CtrlK
BlogDocsLog inGet started
Tessl Logo

tessl/npm-aws-cdk--aws-ec2

The CDK Construct Library for AWS::EC2 providing high-level constructs for EC2 instances, VPCs, subnets, security groups, and networking infrastructure.

Pending
Quality

Pending

Does it follow best practices?

Impact

Pending

No eval scenarios have been run

SecuritybySnyk

Pending

The risk profile of this skill

Overview
Eval results
Files

index.mddocs/

AWS CDK EC2

The AWS CDK EC2 module provides comprehensive TypeScript constructs for Amazon EC2 (Elastic Compute Cloud) services within the AWS CDK v1 framework. It enables infrastructure-as-code for EC2 instances, VPCs, subnets, security groups, and networking components with strong typing and high-level abstractions.

Package Information

  • Package Name: @aws-cdk/aws-ec2
  • Package Type: npm
  • Language: TypeScript
  • Installation: npm install @aws-cdk/aws-ec2
  • CDK Version: v1 (end-of-support as of June 2023)

Core Imports

import * as ec2 from "@aws-cdk/aws-ec2";
import { Vpc, Instance, SecurityGroup } from "@aws-cdk/aws-ec2";

For CommonJS:

const ec2 = require("@aws-cdk/aws-ec2");
const { Vpc, Instance, SecurityGroup } = require("@aws-cdk/aws-ec2");

Basic Usage

import * as ec2 from "@aws-cdk/aws-ec2";
import * as cdk from "@aws-cdk/core";

export class MyStack extends cdk.Stack {
  constructor(scope: cdk.Construct, id: string) {
    super(scope, id);

    // Create a VPC with public and private subnets
    const vpc = new ec2.Vpc(this, "MyVpc", {
      maxAzs: 2,
      natGateways: 1,
    });

    // Create a security group
    const securityGroup = new ec2.SecurityGroup(this, "WebSG", {
      vpc,
      description: "Security group for web servers",
    });
    securityGroup.addIngressRule(
      ec2.Peer.anyIpv4(),
      ec2.Port.tcp(80),
      "Allow HTTP traffic"
    );

    // Launch an EC2 instance
    const instance = new ec2.Instance(this, "WebServer", {
      vpc,
      instanceType: ec2.InstanceType.of(
        ec2.InstanceClass.T3,
        ec2.InstanceSize.MICRO
      ),
      machineImage: ec2.MachineImage.latestAmazonLinux(),
      securityGroup,
    });
  }
}

Architecture

The AWS CDK EC2 module is organized around several key components:

  • VPC & Networking: Virtual Private Clouds, subnets, route tables, NAT gateways, and internet gateways
  • Security: Security groups, network ACLs, and connection management
  • Compute: EC2 instances, launch templates, and auto scaling groups
  • Storage: EBS volumes, block device mappings, and encryption
  • Machine Images: AMI selection for various operating systems and configurations
  • VPC Endpoints: Gateway and interface endpoints for AWS services
  • VPN Connectivity: VPN connections, gateways, and client VPN endpoints

Capabilities

VPC Management

Comprehensive VPC creation and management with public, private, and isolated subnets. Supports custom CIDR blocks, availability zone distribution, and NAT gateway configuration.

class Vpc extends Resource implements IVpc {
  constructor(scope: Construct, id: string, props?: VpcProps);
  readonly vpcId: string;
  readonly vpcCidrBlock: string;
  readonly availabilityZones: string[];
  readonly publicSubnets: ISubnet[];
  readonly privateSubnets: ISubnet[];
  readonly isolatedSubnets: ISubnet[];
  readonly internetGatewayId?: string;
  selectSubnets(selection?: SubnetSelection): SelectedSubnets;
  addGatewayEndpoint(id: string, options: GatewayVpcEndpointOptions): GatewayVpcEndpoint;
  addInterfaceEndpoint(id: string, options: InterfaceVpcEndpointOptions): InterfaceVpcEndpoint;
}

interface VpcProps {
  readonly cidr?: string;
  readonly maxAzs?: number;
  readonly subnetConfiguration?: SubnetConfiguration[];
  readonly natGateways?: number;
  readonly natGatewayProvider?: NatProvider;
  readonly vpnGateway?: boolean;
  readonly enableDnsHostnames?: boolean;
  readonly enableDnsSupport?: boolean;
}

VPC Management

EC2 Instances

EC2 instance management with support for user data, security groups, instance types, and machine images.

class Instance extends Resource implements IInstance {
  constructor(scope: Construct, id: string, props: InstanceProps);
  readonly instanceId: string;
  readonly instanceAvailabilityZone: string;
  readonly instancePrivateDnsName: string;
  readonly instancePrivateIp: string;
  readonly instancePublicDnsName: string;
  readonly instancePublicIp: string;
  readonly connections: Connections;
  addUserData(...commands: string[]): void;
  addSecurityGroup(securityGroup: ISecurityGroup): void;
}

interface InstanceProps {
  readonly vpc: IVpc;
  readonly instanceType: InstanceType;
  readonly machineImage: IMachineImage;
  readonly securityGroup?: ISecurityGroup;
  readonly keyName?: string;
  readonly userData?: UserData;
  readonly role?: iam.IRole;
  readonly vpcSubnets?: SubnetSelection;
}

EC2 Instances

Security Groups

Network security management through security groups with ingress and egress rules.

class SecurityGroup extends Resource implements ISecurityGroup {
  constructor(scope: Construct, id: string, props: SecurityGroupProps);
  readonly securityGroupId: string;
  readonly securityGroupVpcId: string;
  readonly connections: Connections;
  addIngressRule(peer: IPeer, connection: Port, description?: string, remoteRule?: boolean): void;
  addEgressRule(peer: IPeer, connection: Port, description?: string, remoteRule?: boolean): void;
}

interface SecurityGroupProps {
  readonly vpc: IVpc;
  readonly description?: string;
  readonly allowAllOutbound?: boolean;
  readonly disableInlineRules?: boolean;
}

Security Groups

Machine Images

Machine image selection and management for various operating systems including Amazon Linux, Ubuntu, Windows, and custom AMIs.

abstract class MachineImage {
  static latestAmazonLinux(props?: AmazonLinuxImageProps): IMachineImage;
  static latestWindows(version: WindowsVersion): IMachineImage;
  static genericLinux(amiMap: {[region: string]: string}, props?: GenericLinuxImageProps): IMachineImage;
  static fromSsmParameter(parameterName: string, props?: GenericSSMParameterImageProps): IMachineImage;
  abstract getImage(scope: Construct): MachineImageConfig;
}

interface IMachineImage {
  getImage(scope: Construct): MachineImageConfig;
}

Machine Images

Subnets & Networking

Subnet management including public, private, and isolated subnets with routing configuration.

abstract class Subnet extends Resource implements ISubnet {
  readonly subnetId: string;
  readonly availabilityZone: string;
  readonly ipv4CidrBlock: string;
  readonly routeTable: IRouteTable;
  addRoute(id: string, options: AddRouteOptions): void;
}

class PublicSubnet extends Subnet implements IPublicSubnet {
  constructor(scope: Construct, id: string, props: PublicSubnetProps);
  addDefaultInternetRoute(gatewayId: string, gateway: IDependable): void;
}

class PrivateSubnet extends Subnet implements IPrivateSubnet {
  constructor(scope: Construct, id: string, props: PrivateSubnetProps);
  addDefaultNatRoute(natGatewayId: string): void;
}

Subnets & Networking

VPC Endpoints

VPC endpoint management for AWS services including gateway endpoints for S3/DynamoDB and interface endpoints for other services.

class GatewayVpcEndpoint extends VpcEndpoint implements IGatewayVpcEndpoint {
  constructor(scope: Construct, id: string, props: GatewayVpcEndpointProps);
  static fromGatewayVpcEndpointId(scope: Construct, id: string, gatewayVpcEndpointId: string): IGatewayVpcEndpoint;
}

class InterfaceVpcEndpoint extends VpcEndpoint implements IInterfaceVpcEndpoint {
  constructor(scope: Construct, id: string, props: InterfaceVpcEndpointProps);
  readonly vpcEndpointDnsEntries: string[];
  readonly vpcEndpointNetworkInterfaceIds: string[];
}

VPC Endpoints

Storage & Volumes

EBS volume management including volume types, encryption, and device mapping.

class Volume extends Resource implements IVolume {
  constructor(scope: Construct, id: string, props: VolumeProps);
  readonly volumeId: string;
  readonly availabilityZone: string;
  readonly encryptionKey?: kms.IKey;
  grantAttachVolume(grantee: iam.IGrantable, instances?: IInstance[]): iam.Grant;
  grantDetachVolume(grantee: iam.IGrantable, instances?: IInstance[]): iam.Grant;
}

interface EbsDeviceOptions {
  readonly deleteOnTermination?: boolean;
  readonly iops?: number;
  readonly volumeSize?: number;
  readonly volumeType?: EbsDeviceVolumeType;
  readonly encrypted?: boolean;
  readonly kmsKey?: kms.IKey;
}

Storage & Volumes

Launch Templates

Launch template management for advanced EC2 instance configuration.

class LaunchTemplate extends Resource implements ILaunchTemplate {
  constructor(scope: Construct, id: string, props?: LaunchTemplateProps);
  readonly launchTemplateId: string;
  readonly launchTemplateName: string;
  readonly versionNumber: string;
}

interface LaunchTemplateProps {
  readonly launchTemplateName?: string;
  readonly machineImage?: IMachineImage;
  readonly instanceType?: InstanceType;
  readonly userData?: UserData;
  readonly securityGroup?: ISecurityGroup;
  readonly keyName?: string;
  readonly role?: iam.IRole;
  readonly blockDevices?: BlockDevice[];
}

Launch Templates

Network Access Control

Network ACL management for subnet-level security controls.

class NetworkAcl extends Resource implements INetworkAcl {
  constructor(scope: Construct, id: string, props: NetworkAclProps);
  readonly networkAclId: string;
  addEntry(id: string, options: CommonNetworkAclEntryOptions): NetworkAclEntry;
}

interface CommonNetworkAclEntryOptions {
  readonly cidr: AclCidr;
  readonly ruleNumber: number;
  readonly traffic: AclTraffic;
  readonly direction?: TrafficDirection;
  readonly ruleAction?: RuleAction;
}

Network Access Control

User Data & Initialization

User data and CloudFormation init support for instance initialization.

abstract class UserData {
  static forLinux(options?: LinuxUserDataOptions): UserData;
  static forWindows(): UserData;
  static custom(content: string): UserData;
  abstract addCommands(...commands: string[]): void;
  abstract addOnExitCommands(...commands: string[]): void;
  abstract addSignalOnExitCommand(resource: Resource): void;
  abstract render(): string;
}

User Data & Initialization

VPN Connectivity

VPN connection management including site-to-site VPN and client VPN endpoints.

class VpnConnection extends Resource implements IVpnConnection {
  constructor(scope: Construct, id: string, props: VpnConnectionProps);
  readonly vpnId: string;
  readonly customerGatewayId: string;
  readonly customerGatewayIp: string;
  readonly customerGatewayAsn: number;
}

class ClientVpnEndpoint extends Resource {
  constructor(scope: Construct, id: string, props: ClientVpnEndpointProps);
  readonly endpointId: string;
  readonly dnsName: string;
  addAuthorizationRule(id: string, props: ClientVpnAuthorizationRuleProps): ClientVpnAuthorizationRule;
  addRoute(id: string, props: ClientVpnRouteProps): ClientVpnRoute;
}

VPN Connectivity

Flow Logs

VPC Flow Logs capture network traffic information for monitoring and troubleshooting.

class FlowLog extends Resource implements IFlowLog {
  constructor(scope: Construct, id: string, props: FlowLogProps);
  readonly flowLogId: string;
  
  static fromFlowLogId(scope: Construct, id: string, flowLogId: string): IFlowLog;
}

interface IFlowLog extends IResource {
  readonly flowLogId: string;
}

interface FlowLogProps {
  readonly resourceType: FlowLogResourceType;
  readonly trafficType?: FlowLogTrafficType;
  readonly destination?: FlowLogDestination;
  readonly logFormat?: string[];
  readonly maxAggregationInterval?: FlowLogMaxAggregationInterval;
}

abstract class FlowLogDestination {
  static toCloudWatchLogs(logGroup: logs.ILogGroup, iamRole?: iam.IRole): FlowLogDestination;
  static toS3(bucket: s3.IBucket, keyPrefix?: string): FlowLogDestination;
}

enum FlowLogMaxAggregationInterval {
  ONE_MINUTE = 60,
  TEN_MINUTES = 600
}

enum FlowLogTrafficType {
  ACCEPT = 'ACCEPT',
  ALL = 'ALL',
  REJECT = 'REJECT'
}

enum FlowLogResourceType {
  VPC = 'VPC',
  SUBNET = 'Subnet',
  NETWORK_INTERFACE = 'NetworkInterface'
}

Flow Logs

CloudFormation Init

Advanced instance initialization using CloudFormation Init.

class CloudFormationInit {
  static fromElements(...elements: InitElement[]): CloudFormationInit;
  static fromConfig(config: InitConfig): CloudFormationInit;
  static fromConfigSets(props: ConfigSetProps): CloudFormationInit;
  
  addConfig(configName: string, config: InitConfig): void;
  addConfigSet(configSetName: string, configNames: string[]): void;
}

class InitConfig {
  constructor(elements: InitElement[]);
  add(...elements: InitElement[]): void;
}

abstract class InitElement {
  static package(): InitPackage;
  static file(fileName: string, options: InitFileOptions): InitFile;
  static service(serviceName: string, options?: InitServiceOptions): InitService;
  static command(key: string, options: InitCommandOptions): InitCommand;
}

interface InitFileOptions {
  readonly mode?: string;
  readonly owner?: string;
  readonly group?: string;
  readonly serviceRestartHandles?: InitServiceRestartHandle[];
}

interface InitServiceOptions {
  readonly enabled?: boolean;
  readonly ensureRunning?: boolean;
  readonly serviceRestartHandle?: InitServiceRestartHandle;
}

interface InitCommandOptions {
  readonly cwd?: string;
  readonly env?: Record<string, string>;
  readonly ignoreErrors?: boolean;
  readonly testCmd?: string;
}

CloudFormation Init

Security Aspects

CDK Aspects for enforcing security best practices across EC2 resources.

abstract class RequireImdsv2Aspect implements IAspect {
  constructor(props?: RequireImdsv2AspectProps);
  abstract visit(node: IConstruct): void;
}

interface RequireImdsv2AspectProps {
  readonly suppressWarnings?: boolean;
}

class InstanceRequireImdsv2Aspect extends RequireImdsv2Aspect {
  constructor(props?: RequireImdsv2AspectProps);
  visit(node: IConstruct): void;
}

class LaunchTemplateRequireImdsv2Aspect extends RequireImdsv2Aspect {
  constructor(props?: RequireImdsv2AspectProps);
  visit(node: IConstruct): void;
}

Types

Core Networking Types

interface IVpc extends IResource {
  readonly vpcId: string;
  readonly vpcCidrBlock: string;
  readonly availabilityZones: string[];
  readonly publicSubnets: ISubnet[];
  readonly privateSubnets: ISubnet[];
  readonly isolatedSubnets: ISubnet[];
  selectSubnets(selection?: SubnetSelection): SelectedSubnets;
}

interface ISubnet extends IResource {
  readonly subnetId: string;
  readonly availabilityZone: string;
  readonly ipv4CidrBlock: string;
  readonly routeTable: IRouteTable;
}

interface ISecurityGroup extends IResource, IPeer {
  readonly securityGroupId: string;
  readonly connections: Connections;
  addIngressRule(peer: IPeer, connection: Port, description?: string): void;
  addEgressRule(peer: IPeer, connection: Port, description?: string): void;
}

Instance & Compute Types

interface IInstance extends IResource {
  readonly instanceId: string;
  readonly instanceAvailabilityZone: string;
  readonly instancePrivateIp: string;
  readonly instancePublicIp: string;
  readonly connections: Connections;
}

class InstanceType {
  static of(instanceClass: InstanceClass, instanceSize: InstanceSize): InstanceType;
  readonly toString: string;
}

enum InstanceClass {
  T2 = "t2",
  T3 = "t3",
  T3A = "t3a",
  M5 = "m5",
  M5A = "m5a",
  C5 = "c5",
  R5 = "r5",
  // ... many more instance classes
}

enum InstanceSize {
  NANO = "nano",
  MICRO = "micro",
  SMALL = "small",
  MEDIUM = "medium",
  LARGE = "large",
  XLARGE = "xlarge",
  // ... various xlarge sizes
}

docs

cloudformation-init.md

ec2-instances.md

flow-logs.md

index.md

launch-templates.md

machine-images.md

network-acl.md

security-groups.md

storage-volumes.md

subnets-networking.md

user-data.md

vpc-endpoints.md

vpc-management.md

vpn-connectivity.md

tile.json