def _create_from_arguments(self, name, number_of_availability_zones): # type: (str, int) -> None """ Creates a new Network from the constructor arguments (i.e. not from a VPC that already exists). :param name: The name of the new network :param number_of_availability_zones: The number of AZs to create subnets in :return: None """ number_of_availability_zones = number_of_availability_zones or 2 if number_of_availability_zones < 1 or number_of_availability_zones >= 4: raise RunError( "Unsupported number of available zones for Network: " + str(number_of_availability_zones)) self.use_private_subnets = self.use_private_subnets or False vpc = ec2.Vpc(name, cidr_block="10.10.0.0/16", enable_dns_hostnames=True, enable_dns_support=True, tags={ "Name": name, }, __opts__=ResourceOptions(parent=self)) self.vpc_id = vpc.id self.security_group_ids = [vpc.default_security_group_id] internet_gateway = ec2.InternetGateway( name, vpc_id=vpc.id, tags={ "Name": name, }, __opts__=ResourceOptions(parent=self)) public_route_table = ec2.RouteTable( name, vpc_id=vpc.id, routes=[{ "cidrBlock": "0.0.0.0/0", "gatewayId": internet_gateway.id }], tags={"Name": name}, __opts__=ResourceOptions(parent=self)) self.subnet_ids = [] self.public_subnet_ids = [] for i in range(number_of_availability_zones): route_table, subnet = self._create_subnet(name, public_route_table, i) # pylint: disable=unused-variable route_table_association = ec2.RouteTableAssociation( "%s-%d" % (name, i), subnet_id=subnet.id, route_table_id=route_table.id, __opts__=ResourceOptions(parent=self)) self.subnet_ids.append(subnet.id)
def main(): myvpc = ec2.Vpc("Pulumi VPC", assign_generated_ipv6_cidr_block='False', cidr_block=vpc_cidr, enable_dns_hostnames='True', enable_dns_support='True', tags={"Name": "Pulumi Vpc"}) pubsubneta = subnet(vpc_network + '.0.0/24', 'a', myvpc, 'True') pubsubnetb = subnet(vpc_network + '.1.0/24', 'b', myvpc, 'True') pubsubnetc = subnet(vpc_network + '.2.0/24', 'c', myvpc, 'True') privsubneta = subnet(vpc_network + '.4.0/24', 'a', myvpc, 'False') privsubnetb = subnet(vpc_network + '.5.0/24', 'b', myvpc, 'False') privsubnetc = subnet(vpc_network + '.6.0/24', 'c', myvpc, 'False') dbsubneta = dbsubnet(vpc_network + '.8.0/24', 'a', myvpc) dbsubnetb = dbsubnet(vpc_network + '.9.0/24', 'b', myvpc) dbsubnetc = dbsubnet(vpc_network + '.10.0/24', 'c', myvpc) igw = ec2.InternetGateway("Pulumi IGW", tags={"Name": "Pulumi IGW"}, vpc_id=myvpc) publicAcl(myvpc) rtpublic = routeTablePub(myvpc, igw)
def _create_public_subnet_route_table(self, vpcid): # create the public subnet for the NAT ig_name = "%s-ig" % self.name internet_gateway = ec2.InternetGateway( ig_name, vpc_id=vpcid, tags=self.vpc_tags, __opts__=ResourceOptions(parent=self)) rt_name = "%s-public-rt" % self.name public_route_table = ec2.RouteTable( rt_name, vpc_id=vpcid, routes=[{ "cidrBlock": "0.0.0.0/0", "gatewayId": internet_gateway.id }], __opts__=ResourceOptions(parent=self)) return public_route_table.id
