import * as cdk from 'aws-cdk-lib'; import { aws_ec2 as ec2, aws_s3 as s3, custom_resources as cr, aws_route53 as r53, aws_networkfirewall as firewall, aws_route53 as route53 } from 'aws-cdk-lib'; import * as constructs from 'constructs'; import { R53Resolverendpoints, OutboundForwardingRule } from '../dns/dnsResolvers'; import { HubVpc } from '../dns/enterpriseZone'; export interface AddEnterprizeZoneProps { readonly domainname: string; readonly hubVpcs: HubVpc[]; readonly isHubVpc?: boolean | undefined; } export interface ESubnetGroup { readonly name: string; readonly subnetType: ec2.SubnetType; readonly cidrMask: number; } export interface ESubnetGroupProps { readonly name: string; readonly subnetType: ec2.SubnetType; readonly cidrMask: number; } export declare class SubnetGroup extends constructs.Construct { subnet: ESubnetGroup; constructor(scope: constructs.Construct, id: string, props: ESubnetGroupProps); } export interface AddAwsServiceEndPointsProps { readonly services: ec2.InterfaceVpcEndpointAwsService[]; readonly subnetGroup: SubnetGroup; readonly dynamoDbGateway?: boolean | undefined; readonly s3GatewayInterface?: boolean | undefined; } export declare enum SubnetWildCards { ALLSUBNETS = "ALLSUBNETS" } export interface Route { readonly cidr?: string; readonly subnet?: SubnetGroup | SubnetWildCards; readonly destination: Destination; readonly description: string; } export interface RouterGroup { readonly subnetGroup: SubnetGroup; readonly routes: Route[]; } export interface ShareSubnetGroupProps { readonly subnetGroup: SubnetGroup; readonly accounts: string[]; } export interface AddR53ZoneProps { readonly zone: string; readonly centralVpc?: ec2.Vpc | undefined; } /** Properties for flow logs **/ export interface FlowLogProps { /** the central s3 location for enterprise flow logs */ readonly bucket: s3.IBucket; /** 1 minute resolution */ readonly oneMinuteFlowLogs?: boolean; /** create in Account Athena Querys for flow logs*/ readonly localAthenaQuerys?: boolean; } /** Propertys for Attaching to a Cloudwan Core Network */ export interface AttachToCloudWanProps { /** corenetworkName */ readonly coreNetworkName: string; readonly segmentName: string; readonly attachmentSubnetGroup?: string | undefined; readonly applianceMode?: boolean | undefined; } /** * Propertys for Appliance Mode */ export declare enum ApplianceMode { /** enable Connecting VPC to TransitGateway in Appliance Mode */ ENABLED = "enable" } /** * Propertys to attach the Vpc To Transit Gateway */ export interface AttachToTransitGatewayProps { /** the TransitGateway to connect to */ readonly transitGateway: ec2.CfnTransitGateway; /** Will this be connected in appliance mode ( used if you have Network Firewalls ) */ readonly applicanceMode?: ApplianceMode | undefined; readonly attachmentSubnetGroup?: string | undefined; } export interface AddCoreRoutesProps { readonly policyTableArn: string; readonly segments: string[]; readonly destinationCidrBlocks: string[]; readonly description: string; readonly coreName: string; readonly attachmentId: string; } /** * Propertys for Adding Routes in VPC. */ export interface AddRoutesProps { readonly cidr: string[]; readonly description: string; readonly subnetGroups: string[]; readonly destination: Destination; readonly networkFirewallArn?: string | undefined; readonly cloudwanName?: string | undefined; } export interface CloudWanRoutingProtocolProps { readonly subnetGroups: string[]; readonly acceptRouteFilter?: string[] | undefined; readonly denyRouteFilter?: string[] | undefined; } /** * The Destinations for Adding Routes */ export declare enum Destination { /** route to the cloudwan that the vpc is attached to */ CLOUDWAN = "Cloudwan", /** route to the transitGateway that the vpc is attached to */ TRANSITGATEWAY = "TransitGateway", NWFIREWALL = "NetworkFirewall" } export interface PrefixCidr { readonly cidr: string; } export interface EvpcProps extends ec2.VpcProps { readonly subnetGroups?: SubnetGroup[]; } /** Propertys for an Enterprise VPC */ export interface EnterpriseVpcProps { readonly vpc?: ec2.Vpc | ec2.IVpc; readonly evpc?: EvpcProps; } /** * Enteprise VPC's take the stock ec2.Vpc and provide numerous convience methods primarly related to * connecting to internal networks */ export declare class EnterpriseVpc extends constructs.Construct { /** * AttachmentId when the vpc is attached to a Cloudwan */ cloudWanVpcAttachmentId: string | undefined; /** * AttachmentId when the vpc is attached to a transitGateway */ transitGWAttachmentID: string | undefined; /** * The Id of the transitgateway that the VPC is attached to */ transitGWID: string | undefined; /** * the Name of the cloudwan that the VPC is attached to */ cloudWanName: string | undefined; /** * the Name of the Cloudwan segment that the vpc is attached to */ cloudWanSegment: string | undefined; /** * the ec2.Vpc that is passed in as property */ readonly vpc: ec2.Vpc | ec2.IVpc; readonly addRoutesProvider: cr.Provider; readonly tgWaiterProvider: cr.Provider; readonly attachToCloudwanProvider: cr.Provider; vpcAttachmentCR: cdk.CustomResource | undefined; vpcAttachmentId: string | undefined; vpcAttachmentSegmentName: string | undefined; cloudWanCoreId: string | undefined; subnetConfiguration: SubnetGroup[]; firewallArn: string | undefined; r53endpointResolvers: R53Resolverendpoints | undefined; /** * * @param scope * @param id * @param props */ constructor(scope: constructs.Construct, id: string, props: EnterpriseVpcProps); associateSharedResolverRules(domainNames: string[]): void; createAndAttachR53EnterprizeZone(props: AddEnterprizeZoneProps): route53.PrivateHostedZone; createAndAttachR53PrivateZone(zoneName: string): r53.PrivateHostedZone; attachAWSManagedDNSFirewallRules(): void; /** * Add a collection of service endpopints to the VPC * @param props */ addServiceEndpoints(props: AddAwsServiceEndPointsProps): void; addNetworkFirewall(firewallName: string, firewallPolicy: firewall.CfnFirewallPolicy, subnet: SubnetGroup): void; addPrivateHostedZone(zonename: string): r53.HostedZone; addR53Resolvers(subnet: SubnetGroup): R53Resolverendpoints; addCentralResolverRules(domains: string[], searchTag?: cdk.Tag | undefined): void; addConditionalFowardingRules(forwardingRules: OutboundForwardingRule[]): void; addCrossAccountR53AssociationRole(rolename?: string | undefined): void; /** * This is a convience method to present the routing for the Vpc in a simpler format, * than the addRoutes Method, which it calls. * @param routerGroups */ router(routerGroups: RouterGroup[]): void; createAndShareSubnetPrefixList(name: string, subnets: ec2.SubnetSelection, orgArn: string): ec2.CfnPrefixList; /** * Create Enterprise VPC Flow Logs (to central log account) and advanced diagnostics with Athena Querys * @param props */ createFlowLog(props: FlowLogProps): void; /** * attachToCloudWan will attach a VPC to CloudWan, in a particular Segment. * @param props */ attachToCloudWan(props: AttachToCloudWanProps): string; /** * Attach a vpc to a transit gateway, possibly in appliance mode * Its intended purpose is provide a * @param props */ attachToTransitGateway(props: AttachToTransitGatewayProps): string; /** * Share a subnetGroup with another AWS Account. * @param props ShareSubnetGroup */ shareSubnetGroup(props: ShareSubnetGroupProps): void; /** * Enable CloudWanRoutingProtocol * @param props */ cloudWanRoutingProtocol(props: CloudWanRoutingProtocolProps): void; /** * Add routes to SubnetGroups ( by implication their routing tables ) * @param props */ addRoutes(props: AddRoutesProps): void; addR53Zone(props: AddR53ZoneProps): void; addCoreRoutes(props: AddCoreRoutesProps): void; }