networking Submodule

Constructs

BaseDomain

• Implements: IDomain

A DNS domain and its wildcard X.509 certificate.

Initializers

import { networking } from 'shady-island'

new networking.BaseDomain(scope: Construct, id: string)

Name	Type	Description
scope	constructs.Construct	The scope in which to define this construct.
id	string	The scoped construct ID.

---

scope^Required

• Type: constructs.Construct

The scope in which to define this construct.

---

id^Required

• Type: string

The scoped construct ID.

Must be unique amongst siblings. If the ID includes a path separator (/), then it will be replaced by double dash --.

---

Methods

Name	Description
toString	Returns a string representation of this construct.

---

toString

public toString(): string

Returns a string representation of this construct.

Static Functions

Name	Description
isConstruct	Checks if x is a construct.

---

isConstruct

import { networking } from 'shady-island'

networking.BaseDomain.isConstruct(x: any)

Checks if x is a construct.

x^Required

• Type: any

Any object.

---

Properties

Name	Type	Description
node	constructs.Node	The tree node.
certificate	aws-cdk-lib.aws_certificatemanager.ICertificate	The wildcard certificate for resources in this domain.
hostedZone	aws-cdk-lib.aws_route53.IHostedZone	The hosted zone that contains records for this domain.
name	string	The fully-qualified domain name of the hosted zone.

---

node^Required

public readonly node: Node;

• Type: constructs.Node

The tree node.

---

certificate^Required

public readonly certificate: ICertificate;

• Type: aws-cdk-lib.aws_certificatemanager.ICertificate

The wildcard certificate for resources in this domain.

---

hostedZone^Required

public readonly hostedZone: IHostedZone;

• Type: aws-cdk-lib.aws_route53.IHostedZone

The hosted zone that contains records for this domain.

---

name^Required

public readonly name: string;

• Type: string

The fully-qualified domain name of the hosted zone.

---

CrossAccountDelegationDomain

Provides a domain using delegation from a parent zone in another account.

This construct creates a new Route 53 hosted zone for the subdomain, a zone delegation record, and a new wildcard ACM certificate for the subdomain.

Initializers

import { networking } from 'shady-island'

new networking.CrossAccountDelegationDomain(scope: Construct, id: string, props: CrossAccountDelegationDomainProps)

Name	Type	Description
scope	constructs.Construct	No description.
id	string	No description.
props	CrossAccountDelegationDomainProps	No description.

---

scope^Required

• Type: constructs.Construct

---

id^Required

• Type: string

---

props^Required

• Type: CrossAccountDelegationDomainProps

---

Methods

Name	Description
toString	Returns a string representation of this construct.

---

toString

public toString(): string

Returns a string representation of this construct.

Static Functions

Name	Description
isConstruct	Checks if x is a construct.

---

isConstruct

import { networking } from 'shady-island'

networking.CrossAccountDelegationDomain.isConstruct(x: any)

Checks if x is a construct.

x^Required

• Type: any

Any object.

---

Properties

Name	Type	Description
node	constructs.Node	The tree node.
certificate	aws-cdk-lib.aws_certificatemanager.ICertificate	The wildcard certificate for resources in this domain.
hostedZone	aws-cdk-lib.aws_route53.IHostedZone	The hosted zone that contains records for this domain.
name	string	The fully-qualified domain name of the hosted zone.

---

node^Required

public readonly node: Node;

• Type: constructs.Node

The tree node.

---

certificate^Required

public readonly certificate: ICertificate;

• Type: aws-cdk-lib.aws_certificatemanager.ICertificate

The wildcard certificate for resources in this domain.

---

hostedZone^Required

public readonly hostedZone: IHostedZone;

• Type: aws-cdk-lib.aws_route53.IHostedZone

The hosted zone that contains records for this domain.

---

name^Required

public readonly name: string;

• Type: string

The fully-qualified domain name of the hosted zone.

---

DelegationDomain

Provides a domain using delegation from a parent zone in the same account.

This construct creates a new Route 53 hosted zone for the subdomain, a zone delegation record, and a new wildcard ACM certificate for the subdomain.

Initializers

import { networking } from 'shady-island'

new networking.DelegationDomain(scope: Construct, id: string, props: DelegationDomainProps)

Name	Type	Description
scope	constructs.Construct	No description.
id	string	No description.
props	DelegationDomainProps	No description.

---

scope^Required

• Type: constructs.Construct

---

id^Required

• Type: string

---

props^Required

• Type: DelegationDomainProps

---

Methods

Name	Description
toString	Returns a string representation of this construct.
applyRemovalPolicy	No description.

---

toString

public toString(): string

Returns a string representation of this construct.

applyRemovalPolicy

public applyRemovalPolicy(policy: RemovalPolicy): void

policy^Required

• Type: aws-cdk-lib.RemovalPolicy

---

Static Functions

Name	Description
isConstruct	Checks if x is a construct.

---

isConstruct

import { networking } from 'shady-island'

networking.DelegationDomain.isConstruct(x: any)

Checks if x is a construct.

x^Required

• Type: any

Any object.

---

Properties

Name	Type	Description
node	constructs.Node	The tree node.
certificate	aws-cdk-lib.aws_certificatemanager.ICertificate	The wildcard certificate for resources in this domain.
hostedZone	aws-cdk-lib.aws_route53.IHostedZone	The hosted zone that contains records for this domain.
name	string	The fully-qualified domain name of the hosted zone.

---

node^Required

public readonly node: Node;

• Type: constructs.Node

The tree node.

---

certificate^Required

public readonly certificate: ICertificate;

• Type: aws-cdk-lib.aws_certificatemanager.ICertificate

The wildcard certificate for resources in this domain.

---

hostedZone^Required

public readonly hostedZone: IHostedZone;

• Type: aws-cdk-lib.aws_route53.IHostedZone

The hosted zone that contains records for this domain.

---

name^Required

public readonly name: string;

• Type: string

The fully-qualified domain name of the hosted zone.

---

ElasticIp

• Implements: IElasticIp

An EC2 Elastic IP address.

Initializers

import { networking } from 'shady-island'

new networking.ElasticIp(scope: Construct, id: string, props?: ElasticIpProps)

Name	Type	Description
scope	constructs.Construct	- The scope in which to define this construct.
id	string	- The scoped construct ID.
props	ElasticIpProps	- Initialization properties for this construct.

---

scope^Required

• Type: constructs.Construct

The scope in which to define this construct.

---

id^Required

• Type: string

The scoped construct ID.

---

props^Optional

• Type: ElasticIpProps

Initialization properties for this construct.

---

Methods

Name	Description
toString	Returns a string representation of this construct.
applyRemovalPolicy	Apply the given removal policy to this resource.
grant	Grant the given identity custom permissions.

---

toString

public toString(): string

Returns a string representation of this construct.

applyRemovalPolicy

public applyRemovalPolicy(policy: RemovalPolicy): void

Apply the given removal policy to this resource.

The Removal Policy controls what happens to this resource when it stops being managed by CloudFormation, either because you’ve removed it from the CDK application or because you’ve made a change that requires the resource to be replaced.

The resource can be deleted (RemovalPolicy.DESTROY), or left in your AWS account for data recovery and cleanup later (RemovalPolicy.RETAIN).

policy^Required

• Type: aws-cdk-lib.RemovalPolicy

---

grant

public grant(identity: IGrantable, actions: ...string[]): Grant

Grant the given identity custom permissions.

e.g. ec2:AssociateAddress, ec2:DisableAddressTransfer, ec2:DisassociateAddress, ec2:EnableAddressTransfer, among others.

identity^Required

• Type: aws-cdk-lib.aws_iam.IGrantable

---

actions^Required

• Type: …string[]

---

Static Functions

Name	Description
isConstruct	Checks if x is a construct.
isOwnedResource	Returns true if the construct was created by CDK, and false otherwise.
isResource	Check whether the given construct is a Resource.
fromAllocationId	Import an existing EIP from the given allocation ID.
fromElasticIpArn	Import an existing EIP from its ARN.

---

isConstruct

import { networking } from 'shady-island'

networking.ElasticIp.isConstruct(x: any)

Checks if x is a construct.

x^Required

• Type: any

Any object.

---

isOwnedResource

import { networking } from 'shady-island'

networking.ElasticIp.isOwnedResource(construct: IConstruct)

Returns true if the construct was created by CDK, and false otherwise.

construct^Required

• Type: constructs.IConstruct

---

isResource

import { networking } from 'shady-island'

networking.ElasticIp.isResource(construct: IConstruct)

Check whether the given construct is a Resource.

construct^Required

• Type: constructs.IConstruct

---

fromAllocationId

import { networking } from 'shady-island'

networking.ElasticIp.fromAllocationId(scope: Construct, id: string, allocationId: string)

Import an existing EIP from the given allocation ID.

scope^Required

• Type: constructs.Construct

The scope in which to define this construct.

---

id^Required

• Type: string

The scoped construct ID.

---

allocationId^Required

• Type: string

The EIP allocation ID.

---

fromElasticIpArn

import { networking } from 'shady-island'

networking.ElasticIp.fromElasticIpArn(scope: Construct, id: string, arn: string)

Import an existing EIP from its ARN.

scope^Required

• Type: constructs.Construct

The scope in which to define this construct.

---

id^Required

• Type: string

The scoped construct ID.

---

arn^Required

• Type: string

The EIP ARN.

---

Properties

Name	Type	Description
node	constructs.Node	The tree node.
env	aws-cdk-lib.ResourceEnvironment	The environment this resource belongs to.
stack	aws-cdk-lib.Stack	The stack in which this resource is defined.
allocationId	string	The allocation ID of the Elastic IP address.
elasticIpArn	string	The ARN of the Elastic IP address.
publicIp	string	The IPv4 address.

---

node^Required

public readonly node: Node;

• Type: constructs.Node

The tree node.

---

env^Required

public readonly env: ResourceEnvironment;

• Type: aws-cdk-lib.ResourceEnvironment

The environment this resource belongs to.

For resources that are created and managed by the CDK (generally, those created by creating new class instances like Role, Bucket, etc.), this is always the same as the environment of the stack they belong to; however, for imported resources (those obtained from static methods like fromRoleArn, fromBucketName, etc.), that might be different than the stack they were imported into.

---

stack^Required

public readonly stack: Stack;

• Type: aws-cdk-lib.Stack

The stack in which this resource is defined.

---

allocationId^Required

public readonly allocationId: string;

• Type: string

The allocation ID of the Elastic IP address.

---

elasticIpArn^Required

public readonly elasticIpArn: string;

• Type: string

The ARN of the Elastic IP address.

---

publicIp^Required

public readonly publicIp: string;

• Type: string

The IPv4 address.

---

ExistingZoneDomain

Provides a domain using an existing hosted zone.

This construct will create a new wildcard ACM certificate using the existing hosted zone name.

Initializers

import { networking } from 'shady-island'

new networking.ExistingZoneDomain(scope: Construct, id: string, props: ExistingZoneDomainProps)

Name	Type	Description
scope	constructs.Construct	No description.
id	string	No description.
props	ExistingZoneDomainProps	No description.

---

scope^Required

• Type: constructs.Construct

---

id^Required

• Type: string

---

props^Required

• Type: ExistingZoneDomainProps

---

Methods

Name	Description
toString	Returns a string representation of this construct.

---

toString

public toString(): string

Returns a string representation of this construct.

Static Functions

Name	Description
isConstruct	Checks if x is a construct.
fromDomainAttributes	Returns an ExistingZoneDomain using the provided attributes.

---

isConstruct

import { networking } from 'shady-island'

networking.ExistingZoneDomain.isConstruct(x: any)

Checks if x is a construct.

x^Required

• Type: any

Any object.

---

fromDomainAttributes

import { networking } from 'shady-island'

networking.ExistingZoneDomain.fromDomainAttributes(scope: Construct, id: string, attrs: DomainAttributes)

Returns an ExistingZoneDomain using the provided attributes.

scope^Required

• Type: constructs.Construct

The scope in which to define this construct.

---

id^Required

• Type: string

The scoped construct ID.

---

attrs^Required

• Type: DomainAttributes

The provided attributes.

---

Properties

Name	Type	Description
node	constructs.Node	The tree node.
certificate	aws-cdk-lib.aws_certificatemanager.ICertificate	The wildcard certificate for resources in this domain.
hostedZone	aws-cdk-lib.aws_route53.IHostedZone	The hosted zone that contains records for this domain.
name	string	The fully-qualified domain name of the hosted zone.

---

node^Required

public readonly node: Node;

• Type: constructs.Node

The tree node.

---

certificate^Required

public readonly certificate: ICertificate;

• Type: aws-cdk-lib.aws_certificatemanager.ICertificate

The wildcard certificate for resources in this domain.

---

hostedZone^Required

public readonly hostedZone: IHostedZone;

• Type: aws-cdk-lib.aws_route53.IHostedZone

The hosted zone that contains records for this domain.

---

name^Required

public readonly name: string;

• Type: string

The fully-qualified domain name of the hosted zone.

---

NetworkInterface

• Implements: INetworkInterface

A Network Interface.

Initializers

import { networking } from 'shady-island'

new networking.NetworkInterface(scope: Construct, id: string, props: NetworkInterfaceProps)

Name	Type	Description
scope	constructs.Construct	- The scope in which to define this construct.
id	string	- The scoped construct ID.
props	NetworkInterfaceProps	- Initialization properties for this construct.

---

scope^Required

• Type: constructs.Construct

The scope in which to define this construct.

---

id^Required

• Type: string

The scoped construct ID.

---

props^Required

• Type: NetworkInterfaceProps

Initialization properties for this construct.

---

Methods

Name	Description
toString	Returns a string representation of this construct.
applyRemovalPolicy	Apply the given removal policy to this resource.

---

toString

public toString(): string

Returns a string representation of this construct.

applyRemovalPolicy

public applyRemovalPolicy(policy: RemovalPolicy): void

Apply the given removal policy to this resource.

The Removal Policy controls what happens to this resource when it stops being managed by CloudFormation, either because you’ve removed it from the CDK application or because you’ve made a change that requires the resource to be replaced.

The resource can be deleted (RemovalPolicy.DESTROY), or left in your AWS account for data recovery and cleanup later (RemovalPolicy.RETAIN).

policy^Required

• Type: aws-cdk-lib.RemovalPolicy

---

Static Functions

Name	Description
isConstruct	Checks if x is a construct.
isOwnedResource	Returns true if the construct was created by CDK, and false otherwise.
isResource	Check whether the given construct is a Resource.
fromNetworkInterfaceAttributes	Import an existing Network Interface from the given attributes.

---

isConstruct

import { networking } from 'shady-island'

networking.NetworkInterface.isConstruct(x: any)

Checks if x is a construct.

x^Required

• Type: any

Any object.

---

isOwnedResource

import { networking } from 'shady-island'

networking.NetworkInterface.isOwnedResource(construct: IConstruct)

Returns true if the construct was created by CDK, and false otherwise.

construct^Required

• Type: constructs.IConstruct

---

isResource

import { networking } from 'shady-island'

networking.NetworkInterface.isResource(construct: IConstruct)

Check whether the given construct is a Resource.

construct^Required

• Type: constructs.IConstruct

---

fromNetworkInterfaceAttributes

import { networking } from 'shady-island'

networking.NetworkInterface.fromNetworkInterfaceAttributes(scope: Construct, id: string, attribs: NetworkInterfaceAttributes)

Import an existing Network Interface from the given attributes.

scope^Required

• Type: constructs.Construct

The scope in which to define this construct.

---

id^Required

• Type: string

The scoped construct ID.

---

attribs^Required

• Type: NetworkInterfaceAttributes

The Network Interface attributes.

---

Properties

Name	Type	Description
node	constructs.Node	The tree node.
env	aws-cdk-lib.ResourceEnvironment	The environment this resource belongs to.
stack	aws-cdk-lib.Stack	The stack in which this resource is defined.
connections	aws-cdk-lib.aws_ec2.Connections	The network connections associated with this resource.
ipv6Address	string	No description.
networkInterfaceId	string	The ID of this Network Interface.
privateIpv4Address	string	No description.
subnet	aws-cdk-lib.aws_ec2.ISubnet	The subnet of this Network Interface.

---

node^Required

public readonly node: Node;

• Type: constructs.Node

The tree node.

---

env^Required

public readonly env: ResourceEnvironment;

• Type: aws-cdk-lib.ResourceEnvironment

The environment this resource belongs to.

For resources that are created and managed by the CDK (generally, those created by creating new class instances like Role, Bucket, etc.), this is always the same as the environment of the stack they belong to; however, for imported resources (those obtained from static methods like fromRoleArn, fromBucketName, etc.), that might be different than the stack they were imported into.

---

stack^Required

public readonly stack: Stack;

• Type: aws-cdk-lib.Stack

The stack in which this resource is defined.

---

connections^Required

public readonly connections: Connections;

• Type: aws-cdk-lib.aws_ec2.Connections

The network connections associated with this resource.

---

ipv6Address^Required

public readonly ipv6Address: string;

• Type: string

---

networkInterfaceId^Required

public readonly networkInterfaceId: string;

• Type: string

The ID of this Network Interface.

---

privateIpv4Address^Required

public readonly privateIpv4Address: string;

• Type: string

---

subnet^Required

public readonly subnet: ISubnet;

• Type: aws-cdk-lib.aws_ec2.ISubnet

The subnet of this Network Interface.

---

SecretHttpHeader

• Implements: ISecretHttpHeader

Configure a secret header an ALB can require for every request.

Initializers

import { networking } from 'shady-island'

new networking.SecretHttpHeader(scope: Construct, id: string, props?: SecretHttpHeaderProps)

Name	Type	Description
scope	constructs.Construct	- The parent scope.
id	string	- The construct identifier.
props	SecretHttpHeaderProps	- The configuration properties.

---

scope^Required

• Type: constructs.Construct

The parent scope.

---

id^Required

• Type: string

The construct identifier.

---

props^Optional

• Type: SecretHttpHeaderProps

The configuration properties.

---

Methods

Name	Description
toString	Returns a string representation of this construct.
createListenerCondition	No description.
createOriginCustomHeaders	No description.

