aws-cdk.aws-ec2-alpha 2.168.0a0__tar.gz → 2.170.0a0__tar.gz

{aws_cdk_aws_ec2_alpha-2.168.0a0/src/aws_cdk.aws_ec2_alpha.egg-info → aws_cdk_aws_ec2_alpha-2.170.0a0}/PKG-INFO

@@ -1,6 +1,6 @@
 Metadata-Version: 2.1
 Name: aws-cdk.aws-ec2-alpha
-Version: 2.168.0a0
+Version: 2.170.0a0
 Summary: The CDK construct library for VPC V2
 Home-page: https://github.com/aws/aws-cdk
 Author: Amazon Web Services
@@ -23,7 +23,7 @@ Requires-Python: ~=3.8
 Description-Content-Type: text/markdown
 License-File: LICENSE
 License-File: NOTICE
-Requires-Dist: aws-cdk-lib<3.0.0,>=2.168.0
+Requires-Dist: aws-cdk-lib<3.0.0,>=2.170.0
 Requires-Dist: constructs<11.0.0,>=10.0.0
 Requires-Dist: jsii<2.0.0,>=1.104.0
 Requires-Dist: publication>=0.0.3
@@ -251,6 +251,155 @@ Route(self, "DynamoDBRoute",
 )
 ```
 
+## VPC Peering Connection
+
+VPC peering connection allows you to connect two VPCs and route traffic between them using private IP addresses. The VpcV2 construct supports creating VPC peering connections through the `VPCPeeringConnection` construct from the `route` module.
+
+Peering Connection cannot be established between two VPCs with overlapping CIDR ranges. Please make sure the two VPC CIDRs do not overlap with each other else it will throw an error.
+
+For more information, see [What is VPC peering?](https://docs.aws.amazon.com/vpc/latest/peering/what-is-vpc-peering.html).
+
+The following show examples of how to create a peering connection between two VPCs for all possible combinations of same-account or cross-account, and same-region or cross-region configurations.
+
+Note: You cannot create a VPC peering connection between VPCs that have matching or overlapping CIDR blocks
+
+**Case 1: Same Account and Same Region Peering Connection**
+
+```python
+stack = Stack()
+
+vpc_a = VpcV2(self, "VpcA",
+    primary_address_block=IpAddresses.ipv4("10.0.0.0/16")
+)
+
+vpc_b = VpcV2(self, "VpcB",
+    primary_address_block=IpAddresses.ipv4("10.1.0.0/16")
+)
+
+peering_connection = vpc_a.create_peering_connection("sameAccountSameRegionPeering",
+    acceptor_vpc=vpc_b
+)
+```
+
+**Case 2: Same Account and Cross Region Peering Connection**
+
+There is no difference from Case 1 when calling `createPeeringConnection`. The only change is that one of the VPCs are created in another stack with a different region. To establish cross region VPC peering connection, acceptorVpc needs to be imported to the requestor VPC stack using `fromVpcV2Attributes` method.
+
+```python
+app = App()
+
+stack_a = Stack(app, "VpcStackA", env=Environment(account="000000000000", region="us-east-1"))
+stack_b = Stack(app, "VpcStackB", env=Environment(account="000000000000", region="us-west-2"))
+
+vpc_a = VpcV2(stack_a, "VpcA",
+    primary_address_block=IpAddresses.ipv4("10.0.0.0/16")
+)
+
+VpcV2(stack_b, "VpcB",
+    primary_address_block=IpAddresses.ipv4("10.1.0.0/16")
+)
+
+vpc_b = VpcV2.from_vpc_v2_attributes(stack_a, "ImportedVpcB",
+    vpc_id="MockVpcBid",
+    vpc_cidr_block="10.1.0.0/16",
+    region="us-west-2",
+    owner_account_id="000000000000"
+)
+
+peering_connection = vpc_a.create_peering_connection("sameAccountCrossRegionPeering",
+    acceptor_vpc=vpc_b
+)
+```
+
+**Case 3: Cross Account Peering Connection**
+
+For cross-account connections, the acceptor account needs an IAM role that grants the requestor account permission to initiate the connection. Create a new IAM role in the acceptor account using method `createAcceptorVpcRole` to provide the necessary permissions.
