOKUgOKUgOKUgOKUgOKUgOKUgOKUgOKUgOKUgOKUgOKUgOKUgOKUrOKUgOKUgOKUgOKUgOKUgOKUgOKUgOKUgOKUgOKUgOKUgOKUgOKUgOKUgOKUkFxuICog4pSCIEEg4pSCIEEg4pSCIEEg4pSCIyMj4pSCICAgICAgIEIgICAgICAg4pSCICAgICAgIEIgICAgICAg4pSCIEEg4pSCIyMjIyMjIyMjIyPilIIgICAgICAgQiAgICAgICDilIIgICAgIC4uLi4gICAgIOKUglxuICog4pSU4pSA4pSA4pSA4pS04pSA4pSA4pSA4pS04pSA4pSA4pSA4pS04pSA4pSA4pSA4pS04pSA4pSA4pSA4pSA4pSA4pSA4pSA4pSA4pSA4pSA4pSA4pSA4pSA4pSA4pSA4pS04pSA4pSA4pSA4pSA4pSA4pSA4pSA4pSA4pSA4pSA4pSA4pSA4pSA4pSA4pSA4pS04pSA4pSA4pSA4pS04pSA4pSA4pSA4pSA4pSA4pSA4pSA4pSA4pSA4pSA4pSA4pS04pSA4pSA4pSA4pSA4pSA4pSA4pSA4pSA4pSA4pSA4pSA4pSA4pSA4pSA4pSA4pS04pSA4pSA4pSA4pSA4pSA4pSA4pSA4pSA4pSA4pSA4pSA4pSA4pSA4pSA4pSYXG4gKiAgICAgICAgICAgICAgXl5eX19fX19fIHdhc3RlZCBzcGFjZSBfX19fX19fX19fX19fX19fX15eXl5eXlxuICovXG5leHBvcnQgZnVuY3Rpb24gY2FsY3VsYXRlQ2lkclNwbGl0cyhcbiAgcm9vdE5ldG1hc2s6IG51bWJlcixcbiAgbmV0bWFza3M6IG51bWJlcltdLFxuKTogQ2lkclNwbGl0W10ge1xuICAvLyBOT1RFOiBUZXJyYWZvcm0gY2lkcnN1Ym5ldHMoKSBmdW5jdGlvbiBkb2VzIHRoZSBzYW1lIHRoaW5nLCBidXQgZm9yY2VzIFRGIFRva2Vuc1xuICAvLyBMb2NhbCBpbXBsZW1lbnRhdGlvbiBvZiB0aGlzIGxvZ2ljIGFsbG93cyBtb3JlIHBvd2VyZnVsIGNvbmZpZ3VyYXRpb24gdGhyb3VnaCBjb25zdHJ1Y3RzXG4gIC8vIHJlZjogaHR0cHM6Ly9kZXZlbG9wZXIuaGFzaGljb3JwLmNvbS90ZXJyYWZvcm0vbGFuZ3VhZ2UvdjEuNy54L2Z1bmN0aW9ucy9jaWRyc3VibmV0c1xuICBjb25zdCByZXQgPSBuZXcgQXJyYXk8Q2lkclNwbGl0PigpO1xuXG4gIGxldCBvZmZzZXQgPSAwO1xuICBmb3IgKGNvbnN0IG5ldG1hc2sgb2YgbmV0bWFza3MpIHtcbiAgICBjb25zdCBzaXplID0gTWF0aC5wb3coMiwgMzIgLSBuZXRtYXNrKTtcblxuICAgIC8vIENsaXAgb2Zmc2V0IHRvIHRoZSBuZXh0IGJsb2NrIG9mIHRoZSBnaXZlbiBzaXplXG4gICAgb2Zmc2V0ID0gbmV4dE11bHRpcGxlKG9mZnNldCwgc2l6ZSk7XG5cbiAgICBjb25zdCBjb3VudCA9IE1hdGgucG93KDIsIG5ldG1hc2sgLSByb290TmV0bWFzayk7XG4gICAgY29uc3QgbmV3Yml0cyA9IG5ldG1hc2sgLSByb290TmV0bWFzaztcbiAgICAvLyBpZiBuZXdiaXRzIGlzIG5lZ2F0aXZlLCBpdCBtZWFucyB0aGUgY2hpbGQgbmV0bWFzayBpcyBiaWdnZXIgdGhhbiB0aGUgcm9vdCBuZXRtYXNrXG4gICAgLy8gdGhpcyB3aWxsIGJlIGNhdWdodCBieSBvZmZzZXQgPiBNYXRoLnBvdygyLCAzMiAtIHJvb3ROZXRtYXNrKSBjaGVjayBiZWxvd1xuICAgIHJldC5wdXNoKHtcbiAgICAgIGNvdW50LFxuICAgICAgbmV0bWFzayxcbiAgICAgIG5ld2JpdHMsXG4gICAgICBpbmRleDogb2Zmc2V0IC8gc2l6ZSxcbiAgICB9KTtcblxuICAgIC8vIENvbnN1bWVcbiAgICBvZmZzZXQgKz0gc2l6ZTtcbiAgfVxuXG4gIGlmIChvZmZzZXQgPiBNYXRoLnBvdygyLCAzMiAtIHJvb3ROZXRtYXNrKSkge1xuICAgIHRocm93IG5ldyBFcnJvcihcbiAgICAgIGBJUCBzcGFjZSBvZiBzaXplIC8ke3Jvb3ROZXRtYXNrfSBub3QgYmlnIGVub3VnaCB0byBhbGxvY2F0ZSBzdWJuZXRzIG9mIHNpemVzICR7bmV0bWFza3MubWFwKCh4KSA9PiBgLyR7eH1gKX1gLFxuICAgICk7XG4gIH1cblxuICByZXR1cm4gcmV0O1xufVxuXG5mdW5jdGlvbiBuZXh0TXVsdGlwbGUoY