PyPI - aws-cdk.aws-ec2-alpha - Versions diffs - 2.158.0a0__py3-none-any.whl → 2.159.1a0__py3-none-any.whl - Mend - Supply Chain Defender

aws-cdk.aws-ec2-alpha 2.158.0a0py3-none-any.whl → 2.159.1a0py3-none-any.whl

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Potentially problematic release.

This version of aws-cdk.aws-ec2-alpha might be problematic. Click here for more details.

Files changed (12) hide show

aws_cdk/aws_ec2_alpha/__init__.py CHANGED Viewed

@@ -25,10 +25,10 @@ To create a VPC with both IPv4 and IPv6 support:
 ```python
 stack = Stack()
-vpc_v2.VpcV2(self, "Vpc",
-    primary_address_block=vpc_v2.IpAddresses.ipv4("10.0.0.0/24"),
+VpcV2(self, "Vpc",
+    primary_address_block=IpAddresses.ipv4("10.0.0.0/24"),
     secondary_address_blocks=[
-        vpc_v2.IpAddresses.amazon_provided_ipv6(cidr_block_name="AmazonProvidedIpv6")
+        IpAddresses.amazon_provided_ipv6(cidr_block_name="AmazonProvidedIpv6")
     ]
 )
 ```
@@ -44,18 +44,18 @@ This new construct can be used to add subnets to a `VpcV2` instance:
 ```python
 stack = Stack()
-my_vpc = vpc_v2.VpcV2(self, "Vpc",
+my_vpc = VpcV2(self, "Vpc",
     secondary_address_blocks=[
-        vpc_v2.IpAddresses.amazon_provided_ipv6(cidr_block_name="AmazonProvidedIp")
+        IpAddresses.amazon_provided_ipv6(cidr_block_name="AmazonProvidedIp")
     ]
 )
-vpc_v2.SubnetV2(self, "subnetA",
+SubnetV2(self, "subnetA",
     vpc=my_vpc,
     availability_zone="us-east-1a",
-    ipv4_cidr_block=vpc_v2.IpCidr("10.0.0.0/24"),
-    ipv6_cidr_block=vpc_v2.IpCidr("2a05:d02c:25:4000::/60"),
-    subnet_type=ec2.SubnetType.PRIVATE_ISOLATED
+    ipv4_cidr_block=IpCidr("10.0.0.0/24"),
+    ipv6_cidr_block=IpCidr("2a05:d02c:25:4000::/60"),
+    subnet_type=SubnetType.PRIVATE_ISOLATED
 )
 ```
@@ -73,28 +73,28 @@ ipam = Ipam(self, "Ipam",
     operating_region=["us-west-1"]
 )
 ipam_public_pool = ipam.public_scope.add_pool("PublicPoolA",
-    address_family=vpc_v2.AddressFamily.IP_V6,
+    address_family=AddressFamily.IP_V6,
     aws_service=AwsServiceName.EC2,
     locale="us-west-1",
-    public_ip_source=vpc_v2.IpamPoolPublicIpSource.AMAZON
+    public_ip_source=IpamPoolPublicIpSource.AMAZON
 )
 ipam_public_pool.provision_cidr("PublicPoolACidrA", netmask_length=52)
 ipam_private_pool = ipam.private_scope.add_pool("PrivatePoolA",
-    address_family=vpc_v2.AddressFamily.IP_V4
+    address_family=AddressFamily.IP_V4
 )
 ipam_private_pool.provision_cidr("PrivatePoolACidrA", netmask_length=8)
-vpc_v2.VpcV2(self, "Vpc",
-    primary_address_block=vpc_v2.IpAddresses.ipv4("10.0.0.0/24"),
+VpcV2(self, "Vpc",
+    primary_address_block=IpAddresses.ipv4("10.0.0.0/24"),
     secondary_address_blocks=[
-        vpc_v2.IpAddresses.amazon_provided_ipv6(cidr_block_name="AmazonIpv6"),
-        vpc_v2.IpAddresses.ipv6_ipam(
+        IpAddresses.amazon_provided_ipv6(cidr_block_name="AmazonIpv6"),
+        IpAddresses.ipv6_ipam(
             ipam_pool=ipam_public_pool,
             netmask_length=52,
             cidr_block_name="ipv6Ipam"
         ),
-        vpc_v2.IpAddresses.ipv4_ipam(
+        IpAddresses.ipv4_ipam(
             ipam_pool=ipam_private_pool,
             netmask_length=8,
             cidr_block_name="ipv4Ipam"
@@ -110,65 +110,88 @@ Since `VpcV2` does not create subnets automatically, users have full control ove
 `RouteTable` is a new construct that allows for route tables to be customized in a variety of ways. For instance, the following example shows how a custom route table can be created and appended to a subnet:
 ```python
-my_vpc = vpc_v2.VpcV2(self, "Vpc")
-route_table = vpc_v2.RouteTable(self, "RouteTable",
+my_vpc = VpcV2(self, "Vpc")
+route_table = RouteTable(self, "RouteTable",
     vpc=my_vpc
 )
-subnet = vpc_v2.SubnetV2(self, "Subnet",
+subnet = SubnetV2(self, "Subnet",
     vpc=my_vpc,
     route_table=route_table,
     availability_zone="eu-west-2a",
     ipv4_cidr_block=IpCidr("10.0.0.0/24"),
-    subnet_type=ec2.SubnetType.PRIVATE_ISOLATED
+    subnet_type=SubnetType.PRIVATE_ISOLATED
 )
 ```
-`Route`s can be created to link subnets to various different AWS services via gateways and endpoints. Each unique route target has its own dedicated construct that can be routed to a given subnet via the `Route` construct. An example using the `InternetGateway` construct can be seen below:
+`Routes` can be created to link subnets to various different AWS services via gateways and endpoints. Each unique route target has its own dedicated construct that can be routed to a given subnet via the `Route` construct. An example using the `InternetGateway` construct can be seen below:
 ```python
 stack = Stack()
-my_vpc = vpc_v2.VpcV2(self, "Vpc")
-route_table = vpc_v2.RouteTable(self, "RouteTable",
+my_vpc = VpcV2(self, "Vpc")
+route_table = RouteTable(self, "RouteTable",
     vpc=my_vpc
 )
-subnet = vpc_v2.SubnetV2(self, "Subnet",
+subnet = SubnetV2(self, "Subnet",
     vpc=my_vpc,
     availability_zone="eu-west-2a",
     ipv4_cidr_block=IpCidr("10.0.0.0/24"),
-    subnet_type=ec2.SubnetType.PRIVATE_ISOLATED
+    subnet_type=SubnetType.PRIVATE_ISOLATED
 )
-igw = vpc_v2.InternetGateway(self, "IGW",
+igw = InternetGateway(self, "IGW",
     vpc=my_vpc
 )
-vpc_v2.Route(self, "IgwRoute",
+Route(self, "IgwRoute",
     route_table=route_table,
     destination="0.0.0.0/0",
     target={"gateway": igw}
 )
 ```
+Alternatively, `Routes` can also be created via method `addRoute` in the `RouteTable` class. An example using the `EgressOnlyInternetGateway` construct can be seen below:
+Note: `EgressOnlyInternetGateway` can only be used to set up outbound IPv6 routing.
+```python
+stack = Stack()
+my_vpc = VpcV2(self, "Vpc",
+    primary_address_block=IpAddresses.ipv4("10.1.0.0/16"),
+    secondary_address_blocks=[IpAddresses.amazon_provided_ipv6(
+        cidr_block_name="AmazonProvided"
+    )]
+)
+eigw = EgressOnlyInternetGateway(self, "EIGW",
+    vpc=my_vpc
+)
+route_table = RouteTable(self, "RouteTable",
+    vpc=my_vpc
+)
+route_table.add_route("EIGW", "::/0", {"gateway": eigw})
+```
 Other route targets may require a deeper set of parameters to set up properly. For instance, the example below illustrates how to set up a `NatGateway`:
 ```python
-my_vpc = vpc_v2.VpcV2(self, "Vpc")
-route_table = vpc_v2.RouteTable(self, "RouteTable",
+my_vpc = VpcV2(self, "Vpc")
+route_table = RouteTable(self, "RouteTable",
     vpc=my_vpc
 )
-subnet = vpc_v2.SubnetV2(self, "Subnet",
+subnet = SubnetV2(self, "Subnet",
     vpc=my_vpc,
     availability_zone="eu-west-2a",
     ipv4_cidr_block=IpCidr("10.0.0.0/24"),
-    subnet_type=ec2.SubnetType.PRIVATE_ISOLATED
+    subnet_type=SubnetType.PRIVATE_ISOLATED
 )
-natgw = vpc_v2.NatGateway(self, "NatGW",
+natgw = NatGateway(self, "NatGW",
     subnet=subnet,
     vpc=my_vpc,
     connectivity_type=NatConnectivityType.PRIVATE,
     private_ip_address="10.0.0.42"
 )
-vpc_v2.Route(self, "NatGwRoute",
+Route(self, "NatGwRoute",
     route_table=route_table,
     destination="0.0.0.0/0",
     target={"gateway": natgw}
@@ -178,15 +201,16 @@ vpc_v2.Route(self, "NatGwRoute",
 It is also possible to set up endpoints connecting other AWS services. For instance, the example below illustrates the linking of a Dynamo DB endpoint via the existing `ec2.GatewayVpcEndpoint` construct as a route target:
 ```python
-my_vpc = vpc_v2.VpcV2(self, "Vpc")
-route_table = vpc_v2.RouteTable(self, "RouteTable",
+stack = Stack()
+my_vpc = VpcV2(self, "Vpc")
+route_table = RouteTable(self, "RouteTable",
     vpc=my_vpc
 )
-subnet = vpc_v2.SubnetV2(self, "Subnet",
+subnet = SubnetV2(self, "Subnet",
     vpc=my_vpc,
     availability_zone="eu-west-2a",
     ipv4_cidr_block=IpCidr("10.0.0.0/24"),
-    subnet_type=ec2.SubnetType.PRIVATE
+    subnet_type=SubnetType.PRIVATE
 )
 dynamo_endpoint = ec2.GatewayVpcEndpoint(self, "DynamoEndpoint",
@@ -194,12 +218,147 @@ dynamo_endpoint = ec2.GatewayVpcEndpoint(self, "DynamoEndpoint",
     vpc=my_vpc,
     subnets=[subnet]
 )
-vpc_v2.Route(self, "DynamoDBRoute",
+Route(self, "DynamoDBRoute",
     route_table=route_table,
     destination="0.0.0.0/0",
     target={"endpoint": dynamo_endpoint}
 )
 ```
+## Adding Egress-Only Internet Gateway to VPC
+An egress-only internet gateway is a horizontally scaled, redundant, and highly available VPC component that allows outbound communication over IPv6 from instances in your VPC to the internet, and prevents the internet from initiating an IPv6 connection with your instances.
+For more information see [Enable outbound IPv6 traffic using an egress-only internet gateway](https://docs.aws.amazon.com/vpc/latest/userguide/egress-only-internet-gateway.html).
+VpcV2 supports adding an egress only internet gateway to VPC using the `addEgressOnlyInternetGateway` method.
+By default, this method sets up a route to all outbound IPv6 address ranges, unless a specific destination is provided by the user. It can only be configured for IPv6-enabled VPCs.
+The `Subnets` parameter accepts a `SubnetFilter`, which can be based on a `SubnetType` in VpcV2. A new route will be added to the route tables of all subnets that match this filter.
+```python
+stack = Stack()
+my_vpc = VpcV2(self, "Vpc",
+    primary_address_block=IpAddresses.ipv4("10.1.0.0/16"),
+    secondary_address_blocks=[IpAddresses.amazon_provided_ipv6(
+        cidr_block_name="AmazonProvided"
+    )]
+)
+route_table = RouteTable(self, "RouteTable",
+    vpc=my_vpc
+)
+subnet = SubnetV2(self, "Subnet",
+    vpc=my_vpc,
+    availability_zone="eu-west-2a",
+    ipv4_cidr_block=IpCidr("10.0.0.0/24"),
+    ipv6_cidr_block=IpCidr("2001:db8:1::/64"),
+    subnet_type=SubnetType.PRIVATE
+)
+my_vpc.add_egress_only_internet_gateway(
+    subnets=[ec2.SubnetSelection(subnet_type=SubnetType.PRIVATE)],
+    destination="::/60"
+)
+```
+## Adding NATGateway to the VPC
+A NAT gateway is a Network Address Translation (NAT) service.You can use a NAT gateway so that instances in a private subnet can connect to services outside your VPC but external services cannot initiate a connection with those instances.
+For more information, see [NAT gateway basics](https://docs.aws.amazon.com/vpc/latest/userguide/vpc-nat-gateway.html).
+When you create a NAT gateway, you specify one of the following connectivity types:
+**Public – (Default)**: Instances in private subnets can connect to the internet through a public NAT gateway, but cannot receive unsolicited inbound connections from the internet
+**Private**: Instances in private subnets can connect to other VPCs or your on-premises network through a private NAT gateway.
+To define the NAT gateway connectivity type as `ConnectivityType.Public`, you need to ensure that there is an IGW(Internet Gateway) attached to the subnet's VPC.
+Since a NATGW is associated with a particular subnet, providing `subnet` field in the input props is mandatory.
+Additionally, you can set up a route in any route table with the target set to the NAT Gateway. The function `addNatGateway` returns a `NATGateway` object that you can reference later.
+The code example below provides the definition for adding a NAT gateway to your subnet:
+```python
+stack = Stack()
+my_vpc = VpcV2(self, "Vpc")
+route_table = RouteTable(self, "RouteTable",
+    vpc=my_vpc
+)
+subnet = SubnetV2(self, "Subnet",
+    vpc=my_vpc,
+    availability_zone="eu-west-2a",
+    ipv4_cidr_block=IpCidr("10.0.0.0/24"),
+    subnet_type=SubnetType.PUBLIC
+)
+my_vpc.add_internet_gateway()
+my_vpc.add_nat_gateway(
+    subnet=subnet,
+    connectivity_type=NatConnectivityType.PUBLIC
+)
+```
+## Enable VPNGateway for the VPC
+A virtual private gateway is the endpoint on the VPC side of your VPN connection.
+For more information, see [What is AWS Site-to-Site VPN?](https://docs.aws.amazon.com/vpn/latest/s2svpn/VPC_VPN.html).
+VPN route propagation is a feature in Amazon Web Services (AWS) that automatically updates route tables in your Virtual Private Cloud (VPC) with routes learned from a VPN connection.
+To enable VPN route propogation, use the `vpnRoutePropagation` property to specify the subnets as an input to the function. VPN route propagation will then be enabled for each subnet with the corresponding route table IDs.
+Additionally, you can set up a route in any route table with the target set to the VPN Gateway. The function `enableVpnGatewayV2` returns a `VPNGatewayV2` object that you can reference later.
+The code example below provides the definition for setting up a VPN gateway with `vpnRoutePropogation` enabled:
+```python
+stack = Stack()
+my_vpc = VpcV2(self, "Vpc")
+vpn_gateway = my_vpc.enable_vpn_gateway_v2(
+    vpn_route_propagation=[ec2.SubnetSelection(subnet_type=SubnetType.PUBLIC)],
+    type=VpnConnectionType.IPSEC_1
+)
+route_table = RouteTable(stack, "routeTable",
+    vpc=my_vpc
+)
+Route(stack, "route",
+    destination="172.31.0.0/24",
+    target={"gateway": vpn_gateway},
+    route_table=route_table
+)
+```
+## Adding InternetGateway to the VPC
+An internet gateway is a horizontally scaled, redundant, and highly available VPC component that allows communication between your VPC and the internet. It supports both IPv4 and IPv6 traffic.
+For more information, see [Enable VPC internet access using internet gateways](https://docs.aws.amazon.com/vpc/latest/userguide/vpc-igw-internet-access.html).
+You can add an internet gateway to a VPC using `addInternetGateway` method. By default, this method creates a route in all Public Subnets with outbound destination set to `0.0.0.0` for IPv4 and `::0` for IPv6 enabled VPC.
+Instead of using the default settings, you can configure a custom destinatation range by providing an optional input `destination` to the method.
+The code example below shows how to add an internet gateway with a custom outbound destination IP range:
+```python
+stack = Stack()
+my_vpc = VpcV2(self, "Vpc")
+subnet = SubnetV2(self, "Subnet",
+    vpc=my_vpc,
+    availability_zone="eu-west-2a",
+    ipv4_cidr_block=IpCidr("10.0.0.0/24"),
+    subnet_type=SubnetType.PUBLIC
+)
+my_vpc.add_internet_gateway(
+    ipv4_destination="192.168.0.0/16"
+)
+```
 '''
 from pkgutil import extend_path
 __path__ = extend_path(__path__, __name__)
@@ -257,28 +416,28 @@ class AddressFamily(enum.Enum):
             operating_region=["us-west-1"]
         )
         ipam_public_pool = ipam.public_scope.add_pool("PublicPoolA",
-            address_family=vpc_v2.AddressFamily.IP_V6,
+            address_family=AddressFamily.IP_V6,
             aws_service=AwsServiceName.EC2,
             locale="us-west-1",
-            public_ip_source=vpc_v2.IpamPoolPublicIpSource.AMAZON
+            public_ip_source=IpamPoolPublicIpSource.AMAZON
         )
         ipam_public_pool.provision_cidr("PublicPoolACidrA", netmask_length=52)
         ipam_private_pool = ipam.private_scope.add_pool("PrivatePoolA",
-            address_family=vpc_v2.AddressFamily.IP_V4
+            address_family=AddressFamily.IP_V4
         )
         ipam_private_pool.provision_cidr("PrivatePoolACidrA", netmask_length=8)
-        vpc_v2.VpcV2(self, "Vpc",
-            primary_address_block=vpc_v2.IpAddresses.ipv4("10.0.0.0/24"),
+        VpcV2(self, "Vpc",
+            primary_address_block=IpAddresses.ipv4("10.0.0.0/24"),
             secondary_address_blocks=[
-                vpc_v2.IpAddresses.amazon_provided_ipv6(cidr_block_name="AmazonIpv6"),
-                vpc_v2.IpAddresses.ipv6_ipam(
+                IpAddresses.amazon_provided_ipv6(cidr_block_name="AmazonIpv6"),
+                IpAddresses.ipv6_ipam(
                     ipam_pool=ipam_public_pool,
                     netmask_length=52,
                     cidr_block_name="ipv6Ipam"
                 ),
-                vpc_v2.IpAddresses.ipv4_ipam(
+                IpAddresses.ipv4_ipam(
                     ipam_pool=ipam_private_pool,
                     netmask_length=8,
                     cidr_block_name="ipv4Ipam"
@@ -317,6 +476,97 @@ class AwsServiceName(enum.Enum):
     '''
+@jsii.data_type(
+    jsii_type="@aws-cdk/aws-ec2-alpha.EgressOnlyInternetGatewayOptions",
+    jsii_struct_bases=[],
+    name_mapping={"destination": "destination", "subnets": "subnets"},
+)
+class EgressOnlyInternetGatewayOptions:
+    def __init__(
+        self,
+        *,
+        destination: typing.Optional[builtins.str] = None,
+        subnets: typing.Optional[typing.Sequence[typing.Union[_aws_cdk_aws_ec2_ceddda9d.SubnetSelection, typing.Dict[builtins.str, typing.Any]]]] = None,
+    ) -> None:
+        '''(experimental) Options to define EgressOnlyInternetGateway for VPC.
+        :param destination: (experimental) Destination Ipv6 address for EGW route. Default: - '::/0' all Ipv6 traffic
+        :param subnets: (experimental) List of subnets where route to EGW will be added. Default: - no route created
+        :stability: experimental
+        :exampleMetadata: infused
+        Example::
+            stack = Stack()
+            my_vpc = VpcV2(self, "Vpc",
+                primary_address_block=IpAddresses.ipv4("10.1.0.0/16"),
+                secondary_address_blocks=[IpAddresses.amazon_provided_ipv6(
+                    cidr_block_name="AmazonProvided"
+                )]
+            )
+            route_table = RouteTable(self, "RouteTable",
+                vpc=my_vpc
+            )
+            subnet = SubnetV2(self, "Subnet",
+                vpc=my_vpc,
+                availability_zone="eu-west-2a",
+                ipv4_cidr_block=IpCidr("10.0.0.0/24"),
+                ipv6_cidr_block=IpCidr("2001:db8:1::/64"),
+                subnet_type=SubnetType.PRIVATE
+            )
+            my_vpc.add_egress_only_internet_gateway(
+                subnets=[ec2.SubnetSelection(subnet_type=SubnetType.PRIVATE)],
+                destination="::/60"
+            )
+        '''
+        if __debug__:
+            type_hints = typing.get_type_hints(_typecheckingstub__47cf639398ded64820e35dac43908a70a34ddc76a3ed35cc0c24357b0e01f48d)
+            check_type(argname="argument destination", value=destination, expected_type=type_hints["destination"])
+            check_type(argname="argument subnets", value=subnets, expected_type=type_hints["subnets"])
+        self._values: typing.Dict[builtins.str, typing.Any] = {}
+        if destination is not None:
+            self._values["destination"] = destination
+        if subnets is not None:
+            self._values["subnets"] = subnets
+    @builtins.property
+    def destination(self) -> typing.Optional[builtins.str]:
+        '''(experimental) Destination Ipv6 address for EGW route.
+        :default: - '::/0' all Ipv6 traffic
+        :stability: experimental
+        '''
+        result = self._values.get("destination")
+        return typing.cast(typing.Optional[builtins.str], result)
+    @builtins.property
+    def subnets(
+        self,
+    ) -> typing.Optional[typing.List[_aws_cdk_aws_ec2_ceddda9d.SubnetSelection]]:
+        '''(experimental) List of subnets where route to EGW will be added.
+        :default: - no route created
+        :stability: experimental
+        '''
+        result = self._values.get("subnets")
+        return typing.cast(typing.Optional[typing.List[_aws_cdk_aws_ec2_ceddda9d.SubnetSelection]], result)
+    def __eq__(self, rhs: typing.Any) -> builtins.bool:
+        return isinstance(rhs, self.__class__) and rhs._values == self._values
+    def __ne__(self, rhs: typing.Any) -> builtins.bool:
+        return not (rhs == self)
+    def __repr__(self) -> str:
+        return "EgressOnlyInternetGatewayOptions(%s)" % ", ".join(
+            k + "=" + repr(v) for k, v in self._values.items()
+        )
 @jsii.data_type(
     jsii_type="@aws-cdk/aws-ec2-alpha.EgressOnlyInternetGatewayProps",
     jsii_struct_bases=[],
@@ -335,25 +585,30 @@ class EgressOnlyInternetGatewayProps:
         '''(experimental) Properties to define an egress-only internet gateway.
         :param vpc: (experimental) The ID of the VPC for which to create the egress-only internet gateway.
-        :param egress_only_internet_gateway_name: (experimental) The resource name of the egress-only internet gateway. Default: none
+        :param egress_only_internet_gateway_name: (experimental) The resource name of the egress-only internet gateway. Default: - provisioned without a resource name
         :stability: experimental
-        :exampleMetadata: fixture=_generated
+        :exampleMetadata: infused
         Example::
-            # The code below shows an example of how to instantiate this type.
-            # The values are placeholders you should change.
