PyPI - aws-cdk.aws-ec2-alpha - Versions diffs - 2.169.0a0__py3-none-any.whl → 2.171.0a0__py3-none-any.whl - Mend

aws-cdk.aws-ec2-alpha 2.169.0a0py3-none-any.whl → 2.171.0a0py3-none-any.whl

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Potentially problematic release.

This version of aws-cdk.aws-ec2-alpha might be problematic. Click here for more details.

Files changed (11) hide show

aws_cdk/aws_ec2_alpha/__init__.py CHANGED Viewed

@@ -221,6 +221,155 @@ Route(self, "DynamoDBRoute",
 )
 ```
+## VPC Peering Connection
+VPC peering connection allows you to connect two VPCs and route traffic between them using private IP addresses. The VpcV2 construct supports creating VPC peering connections through the `VPCPeeringConnection` construct from the `route` module.
+Peering Connection cannot be established between two VPCs with overlapping CIDR ranges. Please make sure the two VPC CIDRs do not overlap with each other else it will throw an error.
+For more information, see [What is VPC peering?](https://docs.aws.amazon.com/vpc/latest/peering/what-is-vpc-peering.html).
+The following show examples of how to create a peering connection between two VPCs for all possible combinations of same-account or cross-account, and same-region or cross-region configurations.
+Note: You cannot create a VPC peering connection between VPCs that have matching or overlapping CIDR blocks
+**Case 1: Same Account and Same Region Peering Connection**
+```python
+stack = Stack()
+vpc_a = VpcV2(self, "VpcA",
+    primary_address_block=IpAddresses.ipv4("10.0.0.0/16")
+)
+vpc_b = VpcV2(self, "VpcB",
+    primary_address_block=IpAddresses.ipv4("10.1.0.0/16")
+)
+peering_connection = vpc_a.create_peering_connection("sameAccountSameRegionPeering",
+    acceptor_vpc=vpc_b
+)
+```
+**Case 2: Same Account and Cross Region Peering Connection**
+There is no difference from Case 1 when calling `createPeeringConnection`. The only change is that one of the VPCs are created in another stack with a different region. To establish cross region VPC peering connection, acceptorVpc needs to be imported to the requestor VPC stack using `fromVpcV2Attributes` method.
+```python
+app = App()
+stack_a = Stack(app, "VpcStackA", env=Environment(account="000000000000", region="us-east-1"))
+stack_b = Stack(app, "VpcStackB", env=Environment(account="000000000000", region="us-west-2"))
+vpc_a = VpcV2(stack_a, "VpcA",
+    primary_address_block=IpAddresses.ipv4("10.0.0.0/16")
+)
+VpcV2(stack_b, "VpcB",
+    primary_address_block=IpAddresses.ipv4("10.1.0.0/16")
+)
+vpc_b = VpcV2.from_vpc_v2_attributes(stack_a, "ImportedVpcB",
+    vpc_id="MockVpcBid",
+    vpc_cidr_block="10.1.0.0/16",
+    region="us-west-2",
+    owner_account_id="000000000000"
+)
+peering_connection = vpc_a.create_peering_connection("sameAccountCrossRegionPeering",
+    acceptor_vpc=vpc_b
+)
+```
+**Case 3: Cross Account Peering Connection**
+For cross-account connections, the acceptor account needs an IAM role that grants the requestor account permission to initiate the connection. Create a new IAM role in the acceptor account using method `createAcceptorVpcRole` to provide the necessary permissions.
+Once role is created in account, provide role arn for field `peerRoleArn` under method `createPeeringConnection`
+```python
+stack = Stack()
+acceptor_vpc = VpcV2(self, "VpcA",
+    primary_address_block=IpAddresses.ipv4("10.0.0.0/16")
+)
+acceptor_role_arn = acceptor_vpc.create_acceptor_vpc_role("000000000000")
+```
+After creating an IAM role in the acceptor account, we can initiate the peering connection request from the requestor VPC. Import accpeptorVpc to the stack using `fromVpcV2Attributes` method, it is recommended to specify owner account id of the acceptor VPC in case of cross account peering connection, if acceptor VPC is hosted in different region provide region value for import as well.
+The following code snippet demonstrates how to set up VPC peering between two VPCs in different AWS accounts using CDK:
+```python
+stack = Stack()
+acceptor_vpc = VpcV2.from_vpc_v2_attributes(self, "acceptorVpc",
+    vpc_id="vpc-XXXX",
+    vpc_cidr_block="10.0.0.0/16",
+    region="us-east-2",
+    owner_account_id="111111111111"
+)
+acceptor_role_arn = "arn:aws:iam::111111111111:role/VpcPeeringRole"
+requestor_vpc = VpcV2(self, "VpcB",
+    primary_address_block=IpAddresses.ipv4("10.1.0.0/16")
+)
+peering_connection = requestor_vpc.create_peering_connection("crossAccountCrossRegionPeering",
+    acceptor_vpc=acceptor_vpc,
+    peer_role_arn=acceptor_role_arn
+)
+```
+### Route Table Configuration
+After establishing the VPC peering connection, routes must be added to the respective route tables in the VPCs to enable traffic flow. If a route is added to the requestor stack, information will be able to flow from the requestor VPC to the acceptor VPC, but not in the reverse direction. For bi-directional communication, routes need to be added in both VPCs from their respective stacks.
+For more information, see [Update your route tables for a VPC peering connection](https://docs.aws.amazon.com/vpc/latest/peering/vpc-peering-routing.html).
+```python
+stack = Stack()
+acceptor_vpc = VpcV2(self, "VpcA",
+    primary_address_block=IpAddresses.ipv4("10.0.0.0/16")
+)
+requestor_vpc = VpcV2(self, "VpcB",
+    primary_address_block=IpAddresses.ipv4("10.1.0.0/16")
+)
+peering_connection = requestor_vpc.create_peering_connection("peeringConnection",
+    acceptor_vpc=acceptor_vpc
+)
+route_table = RouteTable(self, "RouteTable",
+    vpc=requestor_vpc
+)
+route_table.add_route("vpcPeeringRoute", "10.0.0.0/16", {"gateway": peering_connection})
+```
+This can also be done using AWS CLI. For more information, see [create-route](https://docs.aws.amazon.com/cli/latest/reference/ec2/create-route.html).
+```bash
+# Add a route to the requestor VPC route table
+aws ec2 create-route --route-table-id rtb-requestor --destination-cidr-block 10.0.0.0/16 --vpc-peering-connection-id pcx-xxxxxxxx
+# For bi-directional add a route in the acceptor vpc account as well
+aws ec2 create-route --route-table-id rtb-acceptor --destination-cidr-block 10.1.0.0/16 --vpc-peering-connection-id pcx-xxxxxxxx
+```
+### Deleting the Peering Connection
+To delete a VPC peering connection, use the following command:
+```bash
+aws ec2 delete-vpc-peering-connection --vpc-peering-connection-id pcx-xxxxxxxx
+```
+For more information, see [Delete a VPC peering connection](https://docs.aws.amazon.com/vpc/latest/peering/create-vpc-peering-connection.html#delete-vpc-peering-connection).
 ## Adding Egress-Only Internet Gateway to VPC
 An egress-only internet gateway is a horizontally scaled, redundant, and highly available VPC component that allows outbound communication over IPv6 from instances in your VPC to the internet, and prevents the internet from initiating an IPv6 connection with your instances.
@@ -511,6 +660,7 @@ from ._jsii import *
 import aws_cdk as _aws_cdk_ceddda9d
 import aws_cdk.aws_ec2 as _aws_cdk_aws_ec2_ceddda9d
+import aws_cdk.aws_iam as _aws_cdk_aws_iam_ceddda9d
 import aws_cdk.aws_logs as _aws_cdk_aws_logs_ceddda9d
 import constructs as _constructs_77d1e7e8
@@ -1492,6 +1642,43 @@ class IVpcV2(_aws_cdk_aws_ec2_ceddda9d.IVpc, typing_extensions.Protocol):
         '''
         ...
+    @jsii.member(jsii_name="createAcceptorVpcRole")
+    def create_acceptor_vpc_role(
+        self,
+        requestor_account_id: builtins.str,
+    ) -> _aws_cdk_aws_iam_ceddda9d.Role:
+        '''(experimental) Adds a new role to acceptor VPC account A cross account role is required for the VPC to peer with another account.
+        For more information, see the {@link https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/peer-with-vpc-in-another-account.html}.
+        :param requestor_account_id: -
+        :stability: experimental
+        '''
+        ...
+    @jsii.member(jsii_name="createPeeringConnection")
+    def create_peering_connection(
+        self,
+        id: builtins.str,
+        *,
+        acceptor_vpc: "IVpcV2",
+        peer_role_arn: typing.Optional[builtins.str] = None,
+        vpc_peering_connection_name: typing.Optional[builtins.str] = None,
+    ) -> "VPCPeeringConnection":
+        '''(experimental) Creates a new peering connection A peering connection is a private virtual network established between two VPCs.
+        For more information, see the {@link https://docs.aws.amazon.com/vpc/latest/peering/what-is-vpc-peering.html}.
+        :param id: -
+        :param acceptor_vpc: (experimental) The VPC that is accepting the peering connection.
+        :param peer_role_arn: (experimental) The role arn created in the acceptor account. Default: - no peerRoleArn needed if not cross account connection
+        :param vpc_peering_connection_name: (experimental) The resource name of the peering connection. Default: - peering connection provisioned without any name
+        :stability: experimental
+        '''
+        ...
     @jsii.member(jsii_name="enableVpnGatewayV2")
     def enable_vpn_gateway_v2(
         self,
@@ -1676,6 +1863,55 @@ class _IVpcV2Proxy(
         return typing.cast("NatGateway", jsii.invoke(self, "addNatGateway", [options]))
+    @jsii.member(jsii_name="createAcceptorVpcRole")
+    def create_acceptor_vpc_role(
+        self,
+        requestor_account_id: builtins.str,
+    ) -> _aws_cdk_aws_iam_ceddda9d.Role:
+        '''(experimental) Adds a new role to acceptor VPC account A cross account role is required for the VPC to peer with another account.
+        For more information, see the {@link https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/peer-with-vpc-in-another-account.html}.
+        :param requestor_account_id: -
+        :stability: experimental
+        '''
+        if __debug__:
+            type_hints = typing.get_type_hints(_typecheckingstub__cb54cb9dd15b7bc3477efe1017142f91e359c4d2220c0bd556b2b114780a28d4)
+            check_type(argname="argument requestor_account_id", value=requestor_account_id, expected_type=type_hints["requestor_account_id"])
+        return typing.cast(_aws_cdk_aws_iam_ceddda9d.Role, jsii.invoke(self, "createAcceptorVpcRole", [requestor_account_id]))
+    @jsii.member(jsii_name="createPeeringConnection")
+    def create_peering_connection(
+        self,
+        id: builtins.str,
+        *,
+        acceptor_vpc: IVpcV2,
+        peer_role_arn: typing.Optional[builtins.str] = None,
+        vpc_peering_connection_name: typing.Optional[builtins.str] = None,
+    ) -> "VPCPeeringConnection":
+        '''(experimental) Creates a new peering connection A peering connection is a private virtual network established between two VPCs.
+        For more information, see the {@link https://docs.aws.amazon.com/vpc/latest/peering/what-is-vpc-peering.html}.
+        :param id: -
+        :param acceptor_vpc: (experimental) The VPC that is accepting the peering connection.
+        :param peer_role_arn: (experimental) The role arn created in the acceptor account. Default: - no peerRoleArn needed if not cross account connection
+        :param vpc_peering_connection_name: (experimental) The resource name of the peering connection. Default: - peering connection provisioned without any name
+        :stability: experimental
+        '''
+        if __debug__:
+            type_hints = typing.get_type_hints(_typecheckingstub__4919a255fea8cc4db70fd26400dd951f53e86d9e4e3aa3b925f0e5fc7b14d4b5)
+            check_type(argname="argument id", value=id, expected_type=type_hints["id"])
+        options = VPCPeeringConnectionOptions(
+            acceptor_vpc=acceptor_vpc,
+            peer_role_arn=peer_role_arn,