3VycmVudDogbnVtYmVyLCBtdWx0aXBsZTogbnVtYmVyKSB7XG4gIHJldHVybiBNYXRoLmNlaWwoY3VycmVudCAvIG11bHRpcGxlKSAqIG11bHRpcGxlO1xufVxuXG4vKipcbiAqIEEgcmVwcmVzZW50YXRpb24gb2YgYSBwYWlyIG9mIGBGbi5zZWxlY3QoRm4uY2lkcigpKWAgaW52b2NhdGlvbnNcbiAqL1xuZXhwb3J0IGludGVyZmFjZSBDaWRyU3BsaXQge1xuICAvKipcbiAgICogVGhlIG5ldG1hc2sgb2YgdGhpcyBibG9jayBzaXplXG4gICAqIChJZiB5b3Ugd2FudCBhIC8yNCwgbmV0bWFzaz0yNCkuXG4gICAqL1xuICByZWFkb25seSBuZXRtYXNrOiBudW1iZXI7XG5cbiAgLyoqXG4gICAqIG5ld2JpdHMgPSAoY2hpbGROZXRtYXNrIC0gcm9vdE5ldG1hc2spLCBpLmUuIGhvdyBtYW55IGFkZGl0aW9uYWwgYml0c1xuICAgKiBiZXlvbmQgdGhlIHJvb3QncyBuZXRtYXNrIHdlJ3JlIHN1YmRpdmlkaW5nIGJ5LlxuICAgKlxuICAgKiBVc2VkIGRpcmVjdGx5IGJ5IFRlcnJhZm9ybSdzIGBjaWRyc3VibmV0KC4uLilgLlxuICAgKi9cbiAgcmVhZG9ubHkgbmV3Yml0czogbnVtYmVyO1xuXG4gIC8qKlxuICAgKiBIb3cgbWFueSBwYXJ0cyB0aGUgbWFzayBuZWVkcyB0byBiZSBzcGxpdCBpbnRvXG4gICAqL1xuICByZWFkb25seSBjb3VudDogbnVtYmVyO1xuXG4gIC8qKlxuICAgKiBXaGF0IHN1Ym5ldCBpbmRleCB0byBzZWxlY3QgZnJvbSB0aGUgc3BsaXRcbiAgICovXG4gIHJlYWRvbmx5IGluZGV4OiBudW1iZXI7XG59XG4iXX0=

package/lib/aws/compute/client-vpn-authorization-rule.d.ts

@@ -0,0 +1,43 @@
+import { Construct } from "constructs";
+import { IClientVpnEndpoint } from "./client-vpn-endpoint-types";
+import { AwsConstructBase } from "../aws-construct";
+/**
+ * Options for a ClientVpnAuthorizationRule
+ */
+export interface ClientVpnAuthorizationRuleOptions {
+    /**
+     * The IPv4 address range, in CIDR notation, of the network for which access
+     * is being authorized.
+     */
+    readonly cidr: string;
+    /**
+     * The ID of the group to grant access to, for example, the Active Directory
+     * group or identity provider (IdP) group.
+     *
+     * @default - authorize all groups
+     */
+    readonly groupId?: string;
+    /**
+     * A brief description of the authorization rule.
+     *
+     * @default - no description
+     */
+    readonly description?: string;
+}
+/**
+ * Properties for a ClientVpnAuthorizationRule
+ */
+export interface ClientVpnAuthorizationRuleProps extends ClientVpnAuthorizationRuleOptions {
+    /**
+     * The client VPN endpoint to which to add the rule.
+     * @default clientVpnEndpoint is required
+     */
+    readonly clientVpnEndpoint: IClientVpnEndpoint;
+}
+/**
+ * A client VPN authorization rule
+ */
+export declare class ClientVpnAuthorizationRule extends AwsConstructBase {
+    get outputs(): Record<string, any>;
+    constructor(scope: Construct, id: string, props: ClientVpnAuthorizationRuleProps);
+}