-            import aws_cdk.aws_ec2_alpha as ec2_alpha
-            # vpc_v2: ec2_alpha.VpcV2
+            stack = Stack()
+            my_vpc = VpcV2(self, "Vpc",
+                primary_address_block=IpAddresses.ipv4("10.1.0.0/16"),
+                secondary_address_blocks=[IpAddresses.amazon_provided_ipv6(
+                    cidr_block_name="AmazonProvided"
+                )]
+            )
-            egress_only_internet_gateway_props = ec2_alpha.EgressOnlyInternetGatewayProps(
-                vpc=vpc_v2,
+            eigw = EgressOnlyInternetGateway(self, "EIGW",
+                vpc=my_vpc
+            )
-                # the properties below are optional
-                egress_only_internet_gateway_name="egressOnlyInternetGatewayName"
+            route_table = RouteTable(self, "RouteTable",
+                vpc=my_vpc
             )
+            route_table.add_route("EIGW", "::/0", {"gateway": eigw})
         '''
         if __debug__:
             type_hints = typing.get_type_hints(_typecheckingstub__a1cb0281052a85d3461453c956e87b81e82be05002c1ac33451b382cfcf0ea7e)
@@ -379,7 +634,7 @@ class EgressOnlyInternetGatewayProps:
     def egress_only_internet_gateway_name(self) -> typing.Optional[builtins.str]:
         '''(experimental) The resource name of the egress-only internet gateway.
-        :default: none
+        :default: - provisioned without a resource name
         :stability: experimental
         '''
@@ -471,8 +726,8 @@ class IIpamPool(typing_extensions.Protocol):
         '''(experimental) Function to associate a IPv6 address with IPAM pool.
         :param id: -
-        :param cidr: (experimental) Ipv6 CIDR block for the IPAM pool. Default: none
-        :param netmask_length: (experimental) Ipv6 Netmask length for the CIDR. Default: none
+        :param cidr: (experimental) Ipv6 CIDR block for the IPAM pool. Default: - pool provisioned without netmask length, need netmask length in this case
+        :param netmask_length: (experimental) Ipv6 Netmask length for the CIDR. Default: - pool provisioned without netmask length, need cidr range in this case
         :stability: experimental
         '''
@@ -517,8 +772,8 @@ class _IIpamPoolProxy:
         '''(experimental) Function to associate a IPv6 address with IPAM pool.
         :param id: -
-        :param cidr: (experimental) Ipv6 CIDR block for the IPAM pool. Default: none
-        :param netmask_length: (experimental) Ipv6 Netmask length for the CIDR. Default: none
+        :param cidr: (experimental) Ipv6 CIDR block for the IPAM pool. Default: - pool provisioned without netmask length, need netmask length in this case
+        :param netmask_length: (experimental) Ipv6 Netmask length for the CIDR. Default: - pool provisioned without netmask length, need cidr range in this case
         :stability: experimental
         '''
@@ -584,9 +839,9 @@ class IIpamScopeBase(typing_extensions.Protocol):
         :param id: -
         :param address_family: (experimental) addressFamily - The address family of the pool (ipv4 or ipv6).
-        :param aws_service: (experimental) Limits which service in AWS that the pool can be used in. "ec2", for example, allows users to use space for Elastic IP addresses and VPCs. Default: - No service
+        :param aws_service: (experimental) Limits which service in AWS that the pool can be used in. "ec2", for example, allows users to use space for Elastic IP addresses and VPCs. Default: - required in case of an IPv6, throws an error if not provided.
         :param ipv4_provisioned_cidrs: (experimental) Information about the CIDRs provisioned to the pool. Default: - No CIDRs are provisioned
-        :param locale: (experimental) The locale (AWS Region) of the pool. Should be one of the IPAM operating region. Only resources in the same Region as the locale of the pool can get IP address allocations from the pool. You can only allocate a CIDR for a VPC, for example, from an IPAM pool that shares a locale with the VPC’s Region. Note that once you choose a Locale for a pool, you cannot modify it. If you choose an AWS Region for locale that has not been configured as an operating Region for the IPAM, you'll get an error. Default: - Current operating region
+        :param locale: (experimental) The locale (AWS Region) of the pool. Should be one of the IPAM operating region. Only resources in the same Region as the locale of the pool can get IP address allocations from the pool. You can only allocate a CIDR for a VPC, for example, from an IPAM pool that shares a locale with the VPC’s Region. Note that once you choose a Locale for a pool, you cannot modify it. If you choose an AWS Region for locale that has not been configured as an operating Region for the IPAM, you'll get an error. Default: - Current operating region of IPAM
         :param public_ip_source: (experimental) The IP address source for pools in the public scope. Only used for IPv6 address Only allowed values to this are 'byoip' or 'amazon' Default: amazon
         :stability: experimental
@@ -644,9 +899,9 @@ class _IIpamScopeBaseProxy:
         :param id: -
         :param address_family: (experimental) addressFamily - The address family of the pool (ipv4 or ipv6).
-        :param aws_service: (experimental) Limits which service in AWS that the pool can be used in. "ec2", for example, allows users to use space for Elastic IP addresses and VPCs. Default: - No service
+        :param aws_service: (experimental) Limits which service in AWS that the pool can be used in. "ec2", for example, allows users to use space for Elastic IP addresses and VPCs. Default: - required in case of an IPv6, throws an error if not provided.
         :param ipv4_provisioned_cidrs: (experimental) Information about the CIDRs provisioned to the pool. Default: - No CIDRs are provisioned
-        :param locale: (experimental) The locale (AWS Region) of the pool. Should be one of the IPAM operating region. Only resources in the same Region as the locale of the pool can get IP address allocations from the pool. You can only allocate a CIDR for a VPC, for example, from an IPAM pool that shares a locale with the VPC’s Region. Note that once you choose a Locale for a pool, you cannot modify it. If you choose an AWS Region for locale that has not been configured as an operating Region for the IPAM, you'll get an error. Default: - Current operating region
+        :param locale: (experimental) The locale (AWS Region) of the pool. Should be one of the IPAM operating region. Only resources in the same Region as the locale of the pool can get IP address allocations from the pool. You can only allocate a CIDR for a VPC, for example, from an IPAM pool that shares a locale with the VPC’s Region. Note that once you choose a Locale for a pool, you cannot modify it. If you choose an AWS Region for locale that has not been configured as an operating Region for the IPAM, you'll get an error. Default: - Current operating region of IPAM
         :param public_ip_source: (experimental) The IP address source for pools in the public scope. Only used for IPv6 address Only allowed values to this are 'byoip' or 'amazon' Default: amazon
         :stability: experimental
@@ -669,7 +924,7 @@ typing.cast(typing.Any, IIpamScopeBase).__jsii_proxy_class__ = lambda : _IIpamSc
 @jsii.interface(jsii_type="@aws-cdk/aws-ec2-alpha.IRouteTarget")
-class IRouteTarget(typing_extensions.Protocol):
+class IRouteTarget(_constructs_77d1e7e8.IDependable, typing_extensions.Protocol):
     '''(experimental) Interface to define a routing target, such as an egress-only internet gateway or VPC endpoint.
     :stability: experimental
@@ -694,7 +949,9 @@ class IRouteTarget(typing_extensions.Protocol):
         ...
-class _IRouteTargetProxy:
+class _IRouteTargetProxy(
+    jsii.proxy_for(_constructs_77d1e7e8.IDependable), # type: ignore[misc]
+):
     '''(experimental) Interface to define a routing target, such as an egress-only internet gateway or VPC endpoint.
     :stability: experimental
@@ -725,7 +982,7 @@ typing.cast(typing.Any, IRouteTarget).__jsii_proxy_class__ = lambda : _IRouteTar
 @jsii.interface(jsii_type="@aws-cdk/aws-ec2-alpha.IRouteV2")
-class IRouteV2(typing_extensions.Protocol):
+class IRouteV2(_aws_cdk_ceddda9d.IResource, typing_extensions.Protocol):
     '''(experimental) Interface to define a route.
     :stability: experimental
@@ -763,7 +1020,9 @@ class IRouteV2(typing_extensions.Protocol):
         ...
-class _IRouteV2Proxy:
+class _IRouteV2Proxy(
+    jsii.proxy_for(_aws_cdk_ceddda9d.IResource), # type: ignore[misc]
+):
     '''(experimental) Interface to define a route.
     :stability: experimental
@@ -822,6 +1081,16 @@ class ISubnetV2(_aws_cdk_aws_ec2_ceddda9d.ISubnet, typing_extensions.Protocol):
         '''
         ...
+    @builtins.property
+    @jsii.member(jsii_name="subnetType")
+    def subnet_type(self) -> typing.Optional[_aws_cdk_aws_ec2_ceddda9d.SubnetType]:
+        '''(experimental) The type of subnet (public or private) that this subnet represents.
+        :stability: experimental
+        :attribute: SubnetType
+        '''
+        ...
 class _ISubnetV2Proxy(
     jsii.proxy_for(_aws_cdk_aws_ec2_ceddda9d.ISubnet), # type: ignore[misc]
@@ -842,6 +1111,16 @@ class _ISubnetV2Proxy(
         '''
         return typing.cast(typing.Optional[builtins.str], jsii.get(self, "ipv6CidrBlock"))
+    @builtins.property
+    @jsii.member(jsii_name="subnetType")
+    def subnet_type(self) -> typing.Optional[_aws_cdk_aws_ec2_ceddda9d.SubnetType]:
+        '''(experimental) The type of subnet (public or private) that this subnet represents.
+        :stability: experimental
+        :attribute: SubnetType
+        '''
+        return typing.cast(typing.Optional[_aws_cdk_aws_ec2_ceddda9d.SubnetType], jsii.get(self, "subnetType"))
 # Adding a "__jsii_proxy_class__(): typing.Type" function to the interface
 typing.cast(typing.Any, ISubnetV2).__jsii_proxy_class__ = lambda : _ISubnetV2Proxy
@@ -879,6 +1158,104 @@ class IVpcV2(_aws_cdk_aws_ec2_ceddda9d.IVpc, typing_extensions.Protocol):
         '''
         ...
+    @jsii.member(jsii_name="addEgressOnlyInternetGateway")
+    def add_egress_only_internet_gateway(
+        self,
+        *,
+        destination: typing.Optional[builtins.str] = None,
+        subnets: typing.Optional[typing.Sequence[typing.Union[_aws_cdk_aws_ec2_ceddda9d.SubnetSelection, typing.Dict[builtins.str, typing.Any]]]] = None,
+    ) -> None:
+        '''(experimental) Add an Egress only Internet Gateway to current VPC.
+        Can only be used for ipv6 enabled VPCs.
+        For more information, see the {@link https://docs.aws.amazon.com/vpc/latest/userguide/egress-only-internet-gateway-basics.html}.
+        :param destination: (experimental) Destination Ipv6 address for EGW route. Default: - '::/0' all Ipv6 traffic
+        :param subnets: (experimental) List of subnets where route to EGW will be added. Default: - no route created
+        :stability: experimental
+        '''
+        ...
+    @jsii.member(jsii_name="addInternetGateway")
+    def add_internet_gateway(
+        self,
+        *,
+        ipv4_destination: typing.Optional[builtins.str] = None,
+        ipv6_destination: typing.Optional[builtins.str] = None,
+    ) -> None:
+        '''(experimental) Adds an Internet Gateway to current VPC.
+        For more information, see the {@link https://docs.aws.amazon.com/vpc/latest/userguide/vpc-igw-internet-access.html}.
+        :param ipv4_destination: (experimental) Destination Ipv6 address for EGW route. Default: - '0.0.0.0' all Ipv4 traffic
+        :param ipv6_destination: (experimental) Destination Ipv6 address for EGW route. Default: - '::/0' all Ipv6 traffic
+        :default: - defines route for all ipv4('0.0.0.0') and ipv6 addresses('::/0')
+        :stability: experimental
+        '''
+        ...
+    @jsii.member(jsii_name="addNatGateway")
+    def add_nat_gateway(
+        self,
+        *,
+        subnet: ISubnetV2,
+        allocation_id: typing.Optional[builtins.str] = None,
+        connectivity_type: typing.Optional["NatConnectivityType"] = None,
+        max_drain_duration: typing.Optional[_aws_cdk_ceddda9d.Duration] = None,
+        nat_gateway_name: typing.Optional[builtins.str] = None,
+        private_ip_address: typing.Optional[builtins.str] = None,
+        secondary_allocation_ids: typing.Optional[typing.Sequence[builtins.str]] = None,
+        secondary_private_ip_address_count: typing.Optional[jsii.Number] = None,
+        secondary_private_ip_addresses: typing.Optional[typing.Sequence[builtins.str]] = None,
+    ) -> "NatGateway":
+        '''(experimental) Adds a new NAT Gateway to VPC A NAT gateway is a Network Address Translation (NAT) service.
+        NAT Gateway Connectivity can be of type ``Public`` or ``Private``.
+        For more information, see the {@link https://docs.aws.amazon.com/vpc/latest/userguide/vpc-nat-gateway.html}.
+        :param subnet: (experimental) The subnet in which the NAT gateway is located.
+        :param allocation_id: (experimental) AllocationID of Elastic IP address that's associated with the NAT gateway. This property is required for a public NAT gateway and cannot be specified with a private NAT gateway. Default: - attr.allocationID of a new Elastic IP created by default //TODO: ADD L2 for elastic ip
+        :param connectivity_type: (experimental) Indicates whether the NAT gateway supports public or private connectivity. Default: NatConnectivityType.Public
+        :param max_drain_duration: (experimental) The maximum amount of time to wait before forcibly releasing the IP addresses if connections are still in progress. Default: 350seconds
+        :param nat_gateway_name: (experimental) The resource name of the NAT gateway. Default: - NATGW provisioned without any name
+        :param private_ip_address: (experimental) The private IPv4 address to assign to the NAT gateway. Default: - If you don't provide an address, a private IPv4 address will be automatically assigned.
+        :param secondary_allocation_ids: (experimental) Secondary EIP allocation IDs. Default: - no secondary allocation IDs attached to NATGW
+        :param secondary_private_ip_address_count: (experimental) The number of secondary private IPv4 addresses you want to assign to the NAT gateway. ``SecondaryPrivateIpAddressCount`` and ``SecondaryPrivateIpAddresses`` cannot be set at the same time. Default: - no secondary allocation IDs associated with NATGW
+        :param secondary_private_ip_addresses: (experimental) Secondary private IPv4 addresses. ``SecondaryPrivateIpAddressCount`` and ``SecondaryPrivateIpAddresses`` cannot be set at the same time. Default: - no secondary private IpAddresses associated with NATGW
+        :default: ConnectivityType.Public
+        :stability: experimental
+        '''
+        ...
+    @jsii.member(jsii_name="enableVpnGatewayV2")
+    def enable_vpn_gateway_v2(
+        self,
+        *,
+        type: _aws_cdk_aws_ec2_ceddda9d.VpnConnectionType,
+        amazon_side_asn: typing.Optional[jsii.Number] = None,
+        vpn_gateway_name: typing.Optional[builtins.str] = None,
+        vpn_route_propagation: typing.Optional[typing.Sequence[typing.Union[_aws_cdk_aws_ec2_ceddda9d.SubnetSelection, typing.Dict[builtins.str, typing.Any]]]] = None,
+    ) -> "VPNGatewayV2":
+        '''(experimental) Adds VPN Gateway to VPC and set route propogation.
+        For more information, see the {@link https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ec2-vpngateway.html}.
+        :param type: (experimental) The type of VPN connection the virtual private gateway supports.
+        :param amazon_side_asn: (experimental) The private Autonomous System Number (ASN) for the Amazon side of a BGP session. Default: - no ASN set for BGP session
+        :param vpn_gateway_name: (experimental) The resource name of the VPN gateway. Default: - resource provisioned without any name
+        :param vpn_route_propagation: (experimental) Subnets where the route propagation should be added. Default: - no propogation for routes
+        :default: - no route propogation
+        :stability: experimental
+        '''
+        ...
 class _IVpcV2Proxy(
     jsii.proxy_for(_aws_cdk_aws_ec2_ceddda9d.IVpc), # type: ignore[misc]
@@ -910,11 +1287,136 @@ class _IVpcV2Proxy(
     ) -> typing.List[_aws_cdk_aws_ec2_ceddda9d.CfnVPCCidrBlock]:
         '''(experimental) The secondary CIDR blocks associated with the VPC.
-        For more information, see the {@link https://docs.aws.amazon.com/vpc/latest/userguide/vpc-cidr-blocks.html#vpc-resize}.
+        For more information, see the {@link https://docs.aws.amazon.com/vpc/latest/userguide/vpc-cidr-blocks.html#vpc-resize}.
+        :stability: experimental
+        '''
+        return typing.cast(typing.List[_aws_cdk_aws_ec2_ceddda9d.CfnVPCCidrBlock], jsii.get(self, "secondaryCidrBlock"))
+    @jsii.member(jsii_name="addEgressOnlyInternetGateway")
+    def add_egress_only_internet_gateway(
+        self,
+        *,
+        destination: typing.Optional[builtins.str] = None,
+        subnets: typing.Optional[typing.Sequence[typing.Union[_aws_cdk_aws_ec2_ceddda9d.SubnetSelection, typing.Dict[builtins.str, typing.Any]]]] = None,
+    ) -> None:
+        '''(experimental) Add an Egress only Internet Gateway to current VPC.
+        Can only be used for ipv6 enabled VPCs.
+        For more information, see the {@link https://docs.aws.amazon.com/vpc/latest/userguide/egress-only-internet-gateway-basics.html}.
+        :param destination: (experimental) Destination Ipv6 address for EGW route. Default: - '::/0' all Ipv6 traffic
+        :param subnets: (experimental) List of subnets where route to EGW will be added. Default: - no route created
+        :stability: experimental
+        '''
+        options = EgressOnlyInternetGatewayOptions(
+            destination=destination, subnets=subnets
+        )
+        return typing.cast(None, jsii.invoke(self, "addEgressOnlyInternetGateway", [options]))
+    @jsii.member(jsii_name="addInternetGateway")
+    def add_internet_gateway(
+        self,
+        *,
+        ipv4_destination: typing.Optional[builtins.str] = None,
+        ipv6_destination: typing.Optional[builtins.str] = None,
+    ) -> None:
+        '''(experimental) Adds an Internet Gateway to current VPC.
+        For more information, see the {@link https://docs.aws.amazon.com/vpc/latest/userguide/vpc-igw-internet-access.html}.
+        :param ipv4_destination: (experimental) Destination Ipv6 address for EGW route. Default: - '0.0.0.0' all Ipv4 traffic
+        :param ipv6_destination: (experimental) Destination Ipv6 address for EGW route. Default: - '::/0' all Ipv6 traffic
+        :default: - defines route for all ipv4('0.0.0.0') and ipv6 addresses('::/0')
+        :stability: experimental
+        '''
+        options = InternetGatewayOptions(
+            ipv4_destination=ipv4_destination, ipv6_destination=ipv6_destination
+        )
+        return typing.cast(None, jsii.invoke(self, "addInternetGateway", [options]))
+    @jsii.member(jsii_name="addNatGateway")
+    def add_nat_gateway(
+        self,
+        *,
+        subnet: ISubnetV2,
+        allocation_id: typing.Optional[builtins.str] = None,
+        connectivity_type: typing.Optional["NatConnectivityType"] = None,
+        max_drain_duration: typing.Optional[_aws_cdk_ceddda9d.Duration] = None,
+        nat_gateway_name: typing.Optional[builtins.str] = None,
+        private_ip_address: typing.Optional[builtins.str] = None,
+        secondary_allocation_ids: typing.Optional[typing.Sequence[builtins.str]] = None,
+        secondary_private_ip_address_count: typing.Optional[jsii.Number] = None,
+        secondary_private_ip_addresses: typing.Optional[typing.Sequence[builtins.str]] = None,
+    ) -> "NatGateway":
+        '''(experimental) Adds a new NAT Gateway to VPC A NAT gateway is a Network Address Translation (NAT) service.
+        NAT Gateway Connectivity can be of type ``Public`` or ``Private``.
+        For more information, see the {@link https://docs.aws.amazon.com/vpc/latest/userguide/vpc-nat-gateway.html}.
+        :param subnet: (experimental) The subnet in which the NAT gateway is located.
+        :param allocation_id: (experimental) AllocationID of Elastic IP address that's associated with the NAT gateway. This property is required for a public NAT gateway and cannot be specified with a private NAT gateway. Default: - attr.allocationID of a new Elastic IP created by default //TODO: ADD L2 for elastic ip
+        :param connectivity_type: (experimental) Indicates whether the NAT gateway supports public or private connectivity. Default: NatConnectivityType.Public
+        :param max_drain_duration: (experimental) The maximum amount of time to wait before forcibly releasing the IP addresses if connections are still in progress. Default: 350seconds
+        :param nat_gateway_name: (experimental) The resource name of the NAT gateway. Default: - NATGW provisioned without any name
+        :param private_ip_address: (experimental) The private IPv4 address to assign to the NAT gateway. Default: - If you don't provide an address, a private IPv4 address will be automatically assigned.
+        :param secondary_allocation_ids: (experimental) Secondary EIP allocation IDs. Default: - no secondary allocation IDs attached to NATGW
+        :param secondary_private_ip_address_count: (experimental) The number of secondary private IPv4 addresses you want to assign to the NAT gateway. ``SecondaryPrivateIpAddressCount`` and ``SecondaryPrivateIpAddresses`` cannot be set at the same time. Default: - no secondary allocation IDs associated with NATGW
+        :param secondary_private_ip_addresses: (experimental) Secondary private IPv4 addresses. ``SecondaryPrivateIpAddressCount`` and ``SecondaryPrivateIpAddresses`` cannot be set at the same time. Default: - no secondary private IpAddresses associated with NATGW
+        :default: ConnectivityType.Public
+        :stability: experimental
+        '''
+        options = NatGatewayOptions(
+            subnet=subnet,
+            allocation_id=allocation_id,
+            connectivity_type=connectivity_type,
+            max_drain_duration=max_drain_duration,
+            nat_gateway_name=nat_gateway_name,
+            private_ip_address=private_ip_address,
+            secondary_allocation_ids=secondary_allocation_ids,
+            secondary_private_ip_address_count=secondary_private_ip_address_count,
+            secondary_private_ip_addresses=secondary_private_ip_addresses,
+        )
+        return typing.cast("NatGateway", jsii.invoke(self, "addNatGateway", [options]))
+    @jsii.member(jsii_name="enableVpnGatewayV2")
+    def enable_vpn_gateway_v2(
+        self,
+        *,
+        type: _aws_cdk_aws_ec2_ceddda9d.VpnConnectionType,
+        amazon_side_asn: typing.Optional[jsii.Number] = None,
+        vpn_gateway_name: typing.Optional[builtins.str] = None,
+        vpn_route_propagation: typing.Optional[typing.Sequence[typing.Union[_aws_cdk_aws_ec2_ceddda9d.SubnetSelection, typing.Dict[builtins.str, typing.Any]]]] = None,
+    ) -> "VPNGatewayV2":
+        '''(experimental) Adds VPN Gateway to VPC and set route propogation.
+        For more information, see the {@link https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ec2-vpngateway.html}.
+        :param type: (experimental) The type of VPN connection the virtual private gateway supports.