+            vpc_peering_connection_name=vpc_peering_connection_name,
+        )
+        return typing.cast("VPCPeeringConnection", jsii.invoke(self, "createPeeringConnection", [id, options]))
     @jsii.member(jsii_name="enableVpnGatewayV2")
     def enable_vpn_gateway_v2(
         self,
@@ -4994,6 +5230,322 @@ class VPCCidrBlockattributes:
         )
+@jsii.implements(IRouteTarget)
+class VPCPeeringConnection(
+    _aws_cdk_ceddda9d.Resource,
+    metaclass=jsii.JSIIMeta,
+    jsii_type="@aws-cdk/aws-ec2-alpha.VPCPeeringConnection",
+):
+    '''(experimental) Creates a peering connection between two VPCs.
+    :stability: experimental
+    :resource: AWS::EC2::VPCPeeringConnection
+    :exampleMetadata: infused
+    Example::
+        stack = Stack()
+        acceptor_vpc = VpcV2(self, "VpcA",
+            primary_address_block=IpAddresses.ipv4("10.0.0.0/16")
+        )
+        requestor_vpc = VpcV2(self, "VpcB",
+            primary_address_block=IpAddresses.ipv4("10.1.0.0/16")
+        )
+        peering_connection = requestor_vpc.create_peering_connection("peeringConnection",
+            acceptor_vpc=acceptor_vpc
+        )
+        route_table = RouteTable(self, "RouteTable",
+            vpc=requestor_vpc
+        )
+        route_table.add_route("vpcPeeringRoute", "10.0.0.0/16", {"gateway": peering_connection})
+    '''
+    def __init__(
+        self,
+        scope: _constructs_77d1e7e8.Construct,
+        id: builtins.str,
+        *,
+        requestor_vpc: IVpcV2,
+        acceptor_vpc: IVpcV2,
+        peer_role_arn: typing.Optional[builtins.str] = None,
+        vpc_peering_connection_name: typing.Optional[builtins.str] = None,
+    ) -> None:
+        '''
+        :param scope: -
+        :param id: -
+        :param requestor_vpc: (experimental) The VPC that is requesting the peering connection.
+        :param acceptor_vpc: (experimental) The VPC that is accepting the peering connection.
+        :param peer_role_arn: (experimental) The role arn created in the acceptor account. Default: - no peerRoleArn needed if not cross account connection
+        :param vpc_peering_connection_name: (experimental) The resource name of the peering connection. Default: - peering connection provisioned without any name
+        :stability: experimental
+        '''
+        if __debug__:
+            type_hints = typing.get_type_hints(_typecheckingstub__adba7b6a63c8eb67b053fce652ae79528cbaae45a3febbc3dde851a8a9afa655)
+            check_type(argname="argument scope", value=scope, expected_type=type_hints["scope"])
+            check_type(argname="argument id", value=id, expected_type=type_hints["id"])
+        props = VPCPeeringConnectionProps(
+            requestor_vpc=requestor_vpc,
+            acceptor_vpc=acceptor_vpc,
+            peer_role_arn=peer_role_arn,
+            vpc_peering_connection_name=vpc_peering_connection_name,
+        )
+        jsii.create(self.__class__, self, [scope, id, props])
+    @builtins.property
+    @jsii.member(jsii_name="resource")
+    def resource(self) -> _aws_cdk_aws_ec2_ceddda9d.CfnVPCPeeringConnection:
+        '''(experimental) The VPC peering connection CFN resource.
+        :stability: experimental
+        '''
+        return typing.cast(_aws_cdk_aws_ec2_ceddda9d.CfnVPCPeeringConnection, jsii.get(self, "resource"))
+    @builtins.property
+    @jsii.member(jsii_name="routerTargetId")
+    def router_target_id(self) -> builtins.str:
+        '''(experimental) The ID of the route target.
+        :stability: experimental
+        '''
+        return typing.cast(builtins.str, jsii.get(self, "routerTargetId"))
+    @builtins.property
+    @jsii.member(jsii_name="routerType")
+    def router_type(self) -> _aws_cdk_aws_ec2_ceddda9d.RouterType:
+        '''(experimental) The type of router used in the route.
+        :stability: experimental
+        '''
+        return typing.cast(_aws_cdk_aws_ec2_ceddda9d.RouterType, jsii.get(self, "routerType"))
+@jsii.data_type(
+    jsii_type="@aws-cdk/aws-ec2-alpha.VPCPeeringConnectionOptions",
+    jsii_struct_bases=[],
+    name_mapping={
+        "acceptor_vpc": "acceptorVpc",
+        "peer_role_arn": "peerRoleArn",
+        "vpc_peering_connection_name": "vpcPeeringConnectionName",
+    },
+)
+class VPCPeeringConnectionOptions:
+    def __init__(
+        self,
+        *,
+        acceptor_vpc: IVpcV2,
+        peer_role_arn: typing.Optional[builtins.str] = None,
+        vpc_peering_connection_name: typing.Optional[builtins.str] = None,
+    ) -> None:
+        '''(experimental) Options to define a VPC peering connection.
+        :param acceptor_vpc: (experimental) The VPC that is accepting the peering connection.
+        :param peer_role_arn: (experimental) The role arn created in the acceptor account. Default: - no peerRoleArn needed if not cross account connection
+        :param vpc_peering_connection_name: (experimental) The resource name of the peering connection. Default: - peering connection provisioned without any name
+        :stability: experimental
+        :exampleMetadata: infused
+        Example::
+            stack = Stack()
+            acceptor_vpc = VpcV2(self, "VpcA",
+                primary_address_block=IpAddresses.ipv4("10.0.0.0/16")
+            )
+            requestor_vpc = VpcV2(self, "VpcB",
+                primary_address_block=IpAddresses.ipv4("10.1.0.0/16")
+            )
+            peering_connection = requestor_vpc.create_peering_connection("peeringConnection",
+                acceptor_vpc=acceptor_vpc
+            )
+            route_table = RouteTable(self, "RouteTable",
+                vpc=requestor_vpc
+            )
+            route_table.add_route("vpcPeeringRoute", "10.0.0.0/16", {"gateway": peering_connection})
+        '''
+        if __debug__:
+            type_hints = typing.get_type_hints(_typecheckingstub__0af49af26f1090133d0d501835d377111e3de273232bb0049c4a5a90c4be9e69)
+            check_type(argname="argument acceptor_vpc", value=acceptor_vpc, expected_type=type_hints["acceptor_vpc"])
+            check_type(argname="argument peer_role_arn", value=peer_role_arn, expected_type=type_hints["peer_role_arn"])
+            check_type(argname="argument vpc_peering_connection_name", value=vpc_peering_connection_name, expected_type=type_hints["vpc_peering_connection_name"])
+        self._values: typing.Dict[builtins.str, typing.Any] = {
+            "acceptor_vpc": acceptor_vpc,
+        }
+        if peer_role_arn is not None:
+            self._values["peer_role_arn"] = peer_role_arn
+        if vpc_peering_connection_name is not None:
+            self._values["vpc_peering_connection_name"] = vpc_peering_connection_name
+    @builtins.property
+    def acceptor_vpc(self) -> IVpcV2:
+        '''(experimental) The VPC that is accepting the peering connection.
+        :stability: experimental
+        '''
+        result = self._values.get("acceptor_vpc")
+        assert result is not None, "Required property 'acceptor_vpc' is missing"
+        return typing.cast(IVpcV2, result)
+    @builtins.property
+    def peer_role_arn(self) -> typing.Optional[builtins.str]:
+        '''(experimental) The role arn created in the acceptor account.
+        :default: - no peerRoleArn needed if not cross account connection
+        :stability: experimental
+        '''
+        result = self._values.get("peer_role_arn")
+        return typing.cast(typing.Optional[builtins.str], result)
+    @builtins.property
+    def vpc_peering_connection_name(self) -> typing.Optional[builtins.str]:
+        '''(experimental) The resource name of the peering connection.
+        :default: - peering connection provisioned without any name
+        :stability: experimental
+        '''
+        result = self._values.get("vpc_peering_connection_name")
+        return typing.cast(typing.Optional[builtins.str], result)
+    def __eq__(self, rhs: typing.Any) -> builtins.bool:
+        return isinstance(rhs, self.__class__) and rhs._values == self._values
+    def __ne__(self, rhs: typing.Any) -> builtins.bool:
+        return not (rhs == self)
+    def __repr__(self) -> str:
+        return "VPCPeeringConnectionOptions(%s)" % ", ".join(
+            k + "=" + repr(v) for k, v in self._values.items()
+        )
+@jsii.data_type(
+    jsii_type="@aws-cdk/aws-ec2-alpha.VPCPeeringConnectionProps",
+    jsii_struct_bases=[VPCPeeringConnectionOptions],
+    name_mapping={
+        "acceptor_vpc": "acceptorVpc",
+        "peer_role_arn": "peerRoleArn",
+        "vpc_peering_connection_name": "vpcPeeringConnectionName",
+        "requestor_vpc": "requestorVpc",
+    },
+)
+class VPCPeeringConnectionProps(VPCPeeringConnectionOptions):
+    def __init__(
+        self,
+        *,
+        acceptor_vpc: IVpcV2,
+        peer_role_arn: typing.Optional[builtins.str] = None,
+        vpc_peering_connection_name: typing.Optional[builtins.str] = None,
+        requestor_vpc: IVpcV2,
+    ) -> None:
+        '''(experimental) Properties to define a VPC peering connection.
+        :param acceptor_vpc: (experimental) The VPC that is accepting the peering connection.
+        :param peer_role_arn: (experimental) The role arn created in the acceptor account. Default: - no peerRoleArn needed if not cross account connection
+        :param vpc_peering_connection_name: (experimental) The resource name of the peering connection. Default: - peering connection provisioned without any name
+        :param requestor_vpc: (experimental) The VPC that is requesting the peering connection.
+        :stability: experimental
+        :exampleMetadata: fixture=_generated
+        Example::
+            # The code below shows an example of how to instantiate this type.
+            # The values are placeholders you should change.
+            import aws_cdk.aws_ec2_alpha as ec2_alpha
+            # vpc_v2: ec2_alpha.VpcV2
+            v_pCPeering_connection_props = ec2_alpha.VPCPeeringConnectionProps(
+                acceptor_vpc=vpc_v2,
+                requestor_vpc=vpc_v2,
+                # the properties below are optional
+                peer_role_arn="peerRoleArn",
+                vpc_peering_connection_name="vpcPeeringConnectionName"
+            )
+        '''
+        if __debug__:
+            type_hints = typing.get_type_hints(_typecheckingstub__aa9f45396d3362a2cfb477c193a94dfd41a69e0f8483a75944240a97be6a7658)
+            check_type(argname="argument acceptor_vpc", value=acceptor_vpc, expected_type=type_hints["acceptor_vpc"])
+            check_type(argname="argument peer_role_arn", value=peer_role_arn, expected_type=type_hints["peer_role_arn"])
+            check_type(argname="argument vpc_peering_connection_name", value=vpc_peering_connection_name, expected_type=type_hints["vpc_peering_connection_name"])
+            check_type(argname="argument requestor_vpc", value=requestor_vpc, expected_type=type_hints["requestor_vpc"])
+        self._values: typing.Dict[builtins.str, typing.Any] = {
+            "acceptor_vpc": acceptor_vpc,
+            "requestor_vpc": requestor_vpc,
+        }
+        if peer_role_arn is not None:
+            self._values["peer_role_arn"] = peer_role_arn
+        if vpc_peering_connection_name is not None:
+            self._values["vpc_peering_connection_name"] = vpc_peering_connection_name
+    @builtins.property
+    def acceptor_vpc(self) -> IVpcV2:
+        '''(experimental) The VPC that is accepting the peering connection.
+        :stability: experimental
+        '''
+        result = self._values.get("acceptor_vpc")
+        assert result is not None, "Required property 'acceptor_vpc' is missing"
+        return typing.cast(IVpcV2, result)
+    @builtins.property
+    def peer_role_arn(self) -> typing.Optional[builtins.str]:
+        '''(experimental) The role arn created in the acceptor account.
+        :default: - no peerRoleArn needed if not cross account connection
+        :stability: experimental
+        '''
+        result = self._values.get("peer_role_arn")
+        return typing.cast(typing.Optional[builtins.str], result)
+    @builtins.property
+    def vpc_peering_connection_name(self) -> typing.Optional[builtins.str]:
+        '''(experimental) The resource name of the peering connection.
+        :default: - peering connection provisioned without any name
+        :stability: experimental
+        '''
+        result = self._values.get("vpc_peering_connection_name")
+        return typing.cast(typing.Optional[builtins.str], result)
+    @builtins.property
+    def requestor_vpc(self) -> IVpcV2:
+        '''(experimental) The VPC that is requesting the peering connection.
+        :stability: experimental
+        '''
+        result = self._values.get("requestor_vpc")
+        assert result is not None, "Required property 'requestor_vpc' is missing"
+        return typing.cast(IVpcV2, result)
+    def __eq__(self, rhs: typing.Any) -> builtins.bool:
+        return isinstance(rhs, self.__class__) and rhs._values == self._values
+    def __ne__(self, rhs: typing.Any) -> builtins.bool:
+        return not (rhs == self)
+    def __repr__(self) -> str:
+        return "VPCPeeringConnectionProps(%s)" % ", ".join(
+            k + "=" + repr(v) for k, v in self._values.items()
+        )
 @jsii.implements(IRouteTarget)
 class VPNGatewayV2(
     _aws_cdk_ceddda9d.Resource,
@@ -5619,12 +6171,22 @@ class VpcV2Attributes:
             stack = Stack()
-            # Importing a cross acount or cross region VPC
-            imported_vpc = VpcV2.from_vpc_v2_attributes(stack, "ImportedVpc",
-                vpc_id="mockVpcID",
+            acceptor_vpc = VpcV2.from_vpc_v2_attributes(self, "acceptorVpc",
+                vpc_id="vpc-XXXX",
                 vpc_cidr_block="10.0.0.0/16",
-                owner_account_id="123456789012",
-                region="us-west-2"
+                region="us-east-2",
+                owner_account_id="111111111111"
+            )
+            acceptor_role_arn = "arn:aws:iam::111111111111:role/VpcPeeringRole"
+            requestor_vpc = VpcV2(self, "VpcB",
+                primary_address_block=IpAddresses.ipv4("10.1.0.0/16")
+            )
+            peering_connection = requestor_vpc.create_peering_connection("crossAccountCrossRegionPeering",
+                acceptor_vpc=acceptor_vpc,
+                peer_role_arn=acceptor_role_arn
             )
         '''
         if __debug__:
@@ -6071,6 +6633,51 @@ class VpcV2Base(
         return typing.cast(_aws_cdk_aws_ec2_ceddda9d.VpnConnection, jsii.invoke(self, "addVpnConnection", [id, options]))
+    @jsii.member(jsii_name="createAcceptorVpcRole")
+    def create_acceptor_vpc_role(
+        self,
+        requestor_account_id: builtins.str,
+    ) -> _aws_cdk_aws_iam_ceddda9d.Role:
+        '''(experimental) Creates peering connection role for acceptor VPC.
+        :param requestor_account_id: -
+        :stability: experimental
+        '''
+        if __debug__:
+            type_hints = typing.get_type_hints(_typecheckingstub__d6deac542ba364afef2787e14a37a31d64e7bfd81977c0fc72474f4cebb5afec)
+            check_type(argname="argument requestor_account_id", value=requestor_account_id, expected_type=type_hints["requestor_account_id"])
+        return typing.cast(_aws_cdk_aws_iam_ceddda9d.Role, jsii.invoke(self, "createAcceptorVpcRole", [requestor_account_id]))
+    @jsii.member(jsii_name="createPeeringConnection")
+    def create_peering_connection(
+        self,
+        id: builtins.str,
+        *,
+        acceptor_vpc: IVpcV2,
+        peer_role_arn: typing.Optional[builtins.str] = None,
+        vpc_peering_connection_name: typing.Optional[builtins.str] = None,
+    ) -> VPCPeeringConnection:
+        '''(experimental) Creates a peering connection.
+        :param id: -
+        :param acceptor_vpc: (experimental) The VPC that is accepting the peering connection.
+        :param peer_role_arn: (experimental) The role arn created in the acceptor account. Default: - no peerRoleArn needed if not cross account connection
+        :param vpc_peering_connection_name: (experimental) The resource name of the peering connection. Default: - peering connection provisioned without any name
+        :stability: experimental
+        '''
+        if __debug__:
+            type_hints = typing.get_type_hints(_typecheckingstub__13247ed9bcf578d2a1d3e5673f812980b1dc721ed9438b71961b232d8c9ee6b7)
+            check_type(argname="argument id", value=id, expected_type=type_hints["id"])
+        options = VPCPeeringConnectionOptions(
+            acceptor_vpc=acceptor_vpc,
+            peer_role_arn=peer_role_arn,
+            vpc_peering_connection_name=vpc_peering_connection_name,
+        )
+        return typing.cast(VPCPeeringConnection, jsii.invoke(self, "createPeeringConnection", [id, options]))
     @jsii.member(jsii_name="enableVpnGateway")
     def enable_vpn_gateway(
         self,
@@ -6732,22 +7339,22 @@ class VpcV2(
     Example::
         stack = Stack()
-        my_vpc = VpcV2(self, "Vpc")
-        route_table = RouteTable(self, "RouteTable",
-            vpc=my_vpc
+        my_vpc = VpcV2(self, "Vpc",
+            primary_address_block=IpAddresses.ipv4("10.1.0.0/16"),
+            secondary_address_blocks=[IpAddresses.amazon_provided_ipv6(
+                cidr_block_name="AmazonProvided"
+            )]
         )
-        subnet = SubnetV2(self, "Subnet",
-            vpc=my_vpc,
-            availability_zone="eu-west-2a",
-            ipv4_cidr_block=IpCidr("10.0.0.0/24"),
