package awsec2 // Options to add a gateway endpoint to a VPC. // // Example: // // Add gateway endpoints when creating the VPC // vpc := ec2.NewVpc(this, jsii.String("MyVpc"), &VpcProps{ // GatewayEndpoints: map[string]gatewayVpcEndpointOptions{ // "S3": &gatewayVpcEndpointOptions{ // "service": ec2.GatewayVpcEndpointAwsService_S3(), // }, // }, // }) // // // Alternatively gateway endpoints can be added on the VPC // dynamoDbEndpoint := vpc.addGatewayEndpoint(jsii.String("DynamoDbEndpoint"), &gatewayVpcEndpointOptions{ // Service: ec2.GatewayVpcEndpointAwsService_DYNAMODB(), // }) // // // This allows to customize the endpoint policy // dynamoDbEndpoint.AddToPolicy( // iam.NewPolicyStatement(&PolicyStatementProps{ // // Restrict to listing and describing tables // Principals: []iPrincipal{ // iam.NewAnyPrincipal(), // }, // Actions: []*string{ // jsii.String("dynamodb:DescribeTable"), // jsii.String("dynamodb:ListTables"), // }, // Resources: []*string{ // jsii.String("*"), // }, // })) // // // Add an interface endpoint // vpc.addInterfaceEndpoint(jsii.String("EcrDockerEndpoint"), &InterfaceVpcEndpointOptions{ // Service: ec2.InterfaceVpcEndpointAwsService_ECR_DOCKER(), // }) // type GatewayVpcEndpointOptions struct { // The service to use for this gateway VPC endpoint. Service IGatewayVpcEndpointService `field:"required" json:"service" yaml:"service"` // Where to add endpoint routing. // // By default, this endpoint will be routable from all subnets in the VPC. // Specify a list of subnet selection objects here to be more specific. // // Example: // var vpc vpc // // // vpc.addGatewayEndpoint(jsii.String("DynamoDbEndpoint"), &GatewayVpcEndpointOptions{ // Service: ec2.GatewayVpcEndpointAwsService_DYNAMODB(), // // Add only to ISOLATED subnets // Subnets: []subnetSelection{ // &subnetSelection{ // SubnetType: ec2.SubnetType_PRIVATE_ISOLATED, // }, // }, // }) // Subnets *[]*SubnetSelection `field:"optional" json:"subnets" yaml:"subnets"` }