+        :param amazon_side_asn: (experimental) The private Autonomous System Number (ASN) for the Amazon side of a BGP session. Default: - no ASN set for BGP session
+        :param vpn_gateway_name: (experimental) The resource name of the VPN gateway. Default: - resource provisioned without any name
+        :param vpn_route_propagation: (experimental) Subnets where the route propagation should be added. Default: - no propogation for routes
+        :default: - no route propogation
         :stability: experimental
         '''
-        return typing.cast(typing.List[_aws_cdk_aws_ec2_ceddda9d.CfnVPCCidrBlock], jsii.get(self, "secondaryCidrBlock"))
+        options = VPNGatewayV2Options(
+            type=type,
+            amazon_side_asn=amazon_side_asn,
+            vpn_gateway_name=vpn_gateway_name,
+            vpn_route_propagation=vpn_route_propagation,
+        )
+        return typing.cast("VPNGatewayV2", jsii.invoke(self, "enableVpnGatewayV2", [options]))
 # Adding a "__jsii_proxy_class__(): typing.Type" function to the interface
 typing.cast(typing.Any, IVpcV2).__jsii_proxy_class__ = lambda : _IVpcV2Proxy
@@ -935,21 +1437,21 @@ class InternetGateway(
     Example::
         stack = Stack()
-        my_vpc = vpc_v2.VpcV2(self, "Vpc")
-        route_table = vpc_v2.RouteTable(self, "RouteTable",
+        my_vpc = VpcV2(self, "Vpc")
+        route_table = RouteTable(self, "RouteTable",
             vpc=my_vpc
         )
-        subnet = vpc_v2.SubnetV2(self, "Subnet",
+        subnet = SubnetV2(self, "Subnet",
             vpc=my_vpc,
             availability_zone="eu-west-2a",
             ipv4_cidr_block=IpCidr("10.0.0.0/24"),
-            subnet_type=ec2.SubnetType.PRIVATE_ISOLATED
+            subnet_type=SubnetType.PRIVATE_ISOLATED
         )
-        igw = vpc_v2.InternetGateway(self, "IGW",
+        igw = InternetGateway(self, "IGW",
             vpc=my_vpc
         )
-        vpc_v2.Route(self, "IgwRoute",
+        Route(self, "IgwRoute",
             route_table=route_table,
             destination="0.0.0.0/0",
             target={"gateway": igw}
@@ -968,7 +1470,7 @@ class InternetGateway(
         :param scope: -
         :param id: -
         :param vpc: (experimental) The ID of the VPC for which to create the internet gateway.
-        :param internet_gateway_name: (experimental) The resource name of the internet gateway. Default: none
+        :param internet_gateway_name: (experimental) The resource name of the internet gateway. Default: - provisioned without a resource name
         :stability: experimental
         '''
@@ -1019,6 +1521,89 @@ class InternetGateway(
         return typing.cast(builtins.str, jsii.get(self, "vpcId"))
+@jsii.data_type(
+    jsii_type="@aws-cdk/aws-ec2-alpha.InternetGatewayOptions",
+    jsii_struct_bases=[],
+    name_mapping={
+        "ipv4_destination": "ipv4Destination",
+        "ipv6_destination": "ipv6Destination",
+    },
+)
+class InternetGatewayOptions:
+    def __init__(
+        self,
+        *,
+        ipv4_destination: typing.Optional[builtins.str] = None,
+        ipv6_destination: typing.Optional[builtins.str] = None,
+    ) -> None:
+        '''(experimental) Options to define InternetGateway for VPC.
+        :param ipv4_destination: (experimental) Destination Ipv6 address for EGW route. Default: - '0.0.0.0' all Ipv4 traffic
+        :param ipv6_destination: (experimental) Destination Ipv6 address for EGW route. Default: - '::/0' all Ipv6 traffic
+        :stability: experimental
+        :exampleMetadata: infused
+        Example::
+            stack = Stack()
+            my_vpc = VpcV2(self, "Vpc")
+            subnet = SubnetV2(self, "Subnet",
+                vpc=my_vpc,
+                availability_zone="eu-west-2a",
+                ipv4_cidr_block=IpCidr("10.0.0.0/24"),
+                subnet_type=SubnetType.PUBLIC
+            )
+            my_vpc.add_internet_gateway(
+                ipv4_destination="192.168.0.0/16"
+            )
+        '''
+        if __debug__:
+            type_hints = typing.get_type_hints(_typecheckingstub__1767be14586e30c26bcd910b9753aae1720568db2bf09fbf8dd100e10ab1fc09)
+            check_type(argname="argument ipv4_destination", value=ipv4_destination, expected_type=type_hints["ipv4_destination"])
+            check_type(argname="argument ipv6_destination", value=ipv6_destination, expected_type=type_hints["ipv6_destination"])
+        self._values: typing.Dict[builtins.str, typing.Any] = {}
+        if ipv4_destination is not None:
+            self._values["ipv4_destination"] = ipv4_destination
+        if ipv6_destination is not None:
+            self._values["ipv6_destination"] = ipv6_destination
+    @builtins.property
+    def ipv4_destination(self) -> typing.Optional[builtins.str]:
+        '''(experimental) Destination Ipv6 address for EGW route.
+        :default: - '0.0.0.0' all Ipv4 traffic
+        :stability: experimental
+        '''
+        result = self._values.get("ipv4_destination")
+        return typing.cast(typing.Optional[builtins.str], result)
+    @builtins.property
+    def ipv6_destination(self) -> typing.Optional[builtins.str]:
+        '''(experimental) Destination Ipv6 address for EGW route.
+        :default: - '::/0' all Ipv6 traffic
+        :stability: experimental
+        '''
+        result = self._values.get("ipv6_destination")
+        return typing.cast(typing.Optional[builtins.str], result)
+    def __eq__(self, rhs: typing.Any) -> builtins.bool:
+        return isinstance(rhs, self.__class__) and rhs._values == self._values
+    def __ne__(self, rhs: typing.Any) -> builtins.bool:
+        return not (rhs == self)
+    def __repr__(self) -> str:
+        return "InternetGatewayOptions(%s)" % ", ".join(
+            k + "=" + repr(v) for k, v in self._values.items()
+        )
 @jsii.data_type(
     jsii_type="@aws-cdk/aws-ec2-alpha.InternetGatewayProps",
     jsii_struct_bases=[],
@@ -1034,7 +1619,7 @@ class InternetGatewayProps:
         '''(experimental) Properties to define an internet gateway.
         :param vpc: (experimental) The ID of the VPC for which to create the internet gateway.
-        :param internet_gateway_name: (experimental) The resource name of the internet gateway. Default: none
+        :param internet_gateway_name: (experimental) The resource name of the internet gateway. Default: - provisioned without a resource name
         :stability: experimental
         :exampleMetadata: infused
@@ -1042,21 +1627,21 @@ class InternetGatewayProps:
         Example::
             stack = Stack()
-            my_vpc = vpc_v2.VpcV2(self, "Vpc")
-            route_table = vpc_v2.RouteTable(self, "RouteTable",
+            my_vpc = VpcV2(self, "Vpc")
+            route_table = RouteTable(self, "RouteTable",
                 vpc=my_vpc
             )
-            subnet = vpc_v2.SubnetV2(self, "Subnet",
+            subnet = SubnetV2(self, "Subnet",
                 vpc=my_vpc,
                 availability_zone="eu-west-2a",
                 ipv4_cidr_block=IpCidr("10.0.0.0/24"),
-                subnet_type=ec2.SubnetType.PRIVATE_ISOLATED
+                subnet_type=SubnetType.PRIVATE_ISOLATED
             )
-            igw = vpc_v2.InternetGateway(self, "IGW",
+            igw = InternetGateway(self, "IGW",
                 vpc=my_vpc
             )
-            vpc_v2.Route(self, "IgwRoute",
+            Route(self, "IgwRoute",
                 route_table=route_table,
                 destination="0.0.0.0/0",
                 target={"gateway": igw}
@@ -1086,7 +1671,7 @@ class InternetGatewayProps:
     def internet_gateway_name(self) -> typing.Optional[builtins.str]:
         '''(experimental) The resource name of the internet gateway.
-        :default: none
+        :default: - provisioned without a resource name
         :stability: experimental
         '''
@@ -1112,24 +1697,15 @@ class IpAddresses(
     '''(experimental) IpAddress options to define VPC V2.
     :stability: experimental
-    :exampleMetadata: infused
+    :exampleMetadata: fixture=_generated
     Example::
-        stack = Stack()
-        my_vpc = vpc_v2.VpcV2(self, "Vpc",
-            secondary_address_blocks=[
-                vpc_v2.IpAddresses.amazon_provided_ipv6(cidr_block_name="AmazonProvidedIp")
-            ]
-        )
+        # The code below shows an example of how to instantiate this type.
+        # The values are placeholders you should change.
+        import aws_cdk.aws_ec2_alpha as ec2_alpha
-        vpc_v2.SubnetV2(self, "subnetA",
-            vpc=my_vpc,
-            availability_zone="us-east-1a",
-            ipv4_cidr_block=vpc_v2.IpCidr("10.0.0.0/24"),
-            ipv6_cidr_block=vpc_v2.IpCidr("2a05:d02c:25:4000::/60"),
-            subnet_type=ec2.SubnetType.PRIVATE_ISOLATED
-        )
+        ip_addresses = ec2_alpha.IpAddresses()
     '''
     def __init__(self) -> None:
@@ -1185,8 +1761,8 @@ class IpAddresses(
         '''(experimental) An Ipv4 Ipam Pool.
         :param cidr_block_name: (experimental) Required to set Secondary cidr block resource name in order to generate unique logical id for the resource.
-        :param ipam_pool: (experimental) Ipv4 or an Ipv6 IPAM pool Only required when using AWS Ipam. Default: - None
-        :param netmask_length: (experimental) CIDR Mask for Vpc Only required when using AWS Ipam. Default: - None
+        :param ipam_pool: (experimental) Ipv4 or an Ipv6 IPAM pool Only required when using AWS Ipam. Default: - no pool attached to VPC secondary address
+        :param netmask_length: (experimental) CIDR Mask for Vpc Only required when using AWS Ipam. Default: - no netmask length for IPAM attached to VPC secondary address
         :stability: experimental
         '''
@@ -1210,8 +1786,8 @@ class IpAddresses(
         '''(experimental) An Ipv6 Ipam Pool.
         :param cidr_block_name: (experimental) Required to set Secondary cidr block resource name in order to generate unique logical id for the resource.
-        :param ipam_pool: (experimental) Ipv4 or an Ipv6 IPAM pool Only required when using AWS Ipam. Default: - None
-        :param netmask_length: (experimental) CIDR Mask for Vpc Only required when using AWS Ipam. Default: - None
+        :param ipam_pool: (experimental) Ipv4 or an Ipv6 IPAM pool Only required when using AWS Ipam. Default: - no pool attached to VPC secondary address
+        :param netmask_length: (experimental) CIDR Mask for Vpc Only required when using AWS Ipam. Default: - no netmask length for IPAM attached to VPC secondary address
         :stability: experimental
         '''
@@ -1233,24 +1809,21 @@ class IpCidr(metaclass=jsii.JSIIMeta, jsii_type="@aws-cdk/aws-ec2-alpha.IpCidr")
     Example::
         stack = Stack()
-        my_vpc = vpc_v2.VpcV2(self, "Vpc")
-        route_table = vpc_v2.RouteTable(self, "RouteTable",
+        my_vpc = VpcV2(self, "Vpc")
+        route_table = RouteTable(self, "RouteTable",
             vpc=my_vpc
         )
-        subnet = vpc_v2.SubnetV2(self, "Subnet",
+        subnet = SubnetV2(self, "Subnet",
             vpc=my_vpc,
             availability_zone="eu-west-2a",
             ipv4_cidr_block=IpCidr("10.0.0.0/24"),
-            subnet_type=ec2.SubnetType.PRIVATE_ISOLATED
+            subnet_type=SubnetType.PUBLIC
         )
-        igw = vpc_v2.InternetGateway(self, "IGW",
-            vpc=my_vpc
-        )
-        vpc_v2.Route(self, "IgwRoute",
-            route_table=route_table,
-            destination="0.0.0.0/0",
-            target={"gateway": igw}
+        my_vpc.add_internet_gateway()
+        my_vpc.add_nat_gateway(
+            subnet=subnet,
+            connectivity_type=NatConnectivityType.PUBLIC
         )
     '''
@@ -1294,28 +1867,28 @@ class Ipam(
             operating_region=["us-west-1"]
         )
         ipam_public_pool = ipam.public_scope.add_pool("PublicPoolA",
-            address_family=vpc_v2.AddressFamily.IP_V6,
+            address_family=AddressFamily.IP_V6,
             aws_service=AwsServiceName.EC2,
             locale="us-west-1",
-            public_ip_source=vpc_v2.IpamPoolPublicIpSource.AMAZON
+            public_ip_source=IpamPoolPublicIpSource.AMAZON
         )
         ipam_public_pool.provision_cidr("PublicPoolACidrA", netmask_length=52)
         ipam_private_pool = ipam.private_scope.add_pool("PrivatePoolA",
-            address_family=vpc_v2.AddressFamily.IP_V4
+            address_family=AddressFamily.IP_V4
         )
         ipam_private_pool.provision_cidr("PrivatePoolACidrA", netmask_length=8)
-        vpc_v2.VpcV2(self, "Vpc",
-            primary_address_block=vpc_v2.IpAddresses.ipv4("10.0.0.0/24"),
+        VpcV2(self, "Vpc",
+            primary_address_block=IpAddresses.ipv4("10.0.0.0/24"),
             secondary_address_blocks=[
-                vpc_v2.IpAddresses.amazon_provided_ipv6(cidr_block_name="AmazonIpv6"),
-                vpc_v2.IpAddresses.ipv6_ipam(
+                IpAddresses.amazon_provided_ipv6(cidr_block_name="AmazonIpv6"),
+                IpAddresses.ipv6_ipam(
                     ipam_pool=ipam_public_pool,
                     netmask_length=52,
                     cidr_block_name="ipv6Ipam"
                 ),
-                vpc_v2.IpAddresses.ipv4_ipam(
+                IpAddresses.ipv4_ipam(
                     ipam_pool=ipam_private_pool,
                     netmask_length=8,
                     cidr_block_name="ipv4Ipam"
@@ -1335,8 +1908,8 @@ class Ipam(
         '''
         :param scope: -
         :param id: -
-        :param ipam_name: (experimental) Name of IPAM that can be used for tagging resource. Default: none
-        :param operating_region: (experimental) The operating Regions for an IPAM. Operating Regions are AWS Regions where the IPAM is allowed to manage IP address CIDRs For more information about operating Regions, see `Create an IPAM <https://docs.aws.amazon.com//vpc/latest/ipam/create-ipam.html>`_ in the *Amazon VPC IPAM User Guide* . Default: Stack.region if defined else []
+        :param ipam_name: (experimental) Name of IPAM that can be used for tagging resource. Default: - If no name provided, no tags will be added to the IPAM
+        :param operating_region: (experimental) The operating Regions for an IPAM. Operating Regions are AWS Regions where the IPAM is allowed to manage IP address CIDRs For more information about operating Regions, see `Create an IPAM <https://docs.aws.amazon.com//vpc/latest/ipam/create-ipam.html>`_ in the *Amazon VPC IPAM User Guide* . Default: - Stack.region if defined in the stack
         :stability: experimental
         '''
@@ -1360,7 +1933,7 @@ class Ipam(
         :param scope: -
         :param id: -
-        :param ipam_scope_name: (experimental) IPAM scope name that will be used for tagging. Default: none
+        :param ipam_scope_name: (experimental) IPAM scope name that will be used for tagging. Default: - no tags will be added to the scope
         :stability: experimental
         '''
@@ -1447,8 +2020,8 @@ class IpamOptions:
         For more information, see the {@link https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ec2-ipam.html}.
         :param cidr_block_name: (experimental) Required to set Secondary cidr block resource name in order to generate unique logical id for the resource.
-        :param ipam_pool: (experimental) Ipv4 or an Ipv6 IPAM pool Only required when using AWS Ipam. Default: - None
-        :param netmask_length: (experimental) CIDR Mask for Vpc Only required when using AWS Ipam. Default: - None
+        :param ipam_pool: (experimental) Ipv4 or an Ipv6 IPAM pool Only required when using AWS Ipam. Default: - no pool attached to VPC secondary address
+        :param netmask_length: (experimental) CIDR Mask for Vpc Only required when using AWS Ipam. Default: - no netmask length for IPAM attached to VPC secondary address
         :stability: experimental
         :exampleMetadata: infused
@@ -1460,28 +2033,28 @@ class IpamOptions:
                 operating_region=["us-west-1"]
             )
             ipam_public_pool = ipam.public_scope.add_pool("PublicPoolA",
-                address_family=vpc_v2.AddressFamily.IP_V6,
+                address_family=AddressFamily.IP_V6,
                 aws_service=AwsServiceName.EC2,
                 locale="us-west-1",
-                public_ip_source=vpc_v2.IpamPoolPublicIpSource.AMAZON
+                public_ip_source=IpamPoolPublicIpSource.AMAZON
             )
             ipam_public_pool.provision_cidr("PublicPoolACidrA", netmask_length=52)
             ipam_private_pool = ipam.private_scope.add_pool("PrivatePoolA",
-                address_family=vpc_v2.AddressFamily.IP_V4
+                address_family=AddressFamily.IP_V4
             )
             ipam_private_pool.provision_cidr("PrivatePoolACidrA", netmask_length=8)
-            vpc_v2.VpcV2(self, "Vpc",
-                primary_address_block=vpc_v2.IpAddresses.ipv4("10.0.0.0/24"),
+            VpcV2(self, "Vpc",
+                primary_address_block=IpAddresses.ipv4("10.0.0.0/24"),
                 secondary_address_blocks=[
-                    vpc_v2.IpAddresses.amazon_provided_ipv6(cidr_block_name="AmazonIpv6"),
-                    vpc_v2.IpAddresses.ipv6_ipam(
+                    IpAddresses.amazon_provided_ipv6(cidr_block_name="AmazonIpv6"),
+                    IpAddresses.ipv6_ipam(
                         ipam_pool=ipam_public_pool,
                         netmask_length=52,
                         cidr_block_name="ipv6Ipam"
                     ),
-                    vpc_v2.IpAddresses.ipv4_ipam(
+                    IpAddresses.ipv4_ipam(
                         ipam_pool=ipam_private_pool,
                         netmask_length=8,
                         cidr_block_name="ipv4Ipam"
@@ -1516,7 +2089,7 @@ class IpamOptions:
     def ipam_pool(self) -> typing.Optional[IIpamPool]:
         '''(experimental) Ipv4 or an Ipv6 IPAM pool Only required when using AWS Ipam.
-        :default: - None
+        :default: - no pool attached to VPC secondary address
         :stability: experimental
         '''
@@ -1527,7 +2100,7 @@ class IpamOptions:
     def netmask_length(self) -> typing.Optional[jsii.Number]:
         '''(experimental) CIDR Mask for Vpc Only required when using AWS Ipam.
-        :default: - None
+        :default: - no netmask length for IPAM attached to VPC secondary address
         :stability: experimental
         '''
@@ -1562,8 +2135,8 @@ class IpamPoolCidrProvisioningOptions:
         Used to create a new IpamPoolCidr
-        :param cidr: (experimental) Ipv6 CIDR block for the IPAM pool. Default: none
-        :param netmask_length: (experimental) Ipv6 Netmask length for the CIDR. Default: none
+        :param cidr: (experimental) Ipv6 CIDR block for the IPAM pool. Default: - pool provisioned without netmask length, need netmask length in this case
+        :param netmask_length: (experimental) Ipv6 Netmask length for the CIDR. Default: - pool provisioned without netmask length, need cidr range in this case
         :see: https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ec2-ipampoolcidr.html
         :stability: experimental
@@ -1576,28 +2149,28 @@ class IpamPoolCidrProvisioningOptions:
                 operating_region=["us-west-1"]
             )
             ipam_public_pool = ipam.public_scope.add_pool("PublicPoolA",
-                address_family=vpc_v2.AddressFamily.IP_V6,
+                address_family=AddressFamily.IP_V6,
                 aws_service=AwsServiceName.EC2,
                 locale="us-west-1",
-                public_ip_source=vpc_v2.IpamPoolPublicIpSource.AMAZON
+                public_ip_source=IpamPoolPublicIpSource.AMAZON
             )
             ipam_public_pool.provision_cidr("PublicPoolACidrA", netmask_length=52)
             ipam_private_pool = ipam.private_scope.add_pool("PrivatePoolA",
-                address_family=vpc_v2.AddressFamily.IP_V4
+                address_family=AddressFamily.IP_V4
             )
             ipam_private_pool.provision_cidr("PrivatePoolACidrA", netmask_length=8)
-            vpc_v2.VpcV2(self, "Vpc",
-                primary_address_block=vpc_v2.IpAddresses.ipv4("10.0.0.0/24"),
+            VpcV2(self, "Vpc",
+                primary_address_block=IpAddresses.ipv4("10.0.0.0/24"),
                 secondary_address_blocks=[
-                    vpc_v2.IpAddresses.amazon_provided_ipv6(cidr_block_name="AmazonIpv6"),
-                    vpc_v2.IpAddresses.ipv6_ipam(
+                    IpAddresses.amazon_provided_ipv6(cidr_block_name="AmazonIpv6"),
+                    IpAddresses.ipv6_ipam(
                         ipam_pool=ipam_public_pool,
                         netmask_length=52,
                         cidr_block_name="ipv6Ipam"
                     ),
-                    vpc_v2.IpAddresses.ipv4_ipam(
+                    IpAddresses.ipv4_ipam(
                         ipam_pool=ipam_private_pool,
                         netmask_length=8,
                         cidr_block_name="ipv4Ipam"
@@ -1619,7 +2192,7 @@ class IpamPoolCidrProvisioningOptions:
     def cidr(self) -> typing.Optional[builtins.str]:
         '''(experimental) Ipv6 CIDR block for the IPAM pool.
-        :default: none
+        :default: - pool provisioned without netmask length, need netmask length in this case
         :stability: experimental
         '''
@@ -1630,7 +2203,7 @@ class IpamPoolCidrProvisioningOptions:
     def netmask_length(self) -> typing.Optional[jsii.Number]:
         '''(experimental) Ipv6 Netmask length for the CIDR.
-        :default: none
+        :default: - pool provisioned without netmask length, need cidr range in this case
         :stability: experimental
         '''
@@ -1666,28 +2239,28 @@ class IpamPoolPublicIpSource(enum.Enum):
             operating_region=["us-west-1"]
         )
         ipam_public_pool = ipam.public_scope.add_pool("PublicPoolA",
-            address_family=vpc_v2.AddressFamily.IP_V6,
+            address_family=AddressFamily.IP_V6,
             aws_service=AwsServiceName.EC2,
             locale="us-west-1",
-            public_ip_source=vpc_v2.IpamPoolPublicIpSource.AMAZON
+            public_ip_source=IpamPoolPublicIpSource.AMAZON
         )
         ipam_public_pool.provision_cidr("PublicPoolACidrA", netmask_length=52)
         ipam_private_pool = ipam.private_scope.add_pool("PrivatePoolA",
-            address_family=vpc_v2.AddressFamily.IP_V4
+            address_family=AddressFamily.IP_V4
         )
         ipam_private_pool.provision_cidr("PrivatePoolACidrA", netmask_length=8)
-        vpc_v2.VpcV2(self, "Vpc",
-            primary_address_block=vpc_v2.IpAddresses.ipv4("10.0.0.0/24"),
+        VpcV2(self, "Vpc",
+            primary_address_block=IpAddresses.ipv4("10.0.0.0/24"),
             secondary_address_blocks=[
-                vpc_v2.IpAddresses.amazon_provided_ipv6(cidr_block_name="AmazonIpv6"),
-                vpc_v2.IpAddresses.ipv6_ipam(
+                IpAddresses.amazon_provided_ipv6(cidr_block_name="AmazonIpv6"),
+                IpAddresses.ipv6_ipam(
                     ipam_pool=ipam_public_pool,
                     netmask_length=52,
                     cidr_block_name="ipv6Ipam"
                 ),
-                vpc_v2.IpAddresses.ipv4_ipam(
+                IpAddresses.ipv4_ipam(
                     ipam_pool=ipam_private_pool,
                     netmask_length=8,
                     cidr_block_name="ipv4Ipam"
@@ -1722,8 +2295,8 @@ class IpamProps:
     ) -> None:
         '''(experimental) Options to create a new Ipam in the account.
