servers Submodule

Constructs

UbuntuLinuxBastion

A bastion host running Ubuntu GNU/Linux with an instance firewall.

This construct produces an Auto-Scaling Group and corresponding launch template. The ASG has a minimum of zero instances and a maximum of one. Instances launched will be placed in a public subnet of the VPC.

Initializers 

import { servers } from 'shady-island'

new servers.UbuntuLinuxBastion(scope: Construct, id: string, props: UbuntuLinuxBastionProps)
Name Type Description
scope constructs.Construct - The scope in which to define this construct.
id string - The scoped construct ID.
props UbuntuLinuxBastionProps - Initialization properties for this construct.
scopeRequired

The scope in which to define this construct.

idRequired

The scoped construct ID.

propsRequired

Initialization properties for this construct.

Methods

Name Description
toString Returns a string representation of this construct.
allowSshAccessFrom Allow SSH access from the given peer or peers.
toString 
public toString(): string

Returns a string representation of this construct.

allowSshAccessFrom 
public allowSshAccessFrom(peer: ...IPeer[]): void

Allow SSH access from the given peer or peers.

peerRequired

The peer or peers to allow.

Static Functions

Name Description
isConstruct Checks if x is a construct.
isConstruct 
import { servers } from 'shady-island'

servers.UbuntuLinuxBastion.isConstruct(x: any)

Checks if x is a construct.

Use this method instead of instanceof to properly detect Construct instances, even when the construct library is symlinked.

Explanation: in JavaScript, multiple copies of the constructs library on disk are seen as independent, completely different libraries. As a consequence, the class Construct in each copy of the constructs library is seen as a different class, and an instance of one class will not test as instanceof the other class. npm install will not create installations like this, but users may manually symlink construct libraries together or use a monorepo tool: in those cases, multiple copies of the constructs library can be accidentally installed, and instanceof will behave unpredictably. It is safest to avoid using instanceof, and using this type-testing method instead.

xRequired

Any object.

Properties

Name Type Description
node constructs.Node The tree node.
autoScalingGroup aws-cdk-lib.aws_autoscaling.AutoScalingGroup The auto-scaling group for this bastion.
connections aws-cdk-lib.aws_ec2.Connections The network connections associated with this resource.
firewall shady-island.configuration.IFirewallRules The instance firewall rules.
grantPrincipal aws-cdk-lib.aws_iam.IPrincipal The principal to grant permissions to.
nodeRequired 
public readonly node: Node;

The tree node.

autoScalingGroupRequired 
public readonly autoScalingGroup: AutoScalingGroup;

The auto-scaling group for this bastion.

connectionsRequired 
public readonly connections: Connections;

The network connections associated with this resource.

firewallRequired 
public readonly firewall: IFirewallRules;

The instance firewall rules.

grantPrincipalRequired 
public readonly grantPrincipal: IPrincipal;

The principal to grant permissions to.

Structs

CustomDomainOptions

Options for DNS record updates when the instance launches.

Initializer 

import { servers } from 'shady-island'

const customDomainOptions: servers.CustomDomainOptions = { ... }

Properties

Name Type Description
hostedZone aws-cdk-lib.aws_route53.IHostedZone The Route 53 hosted zone where the record is upserted.
subdomain string The subdomain for the record (e.g. bastion, ssh, jump).
hostedZoneRequired 
public readonly hostedZone: IHostedZone;

The Route 53 hosted zone where the record is upserted.

subdomainRequired 
public readonly subdomain: string;

The subdomain for the record (e.g. bastion, ssh, jump).

ElasticFileSystemMount

The details for a single EFS mount.

Initializer 

import { servers } from 'shady-island'

const elasticFileSystemMount: servers.ElasticFileSystemMount = { ... }

Properties

Name Type Description
directory string The path where the NFS volume should be mounted.
fileSystem aws-cdk-lib.aws_efs.IFileSystem The EFS filesystem to mount.
directoryRequired 
public readonly directory: string;

The path where the NFS volume should be mounted.

fileSystemRequired 
public readonly fileSystem: IFileSystem;

The EFS filesystem to mount.

UbuntuLinuxBastionProps

Properties for the UbuntuLinuxBastion constructor.

Initializer 

import { servers } from 'shady-island'

const ubuntuLinuxBastionProps: servers.UbuntuLinuxBastionProps = { ... }

Properties

Name Type Description
vpc aws-cdk-lib.aws_ec2.IVpc The VPC where the bastion will reside.
aptPackages string[] An array of APT package names to install.
aptRepositories string[] The names of repositories to enable using apt-add-repository.
architecture aws-cdk-lib.aws_ec2.InstanceArchitecture The CPU architecture for the bastion.
customDomain CustomDomainOptions The options for creating DNS records upon launch.
enableIpv6 boolean Whether to enable IPv6.
fileSystems ElasticFileSystemMount[] The Elastic Filesystems to mount.
installAwsCli boolean Whether to install the AWS CLI Snap package.
instanceType aws-cdk-lib.aws_ec2.InstanceType The instance type for the bastion.
keyPair aws-cdk-lib.aws_ec2.IKeyPair The key pair to use for this instance.
role aws-cdk-lib.aws_iam.IRole The instance role (the trust policy must permit ec2.amazonaws.com).
secrets {[ key: string ]: aws-cdk-lib.aws_secretsmanager.ISecret} The secrets containing database credentials.
securityGroup aws-cdk-lib.aws_ec2.ISecurityGroup The security group to attach to the bastion instance.
ubuntuVersion string The version of Ubuntu to use.
volumeSize number The size in gibibytes (GiB) of the primary disk volume.
vpcRequired 
public readonly vpc: IVpc;

The VPC where the bastion will reside.

aptPackagesOptional 
public readonly aptPackages: string[];

An array of APT package names to install.

If you supply any Elastic Filesystems to mount, this construct will also install the “nfs-common” package.

aptRepositoriesOptional 
public readonly aptRepositories: string[];

The names of repositories to enable using apt-add-repository.

e.g. ppa:redislabs/redis

architectureOptional 
public readonly architecture: InstanceArchitecture;

The CPU architecture for the bastion.

customDomainOptional 
public readonly customDomain: CustomDomainOptions;

The options for creating DNS records upon launch.

enableIpv6Optional 
public readonly enableIpv6: boolean;

Whether to enable IPv6.

fileSystemsOptional 
public readonly fileSystems: ElasticFileSystemMount[];

The Elastic Filesystems to mount.

installAwsCliOptional 
public readonly installAwsCli: boolean;

Whether to install the AWS CLI Snap package.

instanceTypeOptional 
public readonly instanceType: InstanceType;

The instance type for the bastion.

keyPairOptional 
public readonly keyPair: IKeyPair;

The key pair to use for this instance.

roleOptional 
public readonly role: IRole;

The instance role (the trust policy must permit ec2.amazonaws.com).

secretsOptional 
public readonly secrets: {[ key: string ]: ISecret};

The secrets containing database credentials.

The key of the object corresponds to the filename in /run/secrets.

securityGroupOptional 
public readonly securityGroup: ISecurityGroup;

The security group to attach to the bastion instance.

ubuntuVersionOptional 
public readonly ubuntuVersion: string;

The version of Ubuntu to use.

volumeSizeOptional 
public readonly volumeSize: number;

The size in gibibytes (GiB) of the primary disk volume.