aws-cdk.aws-ec2-alpha 2.176.0a0__py3-none-any.whl → 2.178.0a0__py3-none-any.whl

aws_cdk/aws_ec2_alpha/_jsii/__init__.py

@@ -33,9 +33,9 @@ import constructs._jsii
 
 __jsii_assembly__ = jsii.JSIIAssembly.load(
     "@aws-cdk/aws-ec2-alpha",
-    "2.176.0-alpha.0",
+    "2.178.0-alpha.0",
     __name__[0:-6],
-    "aws-ec2-alpha@2.176.0-alpha.0.jsii.tgz",
+    "aws-ec2-alpha@2.178.0-alpha.0.jsii.tgz",
 )
 
 __all__ = [

{aws_cdk.aws_ec2_alpha-2.176.0a0.dist-info → aws_cdk.aws_ec2_alpha-2.178.0a0.dist-info}/METADATA

@@ -1,6 +1,6 @@
 Metadata-Version: 2.1
 Name: aws-cdk.aws-ec2-alpha
-Version: 2.176.0a0
+Version: 2.178.0a0
 Summary: The CDK construct library for VPC V2
 Home-page: https://github.com/aws/aws-cdk
 Author: Amazon Web Services
@@ -23,9 +23,9 @@ Requires-Python: ~=3.8
 Description-Content-Type: text/markdown
 License-File: LICENSE
 License-File: NOTICE
-Requires-Dist: aws-cdk-lib<3.0.0,>=2.176.0
+Requires-Dist: aws-cdk-lib<3.0.0,>=2.178.0
 Requires-Dist: constructs<11.0.0,>=10.0.0
-Requires-Dist: jsii<2.0.0,>=1.104.0
+Requires-Dist: jsii<2.0.0,>=1.106.0
 Requires-Dist: publication>=0.0.3
 Requires-Dist: typeguard<4.3.0,>=2.13.3
 
@@ -34,13 +34,13 @@ Requires-Dist: typeguard<4.3.0,>=2.13.3
 <!--BEGIN STABILITY BANNER-->---
 
 
-![cdk-constructs: Experimental](https://img.shields.io/badge/cdk--constructs-experimental-important.svg?style=for-the-badge)
+![cdk-constructs: Developer Preview](https://img.shields.io/badge/cdk--constructs-developer--preview-informational.svg?style=for-the-badge)
 
-> The APIs of higher level constructs in this module are experimental and under active development.
-> They are subject to non-backward compatible changes or removal in any future version. These are
-> not subject to the [Semantic Versioning](https://semver.org/) model and breaking changes will be
-> announced in the release notes. This means that while you may use them, you may need to update
-> your source code when upgrading to a newer version of this package.
+> The APIs of higher level constructs in this module are in **developer preview** before they
+> become stable. We will only make breaking changes to address unforeseen API issues. Therefore,
+> these APIs are not subject to [Semantic Versioning](https://semver.org/), and breaking changes
+> will be announced in release notes. This means that while you may use them, you may need to
+> update your source code when upgrading to a newer version of this package.
 
 ---
 <!--END STABILITY BANNER-->
@@ -51,7 +51,10 @@ Requires-Dist: typeguard<4.3.0,>=2.13.3
 on the VPC being created. `VpcV2` implements the existing [`IVpc`](https://docs.aws.amazon.com/cdk/api/v2/docs/aws-cdk-lib.aws_ec2.IVpc.html), therefore,
 `VpcV2` is compatible with other constructs that accepts `IVpc` (e.g. [`ApplicationLoadBalancer`](https://docs.aws.amazon.com/cdk/api/v2/docs/aws-cdk-lib.aws_elasticloadbalancingv2.ApplicationLoadBalancer.html#construct-props)).
 
-To create a VPC with both IPv4 and IPv6 support:
+`VpcV2` supports the addition of both primary and secondary addresses. The primary address must be an IPv4 address, which can be specified as a CIDR string or assigned from an IPAM pool. Secondary addresses can be either IPv4 or IPv6.
+By default, `VpcV2` assigns `10.0.0.0/16` as the primary CIDR if no other CIDR is specified.
+
+Below is an example of creating a VPC with both IPv4 and IPv6 support:
 
 ```python
 stack = Stack()
@@ -69,6 +72,7 @@ VpcV2(self, "Vpc",
 
 `SubnetV2` is a re-write of the [`ec2.Subnet`](https://docs.aws.amazon.com/cdk/api/v2/docs/aws-cdk-lib.aws_ec2.Subnet.html) construct.
 This new construct can be used to add subnets to a `VpcV2` instance:
+Note: When defining a subnet with `SubnetV2`, CDK automatically creates a new route table, unless a route table is explicitly provided as an input to the construct.
 