def __init__(self): resource_specs = ParseYAML(resource_type).getSpecs() aws_vpc_id = VPCs.VPCId() for igw_name, igw_configuration in resource_specs.items(): # AWS Internet Gateway Variables resource_name = igw_name resource_vpc = igw_configuration["vpc"] resource_tags = None resource_tags = igw_configuration["tags"] if "tags" in igw_configuration else None this_vpc = aws_vpc_id[str(resource_vpc)] # Getting list of tags from configuration file tags_list = {} if resource_tags is not None: for each_tag_name, each_tag_value in resource_tags.items(): tags_list.update({each_tag_name: each_tag_value}) # Adding mandatory tags tags_list.update({"Name": resource_name}) tags_list.update({"Project/Stack": pulumi.get_project() + "/" + pulumi.get_stack()}) tags_list.update(resource_mandatory_tags) aws_igw = igw.InternetGateway( resource_name, vpc_id = this_vpc, tags = resource_tags ) igw_ids_dict.update({aws_igw._name: aws_igw.id}) # Export the name of each Internet Gateway pulumi.export(aws_igw._name, aws_igw.id)
from pulumi_aws import config, ec2, get_availability_zones ## VPC vpc = ec2.Vpc('eks-vpc', cidr_block='10.100.0.0/16', instance_tenancy='default', enable_dns_hostnames=True, enable_dns_support=True, tags={'Name': 'pulumi-eks-vpc'}) igw = ec2.InternetGateway('vpc-ig', vpc_id=vpc.id, tags={'Name': 'pulumi-vpc-ig'}) eks_route_table = ec2.RouteTable('vpc-route-table', vpc_id=vpc.id, routes=[{ 'cidr_block': '0.0.0.0/0', 'gateway_id': igw.id }], tags={'Name': 'pulumi-vpc-rt'}) ## Subnets, one for each AZ in a region zones = get_availability_zones() subnet_ids = [] for zone in zones.names: vpc_subnet = ec2.Subnet(f'vpc-subnet-{zone}', assign_ipv6_address_on_creation=False,
_az1 = 'us-west-2b' _az2 = 'us-west-2c' _instance_type = 't2.micro' _key_name = 'sl-us-west-2' vpc = ec2.Vpc(resource_name='new-vpc', cidr_block='10.0.0.0/16', tags={ 'Name': 'infra vpc (front-back-autoscaling)', 'Creator': 'timc' }) igw = ec2.InternetGateway( resource_name='new-igw', vpc_id=vpc.id, tags={ 'Name': 'infra internet gateway (front-back-autoscaling)', 'Creator': 'timc' }) public_subnet_1 = ec2.Subnet( resource_name='new-public-subnet-1', vpc_id=vpc.id, cidr_block='10.0.0.0/24', availability_zone=_az1, tags={ 'Name': 'infra public subnet (front-back-autoscaling)', 'Creator': 'timc' }) public_subnet_2 = ec2.Subnet(
vpc = ec2.Vpc( 'eks-vpc', cidr_block='10.100.0.0/16', instance_tenancy='default', enable_dns_hostnames=True, enable_dns_support=True, tags={ 'Name': 'template-eks-vpc', }, ) igw = ec2.InternetGateway( 'vpc-ig', vpc_id=vpc.id, tags={ 'Name': 'template-vpc-ig', }, ) eks_route_table = ec2.RouteTable( 'vpc-route-table', vpc_id=vpc.id, routes=[ ec2.RouteTableRouteArgs( cidr_block='0.0.0.0/0', gateway_id=igw.id, ) ], tags={ 'Name': 'template-vpc-rt',
