{"id":18498777,"url":"https://github.com/smallcase/cdk-vpc-module","last_synced_at":"2025-12-16T13:03:07.765Z","repository":{"id":41829913,"uuid":"485344178","full_name":"smallcase/cdk-vpc-module","owner":"smallcase","description":null,"archived":false,"fork":false,"pushed_at":"2025-12-03T11:23:41.000Z","size":420,"stargazers_count":8,"open_issues_count":3,"forks_count":0,"subscribers_count":3,"default_branch":"main","last_synced_at":"2025-12-06T14:50:49.890Z","etag":null,"topics":[],"latest_commit_sha":null,"homepage":null,"language":"TypeScript","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"apache-2.0","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/smallcase.png","metadata":{"files":{"readme":"README.md","changelog":"CHANGELOG.md","contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":".github/CODEOWNERS","security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null,"zenodo":null,"notice":null,"maintainers":null,"copyright":null,"agents":null,"dco":null,"cla":null}},"created_at":"2022-04-25T11:32:31.000Z","updated_at":"2025-12-03T11:20:55.000Z","dependencies_parsed_at":"2024-09-24T17:37:39.740Z","dependency_job_id":"4d186be9-945c-4c37-ad71-754d6f807b01","html_url":"https://github.com/smallcase/cdk-vpc-module","commit_stats":{"total_commits":15,"total_committers":5,"mean_commits":3.0,"dds":"0.33333333333333337","last_synced_commit":"20721c3cd5eba35a33fb652f8e5748cfb4b8baa4"},"previous_names":[],"tags_count":23,"template":false,"template_full_name":null,"purl":"pkg:github/smallcase/cdk-vpc-module","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/smallcase%2Fcdk-vpc-module","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/smallcase%2Fcdk-vpc-module/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/smallcase%2Fcdk-vpc-module/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/smallcase%2Fcdk-vpc-module/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/smallcase","download_url":"https://codeload.github.com/smallcase/cdk-vpc-module/tar.gz/refs/heads/main","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/smallcase%2Fcdk-vpc-module/sbom","scorecard":null,"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":286080680,"owners_count":27764777,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","status":"online","status_checked_at":"2025-12-16T02:00:10.477Z","response_time":57,"last_error":null,"robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":true,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":[],"created_at":"2024-11-06T13:42:33.796Z","updated_at":"2025-12-16T13:03:07.759Z","avatar_url":"https://github.com/smallcase.png","language":"TypeScript","readme":"# cdk-vpc-module\ncdk-vpc-module construct library is an open-source extension of the AWS Cloud Development Kit (AWS CDK) to deploy configurable aws vpc and its individual components in less than 50 lines of code and human readable configuration which can be managed by pull requests!\n\n## :sparkles: Features\n\n- :white_check_mark: Option to configure custom IPv4 CIDR(10.10.0.0/24)\n- :white_check_mark: VPC Peering with route table entry\n- :white_check_mark: Configurable NACL as per subnet group\n- :white_check_mark: NATGateway as per availabilityZones\n\n\nUsing cdk a vpc can be deployed using the following sample code snippet:\n```typescript\nimport { Network } from \"@smallcase/cdk-vpc-module/lib/constructs/network\";\nimport { aws_ec2 as ec2, App, Stack, StackProps } from \"aws-cdk-lib\";\nimport { Construct } from \"constructs\";\n\nexport