+
+Once role is created in account, provide role arn for field `peerRoleArn` under method `createPeeringConnection`
+
+```python
+stack = Stack()
+
+acceptor_vpc = VpcV2(self, "VpcA",
+    primary_address_block=IpAddresses.ipv4("10.0.0.0/16")
+)
+
+acceptor_role_arn = acceptor_vpc.create_acceptor_vpc_role("000000000000")
+```
+
+After creating an IAM role in the acceptor account, we can initiate the peering connection request from the requestor VPC. Import accpeptorVpc to the stack using `fromVpcV2Attributes` method, it is recommended to specify owner account id of the acceptor VPC in case of cross account peering connection, if acceptor VPC is hosted in different region provide region value for import as well.
+The following code snippet demonstrates how to set up VPC peering between two VPCs in different AWS accounts using CDK:
+
+```python
+stack = Stack()
+
+acceptor_vpc = VpcV2.from_vpc_v2_attributes(self, "acceptorVpc",
+    vpc_id="vpc-XXXX",
+    vpc_cidr_block="10.0.0.0/16",
+    region="us-east-2",
+    owner_account_id="111111111111"
+)
+
+acceptor_role_arn = "arn:aws:iam::111111111111:role/VpcPeeringRole"
+
+requestor_vpc = VpcV2(self, "VpcB",
+    primary_address_block=IpAddresses.ipv4("10.1.0.0/16")
+)
+
+peering_connection = requestor_vpc.create_peering_connection("crossAccountCrossRegionPeering",
+    acceptor_vpc=acceptor_vpc,
+    peer_role_arn=acceptor_role_arn
+)
+```
+
+### Route Table Configuration
+
+After establishing the VPC peering connection, routes must be added to the respective route tables in the VPCs to enable traffic flow. If a route is added to the requestor stack, information will be able to flow from the requestor VPC to the acceptor VPC, but not in the reverse direction. For bi-directional communication, routes need to be added in both VPCs from their respective stacks.
+
+For more information, see [Update your route tables for a VPC peering connection](https://docs.aws.amazon.com/vpc/latest/peering/vpc-peering-routing.html).
+
+```python
+stack = Stack()
+
+acceptor_vpc = VpcV2(self, "VpcA",
+    primary_address_block=IpAddresses.ipv4("10.0.0.0/16")
+)
+
+requestor_vpc = VpcV2(self, "VpcB",
+    primary_address_block=IpAddresses.ipv4("10.1.0.0/16")
+)
+
+peering_connection = requestor_vpc.create_peering_connection("peeringConnection",
+    acceptor_vpc=acceptor_vpc
+)
+
+route_table = RouteTable(self, "RouteTable",
+    vpc=requestor_vpc
+)
+
+route_table.add_route("vpcPeeringRoute", "10.0.0.0/16", {"gateway": peering_connection})
+```
+
+This can also be done using AWS CLI. For more information, see [create-route](https://docs.aws.amazon.com/cli/latest/reference/ec2/create-route.html).
+
+```bash
+# Add a route to the requestor VPC route table
+aws ec2 create-route --route-table-id rtb-requestor --destination-cidr-block 10.0.0.0/16 --vpc-peering-connection-id pcx-xxxxxxxx
+
+# For bi-directional add a route in the acceptor vpc account as well
+aws ec2 create-route --route-table-id rtb-acceptor --destination-cidr-block 10.1.0.0/16 --vpc-peering-connection-id pcx-xxxxxxxx
+```
+
+### Deleting the Peering Connection
+
+To delete a VPC peering connection, use the following command:
+
+```bash
+aws ec2 delete-vpc-peering-connection --vpc-peering-connection-id pcx-xxxxxxxx
+```
+
+For more information, see [Delete a VPC peering connection](https://docs.aws.amazon.com/vpc/latest/peering/create-vpc-peering-connection.html#delete-vpc-peering-connection).
+
 ## Adding Egress-Only Internet Gateway to VPC
 
 An egress-only internet gateway is a horizontally scaled, redundant, and highly available VPC component that allows outbound communication over IPv6 from instances in your VPC to the internet, and prevents the internet from initiating an IPv6 connection with your instances.