def __init__(self, name: str, args: VpcArgs, opts: ResourceOptions = None): super().__init__('custom:resource:VPC', name, {}, opts) vpc_name = name + '-vpc' self.vpc = ec2.Vpc(vpc_name, cidr_block=args.cidr_block, instance_tenancy=args.instance_tenancy, enable_dns_hostnames=args.enable_dns_hostnames, enable_dns_support=args.enable_dns_support, tags={'Name': vpc_name}, opts=ResourceOptions(parent=self)) igw_name = name + '-igw' self.igw = ec2.InternetGateway(igw_name, vpc_id=self.vpc.id, tags={'Name': igw_name}, opts=ResourceOptions(parent=self)) rt_name = name + '-rt' self.route_table = ec2.RouteTable(rt_name, vpc_id=self.vpc.id, routes=[ ec2.RouteTableRouteArgs( cidr_block='0.0.0.0/0', gateway_id=self.igw.id, ) ], tags={'Name': rt_name}, opts=ResourceOptions(parent=self)) # Subnets, at least across two zones. all_zones = get_availability_zones() # limiting to 2 zones for speed and to meet minimal requirements. zone_names = [all_zones.names[0], all_zones.names[1]] self.subnets = [] subnet_name_base = f'{name}-subnet' for zone in zone_names: vpc_subnet = ec2.Subnet( f'{subnet_name_base}-{zone}', assign_ipv6_address_on_creation=False, vpc_id=self.vpc.id, map_public_ip_on_launch=True, cidr_block=f'10.100.{len(self.subnets)}.0/24', availability_zone=zone, tags={ 'Name': f'{subnet_name_base}-{zone}', }, opts=ResourceOptions(parent=self)) ec2.RouteTableAssociation(f'vpc-route-table-assoc-{zone}', route_table_id=self.route_table.id, subnet_id=vpc_subnet.id, opts=ResourceOptions(parent=self)) self.subnets.append(vpc_subnet) # Security Groups rds_sg_name = f'{name}-rds-sg' self.rds_security_group = ec2.SecurityGroup( rds_sg_name, vpc_id=self.vpc.id, description='Allow client access.', tags={'Name': rds_sg_name}, ingress=[ ec2.SecurityGroupIngressArgs(cidr_blocks=['0.0.0.0/0'], from_port=3306, to_port=3306, protocol='tcp', description='Allow rds access.'), ], egress=[ ec2.SecurityGroupEgressArgs( protocol='-1', from_port=0, to_port=0, cidr_blocks=['0.0.0.0/0'], ) ], opts=ResourceOptions(parent=self)) fe_sg_name = f'{name}-fe-sg' self.fe_security_group = ec2.SecurityGroup( fe_sg_name, vpc_id=self.vpc.id, description='Allow all HTTP(s) traffic.', tags={'Name': fe_sg_name}, ingress=[ ec2.SecurityGroupIngressArgs(cidr_blocks=['0.0.0.0/0'], from_port=443, to_port=443, protocol='tcp', description='Allow https.'), ec2.SecurityGroupIngressArgs(cidr_blocks=['0.0.0.0/0'], from_port=80, to_port=80, protocol='tcp', description='Allow http access'), ], egress=[ ec2.SecurityGroupEgressArgs( protocol='-1', from_port=0, to_port=0, cidr_blocks=['0.0.0.0/0'], ) ], opts=ResourceOptions(parent=self)) self.register_outputs({})
import utils # read local config settings config = pulumi.Config() private_subnet_cidrs = config.require_object("private_subnet_cidrs") public_subnet_cidrs = config.require_object("public_subnet_cidrs") zones_amount = config.require_int("zones_amount") zones = utils.get_aws_az(zones_amount) vpc = ec2.Vpc("pulumi-vpc", cidr_block=config.require("vpc_cidr"), tags={"Name": "pulumi-vpc"}) igw = ec2.InternetGateway("pulumi-igw", vpc_id=vpc.id) public_rt = ec2.RouteTable( "pulumi-public-rt", vpc_id=vpc.id, routes=[{ "cidr_block": "0.0.0.0/0", "gateway_id": igw.id }], tags={"Name": "pulumi-public-rt"}, ) public_subnet_ids = [] private_subnet_ids = [] for zone, public_subnet_cidr, private_subnet_cidr in zip(