-            subnet_type=SubnetType.PUBLIC
+        eigw = EgressOnlyInternetGateway(self, "EIGW",
+            vpc=my_vpc
         )
-        my_vpc.add_internet_gateway()
-        my_vpc.add_nat_gateway(
-            subnet=subnet,
-            connectivity_type=NatConnectivityType.PUBLIC
+        route_table = RouteTable(self, "RouteTable",
+            vpc=my_vpc
         )
+        route_table.add_route("EIGW", "::/0", {"gateway": eigw})
     '''
     def __init__(
@@ -6915,7 +7522,7 @@ class VpcV2(
     @builtins.property
     @jsii.member(jsii_name="privateSubnets")
     def private_subnets(self) -> typing.List[_aws_cdk_aws_ec2_ceddda9d.ISubnet]:
-        '''(experimental) Pbulic Subnets that are part of this VPC.
+        '''(experimental) Public Subnets that are part of this VPC.
         :stability: experimental
         '''
@@ -7049,6 +7656,9 @@ __all__ = [
     "SubnetV2Attributes",
     "SubnetV2Props",
     "VPCCidrBlockattributes",
+    "VPCPeeringConnection",
+    "VPCPeeringConnectionOptions",
+    "VPCPeeringConnectionProps",
     "VPNGatewayV2",
     "VPNGatewayV2Options",
     "VPNGatewayV2Props",
@@ -7098,6 +7708,22 @@ def _typecheckingstub__1ab59e34a032c2ecbc5b1f46184e5eafc041fe87fd1c685e9d6723df4
     """Type checking stubs"""
     pass
+def _typecheckingstub__cb54cb9dd15b7bc3477efe1017142f91e359c4d2220c0bd556b2b114780a28d4(
+    requestor_account_id: builtins.str,
+) -> None:
+    """Type checking stubs"""
+    pass
+def _typecheckingstub__4919a255fea8cc4db70fd26400dd951f53e86d9e4e3aa3b925f0e5fc7b14d4b5(
+    id: builtins.str,
+    *,
+    acceptor_vpc: IVpcV2,
+    peer_role_arn: typing.Optional[builtins.str] = None,
+    vpc_peering_connection_name: typing.Optional[builtins.str] = None,
+) -> None:
+    """Type checking stubs"""
+    pass
 def _typecheckingstub__a1ed9b26ff938b529db1af6f12978e1aa57b9cdaf5a5c589675cf7b8f2c6fe6a(
     scope: _constructs_77d1e7e8.Construct,
     id: builtins.str,
@@ -7391,6 +8017,37 @@ def _typecheckingstub__4302f03d1c3aa687fb9a6d3011f239c94d844badf36d9d2e8270a543f
     """Type checking stubs"""
     pass
+def _typecheckingstub__adba7b6a63c8eb67b053fce652ae79528cbaae45a3febbc3dde851a8a9afa655(
+    scope: _constructs_77d1e7e8.Construct,
+    id: builtins.str,
+    *,
+    requestor_vpc: IVpcV2,
+    acceptor_vpc: IVpcV2,
+    peer_role_arn: typing.Optional[builtins.str] = None,
+    vpc_peering_connection_name: typing.Optional[builtins.str] = None,
+) -> None:
+    """Type checking stubs"""
+    pass
+def _typecheckingstub__0af49af26f1090133d0d501835d377111e3de273232bb0049c4a5a90c4be9e69(
+    *,
+    acceptor_vpc: IVpcV2,
+    peer_role_arn: typing.Optional[builtins.str] = None,
+    vpc_peering_connection_name: typing.Optional[builtins.str] = None,
+) -> None:
+    """Type checking stubs"""
+    pass
+def _typecheckingstub__aa9f45396d3362a2cfb477c193a94dfd41a69e0f8483a75944240a97be6a7658(
+    *,
+    acceptor_vpc: IVpcV2,
+    peer_role_arn: typing.Optional[builtins.str] = None,
+    vpc_peering_connection_name: typing.Optional[builtins.str] = None,
+    requestor_vpc: IVpcV2,
+) -> None:
+    """Type checking stubs"""
+    pass
 def _typecheckingstub__99ebb03388deee94929850a6302ea70455c70b08fdbc048c0ad431df4f5d7bff(
     scope: _constructs_77d1e7e8.Construct,
     id: builtins.str,
@@ -7535,6 +8192,22 @@ def _typecheckingstub__f7bea01b8937a479893951a9d249dafac5eb677589e384aaf4163753c
     """Type checking stubs"""
     pass
+def _typecheckingstub__d6deac542ba364afef2787e14a37a31d64e7bfd81977c0fc72474f4cebb5afec(
+    requestor_account_id: builtins.str,
+) -> None:
+    """Type checking stubs"""
+    pass
+def _typecheckingstub__13247ed9bcf578d2a1d3e5673f812980b1dc721ed9438b71961b232d8c9ee6b7(
+    id: builtins.str,
+    *,
+    acceptor_vpc: IVpcV2,
+    peer_role_arn: typing.Optional[builtins.str] = None,
+    vpc_peering_connection_name: typing.Optional[builtins.str] = None,
+) -> None:
+    """Type checking stubs"""
+    pass
 def _typecheckingstub__072197b57e17e2499221b9aaf0906eb11fd406cafb9318f2400beeef9e8484d1(
     value: builtins.bool,
 ) -> None:

aws_cdk/aws_ec2_alpha/_jsii/__init__.py CHANGED Viewed

@@ -33,9 +33,9 @@ import constructs._jsii
 __jsii_assembly__ = jsii.JSIIAssembly.load(
     "@aws-cdk/aws-ec2-alpha",
-    "2.169.0-alpha.0",
+    "2.171.0-alpha.0",
     __name__[0:-6],
-    "aws-ec2-alpha@2.169.0-alpha.0.jsii.tgz",
+    "aws-ec2-alpha@2.171.0-alpha.0.jsii.tgz",
 )
 __all__ = [

aws_cdk/aws_ec2_alpha/_jsii/aws-ec2-alpha@2.171.0-alpha.0.jsii.tgz ADDED Viewed

Binary file

{aws_cdk.aws_ec2_alpha-2.169.0a0.dist-info → aws_cdk.aws_ec2_alpha-2.171.0a0.dist-info}/METADATA RENAMED Viewed

@@ -1,6 +1,6 @@
 Metadata-Version: 2.1
 Name: aws-cdk.aws-ec2-alpha
-Version: 2.169.0a0
+Version: 2.171.0a0
 Summary: The CDK construct library for VPC V2
 Home-page: https://github.com/aws/aws-cdk
 Author: Amazon Web Services
@@ -23,7 +23,7 @@ Requires-Python: ~=3.8
 Description-Content-Type: text/markdown
 License-File: LICENSE
 License-File: NOTICE
-Requires-Dist: aws-cdk-lib<3.0.0,>=2.169.0
+Requires-Dist: aws-cdk-lib<3.0.0,>=2.171.0
 Requires-Dist: constructs<11.0.0,>=10.0.0
 Requires-Dist: jsii<2.0.0,>=1.104.0
 Requires-Dist: publication>=0.0.3
@@ -251,6 +251,155 @@ Route(self, "DynamoDBRoute",
 )
 ```
+## VPC Peering Connection
+VPC peering connection allows you to connect two VPCs and route traffic between them using private IP addresses. The VpcV2 construct supports creating VPC peering connections through the `VPCPeeringConnection` construct from the `route` module.
+Peering Connection cannot be established between two VPCs with overlapping CIDR ranges. Please make sure the two VPC CIDRs do not overlap with each other else it will throw an error.
+For more information, see [What is VPC peering?](https://docs.aws.amazon.com/vpc/latest/peering/what-is-vpc-peering.html).