{aws_cdk_aws_ec2_alpha-2.168.0a0 → aws_cdk_aws_ec2_alpha-2.170.0a0}/README.md

@@ -220,6 +220,155 @@ Route(self, "DynamoDBRoute",
 )
 ```
 
+## VPC Peering Connection
+
+VPC peering connection allows you to connect two VPCs and route traffic between them using private IP addresses. The VpcV2 construct supports creating VPC peering connections through the `VPCPeeringConnection` construct from the `route` module.
+
+Peering Connection cannot be established between two VPCs with overlapping CIDR ranges. Please make sure the two VPC CIDRs do not overlap with each other else it will throw an error.
+
+For more information, see [What is VPC peering?](https://docs.aws.amazon.com/vpc/latest/peering/what-is-vpc-peering.html).
+
+The following show examples of how to create a peering connection between two VPCs for all possible combinations of same-account or cross-account, and same-region or cross-region configurations.
+
+Note: You cannot create a VPC peering connection between VPCs that have matching or overlapping CIDR blocks
+
+**Case 1: Same Account and Same Region Peering Connection**
+
+```python
+stack = Stack()
+
+vpc_a = VpcV2(self, "VpcA",
+    primary_address_block=IpAddresses.ipv4("10.0.0.0/16")
+)
+
+vpc_b = VpcV2(self, "VpcB",
+    primary_address_block=IpAddresses.ipv4("10.1.0.0/16")
+)
+
+peering_connection = vpc_a.create_peering_connection("sameAccountSameRegionPeering",
+    acceptor_vpc=vpc_b
+)
+```
+
+**Case 2: Same Account and Cross Region Peering Connection**
+
+There is no difference from Case 1 when calling `createPeeringConnection`. The only change is that one of the VPCs are created in another stack with a different region. To establish cross region VPC peering connection, acceptorVpc needs to be imported to the requestor VPC stack using `fromVpcV2Attributes` method.
+
+```python
+app = App()
+
+stack_a = Stack(app, "VpcStackA", env=Environment(account="000000000000", region="us-east-1"))
+stack_b = Stack(app, "VpcStackB", env=Environment(account="000000000000", region="us-west-2"))
+
+vpc_a = VpcV2(stack_a, "VpcA",
+    primary_address_block=IpAddresses.ipv4("10.0.0.0/16")
+)
+
+VpcV2(stack_b, "VpcB",
+    primary_address_block=IpAddresses.ipv4("10.1.0.0/16")
+)
+
+vpc_b = VpcV2.from_vpc_v2_attributes(stack_a, "ImportedVpcB",
+    vpc_id="MockVpcBid",
+    vpc_cidr_block="10.1.0.0/16",
+    region="us-west-2",
+    owner_account_id="000000000000"
+)
+
+peering_connection = vpc_a.create_peering_connection("sameAccountCrossRegionPeering",
+    acceptor_vpc=vpc_b
+)
+```
+
+**Case 3: Cross Account Peering Connection**
+
+For cross-account connections, the acceptor account needs an IAM role that grants the requestor account permission to initiate the connection. Create a new IAM role in the acceptor account using method `createAcceptorVpcRole` to provide the necessary permissions.
+
+Once role is created in account, provide role arn for field `peerRoleArn` under method `createPeeringConnection`
+
+```python
+stack = Stack()
+
+acceptor_vpc = VpcV2(self, "VpcA",
+    primary_address_block=IpAddresses.ipv4("10.0.0.0/16")
+)
+
+acceptor_role_arn = acceptor_vpc.create_acceptor_vpc_role("000000000000")
+```
+
+After creating an IAM role in the acceptor account, we can initiate the peering connection request from the requestor VPC. Import accpeptorVpc to the stack using `fromVpcV2Attributes` method, it is recommended to specify owner account id of the acceptor VPC in case of cross account peering connection, if acceptor VPC is hosted in different region provide region value for import as well.