# `t2.micro` is an unsupported instance type. So about one time in four, when # creating a new stack, Pulumi chooses an AZ and everything fails. _availability_zone = 'us-west-2b' _instance_type = 't2.micro' vpc = ec2.Vpc(resource_name='new-vpc', cidr_block='10.0.0.0/16', tags={ 'Name': 'infra vpc', 'Creator': 'timc' }) igw = ec2.InternetGateway(resource_name='new-igw', vpc_id=vpc.id, tags={ 'Name': 'infra internet gateway', 'Creator': 'timc' }) subnet = ec2.Subnet(resource_name='new-subnet', vpc_id=vpc.id, cidr_block='10.0.0.0/20', availability_zone=_availability_zone, tags={ 'Name': 'infra subnet', 'Creator': 'timc' }) # https://pulumi.io/reference/pkg/nodejs/@pulumi/aws/ec2/#RouteTableArgs-routes # FIXED! s/destination_cidr_block/cidr_block/g
def setup_vpc(): # Create a VPC vpc_config = Config().require_object("vpc_config") vpc = ec2.Vpc("chatapp-vpc", cidr_block=vpc_config['cidr'], enable_dns_hostnames=True, enable_dns_support=True) # Create public subnet to place NGW public_subnet = ec2.Subnet("PublicSubnet", vpc_id=vpc.id, cidr_block=vpc_config['public_subnet_cidr'], availability_zone="ap-southeast-1a") # Create private subnets 1 and 2 for rds and redis clusters private_subnet_1 = ec2.Subnet( "PrivateSubnet1", vpc_id=vpc.id, cidr_block=vpc_config['private_subnet_1_cidr'], availability_zone="ap-southeast-1b") private_subnet_2 = ec2.Subnet( "PrivateSubnet2", vpc_id=vpc.id, cidr_block=vpc_config['private_subnet_2_cidr'], availability_zone="ap-southeast-1c") # Create internet gateway inet_gw = ec2.InternetGateway( "inet-gateway", vpc_id=vpc.id, ) # create NAT gateway elastic_ip = ec2.Eip("eip1", opts=ResourceOptions(delete_before_replace=True)) nat_gw = ec2.NatGateway("nat-gateway", subnet_id=public_subnet.id, allocation_id=elastic_ip.id) # Create private routed route-table private_subnet_route_table = ec2.RouteTable("privatesubnetroutetable", routes=[{ "cidr_block": "0.0.0.0/0", "gateway_id": nat_gw.id }], vpc_id=vpc.id) # Create public routed route-table public_subnet_route_table = ec2.RouteTable("publicsubnetroutetable", routes=[{ "cidr_block": "0.0.0.0/0", "gateway_id": inet_gw.id }], vpc_id=vpc.id) # Attach route tables to subnets ec2.RouteTableAssociation("PrivateSubnetRT1", subnet_id=private_subnet_1.id, route_table_id=private_subnet_route_table.id) ec2.RouteTableAssociation("PrivateSubnetRT2", subnet_id=private_subnet_2.id, route_table_id=private_subnet_route_table.id) ec2.RouteTableAssociation("PublicSubnetRT", subnet_id=public_subnet.id, route_table_id=public_subnet_route_table.id) return dict(vpc=vpc, private_subnets=[private_subnet_1, private_subnet_2])
## EC2 eip = ec2.Eip("myeip") security_group = ec2.SecurityGroup("mysecuritygroup", ingress=[ ec2.SecurityGroupIngressArgs( protocol="tcp", from_port=80, to_port=80, cidr_blocks=["0.0.0.0/0"]) ]) vpc = ec2.Vpc("myvpc", cidr_block="10.0.0.0/16") igw = ec2.InternetGateway("myinternetgateway", vpc_id=vpc.id) public_route_table = ec2.RouteTable("myroutetable", routes=[ ec2.RouteTableRouteArgs( cidr_block="0.0.0.0/0", gateway_id=igw.id) ], vpc_id=vpc.id) ## ECR repository = ecr.Repository("myrepository") repository_policy = ecr.RepositoryPolicy( "myrepositorypolicy",
client = boto3.client('ec2', region_name=region) vpc = ec2.Vpc( resource_name=f'{APP}-vpc', cidr_block=cidr, enable_dns_hostnames=aws_dns, enable_dns_support=aws_dns, instance_tenancy='default', tags={ 'Name': APP, 'Environment': _env } ) igw = ec2.InternetGateway( resource_name=f'{APP}-igw', vpc_id=vpc.id ) azs_response = client.describe_availability_zones( Filters=[ { 'Name': 'region-name', 'Values': [region] }, { 'Name': 'state', 'Values': ['available'] } ] )