---

toString

public toString(): string

Returns a string representation of this construct.

createListenerCondition

public createListenerCondition(): ListenerCondition

createOriginCustomHeaders

public createOriginCustomHeaders(): {[ key: string ]: string}

Static Functions

Name	Description
isConstruct	Checks if x is a construct.
fromSecret	Create a SecretHttpHeader from an existing Secrets Manager secret.

---

isConstruct

import { networking } from 'shady-island'

networking.SecretHttpHeader.isConstruct(x: any)

Checks if x is a construct.

x^Required

• Type: any

Any object.

---

fromSecret

import { networking } from 'shady-island'

networking.SecretHttpHeader.fromSecret(scope: Construct, id: string, secret: ISecret)

Create a SecretHttpHeader from an existing Secrets Manager secret.

The secret must be in JSON format and have two fields: name and value.

scope^Required

• Type: constructs.Construct

The parent scope.

---

id^Required

• Type: string

The ID for the new construct.

---

secret^Required

• Type: aws-cdk-lib.aws_secretsmanager.ISecret

The existing Secrets Manager secret.

---

Properties

Name	Type	Description
node	constructs.Node	The tree node.
defaultHeaderName	string	Gets the default header name.
headerName	string	No description.
headerValue	aws-cdk-lib.SecretValue	No description.
secret	aws-cdk-lib.aws_secretsmanager.ISecret	The Secrets Manager secret that contains the name and value of the header.

---

node^Required

public readonly node: Node;

• Type: constructs.Node

The tree node.

---

defaultHeaderName^Required

public readonly defaultHeaderName: string;

• Type: string

Gets the default header name.

---

headerName^Required

public readonly headerName: string;

• Type: string

---

headerValue^Required

public readonly headerValue: SecretValue;

• Type: aws-cdk-lib.SecretValue

---

secret^Required

public readonly secret: ISecret;

• Type: aws-cdk-lib.aws_secretsmanager.ISecret

The Secrets Manager secret that contains the name and value of the header.

---

SingletonLaunchTemplate

A launch template bound to a single Elastic Network Interface.

Initializers

import { networking } from 'shady-island'

new networking.SingletonLaunchTemplate(scope: Construct, id: string, props: SingletonLaunchTemplateProps)

Name	Type	Description
scope	constructs.Construct	- The scope in which to define this construct.
id	string	- The scoped construct ID.
props	SingletonLaunchTemplateProps	- Initialization properties for this construct.

---

scope^Required

• Type: constructs.Construct

The scope in which to define this construct.

---

id^Required

• Type: string

The scoped construct ID.

---

props^Required

• Type: SingletonLaunchTemplateProps

Initialization properties for this construct.

---

Methods

Name	Description
toString	Returns a string representation of this construct.
applyRemovalPolicy	Apply the given removal policy to this resource.
addSecurityGroup	Add the security group to the instance.
createAutoScalingGroup	Creates an auto-scaling group for this launch template.

---

toString

public toString(): string

Returns a string representation of this construct.

applyRemovalPolicy

public applyRemovalPolicy(policy: RemovalPolicy): void

Apply the given removal policy to this resource.

The Removal Policy controls what happens to this resource when it stops being managed by CloudFormation, either because you’ve removed it from the CDK application or because you’ve made a change that requires the resource to be replaced.

The resource can be deleted (RemovalPolicy.DESTROY), or left in your AWS account for data recovery and cleanup later (RemovalPolicy.RETAIN).

policy^Required

• Type: aws-cdk-lib.RemovalPolicy

---

addSecurityGroup

public addSecurityGroup(securityGroup: ISecurityGroup): void

Add the security group to the instance.

securityGroup^Required

• Type: aws-cdk-lib.aws_ec2.ISecurityGroup

---

createAutoScalingGroup

public createAutoScalingGroup(id: string, props: AutoScalingGroupProps): AutoScalingGroup

Creates an auto-scaling group for this launch template.

The following properties are ignored (if specified): launchTemplate, minCapacity, and maxCapacity.

id^Required

• Type: string

The ID of the auto-scaling group.

---

props^Required

• Type: aws-cdk-lib.aws_autoscaling.AutoScalingGroupProps

Constructor properties of the AutoScalingGroup.

---

Static Functions

Name	Description
isConstruct	Checks if x is a construct.
isOwnedResource	Returns true if the construct was created by CDK, and false otherwise.
isResource	Check whether the given construct is a Resource.
fromLaunchTemplateAttributes	Import an existing LaunchTemplate.

---

isConstruct

import { networking } from 'shady-island'

networking.SingletonLaunchTemplate.isConstruct(x: any)

Checks if x is a construct.

x^Required

• Type: any

Any object.

---

isOwnedResource

import { networking } from 'shady-island'

networking.SingletonLaunchTemplate.isOwnedResource(construct: IConstruct)

Returns true if the construct was created by CDK, and false otherwise.

construct^Required

• Type: constructs.IConstruct

---

isResource

import { networking } from 'shady-island'

networking.SingletonLaunchTemplate.isResource(construct: IConstruct)

Check whether the given construct is a Resource.

construct^Required

• Type: constructs.IConstruct

---

fromLaunchTemplateAttributes

import { networking } from 'shady-island'

networking.SingletonLaunchTemplate.fromLaunchTemplateAttributes(scope: Construct, id: string, attrs: LaunchTemplateAttributes)

Import an existing LaunchTemplate.

scope^Required

• Type: constructs.Construct

---

id^Required

• Type: string

---

attrs^Required

• Type: aws-cdk-lib.aws_ec2.LaunchTemplateAttributes

---

Properties

Name	Type	Description
node	constructs.Node	The tree node.
env	aws-cdk-lib.ResourceEnvironment	The environment this resource belongs to.
stack	aws-cdk-lib.Stack	The stack in which this resource is defined.
connections	aws-cdk-lib.aws_ec2.Connections	Allows specifying security group connections for the instance.
defaultVersionNumber	string	The default version for the launch template.
grantPrincipal	aws-cdk-lib.aws_iam.IPrincipal	Principal to grant permissions to.
latestVersionNumber	string	The latest version of the launch template.
versionNumber	string	The version number of this launch template to use.
imageId	string	The AMI ID of the image to use.
instanceType	aws-cdk-lib.aws_ec2.InstanceType	Type of instance to launch.
launchTemplateId	string	The identifier of the Launch Template.
launchTemplateName	string	The name of the Launch Template.
osType	aws-cdk-lib.aws_ec2.OperatingSystemType	The type of OS the instance is running.
role	aws-cdk-lib.aws_iam.IRole	IAM Role assumed by instances that are launched from this template.
userData	aws-cdk-lib.aws_ec2.UserData	UserData executed by instances that are launched from this template.
networkInterface	INetworkInterface	The network interface used by this launch template.

---

node^Required

public readonly node: Node;

• Type: constructs.Node

The tree node.

---

env^Required

public readonly env: ResourceEnvironment;

• Type: aws-cdk-lib.ResourceEnvironment

The environment this resource belongs to.

For resources that are created and managed by the CDK (generally, those created by creating new class instances like Role, Bucket, etc.), this is always the same as the environment of the stack they belong to; however, for imported resources (those obtained from static methods like fromRoleArn, fromBucketName, etc.), that might be different than the stack they were imported into.

---

stack^Required

public readonly stack: Stack;

• Type: aws-cdk-lib.Stack

The stack in which this resource is defined.

---

connections^Required

public readonly connections: Connections;

• Type: aws-cdk-lib.aws_ec2.Connections

Allows specifying security group connections for the instance.

---

defaultVersionNumber^Required

public readonly defaultVersionNumber: string;

• Type: string

The default version for the launch template.

---

grantPrincipal^Required

public readonly grantPrincipal: IPrincipal;

• Type: aws-cdk-lib.aws_iam.IPrincipal

Principal to grant permissions to.

---

latestVersionNumber^Required

public readonly latestVersionNumber: string;

• Type: string

The latest version of the launch template.

---

versionNumber^Required

public readonly versionNumber: string;

• Type: string

The version number of this launch template to use.

---

imageId^Optional

public readonly imageId: string;

• Type: string

The AMI ID of the image to use.

---

instanceType^Optional

public readonly instanceType: InstanceType;

• Type: aws-cdk-lib.aws_ec2.InstanceType

Type of instance to launch.

---

launchTemplateId^Optional

public readonly launchTemplateId: string;

• Type: string

The identifier of the Launch Template.

Exactly one of launchTemplateId and launchTemplateName will be set.

---

launchTemplateName^Optional

public readonly launchTemplateName: string;

• Type: string

The name of the Launch Template.

Exactly one of launchTemplateId and launchTemplateName will be set.

---

osType^Optional

public readonly osType: OperatingSystemType;

• Type: aws-cdk-lib.aws_ec2.OperatingSystemType

The type of OS the instance is running.

---

role^Optional

public readonly role: IRole;

• Type: aws-cdk-lib.aws_iam.IRole

IAM Role assumed by instances that are launched from this template.

---

userData^Optional

public readonly userData: UserData;

• Type: aws-cdk-lib.aws_ec2.UserData

UserData executed by instances that are launched from this template.