+The following show examples of how to create a peering connection between two VPCs for all possible combinations of same-account or cross-account, and same-region or cross-region configurations.
+Note: You cannot create a VPC peering connection between VPCs that have matching or overlapping CIDR blocks
+**Case 1: Same Account and Same Region Peering Connection**
+```python
+stack = Stack()
+vpc_a = VpcV2(self, "VpcA",
+    primary_address_block=IpAddresses.ipv4("10.0.0.0/16")
+)
+vpc_b = VpcV2(self, "VpcB",
+    primary_address_block=IpAddresses.ipv4("10.1.0.0/16")
+)
+peering_connection = vpc_a.create_peering_connection("sameAccountSameRegionPeering",
+    acceptor_vpc=vpc_b
+)
+```
+**Case 2: Same Account and Cross Region Peering Connection**
+There is no difference from Case 1 when calling `createPeeringConnection`. The only change is that one of the VPCs are created in another stack with a different region. To establish cross region VPC peering connection, acceptorVpc needs to be imported to the requestor VPC stack using `fromVpcV2Attributes` method.
+```python
+app = App()
+stack_a = Stack(app, "VpcStackA", env=Environment(account="000000000000", region="us-east-1"))
+stack_b = Stack(app, "VpcStackB", env=Environment(account="000000000000", region="us-west-2"))
+vpc_a = VpcV2(stack_a, "VpcA",
+    primary_address_block=IpAddresses.ipv4("10.0.0.0/16")
+)
+VpcV2(stack_b, "VpcB",
+    primary_address_block=IpAddresses.ipv4("10.1.0.0/16")
+)
+vpc_b = VpcV2.from_vpc_v2_attributes(stack_a, "ImportedVpcB",
+    vpc_id="MockVpcBid",
+    vpc_cidr_block="10.1.0.0/16",
+    region="us-west-2",
+    owner_account_id="000000000000"
+)
+peering_connection = vpc_a.create_peering_connection("sameAccountCrossRegionPeering",
+    acceptor_vpc=vpc_b
+)
+```
+**Case 3: Cross Account Peering Connection**
+For cross-account connections, the acceptor account needs an IAM role that grants the requestor account permission to initiate the connection. Create a new IAM role in the acceptor account using method `createAcceptorVpcRole` to provide the necessary permissions.
+Once role is created in account, provide role arn for field `peerRoleArn` under method `createPeeringConnection`
+```python
+stack = Stack()
+acceptor_vpc = VpcV2(self, "VpcA",
+    primary_address_block=IpAddresses.ipv4("10.0.0.0/16")
+)
+acceptor_role_arn = acceptor_vpc.create_acceptor_vpc_role("000000000000")
+```
+After creating an IAM role in the acceptor account, we can initiate the peering connection request from the requestor VPC. Import accpeptorVpc to the stack using `fromVpcV2Attributes` method, it is recommended to specify owner account id of the acceptor VPC in case of cross account peering connection, if acceptor VPC is hosted in different region provide region value for import as well.
+The following code snippet demonstrates how to set up VPC peering between two VPCs in different AWS accounts using CDK:
+```python
+stack = Stack()
+acceptor_vpc = VpcV2.from_vpc_v2_attributes(self, "acceptorVpc",
+    vpc_id="vpc-XXXX",
+    vpc_cidr_block="10.0.0.0/16",
+    region="us-east-2",
+    owner_account_id="111111111111"
+)
+acceptor_role_arn = "arn:aws:iam::111111111111:role/VpcPeeringRole"
+requestor_vpc = VpcV2(self, "VpcB",
+    primary_address_block=IpAddresses.ipv4("10.1.0.0/16")
+)
+peering_connection = requestor_vpc.create_peering_connection("crossAccountCrossRegionPeering",
+    acceptor_vpc=acceptor_vpc,
+    peer_role_arn=acceptor_role_arn
+)
+```
+### Route Table Configuration
+After establishing the VPC peering connection, routes must be added to the respective route tables in the VPCs to enable traffic flow. If a route is added to the requestor stack, information will be able to flow from the requestor VPC to the acceptor VPC, but not in the reverse direction. For bi-directional communication, routes need to be added in both VPCs from their respective stacks.
+For more information, see [Update your route tables for a VPC peering connection](https://docs.aws.amazon.com/vpc/latest/peering/vpc-peering-routing.html).
+```python
+stack = Stack()
+acceptor_vpc = VpcV2(self, "VpcA",
+    primary_address_block=IpAddresses.ipv4("10.0.0.0/16")
+)
+requestor_vpc = VpcV2(self, "VpcB",
+    primary_address_block=IpAddresses.ipv4("10.1.0.0/16")
+)
+peering_connection = requestor_vpc.create_peering_connection("peeringConnection",
+    acceptor_vpc=acceptor_vpc
+)
+route_table = RouteTable(self, "RouteTable",
+    vpc=requestor_vpc
+)
+route_table.add_route("vpcPeeringRoute", "10.0.0.0/16", {"gateway": peering_connection})
+```
+This can also be done using AWS CLI. For more information, see [create-route](https://docs.aws.amazon.com/cli/latest/reference/ec2/create-route.html).
+```bash
+# Add a route to the requestor VPC route table
+aws ec2 create-route --route-table-id rtb-requestor --destination-cidr-block 10.0.0.0/16 --vpc-peering-connection-id pcx-xxxxxxxx
+# For bi-directional add a route in the acceptor vpc account as well
+aws ec2 create-route --route-table-id rtb-acceptor --destination-cidr-block 10.1.0.0/16 --vpc-peering-connection-id pcx-xxxxxxxx
+```
+### Deleting the Peering Connection
+To delete a VPC peering connection, use the following command:
+```bash
+aws ec2 delete-vpc-peering-connection --vpc-peering-connection-id pcx-xxxxxxxx
+```
+For more information, see [Delete a VPC peering connection](https://docs.aws.amazon.com/vpc/latest/peering/create-vpc-peering-connection.html#delete-vpc-peering-connection).
 ## Adding Egress-Only Internet Gateway to VPC
 An egress-only internet gateway is a horizontally scaled, redundant, and highly available VPC component that allows outbound communication over IPv6 from instances in your VPC to the internet, and prevents the internet from initiating an IPv6 connection with your instances.