 ```python
 stack = Stack()
@@ -87,16 +91,25 @@ SubnetV2(self, "subnetA",
 )
 ```
 
+Since `VpcV2` does not create subnets automatically, users have full control over IP addresses allocation across subnets.
+
 ## IP Addresses Management
 
-By default `VpcV2` uses `10.0.0.0/16` as the primary CIDR if none is defined.
-Additional CIDRs can be adding to the VPC via the `secondaryAddressBlocks` prop.
-The following example illustrates the different options of defining the address blocks:
+Additional CIDRs can be added to the VPC via the `secondaryAddressBlocks` property.
+The following example illustrates the options of defining these secondary address blocks using `IPAM`:
+
+Note: There’s currently an issue with IPAM pool deletion that may affect the `cdk --destroy` command. This is because IPAM takes time to detect when the IP address pool has been deallocated after the VPC is deleted. The current workaround is to wait until the IP address is fully deallocated from the pool before retrying the deletion. Below command can be used to check allocations for a pool using CLI
+
+```shell
+aws ec2 get-ipam-pool-allocations --ipam-pool-id <ipam-pool-id>
+```
+
+Ref: https://docs.aws.amazon.com/cli/latest/reference/ec2/get-ipam-pool-allocations.html
 
 ```python
 stack = Stack()
 ipam = Ipam(self, "Ipam",
-    operating_region=["us-west-1"]
+    operating_regions=["us-west-1"]
 )
 ipam_public_pool = ipam.public_scope.add_pool("PublicPoolA",
     address_family=AddressFamily.IP_V6,
@@ -129,11 +142,43 @@ VpcV2(self, "Vpc",
 )
 ```
 
-Since `VpcV2` does not create subnets automatically, users have full control over IP addresses allocation across subnets.
+### Bring your own IPv6 addresses (BYOIP)
+
+If you have your own IP address that you would like to use with EC2, you can set up an IPv6 pool via the AWS CLI, and use that pool ID in your application.
+
+Once you have certified your IP address block with an ROA and have obtained an X-509 certificate, you can run the following command to provision your CIDR block in your AWS account:
+
+```shell
+aws ec2 provision-byoip-cidr --region <region> --cidr <your CIDR block> --cidr-authorization-context Message="1|aws|<account>|<your CIDR block>|<expiration date>|SHA256".Signature="<signature>"
+```
+
+When your BYOIP CIDR is provisioned, you can run the following command to retrieve your IPv6 pool ID, which will be used in your VPC declaration:
+
+```shell
+aws ec2 describe-byoip-cidr --region <region>
+```
+
+For more help on setting up your IPv6 address, please review the [EC2 Documentation](https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ec2-byoip.html).
+
+Once you have provisioned your address block, you can use the IPv6 in your VPC as follows:
+
+```python
+my_vpc = VpcV2(self, "Vpc",
+    primary_address_block=IpAddresses.ipv4("10.1.0.0/16"),
+    secondary_address_blocks=[IpAddresses.ipv6_byoip_pool(
+        cidr_block_name="MyByoipCidrBlock",
+        ipv6_pool_id="ipv6pool-ec2-someHashValue",
+        ipv6_cidr_block="2001:db8::/32"
+    )],
+    enable_dns_hostnames=True,
+    enable_dns_support=True
+)
+```
 
 ## Routing
 
-`RouteTable` is a new construct that allows for route tables to be customized in a variety of ways. For instance, the following example shows how a custom route table can be created and appended to a subnet:
+`RouteTable` is a new construct that allows for route tables to be customized in a variety of ways. Using this construct, a customized route table can be added to the subnets defined using `SubnetV2`.
+For instance, the following example shows how a custom route table can be created and appended to a `SubnetV2`:
 
 ```python
 my_vpc = VpcV2(self, "Vpc")
@@ -516,6 +561,7 @@ For more information, see [Enable VPC internet access using internet gateways](h
 
 You can add an internet gateway to a VPC using `addInternetGateway` method. By default, this method creates a route in all Public Subnets with outbound destination set to `0.0.0.0` for IPv4 and `::0` for IPv6 enabled VPC.
 Instead of using the default settings, you can configure a custom destination range by providing an optional input `destination` to the method.
+In addition to the custom IP range, you can also choose to filter subnets where default routes should be created.
 