-        :param ipam_name: (experimental) Name of IPAM that can be used for tagging resource. Default: none
-        :param operating_region: (experimental) The operating Regions for an IPAM. Operating Regions are AWS Regions where the IPAM is allowed to manage IP address CIDRs For more information about operating Regions, see `Create an IPAM <https://docs.aws.amazon.com//vpc/latest/ipam/create-ipam.html>`_ in the *Amazon VPC IPAM User Guide* . Default: Stack.region if defined else []
+        :param ipam_name: (experimental) Name of IPAM that can be used for tagging resource. Default: - If no name provided, no tags will be added to the IPAM
+        :param operating_region: (experimental) The operating Regions for an IPAM. Operating Regions are AWS Regions where the IPAM is allowed to manage IP address CIDRs For more information about operating Regions, see `Create an IPAM <https://docs.aws.amazon.com//vpc/latest/ipam/create-ipam.html>`_ in the *Amazon VPC IPAM User Guide* . Default: - Stack.region if defined in the stack
         :stability: experimental
         :exampleMetadata: infused
@@ -1735,28 +2308,28 @@ class IpamProps:
                 operating_region=["us-west-1"]
             )
             ipam_public_pool = ipam.public_scope.add_pool("PublicPoolA",
-                address_family=vpc_v2.AddressFamily.IP_V6,
+                address_family=AddressFamily.IP_V6,
                 aws_service=AwsServiceName.EC2,
                 locale="us-west-1",
-                public_ip_source=vpc_v2.IpamPoolPublicIpSource.AMAZON
+                public_ip_source=IpamPoolPublicIpSource.AMAZON
             )
             ipam_public_pool.provision_cidr("PublicPoolACidrA", netmask_length=52)
             ipam_private_pool = ipam.private_scope.add_pool("PrivatePoolA",
-                address_family=vpc_v2.AddressFamily.IP_V4
+                address_family=AddressFamily.IP_V4
             )
             ipam_private_pool.provision_cidr("PrivatePoolACidrA", netmask_length=8)
-            vpc_v2.VpcV2(self, "Vpc",
-                primary_address_block=vpc_v2.IpAddresses.ipv4("10.0.0.0/24"),
+            VpcV2(self, "Vpc",
+                primary_address_block=IpAddresses.ipv4("10.0.0.0/24"),
                 secondary_address_blocks=[
-                    vpc_v2.IpAddresses.amazon_provided_ipv6(cidr_block_name="AmazonIpv6"),
-                    vpc_v2.IpAddresses.ipv6_ipam(
+                    IpAddresses.amazon_provided_ipv6(cidr_block_name="AmazonIpv6"),
+                    IpAddresses.ipv6_ipam(
                         ipam_pool=ipam_public_pool,
                         netmask_length=52,
                         cidr_block_name="ipv6Ipam"
                     ),
-                    vpc_v2.IpAddresses.ipv4_ipam(
+                    IpAddresses.ipv4_ipam(
                         ipam_pool=ipam_private_pool,
                         netmask_length=8,
                         cidr_block_name="ipv4Ipam"
@@ -1778,7 +2351,7 @@ class IpamProps:
     def ipam_name(self) -> typing.Optional[builtins.str]:
         '''(experimental) Name of IPAM that can be used for tagging resource.
-        :default: none
+        :default: - If no name provided, no tags will be added to the IPAM
         :stability: experimental
         '''
@@ -1792,7 +2365,7 @@ class IpamProps:
         Operating Regions are AWS Regions where the IPAM is allowed to manage IP address CIDRs
         For more information about operating Regions, see `Create an IPAM <https://docs.aws.amazon.com//vpc/latest/ipam/create-ipam.html>`_ in the *Amazon VPC IPAM User Guide* .
-        :default: Stack.region if defined else []
+        :default: - Stack.region if defined in the stack
         :see: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ec2-ipam.html#cfn-ec2-ipam-operatingregions
         :stability: experimental
@@ -1825,7 +2398,7 @@ class IpamScopeOptions:
     ) -> None:
         '''(experimental) Being used in IPAM class to add pools to default scope created by IPAM.
-        :param ipam_scope_name: (experimental) IPAM scope name that will be used for tagging. Default: none
+        :param ipam_scope_name: (experimental) IPAM scope name that will be used for tagging. Default: - no tags will be added to the scope
         :stability: experimental
         :exampleMetadata: fixture=_generated
@@ -1851,7 +2424,7 @@ class IpamScopeOptions:
     def ipam_scope_name(self) -> typing.Optional[builtins.str]:
         '''(experimental) IPAM scope name that will be used for tagging.
-        :default: none
+        :default: - no tags will be added to the scope
         :stability: experimental
         '''
@@ -1901,24 +2474,24 @@ class NatConnectivityType(enum.Enum):
     Example::
-        my_vpc = vpc_v2.VpcV2(self, "Vpc")
-        route_table = vpc_v2.RouteTable(self, "RouteTable",
+        my_vpc = VpcV2(self, "Vpc")
+        route_table = RouteTable(self, "RouteTable",
             vpc=my_vpc
         )
-        subnet = vpc_v2.SubnetV2(self, "Subnet",
+        subnet = SubnetV2(self, "Subnet",
             vpc=my_vpc,
             availability_zone="eu-west-2a",
             ipv4_cidr_block=IpCidr("10.0.0.0/24"),
-            subnet_type=ec2.SubnetType.PRIVATE_ISOLATED
+            subnet_type=SubnetType.PRIVATE_ISOLATED
         )
-        natgw = vpc_v2.NatGateway(self, "NatGW",
+        natgw = NatGateway(self, "NatGW",
             subnet=subnet,
             vpc=my_vpc,
             connectivity_type=NatConnectivityType.PRIVATE,
             private_ip_address="10.0.0.42"
         )
-        vpc_v2.Route(self, "NatGwRoute",
+        Route(self, "NatGwRoute",
             route_table=route_table,
             destination="0.0.0.0/0",
             target={"gateway": natgw}
@@ -1951,24 +2524,24 @@ class NatGateway(
     Example::
-        my_vpc = vpc_v2.VpcV2(self, "Vpc")
-        route_table = vpc_v2.RouteTable(self, "RouteTable",
+        my_vpc = VpcV2(self, "Vpc")
+        route_table = RouteTable(self, "RouteTable",
             vpc=my_vpc
         )
-        subnet = vpc_v2.SubnetV2(self, "Subnet",
+        subnet = SubnetV2(self, "Subnet",
             vpc=my_vpc,
             availability_zone="eu-west-2a",
             ipv4_cidr_block=IpCidr("10.0.0.0/24"),
-            subnet_type=ec2.SubnetType.PRIVATE_ISOLATED
+            subnet_type=SubnetType.PRIVATE_ISOLATED
         )
-        natgw = vpc_v2.NatGateway(self, "NatGW",
+        natgw = NatGateway(self, "NatGW",
             subnet=subnet,
             vpc=my_vpc,
             connectivity_type=NatConnectivityType.PRIVATE,
             private_ip_address="10.0.0.42"
         )
-        vpc_v2.Route(self, "NatGwRoute",
+        Route(self, "NatGwRoute",
             route_table=route_table,
             destination="0.0.0.0/0",
             target={"gateway": natgw}
@@ -1980,7 +2553,8 @@ class NatGateway(
         scope: _constructs_77d1e7e8.Construct,
         id: builtins.str,
         *,
-        subnet: _aws_cdk_aws_ec2_ceddda9d.ISubnet,
+        vpc: typing.Optional[IVpcV2] = None,
+        subnet: ISubnetV2,
         allocation_id: typing.Optional[builtins.str] = None,
         connectivity_type: typing.Optional[NatConnectivityType] = None,
         max_drain_duration: typing.Optional[_aws_cdk_ceddda9d.Duration] = None,
@@ -1989,96 +2563,317 @@ class NatGateway(
         secondary_allocation_ids: typing.Optional[typing.Sequence[builtins.str]] = None,
         secondary_private_ip_address_count: typing.Optional[jsii.Number] = None,
         secondary_private_ip_addresses: typing.Optional[typing.Sequence[builtins.str]] = None,
-        vpc: typing.Optional[IVpcV2] = None,
     ) -> None:
         '''
         :param scope: -
         :param id: -
+        :param vpc: (experimental) The ID of the VPC in which the NAT gateway is located. Default: - no elastic ip associated, required in case of public connectivity if ``AllocationId`` is not defined
+        :param subnet: (experimental) The subnet in which the NAT gateway is located.
+        :param allocation_id: (experimental) AllocationID of Elastic IP address that's associated with the NAT gateway. This property is required for a public NAT gateway and cannot be specified with a private NAT gateway. Default: - attr.allocationID of a new Elastic IP created by default //TODO: ADD L2 for elastic ip
+        :param connectivity_type: (experimental) Indicates whether the NAT gateway supports public or private connectivity. Default: NatConnectivityType.Public
+        :param max_drain_duration: (experimental) The maximum amount of time to wait before forcibly releasing the IP addresses if connections are still in progress. Default: 350seconds
+        :param nat_gateway_name: (experimental) The resource name of the NAT gateway. Default: - NATGW provisioned without any name
+        :param private_ip_address: (experimental) The private IPv4 address to assign to the NAT gateway. Default: - If you don't provide an address, a private IPv4 address will be automatically assigned.
+        :param secondary_allocation_ids: (experimental) Secondary EIP allocation IDs. Default: - no secondary allocation IDs attached to NATGW
+        :param secondary_private_ip_address_count: (experimental) The number of secondary private IPv4 addresses you want to assign to the NAT gateway. ``SecondaryPrivateIpAddressCount`` and ``SecondaryPrivateIpAddresses`` cannot be set at the same time. Default: - no secondary allocation IDs associated with NATGW
+        :param secondary_private_ip_addresses: (experimental) Secondary private IPv4 addresses. ``SecondaryPrivateIpAddressCount`` and ``SecondaryPrivateIpAddresses`` cannot be set at the same time. Default: - no secondary private IpAddresses associated with NATGW
+        :stability: experimental
+        '''
+        if __debug__:
+            type_hints = typing.get_type_hints(_typecheckingstub__3204c5cc1ee92d73075b1e2c597a7d7bb9eb73b154f33262369b6b4ac9ec33f4)
+            check_type(argname="argument scope", value=scope, expected_type=type_hints["scope"])
+            check_type(argname="argument id", value=id, expected_type=type_hints["id"])
+        props = NatGatewayProps(
+            vpc=vpc,
+            subnet=subnet,
+            allocation_id=allocation_id,
+            connectivity_type=connectivity_type,
+            max_drain_duration=max_drain_duration,
+            nat_gateway_name=nat_gateway_name,
+            private_ip_address=private_ip_address,
+            secondary_allocation_ids=secondary_allocation_ids,
+            secondary_private_ip_address_count=secondary_private_ip_address_count,
+            secondary_private_ip_addresses=secondary_private_ip_addresses,
+        )
+        jsii.create(self.__class__, self, [scope, id, props])
+    @builtins.property
+    @jsii.member(jsii_name="resource")
+    def resource(self) -> _aws_cdk_aws_ec2_ceddda9d.CfnNatGateway:
+        '''(experimental) The NAT gateway CFN resource.
+        :stability: experimental
+        '''
+        return typing.cast(_aws_cdk_aws_ec2_ceddda9d.CfnNatGateway, jsii.get(self, "resource"))
+    @builtins.property
+    @jsii.member(jsii_name="routerTargetId")
+    def router_target_id(self) -> builtins.str:
+        '''(experimental) The ID of the route target.
+        :stability: experimental
+        '''
+        return typing.cast(builtins.str, jsii.get(self, "routerTargetId"))
+    @builtins.property
+    @jsii.member(jsii_name="routerType")
+    def router_type(self) -> _aws_cdk_aws_ec2_ceddda9d.RouterType:
+        '''(experimental) The type of router used in the route.
+        :stability: experimental
+        '''
+        return typing.cast(_aws_cdk_aws_ec2_ceddda9d.RouterType, jsii.get(self, "routerType"))
+    @builtins.property
+    @jsii.member(jsii_name="connectivityType")
+    def connectivity_type(self) -> typing.Optional[NatConnectivityType]:
+        '''(experimental) Indicates whether the NAT gateway supports public or private connectivity.
+        :default: public
+        :stability: experimental
+        '''
+        return typing.cast(typing.Optional[NatConnectivityType], jsii.get(self, "connectivityType"))
+    @builtins.property
+    @jsii.member(jsii_name="maxDrainDuration")
+    def max_drain_duration(self) -> typing.Optional[_aws_cdk_ceddda9d.Duration]:
+        '''(experimental) The maximum amount of time to wait before forcibly releasing the IP addresses if connections are still in progress.
+        :default: '350 seconds'
+        :stability: experimental
+        '''
+        return typing.cast(typing.Optional[_aws_cdk_ceddda9d.Duration], jsii.get(self, "maxDrainDuration"))
+@jsii.data_type(
+    jsii_type="@aws-cdk/aws-ec2-alpha.NatGatewayOptions",
+    jsii_struct_bases=[],
+    name_mapping={
+        "subnet": "subnet",
+        "allocation_id": "allocationId",
+        "connectivity_type": "connectivityType",
+        "max_drain_duration": "maxDrainDuration",
+        "nat_gateway_name": "natGatewayName",
+        "private_ip_address": "privateIpAddress",
+        "secondary_allocation_ids": "secondaryAllocationIds",
+        "secondary_private_ip_address_count": "secondaryPrivateIpAddressCount",
+        "secondary_private_ip_addresses": "secondaryPrivateIpAddresses",
+    },
+)
+class NatGatewayOptions:
+    def __init__(
+        self,
+        *,
+        subnet: ISubnetV2,
+        allocation_id: typing.Optional[builtins.str] = None,
+        connectivity_type: typing.Optional[NatConnectivityType] = None,
+        max_drain_duration: typing.Optional[_aws_cdk_ceddda9d.Duration] = None,
+        nat_gateway_name: typing.Optional[builtins.str] = None,
+        private_ip_address: typing.Optional[builtins.str] = None,
+        secondary_allocation_ids: typing.Optional[typing.Sequence[builtins.str]] = None,
+        secondary_private_ip_address_count: typing.Optional[jsii.Number] = None,
+        secondary_private_ip_addresses: typing.Optional[typing.Sequence[builtins.str]] = None,
+    ) -> None:
+        '''(experimental) Options to define a NAT gateway.
         :param subnet: (experimental) The subnet in which the NAT gateway is located.
-        :param allocation_id: (experimental) AllocationID of Elastic IP address that's associated with the NAT gateway. This property is required for a public NAT gateway and cannot be specified with a private NAT gateway. Default: attr.allocationID of a new Elastic IP created by default //TODO: ADD L2 for elastic ip
-        :param connectivity_type: (experimental) Indicates whether the NAT gateway supports public or private connectivity. Default: public
-        :param max_drain_duration: (experimental) The maximum amount of time to wait before forcibly releasing the IP addresses if connections are still in progress. Default: 350 seconds
-        :param nat_gateway_name: (experimental) The resource name of the NAT gateway. Default: none
-        :param private_ip_address: (experimental) The private IPv4 address to assign to the NAT gateway. If you don't provide an address, a private IPv4 address will be automatically assigned. Default: none
-        :param secondary_allocation_ids: (experimental) Secondary EIP allocation IDs. Default: none
-        :param secondary_private_ip_address_count: (experimental) The number of secondary private IPv4 addresses you want to assign to the NAT gateway. ``SecondaryPrivateIpAddressCount`` and ``SecondaryPrivateIpAddresses`` cannot be set at the same time. Default: none
-        :param secondary_private_ip_addresses: (experimental) Secondary private IPv4 addresses. ``SecondaryPrivateIpAddressCount`` and ``SecondaryPrivateIpAddresses`` cannot be set at the same time. Default: none
-        :param vpc: (experimental) The ID of the VPC in which the NAT gateway is located. Default: none
+        :param allocation_id: (experimental) AllocationID of Elastic IP address that's associated with the NAT gateway. This property is required for a public NAT gateway and cannot be specified with a private NAT gateway. Default: - attr.allocationID of a new Elastic IP created by default //TODO: ADD L2 for elastic ip
+        :param connectivity_type: (experimental) Indicates whether the NAT gateway supports public or private connectivity. Default: NatConnectivityType.Public
+        :param max_drain_duration: (experimental) The maximum amount of time to wait before forcibly releasing the IP addresses if connections are still in progress. Default: 350seconds
+        :param nat_gateway_name: (experimental) The resource name of the NAT gateway. Default: - NATGW provisioned without any name
+        :param private_ip_address: (experimental) The private IPv4 address to assign to the NAT gateway. Default: - If you don't provide an address, a private IPv4 address will be automatically assigned.
+        :param secondary_allocation_ids: (experimental) Secondary EIP allocation IDs. Default: - no secondary allocation IDs attached to NATGW
+        :param secondary_private_ip_address_count: (experimental) The number of secondary private IPv4 addresses you want to assign to the NAT gateway. ``SecondaryPrivateIpAddressCount`` and ``SecondaryPrivateIpAddresses`` cannot be set at the same time. Default: - no secondary allocation IDs associated with NATGW
+        :param secondary_private_ip_addresses: (experimental) Secondary private IPv4 addresses. ``SecondaryPrivateIpAddressCount`` and ``SecondaryPrivateIpAddresses`` cannot be set at the same time. Default: - no secondary private IpAddresses associated with NATGW
+        :stability: experimental
+        :exampleMetadata: infused
+        Example::
+            stack = Stack()
+            my_vpc = VpcV2(self, "Vpc")
+            route_table = RouteTable(self, "RouteTable",
+                vpc=my_vpc
+            )
+            subnet = SubnetV2(self, "Subnet",
+                vpc=my_vpc,
+                availability_zone="eu-west-2a",
+                ipv4_cidr_block=IpCidr("10.0.0.0/24"),
+                subnet_type=SubnetType.PUBLIC
+            )
+            my_vpc.add_internet_gateway()
+            my_vpc.add_nat_gateway(
+                subnet=subnet,
+                connectivity_type=NatConnectivityType.PUBLIC
+            )
+        '''
+        if __debug__:
+            type_hints = typing.get_type_hints(_typecheckingstub__b95898dda7ef46705953a45c7eea2438b79c93d898a7eb07a91955ee9ff221c7)
+            check_type(argname="argument subnet", value=subnet, expected_type=type_hints["subnet"])
+            check_type(argname="argument allocation_id", value=allocation_id, expected_type=type_hints["allocation_id"])
+            check_type(argname="argument connectivity_type", value=connectivity_type, expected_type=type_hints["connectivity_type"])
+            check_type(argname="argument max_drain_duration", value=max_drain_duration, expected_type=type_hints["max_drain_duration"])
+            check_type(argname="argument nat_gateway_name", value=nat_gateway_name, expected_type=type_hints["nat_gateway_name"])
+            check_type(argname="argument private_ip_address", value=private_ip_address, expected_type=type_hints["private_ip_address"])
+            check_type(argname="argument secondary_allocation_ids", value=secondary_allocation_ids, expected_type=type_hints["secondary_allocation_ids"])
+            check_type(argname="argument secondary_private_ip_address_count", value=secondary_private_ip_address_count, expected_type=type_hints["secondary_private_ip_address_count"])
+            check_type(argname="argument secondary_private_ip_addresses", value=secondary_private_ip_addresses, expected_type=type_hints["secondary_private_ip_addresses"])
+        self._values: typing.Dict[builtins.str, typing.Any] = {
+            "subnet": subnet,
+        }
+        if allocation_id is not None:
+            self._values["allocation_id"] = allocation_id
+        if connectivity_type is not None:
+            self._values["connectivity_type"] = connectivity_type
+        if max_drain_duration is not None:
+            self._values["max_drain_duration"] = max_drain_duration
+        if nat_gateway_name is not None:
+            self._values["nat_gateway_name"] = nat_gateway_name
+        if private_ip_address is not None:
+            self._values["private_ip_address"] = private_ip_address
+        if secondary_allocation_ids is not None:
+            self._values["secondary_allocation_ids"] = secondary_allocation_ids
+        if secondary_private_ip_address_count is not None:
+            self._values["secondary_private_ip_address_count"] = secondary_private_ip_address_count
+        if secondary_private_ip_addresses is not None:
+            self._values["secondary_private_ip_addresses"] = secondary_private_ip_addresses
+    @builtins.property
+    def subnet(self) -> ISubnetV2:
+        '''(experimental) The subnet in which the NAT gateway is located.
+        :stability: experimental
+        '''
+        result = self._values.get("subnet")
+        assert result is not None, "Required property 'subnet' is missing"
+        return typing.cast(ISubnetV2, result)
+    @builtins.property
+    def allocation_id(self) -> typing.Optional[builtins.str]:
+        '''(experimental) AllocationID of Elastic IP address that's associated with the NAT gateway.
+        This property is required for a public NAT
+        gateway and cannot be specified with a private NAT gateway.
+        :default:
+        - attr.allocationID of a new Elastic IP created by default
+        //TODO: ADD L2 for elastic ip
+        :stability: experimental
+        '''
+        result = self._values.get("allocation_id")
+        return typing.cast(typing.Optional[builtins.str], result)
+    @builtins.property
+    def connectivity_type(self) -> typing.Optional[NatConnectivityType]:
+        '''(experimental) Indicates whether the NAT gateway supports public or private connectivity.
+        :default: NatConnectivityType.Public
         :stability: experimental
         '''
-        if __debug__:
-            type_hints = typing.get_type_hints(_typecheckingstub__3204c5cc1ee92d73075b1e2c597a7d7bb9eb73b154f33262369b6b4ac9ec33f4)
-            check_type(argname="argument scope", value=scope, expected_type=type_hints["scope"])
-            check_type(argname="argument id", value=id, expected_type=type_hints["id"])
-        props = NatGatewayProps(
-            subnet=subnet,
-            allocation_id=allocation_id,
-            connectivity_type=connectivity_type,
-            max_drain_duration=max_drain_duration,
-            nat_gateway_name=nat_gateway_name,
-            private_ip_address=private_ip_address,
-            secondary_allocation_ids=secondary_allocation_ids,
-            secondary_private_ip_address_count=secondary_private_ip_address_count,
-            secondary_private_ip_addresses=secondary_private_ip_addresses,
-            vpc=vpc,
-        )
+        result = self._values.get("connectivity_type")
+        return typing.cast(typing.Optional[NatConnectivityType], result)
-        jsii.create(self.__class__, self, [scope, id, props])
+    @builtins.property
+    def max_drain_duration(self) -> typing.Optional[_aws_cdk_ceddda9d.Duration]:
+        '''(experimental) The maximum amount of time to wait before forcibly releasing the IP addresses if connections are still in progress.
+        :default: 350seconds
+        :stability: experimental
+        '''
+        result = self._values.get("max_drain_duration")
+        return typing.cast(typing.Optional[_aws_cdk_ceddda9d.Duration], result)
     @builtins.property
-    @jsii.member(jsii_name="resource")
-    def resource(self) -> _aws_cdk_aws_ec2_ceddda9d.CfnNatGateway:
-        '''(experimental) The NAT gateway CFN resource.
+    def nat_gateway_name(self) -> typing.Optional[builtins.str]:
+        '''(experimental) The resource name of the NAT gateway.
+        :default: - NATGW provisioned without any name
         :stability: experimental
         '''
-        return typing.cast(_aws_cdk_aws_ec2_ceddda9d.CfnNatGateway, jsii.get(self, "resource"))
+        result = self._values.get("nat_gateway_name")
+        return typing.cast(typing.Optional[builtins.str], result)
     @builtins.property
-    @jsii.member(jsii_name="routerTargetId")
-    def router_target_id(self) -> builtins.str:
-        '''(experimental) The ID of the route target.
+    def private_ip_address(self) -> typing.Optional[builtins.str]:
+        '''(experimental) The private IPv4 address to assign to the NAT gateway.
+        :default: - If you don't provide an address, a private IPv4 address will be automatically assigned.
         :stability: experimental
         '''
-        return typing.cast(builtins.str, jsii.get(self, "routerTargetId"))
+        result = self._values.get("private_ip_address")
+        return typing.cast(typing.Optional[builtins.str], result)
     @builtins.property
-    @jsii.member(jsii_name="routerType")
-    def router_type(self) -> _aws_cdk_aws_ec2_ceddda9d.RouterType:
-        '''(experimental) The type of router used in the route.
+    def secondary_allocation_ids(self) -> typing.Optional[typing.List[builtins.str]]:
+        '''(experimental) Secondary EIP allocation IDs.
+        :default: - no secondary allocation IDs attached to NATGW
+        :see: https://docs.aws.amazon.com/vpc/latest/userguide/vpc-nat-gateway.html#nat-gateway-creating
         :stability: experimental
         '''
-        return typing.cast(_aws_cdk_aws_ec2_ceddda9d.RouterType, jsii.get(self, "routerType"))
+        result = self._values.get("secondary_allocation_ids")
+        return typing.cast(typing.Optional[typing.List[builtins.str]], result)
     @builtins.property
-    @jsii.member(jsii_name="connectivityType")
-    def connectivity_type(self) -> typing.Optional[builtins.str]:
-        '''(experimental) Indicates whether the NAT gateway supports public or private connectivity.
+    def secondary_private_ip_address_count(self) -> typing.Optional[jsii.Number]:
+        '''(experimental) The number of secondary private IPv4 addresses you want to assign to the NAT gateway.
-        :default: public
+        ``SecondaryPrivateIpAddressCount`` and ``SecondaryPrivateIpAddresses`` cannot be
+        set at the same time.
+        :default: - no secondary allocation IDs associated with NATGW
+        :see: https://docs.aws.amazon.com/vpc/latest/userguide/vpc-nat-gateway.html#nat-gateway-creating
         :stability: experimental
         '''
-        return typing.cast(typing.Optional[builtins.str], jsii.get(self, "connectivityType"))
+        result = self._values.get("secondary_private_ip_address_count")
+        return typing.cast(typing.Optional[jsii.Number], result)
     @builtins.property
-    @jsii.member(jsii_name="maxDrainDuration")
-    def max_drain_duration(self) -> typing.Optional[_aws_cdk_ceddda9d.Duration]:
-        '''(experimental) The maximum amount of time to wait before forcibly releasing the IP addresses if connections are still in progress.
+    def secondary_private_ip_addresses(
+        self,
+    ) -> typing.Optional[typing.List[builtins.str]]:
+        '''(experimental) Secondary private IPv4 addresses.
+        ``SecondaryPrivateIpAddressCount`` and ``SecondaryPrivateIpAddresses`` cannot be
+        set at the same time.
-        :default: 350 seconds
+        :default: - no secondary private IpAddresses associated with NATGW
+        :see: https://docs.aws.amazon.com/vpc/latest/userguide/vpc-nat-gateway.html#nat-gateway-creating
         :stability: experimental
         '''
-        return typing.cast(typing.Optional[_aws_cdk_ceddda9d.Duration], jsii.get(self, "maxDrainDuration"))
+        result = self._values.get("secondary_private_ip_addresses")
+        return typing.cast(typing.Optional[typing.List[builtins.str]], result)
+    def __eq__(self, rhs: typing.Any) -> builtins.bool:
+        return isinstance(rhs, self.__class__) and rhs._values == self._values
+    def __ne__(self, rhs: typing.Any) -> builtins.bool:
+        return not (rhs == self)
+    def __repr__(self) -> str:
+        return "NatGatewayOptions(%s)" % ", ".join(
+            k + "=" + repr(v) for k, v in self._values.items()
+        )
 @jsii.data_type(
     jsii_type="@aws-cdk/aws-ec2-alpha.NatGatewayProps",
-    jsii_struct_bases=[],
+    jsii_struct_bases=[NatGatewayOptions],
     name_mapping={
         "subnet": "subnet",
         "allocation_id": "allocationId",
@@ -2092,11 +2887,11 @@ class NatGateway(
         "vpc": "vpc",
     },
 )
-class NatGatewayProps:
+class NatGatewayProps(NatGatewayOptions):
     def __init__(
         self,
         *,
-        subnet: _aws_cdk_aws_ec2_ceddda9d.ISubnet,
+        subnet: ISubnetV2,
         allocation_id: typing.Optional[builtins.str] = None,
         connectivity_type: typing.Optional[NatConnectivityType] = None,
         max_drain_duration: typing.Optional[_aws_cdk_ceddda9d.Duration] = None,
@@ -2110,39 +2905,39 @@ class NatGatewayProps:
         '''(experimental) Properties to define a NAT gateway.
         :param subnet: (experimental) The subnet in which the NAT gateway is located.
-        :param allocation_id: (experimental) AllocationID of Elastic IP address that's associated with the NAT gateway. This property is required for a public NAT gateway and cannot be specified with a private NAT gateway. Default: attr.allocationID of a new Elastic IP created by default //TODO: ADD L2 for elastic ip
-        :param connectivity_type: (experimental) Indicates whether the NAT gateway supports public or private connectivity. Default: public
-        :param max_drain_duration: (experimental) The maximum amount of time to wait before forcibly releasing the IP addresses if connections are still in progress. Default: 350 seconds
-        :param nat_gateway_name: (experimental) The resource name of the NAT gateway. Default: none
-        :param private_ip_address: (experimental) The private IPv4 address to assign to the NAT gateway. If you don't provide an address, a private IPv4 address will be automatically assigned. Default: none
-        :param secondary_allocation_ids: (experimental) Secondary EIP allocation IDs. Default: none
-        :param secondary_private_ip_address_count: (experimental) The number of secondary private IPv4 addresses you want to assign to the NAT gateway. ``SecondaryPrivateIpAddressCount`` and ``SecondaryPrivateIpAddresses`` cannot be set at the same time. Default: none
-        :param secondary_private_ip_addresses: (experimental) Secondary private IPv4 addresses. ``SecondaryPrivateIpAddressCount`` and ``SecondaryPrivateIpAddresses`` cannot be set at the same time. Default: none
-        :param vpc: (experimental) The ID of the VPC in which the NAT gateway is located. Default: none
+        :param allocation_id: (experimental) AllocationID of Elastic IP address that's associated with the NAT gateway. This property is required for a public NAT gateway and cannot be specified with a private NAT gateway. Default: - attr.allocationID of a new Elastic IP created by default //TODO: ADD L2 for elastic ip
+        :param connectivity_type: (experimental) Indicates whether the NAT gateway supports public or private connectivity. Default: NatConnectivityType.Public
+        :param max_drain_duration: (experimental) The maximum amount of time to wait before forcibly releasing the IP addresses if connections are still in progress. Default: 350seconds
+        :param nat_gateway_name: (experimental) The resource name of the NAT gateway. Default: - NATGW provisioned without any name
+        :param private_ip_address: (experimental) The private IPv4 address to assign to the NAT gateway. Default: - If you don't provide an address, a private IPv4 address will be automatically assigned.
+        :param secondary_allocation_ids: (experimental) Secondary EIP allocation IDs. Default: - no secondary allocation IDs attached to NATGW
+        :param secondary_private_ip_address_count: (experimental) The number of secondary private IPv4 addresses you want to assign to the NAT gateway. ``SecondaryPrivateIpAddressCount`` and ``SecondaryPrivateIpAddresses`` cannot be set at the same time. Default: - no secondary allocation IDs associated with NATGW
+        :param secondary_private_ip_addresses: (experimental) Secondary private IPv4 addresses. ``SecondaryPrivateIpAddressCount`` and ``SecondaryPrivateIpAddresses`` cannot be set at the same time. Default: - no secondary private IpAddresses associated with NATGW
+        :param vpc: (experimental) The ID of the VPC in which the NAT gateway is located. Default: - no elastic ip associated, required in case of public connectivity if ``AllocationId`` is not defined
         :stability: experimental
         :exampleMetadata: infused
         Example::
-            my_vpc = vpc_v2.VpcV2(self, "Vpc")
-            route_table = vpc_v2.RouteTable(self, "RouteTable",
+            my_vpc = VpcV2(self, "Vpc")
+            route_table = RouteTable(self, "RouteTable",
                 vpc=my_vpc
             )
-            subnet = vpc_v2.SubnetV2(self, "Subnet",
+            subnet = SubnetV2(self, "Subnet",
                 vpc=my_vpc,
                 availability_zone="eu-west-2a",
                 ipv4_cidr_block=IpCidr("10.0.0.0/24"),
-                subnet_type=ec2.SubnetType.PRIVATE_ISOLATED
+                subnet_type=SubnetType.PRIVATE_ISOLATED
             )
-            natgw = vpc_v2.NatGateway(self, "NatGW",
+            natgw = NatGateway(self, "NatGW",
                 subnet=subnet,
                 vpc=my_vpc,
                 connectivity_type=NatConnectivityType.PRIVATE,
                 private_ip_address="10.0.0.42"
             )
-            vpc_v2.Route(self, "NatGwRoute",
+            Route(self, "NatGwRoute",
                 route_table=route_table,
                 destination="0.0.0.0/0",
                 target={"gateway": natgw}
@@ -2183,14 +2978,14 @@ class NatGatewayProps:
             self._values["vpc"] = vpc
     @builtins.property
-    def subnet(self) -> _aws_cdk_aws_ec2_ceddda9d.ISubnet:
+    def subnet(self) -> ISubnetV2:
         '''(experimental) The subnet in which the NAT gateway is located.
         :stability: experimental
         '''
         result = self._values.get("subnet")
         assert result is not None, "Required property 'subnet' is missing"
-        return typing.cast(_aws_cdk_aws_ec2_ceddda9d.ISubnet, result)
+        return typing.cast(ISubnetV2, result)
     @builtins.property
     def allocation_id(self) -> typing.Optional[builtins.str]:
@@ -2201,7 +2996,7 @@ class NatGatewayProps:
         :default:
-        attr.allocationID of a new Elastic IP created by default
+        - attr.allocationID of a new Elastic IP created by default
         //TODO: ADD L2 for elastic ip
         :stability: experimental
@@ -2213,7 +3008,7 @@ class NatGatewayProps:
     def connectivity_type(self) -> typing.Optional[NatConnectivityType]:
         '''(experimental) Indicates whether the NAT gateway supports public or private connectivity.
-        :default: public
+        :default: NatConnectivityType.Public
         :stability: experimental
         '''
@@ -2224,7 +3019,7 @@ class NatGatewayProps:
     def max_drain_duration(self) -> typing.Optional[_aws_cdk_ceddda9d.Duration]:
         '''(experimental) The maximum amount of time to wait before forcibly releasing the IP addresses if connections are still in progress.
-        :default: 350 seconds
+        :default: 350seconds
         :stability: experimental
         '''
@@ -2235,7 +3030,7 @@ class NatGatewayProps:
     def nat_gateway_name(self) -> typing.Optional[builtins.str]:
         '''(experimental) The resource name of the NAT gateway.
-        :default: none
+        :default: - NATGW provisioned without any name
         :stability: experimental
         '''
@@ -2246,10 +3041,7 @@ class NatGatewayProps:
     def private_ip_address(self) -> typing.Optional[builtins.str]:
         '''(experimental) The private IPv4 address to assign to the NAT gateway.
-        If you don't provide an
-        address, a private IPv4 address will be automatically assigned.
-        :default: none
+        :default: - If you don't provide an address, a private IPv4 address will be automatically assigned.
         :stability: experimental
         '''
@@ -2260,7 +3052,7 @@ class NatGatewayProps:
     def secondary_allocation_ids(self) -> typing.Optional[typing.List[builtins.str]]:
         '''(experimental) Secondary EIP allocation IDs.
-        :default: none
+        :default: - no secondary allocation IDs attached to NATGW
         :see: https://docs.aws.amazon.com/vpc/latest/userguide/vpc-nat-gateway.html#nat-gateway-creating
         :stability: experimental
@@ -2275,7 +3067,7 @@ class NatGatewayProps:
         ``SecondaryPrivateIpAddressCount`` and ``SecondaryPrivateIpAddresses`` cannot be
         set at the same time.
-        :default: none
+        :default: - no secondary allocation IDs associated with NATGW
         :see: https://docs.aws.amazon.com/vpc/latest/userguide/vpc-nat-gateway.html#nat-gateway-creating
         :stability: experimental
@@ -2292,7 +3084,7 @@ class NatGatewayProps:
         ``SecondaryPrivateIpAddressCount`` and ``SecondaryPrivateIpAddresses`` cannot be
         set at the same time.
-        :default: none
+        :default: - no secondary private IpAddresses associated with NATGW
         :see: https://docs.aws.amazon.com/vpc/latest/userguide/vpc-nat-gateway.html#nat-gateway-creating
         :stability: experimental
@@ -2304,7 +3096,7 @@ class NatGatewayProps:
     def vpc(self) -> typing.Optional[IVpcV2]:
         '''(experimental) The ID of the VPC in which the NAT gateway is located.
-        :default: none
+        :default: - no elastic ip associated, required in case of public connectivity if ``AllocationId`` is not defined
         :stability: experimental
         '''
@@ -2347,9 +3139,9 @@ class PoolOptions:
         '''(experimental) Options for configuring an IPAM pool.
         :param address_family: (experimental) addressFamily - The address family of the pool (ipv4 or ipv6).
-        :param aws_service: (experimental) Limits which service in AWS that the pool can be used in. "ec2", for example, allows users to use space for Elastic IP addresses and VPCs. Default: - No service
+        :param aws_service: (experimental) Limits which service in AWS that the pool can be used in. "ec2", for example, allows users to use space for Elastic IP addresses and VPCs. Default: - required in case of an IPv6, throws an error if not provided.
         :param ipv4_provisioned_cidrs: (experimental) Information about the CIDRs provisioned to the pool. Default: - No CIDRs are provisioned
-        :param locale: (experimental) The locale (AWS Region) of the pool. Should be one of the IPAM operating region. Only resources in the same Region as the locale of the pool can get IP address allocations from the pool. You can only allocate a CIDR for a VPC, for example, from an IPAM pool that shares a locale with the VPC’s Region. Note that once you choose a Locale for a pool, you cannot modify it. If you choose an AWS Region for locale that has not been configured as an operating Region for the IPAM, you'll get an error. Default: - Current operating region
+        :param locale: (experimental) The locale (AWS Region) of the pool. Should be one of the IPAM operating region. Only resources in the same Region as the locale of the pool can get IP address allocations from the pool. You can only allocate a CIDR for a VPC, for example, from an IPAM pool that shares a locale with the VPC’s Region. Note that once you choose a Locale for a pool, you cannot modify it. If you choose an AWS Region for locale that has not been configured as an operating Region for the IPAM, you'll get an error. Default: - Current operating region of IPAM
         :param public_ip_source: (experimental) The IP address source for pools in the public scope. Only used for IPv6 address Only allowed values to this are 'byoip' or 'amazon' Default: amazon
         :see: https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ec2-ipampool.html
@@ -2363,28 +3155,28 @@ class PoolOptions:
                 operating_region=["us-west-1"]
             )
             ipam_public_pool = ipam.public_scope.add_pool("PublicPoolA",
-                address_family=vpc_v2.AddressFamily.IP_V6,
+                address_family=AddressFamily.IP_V6,
                 aws_service=AwsServiceName.EC2,
                 locale="us-west-1",
-                public_ip_source=vpc_v2.IpamPoolPublicIpSource.AMAZON
+                public_ip_source=IpamPoolPublicIpSource.AMAZON
             )
             ipam_public_pool.provision_cidr("PublicPoolACidrA", netmask_length=52)
             ipam_private_pool = ipam.private_scope.add_pool("PrivatePoolA",
-                address_family=vpc_v2.AddressFamily.IP_V4
+                address_family=AddressFamily.IP_V4
             )
             ipam_private_pool.provision_cidr("PrivatePoolACidrA", netmask_length=8)
-            vpc_v2.VpcV2(self, "Vpc",
-                primary_address_block=vpc_v2.IpAddresses.ipv4("10.0.0.0/24"),
+            VpcV2(self, "Vpc",
+                primary_address_block=IpAddresses.ipv4("10.0.0.0/24"),
                 secondary_address_blocks=[
-                    vpc_v2.IpAddresses.amazon_provided_ipv6(cidr_block_name="AmazonIpv6"),
-                    vpc_v2.IpAddresses.ipv6_ipam(
+                    IpAddresses.amazon_provided_ipv6(cidr_block_name="AmazonIpv6"),
+                    IpAddresses.ipv6_ipam(
                         ipam_pool=ipam_public_pool,
                         netmask_length=52,
                         cidr_block_name="ipv6Ipam"
                     ),
-                    vpc_v2.IpAddresses.ipv4_ipam(
+                    IpAddresses.ipv4_ipam(
                         ipam_pool=ipam_private_pool,
                         netmask_length=8,
                         cidr_block_name="ipv4Ipam"
@@ -2427,7 +3219,7 @@ class PoolOptions:
         "ec2", for example, allows users to use space for Elastic IP addresses and VPCs.
-        :default: - No service
+        :default: - required in case of an IPv6, throws an error if not provided.
         :see: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ec2-ipampool.html#cfn-ec2-ipampool-awsservice
         :stability: experimental
@@ -2455,7 +3247,7 @@ class PoolOptions:
         You can only allocate a CIDR for a VPC, for example, from an IPAM pool that shares a locale with the VPC’s Region.
         Note that once you choose a Locale for a pool, you cannot modify it. If you choose an AWS Region for locale that has not been configured as an operating Region for the IPAM, you'll get an error.
-        :default: - Current operating region
+        :default: - Current operating region of IPAM
         :see: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ec2-ipampool.html#cfn-ec2-ipampool-locale
         :stability: experimental
@@ -2503,24 +3295,24 @@ class Route(
     Example::
-        my_vpc = vpc_v2.VpcV2(self, "Vpc")
-        route_table = vpc_v2.RouteTable(self, "RouteTable",
+        my_vpc = VpcV2(self, "Vpc")
+        route_table = RouteTable(self, "RouteTable",
             vpc=my_vpc
         )
-        subnet = vpc_v2.SubnetV2(self, "Subnet",
+        subnet = SubnetV2(self, "Subnet",
             vpc=my_vpc,
             availability_zone="eu-west-2a",
             ipv4_cidr_block=IpCidr("10.0.0.0/24"),
-            subnet_type=ec2.SubnetType.PRIVATE_ISOLATED
+            subnet_type=SubnetType.PRIVATE_ISOLATED
         )
-        natgw = vpc_v2.NatGateway(self, "NatGW",
+        natgw = NatGateway(self, "NatGW",
             subnet=subnet,
             vpc=my_vpc,
             connectivity_type=NatConnectivityType.PRIVATE,
             private_ip_address="10.0.0.42"
         )
-        vpc_v2.Route(self, "NatGwRoute",
+        Route(self, "NatGwRoute",
             route_table=route_table,
             destination="0.0.0.0/0",
             target={"gateway": natgw}
@@ -2543,7 +3335,7 @@ class Route(
         :param destination: (experimental) The IPv4 or IPv6 CIDR block used for the destination match. Routing decisions are based on the most specific match.
         :param route_table: (experimental) The ID of the route table for the route.
         :param target: (experimental) The gateway or endpoint targeted by the route.
-        :param route_name: (experimental) The resource name of the route. Default: none
+        :param route_name: (experimental) The resource name of the route. Default: - provisioned without a route name
         :stability: experimental
         '''
@@ -2633,31 +3425,31 @@ class RouteProps:
         :param destination: (experimental) The IPv4 or IPv6 CIDR block used for the destination match. Routing decisions are based on the most specific match.
         :param route_table: (experimental) The ID of the route table for the route.
         :param target: (experimental) The gateway or endpoint targeted by the route.
-        :param route_name: (experimental) The resource name of the route. Default: none
+        :param route_name: (experimental) The resource name of the route. Default: - provisioned without a route name
         :stability: experimental
         :exampleMetadata: infused
         Example::
-            my_vpc = vpc_v2.VpcV2(self, "Vpc")
-            route_table = vpc_v2.RouteTable(self, "RouteTable",
+            my_vpc = VpcV2(self, "Vpc")
+            route_table = RouteTable(self, "RouteTable",
                 vpc=my_vpc
             )
-            subnet = vpc_v2.SubnetV2(self, "Subnet",
+            subnet = SubnetV2(self, "Subnet",
                 vpc=my_vpc,
                 availability_zone="eu-west-2a",
                 ipv4_cidr_block=IpCidr("10.0.0.0/24"),
-                subnet_type=ec2.SubnetType.PRIVATE_ISOLATED
+                subnet_type=SubnetType.PRIVATE_ISOLATED
             )
-            natgw = vpc_v2.NatGateway(self, "NatGW",
+            natgw = NatGateway(self, "NatGW",
                 subnet=subnet,
                 vpc=my_vpc,
                 connectivity_type=NatConnectivityType.PRIVATE,
                 private_ip_address="10.0.0.42"
             )
-            vpc_v2.Route(self, "NatGwRoute",
+            Route(self, "NatGwRoute",
                 route_table=route_table,
                 destination="0.0.0.0/0",
                 target={"gateway": natgw}
@@ -2714,7 +3506,7 @@ class RouteProps:
     def route_name(self) -> typing.Optional[builtins.str]:
         '''(experimental) The resource name of the route.
-        :default: none
+        :default: - provisioned without a route name
         :stability: experimental
         '''
@@ -2733,7 +3525,7 @@ class RouteProps:
         )
-@jsii.implements(_aws_cdk_aws_ec2_ceddda9d.IRouteTable, _constructs_77d1e7e8.IDependable)
+@jsii.implements(_aws_cdk_aws_ec2_ceddda9d.IRouteTable)
 class RouteTable(
     _aws_cdk_ceddda9d.Resource,
     metaclass=jsii.JSIIMeta,
@@ -2748,24 +3540,20 @@ class RouteTable(
     Example::
         stack = Stack()
-        my_vpc = vpc_v2.VpcV2(self, "Vpc")
-        route_table = vpc_v2.RouteTable(self, "RouteTable",
-            vpc=my_vpc
-        )
-        subnet = vpc_v2.SubnetV2(self, "Subnet",
-            vpc=my_vpc,
-            availability_zone="eu-west-2a",
-            ipv4_cidr_block=IpCidr("10.0.0.0/24"),
-            subnet_type=ec2.SubnetType.PRIVATE_ISOLATED
+        my_vpc = VpcV2(self, "Vpc")
+        vpn_gateway = my_vpc.enable_vpn_gateway_v2(
+            vpn_route_propagation=[ec2.SubnetSelection(subnet_type=SubnetType.PUBLIC)],
+            type=VpnConnectionType.IPSEC_1
         )
-        igw = vpc_v2.InternetGateway(self, "IGW",
+        route_table = RouteTable(stack, "routeTable",
             vpc=my_vpc
         )
-        vpc_v2.Route(self, "IgwRoute",
-            route_table=route_table,
-            destination="0.0.0.0/0",
-            target={"gateway": igw}
+        Route(stack, "route",
+            destination="172.31.0.0/24",
+            target={"gateway": vpn_gateway},
+            route_table=route_table
         )
     '''
@@ -2781,7 +3569,7 @@ class RouteTable(
         :param scope: -
         :param id: -
         :param vpc: (experimental) The ID of the VPC.
-        :param route_table_name: (experimental) The resource name of the route table. Default: none
+        :param route_table_name: (experimental) The resource name of the route table. Default: - provisioned without a route table name
         :stability: experimental
         '''
@@ -2793,6 +3581,28 @@ class RouteTable(
         jsii.create(self.__class__, self, [scope, id, props])
+    @jsii.member(jsii_name="addRoute")
+    def add_route(
+        self,
+        id: builtins.str,
+        destination: builtins.str,
+        target: "RouteTargetType",
+    ) -> None:
+        '''(experimental) Adds a new custom route to the route table.