aws_cdk.aws_ec2_alpha-2.171.0a0.dist-info/RECORD ADDED Viewed

@@ -0,0 +1,10 @@
+aws_cdk/aws_ec2_alpha/__init__.py,sha256=wkTyFKJ5P8YRGMiSoBE5kuFx2pVMKTkGptIdKOCPHFA,357740
+aws_cdk/aws_ec2_alpha/py.typed,sha256=AbpHGcgLb-kRsJGnwFEktk7uzpZOCcBY74-YBdrKVGs,1
+aws_cdk/aws_ec2_alpha/_jsii/__init__.py,sha256=XyWeGPuHmVUC4gwmzvRFnl83hGCGnriwO9aZVWfxuW0,1479
+aws_cdk/aws_ec2_alpha/_jsii/aws-ec2-alpha@2.171.0-alpha.0.jsii.tgz,sha256=iv61GZMGvOd18XyFPdTbp1qAeC8CN1zlL_bW0Hk4OFQ,177523
+aws_cdk.aws_ec2_alpha-2.171.0a0.dist-info/LICENSE,sha256=kEDF86xJUQh1E9M7UPKKbHepBEdFxIUyoGfTwQB7zKg,11391
+aws_cdk.aws_ec2_alpha-2.171.0a0.dist-info/METADATA,sha256=xrz_89OChdAGaQrbt3Gb0reQ1Ha0pHKxvD3qdYa4zeA,25153
+aws_cdk.aws_ec2_alpha-2.171.0a0.dist-info/NOTICE,sha256=dXf56qvx2VDNCaqiRscOD2IH5GbmqbnKRzroZCeLtaQ,113
+aws_cdk.aws_ec2_alpha-2.171.0a0.dist-info/WHEEL,sha256=tZoeGjtWxWRfdplE7E3d45VPlLNQnvbKiYnx7gwAy8A,92
+aws_cdk.aws_ec2_alpha-2.171.0a0.dist-info/top_level.txt,sha256=1TALAKbuUGsMSrfKWEf268lySCmcqSEO6cDYe_XlLHM,8
+aws_cdk.aws_ec2_alpha-2.171.0a0.dist-info/RECORD,,

{aws_cdk.aws_ec2_alpha-2.169.0a0.dist-info → aws_cdk.aws_ec2_alpha-2.171.0a0.dist-info}/WHEEL RENAMED Viewed

@@ -1,5 +1,5 @@
 Wheel-Version: 1.0
-Generator: bdist_wheel (0.45.0)
+Generator: bdist_wheel (0.45.1)
 Root-Is-Purelib: true
 Tag: py3-none-any

aws_cdk/aws_ec2_alpha/_jsii/aws-ec2-alpha@2.169.0-alpha.0.jsii.tgz DELETED Viewed

Binary file

aws_cdk.aws_ec2_alpha-2.169.0a0.dist-info/RECORD DELETED Viewed

@@ -1,10 +0,0 @@
-aws_cdk/aws_ec2_alpha/__init__.py,sha256=CiLl22hgKUonbjTQN3xMCJbyO0X_L0kmEx5iMFvUFHw,329774
-aws_cdk/aws_ec2_alpha/py.typed,sha256=AbpHGcgLb-kRsJGnwFEktk7uzpZOCcBY74-YBdrKVGs,1
-aws_cdk/aws_ec2_alpha/_jsii/__init__.py,sha256=Rw3Jze8O4q60vAiqcVWS2GLVZFhRC4IpP_u4r5J98OA,1479
-aws_cdk/aws_ec2_alpha/_jsii/aws-ec2-alpha@2.169.0-alpha.0.jsii.tgz,sha256=hLBCjIRmXlnJn-QQoa1BSsNoX3uIzuMoqS9j60ru_jQ,164686
-aws_cdk.aws_ec2_alpha-2.169.0a0.dist-info/LICENSE,sha256=kEDF86xJUQh1E9M7UPKKbHepBEdFxIUyoGfTwQB7zKg,11391
-aws_cdk.aws_ec2_alpha-2.169.0a0.dist-info/METADATA,sha256=XDka9o49qEq8XIv4OK1VIWuvZTo9IY_EsR84ZgGQtX8,19145
-aws_cdk.aws_ec2_alpha-2.169.0a0.dist-info/NOTICE,sha256=dXf56qvx2VDNCaqiRscOD2IH5GbmqbnKRzroZCeLtaQ,113
-aws_cdk.aws_ec2_alpha-2.169.0a0.dist-info/WHEEL,sha256=bFJAMchF8aTQGUgMZzHJyDDMPTO3ToJ7x23SLJa1SVo,92
-aws_cdk.aws_ec2_alpha-2.169.0a0.dist-info/top_level.txt,sha256=1TALAKbuUGsMSrfKWEf268lySCmcqSEO6cDYe_XlLHM,8
-aws_cdk.aws_ec2_alpha-2.169.0a0.dist-info/RECORD,,

{aws_cdk.aws_ec2_alpha-2.169.0a0.dist-info → aws_cdk.aws_ec2_alpha-2.171.0a0.dist-info}/LICENSE RENAMED Viewed

File without changes

{aws_cdk.aws_ec2_alpha-2.169.0a0.dist-info → aws_cdk.aws_ec2_alpha-2.171.0a0.dist-info}/NOTICE RENAMED Viewed

File without changes

{aws_cdk.aws_ec2_alpha-2.169.0a0.dist-info → aws_cdk.aws_ec2_alpha-2.171.0a0.dist-info}/top_level.txt RENAMED Viewed

File without changes

aws-cdk.aws-ec2-alpha 2.169.0a0__py3-none-any.whl → 2.171.0a0__py3-none-any.whl

Potentially problematic release.

aws-cdk.aws-ec2-alpha 2.169.0a0py3-none-any.whl → 2.171.0a0py3-none-any.whl