 The code example below shows how to add an internet gateway with a custom outbound destination IP range:
 
@@ -535,6 +581,35 @@ my_vpc.add_internet_gateway(
 )
 ```
 
+The following code examples demonstrates how to add an internet gateway with a custom outbound destination IP range for specific subnets:
+
+```python
+stack = Stack()
+my_vpc = VpcV2(self, "Vpc")
+
+my_subnet = SubnetV2(self, "Subnet",
+    vpc=my_vpc,
+    availability_zone="eu-west-2a",
+    ipv4_cidr_block=IpCidr("10.0.0.0/24"),
+    subnet_type=SubnetType.PUBLIC
+)
+
+my_vpc.add_internet_gateway(
+    ipv4_destination="192.168.0.0/16",
+    subnets=[my_subnet]
+)
+```
+
+```python
+stack = Stack()
+my_vpc = VpcV2(self, "Vpc")
+
+my_vpc.add_internet_gateway(
+    ipv4_destination="192.168.0.0/16",
+    subnets=[ec2.SubnetSelection(subnet_type=SubnetType.PRIVATE_WITH_EGRESS)]
+)
+```
+
 ## Importing an existing VPC
 
 You can import an existing VPC and its subnets using the `VpcV2.fromVpcV2Attributes()` method or an individual subnet using `SubnetV2.fromSubnetV2Attributes()` method.
@@ -673,3 +748,190 @@ vpc = VpcV2(self, "VPC-integ-test-tag",
 # Add custom tags if needed
 Tags.of(vpc).add("Environment", "Production")
 ```
+
+## Transit Gateway
+
+The AWS Transit Gateway construct library allows you to create and configure Transit Gateway resources using AWS CDK.
+
+See [AWS Transit Gateway Docs](docs.aws.amazon.com/vpc/latest/tgw/what-is-transit-gateway.html) for more info.
+
+### Overview
+
+The Transit Gateway construct (`TransitGateway`) is the main entry point for creating and managing your Transit Gateway infrastructure. It provides methods to create route tables, attach VPCs, and configure cross-account access.
+
+The Transit Gateway construct library provides four main constructs:
+
+* `TransitGateway`: The central hub for your network connections
+* `TransitGatewayRouteTable`: Manages routing between attached networks
+* `TransitGatewayVpcAttachment`: Connects VPCs to the Transit Gateway
+* `TransitGatewayRoute`: Defines routing rules within your Transit Gateway
+
+### Basic Usage
+
+To create a minimal deployable `TransitGateway`:
+
+```python
+transit_gateway = TransitGateway(self, "MyTransitGateway")
+```
+
+### Default Transit Gateway Route Table
+
+By default, `TransitGateway` is created with a default `TransitGatewayRouteTable`, for which automatic Associations and automatic Propagations are enabled.
+
+> Note: When you create a default Transit Gateway in AWS Console, a default Transit Gateway Route Table is automatically created by AWS. However, when using the CDK Transit Gateway L2 construct, the underlying L1 construct is configured with `defaultRouteTableAssociation` and `defaultRouteTablePropagation` explicitly disabled. This ensures that AWS does not create the default route table, allowing the CDK to define a custom default route table instead.
+>
+> As a result, in the AWS Console, the **Default association route table** and **Default propagation route table** settings will appear as disabled. Despite this, the CDK still provides automatic association and propagation functionality through its internal implementation, which can be controlled using the `defaultRouteTableAssociation` and `defaultRouteTablePropagation` properties within the CDK.
+
+You can disable the automatic Association/Propagation on the default `TransitGatewayRouteTable` via the `TransitGateway` properties. This will still create a default route table for you:
+
+```python
+transit_gateway = TransitGateway(self, "MyTransitGateway",
+    default_route_table_association=False,
+    default_route_table_propagation=False
+)
+```
+
+### Transit Gateway Route Table Management
+
+Add additional Transit Gateway Route Tables using the `addRouteTable()` method:
+
+```python
+transit_gateway = TransitGateway(self, "MyTransitGateway")
+
+route_table = transit_gateway.add_route_table("CustomRouteTable")
+```
+
+### Attaching VPCs to the Transit Gateway
+
+Currently only VPC to Transit Gateway attachments are supported.
+
+Create an attachment from a VPC to the Transit Gateway using the `attachVpc()` method:
+
+```python
+my_vpc = VpcV2(self, "Vpc")
+subnet1 = SubnetV2(self, "Subnet",
+    vpc=my_vpc,
+    availability_zone="eu-west-2a",
+    ipv4_cidr_block=IpCidr("10.0.0.0/24"),
+    subnet_type=SubnetType.PUBLIC
+)
+
+subnet2 = SubnetV2(self, "Subnet",