def __init__(self, name: str, args: VpcArgs, opts: pulumi.ResourceOptions = None): """ Constructs a Vpc. :param name: The Pulumi resource name. Child resource names are constructed based on this. :param args: A VpcArgs object containing the arguments for VPC constructin. :param opts: A pulumi.ResourceOptions object. """ super().__init__('Vpc', name, None, opts) # Make base info available to other methods self.name = name self.description = args.description self.base_tags = args.base_tags # Create VPC and Internet Gateway resources self.vpc = ec2.Vpc(f"{name}-vpc", cidr_block=args.base_cidr, enable_dns_hostnames=True, enable_dns_support=True, tags={ **args.base_tags, "Name": f"{args.description} VPC" }, opts=pulumi.ResourceOptions(parent=self, )) self.internet_gateway = ec2.InternetGateway( f"{name}-igw", vpc_id=self.vpc.id, tags={ **args.base_tags, "Name": f"{args.description} VPC Internet Gateway" }, opts=pulumi.ResourceOptions(parent=self.vpc, )) # Calculate subnet CIDR blocks and create subnets subnet_distributor = SubnetDistributor( args.base_cidr, len(args.availability_zone_names)) self.public_subnets = [ ec2.Subnet(f"{name}-public-subnet-{i}", vpc_id=self.vpc.id, cidr_block=cidr, availability_zone=args.availability_zone_names[i], map_public_ip_on_launch=True, tags={ **args.base_tags, "Name": f"${args.description} Public Subnet {i}" }, opts=pulumi.ResourceOptions(parent=self.vpc, )) for i, cidr in enumerate(subnet_distributor.public_subnets) ] self.private_subnets = [ ec2.Subnet(f"{name}-private-subnet-{i}", vpc_id=self.vpc.id, cidr_block=cidr, availability_zone=args.availability_zone_names[i], tags={ **args.base_tags, "Name": f"${args.description} Private Subnet {i}" }, opts=pulumi.ResourceOptions(parent=self.vpc, )) for i, cidr in enumerate(subnet_distributor.private_subnets) ] # Adopt the default route table for this VPC and adapt it for use with public subnets self.public_route_table = ec2.DefaultRouteTable( f"{name}-public-rt", default_route_table_id=self.vpc.default_route_table_id, tags={ **args.base_tags, "Name": f"${args.description} Public Route Table" }, opts=pulumi.ResourceOptions(parent=self.vpc, )) ec2.Route(f"{name}-route-public-sn-to-ig", route_table_id=self.public_route_table.id, destination_cidr_block="0.0.0.0/0", gateway_id=self.internet_gateway.id, opts=pulumi.ResourceOptions(parent=self.public_route_table)) for i, subnet in enumerate(self.public_subnets): ec2.RouteTableAssociation( f"{name}-public-rta-{i + 1}", subnet_id=subnet.id, route_table_id=self.public_route_table, opts=pulumi.ResourceOptions(parent=self.public_route_table)) self.nat_elastic_ip_addresses: [ec2.Eip] = list() self.nat_gateways: [ec2.NatGateway] = list() self.private_route_tables: [ec2.RouteTable] = list() # Create a NAT Gateway and appropriate route table for each private subnet for i, subnet in enumerate(self.private_subnets): self.nat_elastic_ip_addresses.append( ec2.Eip(f"{name}-nat-{i + 1}", tags={ **args.base_tags, "Name": f"{args.description} NAT Gateway EIP {i + 1}" }, opts=pulumi.ResourceOptions(parent=subnet))) self.nat_gateways.append( ec2.NatGateway( f"{name}-nat-gateway-{i + 1}", allocation_id=self.nat_elastic_ip_addresses[i].id, subnet_id=self.public_subnets[i].id, tags={ **args.base_tags, "Name": f"{args.description} NAT Gateway {i + 1}" }, opts=pulumi.ResourceOptions(parent=subnet))) self.private_route_tables.append( ec2.RouteTable(f"{name}-private-rt-{i + 1}", vpc_id=self.vpc.id, tags={ **args.base_tags, "Name": f"{args.description} Private RT {i + 1}" }, opts=pulumi.ResourceOptions(parent=subnet))) ec2.Route(f"{name}-route-private-sn-to-nat-{i + 1}", route_table_id=self.private_route_tables[i].id, destination_cidr_block="0.0.0.0/0", nat_gateway_id=self.nat_gateways[i].id, opts=pulumi.ResourceOptions( parent=self.private_route_tables[i])) ec2.RouteTableAssociation( f"{name}-private-rta-{i + 1}", subnet_id=subnet.id, route_table_id=self.private_route_tables[i].id, opts=pulumi.ResourceOptions( parent=self.private_route_tables[i])) # Create S3 endpoint if necessary if args.create_s3_endpoint: ec2.VpcEndpoint(f"{name}-s3-endpoint", vpc_id=self.vpc.id, service_name=f"com.amazonaws.{config.region}.s3", route_table_ids=[ self.public_route_table.id, *[rt.id for rt in self.private_route_tables] ], opts=pulumi.ResourceOptions(parent=self.vpc)) # Create DynamoDB endpoint if necessary if args.create_dynamodb_endpoint: ec2.VpcEndpoint( f"{name}-dynamodb-endpoint", vpc_id=self.vpc.id, service_name=f"com.amazonaws.{config.region}.dynamodb", route_table_ids=[ self.public_route_table.id, *[rt.id for rt in self.private_route_tables] ], opts=pulumi.ResourceOptions(parent=self.vpc)) super().register_outputs({})
'to_port': '443', 'protocol': 'tcp', 'description': 'Allow pods to communicate with the cluster API Server.' }, { 'cidr_blocks': ["0.0.0.0/0"], 'from_port': '80', 'to_port': '80', 'protocol': 'tcp', 'description': 'Allow internet access to pods' }]) # https://aws.amazon.com/lambda/edge/ edge = ec2.InternetGateway('edge', vpc_id=vpc.id, tags={'Name': 'vpc'}) vpc_0_subnet = ec2.Subnet('vpc-0-subnet', assign_ipv6_address_on_creation=False, vpc_id=vpc.id, map_public_ip_on_launch=True, cidr_block='10.100.1.0/24', availability_zone='us-east-1b', tags={ 'Name': 'vpc-0-subnet', 'kubernetes.io/cluster/pulumi-kubeflow-ml': 'shared' }) vpc_1_subnet = ec2.Subnet('vpc-1-subnet', assign_ipv6_address_on_creation=False,
