Readonly
cidrs(OPTIONAL) A list of CIDRs to associate with the VPC.
CAUTION: Changing or removing an existing CIDR value after initial deployment causes the VPC to be recreated. Please be aware that any downstream dependencies may cause this property update to fail. You can add additional CIDRs to the VPC without this recreation occurring.
NOTE: Expanding a VPC with additional CIDRs is subject to these restrictions.
At least one CIDR should be
provided if not using ipamAllocations
.
Use CIDR notation, i.e. 10.0.0.0/16
Readonly
default(OPTIONAL) Determine if the all traffic ingress and egress rules are deleted in the default security group of a VPC.
If the defaultSecurityGroupRulesDeletion
parameter is set to true
, the solution
will proceed in removing the default ingress and egress All Traffic (0.0.0.0/0) for that
respective VPC's default security group.
Readonly
deploymentVPC deployment targets.
Targets can be account names and/or organizational units.
The excludedRegions
property is ignored for VPC templates,
as a VPC template can only be deployed to a single region.
Readonly
dhcp(OPTIONAL) The friendly name of a custom DHCP options set.
This is the logical name
property of the DHCP options set as defined in network-config.yaml.
Readonly
dns(OPTIONAL) An array of DNS firewall VPC association configurations. Use this property to associate Route 53 resolver DNS firewall rule groups with the VPC.
The DNS firewall rule groups must be deployed in the same region of the VPC and shareTargets
must
be configured to capture the account(s)/OU(s) that this VPC template is deployed to. If deploying this VPC to the delegated
admin account, shareTargets
is not required for that account.
Readonly
enableEnable DNS hostname support for the VPC.
https://docs.aws.amazon.com/vpc/latest/userguide/vpc-dns.html
Readonly
enableReadonly
gateway(OPTIONAL) An array of gateway endpoints for the VPC. Use this property to define S3 or DynamoDB gateway endpoints for the VPC.
Readonly
instance(OPTIONAL) Define instance tenancy for the VPC. The default value is default
.
https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/dedicated-instance.html
Readonly
interface(OPTIONAL) A list of VPC interface endpoints. Use this property to define VPC interface endpoints for the VPC.
Readonly
internetDefines if an internet gateway should be added to the VPC
Readonly
ipam(OPTIONAL) An array of IPAM allocation configurations.
CAUTION: Changing or removing an existing IPAM allocation value after initial deployment causes the VPC to be recreated. Please be aware that any downstream dependencies may cause this property update to fail. You can add additional IPAM allocations to the VPC without this recreation occurring.
NOTE: Expanding a VPC with additional CIDRs is subject to these restrictions.
IPAM pools defined in network-config.yaml must be deployed to the same region of the VPC and shareTargets
must
be configured to capture the account(s)/OU(s) that this VPC template is deployed to. If deploying this VPC to the delegated
admin account, shareTargets
is not required for that account.
Readonly
loadElastic Load Balancing configuration. Use this property to define Elastic Load Balancers for this VPC.
Readonly
nameThe friendly name of the VPC.
The value of this property will be utilized as the logical id for this resource. Any references to this object should specify this value.
CAUTION: Changing this property value after initial deployment causes the VPC to be recreated. Please be aware that any downstream dependencies may cause this property update to fail.
Readonly
nat(OPTIONAL) An array of NAT gateway configurations for the VPC. Use this property to configure the NAT gateways for the VPC.
Readonly
network(OPTIONAL) A list of Network Access Control Lists (ACLs) to deploy for this VPC
undefined
Readonly
query(OPTIONAL) A list of DNS query log configuration names.
This is the logical name
property of the Route 53 resolver query logs configuration as defined
in network-config.yaml. The shareTargets
property must be configured to capture the account(s)/OUs that
this VPC template is deployed to. If deploying this VPC to the delegated admin account, shareTargets
is not required for that account.
Readonly
regionThe AWS region to deploy the VPCs to
Readonly
resolver(OPTIONAL) A list of Route 53 resolver rule names.
This is the logical name
property of the Route 53 resolver rules configuration as defined
in network-config.yaml. The shareTargets
property must be configured to capture the account(s)/OUs that
this VPC template is deployed to. If deploying this VPC to the delegated admin account, shareTargets
is not required for that account.
Readonly
route(OPTIONAL) An array of route table configurations for the VPC. Use this property to configure the route tables for the VPC.
Readonly
security(OPTIONAL) A list of Security Groups to deploy for this VPC
undefined
Readonly
subnets(OPTIONAL) An array of subnet configurations for the VPC. Use this property to configure the subnets for the VPC.
Readonly
tags(OPTIONAL) A list of tags to apply to this VPC
undefined
Readonly
targetTarget group configuration. Use this property to define target groups for this VPC.
Readonly
transit(OPTIONAL) An array of Transit Gateway attachment configurations. Use this property to configure the Transit Gateway attachments for the VPC.
Readonly
use(OPTIONAL) When set to true, this VPC will be configured to utilize centralized endpoints. This includes having the Route 53 Private Hosted Zone associated with this VPC. Centralized endpoints are configured per region, and can span to spoke accounts
false
A VPC deployed in the same region as this VPC in network-config.yaml must be configured with InterfaceEndpointConfig
central
property set to true
to utilize centralized endpoints.
Readonly
virtual(OPTIONAL) Virtual Private Gateway configuration. Use this property to configure a Virtual Private Gateway for the VPC.
undefined
Readonly
vpcVPC flog log configuration. Use this property to define a VPC-specific VPC flow logs configuration.
If defined, this configuration is preferred over a global VPC flow logs configuration.
Generated using TypeDoc
NetworkConfig / VpcTemplatesConfig
Virtual Private Cloud (VPC) templates configuration. Use this configuration to define a VPC using a standard configuration that is deployed to multiple account(s)/OU(s) defined using a
deploymentTargets
property. With Amazon Virtual Private Cloud (Amazon VPC), you can launch AWS resources in a logically isolated virtual network that you've defined. This virtual network closely resembles a traditional network that you'd operate in your own data center, with the benefits of using the scalable infrastructure of AWS.Static CIDR:
IPAM allocation: