You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
feat(vpcv2): implementation of add gateway method (#31224)
### Issue # (if applicable)
Tracking #[30762](#30762).
### Reason for this change
implementing below methods for vpcV2.
`routeTable.addroute(destination, target)`: Adds a new route to the existing route table of the subnet.
`vpc.enableVpnGatewayV2()`: added a new function for the customer to add VPNGateway to their VPC. In the options, user can specify list of subnets for VPNRoutePropogation. This is similar to previous implementation, only difference is with VPNGateway L2, it is now creating VPNGatewayV2 which implements IRouteTarget and hence can be used a destination to be set up in route tables.
`addInternetGateway` : adds internetGW to the VPC.
**Default behaviour:** add default route with destination set to ‘0.0.0.0’ and ‘::0’(in case of subnet with ipv6). Also a check in place to verify SubnetType is set to public as IGW is meant to be added to public subnets.
`addNatGateway`: NatGateways are subnet specific and are usually associated with PRIVATE_WITH_EGRESS or PUBLIC subnet. Also, one can’t attach NGW(Public) to subnet if VPC doesn’t have an IGW attached to it. This is validated in method implementation to prevent runtime deployment error.
**No default behaviour** for the routes, it takes in the single subnet option and associates a NATGW with it.
`vpc.addEgressOnlyInternetGateway()`: Egress Only internet GW are meant for outbound ipv6 traffic which can be custom or all ipv6(::/0).
**Default behaviour:** Associates a EIGW to the vpc and takes optional input for subnets to define a default route in associated route Table, if a destination is not provided, then it is defined as all outbound ipv6 in subnet’s route table.
**Additional changes:**
-> Modify Readme
-> Separate ipam related Tests
### Use Case
Allows user to define gateways in their vpc with a simple method and an optional default route setup on provided subnets.
Note: Breaking change since previously VPNGateway was released under route class, we’ve modified it to VPNGatewayV2.
`vpc.enableVpnGateway` is marked as deprecated in vpcv2 base class.
### Description of how you validated changes
Added unit tests and integration tests.
### Checklist
- [x] My code adheres to the [CONTRIBUTING GUIDE](https://github.com/aws/aws-cdk/blob/main/CONTRIBUTING.md) and [DESIGN GUIDELINES](https://github.com/aws/aws-cdk/blob/main/docs/DESIGN_GUIDELINES.md)
----
*By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*
`Route`s can be created to link subnets to various different AWS services via gateways and endpoints. Each unique route target has its own dedicated construct that can be routed to a given subnet via the `Route` construct. An example using the `InternetGateway` construct can be seen below:
132
+
`Routes` can be created to link subnets to various different AWS services via gateways and endpoints. Each unique route target has its own dedicated construct that can be routed to a given subnet via the `Route` construct. An example using the `InternetGateway` construct can be seen below:
Alternatively, `Routes` can also be created via method `addRoute` in the `RouteTable` class. An example using the `EgressOnlyInternetGateway` construct can be seen below:
157
+
Note: `EgressOnlyInternetGateway` can only be used to set up outbound IPv6 routing.
Other route targets may require a deeper set of parameters to set up properly. For instance, the example below illustrates how to set up a `NatGateway`:
An egress-only internet gateway is a horizontally scaled, redundant, and highly available VPC component that allows outbound communication over IPv6 from instances in your VPC to the internet, and prevents the internet from initiating an IPv6 connection with your instances.
237
+
238
+
For more information see [Enable outbound IPv6 traffic using an egress-only internet gateway](https://docs.aws.amazon.com/vpc/latest/userguide/egress-only-internet-gateway.html).
239
+
240
+
VpcV2 supports adding an egress only internet gateway to VPC using the `addEgressOnlyInternetGateway` method.
241
+
242
+
By default, this method sets up a route to all outbound IPv6 address ranges, unless a specific destination is provided by the user. It can only be configured for IPv6-enabled VPCs.
243
+
The `Subnets` parameter accepts a `SubnetFilter`, which can be based on a `SubnetType` in VpcV2. A new route will be added to the route tables of all subnets that match this filter.
A NAT gateway is a Network Address Translation (NAT) service.You can use a NAT gateway so that instances in a private subnet can connect to services outside your VPC but external services cannot initiate a connection with those instances.
273
+
274
+
For more information, see [NAT gateway basics](https://docs.aws.amazon.com/vpc/latest/userguide/vpc-nat-gateway.html).
275
+
276
+
When you create a NAT gateway, you specify one of the following connectivity types:
277
+
278
+
**Public – (Default)**: Instances in private subnets can connect to the internet through a public NAT gateway, but cannot receive unsolicited inbound connections from the internet
279
+
280
+
**Private**: Instances in private subnets can connect to other VPCs or your on-premises network through a private NAT gateway.
281
+
282
+
To define the NAT gateway connectivity type as `ConnectivityType.Public`, you need to ensure that there is an IGW(Internet Gateway) attached to the subnet's VPC.
283
+
Since a NATGW is associated with a particular subnet, providing `subnet` field in the input props is mandatory.
284
+
285
+
Additionally, you can set up a route in any route table with the target set to the NAT Gateway. The function `addNatGateway` returns a `NATGateway` object that you can reference later.
286
+
287
+
The code example below provides the definition for adding a NAT gateway to your subnet:
A virtual private gateway is the endpoint on the VPC side of your VPN connection.
312
+
313
+
For more information, see [What is AWS Site-to-Site VPN?](https://docs.aws.amazon.com/vpn/latest/s2svpn/VPC_VPN.html).
314
+
315
+
VPN route propagation is a feature in Amazon Web Services (AWS) that automatically updates route tables in your Virtual Private Cloud (VPC) with routes learned from a VPN connection.
316
+
317
+
To enable VPN route propogation, use the `vpnRoutePropagation` property to specify the subnets as an input to the function. VPN route propagation will then be enabled for each subnet with the corresponding route table IDs.
318
+
319
+
Additionally, you can set up a route in any route table with the target set to the VPN Gateway. The function `enableVpnGatewayV2` returns a `VPNGatewayV2` object that you can reference later.
320
+
321
+
The code example below provides the definition for setting up a VPN gateway with `vpnRoutePropogation` enabled:
An internet gateway is a horizontally scaled, redundant, and highly available VPC component that allows communication between your VPC and the internet. It supports both IPv4 and IPv6 traffic.
346
+
347
+
For more information, see [Enable VPC internet access using internet gateways](https://docs.aws.amazon.com/vpc/latest/userguide/vpc-igw-internet-access.html).
348
+
349
+
You can add an internet gateway to a VPC using `addInternetGateway` method. By default, this method creates a route in all Public Subnets with outbound destination set to `0.0.0.0` for IPv4 and `::0` for IPv6 enabled VPC.
350
+
Instead of using the default settings, you can configure a custom destinatation range by providing an optional input `destination` to the method.
351
+
352
+
The code example below shows how to add an internet gateway with a custom outbound destination IP range:
0 commit comments