# Copyright 2016-2020, Pulumi Corporation. All rights reserved. import pulumi from pulumi import Output from pulumi_aws import applicationloadbalancing, get_availability_zones, ec2 vpc = ec2.Vpc('test', cidr_block="10.11.0.0/16", enable_dns_hostnames=True, enable_dns_support=True) internet_gateway = ec2.InternetGateway('test', vpc_id=vpc.id) route_table = ec2.RouteTable('test', vpc_id=vpc.id, routes=[ ec2.RouteTableRouteArgs( cidr_block="0.0.0.0/0", gateway_id=internet_gateway.id) ]) zones = Output.from_input(get_availability_zones()) zone_names = zones.apply(lambda zs: zs.names) subnet0 = ec2.Subnet( "test0", vpc_id=vpc.id, availability_zone=zone_names.apply(lambda names: names[0]), cidr_block="10.11.0.0/24", map_public_ip_on_launch=True)
def __init__( self, name, opts=None, ): super().__init__("nuage:aws:DevelopmentEnvironment:VPC", f"{name}VpcEnvironment", None, opts) vpc = ec2.Vpc( f"{name}Vpc", cidr_block="172.32.0.0/16", enable_dns_hostnames=True, enable_dns_support=True, ) subnet_1 = ec2.Subnet( f"{name}VpcSubnetA", availability_zone="eu-west-1a", vpc_id=vpc.id, cidr_block="172.32.0.0/20", opts=ResourceOptions(depends_on=[vpc]), ) subnet_2 = ec2.Subnet( f"{name}VpcSubnetB", availability_zone="eu-west-1b", vpc_id=vpc.id, cidr_block="172.32.16.0/20", opts=ResourceOptions(depends_on=[vpc]), ) subnet_3 = ec2.Subnet( f"{name}VpcSubnetC", availability_zone="eu-west-1c", vpc_id=vpc.id, cidr_block="172.32.32.0/20", opts=ResourceOptions(depends_on=[vpc]), ) private_subnet_1 = ec2.Subnet( f"{name}VpcPrivateSubnetA", availability_zone="eu-west-1a", vpc_id=vpc.id, cidr_block="172.32.48.0/20", opts=ResourceOptions(depends_on=[vpc]), ) security_group = ec2.SecurityGroup( f"{name}SecurityGroup", vpc_id=vpc.id, opts=ResourceOptions(depends_on=[vpc]), ) security_group_rule = ec2.SecurityGroupRule( f"{name}SSHRule", security_group_id=security_group.id, type="ingress", protocol="tcp", from_port=22, to_port=22, cidr_blocks=["0.0.0.0/0"], ) security_group_rule = ec2.SecurityGroupRule( f"{name}InboundRule", security_group_id=security_group.id, type="ingress", protocol="all", from_port=0, to_port=65535, source_security_group_id=security_group.id, ) security_group_rule = ec2.SecurityGroupRule( f"{name}OutboundRule", security_group_id=security_group.id, type="egress", protocol="all", from_port=0, to_port=65535, cidr_blocks=["0.0.0.0/0"], ) subnets = [subnet_1, subnet_2, subnet_3] gateway = ec2.InternetGateway( f"{name}InternetGateway", vpc_id=vpc.id, opts=ResourceOptions(depends_on=[vpc]), ) gateway_route = ec2.Route( f"{name}GatewayRoute", destination_cidr_block="0.0.0.0/0", gateway_id=gateway.id, route_table_id=vpc.default_route_table_id, ) elastic_ip = ec2.Eip(f"{name}Eip", vpc=True, opts=ResourceOptions(depends_on=[gateway])) nat_gateway = ec2.NatGateway( f"{name}NatGateway", subnet_id=subnet_1.id, allocation_id=elastic_ip.id, opts=ResourceOptions(depends_on=[subnet_1, elastic_ip]), ) private_route_table = ec2.RouteTable( f"{name}PrivateRouteTable", routes=[ { "cidr_block": "0.0.0.0/0", "nat_gateway_id": nat_gateway.id, }, ], vpc_id=vpc.id, opts=ResourceOptions(depends_on=[private_subnet_1]), ) private_route_table_assoc = ec2.RouteTableAssociation( f"{name}PrivateRouteTableAssoc", route_table_id=private_route_table.id, subnet_id=private_subnet_1.id, ) outputs = { "vpc": vpc, "security_group": security_group, "public_subnets": [subnet_1, subnet_2, subnet_3], "private_subnet": private_subnet_1, "nat_gateway": nat_gateway, } self.set_outputs(outputs)