+        :param id: -
+        :param destination: The IPv4 or IPv6 CIDR block used for the destination match.
+        :param target: The gateway or endpoint targeted by the route.
+        :stability: experimental
+        '''
+        if __debug__:
+            type_hints = typing.get_type_hints(_typecheckingstub__920d6a12797cd2ad571157da68e37100c7d72b72ff09fd42451a65b73f154dd0)
+            check_type(argname="argument id", value=id, expected_type=type_hints["id"])
+            check_type(argname="argument destination", value=destination, expected_type=type_hints["destination"])
+            check_type(argname="argument target", value=target, expected_type=type_hints["target"])
+        return typing.cast(None, jsii.invoke(self, "addRoute", [id, destination, target]))
     @builtins.property
     @jsii.member(jsii_name="resource")
     def resource(self) -> _aws_cdk_aws_ec2_ceddda9d.CfnRouteTable:
@@ -2827,7 +3637,7 @@ class RouteTableProps:
         '''(experimental) Properties to define a route table.
         :param vpc: (experimental) The ID of the VPC.
-        :param route_table_name: (experimental) The resource name of the route table. Default: none
+        :param route_table_name: (experimental) The resource name of the route table. Default: - provisioned without a route table name
         :stability: experimental
         :exampleMetadata: infused
@@ -2835,24 +3645,20 @@ class RouteTableProps:
         Example::
             stack = Stack()
-            my_vpc = vpc_v2.VpcV2(self, "Vpc")
-            route_table = vpc_v2.RouteTable(self, "RouteTable",
-                vpc=my_vpc
-            )
-            subnet = vpc_v2.SubnetV2(self, "Subnet",
-                vpc=my_vpc,
-                availability_zone="eu-west-2a",
-                ipv4_cidr_block=IpCidr("10.0.0.0/24"),
-                subnet_type=ec2.SubnetType.PRIVATE_ISOLATED
+            my_vpc = VpcV2(self, "Vpc")
+            vpn_gateway = my_vpc.enable_vpn_gateway_v2(
+                vpn_route_propagation=[ec2.SubnetSelection(subnet_type=SubnetType.PUBLIC)],
+                type=VpnConnectionType.IPSEC_1
             )
-            igw = vpc_v2.InternetGateway(self, "IGW",
+            route_table = RouteTable(stack, "routeTable",
                 vpc=my_vpc
             )
-            vpc_v2.Route(self, "IgwRoute",
-                route_table=route_table,
-                destination="0.0.0.0/0",
-                target={"gateway": igw}
+            Route(stack, "route",
+                destination="172.31.0.0/24",
+                target={"gateway": vpn_gateway},
+                route_table=route_table
             )
         '''
         if __debug__:
@@ -2879,7 +3685,7 @@ class RouteTableProps:
     def route_table_name(self) -> typing.Optional[builtins.str]:
         '''(experimental) The resource name of the route table.
-        :default: none
+        :default: - provisioned without a route table name
         :stability: experimental
         '''
@@ -2912,8 +3718,8 @@ class RouteTargetProps:
     ) -> None:
         '''(experimental) The type of endpoint or gateway being targeted by the route.
-        :param endpoint: (experimental) The endpoint route target. This is used for targets such as VPC endpoints. Default: none
-        :param gateway: (experimental) The gateway route target. This is used for targets such as egress-only internet gateway or VPC peering connection. Default: none
+        :param endpoint: (experimental) The endpoint route target. This is used for targets such as VPC endpoints. Default: - target is not set to an endpoint, in this case a gateway is needed.
+        :param gateway: (experimental) The gateway route target. This is used for targets such as egress-only internet gateway or VPC peering connection. Default: - target is not set to a gateway, in this case an endpoint is needed.
         :stability: experimental
         :exampleMetadata: fixture=_generated
@@ -2950,7 +3756,7 @@ class RouteTargetProps:
         This is used for targets such as
         VPC endpoints.
-        :default: none
+        :default: - target is not set to an endpoint, in this case a gateway is needed.
         :stability: experimental
         '''
@@ -2964,7 +3770,7 @@ class RouteTargetProps:
         This is used for targets such as
         egress-only internet gateway or VPC peering connection.
-        :default: none
+        :default: - target is not set to a gateway, in this case an endpoint is needed.
         :stability: experimental
         '''
@@ -2994,27 +3800,25 @@ class RouteTargetType(
     Example::
-        my_vpc = vpc_v2.VpcV2(self, "Vpc")
-        route_table = vpc_v2.RouteTable(self, "RouteTable",
+        stack = Stack()
+        my_vpc = VpcV2(self, "Vpc")
+        route_table = RouteTable(self, "RouteTable",
             vpc=my_vpc
         )
-        subnet = vpc_v2.SubnetV2(self, "Subnet",
+        subnet = SubnetV2(self, "Subnet",
             vpc=my_vpc,
             availability_zone="eu-west-2a",
             ipv4_cidr_block=IpCidr("10.0.0.0/24"),
-            subnet_type=ec2.SubnetType.PRIVATE_ISOLATED
+            subnet_type=SubnetType.PRIVATE_ISOLATED
         )
-        natgw = vpc_v2.NatGateway(self, "NatGW",
-            subnet=subnet,
-            vpc=my_vpc,
-            connectivity_type=NatConnectivityType.PRIVATE,
-            private_ip_address="10.0.0.42"
+        igw = InternetGateway(self, "IGW",
+            vpc=my_vpc
         )
-        vpc_v2.Route(self, "NatGwRoute",
+        Route(self, "IgwRoute",
             route_table=route_table,
             destination="0.0.0.0/0",
-            target={"gateway": natgw}
+            target={"gateway": igw}
         )
     '''
@@ -3025,8 +3829,8 @@ class RouteTargetType(
         gateway: typing.Optional[IRouteTarget] = None,
     ) -> None:
         '''
-        :param endpoint: (experimental) The endpoint route target. This is used for targets such as VPC endpoints. Default: none
-        :param gateway: (experimental) The gateway route target. This is used for targets such as egress-only internet gateway or VPC peering connection. Default: none
+        :param endpoint: (experimental) The endpoint route target. This is used for targets such as VPC endpoints. Default: - target is not set to an endpoint, in this case a gateway is needed.
+        :param gateway: (experimental) The gateway route target. This is used for targets such as egress-only internet gateway or VPC peering connection. Default: - target is not set to a gateway, in this case an endpoint is needed.
         :stability: experimental
         '''
@@ -3042,7 +3846,7 @@ class RouteTargetType(
         This is used for targets such as
         VPC endpoints.
-        :default: none
+        :default: - target is not set to an endpoint, in this case a gateway is needed.
         :stability: experimental
         '''
@@ -3056,7 +3860,7 @@ class RouteTargetType(
         This is used for targets such as
         egress-only internet gateway or VPC peering connection.
-        :default: none
+        :default: - target is not set to a gateway, in this case an endpoint is needed.
         :stability: experimental
         '''
@@ -3080,19 +3884,22 @@ class SecondaryAddressProps:
         Example::
             stack = Stack()
-            my_vpc = vpc_v2.VpcV2(self, "Vpc",
-                secondary_address_blocks=[
-                    vpc_v2.IpAddresses.amazon_provided_ipv6(cidr_block_name="AmazonProvidedIp")
-                ]
+            my_vpc = VpcV2(self, "Vpc",
+                primary_address_block=IpAddresses.ipv4("10.1.0.0/16"),
+                secondary_address_blocks=[IpAddresses.amazon_provided_ipv6(
+                    cidr_block_name="AmazonProvided"
+                )]
             )
-            vpc_v2.SubnetV2(self, "subnetA",
-                vpc=my_vpc,
-                availability_zone="us-east-1a",
-                ipv4_cidr_block=vpc_v2.IpCidr("10.0.0.0/24"),
-                ipv6_cidr_block=vpc_v2.IpCidr("2a05:d02c:25:4000::/60"),
-                subnet_type=ec2.SubnetType.PRIVATE_ISOLATED
+            eigw = EgressOnlyInternetGateway(self, "EIGW",
+                vpc=my_vpc
+            )
+            route_table = RouteTable(self, "RouteTable",
+                vpc=my_vpc
             )
+            route_table.add_route("EIGW", "::/0", {"gateway": eigw})
         '''
         if __debug__:
             type_hints = typing.get_type_hints(_typecheckingstub__9433843cde495b2d9551feec9fd15a488c151e944cfd2262b5fc2613ca397870)
@@ -3144,24 +3951,21 @@ class SubnetV2(
     Example::
         stack = Stack()
-        my_vpc = vpc_v2.VpcV2(self, "Vpc")
-        route_table = vpc_v2.RouteTable(self, "RouteTable",
+        my_vpc = VpcV2(self, "Vpc")
+        route_table = RouteTable(self, "RouteTable",
             vpc=my_vpc
         )
-        subnet = vpc_v2.SubnetV2(self, "Subnet",
+        subnet = SubnetV2(self, "Subnet",
             vpc=my_vpc,
             availability_zone="eu-west-2a",
             ipv4_cidr_block=IpCidr("10.0.0.0/24"),
-            subnet_type=ec2.SubnetType.PRIVATE_ISOLATED
+            subnet_type=SubnetType.PUBLIC
         )
-        igw = vpc_v2.InternetGateway(self, "IGW",
-            vpc=my_vpc
-        )
-        vpc_v2.Route(self, "IgwRoute",
-            route_table=route_table,
-            destination="0.0.0.0/0",
-            target={"gateway": igw}
+        my_vpc.add_internet_gateway()
+        my_vpc.add_nat_gateway(
+            subnet=subnet,
+            connectivity_type=NatConnectivityType.PUBLIC
         )
     '''
@@ -3187,10 +3991,10 @@ class SubnetV2(
         :param ipv4_cidr_block: (experimental) ipv4 cidr to assign to this subnet. See https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ec2-subnet.html#cfn-ec2-subnet-cidrblock
         :param subnet_type: (experimental) The type of Subnet to configure. The Subnet type will control the ability to route and connect to the Internet. TODO: Add validation check ``subnetType`` when adding resources (e.g. cannot add NatGateway to private)
         :param vpc: (experimental) VPC Prop.
-        :param assign_ipv6_address_on_creation: (experimental) Indicates whether a network interface created in this subnet receives an IPv6 address. If you specify AssignIpv6AddressOnCreation, you must also specify Ipv6CidrBlock. Default: false
-        :param ipv6_cidr_block: (experimental) Ipv6 CIDR Range for subnet. Default: No Ipv6 address
-        :param route_table: (experimental) Custom Route for subnet. Default: Default route table
-        :param subnet_name: (experimental) Subnet name. Default: none
+        :param assign_ipv6_address_on_creation: (experimental) Indicates whether a network interface created in this subnet receives an IPv6 address. If you specify AssignIpv6AddressOnCreation, you must also specify Ipv6CidrBlock. Default: - undefined in case not provided as an input
+        :param ipv6_cidr_block: (experimental) Ipv6 CIDR Range for subnet. Default: - No Ipv6 address
+        :param route_table: (experimental) Custom Route for subnet. Default: - a default route table created
+        :param subnet_name: (experimental) Subnet name. Default: - provisioned with an autogenerated name by CDK
         :stability: experimental
         '''
@@ -3269,7 +4073,7 @@ class SubnetV2(
     @builtins.property
     @jsii.member(jsii_name="routeTable")
     def route_table(self) -> _aws_cdk_aws_ec2_ceddda9d.IRouteTable:
-        '''(experimental) The route table for this subnet.
+        '''(experimental) Return the Route Table associated with this subnet.
         :stability: experimental
         '''
@@ -3286,23 +4090,23 @@ class SubnetV2(
         return typing.cast(builtins.str, jsii.get(self, "subnetId"))
     @builtins.property
-    @jsii.member(jsii_name="subnetType")
-    def subnet_type(self) -> _aws_cdk_aws_ec2_ceddda9d.SubnetType:
-        '''(experimental) The type of subnet (public or private) that this subnet represents.
+    @jsii.member(jsii_name="ipv6CidrBlock")
+    def ipv6_cidr_block(self) -> typing.Optional[builtins.str]:
+        '''(experimental) The IPv6 CIDR Block for this subnet.
         :stability: experimental
-        :attribute: SubnetType
         '''
-        return typing.cast(_aws_cdk_aws_ec2_ceddda9d.SubnetType, jsii.get(self, "subnetType"))
+        return typing.cast(typing.Optional[builtins.str], jsii.get(self, "ipv6CidrBlock"))
     @builtins.property
-    @jsii.member(jsii_name="ipv6CidrBlock")
-    def ipv6_cidr_block(self) -> typing.Optional[builtins.str]:
-        '''(experimental) The IPv6 CIDR Block for this subnet.
+    @jsii.member(jsii_name="subnetType")
+    def subnet_type(self) -> typing.Optional[_aws_cdk_aws_ec2_ceddda9d.SubnetType]:
+        '''(experimental) The type of subnet (public or private) that this subnet represents.
         :stability: experimental
+        :attribute: SubnetType
         '''
-        return typing.cast(typing.Optional[builtins.str], jsii.get(self, "ipv6CidrBlock"))
+        return typing.cast(typing.Optional[_aws_cdk_aws_ec2_ceddda9d.SubnetType], jsii.get(self, "subnetType"))
 @jsii.data_type(
@@ -3338,10 +4142,10 @@ class SubnetV2Props:
         :param ipv4_cidr_block: (experimental) ipv4 cidr to assign to this subnet. See https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ec2-subnet.html#cfn-ec2-subnet-cidrblock
         :param subnet_type: (experimental) The type of Subnet to configure. The Subnet type will control the ability to route and connect to the Internet. TODO: Add validation check ``subnetType`` when adding resources (e.g. cannot add NatGateway to private)
         :param vpc: (experimental) VPC Prop.
-        :param assign_ipv6_address_on_creation: (experimental) Indicates whether a network interface created in this subnet receives an IPv6 address. If you specify AssignIpv6AddressOnCreation, you must also specify Ipv6CidrBlock. Default: false
-        :param ipv6_cidr_block: (experimental) Ipv6 CIDR Range for subnet. Default: No Ipv6 address
-        :param route_table: (experimental) Custom Route for subnet. Default: Default route table
-        :param subnet_name: (experimental) Subnet name. Default: none
+        :param assign_ipv6_address_on_creation: (experimental) Indicates whether a network interface created in this subnet receives an IPv6 address. If you specify AssignIpv6AddressOnCreation, you must also specify Ipv6CidrBlock. Default: - undefined in case not provided as an input
+        :param ipv6_cidr_block: (experimental) Ipv6 CIDR Range for subnet. Default: - No Ipv6 address
+        :param route_table: (experimental) Custom Route for subnet. Default: - a default route table created
+        :param subnet_name: (experimental) Subnet name. Default: - provisioned with an autogenerated name by CDK
         :stability: experimental
         :exampleMetadata: infused
@@ -3349,24 +4153,21 @@ class SubnetV2Props:
         Example::
             stack = Stack()
-            my_vpc = vpc_v2.VpcV2(self, "Vpc")
-            route_table = vpc_v2.RouteTable(self, "RouteTable",
+            my_vpc = VpcV2(self, "Vpc")
+            route_table = RouteTable(self, "RouteTable",
                 vpc=my_vpc
             )
-            subnet = vpc_v2.SubnetV2(self, "Subnet",
+            subnet = SubnetV2(self, "Subnet",
                 vpc=my_vpc,
                 availability_zone="eu-west-2a",
                 ipv4_cidr_block=IpCidr("10.0.0.0/24"),
-                subnet_type=ec2.SubnetType.PRIVATE_ISOLATED
+                subnet_type=SubnetType.PUBLIC
             )
-            igw = vpc_v2.InternetGateway(self, "IGW",
-                vpc=my_vpc
-            )
-            vpc_v2.Route(self, "IgwRoute",
-                route_table=route_table,
-                destination="0.0.0.0/0",
-                target={"gateway": igw}
+            my_vpc.add_internet_gateway()
+            my_vpc.add_nat_gateway(
+                subnet=subnet,
+                connectivity_type=NatConnectivityType.PUBLIC
             )
         '''
         if __debug__:
@@ -3447,7 +4248,7 @@ class SubnetV2Props:
         If you specify AssignIpv6AddressOnCreation, you must also specify Ipv6CidrBlock.
-        :default: false
+        :default: - undefined in case not provided as an input
         :stability: experimental
         '''
@@ -3458,7 +4259,7 @@ class SubnetV2Props:
     def ipv6_cidr_block(self) -> typing.Optional[IpCidr]:
         '''(experimental) Ipv6 CIDR Range for subnet.
-        :default: No Ipv6 address
+        :default: - No Ipv6 address
         :stability: experimental
         '''
@@ -3469,7 +4270,7 @@ class SubnetV2Props:
     def route_table(self) -> typing.Optional[_aws_cdk_aws_ec2_ceddda9d.IRouteTable]:
         '''(experimental) Custom Route for subnet.
-        :default: Default route table
+        :default: - a default route table created
         :stability: experimental
         '''
@@ -3480,7 +4281,7 @@ class SubnetV2Props:
     def subnet_name(self) -> typing.Optional[builtins.str]:
         '''(experimental) Subnet name.
-        :default: none
+        :default: - provisioned with an autogenerated name by CDK
         :stability: experimental
         '''
@@ -3500,33 +4301,34 @@ class SubnetV2Props:
 @jsii.implements(IRouteTarget)
-class VPNGateway(
+class VPNGatewayV2(
     _aws_cdk_ceddda9d.Resource,
     metaclass=jsii.JSIIMeta,
-    jsii_type="@aws-cdk/aws-ec2-alpha.VPNGateway",
+    jsii_type="@aws-cdk/aws-ec2-alpha.VPNGatewayV2",
 ):
     '''(experimental) Creates a virtual private gateway.
     :stability: experimental
     :resource: AWS::EC2::VPNGateway
-    :exampleMetadata: fixture=_generated
+    :exampleMetadata: infused
     Example::
-        # The code below shows an example of how to instantiate this type.
-        # The values are placeholders you should change.
-        import aws_cdk.aws_ec2_alpha as ec2_alpha
-        from aws_cdk import aws_ec2 as ec2
-        # vpc_v2: ec2_alpha.VpcV2
+        stack = Stack()
+        my_vpc = VpcV2(self, "Vpc")
+        vpn_gateway = my_vpc.enable_vpn_gateway_v2(
+            vpn_route_propagation=[ec2.SubnetSelection(subnet_type=SubnetType.PUBLIC)],
+            type=VpnConnectionType.IPSEC_1
+        )
-        v_pNGateway = ec2_alpha.VPNGateway(self, "MyVPNGateway",
-            type=ec2.VpnConnectionType.IPSEC_1,
-            vpc=vpc_v2,
+        route_table = RouteTable(stack, "routeTable",
+            vpc=my_vpc
+        )
-            # the properties below are optional
-            amazon_side_asn=123,
-            vpn_gateway_name="vpnGatewayName"
+        Route(stack, "route",
+            destination="172.31.0.0/24",
+            target={"gateway": vpn_gateway},
+            route_table=route_table
         )
     '''
@@ -3535,96 +4337,224 @@ class VPNGateway(
         scope: _constructs_77d1e7e8.Construct,
         id: builtins.str,
         *,
-        type: _aws_cdk_aws_ec2_ceddda9d.VpnConnectionType,
         vpc: IVpcV2,
+        type: _aws_cdk_aws_ec2_ceddda9d.VpnConnectionType,
         amazon_side_asn: typing.Optional[jsii.Number] = None,
         vpn_gateway_name: typing.Optional[builtins.str] = None,
+        vpn_route_propagation: typing.Optional[typing.Sequence[typing.Union[_aws_cdk_aws_ec2_ceddda9d.SubnetSelection, typing.Dict[builtins.str, typing.Any]]]] = None,
     ) -> None:
         '''
         :param scope: -
         :param id: -
-        :param type: (experimental) The type of VPN connection the virtual private gateway supports.
         :param vpc: (experimental) The ID of the VPC for which to create the VPN gateway.
-        :param amazon_side_asn: (experimental) The private Autonomous System Number (ASN) for the Amazon side of a BGP session. Default: none
-        :param vpn_gateway_name: (experimental) The resource name of the VPN gateway. Default: none
+        :param type: (experimental) The type of VPN connection the virtual private gateway supports.
+        :param amazon_side_asn: (experimental) The private Autonomous System Number (ASN) for the Amazon side of a BGP session. Default: - no ASN set for BGP session
+        :param vpn_gateway_name: (experimental) The resource name of the VPN gateway. Default: - resource provisioned without any name
+        :param vpn_route_propagation: (experimental) Subnets where the route propagation should be added. Default: - no propogation for routes
         :stability: experimental
         '''
         if __debug__:
-            type_hints = typing.get_type_hints(_typecheckingstub__f6669efe999b4d7fb070da87ce4f6945c7b3b900d1c035c2e7a3dbb26415c28f)
+            type_hints = typing.get_type_hints(_typecheckingstub__99ebb03388deee94929850a6302ea70455c70b08fdbc048c0ad431df4f5d7bff)
             check_type(argname="argument scope", value=scope, expected_type=type_hints["scope"])
             check_type(argname="argument id", value=id, expected_type=type_hints["id"])
-        props = VPNGatewayProps(
-            type=type,
+        props = VPNGatewayV2Props(
             vpc=vpc,
+            type=type,
             amazon_side_asn=amazon_side_asn,
             vpn_gateway_name=vpn_gateway_name,
+            vpn_route_propagation=vpn_route_propagation,
         )
         jsii.create(self.__class__, self, [scope, id, props])
     @builtins.property
-    @jsii.member(jsii_name="resource")
-    def resource(self) -> _aws_cdk_aws_ec2_ceddda9d.CfnVPNGateway:
-        '''(experimental) The VPN gateway CFN resource.
+    @jsii.member(jsii_name="resource")
+    def resource(self) -> _aws_cdk_aws_ec2_ceddda9d.CfnVPNGateway:
+        '''(experimental) The VPN gateway CFN resource.
+        :stability: experimental
+        '''
+        return typing.cast(_aws_cdk_aws_ec2_ceddda9d.CfnVPNGateway, jsii.get(self, "resource"))
+    @builtins.property
+    @jsii.member(jsii_name="routerTargetId")
+    def router_target_id(self) -> builtins.str:
+        '''(experimental) The ID of the route target.
+        :stability: experimental
+        '''
+        return typing.cast(builtins.str, jsii.get(self, "routerTargetId"))
+    @builtins.property
+    @jsii.member(jsii_name="routerType")
+    def router_type(self) -> _aws_cdk_aws_ec2_ceddda9d.RouterType:
+        '''(experimental) The type of router used in the route.
+        :stability: experimental
+        '''
+        return typing.cast(_aws_cdk_aws_ec2_ceddda9d.RouterType, jsii.get(self, "routerType"))
+    @builtins.property
+    @jsii.member(jsii_name="vpcId")
+    def vpc_id(self) -> builtins.str:
+        '''(experimental) The ID of the VPC for which to create the VPN gateway.
