Skip to content

Resource: awsVpc

Provides a VPC resource.

Example Usage

Basic usage:

/*Provider bindings are generated by running cdktf get.
See https://cdk.tf/provider-generation for more details.*/
import * as aws from "./.gen/providers/aws";
new aws.vpc.Vpc(this, "main", {
  cidrBlock: "10.0.0.0/16",
});

Basic usage with tags:

/*Provider bindings are generated by running cdktf get.
See https://cdk.tf/provider-generation for more details.*/
import * as aws from "./.gen/providers/aws";
new aws.vpc.Vpc(this, "main", {
  cidrBlock: "10.0.0.0/16",
  instanceTenancy: "default",
  tags: {
    Name: "main",
  },
});

VPC with CIDR from AWS IPAM:

/*Provider bindings are generated by running cdktf get.
See https://cdk.tf/provider-generation for more details.*/
import * as aws from "./.gen/providers/aws";
const dataAwsRegionCurrent = new aws.dataAwsRegion.DataAwsRegion(
  this,
  "current",
  {}
);
const awsVpcIpamTest = new aws.vpcIpam.VpcIpam(this, "test", {
  operatingRegions: [
    {
      regionName: dataAwsRegionCurrent.name,
    },
  ],
});
const awsVpcIpamPoolTest = new aws.vpcIpamPool.VpcIpamPool(this, "test_2", {
  addressFamily: "ipv4",
  ipamScopeId: awsVpcIpamTest.privateDefaultScopeId,
  locale: dataAwsRegionCurrent.name,
});
/*This allows the Terraform resource name to match the original name. You can remove the call if you don't need them to match.*/
awsVpcIpamPoolTest.overrideLogicalId("test");
const awsVpcIpamPoolCidrTest = new aws.vpcIpamPoolCidr.VpcIpamPoolCidr(
  this,
  "test_3",
  {
    cidr: "172.2.0.0/16",
    ipamPoolId: awsVpcIpamPoolTest.id,
  }
);
/*This allows the Terraform resource name to match the original name. You can remove the call if you don't need them to match.*/
awsVpcIpamPoolCidrTest.overrideLogicalId("test");
const awsVpcTest = new aws.vpc.Vpc(this, "test_4", {
  depends_on: [`\${${awsVpcIpamPoolCidrTest.fqn}}`],
  ipv4IpamPoolId: awsVpcIpamPoolTest.id,
  ipv4NetmaskLength: 28,
});
/*This allows the Terraform resource name to match the original name. You can remove the call if you don't need them to match.*/
awsVpcTest.overrideLogicalId("test");

Argument Reference

The following arguments are supported:

  • cidrBlock - (Optional) The IPv4 CIDR block for the VPC. CIDR can be explicitly set or it can be derived from IPAM using ipv4NetmaskLength.
  • instanceTenancy - (Optional) A tenancy option for instances launched into the VPC. Default is default, which ensures that EC2 instances launched in this VPC use the EC2 instance tenancy attribute specified when the EC2 instance is launched. The only other option is dedicated, which ensures that EC2 instances launched in this VPC are run on dedicated tenancy instances regardless of the tenancy attribute specified at launch. This has a dedicated per region fee of $2 per hour, plus an hourly per instance usage fee.
  • ipv4IpamPoolId - (Optional) The ID of an IPv4 IPAM pool you want to use for allocating this VPC's CIDR. IPAM is a VPC feature that you can use to automate your IP address management workflows including assigning, tracking, troubleshooting, and auditing IP addresses across AWS Regions and accounts. Using IPAM you can monitor IP address usage throughout your AWS Organization.
  • ipv4NetmaskLength - (Optional) The netmask length of the IPv4 CIDR you want to allocate to this VPC. Requires specifying a ipv4IpamPoolId.
  • ipv6CidrBlock - (Optional) IPv6 CIDR block to request from an IPAM Pool. Can be set explicitly or derived from IPAM using ipv6NetmaskLength.
  • ipv6IpamPoolId - (Optional) IPAM Pool ID for a IPv6 pool. Conflicts with assignGeneratedIpv6CidrBlock.
  • ipv6NetmaskLength - (Optional) Netmask length to request from IPAM Pool. Conflicts with ipv6CidrBlock. This can be omitted if IPAM pool as a allocationDefaultNetmaskLength set. Valid values: 56.
  • ipv6CidrBlockNetworkBorderGroup - (Optional) By default when an IPv6 CIDR is assigned to a VPC a default ipv6_cidr_block_network_border_group will be set to the region of the VPC. This can be changed to restrict advertisement of public addresses to specific Network Border Groups such as LocalZones.
  • enableDnsSupport - (Optional) A boolean flag to enable/disable DNS support in the VPC. Defaults to true.
  • enableNetworkAddressUsageMetrics - (Optional) Indicates whether Network Address Usage metrics are enabled for your VPC. Defaults to false.
  • enableDnsHostnames - (Optional) A boolean flag to enable/disable DNS hostnames in the VPC. Defaults false.
  • enableClassiclink - (Optional) A boolean flag to enable/disable ClassicLink for the VPC. Only valid in regions and accounts that support EC2 Classic. See the ClassicLink documentation for more information. Defaults false.
  • enableClassiclinkDnsSupport - (Optional) A boolean flag to enable/disable ClassicLink DNS Support for the VPC. Only valid in regions and accounts that support EC2 Classic.
  • assignGeneratedIpv6CidrBlock - (Optional) Requests an Amazon-provided IPv6 CIDR block with a /56 prefix length for the VPC. You cannot specify the range of IP addresses, or the size of the CIDR block. Default is false. Conflicts with ipv6IpamPoolId
  • tags - (Optional) A map of tags to assign to the resource. If configured with a provider defaultTags configuration block present, tags with matching keys will overwrite those defined at the provider-level.

Attributes Reference

In addition to all arguments above, the following attributes are exported:

  • arn - Amazon Resource Name (ARN) of VPC
  • id - The ID of the VPC
  • instanceTenancy - Tenancy of instances spin up within VPC
  • enableDnsSupport - Whether or not the VPC has DNS support
  • enableNetworkAddressUsageMetrics - Whether Network Address Usage metrics are enabled for the VPC
  • enableDnsHostnames - Whether or not the VPC has DNS hostname support
  • enableClassiclink - Whether or not the VPC has Classiclink enabled
  • mainRouteTableId - The ID of the main route table associated with this VPC. Note that you can change a VPC's main route table by using an awsMainRouteTableAssociation.
  • defaultNetworkAclId - The ID of the network ACL created by default on VPC creation
  • defaultSecurityGroupId - The ID of the security group created by default on VPC creation
  • defaultRouteTableId - The ID of the route table created by default on VPC creation
  • ipv6AssociationId - The association ID for the IPv6 CIDR block.
  • ipv6CidrBlockNetworkBorderGroup - The Network Border Group Zone name
  • ownerId - The ID of the AWS account that owns the VPC.
  • tagsAll - A map of tags assigned to the resource, including those inherited from the provider defaultTags configuration block.

Import

VPCs can be imported using the vpcId, e.g.,

$ terraform import aws_vpc.test_vpc vpc-a01106c2