+The following code snippet demonstrates how to set up VPC peering between two VPCs in different AWS accounts using CDK:
+
+```python
+stack = Stack()
+
+acceptor_vpc = VpcV2.from_vpc_v2_attributes(self, "acceptorVpc",
+    vpc_id="vpc-XXXX",
+    vpc_cidr_block="10.0.0.0/16",
+    region="us-east-2",
+    owner_account_id="111111111111"
+)
+
+acceptor_role_arn = "arn:aws:iam::111111111111:role/VpcPeeringRole"
+
+requestor_vpc = VpcV2(self, "VpcB",
+    primary_address_block=IpAddresses.ipv4("10.1.0.0/16")
+)
+
+peering_connection = requestor_vpc.create_peering_connection("crossAccountCrossRegionPeering",
+    acceptor_vpc=acceptor_vpc,
+    peer_role_arn=acceptor_role_arn
+)
+```
+
+### Route Table Configuration
+
+After establishing the VPC peering connection, routes must be added to the respective route tables in the VPCs to enable traffic flow. If a route is added to the requestor stack, information will be able to flow from the requestor VPC to the acceptor VPC, but not in the reverse direction. For bi-directional communication, routes need to be added in both VPCs from their respective stacks.
+
+For more information, see [Update your route tables for a VPC peering connection](https://docs.aws.amazon.com/vpc/latest/peering/vpc-peering-routing.html).
+
+```python
+stack = Stack()
+
+acceptor_vpc = VpcV2(self, "VpcA",
+    primary_address_block=IpAddresses.ipv4("10.0.0.0/16")
+)
+
+requestor_vpc = VpcV2(self, "VpcB",
+    primary_address_block=IpAddresses.ipv4("10.1.0.0/16")
+)
+
+peering_connection = requestor_vpc.create_peering_connection("peeringConnection",
+    acceptor_vpc=acceptor_vpc
+)
+
+route_table = RouteTable(self, "RouteTable",
+    vpc=requestor_vpc
+)
+
+route_table.add_route("vpcPeeringRoute", "10.0.0.0/16", {"gateway": peering_connection})
+```
+
+This can also be done using AWS CLI. For more information, see [create-route](https://docs.aws.amazon.com/cli/latest/reference/ec2/create-route.html).
+
+```bash
+# Add a route to the requestor VPC route table
+aws ec2 create-route --route-table-id rtb-requestor --destination-cidr-block 10.0.0.0/16 --vpc-peering-connection-id pcx-xxxxxxxx
+
+# For bi-directional add a route in the acceptor vpc account as well
+aws ec2 create-route --route-table-id rtb-acceptor --destination-cidr-block 10.1.0.0/16 --vpc-peering-connection-id pcx-xxxxxxxx
+```
+
+### Deleting the Peering Connection
+
+To delete a VPC peering connection, use the following command:
+
+```bash
+aws ec2 delete-vpc-peering-connection --vpc-peering-connection-id pcx-xxxxxxxx
+```
+
+For more information, see [Delete a VPC peering connection](https://docs.aws.amazon.com/vpc/latest/peering/create-vpc-peering-connection.html#delete-vpc-peering-connection).
+
 ## Adding Egress-Only Internet Gateway to VPC
 
 An egress-only internet gateway is a horizontally scaled, redundant, and highly available VPC component that allows outbound communication over IPv6 from instances in your VPC to the internet, and prevents the internet from initiating an IPv6 connection with your instances.

{aws_cdk_aws_ec2_alpha-2.168.0a0 → aws_cdk_aws_ec2_alpha-2.170.0a0}/setup.py

@@ -5,7 +5,7 @@ kwargs = json.loads(
     """
 {
     "name": "aws-cdk.aws-ec2-alpha",
-    "version": "2.168.0.a0",
+    "version": "2.170.0.a0",
     "description": "The CDK construct library for VPC V2",
     "license": "Apache-2.0",
     "url": "https://github.com/aws/aws-cdk",
@@ -26,7 +26,7 @@ kwargs = json.loads(
     ],
     "package_data": {
         "aws_cdk.aws_ec2_alpha._jsii": [
-            "aws-ec2-alpha@2.168.0-alpha.0.jsii.tgz"
+            "aws-ec2-alpha@2.170.0-alpha.0.jsii.tgz"
         ],
         "aws_cdk.aws_ec2_alpha": [
             "py.typed"
@@ -34,7 +34,7 @@ kwargs = json.loads(
     },
     "python_requires": "~=3.8",
     "install_requires": [
-        "aws-cdk-lib>=2.168.0, <3.0.0",
+        "aws-cdk-lib>=2.170.0, <3.0.0",
         "constructs>=10.0.0, <11.0.0",
         "jsii>=1.104.0, <2.0.0",
         "publication>=0.0.3",