+        :stability: experimental
+        '''
+        return typing.cast(builtins.str, jsii.get(self, "vpcId"))
+@jsii.data_type(
+    jsii_type="@aws-cdk/aws-ec2-alpha.VPNGatewayV2Options",
+    jsii_struct_bases=[],
+    name_mapping={
+        "type": "type",
+        "amazon_side_asn": "amazonSideAsn",
+        "vpn_gateway_name": "vpnGatewayName",
+        "vpn_route_propagation": "vpnRoutePropagation",
+    },
+)
+class VPNGatewayV2Options:
+    def __init__(
+        self,
+        *,
+        type: _aws_cdk_aws_ec2_ceddda9d.VpnConnectionType,
+        amazon_side_asn: typing.Optional[jsii.Number] = None,
+        vpn_gateway_name: typing.Optional[builtins.str] = None,
+        vpn_route_propagation: typing.Optional[typing.Sequence[typing.Union[_aws_cdk_aws_ec2_ceddda9d.SubnetSelection, typing.Dict[builtins.str, typing.Any]]]] = None,
+    ) -> None:
+        '''(experimental) Options to define VPNGatewayV2 for VPC.
+        :param type: (experimental) The type of VPN connection the virtual private gateway supports.
+        :param amazon_side_asn: (experimental) The private Autonomous System Number (ASN) for the Amazon side of a BGP session. Default: - no ASN set for BGP session
+        :param vpn_gateway_name: (experimental) The resource name of the VPN gateway. Default: - resource provisioned without any name
+        :param vpn_route_propagation: (experimental) Subnets where the route propagation should be added. Default: - no propogation for routes
+        :stability: experimental
+        :exampleMetadata: infused
+        Example::
+            stack = Stack()
+            my_vpc = VpcV2(self, "Vpc")
+            vpn_gateway = my_vpc.enable_vpn_gateway_v2(
+                vpn_route_propagation=[ec2.SubnetSelection(subnet_type=SubnetType.PUBLIC)],
+                type=VpnConnectionType.IPSEC_1
+            )
+            route_table = RouteTable(stack, "routeTable",
+                vpc=my_vpc
+            )
+            Route(stack, "route",
+                destination="172.31.0.0/24",
+                target={"gateway": vpn_gateway},
+                route_table=route_table
+            )
+        '''
+        if __debug__:
+            type_hints = typing.get_type_hints(_typecheckingstub__e29191c56c11acb8fa2ca10b1e81f7c86e1e7ca21a360a0f41a7a6ec64c967c8)
+            check_type(argname="argument type", value=type, expected_type=type_hints["type"])
+            check_type(argname="argument amazon_side_asn", value=amazon_side_asn, expected_type=type_hints["amazon_side_asn"])
+            check_type(argname="argument vpn_gateway_name", value=vpn_gateway_name, expected_type=type_hints["vpn_gateway_name"])
+            check_type(argname="argument vpn_route_propagation", value=vpn_route_propagation, expected_type=type_hints["vpn_route_propagation"])
+        self._values: typing.Dict[builtins.str, typing.Any] = {
+            "type": type,
+        }
+        if amazon_side_asn is not None:
+            self._values["amazon_side_asn"] = amazon_side_asn
+        if vpn_gateway_name is not None:
+            self._values["vpn_gateway_name"] = vpn_gateway_name
+        if vpn_route_propagation is not None:
+            self._values["vpn_route_propagation"] = vpn_route_propagation
+    @builtins.property
+    def type(self) -> _aws_cdk_aws_ec2_ceddda9d.VpnConnectionType:
+        '''(experimental) The type of VPN connection the virtual private gateway supports.
+        :see: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ec2-vpngateway.html#cfn-ec2-vpngateway-type
         :stability: experimental
         '''
-        return typing.cast(_aws_cdk_aws_ec2_ceddda9d.CfnVPNGateway, jsii.get(self, "resource"))
+        result = self._values.get("type")
+        assert result is not None, "Required property 'type' is missing"
+        return typing.cast(_aws_cdk_aws_ec2_ceddda9d.VpnConnectionType, result)
     @builtins.property
-    @jsii.member(jsii_name="routerTargetId")
-    def router_target_id(self) -> builtins.str:
-        '''(experimental) The ID of the route target.
+    def amazon_side_asn(self) -> typing.Optional[jsii.Number]:
+        '''(experimental) The private Autonomous System Number (ASN) for the Amazon side of a BGP session.
+        :default: - no ASN set for BGP session
         :stability: experimental
         '''
-        return typing.cast(builtins.str, jsii.get(self, "routerTargetId"))
+        result = self._values.get("amazon_side_asn")
+        return typing.cast(typing.Optional[jsii.Number], result)
     @builtins.property
-    @jsii.member(jsii_name="routerType")
-    def router_type(self) -> _aws_cdk_aws_ec2_ceddda9d.RouterType:
-        '''(experimental) The type of router used in the route.
+    def vpn_gateway_name(self) -> typing.Optional[builtins.str]:
+        '''(experimental) The resource name of the VPN gateway.
+        :default: - resource provisioned without any name
         :stability: experimental
         '''
-        return typing.cast(_aws_cdk_aws_ec2_ceddda9d.RouterType, jsii.get(self, "routerType"))
+        result = self._values.get("vpn_gateway_name")
+        return typing.cast(typing.Optional[builtins.str], result)
     @builtins.property
-    @jsii.member(jsii_name="vpcId")
-    def vpc_id(self) -> builtins.str:
-        '''(experimental) The ID of the VPC for which to create the VPN gateway.
+    def vpn_route_propagation(
+        self,
+    ) -> typing.Optional[typing.List[_aws_cdk_aws_ec2_ceddda9d.SubnetSelection]]:
+        '''(experimental) Subnets where the route propagation should be added.
+        :default: - no propogation for routes
         :stability: experimental
         '''
-        return typing.cast(builtins.str, jsii.get(self, "vpcId"))
+        result = self._values.get("vpn_route_propagation")
+        return typing.cast(typing.Optional[typing.List[_aws_cdk_aws_ec2_ceddda9d.SubnetSelection]], result)
+    def __eq__(self, rhs: typing.Any) -> builtins.bool:
+        return isinstance(rhs, self.__class__) and rhs._values == self._values
+    def __ne__(self, rhs: typing.Any) -> builtins.bool:
+        return not (rhs == self)
+    def __repr__(self) -> str:
+        return "VPNGatewayV2Options(%s)" % ", ".join(
+            k + "=" + repr(v) for k, v in self._values.items()
+        )
 @jsii.data_type(
-    jsii_type="@aws-cdk/aws-ec2-alpha.VPNGatewayProps",
-    jsii_struct_bases=[],
+    jsii_type="@aws-cdk/aws-ec2-alpha.VPNGatewayV2Props",
+    jsii_struct_bases=[VPNGatewayV2Options],
     name_mapping={
         "type": "type",
-        "vpc": "vpc",
         "amazon_side_asn": "amazonSideAsn",
         "vpn_gateway_name": "vpnGatewayName",
+        "vpn_route_propagation": "vpnRoutePropagation",
+        "vpc": "vpc",
     },
 )
-class VPNGatewayProps:
+class VPNGatewayV2Props(VPNGatewayV2Options):
     def __init__(
         self,
         *,
         type: _aws_cdk_aws_ec2_ceddda9d.VpnConnectionType,
-        vpc: IVpcV2,
         amazon_side_asn: typing.Optional[jsii.Number] = None,
         vpn_gateway_name: typing.Optional[builtins.str] = None,
+        vpn_route_propagation: typing.Optional[typing.Sequence[typing.Union[_aws_cdk_aws_ec2_ceddda9d.SubnetSelection, typing.Dict[builtins.str, typing.Any]]]] = None,
+        vpc: IVpcV2,
     ) -> None:
         '''(experimental) Properties to define a VPN gateway.
         :param type: (experimental) The type of VPN connection the virtual private gateway supports.
+        :param amazon_side_asn: (experimental) The private Autonomous System Number (ASN) for the Amazon side of a BGP session. Default: - no ASN set for BGP session
+        :param vpn_gateway_name: (experimental) The resource name of the VPN gateway. Default: - resource provisioned without any name
+        :param vpn_route_propagation: (experimental) Subnets where the route propagation should be added. Default: - no propogation for routes
         :param vpc: (experimental) The ID of the VPC for which to create the VPN gateway.
-        :param amazon_side_asn: (experimental) The private Autonomous System Number (ASN) for the Amazon side of a BGP session. Default: none
-        :param vpn_gateway_name: (experimental) The resource name of the VPN gateway. Default: none
         :stability: experimental
         :exampleMetadata: fixture=_generated
@@ -3636,23 +4566,34 @@ class VPNGatewayProps:
             import aws_cdk.aws_ec2_alpha as ec2_alpha
             from aws_cdk import aws_ec2 as ec2
+            # subnet: ec2.Subnet
+            # subnet_filter: ec2.SubnetFilter
             # vpc_v2: ec2_alpha.VpcV2
-            v_pNGateway_props = ec2_alpha.VPNGatewayProps(
+            v_pNGateway_v2_props = ec2_alpha.VPNGatewayV2Props(
                 type=ec2.VpnConnectionType.IPSEC_1,
                 vpc=vpc_v2,
                 # the properties below are optional
                 amazon_side_asn=123,
-                vpn_gateway_name="vpnGatewayName"
+                vpn_gateway_name="vpnGatewayName",
+                vpn_route_propagation=[ec2.SubnetSelection(
+                    availability_zones=["availabilityZones"],
+                    one_per_az=False,
+                    subnet_filters=[subnet_filter],
+                    subnet_group_name="subnetGroupName",
+                    subnets=[subnet],
+                    subnet_type=ec2.SubnetType.PRIVATE_ISOLATED
+                )]
             )
         '''
         if __debug__:
-            type_hints = typing.get_type_hints(_typecheckingstub__1c064120251b11ed07bf6eabe8a01edd24bed2a26cc286de8870e231ea63a31b)
+            type_hints = typing.get_type_hints(_typecheckingstub__3072d5168319d0db90903c5cbf3cd4040802f772c2763e1837c1fa6c7270ace9)
             check_type(argname="argument type", value=type, expected_type=type_hints["type"])
-            check_type(argname="argument vpc", value=vpc, expected_type=type_hints["vpc"])
             check_type(argname="argument amazon_side_asn", value=amazon_side_asn, expected_type=type_hints["amazon_side_asn"])
             check_type(argname="argument vpn_gateway_name", value=vpn_gateway_name, expected_type=type_hints["vpn_gateway_name"])
+            check_type(argname="argument vpn_route_propagation", value=vpn_route_propagation, expected_type=type_hints["vpn_route_propagation"])
+            check_type(argname="argument vpc", value=vpc, expected_type=type_hints["vpc"])
         self._values: typing.Dict[builtins.str, typing.Any] = {
             "type": type,
             "vpc": vpc,
@@ -3661,6 +4602,8 @@ class VPNGatewayProps:
             self._values["amazon_side_asn"] = amazon_side_asn
         if vpn_gateway_name is not None:
             self._values["vpn_gateway_name"] = vpn_gateway_name
+        if vpn_route_propagation is not None:
+            self._values["vpn_route_propagation"] = vpn_route_propagation
     @builtins.property
     def type(self) -> _aws_cdk_aws_ec2_ceddda9d.VpnConnectionType:
@@ -3673,21 +4616,11 @@ class VPNGatewayProps:
         assert result is not None, "Required property 'type' is missing"
         return typing.cast(_aws_cdk_aws_ec2_ceddda9d.VpnConnectionType, result)
-    @builtins.property
-    def vpc(self) -> IVpcV2:
-        '''(experimental) The ID of the VPC for which to create the VPN gateway.
-        :stability: experimental
-        '''
-        result = self._values.get("vpc")
-        assert result is not None, "Required property 'vpc' is missing"
-        return typing.cast(IVpcV2, result)
     @builtins.property
     def amazon_side_asn(self) -> typing.Optional[jsii.Number]:
         '''(experimental) The private Autonomous System Number (ASN) for the Amazon side of a BGP session.
-        :default: none
+        :default: - no ASN set for BGP session
         :stability: experimental
         '''
@@ -3698,13 +4631,36 @@ class VPNGatewayProps:
     def vpn_gateway_name(self) -> typing.Optional[builtins.str]:
         '''(experimental) The resource name of the VPN gateway.
-        :default: none
+        :default: - resource provisioned without any name
         :stability: experimental
         '''
         result = self._values.get("vpn_gateway_name")
         return typing.cast(typing.Optional[builtins.str], result)
+    @builtins.property
+    def vpn_route_propagation(
+        self,
+    ) -> typing.Optional[typing.List[_aws_cdk_aws_ec2_ceddda9d.SubnetSelection]]:
+        '''(experimental) Subnets where the route propagation should be added.
+        :default: - no propogation for routes
+        :stability: experimental
+        '''
+        result = self._values.get("vpn_route_propagation")
+        return typing.cast(typing.Optional[typing.List[_aws_cdk_aws_ec2_ceddda9d.SubnetSelection]], result)
+    @builtins.property
+    def vpc(self) -> IVpcV2:
+        '''(experimental) The ID of the VPC for which to create the VPN gateway.
+        :stability: experimental
+        '''
+        result = self._values.get("vpc")
+        assert result is not None, "Required property 'vpc' is missing"
+        return typing.cast(IVpcV2, result)
     def __eq__(self, rhs: typing.Any) -> builtins.bool:
         return isinstance(rhs, self.__class__) and rhs._values == self._values
@@ -3712,7 +4668,7 @@ class VPNGatewayProps:
         return not (rhs == self)
     def __repr__(self) -> str:
-        return "VPNGatewayProps(%s)" % ", ".join(
+        return "VPNGatewayV2Props(%s)" % ", ".join(
             k + "=" + repr(v) for k, v in self._values.items()
         )
@@ -3727,7 +4683,6 @@ class VPNGatewayProps:
         "ipv4_cidr_block": "ipv4CidrBlock",
         "ipv4_ipam_pool": "ipv4IpamPool",
         "ipv4_netmask_length": "ipv4NetmaskLength",
-        "ipv6_cidr_block": "ipv6CidrBlock",
         "ipv6_ipam_pool": "ipv6IpamPool",
         "ipv6_netmask_length": "ipv6NetmaskLength",
     },
@@ -3742,19 +4697,17 @@ class VpcCidrOptions:
         ipv4_cidr_block: typing.Optional[builtins.str] = None,
         ipv4_ipam_pool: typing.Optional[IIpamPool] = None,
         ipv4_netmask_length: typing.Optional[jsii.Number] = None,
-        ipv6_cidr_block: typing.Optional[builtins.str] = None,
         ipv6_ipam_pool: typing.Optional[IIpamPool] = None,
         ipv6_netmask_length: typing.Optional[jsii.Number] = None,
     ) -> None:
         '''(experimental) Consolidated return parameters to pass to VPC construct.
         :param amazon_provided: (experimental) Use amazon provided IP range. Default: false
-        :param cidr_block_name: (experimental) Required to set Secondary cidr block resource name in order to generate unique logical id for the resource. Default: : no name for primary addresses
+        :param cidr_block_name: (experimental) Required to set Secondary cidr block resource name in order to generate unique logical id for the resource. Default: - no name for primary addresses
         :param dependencies: (experimental) Dependency to associate Ipv6 CIDR block. Default: - No dependency
-        :param ipv4_cidr_block: (experimental) IPv4 CIDR Block. Default: - '10.0.0.0/16'
+        :param ipv4_cidr_block: (experimental) IPv4 CIDR Block. Default: '10.0.0.0/16'
         :param ipv4_ipam_pool: (experimental) Ipv4 IPAM Pool. Default: - Only required when using IPAM Ipv4
         :param ipv4_netmask_length: (experimental) CIDR Mask for Vpc. Default: - Only required when using IPAM Ipv4
-        :param ipv6_cidr_block: (experimental) Implementing Ipv6. Default: - No ipv6 address
         :param ipv6_ipam_pool: (experimental) Ipv6 IPAM pool id for VPC range, can only be defined under public scope. Default: - no pool id
         :param ipv6_netmask_length: (experimental) CIDR Mask for Vpc. Default: - Only required when using AWS Ipam
@@ -3778,7 +4731,6 @@ class VpcCidrOptions:
                 ipv4_cidr_block="ipv4CidrBlock",
                 ipv4_ipam_pool=ipam_pool,
                 ipv4_netmask_length=123,
-                ipv6_cidr_block="ipv6CidrBlock",
                 ipv6_ipam_pool=ipam_pool,
                 ipv6_netmask_length=123
             )
@@ -3791,7 +4743,6 @@ class VpcCidrOptions:
             check_type(argname="argument ipv4_cidr_block", value=ipv4_cidr_block, expected_type=type_hints["ipv4_cidr_block"])
             check_type(argname="argument ipv4_ipam_pool", value=ipv4_ipam_pool, expected_type=type_hints["ipv4_ipam_pool"])
             check_type(argname="argument ipv4_netmask_length", value=ipv4_netmask_length, expected_type=type_hints["ipv4_netmask_length"])
-            check_type(argname="argument ipv6_cidr_block", value=ipv6_cidr_block, expected_type=type_hints["ipv6_cidr_block"])
             check_type(argname="argument ipv6_ipam_pool", value=ipv6_ipam_pool, expected_type=type_hints["ipv6_ipam_pool"])
             check_type(argname="argument ipv6_netmask_length", value=ipv6_netmask_length, expected_type=type_hints["ipv6_netmask_length"])
         self._values: typing.Dict[builtins.str, typing.Any] = {}
@@ -3807,8 +4758,6 @@ class VpcCidrOptions:
             self._values["ipv4_ipam_pool"] = ipv4_ipam_pool
         if ipv4_netmask_length is not None:
             self._values["ipv4_netmask_length"] = ipv4_netmask_length
-        if ipv6_cidr_block is not None:
-            self._values["ipv6_cidr_block"] = ipv6_cidr_block
         if ipv6_ipam_pool is not None:
             self._values["ipv6_ipam_pool"] = ipv6_ipam_pool
         if ipv6_netmask_length is not None:
@@ -3829,7 +4778,7 @@ class VpcCidrOptions:
     def cidr_block_name(self) -> typing.Optional[builtins.str]:
         '''(experimental) Required to set Secondary cidr block resource name in order to generate unique logical id for the resource.
-        :default: : no name for primary addresses
+        :default: - no name for primary addresses
         :stability: experimental
         '''
@@ -3853,7 +4802,7 @@ class VpcCidrOptions:
     def ipv4_cidr_block(self) -> typing.Optional[builtins.str]:
         '''(experimental) IPv4 CIDR Block.
-        :default: - '10.0.0.0/16'
+        :default: '10.0.0.0/16'
         :stability: experimental
         '''
@@ -3882,17 +4831,6 @@ class VpcCidrOptions:
         result = self._values.get("ipv4_netmask_length")
         return typing.cast(typing.Optional[jsii.Number], result)
-    @builtins.property
-    def ipv6_cidr_block(self) -> typing.Optional[builtins.str]:
-        '''(experimental) Implementing Ipv6.
-        :default: - No ipv6 address
-        :stability: experimental
-        '''
-        result = self._values.get("ipv6_cidr_block")
-        return typing.cast(typing.Optional[builtins.str], result)
     @builtins.property
     def ipv6_ipam_pool(self) -> typing.Optional[IIpamPool]:
         '''(experimental) Ipv6 IPAM pool id for VPC range, can only be defined under public scope.
@@ -4048,6 +4986,28 @@ class VpcV2Base(
         return typing.cast(_aws_cdk_aws_ec2_ceddda9d.ClientVpnEndpoint, jsii.invoke(self, "addClientVpnEndpoint", [id, options]))
+    @jsii.member(jsii_name="addEgressOnlyInternetGateway")
+    def add_egress_only_internet_gateway(
+        self,
+        *,
+        destination: typing.Optional[builtins.str] = None,
+        subnets: typing.Optional[typing.Sequence[typing.Union[_aws_cdk_aws_ec2_ceddda9d.SubnetSelection, typing.Dict[builtins.str, typing.Any]]]] = None,
+    ) -> None:
+        '''(experimental) Adds a new Egress Only Internet Gateway to this VPC and defines a new route to the route table of given subnets.
+        :param destination: (experimental) Destination Ipv6 address for EGW route. Default: - '::/0' all Ipv6 traffic
+        :param subnets: (experimental) List of subnets where route to EGW will be added. Default: - no route created
+        :default: - in case of no input subnets, no route is created
+        :stability: experimental
+        '''
+        options = EgressOnlyInternetGatewayOptions(
+            destination=destination, subnets=subnets
+        )
+        return typing.cast(None, jsii.invoke(self, "addEgressOnlyInternetGateway", [options]))
     @jsii.member(jsii_name="addFlowLog")
     def add_flow_log(
         self,
@@ -4143,6 +5103,70 @@ class VpcV2Base(
         return typing.cast(_aws_cdk_aws_ec2_ceddda9d.InterfaceVpcEndpoint, jsii.invoke(self, "addInterfaceEndpoint", [id, options]))
+    @jsii.member(jsii_name="addInternetGateway")
+    def add_internet_gateway(
+        self,
+        *,
+        ipv4_destination: typing.Optional[builtins.str] = None,
+        ipv6_destination: typing.Optional[builtins.str] = None,
+    ) -> None:
+        '''(experimental) Adds a new Internet Gateway to this VPC.
+        :param ipv4_destination: (experimental) Destination Ipv6 address for EGW route. Default: - '0.0.0.0' all Ipv4 traffic
+        :param ipv6_destination: (experimental) Destination Ipv6 address for EGW route. Default: - '::/0' all Ipv6 traffic
+        :default: - creates a new route for public subnets(with all outbound access) to the Internet Gateway.
+        :stability: experimental
+        '''
+        options = InternetGatewayOptions(
+            ipv4_destination=ipv4_destination, ipv6_destination=ipv6_destination
+        )
+        return typing.cast(None, jsii.invoke(self, "addInternetGateway", [options]))
+    @jsii.member(jsii_name="addNatGateway")
+    def add_nat_gateway(
+        self,
+        *,
+        subnet: ISubnetV2,
+        allocation_id: typing.Optional[builtins.str] = None,
+        connectivity_type: typing.Optional[NatConnectivityType] = None,
+        max_drain_duration: typing.Optional[_aws_cdk_ceddda9d.Duration] = None,
+        nat_gateway_name: typing.Optional[builtins.str] = None,
+        private_ip_address: typing.Optional[builtins.str] = None,
+        secondary_allocation_ids: typing.Optional[typing.Sequence[builtins.str]] = None,
+        secondary_private_ip_address_count: typing.Optional[jsii.Number] = None,
+        secondary_private_ip_addresses: typing.Optional[typing.Sequence[builtins.str]] = None,
+    ) -> NatGateway:
+        '''(experimental) Adds a new NAT Gateway to the given subnet of this VPC of given subnets.
+        :param subnet: (experimental) The subnet in which the NAT gateway is located.
+        :param allocation_id: (experimental) AllocationID of Elastic IP address that's associated with the NAT gateway. This property is required for a public NAT gateway and cannot be specified with a private NAT gateway. Default: - attr.allocationID of a new Elastic IP created by default //TODO: ADD L2 for elastic ip
+        :param connectivity_type: (experimental) Indicates whether the NAT gateway supports public or private connectivity. Default: NatConnectivityType.Public
+        :param max_drain_duration: (experimental) The maximum amount of time to wait before forcibly releasing the IP addresses if connections are still in progress. Default: 350seconds
+        :param nat_gateway_name: (experimental) The resource name of the NAT gateway. Default: - NATGW provisioned without any name
+        :param private_ip_address: (experimental) The private IPv4 address to assign to the NAT gateway. Default: - If you don't provide an address, a private IPv4 address will be automatically assigned.