---

networkInterface^Required

public readonly networkInterface: INetworkInterface;

• Type: INetworkInterface

The network interface used by this launch template.

---

WebLoadBalancing

A utility for creating a public-facing Application Load Balancer.

Initializers

import { networking } from 'shady-island'

new networking.WebLoadBalancing(scope: Construct, id: string, props: WebLoadBalancingProps)

Name	Type	Description
scope	constructs.Construct	- The scope in which to define this construct.
id	string	- The scoped construct ID.
props	WebLoadBalancingProps	- Initialization properties for this construct.

---

scope^Required

• Type: constructs.Construct

The scope in which to define this construct.

---

id^Required

• Type: string

The scoped construct ID.

---

props^Required

• Type: WebLoadBalancingProps

Initialization properties for this construct.

---

Methods

Name	Description
toString	Returns a string representation of this construct.
addTarget	Adds a target to the listener.

---

toString

public toString(): string

Returns a string representation of this construct.

addTarget

public addTarget(id: string, target: IApplicationLoadBalancerTarget, options?: TargetOptions): IApplicationTargetGroup

Adds a target to the listener.

If the following options are left undefined, these defaults will be used.

• port: 443
• protocol: HTTPS
• deregistrationDelay: load balancer idle timeout
• healthCheck.path: /
• healthCheck.healthyThresholdCount: 2
• healthCheck.interval: 30 seconds
• healthCheck.timeout: 29 seconds

id^Required

• Type: string

The ID of the new target group.

---

target^Required

• Type: aws-cdk-lib.aws_elasticloadbalancingv2.IApplicationLoadBalancerTarget

The load balancing target to receive traffic.

---

options^Optional

• Type: TargetOptions

The target group options.

---

Static Functions

Name	Description
isConstruct	Checks if x is a construct.

---

isConstruct

import { networking } from 'shady-island'

networking.WebLoadBalancing.isConstruct(x: any)

Checks if x is a construct.

x^Required

• Type: any

Any object.

---

Properties

Name	Type	Description
node	constructs.Node	The tree node.
listener	aws-cdk-lib.aws_elasticloadbalancingv2.IApplicationListener	The HTTPS listener.
loadBalancer	aws-cdk-lib.aws_elasticloadbalancingv2.IApplicationLoadBalancer	The load balancer itself.
secretHeader	ISecretHttpHeader	The secret header (if requireSecretHeader was set to true).

---

node^Required

public readonly node: Node;

• Type: constructs.Node

The tree node.

---

listener^Required

public readonly listener: IApplicationListener;

• Type: aws-cdk-lib.aws_elasticloadbalancingv2.IApplicationListener

The HTTPS listener.

---

loadBalancer^Required

public readonly loadBalancer: IApplicationLoadBalancer;

• Type: aws-cdk-lib.aws_elasticloadbalancingv2.IApplicationLoadBalancer

The load balancer itself.

---

secretHeader^Optional

public readonly secretHeader: ISecretHttpHeader;

• Type: ISecretHttpHeader

The secret header (if requireSecretHeader was set to true).

---

Structs

CrossAccountDelegationDomainProps

Constructor properties for CrossAccountDelegationDomain.

Initializer

import { networking } from 'shady-island'

const crossAccountDelegationDomainProps: networking.CrossAccountDelegationDomainProps = { ... }

Properties

Name	Type	Description
delegationRole	aws-cdk-lib.aws_iam.IRole	The delegation role in the parent account.
subdomain	string	The subdomain in the parent hosted zone.
assumeRoleRegion	string	Region from which to obtain temporary credentials.
parentHostedZoneId	string	The hosted zone id in the parent account.
parentHostedZoneName	string	The hosted zone name in the parent account.
removalPolicy	aws-cdk-lib.RemovalPolicy	The removal policy to apply.
ttl	aws-cdk-lib.Duration	The resource record cache time to live (TTL).

---

delegationRole^Required

public readonly delegationRole: IRole;

• Type: aws-cdk-lib.aws_iam.IRole

The delegation role in the parent account.

---

subdomain^Required

public readonly subdomain: string;

• Type: string

The subdomain in the parent hosted zone.

---

assumeRoleRegion^Optional

public readonly assumeRoleRegion: string;

• Type: string
• Default: the Route53 signing region in the current partition

Region from which to obtain temporary credentials.

---

parentHostedZoneId^Optional

public readonly parentHostedZoneId: string;

• Type: string
• Default: hosted zone ID will be looked up based on the zone name

The hosted zone id in the parent account.

---

parentHostedZoneName^Optional

public readonly parentHostedZoneName: string;

• Type: string
• Default: no zone name

The hosted zone name in the parent account.

---

removalPolicy^Optional

public readonly removalPolicy: RemovalPolicy;

• Type: aws-cdk-lib.RemovalPolicy
• Default: RemovalPolicy.DESTROY

The removal policy to apply.

---

ttl^Optional

public readonly ttl: Duration;

• Type: aws-cdk-lib.Duration
• Default: Duration.days(2)

The resource record cache time to live (TTL).

---

DelegationDomainProps

Constructor properties for DelegationDomain.

Initializer

import { networking } from 'shady-island'

const delegationDomainProps: networking.DelegationDomainProps = { ... }

Properties

Name	Type	Description
parentHostedZone	aws-cdk-lib.aws_route53.IPublicHostedZone	The parent/delegating hosted zone.
subdomain	string	The subdomain in the parent hosted zone.
removalPolicy	aws-cdk-lib.RemovalPolicy	The removal policy to apply.

---

parentHostedZone^Required

public readonly parentHostedZone: IPublicHostedZone;

• Type: aws-cdk-lib.aws_route53.IPublicHostedZone

The parent/delegating hosted zone.

The “zone name” is needed.

---

subdomain^Required

public readonly subdomain: string;

• Type: string

The subdomain in the parent hosted zone.

---

removalPolicy^Optional

public readonly removalPolicy: RemovalPolicy;

• Type: aws-cdk-lib.RemovalPolicy
• Default: RemovalPolicy.DESTROY

The removal policy to apply.

---

DomainAttributes

A domain in the Domain Name System.

Initializer

import { networking } from 'shady-island'

const domainAttributes: networking.DomainAttributes = { ... }

Properties

Name	Type	Description
certificate	aws-cdk-lib.aws_certificatemanager.ICertificate	The wildcard certificate for resources in this domain.
hostedZone	aws-cdk-lib.aws_route53.IHostedZone	The hosted zone that contains records for this domain.

---

certificate^Required

public readonly certificate: ICertificate;

• Type: aws-cdk-lib.aws_certificatemanager.ICertificate

The wildcard certificate for resources in this domain.

---

hostedZone^Required

public readonly hostedZone: IHostedZone;

• Type: aws-cdk-lib.aws_route53.IHostedZone

The hosted zone that contains records for this domain.

---

ElasticIpProps

Constructor properties for ElasticIp.

Initializer

import { networking } from 'shady-island'

const elasticIpProps: networking.ElasticIpProps = { ... }

Properties

Name	Type	Description
removalPolicy	aws-cdk-lib.RemovalPolicy	The removal policy for this resource.

---

removalPolicy^Optional

public readonly removalPolicy: RemovalPolicy;

• Type: aws-cdk-lib.RemovalPolicy

The removal policy for this resource.

---

ExistingZoneDomainProps

Constructor properties for ExistingZoneDomain.

Initializer

import { networking } from 'shady-island'

const existingZoneDomainProps: networking.ExistingZoneDomainProps = { ... }

Properties

Name	Type	Description
hostedZone	aws-cdk-lib.aws_route53.IHostedZone	The hosted zone that contains records for this domain.

---

hostedZone^Required

public readonly hostedZone: IHostedZone;

• Type: aws-cdk-lib.aws_route53.IHostedZone

The hosted zone that contains records for this domain.

---

NetworkInterfaceAttributes

Attributes to import an existing Network Interface.

Initializer

import { networking } from 'shady-island'

const networkInterfaceAttributes: networking.NetworkInterfaceAttributes = { ... }

Properties

Name	Type	Description
networkInterfaceId	string	The ID of this Network Interface.
securityGroups	aws-cdk-lib.aws_ec2.ISecurityGroup[]	The security groups assigned to the Network Interface.
subnet	aws-cdk-lib.aws_ec2.ISubnet	The subnet where this Network Interface will be created.

---

networkInterfaceId^Required

public readonly networkInterfaceId: string;

• Type: string

The ID of this Network Interface.

---

securityGroups^Required

public readonly securityGroups: ISecurityGroup[];

• Type: aws-cdk-lib.aws_ec2.ISecurityGroup[]

The security groups assigned to the Network Interface.

---

subnet^Required

public readonly subnet: ISubnet;

• Type: aws-cdk-lib.aws_ec2.ISubnet

The subnet where this Network Interface will be created.

---

NetworkInterfaceProps

Constructor properties for NetworkInterface.

Initializer

import { networking } from 'shady-island'

const networkInterfaceProps: networking.NetworkInterfaceProps = { ... }

Properties

Name	Type	Description
subnet	aws-cdk-lib.aws_ec2.ISubnet	The subnet where this Network Interface will be created.
vpc	aws-cdk-lib.aws_ec2.IVpc	The VPC where this Network Interface will be created.
description	string	A description for this Network Interface.
elasticIp	IElasticIp	An Elastic IP Address to associate with this Network Interface.
enableSourceDestCheck	boolean	Enable the source/destination check.
interfaceType	InterfaceType	The type of interface (i.e. interface, efa, trunk).
ipv4	AddressingV4	How to assign IPv4 addresses.
ipv6	AddressingV6	How to assign IPv6 addresses.
removalPolicy	aws-cdk-lib.RemovalPolicy	The removal policy for this resource.
securityGroups	aws-cdk-lib.aws_ec2.ISecurityGroup[]	The security groups to assign to the Network Interface.

---

subnet^Required

public readonly subnet: ISubnet;

• Type: aws-cdk-lib.aws_ec2.ISubnet

The subnet where this Network Interface will be created.

---

vpc^Required

public readonly vpc: IVpc;

• Type: aws-cdk-lib.aws_ec2.IVpc

The VPC where this Network Interface will be created.

---

description^Optional

public readonly description: string;

• Type: string

A description for this Network Interface.

---

elasticIp^Optional

public readonly elasticIp: IElasticIp;

• Type: IElasticIp

An Elastic IP Address to associate with this Network Interface.

Provding an Elastic IP

---

enableSourceDestCheck^Optional

public readonly enableSourceDestCheck: boolean;

• Type: boolean
• Default: true

Enable the source/destination check.

---

interfaceType^Optional

public readonly interfaceType: InterfaceType;

• Type: InterfaceType
• Default: InterfaceType.INTERFACE

The type of interface (i.e. interface, efa, trunk).

---

ipv4^Optional

public readonly ipv4: AddressingV4;

• Type: AddressingV4
• Default: Dependent on VPC settings

How to assign IPv4 addresses.

The default behavior depends on the VPC. If it’s a dual stack VPC, EC2 will allocate a single private IP address from the VPC IPv4 CIDR range. If it’s IPv6-only, EC2 won’t allocate an IPv4 address.

---

ipv6^Optional

public readonly ipv6: AddressingV6;

• Type: AddressingV6
• Default: Dependent on VPC and subnet settings.

How to assign IPv6 addresses.

The default behavior depends on the VPC. If there are no IPv6 CIDRs defined for the VPC, EC2 won’t allocate an IPv6 address. If it’s a dual stack or an IPv6-only VPC, EC2 will allocate an IPv6 address if the subnet auto-assigns one.

---

removalPolicy^Optional

public readonly removalPolicy: RemovalPolicy;

• Type: aws-cdk-lib.RemovalPolicy

The removal policy for this resource.

---

securityGroups^Optional

public readonly securityGroups: ISecurityGroup[];

• Type: aws-cdk-lib.aws_ec2.ISecurityGroup[]
• Default: A new one is created

The security groups to assign to the Network Interface.

---

SecretHttpHeaderProps

Properties for the SecretHttpHeader constructor.

Initializer

import { networking } from 'shady-island'

const secretHttpHeaderProps: networking.SecretHttpHeaderProps = { ... }

Properties

Name	Type	Description
headerName	string	The name of the secret HTTP header.

---

headerName^Optional

public readonly headerName: string;

• Type: string
• Default: X-Secret-Passphrase

The name of the secret HTTP header.

---

SingletonLaunchTemplateProps

Constructor properties for SingletonLaunchTemplate.

Initializer

import { networking } from 'shady-island'

const singletonLaunchTemplateProps: networking.SingletonLaunchTemplateProps = { ... }

Properties

Name	Type	Description
associatePublicIpAddress	boolean	Whether instances should have a public IP addresses associated with them.
blockDevices	aws-cdk-lib.aws_ec2.BlockDevice[]	Specifies how block devices are exposed to the instance. You can specify virtual devices and EBS volumes.
cpuCredits	aws-cdk-lib.aws_ec2.CpuCredits	CPU credit type for burstable EC2 instance types.
detailedMonitoring	boolean	If set to true, then detailed monitoring will be enabled on instances created with this launch template.
disableApiTermination	boolean	If you set this parameter to true, you cannot terminate the instances launched with this launch template using the Amazon EC2 console, CLI, or API;
ebsOptimized	boolean	Indicates whether the instances are optimized for Amazon EBS I/O.
hibernationConfigured	boolean	If you set this parameter to true, the instance is enabled for hibernation.
httpEndpoint	boolean	Enables or disables the HTTP metadata endpoint on your instances.
httpProtocolIpv6	boolean	Enables or disables the IPv6 endpoint for the instance metadata service.
httpPutResponseHopLimit	number	The desired HTTP PUT response hop limit for instance metadata requests.
httpTokens	aws-cdk-lib.aws_ec2.LaunchTemplateHttpTokens	The state of token usage for your instance metadata requests.
instanceInitiatedShutdownBehavior	aws-cdk-lib.aws_ec2.InstanceInitiatedShutdownBehavior	Indicates whether an instance stops or terminates when you initiate shutdown from the instance (using the operating system command for system shutdown).
instanceMetadataTags	boolean	Set to enabled to allow access to instance tags from the instance metadata.
instanceProfile	aws-cdk-lib.aws_iam.IInstanceProfile	The instance profile used to pass role information to EC2 instances.
instanceType	aws-cdk-lib.aws_ec2.InstanceType	Type of instance to launch.
keyName	string	Name of SSH keypair to grant access to instance.
keyPair	aws-cdk-lib.aws_ec2.IKeyPair	The SSH keypair to grant access to the instance.
launchTemplateName	string	Name for this launch template.
machineImage	aws-cdk-lib.aws_ec2.IMachineImage	The AMI that will be used by instances.
nitroEnclaveEnabled	boolean	If this parameter is set to true, the instance is enabled for AWS Nitro Enclaves;
requireImdsv2	boolean	Whether IMDSv2 should be required on launched instances.
role	aws-cdk-lib.aws_iam.IRole	An IAM role to associate with the instance profile that is used by instances.
securityGroup	aws-cdk-lib.aws_ec2.ISecurityGroup	Security group to assign to instances created with the launch template.
spotOptions	aws-cdk-lib.aws_ec2.LaunchTemplateSpotOptions	If this property is defined, then the Launch Template’s InstanceMarketOptions will be set to use Spot instances, and the options for the Spot instances will be as defined.
userData	aws-cdk-lib.aws_ec2.UserData	The AMI that will be used by instances.
versionDescription	string	A description for the first version of the launch template.
networkInterface	INetworkInterface	The Elastic Network Interface to use.

---

associatePublicIpAddress^Optional

public readonly associatePublicIpAddress: boolean;

• Type: boolean
• Default: Use subnet settings

Whether instances should have a public IP addresses associated with them.

---

blockDevices^Optional

public readonly blockDevices: BlockDevice[];

• Type: aws-cdk-lib.aws_ec2.BlockDevice[]
• Default: Uses the block device mapping of the AMI

Specifies how block devices are exposed to the instance. You can specify virtual devices and EBS volumes.

Each instance that is launched has an associated root device volume, either an Amazon EBS volume or an instance store volume. You can use block device mappings to specify additional EBS volumes or instance store volumes to attach to an instance when it is launched.

https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/block-device-mapping-concepts.html

---

cpuCredits^Optional

public readonly cpuCredits: CpuCredits;

• Type: aws-cdk-lib.aws_ec2.CpuCredits
• Default: No credit type is specified in the Launch Template.

CPU credit type for burstable EC2 instance types.

https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/burstable-performance-instances.html

---

detailedMonitoring^Optional

public readonly detailedMonitoring: boolean;

• Type: boolean
• Default: False - Detailed monitoring is disabled.

If set to true, then detailed monitoring will be enabled on instances created with this launch template.

https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/using-cloudwatch-new.html

---

disableApiTermination^Optional

public readonly disableApiTermination: boolean;

• Type: boolean
• Default: The API termination setting is not specified in the Launch Template.

If you set this parameter to true, you cannot terminate the instances launched with this launch template using the Amazon EC2 console, CLI, or API;

otherwise, you can.

---

ebsOptimized^Optional

public readonly ebsOptimized: boolean;

• Type: boolean
• Default: EBS optimization is not specified in the launch template.

Indicates whether the instances are optimized for Amazon EBS I/O.

This optimization provides dedicated throughput to Amazon EBS and an optimized configuration stack to provide optimal Amazon EBS I/O performance. This optimization isn’t available with all instance types. Additional usage charges apply when using an EBS-optimized instance.

---

hibernationConfigured^Optional

public readonly hibernationConfigured: boolean;

• Type: boolean
• Default: Hibernation configuration is not specified in the launch template; defaulting to false.

If you set this parameter to true, the instance is enabled for hibernation.

---

httpEndpoint^Optional

public readonly httpEndpoint: boolean;

• Type: boolean
• Default: true

Enables or disables the HTTP metadata endpoint on your instances.

https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-ec2-launchtemplate-launchtemplatedata-metadataoptions.html#cfn-ec2-launchtemplate-launchtemplatedata-metadataoptions-httpendpoint

---

httpProtocolIpv6^Optional

public readonly httpProtocolIpv6: boolean;

• Type: boolean
• Default: true

Enables or disables the IPv6 endpoint for the instance metadata service.

https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-ec2-launchtemplate-launchtemplatedata-metadataoptions.html#cfn-ec2-launchtemplate-launchtemplatedata-metadataoptions-httpprotocolipv6

---

httpPutResponseHopLimit^Optional

public readonly httpPutResponseHopLimit: number;

• Type: number
• Default: 1

The desired HTTP PUT response hop limit for instance metadata requests.

The larger the number, the further instance metadata requests can travel.

https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-ec2-launchtemplate-launchtemplatedata-metadataoptions.html#cfn-ec2-launchtemplate-launchtemplatedata-metadataoptions-httpputresponsehoplimit

---

httpTokens^Optional

public readonly httpTokens: LaunchTemplateHttpTokens;

• Type: aws-cdk-lib.aws_ec2.LaunchTemplateHttpTokens
• Default: LaunchTemplateHttpTokens.OPTIONAL

The state of token usage for your instance metadata requests.

The default state is optional if not specified. However, if requireImdsv2 is true, the state must be required.

https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-ec2-launchtemplate-launchtemplatedata-metadataoptions.html#cfn-ec2-launchtemplate-launchtemplatedata-metadataoptions-httptokens

---

instanceInitiatedShutdownBehavior^Optional

public readonly instanceInitiatedShutdownBehavior: InstanceInitiatedShutdownBehavior;

• Type: aws-cdk-lib.aws_ec2.InstanceInitiatedShutdownBehavior
• Default: Shutdown behavior is not specified in the launch template; defaults to STOP.

Indicates whether an instance stops or terminates when you initiate shutdown from the instance (using the operating system command for system shutdown).

https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/terminating-instances.html#Using_ChangingInstanceInitiatedShutdownBehavior

---

instanceMetadataTags^Optional

public readonly instanceMetadataTags: boolean;

• Type: boolean
• Default: false

Set to enabled to allow access to instance tags from the instance metadata.

Set to disabled to turn off access to instance tags from the instance metadata.

https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-ec2-launchtemplate-launchtemplatedata-metadataoptions.html#cfn-ec2-launchtemplate-launchtemplatedata-metadataoptions-instancemetadatatags

---

instanceProfile^Optional

public readonly instanceProfile: IInstanceProfile;

• Type: aws-cdk-lib.aws_iam.IInstanceProfile
• Default: No instance profile

The instance profile used to pass role information to EC2 instances.

Note: You can provide an instanceProfile or a role, but not both.

---

instanceType^Optional

public readonly instanceType: InstanceType;

• Type: aws-cdk-lib.aws_ec2.InstanceType
• Default: This Launch Template does not specify a default Instance Type.

Type of instance to launch.

---

keyName^Optional

• Deprecated: - Use keyPair instead - https://docs.aws.amazon.com/cdk/api/v2/docs/aws-cdk-lib.aws_ec2-readme.html#using-an-existing-ec2-key-pair

public readonly keyName: string;

• Type: string
• Default: No SSH access will be possible.

Name of SSH keypair to grant access to instance.

---

keyPair^Optional

public readonly keyPair: IKeyPair;

• Type: aws-cdk-lib.aws_ec2.IKeyPair
• Default: No SSH access will be possible.

The SSH keypair to grant access to the instance.

---

launchTemplateName^Optional

public readonly launchTemplateName: string;

• Type: string
• Default: Automatically generated name

Name for this launch template.

---

machineImage^Optional

public readonly machineImage: IMachineImage;

• Type: aws-cdk-lib.aws_ec2.IMachineImage
• Default: This Launch Template does not specify a default AMI.

The AMI that will be used by instances.

---

nitroEnclaveEnabled^Optional

public readonly nitroEnclaveEnabled: boolean;

• Type: boolean
• Default: Enablement of Nitro enclaves is not specified in the launch template; defaulting to false.

If this parameter is set to true, the instance is enabled for AWS Nitro Enclaves;

otherwise, it is not enabled for AWS Nitro Enclaves.

---

requireImdsv2^Optional

public readonly requireImdsv2: boolean;

• Type: boolean
• Default: false

Whether IMDSv2 should be required on launched instances.

---

role^Optional

public readonly role: IRole;

• Type: aws-cdk-lib.aws_iam.IRole
• Default: No new role is created.

An IAM role to associate with the instance profile that is used by instances.

The role must be assumable by the service principal ec2.amazonaws.com. Note: You can provide an instanceProfile or a role, but not both.

---

Example

const role = new iam.Role(this, 'MyRole', {
  assumedBy: new iam.ServicePrincipal('ec2.amazonaws.com')
});

securityGroup^Optional

public readonly securityGroup: ISecurityGroup;

• Type: aws-cdk-lib.aws_ec2.ISecurityGroup
• Default: No security group is assigned.

Security group to assign to instances created with the launch template.

---

spotOptions^Optional

public readonly spotOptions: LaunchTemplateSpotOptions;

• Type: aws-cdk-lib.aws_ec2.LaunchTemplateSpotOptions
• Default: Instance launched with this template will not be spot instances.

If this property is defined, then the Launch Template’s InstanceMarketOptions will be set to use Spot instances, and the options for the Spot instances will be as defined.

---

userData^Optional

public readonly userData: UserData;

• Type: aws-cdk-lib.aws_ec2.UserData
• Default: This Launch Template creates a UserData based on the type of provided machineImage; no UserData is created if a machineImage is not provided

The AMI that will be used by instances.

---

versionDescription^Optional

public readonly versionDescription: string;

• Type: string
• Default: No description

A description for the first version of the launch template.

The version description must be maximum 255 characters long.

http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ec2-launchtemplate.html#cfn-ec2-launchtemplate-versiondescription

---

networkInterface^Required

public readonly networkInterface: INetworkInterface;

• Type: INetworkInterface

The Elastic Network Interface to use.

---

TargetOptions

Options for adding a new target group.

Initializer

import { networking } from 'shady-island'

const targetOptions: networking.TargetOptions = { ... }

Properties

Name	Type	Description
crossZoneEnabled	boolean	Indicates whether cross zone load balancing is enabled.
deregistrationDelay	aws-cdk-lib.Duration	The amount of time for Elastic Load Balancing to wait before deregistering a target.
healthCheck	aws-cdk-lib.aws_elasticloadbalancingv2.HealthCheck	Health check configuration.
ipAddressType	aws-cdk-lib.aws_elasticloadbalancingv2.TargetGroupIpAddressType	The type of IP addresses of the targets registered with the target group.
targetGroupName	string	The name of the target group.
targetType	aws-cdk-lib.aws_elasticloadbalancingv2.TargetType	The type of targets registered to this TargetGroup, either IP or Instance.
vpc	aws-cdk-lib.aws_ec2.IVpc	The virtual private cloud (VPC).
enableAnomalyMitigation	boolean	Indicates whether anomaly mitigation is enabled.
loadBalancingAlgorithmType	aws-cdk-lib.aws_elasticloadbalancingv2.TargetGroupLoadBalancingAlgorithmType	The load balancing algorithm to select targets for routing requests.
port	number	The port on which the target receives traffic.
protocol	aws-cdk-lib.aws_elasticloadbalancingv2.ApplicationProtocol	The protocol used for communication with the target.
protocolVersion	aws-cdk-lib.aws_elasticloadbalancingv2.ApplicationProtocolVersion	The protocol version to use.
slowStart	aws-cdk-lib.Duration	The time period during which the load balancer sends a newly registered target a linearly increasing share of the traffic to the target group.
stickinessCookieDuration	aws-cdk-lib.Duration	The stickiness cookie expiration period.
stickinessCookieName	string	The name of an application-based stickiness cookie.
targets	aws-cdk-lib.aws_elasticloadbalancingv2.IApplicationLoadBalancerTarget[]	The targets to add to this target group.
hostnames	string[]	The hostnames on which traffic is served.
priority	number	The priority of the listener rule.

---

crossZoneEnabled^Optional

public readonly crossZoneEnabled: boolean;

• Type: boolean
• Default: use load balancer configuration

Indicates whether cross zone load balancing is enabled.

https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-elasticloadbalancingv2-targetgroup-targetgroupattribute.html

---

deregistrationDelay^Optional

public readonly deregistrationDelay: Duration;

• Type: aws-cdk-lib.Duration
• Default: 300

The amount of time for Elastic Load Balancing to wait before deregistering a target.

The range is 0-3600 seconds.

---

healthCheck^Optional

public readonly healthCheck: HealthCheck;

• Type: aws-cdk-lib.aws_elasticloadbalancingv2.HealthCheck
• Default: The default value for each property in this configuration varies depending on the target.

Health check configuration.

https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-elasticloadbalancingv2-targetgroup.html#aws-resource-elasticloadbalancingv2-targetgroup-properties

---

ipAddressType^Optional

public readonly ipAddressType: TargetGroupIpAddressType;

• Type: aws-cdk-lib.aws_elasticloadbalancingv2.TargetGroupIpAddressType
• Default: undefined - ELB defaults to IPv4

The type of IP addresses of the targets registered with the target group.

---

targetGroupName^Optional

public readonly targetGroupName: string;

• Type: string
• Default: Automatically generated.

The name of the target group.

This name must be unique per region per account, can have a maximum of 32 characters, must contain only alphanumeric characters or hyphens, and must not begin or end with a hyphen.

---

targetType^Optional

public readonly targetType: TargetType;

• Type: aws-cdk-lib.aws_elasticloadbalancingv2.TargetType
• Default: Determined automatically.

The type of targets registered to this TargetGroup, either IP or Instance.

All targets registered into the group must be of this type. If you register targets to the TargetGroup in the CDK app, the TargetType is determined automatically.

---

vpc^Optional

public readonly vpc: IVpc;

• Type: aws-cdk-lib.aws_ec2.IVpc
• Default: undefined

The virtual private cloud (VPC).

only if TargetType is Ip or InstanceId

---

enableAnomalyMitigation^Optional

public readonly enableAnomalyMitigation: boolean;

• Type: boolean
• Default: false

Indicates whether anomaly mitigation is enabled.

Only available when loadBalancingAlgorithmType is TargetGroupLoadBalancingAlgorithmType.WEIGHTED_RANDOM

https://docs.aws.amazon.com/elasticloadbalancing/latest/application/load-balancer-target-groups.html#automatic-target-weights

---

loadBalancingAlgorithmType^Optional

public readonly loadBalancingAlgorithmType: TargetGroupLoadBalancingAlgorithmType;

• Type: aws-cdk-lib.aws_elasticloadbalancingv2.TargetGroupLoadBalancingAlgorithmType
• Default: TargetGroupLoadBalancingAlgorithmType.ROUND_ROBIN

The load balancing algorithm to select targets for routing requests.

---

port^Optional

public readonly port: number;

• Type: number
• Default: Determined from protocol if known

The port on which the target receives traffic.

This is not applicable for Lambda targets.

---

protocol^Optional

public readonly protocol: ApplicationProtocol;

• Type: aws-cdk-lib.aws_elasticloadbalancingv2.ApplicationProtocol
• Default: Determined from port if known

The protocol used for communication with the target.

This is not applicable for Lambda targets.

---

protocolVersion^Optional

public readonly protocolVersion: ApplicationProtocolVersion;

• Type: aws-cdk-lib.aws_elasticloadbalancingv2.ApplicationProtocolVersion
• Default: ApplicationProtocolVersion.HTTP1

The protocol version to use.

---

slowStart^Optional

public readonly slowStart: Duration;

• Type: aws-cdk-lib.Duration
• Default: 0

The time period during which the load balancer sends a newly registered target a linearly increasing share of the traffic to the target group.

The range is 30-900 seconds (15 minutes).

---

stickinessCookieDuration^Optional

public readonly stickinessCookieDuration: Duration;

• Type: aws-cdk-lib.Duration
• Default: Stickiness is disabled

The stickiness cookie expiration period.

Setting this value enables load balancer stickiness.

After this period, the cookie is considered stale. The minimum value is 1 second and the maximum value is 7 days (604800 seconds).

---

stickinessCookieName^Optional

public readonly stickinessCookieName: string;

• Type: string
• Default: If stickinessCookieDuration is set, a load-balancer generated cookie is used. Otherwise, no stickiness is defined.

The name of an application-based stickiness cookie.

Names that start with the following prefixes are not allowed: AWSALB, AWSALBAPP, and AWSALBTG; they’re reserved for use by the load balancer.

Note: stickinessCookieName parameter depends on the presence of stickinessCookieDuration parameter. If stickinessCookieDuration is not set, stickinessCookieName will be omitted.

https://docs.aws.amazon.com/elasticloadbalancing/latest/application/sticky-sessions.html

---

targets^Optional

public readonly targets: IApplicationLoadBalancerTarget[];

• Type: aws-cdk-lib.aws_elasticloadbalancingv2.IApplicationLoadBalancerTarget[]
• Default: No targets.

The targets to add to this target group.

Can be Instance, IPAddress, or any self-registering load balancing target. If you use either Instance or IPAddress as targets, all target must be of the same type.

---

hostnames^Optional

public readonly hostnames: string[];

• Type: string[]

The hostnames on which traffic is served.

---

priority^Optional

public readonly priority: number;

• Type: number
• Default: Automatically determined

The priority of the listener rule.

---

WebLoadBalancingProps

Constructor properties for WebLoadBalancing.

Initializer

import { networking } from 'shady-island'

const webLoadBalancingProps: networking.WebLoadBalancingProps = { ... }

Properties

Name	Type	Description
certificates	aws-cdk-lib.aws_certificatemanager.ICertificate[]	The certificate to attach to the load balancer and CloudFront distribution.
vpc	aws-cdk-lib.aws_ec2.IVpc	The VPC where these resources should be deployed.
idleTimeout	aws-cdk-lib.Duration	The load balancer idle timeout, in seconds.
ipAddressType	aws-cdk-lib.aws_elasticloadbalancingv2.IpAddressType	The type of IP addresses to use (IPv4 or Dual Stack).
requireKnownHostname	boolean	Forbid requests that ask for an unknown hostname.
requireSecretHeader	boolean	Forbid requests that are missing an HTTP header with a specific value.
secretHeaderName	string	The name of the secret HTTP header.
securityGroup	aws-cdk-lib.aws_ec2.ISecurityGroup	A security group for the load balancer itself.

---

certificates^Required

public readonly certificates: ICertificate[];

• Type: aws-cdk-lib.aws_certificatemanager.ICertificate[]

The certificate to attach to the load balancer and CloudFront distribution.

---

vpc^Required

public readonly vpc: IVpc;

• Type: aws-cdk-lib.aws_ec2.IVpc

The VPC where these resources should be deployed.

---

idleTimeout^Optional

public readonly idleTimeout: Duration;

• Type: aws-cdk-lib.Duration
• Default: 59 seconds

The load balancer idle timeout, in seconds.

If you have a reverse proxy in front of this load balancer, such as CloudFront, this number should be less than the reverse proxy’s request timeout.

---

ipAddressType^Optional

public readonly ipAddressType: IpAddressType;

• Type: aws-cdk-lib.aws_elasticloadbalancingv2.IpAddressType
• Default: IPv4 only

The type of IP addresses to use (IPv4 or Dual Stack).

---

requireKnownHostname^Optional

public readonly requireKnownHostname: boolean;

• Type: boolean
• Default: false

Forbid requests that ask for an unknown hostname.

Requests for an unknown hostname will receive an HTTP 421 status response.

---

requireSecretHeader^Optional

public readonly requireSecretHeader: boolean;

• Type: boolean
• Default: false

Forbid requests that are missing an HTTP header with a specific value.

If this option is set to true, this construct will provide a new SecretHttpHeader accessible on the secretHeader property.

Requests without the correct header name and value will receive an HTTP 421 status response.

---

secretHeaderName^Optional

public readonly secretHeaderName: string;

• Type: string
• Default: X-Secret-Passphrase

The name of the secret HTTP header.

Providing this option implies that requireSecretHeader is true.

---

securityGroup^Optional

public readonly securityGroup: ISecurityGroup;

• Type: aws-cdk-lib.aws_ec2.ISecurityGroup
• Default: A new security group will be created

A security group for the load balancer itself.

---

Classes

Address

An IPv4 or IPv6 address (or range of addresses).

Methods

Name	Description
isAny	Whether this address represents everything in the addressing space.
isIpv4	Whether this address is an IPv4 address.
isIpv6	Whether this address is an IPv6 address.
toString	No description.

---

isAny

public isAny(): boolean

Whether this address represents everything in the addressing space.

isIpv4

public isIpv4(): boolean

Whether this address is an IPv4 address.

isIpv6

public isIpv6(): boolean

Whether this address is an IPv6 address.

toString

public toString(): string

Static Functions

Name	Description
anyIpv4	Creates an address that represents the entire IPv4 addressing space.
anyIpv6	Creates an address that represents the entire IPv4 addressing space.
ipv4	Creates an IPv4 network address (either a single address or a range).
ipv6	Creates an IPv6 network address (either a single address or a range).

---

anyIpv4

import { networking } from 'shady-island'

networking.Address.anyIpv4()

Creates an address that represents the entire IPv4 addressing space.

anyIpv6

import { networking } from 'shady-island'

networking.Address.anyIpv6()

Creates an address that represents the entire IPv4 addressing space.

ipv4

import { networking } from 'shady-island'

networking.Address.ipv4(address: string)

Creates an IPv4 network address (either a single address or a range).

address^Required

• Type: string

The IP address (with optional netmask).

---

ipv6

import { networking } from 'shady-island'

networking.Address.ipv6(address: string)

Creates an IPv6 network address (either a single address or a range).

address^Required

• Type: string

The IP address (with optional prefix length).

---

AddressingV4

Used to assign IPv4 addresses to a Network Interface.

Static Functions

Name	Description
prefixCount	Specify a number of IPv4 delegated prefixes to automatically assign.
prefixes	Specify one or more IPv4 delegated prefixes to assign.
privateAddress	Specify a private IPv4 address.
privateAddressAndSecondaryCount	Specify a primary IPv4 address and a number of secondary addresses.
privateAddresses	Specify a primary IPv4 address and one or more secondary IPv4 addresses.

---

prefixCount

import { networking } from 'shady-island'

networking.AddressingV4.prefixCount(count: number)

Specify a number of IPv4 delegated prefixes to automatically assign.

count^Required

• Type: number

The number of automatic IPv4 delegated prefixes.

---

prefixes

import { networking } from 'shady-island'

networking.AddressingV4.prefixes(prefixes: string[])

Specify one or more IPv4 delegated prefixes to assign.

IPv4 prefixes must be within a CIDR of /28.

prefixes^Required

• Type: string[]

The IPv4 delegated prefixes.

---

privateAddress

import { networking } from 'shady-island'

networking.AddressingV4.privateAddress(ip: string)

Specify a private IPv4 address.

ip^Required

• Type: string

The actual IP address.

---

privateAddressAndSecondaryCount

import { networking } from 'shady-island'

networking.AddressingV4.privateAddressAndSecondaryCount(primary: string, count: number)

Specify a primary IPv4 address and a number of secondary addresses.

primary^Required

• Type: string

The primary address.

---

count^Required

• Type: number

The number of secondary addresses.

---

privateAddresses

import { networking } from 'shady-island'

networking.AddressingV4.privateAddresses(primary: string, secondary: ...string[])

Specify a primary IPv4 address and one or more secondary IPv4 addresses.

primary^Required

• Type: string

The primary address.

---

secondary^Required

• Type: …string[]

Any secondary addresses.

---

Properties

Name	Type	Description
props	{[ key: string ]: any}	No description.

---

props^Required

public readonly props: {[ key: string ]: any};

• Type: {[ key: string ]: any}

---

AddressingV6

Used to assign IPv6 addresses to a Network Interface.

Static Functions

Name	Description
addressCount	Specify a number of IPv6 addresses to automatically assign.
addresses	Specify one or more IPv6 addresses to assign.
prefixCount	Specify a number of IPv6 delegated prefixes to automatically assign.
prefixes	Specify one or more IPv6 delegated prefixes to assign.

---

addressCount

import { networking } from 'shady-island'

networking.AddressingV6.addressCount(count: number, enablePrimary?: boolean)

Specify a number of IPv6 addresses to automatically assign.

count^Required

• Type: number

The number of automatic IPv6 addresses.

---

enablePrimary^Optional

• Type: boolean

Whether to enable a primary IPv6 GUA (default: no).

---

addresses

import { networking } from 'shady-island'

networking.AddressingV6.addresses(ips: string[], enablePrimary?: boolean)

Specify one or more IPv6 addresses to assign.

ips^Required

• Type: string[]

The IPv6 addresses.

---

enablePrimary^Optional

• Type: boolean

Whether to enable a primary IPv6 GUA (default: no).

---

prefixCount

import { networking } from 'shady-island'

networking.AddressingV6.prefixCount(count: number, enablePrimary?: boolean)

Specify a number of IPv6 delegated prefixes to automatically assign.

count^Required

• Type: number

The number of automatic IPv6 delegated prefixes.

---

enablePrimary^Optional

• Type: boolean

Whether to enable a primary IPv6 GUA (default: no).

---

prefixes

import { networking } from 'shady-island'

networking.AddressingV6.prefixes(prefixes: string[], enablePrimary?: boolean)

Specify one or more IPv6 delegated prefixes to assign.

IPv6 prefixes must be within a CIDR of /80.

prefixes^Required

• Type: string[]

The IPv6 delegated prefixes.

---

enablePrimary^Optional

• Type: boolean

Whether to enable a primary IPv6 GUA (default: no).

---

Properties

Name	Type	Description
props	{[ key: string ]: any}	No description.

---

props^Required

public readonly props: {[ key: string ]: any};

• Type: {[ key: string ]: any}

---

Protocols

IDomain

• Extends: constructs.IConstruct

• Implemented By: BaseDomain, CrossAccountDelegationDomain, DelegationDomain, ExistingZoneDomain, IDomain

A DNS domain and its wildcard X.509 certificate.

Properties

Name	Type	Description
node	constructs.Node	The tree node.
certificate	aws-cdk-lib.aws_certificatemanager.ICertificate	The wildcard certificate for resources in this domain.
hostedZone	aws-cdk-lib.aws_route53.IHostedZone	The hosted zone that contains records for this domain.
name	string	The fully-qualified domain name of the hosted zone.

---

node^Required

public readonly node: Node;

• Type: constructs.Node

The tree node.

---

certificate^Required

public readonly certificate: ICertificate;

• Type: aws-cdk-lib.aws_certificatemanager.ICertificate

The wildcard certificate for resources in this domain.

---

hostedZone^Required

public readonly hostedZone: IHostedZone;

• Type: aws-cdk-lib.aws_route53.IHostedZone

The hosted zone that contains records for this domain.

---

name^Required

public readonly name: string;

• Type: string

The fully-qualified domain name of the hosted zone.

---

IElasticIp

• Extends: aws-cdk-lib.IResource

• Implemented By: ElasticIp, IElasticIp

An EC2 Elastic IP address.

Methods

Name	Description
grant	Grant the given identity custom permissions.

---

grant

public grant(identity: IGrantable, actions: ...string[]): Grant

Grant the given identity custom permissions.

e.g. ec2:AssociateAddress, ec2:DisableAddressTransfer, ec2:DisassociateAddress, ec2:EnableAddressTransfer, among others.

identity^Required

• Type: aws-cdk-lib.aws_iam.IGrantable

The resource with a grantPrincipal property.

---

actions^Required

• Type: …string[]

The IAM actions to allow.

---

Properties

Name	Type	Description
node	constructs.Node	The tree node.
env	aws-cdk-lib.ResourceEnvironment	The environment this resource belongs to.
stack	aws-cdk-lib.Stack	The stack in which this resource is defined.
allocationId	string	The allocation ID of the Elastic IP address.
elasticIpArn	string	The ARN of the Elastic IP address.

---

node^Required

public readonly node: Node;

• Type: constructs.Node

The tree node.

---

env^Required

public readonly env: ResourceEnvironment;

• Type: aws-cdk-lib.ResourceEnvironment

The environment this resource belongs to.

For resources that are created and managed by the CDK (generally, those created by creating new class instances like Role, Bucket, etc.), this is always the same as the environment of the stack they belong to; however, for imported resources (those obtained from static methods like fromRoleArn, fromBucketName, etc.), that might be different than the stack they were imported into.

---

stack^Required

public readonly stack: Stack;

• Type: aws-cdk-lib.Stack

The stack in which this resource is defined.

---

allocationId^Required

public readonly allocationId: string;

• Type: string

The allocation ID of the Elastic IP address.

---

elasticIpArn^Required

public readonly elasticIpArn: string;

• Type: string

The ARN of the Elastic IP address.

---

INetworkInterface

• Extends: constructs.IConstruct, aws-cdk-lib.aws_ec2.IConnectable

• Implemented By: NetworkInterface, INetworkInterface

An Elastic Network Interface.

Properties

Name	Type	Description
node	constructs.Node	The tree node.
connections	aws-cdk-lib.aws_ec2.Connections	The network connections associated with this resource.
networkInterfaceId	string	The ID of this Network Interface.
subnet	aws-cdk-lib.aws_ec2.ISubnet	The subnet of this Network Interface.

---

node^Required

public readonly node: Node;

• Type: constructs.Node

The tree node.

---

connections^Required

public readonly connections: Connections;

• Type: aws-cdk-lib.aws_ec2.Connections

The network connections associated with this resource.

---

networkInterfaceId^Required

public readonly networkInterfaceId: string;

• Type: string

The ID of this Network Interface.

---

subnet^Required

public readonly subnet: ISubnet;

• Type: aws-cdk-lib.aws_ec2.ISubnet

The subnet of this Network Interface.

---

ISecretHttpHeader

• Extends: constructs.IConstruct

• Implemented By: SecretHttpHeader, ISecretHttpHeader

Interface for SecretHttpHeader.

Methods

Name	Description
createListenerCondition	Get a ListenerCondition that represents this secret header.
createOriginCustomHeaders	Gets the custom headers for a CloudFront origin configuration.

---

createListenerCondition

public createListenerCondition(): ListenerCondition

Get a ListenerCondition that represents this secret header.

createOriginCustomHeaders

public createOriginCustomHeaders(): {[ key: string ]: string}

Gets the custom headers for a CloudFront origin configuration.

Properties

Name	Type	Description
node	constructs.Node	The tree node.
headerName	string	The name of the secret header.
headerValue	aws-cdk-lib.SecretValue	The value of the secret header.

---

node^Required

public readonly node: Node;

• Type: constructs.Node

The tree node.

---

headerName^Required

public readonly headerName: string;

• Type: string

The name of the secret header.

---

headerValue^Required

public readonly headerValue: SecretValue;

• Type: aws-cdk-lib.SecretValue

The value of the secret header.

---

Enums

InterfaceType

The type of Network Interface.

Members

Name	Description
INTERFACE	A standard ENI.
EFA	An Elastic Fabric Adapter ENI.
TRUNK	An ENI for use with ECS awsvpc trunking.

---

INTERFACE

A standard ENI.

---

EFA

An Elastic Fabric Adapter ENI.

---

TRUNK

An ENI for use with ECS awsvpc trunking.

---