+    vpc=my_vpc,
+    availability_zone="eu-west-2a",
+    ipv4_cidr_block=IpCidr("10.0.1.0/24"),
+    subnet_type=SubnetType.PUBLIC
+)
+
+transit_gateway = TransitGateway(self, "MyTransitGateway")
+
+# Create a basic attachment
+attachment = transit_gateway.attach_vpc("VpcAttachment",
+    vpc=my_vpc,
+    subnets=[subnet1, subnet2]
+)
+
+# Create an attachment with optional parameters
+attachment_with_options = transit_gateway.attach_vpc("VpcAttachmentWithOptions",
+    vpc=my_vpc,
+    subnets=[subnet1],
+    vpc_attachment_options={
+        "dns_support": True,
+        "appliance_mode_support": True,
+        "ipv6_support": True,
+        "security_group_referencing_support": True
+    }
+)
+```
+
+If you want to automatically associate and propagate routes with transit gateway route tables, you can pass the `associationRouteTable` and `propagationRouteTables` parameters. This will automatically create the necessary associations and propagations based on the provided route tables.
+
+```python
+my_vpc = VpcV2(self, "Vpc")
+subnet1 = SubnetV2(self, "Subnet",
+    vpc=my_vpc,
+    availability_zone="eu-west-2a",
+    ipv4_cidr_block=IpCidr("10.0.0.0/24"),
+    subnet_type=SubnetType.PUBLIC
+)
+
+subnet2 = SubnetV2(self, "Subnet",
+    vpc=my_vpc,
+    availability_zone="eu-west-2a",
+    ipv4_cidr_block=IpCidr("10.0.1.0/24"),
+    subnet_type=SubnetType.PUBLIC
+)
+
+transit_gateway = TransitGateway(self, "MyTransitGateway")
+association_route_table = transit_gateway.add_route_table("AssociationRouteTable")
+propagation_route_table1 = transit_gateway.add_route_table("PropagationRouteTable1")
+propagation_route_table2 = transit_gateway.add_route_table("PropagationRouteTable2")
+
+# Create an attachment with automatically created association + propagations
+attachment_with_routes = transit_gateway.attach_vpc("VpcAttachment",
+    vpc=my_vpc,
+    subnets=[subnet1, subnet2],
+    association_route_table=association_route_table,
+    propagation_route_tables=[propagation_route_table1, propagation_route_table2]
+)
+```
+
+In this example, the `associationRouteTable` is set to `associationRouteTable`, and `propagationRouteTables` is set to an array containing `propagationRouteTable1` and `propagationRouteTable2`. This triggers the automatic creation of route table associations and route propagations between the Transit Gateway and the specified route tables.
+
+### Adding static routes to the route table
+
+Add static routes using either the `addRoute()` method to add an active route or `addBlackholeRoute()` to add a blackhole route:
+
+```python
+transit_gateway = TransitGateway(self, "MyTransitGateway")
+route_table = transit_gateway.add_route_table("CustomRouteTable")
+
+my_vpc = VpcV2(self, "Vpc")
+subnet = SubnetV2(self, "Subnet",
+    vpc=my_vpc,
+    availability_zone="eu-west-2a",
+    ipv4_cidr_block=IpCidr("10.0.0.0/24"),
+    subnet_type=SubnetType.PUBLIC
+)
+
+attachment = transit_gateway.attach_vpc("VpcAttachment",
+    vpc=my_vpc,
+    subnets=[subnet]
+)
+
+# Add a static route to direct traffic
+route_table.add_route("StaticRoute", attachment, "10.0.0.0/16")
+
+# Block unwanted traffic with a blackhole route
+route_table.add_blackhole_route("BlackholeRoute", "172.16.0.0/16")
+```
+
+### Route Table Associations and Propagations
+
+Configure route table associations and enable route propagation:
+
+```python
+transit_gateway = TransitGateway(self, "MyTransitGateway")
+route_table = transit_gateway.add_route_table("CustomRouteTable")
+my_vpc = VpcV2(self, "Vpc")
+subnet = SubnetV2(self, "Subnet",
+    vpc=my_vpc,
+    availability_zone="eu-west-2a",
+    ipv4_cidr_block=IpCidr("10.0.0.0/24"),
+    subnet_type=SubnetType.PUBLIC
+)
+attachment = transit_gateway.attach_vpc("VpcAttachment",
+    vpc=my_vpc,
+    subnets=[subnet]
+)
+
+# Associate an attachment with a route table
+route_table.add_association("Association", attachment)
+
+# Enable route propagation for an attachment
+route_table.enable_propagation("Propagation", attachment)
+```
+
+**Associations** — The linking of a Transit Gateway attachment to a specific route table, which determines which routes that attachment will use for routing decisions.
+
+**Propagation** — The automatic advertisement of routes from an attachment to a route table, allowing the route table to learn about available network destinations.

aws_cdk.aws_ec2_alpha-2.178.0a0.dist-info/RECORD

@@ -0,0 +1,10 @@
+aws_cdk/aws_ec2_alpha/__init__.py,sha256=AWTUHm3fqGgSQxp3VDckVj1AxpnKnhFx0uXq02OD3ko,522310
+aws_cdk/aws_ec2_alpha/py.typed,sha256=AbpHGcgLb-kRsJGnwFEktk7uzpZOCcBY74-YBdrKVGs,1
+aws_cdk/aws_ec2_alpha/_jsii/__init__.py,sha256=qhDVSau4qUL7w1_a0g6M7ehk7NBpvJN8kMlDotCvDCQ,1479
+aws_cdk/aws_ec2_alpha/_jsii/aws-ec2-alpha@2.178.0-alpha.0.jsii.tgz,sha256=OIwNlBjNM5J9050wzFwjWEsuZjhn7-1csTCtPVMTejo,231356
+aws_cdk.aws_ec2_alpha-2.178.0a0.dist-info/LICENSE,sha256=y47tc38H0C4DpGljYUZDl8XxidQjNxxGLq-K4jwv6Xc,11391
+aws_cdk.aws_ec2_alpha-2.178.0a0.dist-info/METADATA,sha256=-EzqReZP1A_lmn5jGDMesuZbsM-Bahxp0mNlItX_WAs,36566
+aws_cdk.aws_ec2_alpha-2.178.0a0.dist-info/NOTICE,sha256=ZDV6_xBfMvhFtjjBh_f6lJjhZ2AEWWAGGkx2kLKHiuc,113
+aws_cdk.aws_ec2_alpha-2.178.0a0.dist-info/WHEEL,sha256=tZoeGjtWxWRfdplE7E3d45VPlLNQnvbKiYnx7gwAy8A,92
+aws_cdk.aws_ec2_alpha-2.178.0a0.dist-info/top_level.txt,sha256=1TALAKbuUGsMSrfKWEf268lySCmcqSEO6cDYe_XlLHM,8
+aws_cdk.aws_ec2_alpha-2.178.0a0.dist-info/RECORD,,

aws_cdk.aws_ec2_alpha-2.176.0a0.dist-info/RECORD

@@ -1,10 +0,0 @@
-aws_cdk/aws_ec2_alpha/__init__.py,sha256=fctUa47KcVN6ICrGw5-D0nHcOAfUV015eyc2XnE7fsw,366853
-aws_cdk/aws_ec2_alpha/py.typed,sha256=AbpHGcgLb-kRsJGnwFEktk7uzpZOCcBY74-YBdrKVGs,1
-aws_cdk/aws_ec2_alpha/_jsii/__init__.py,sha256=0pzYY1Eby-HHCD9iQMAy6k8GrZZ6UknN_EzKEpmGomw,1479
-aws_cdk/aws_ec2_alpha/_jsii/aws-ec2-alpha@2.176.0-alpha.0.jsii.tgz,sha256=eY5JBhQyLGlq5CDkan6_JjhTUDQ0fST1RA3IS0cA0Jw,181996
-aws_cdk.aws_ec2_alpha-2.176.0a0.dist-info/LICENSE,sha256=y47tc38H0C4DpGljYUZDl8XxidQjNxxGLq-K4jwv6Xc,11391
-aws_cdk.aws_ec2_alpha-2.176.0a0.dist-info/METADATA,sha256=9FPGlxY3BbrgxDglLENtdWyBS0gKnTPAzql58evoatE,25872
-aws_cdk.aws_ec2_alpha-2.176.0a0.dist-info/NOTICE,sha256=ZDV6_xBfMvhFtjjBh_f6lJjhZ2AEWWAGGkx2kLKHiuc,113
-aws_cdk.aws_ec2_alpha-2.176.0a0.dist-info/WHEEL,sha256=tZoeGjtWxWRfdplE7E3d45VPlLNQnvbKiYnx7gwAy8A,92
-aws_cdk.aws_ec2_alpha-2.176.0a0.dist-info/top_level.txt,sha256=1TALAKbuUGsMSrfKWEf268lySCmcqSEO6cDYe_XlLHM,8
-aws_cdk.aws_ec2_alpha-2.176.0a0.dist-info/RECORD,,