+        :param secondary_allocation_ids: (experimental) Secondary EIP allocation IDs. Default: - no secondary allocation IDs attached to NATGW
+        :param secondary_private_ip_address_count: (experimental) The number of secondary private IPv4 addresses you want to assign to the NAT gateway. ``SecondaryPrivateIpAddressCount`` and ``SecondaryPrivateIpAddresses`` cannot be set at the same time. Default: - no secondary allocation IDs associated with NATGW
+        :param secondary_private_ip_addresses: (experimental) Secondary private IPv4 addresses. ``SecondaryPrivateIpAddressCount`` and ``SecondaryPrivateIpAddresses`` cannot be set at the same time. Default: - no secondary private IpAddresses associated with NATGW
+        :stability: experimental
+        '''
+        options = NatGatewayOptions(
+            subnet=subnet,
+            allocation_id=allocation_id,
+            connectivity_type=connectivity_type,
+            max_drain_duration=max_drain_duration,
+            nat_gateway_name=nat_gateway_name,
+            private_ip_address=private_ip_address,
+            secondary_allocation_ids=secondary_allocation_ids,
+            secondary_private_ip_address_count=secondary_private_ip_address_count,
+            secondary_private_ip_addresses=secondary_private_ip_addresses,
+        )
+        return typing.cast(NatGateway, jsii.invoke(self, "addNatGateway", [options]))
     @jsii.member(jsii_name="addVpnConnection")
     def add_vpn_connection(
         self,
@@ -4180,13 +5204,15 @@ class VpcV2Base(
         type: builtins.str,
         amazon_side_asn: typing.Optional[jsii.Number] = None,
     ) -> None:
-        '''(experimental) Adds a VPN Gateway to this VPC.
+        '''(deprecated) Adds a VPN Gateway to this VPC.
         :param vpn_route_propagation: Provide an array of subnets where the route propagation should be added. Default: noPropagation
         :param type: Default type ipsec.1.
         :param amazon_side_asn: Explicitly specify an Asn or let aws pick an Asn for you. Default: 65000
-        :stability: experimental
+        :deprecated: use enableVpnGatewayV2 for compatibility with VPCV2.Route
+        :stability: deprecated
         '''
         options = _aws_cdk_aws_ec2_ceddda9d.EnableVpnGatewayOptions(
             vpn_route_propagation=vpn_route_propagation,
@@ -4196,6 +5222,33 @@ class VpcV2Base(
         return typing.cast(None, jsii.invoke(self, "enableVpnGateway", [options]))
+    @jsii.member(jsii_name="enableVpnGatewayV2")
+    def enable_vpn_gateway_v2(
+        self,
+        *,
+        type: _aws_cdk_aws_ec2_ceddda9d.VpnConnectionType,
+        amazon_side_asn: typing.Optional[jsii.Number] = None,
+        vpn_gateway_name: typing.Optional[builtins.str] = None,
+        vpn_route_propagation: typing.Optional[typing.Sequence[typing.Union[_aws_cdk_aws_ec2_ceddda9d.SubnetSelection, typing.Dict[builtins.str, typing.Any]]]] = None,
+    ) -> VPNGatewayV2:
+        '''(experimental) Adds VPNGAtewayV2 to this VPC.
+        :param type: (experimental) The type of VPN connection the virtual private gateway supports.
+        :param amazon_side_asn: (experimental) The private Autonomous System Number (ASN) for the Amazon side of a BGP session. Default: - no ASN set for BGP session
+        :param vpn_gateway_name: (experimental) The resource name of the VPN gateway. Default: - resource provisioned without any name
+        :param vpn_route_propagation: (experimental) Subnets where the route propagation should be added. Default: - no propogation for routes
+        :stability: experimental
+        '''
+        options = VPNGatewayV2Options(
+            type=type,
+            amazon_side_asn=amazon_side_asn,
+            vpn_gateway_name=vpn_gateway_name,
+            vpn_route_propagation=vpn_route_propagation,
+        )
+        return typing.cast(VPNGatewayV2, jsii.invoke(self, "enableVpnGatewayV2", [options]))
     @jsii.member(jsii_name="selectSubnetObjects")
     def _select_subnet_objects(
         self,
@@ -4368,6 +5421,15 @@ class VpcV2Base(
         '''
         ...
+    @builtins.property
+    @jsii.member(jsii_name="internetGatewayId")
+    def internet_gateway_id(self) -> typing.Optional[builtins.str]:
+        '''(experimental) Returns the id of the Internet Gateway (if enabled).
+        :stability: experimental
+        '''
+        return typing.cast(typing.Optional[builtins.str], jsii.get(self, "internetGatewayId"))
     @builtins.property
     @jsii.member(jsii_name="vpnGatewayId")
     def vpn_gateway_id(self) -> typing.Optional[builtins.str]:
@@ -4499,9 +5561,9 @@ class VpcV2Props:
         :param default_instance_tenancy: (experimental) The default tenancy of instances launched into the VPC. By setting this to dedicated tenancy, instances will be launched on hardware dedicated to a single AWS customer, unless specifically specified at instance launch time. Please note, not all instance types are usable with Dedicated tenancy. Default: DefaultInstanceTenancy.Default (shared) tenancy
         :param enable_dns_hostnames: (experimental) Indicates whether the instances launched in the VPC get DNS hostnames. Default: true
         :param enable_dns_support: (experimental) Indicates whether the DNS resolution is supported for the VPC. Default: true
-        :param primary_address_block: (experimental) A must IPv4 CIDR block for the VPC https://docs.aws.amazon.com/vpc/latest/userguide/vpc-cidr-blocks.html. Default: - Ipv4 CIDR Block ('10.0.0.0/16')
-        :param secondary_address_blocks: (experimental) The secondary CIDR blocks associated with the VPC. Can be IPv4 or IPv6, two IPv4 ranges must follow RFC#1918 convention For more information, see the {@link https://docs.aws.amazon.com/vpc/latest/userguide/vpc-cidr-blocks.html#vpc-resize}. Default: - No secondary IP address
-        :param vpc_name: (experimental) Physical name for the VPC. Default: : autogenerated by CDK
+        :param primary_address_block: (experimental) A must IPv4 CIDR block for the VPC. Default: - Ipv4 CIDR Block ('10.0.0.0/16')
+        :param secondary_address_blocks: (experimental) The secondary CIDR blocks associated with the VPC. Can be IPv4 or IPv6, two IPv4 ranges must follow RFC#1918 convention For more information, Default: - No secondary IP address
+        :param vpc_name: (experimental) Physical name for the VPC. Default: - autogenerated by CDK
         :stability: experimental
         :exampleMetadata: infused
@@ -4509,19 +5571,22 @@ class VpcV2Props:
         Example::
             stack = Stack()
-            my_vpc = vpc_v2.VpcV2(self, "Vpc",
-                secondary_address_blocks=[
-                    vpc_v2.IpAddresses.amazon_provided_ipv6(cidr_block_name="AmazonProvidedIp")
-                ]
+            my_vpc = VpcV2(self, "Vpc",
+                primary_address_block=IpAddresses.ipv4("10.1.0.0/16"),
+                secondary_address_blocks=[IpAddresses.amazon_provided_ipv6(
+                    cidr_block_name="AmazonProvided"
+                )]
             )
-            vpc_v2.SubnetV2(self, "subnetA",
-                vpc=my_vpc,
-                availability_zone="us-east-1a",
-                ipv4_cidr_block=vpc_v2.IpCidr("10.0.0.0/24"),
-                ipv6_cidr_block=vpc_v2.IpCidr("2a05:d02c:25:4000::/60"),
-                subnet_type=ec2.SubnetType.PRIVATE_ISOLATED
+            eigw = EgressOnlyInternetGateway(self, "EIGW",
+                vpc=my_vpc
             )
+            route_table = RouteTable(self, "RouteTable",
+                vpc=my_vpc
+            )
+            route_table.add_route("EIGW", "::/0", {"gateway": eigw})
         '''
         if __debug__:
             type_hints = typing.get_type_hints(_typecheckingstub__8f915ef5e4a9fa4854227228067c81d198633b3f6b9621c83cee1390bc703549)
@@ -4587,10 +5652,11 @@ class VpcV2Props:
     @builtins.property
     def primary_address_block(self) -> typing.Optional[IIpAddresses]:
-        '''(experimental) A must IPv4 CIDR block for the VPC https://docs.aws.amazon.com/vpc/latest/userguide/vpc-cidr-blocks.html.
+        '''(experimental) A must IPv4 CIDR block for the VPC.
         :default: - Ipv4 CIDR Block ('10.0.0.0/16')
+        :see: https://docs.aws.amazon.com/vpc/latest/userguide/vpc-cidr-blocks.html
         :stability: experimental
         '''
         result = self._values.get("primary_address_block")
@@ -4601,10 +5667,11 @@ class VpcV2Props:
         '''(experimental) The secondary CIDR blocks associated with the VPC.
         Can be  IPv4 or IPv6, two IPv4 ranges must follow RFC#1918 convention
-        For more information, see the {@link https://docs.aws.amazon.com/vpc/latest/userguide/vpc-cidr-blocks.html#vpc-resize}.
+        For more information,
         :default: - No secondary IP address
+        :see: https://docs.aws.amazon.com/vpc/latest/userguide/vpc-cidr-blocks.html#vpc-resize}.
         :stability: experimental
         '''
         result = self._values.get("secondary_address_blocks")
@@ -4614,7 +5681,7 @@ class VpcV2Props:
     def vpc_name(self) -> typing.Optional[builtins.str]:
         '''(experimental) Physical name for the VPC.
-        :default: : autogenerated by CDK
+        :default: - autogenerated by CDK
         :stability: experimental
         '''
@@ -4643,22 +5710,27 @@ class EgressOnlyInternetGateway(
     :stability: experimental
     :resource: AWS::EC2::EgressOnlyInternetGateway
-    :exampleMetadata: fixture=_generated
+    :exampleMetadata: infused
     Example::
-        # The code below shows an example of how to instantiate this type.
-        # The values are placeholders you should change.
-        import aws_cdk.aws_ec2_alpha as ec2_alpha
-        # vpc_v2: ec2_alpha.VpcV2
+        stack = Stack()
+        my_vpc = VpcV2(self, "Vpc",
+            primary_address_block=IpAddresses.ipv4("10.1.0.0/16"),
+            secondary_address_blocks=[IpAddresses.amazon_provided_ipv6(
+                cidr_block_name="AmazonProvided"
+            )]
+        )
-        egress_only_internet_gateway = ec2_alpha.EgressOnlyInternetGateway(self, "MyEgressOnlyInternetGateway",
-            vpc=vpc_v2,
+        eigw = EgressOnlyInternetGateway(self, "EIGW",
+            vpc=my_vpc
+        )
-            # the properties below are optional
-            egress_only_internet_gateway_name="egressOnlyInternetGatewayName"
+        route_table = RouteTable(self, "RouteTable",
+            vpc=my_vpc
         )
+        route_table.add_route("EIGW", "::/0", {"gateway": eigw})
     '''
     def __init__(
@@ -4673,7 +5745,7 @@ class EgressOnlyInternetGateway(
         :param scope: -
         :param id: -
         :param vpc: (experimental) The ID of the VPC for which to create the egress-only internet gateway.
-        :param egress_only_internet_gateway_name: (experimental) The resource name of the egress-only internet gateway. Default: none
+        :param egress_only_internet_gateway_name: (experimental) The resource name of the egress-only internet gateway. Default: - provisioned without a resource name
         :stability: experimental
         '''
@@ -4731,26 +5803,22 @@ class VpcV2(
     Example::
-        my_vpc = vpc_v2.VpcV2(self, "Vpc")
-        route_table = vpc_v2.RouteTable(self, "RouteTable",
+        stack = Stack()
+        my_vpc = VpcV2(self, "Vpc")
+        route_table = RouteTable(self, "RouteTable",
             vpc=my_vpc
         )
-        subnet = vpc_v2.SubnetV2(self, "Subnet",
+        subnet = SubnetV2(self, "Subnet",
             vpc=my_vpc,
             availability_zone="eu-west-2a",
             ipv4_cidr_block=IpCidr("10.0.0.0/24"),
-            subnet_type=ec2.SubnetType.PRIVATE
+            subnet_type=SubnetType.PUBLIC
         )
-        dynamo_endpoint = ec2.GatewayVpcEndpoint(self, "DynamoEndpoint",
-            service=ec2.GatewayVpcEndpointAwsService.DYNAMODB,
-            vpc=my_vpc,
-            subnets=[subnet]
-        )
-        vpc_v2.Route(self, "DynamoDBRoute",
-            route_table=route_table,
-            destination="0.0.0.0/0",
-            target={"endpoint": dynamo_endpoint}
+        my_vpc.add_internet_gateway()
+        my_vpc.add_nat_gateway(
+            subnet=subnet,
+            connectivity_type=NatConnectivityType.PUBLIC
         )
     '''
@@ -4772,9 +5840,9 @@ class VpcV2(
         :param default_instance_tenancy: (experimental) The default tenancy of instances launched into the VPC. By setting this to dedicated tenancy, instances will be launched on hardware dedicated to a single AWS customer, unless specifically specified at instance launch time. Please note, not all instance types are usable with Dedicated tenancy. Default: DefaultInstanceTenancy.Default (shared) tenancy
         :param enable_dns_hostnames: (experimental) Indicates whether the instances launched in the VPC get DNS hostnames. Default: true
         :param enable_dns_support: (experimental) Indicates whether the DNS resolution is supported for the VPC. Default: true
-        :param primary_address_block: (experimental) A must IPv4 CIDR block for the VPC https://docs.aws.amazon.com/vpc/latest/userguide/vpc-cidr-blocks.html. Default: - Ipv4 CIDR Block ('10.0.0.0/16')
-        :param secondary_address_blocks: (experimental) The secondary CIDR blocks associated with the VPC. Can be IPv4 or IPv6, two IPv4 ranges must follow RFC#1918 convention For more information, see the {@link https://docs.aws.amazon.com/vpc/latest/userguide/vpc-cidr-blocks.html#vpc-resize}. Default: - No secondary IP address
-        :param vpc_name: (experimental) Physical name for the VPC. Default: : autogenerated by CDK
+        :param primary_address_block: (experimental) A must IPv4 CIDR block for the VPC. Default: - Ipv4 CIDR Block ('10.0.0.0/16')
+        :param secondary_address_blocks: (experimental) The secondary CIDR blocks associated with the VPC. Can be IPv4 or IPv6, two IPv4 ranges must follow RFC#1918 convention For more information, Default: - No secondary IP address
+        :param vpc_name: (experimental) Physical name for the VPC. Default: - autogenerated by CDK
         :stability: experimental
         '''
@@ -4903,7 +5971,7 @@ class VpcV2(
     @builtins.property
     @jsii.member(jsii_name="useIpv6")
     def use_ipv6(self) -> builtins.bool:
-        '''(experimental) For validation to define IPv6 subnets, set to true in case of Amazon Provided IPv6 cidr range IPv6 addresses can be attached to the subnets.
+        '''(experimental) For validation to define IPv6 subnets, set to true in case of Amazon Provided IPv6 cidr range if true, IPv6 addresses can be attached to the subnets.
         :default: false
@@ -4945,6 +6013,7 @@ __all__ = [
     "AddressFamily",
     "AwsServiceName",
     "EgressOnlyInternetGateway",
+    "EgressOnlyInternetGatewayOptions",
     "EgressOnlyInternetGatewayProps",
     "IIpAddresses",
     "IIpamPool",
@@ -4954,6 +6023,7 @@ __all__ = [
     "ISubnetV2",
     "IVpcV2",
     "InternetGateway",
+    "InternetGatewayOptions",
     "InternetGatewayProps",
     "IpAddresses",
     "IpCidr",
@@ -4966,6 +6036,7 @@ __all__ = [
     "IpamScopeType",
     "NatConnectivityType",
     "NatGateway",
+    "NatGatewayOptions",
     "NatGatewayProps",
     "PoolOptions",
     "Route",
@@ -4977,8 +6048,9 @@ __all__ = [
     "SecondaryAddressProps",
     "SubnetV2",
     "SubnetV2Props",
-    "VPNGateway",
-    "VPNGatewayProps",
+    "VPNGatewayV2",
+    "VPNGatewayV2Options",
+    "VPNGatewayV2Props",
     "VpcCidrOptions",
     "VpcV2",
     "VpcV2Base",
@@ -4987,6 +6059,14 @@ __all__ = [
 publication.publish()
+def _typecheckingstub__47cf639398ded64820e35dac43908a70a34ddc76a3ed35cc0c24357b0e01f48d(
+    *,
+    destination: typing.Optional[builtins.str] = None,
+    subnets: typing.Optional[typing.Sequence[typing.Union[_aws_cdk_aws_ec2_ceddda9d.SubnetSelection, typing.Dict[builtins.str, typing.Any]]]] = None,
+) -> None:
+    """Type checking stubs"""
+    pass
 def _typecheckingstub__a1cb0281052a85d3461453c956e87b81e82be05002c1ac33451b382cfcf0ea7e(
     *,
     vpc: IVpcV2,
@@ -5026,6 +6106,14 @@ def _typecheckingstub__a1ed9b26ff938b529db1af6f12978e1aa57b9cdaf5a5c589675cf7b8f
     """Type checking stubs"""
     pass
+def _typecheckingstub__1767be14586e30c26bcd910b9753aae1720568db2bf09fbf8dd100e10ab1fc09(
+    *,
+    ipv4_destination: typing.Optional[builtins.str] = None,
+    ipv6_destination: typing.Optional[builtins.str] = None,
+) -> None:
+    """Type checking stubs"""
+    pass
 def _typecheckingstub__b4699002455f77fce358247d059e2af25aa232257e94012a7ff9adcc0f4d4268(
     *,
     vpc: IVpcV2,
@@ -5103,7 +6191,23 @@ def _typecheckingstub__3204c5cc1ee92d73075b1e2c597a7d7bb9eb73b154f33262369b6b4ac
     scope: _constructs_77d1e7e8.Construct,
     id: builtins.str,
     *,
-    subnet: _aws_cdk_aws_ec2_ceddda9d.ISubnet,
+    vpc: typing.Optional[IVpcV2] = None,
+    subnet: ISubnetV2,
+    allocation_id: typing.Optional[builtins.str] = None,
+    connectivity_type: typing.Optional[NatConnectivityType] = None,
+    max_drain_duration: typing.Optional[_aws_cdk_ceddda9d.Duration] = None,
+    nat_gateway_name: typing.Optional[builtins.str] = None,
+    private_ip_address: typing.Optional[builtins.str] = None,
+    secondary_allocation_ids: typing.Optional[typing.Sequence[builtins.str]] = None,
+    secondary_private_ip_address_count: typing.Optional[jsii.Number] = None,
+    secondary_private_ip_addresses: typing.Optional[typing.Sequence[builtins.str]] = None,
+) -> None:
+    """Type checking stubs"""
+    pass
+def _typecheckingstub__b95898dda7ef46705953a45c7eea2438b79c93d898a7eb07a91955ee9ff221c7(
+    *,
+    subnet: ISubnetV2,
     allocation_id: typing.Optional[builtins.str] = None,
     connectivity_type: typing.Optional[NatConnectivityType] = None,
     max_drain_duration: typing.Optional[_aws_cdk_ceddda9d.Duration] = None,
@@ -5112,14 +6216,13 @@ def _typecheckingstub__3204c5cc1ee92d73075b1e2c597a7d7bb9eb73b154f33262369b6b4ac
     secondary_allocation_ids: typing.Optional[typing.Sequence[builtins.str]] = None,
     secondary_private_ip_address_count: typing.Optional[jsii.Number] = None,
     secondary_private_ip_addresses: typing.Optional[typing.Sequence[builtins.str]] = None,
-    vpc: typing.Optional[IVpcV2] = None,
 ) -> None:
     """Type checking stubs"""
     pass
 def _typecheckingstub__50c6c285bd9604aa1bbf23945426abd3cb4259870f0a85edd40b87eb08b29903(
     *,
-    subnet: _aws_cdk_aws_ec2_ceddda9d.ISubnet,
+    subnet: ISubnetV2,
     allocation_id: typing.Optional[builtins.str] = None,
     connectivity_type: typing.Optional[NatConnectivityType] = None,
     max_drain_duration: typing.Optional[_aws_cdk_ceddda9d.Duration] = None,
@@ -5176,6 +6279,14 @@ def _typecheckingstub__cfa486baea72e1e0413e458ea1f52d60725dbcdfeed33f2e810006af4
     """Type checking stubs"""
     pass
+def _typecheckingstub__920d6a12797cd2ad571157da68e37100c7d72b72ff09fd42451a65b73f154dd0(
+    id: builtins.str,
+    destination: builtins.str,
+    target: RouteTargetType,
+) -> None:
+    """Type checking stubs"""
+    pass
 def _typecheckingstub__271dc5ccfa2e958efecaeb52a22e0ecbf03734c62d76ebbf18cb73e88deea29f(
     *,
     vpc: IVpcV2,
@@ -5236,24 +6347,36 @@ def _typecheckingstub__95ce99f8025433ac8b79825abef6ff91da4dfd0693fd24dadedcee63e
     """Type checking stubs"""
     pass
-def _typecheckingstub__f6669efe999b4d7fb070da87ce4f6945c7b3b900d1c035c2e7a3dbb26415c28f(
+def _typecheckingstub__99ebb03388deee94929850a6302ea70455c70b08fdbc048c0ad431df4f5d7bff(
     scope: _constructs_77d1e7e8.Construct,
     id: builtins.str,
     *,
-    type: _aws_cdk_aws_ec2_ceddda9d.VpnConnectionType,
     vpc: IVpcV2,
+    type: _aws_cdk_aws_ec2_ceddda9d.VpnConnectionType,
     amazon_side_asn: typing.Optional[jsii.Number] = None,
     vpn_gateway_name: typing.Optional[builtins.str] = None,
+    vpn_route_propagation: typing.Optional[typing.Sequence[typing.Union[_aws_cdk_aws_ec2_ceddda9d.SubnetSelection, typing.Dict[builtins.str, typing.Any]]]] = None,
 ) -> None:
     """Type checking stubs"""
     pass
-def _typecheckingstub__1c064120251b11ed07bf6eabe8a01edd24bed2a26cc286de8870e231ea63a31b(
+def _typecheckingstub__e29191c56c11acb8fa2ca10b1e81f7c86e1e7ca21a360a0f41a7a6ec64c967c8(
+    *,
+    type: _aws_cdk_aws_ec2_ceddda9d.VpnConnectionType,
+    amazon_side_asn: typing.Optional[jsii.Number] = None,
+    vpn_gateway_name: typing.Optional[builtins.str] = None,
+    vpn_route_propagation: typing.Optional[typing.Sequence[typing.Union[_aws_cdk_aws_ec2_ceddda9d.SubnetSelection, typing.Dict[builtins.str, typing.Any]]]] = None,
+) -> None:
+    """Type checking stubs"""
+    pass
+def _typecheckingstub__3072d5168319d0db90903c5cbf3cd4040802f772c2763e1837c1fa6c7270ace9(
     *,
     type: _aws_cdk_aws_ec2_ceddda9d.VpnConnectionType,
-    vpc: IVpcV2,
     amazon_side_asn: typing.Optional[jsii.Number] = None,
     vpn_gateway_name: typing.Optional[builtins.str] = None,
+    vpn_route_propagation: typing.Optional[typing.Sequence[typing.Union[_aws_cdk_aws_ec2_ceddda9d.SubnetSelection, typing.Dict[builtins.str, typing.Any]]]] = None,
+    vpc: IVpcV2,
 ) -> None:
     """Type checking stubs"""
     pass
@@ -5266,7 +6389,6 @@ def _typecheckingstub__dc5a774224468f268ba34d837f3aec361583306c8694ae77cdb19bb4c
     ipv4_cidr_block: typing.Optional[builtins.str] = None,
     ipv4_ipam_pool: typing.Optional[IIpamPool] = None,
     ipv4_netmask_length: typing.Optional[jsii.Number] = None,
-    ipv6_cidr_block: typing.Optional[builtins.str] = None,
     ipv6_ipam_pool: typing.Optional[IIpamPool] = None,
     ipv6_netmask_length: typing.Optional[jsii.Number] = None,
 ) -> None: