1 | import * as cloudwatch from '@aws-cdk/aws-cloudwatch';
|
2 | import { IResource, Resource, SecretValue } from '@aws-cdk/core';
|
3 | import { Construct } from 'constructs';
|
4 | import { IVpc, SubnetSelection } from './vpc';
|
5 | export interface IVpnConnection extends IResource {
|
6 | /**
|
7 | * The id of the VPN connection.
|
8 | */
|
9 | readonly vpnId: string;
|
10 | /**
|
11 | * The id of the customer gateway.
|
12 | */
|
13 | readonly customerGatewayId: string;
|
14 | /**
|
15 | * The ip address of the customer gateway.
|
16 | */
|
17 | readonly customerGatewayIp: string;
|
18 | /**
|
19 | * The ASN of the customer gateway.
|
20 | */
|
21 | readonly customerGatewayAsn: number;
|
22 | }
|
23 | /**
|
24 | * The virtual private gateway interface
|
25 | */
|
26 | export interface IVpnGateway extends IResource {
|
27 | /**
|
28 | * The virtual private gateway Id
|
29 | */
|
30 | readonly gatewayId: string;
|
31 | }
|
32 | export interface VpnTunnelOption {
|
33 | /**
|
34 | * The pre-shared key (PSK) to establish initial authentication between the
|
35 | * virtual private gateway and customer gateway. Allowed characters are
|
36 | * alphanumeric characters period `.` and underscores `_`. Must be between 8
|
37 | * and 64 characters in length and cannot start with zero (0).
|
38 | *
|
39 | * @default an Amazon generated pre-shared key
|
40 | * @deprecated Use `preSharedKeySecret` instead
|
41 | */
|
42 | readonly preSharedKey?: string;
|
43 | /**
|
44 | * The pre-shared key (PSK) to establish initial authentication between the
|
45 | * virtual private gateway and customer gateway. Allowed characters are
|
46 | * alphanumeric characters period `.` and underscores `_`. Must be between 8
|
47 | * and 64 characters in length and cannot start with zero (0).
|
48 | *
|
49 | * @default an Amazon generated pre-shared key
|
50 | */
|
51 | readonly preSharedKeySecret?: SecretValue;
|
52 | /**
|
53 | * The range of inside IP addresses for the tunnel. Any specified CIDR blocks must be
|
54 | * unique across all VPN connections that use the same virtual private gateway.
|
55 | * A size /30 CIDR block from the 169.254.0.0/16 range.
|
56 | *
|
57 | * @default an Amazon generated inside IP CIDR
|
58 | */
|
59 | readonly tunnelInsideCidr?: string;
|
60 | }
|
61 | export interface VpnConnectionOptions {
|
62 | /**
|
63 | * The ip address of the customer gateway.
|
64 | */
|
65 | readonly ip: string;
|
66 | /**
|
67 | * The ASN of the customer gateway.
|
68 | *
|
69 | * @default 65000
|
70 | */
|
71 | readonly asn?: number;
|
72 | /**
|
73 | * The static routes to be routed from the VPN gateway to the customer gateway.
|
74 | *
|
75 | * @default Dynamic routing (BGP)
|
76 | */
|
77 | readonly staticRoutes?: string[];
|
78 | /**
|
79 | * The tunnel options for the VPN connection. At most two elements (one per tunnel).
|
80 | * Duplicates not allowed.
|
81 | *
|
82 | * @default Amazon generated tunnel options
|
83 | */
|
84 | readonly tunnelOptions?: VpnTunnelOption[];
|
85 | }
|
86 | /**
|
87 | * The VpnGateway Properties
|
88 | */
|
89 | export interface VpnGatewayProps {
|
90 | /**
|
91 | * Default type ipsec.1
|
92 | */
|
93 | readonly type: string;
|
94 | /**
|
95 | * Explicitly specify an Asn or let aws pick an Asn for you.
|
96 | * @default 65000
|
97 | */
|
98 | readonly amazonSideAsn?: number;
|
99 | }
|
100 | /**
|
101 | * Options for the Vpc.enableVpnGateway() method
|
102 | */
|
103 | export interface EnableVpnGatewayOptions extends VpnGatewayProps {
|
104 | /**
|
105 | * Provide an array of subnets where the route propagation should be added.
|
106 | * @default noPropagation
|
107 | */
|
108 | readonly vpnRoutePropagation?: SubnetSelection[];
|
109 | }
|
110 | export interface VpnConnectionProps extends VpnConnectionOptions {
|
111 | /**
|
112 | * The VPC to connect to.
|
113 | */
|
114 | readonly vpc: IVpc;
|
115 | }
|
116 | /**
|
117 | * The VPN connection type.
|
118 | */
|
119 | export declare enum VpnConnectionType {
|
120 | /**
|
121 | * The IPsec 1 VPN connection type.
|
122 | */
|
123 | IPSEC_1 = "ipsec.1",
|
124 | /**
|
125 | * Dummy member
|
126 | * TODO: remove once https://github.com/aws/jsii/issues/231 is fixed
|
127 | */
|
128 | DUMMY = "dummy"
|
129 | }
|
130 | /**
|
131 | * The VPN Gateway that shall be added to the VPC
|
132 | *
|
133 | * @resource AWS::EC2::VPNGateway
|
134 | */
|
135 | export declare class VpnGateway extends Resource implements IVpnGateway {
|
136 | /**
|
137 | * The virtual private gateway Id
|
138 | */
|
139 | readonly gatewayId: string;
|
140 | constructor(scope: Construct, id: string, props: VpnGatewayProps);
|
141 | }
|
142 | /**
|
143 | * Define a VPN Connection
|
144 | *
|
145 | * @resource AWS::EC2::VPNConnection
|
146 | */
|
147 | export declare class VpnConnection extends Resource implements IVpnConnection {
|
148 | /**
|
149 | * Return the given named metric for all VPN connections in the account/region.
|
150 | */
|
151 | static metricAll(metricName: string, props?: cloudwatch.MetricOptions): cloudwatch.Metric;
|
152 | /**
|
153 | * Metric for the tunnel state of all VPN connections in the account/region.
|
154 | *
|
155 | * @default average over 5 minutes
|
156 | */
|
157 | static metricAllTunnelState(props?: cloudwatch.MetricOptions): cloudwatch.Metric;
|
158 | /**
|
159 | * Metric for the tunnel data in of all VPN connections in the account/region.
|
160 | *
|
161 | * @default sum over 5 minutes
|
162 | */
|
163 | static metricAllTunnelDataIn(props?: cloudwatch.MetricOptions): cloudwatch.Metric;
|
164 | /**
|
165 | * Metric for the tunnel data out of all VPN connections.
|
166 | *
|
167 | * @default sum over 5 minutes
|
168 | */
|
169 | static metricAllTunnelDataOut(props?: cloudwatch.MetricOptions): cloudwatch.Metric;
|
170 | readonly vpnId: string;
|
171 | readonly customerGatewayId: string;
|
172 | readonly customerGatewayIp: string;
|
173 | readonly customerGatewayAsn: number;
|
174 | constructor(scope: Construct, id: string, props: VpnConnectionProps);
|
175 | }
|
176 | export declare const RESERVED_TUNNEL_INSIDE_CIDR: string[];
|