class VPCStack extends Stack {\n constructor(scope: Construct, id: string, props: StackProps = {}) {\n const s3EndpointIamPermission = new iam.PolicyStatement({\n actions: [\"s3:*\"],\n resources: ['arn:aws:s3:::*'],\n principals: [new iam.AnyPrincipal()],\n })\n const monitoringEndpointIamPermission = new iam.PolicyStatement({\n actions: [\"*\"],\n resources: ['*'],\n principals: [new iam.AnyPrincipal()],\n })\n super(scope, id, props);\n new Network(this, 'NETWORK', {\n vpc: {\n cidr: '10.10.0.0/16',\n subnetConfiguration: [],\n },\n peeringConfigs: {\n \"TEST-PEERING\": { // this key will be used as your peering id, which you will have to mention below when you configure a route table for your subnets\n peeringVpcId: \"vpc-0000\",\n tags: {\n \"Name\": \"TEST-PEERING to CREATED-VPC\",\n \"Description\": \"Connect\"\n }\n }\n },\n subnets: [\n {\n subnetGroupName: 'NATGateway',\n subnetType: ec2.SubnetType.PUBLIC,\n cidrBlock: ['10.10.0.0/28', '10.10.0.16/28', '10.10.0.32/28'],\n availabilityZones: ['ap-south-1a', 'ap-south-1b', 'ap-south-1c'],\n ingressNetworkACL: [\n {\n cidr: ec2.AclCidr.ipv4('0.0.0.0/0'),\n traffic: ec2.AclTraffic.allTraffic(),\n },\n ],\n routes: [\n ],\n egressNetworkACL: [\n {\n cidr: ec2.AclCidr.ipv4('0.0.0.0/0'),\n traffic: ec2.AclTraffic.allTraffic(),\n },\n ],\n },\n {\n subnetGroupName: 'Public',\n subnetType: ec2.SubnetType.PUBLIC,\n cidrBlock: ['10.10.2.0/24', '10.10.3.0/24', '10.10.4.0/24'],\n availabilityZones: ['ap-south-1a', 'ap-south-1b', 'ap-south-1c'],\n ingressNetworkACL: [\n {\n cidr: ec2.AclCidr.ipv4('0.0.0.0/0'),\n traffic: ec2.AclTraffic.allTraffic(),\n },\n ],\n egressNetworkACL: [\n {\n cidr: ec2.AclCidr.ipv4('0.0.0.0/0'),\n traffic: ec2.AclTraffic.allTraffic(),\n },\n ],\n routes: [\n ],\n tags: {\n // if you use this vpc for your eks cluster, you have to tag your subnets [read more](https://aws.amazon.com/premiumsupport/knowledge-center/eks-vpc-subnet-discovery/)\n 'kubernetes.io/role/elb': '1',\n 'kubernetes.io/cluster/TEST-CLUSTER': 'owned',\n },\n },\n {\n subnetGroupName: 'Private',\n subnetType: ec2.SubnetType.PRIVATE_WITH_NAT,\n cidrBlock: ['10.10.5.0/24', '10.10.6.0/24', '10.10.7.0/24'],\n availabilityZones: ['ap-south-1a', 'ap-south-1b', 'ap-south-1c'],\n ingressNetworkACL: [\n {\n cidr: ec2.AclCidr.ipv4('0.0.0.0/0'),\n traffic: ec2.AclTraffic.allTraffic(),\n },\n ],\n egressNetworkACL: [\n {\n cidr: ec2.AclCidr.ipv4('0.0.0.0/0'),\n traffic: ec2.AclTraffic.allTraffic(),\n },\n\n ],\n routes: [\n {\n // if you use this vpc for your eks cluster, you have to tag your subnets [read more](https://aws.amazon.com/premiumsupport/knowledge-center/eks-vpc-subnet-discovery/)\n routerType: ec2.RouterType.VPC_PEERING_CONNECTION,\n destinationCidrBlock: \"\u003cdestinationCidrBlock\u003e\",\n //\u003cYour VPC PeeringConfig KEY, in this example TEST-PEERING will be your ID\u003e\n existingVpcPeeringRouteKey: \"TEST-PEERING\"\n }\n ],\n tags: {\n 'kubernetes.io/role/internal-elb': '1',\n 'kubernetes.io/cluster/TEST-CLUSTER': 'owned',\n },\n },\n {\n subnetGroupName: 'Database',\n subnetType: ec2.SubnetType.PRIVATE_WITH_NAT,\n cidrBlock: ['10.10.14.0/27', '10.10.14.32/27', '10.10.14.64/27'],\n availabilityZones: ['ap-south-1a', 'ap-south-1b', 'ap-south-1c'],\n ingressNetworkACL: [\n {\n cidr: ec2.AclCidr.ipv4('0.0.0.0/0'),\n traffic: ec2.AclTraffic.allTraffic(),\n },\n ],\n egressNetworkACL: [\n {\n cidr: ec2.AclCidr.ipv4('0.0.0.0/0'),\n traffic: ec2.AclTraffic.allTraffic(),\n },\n ],\n routes: [\n ],\n tags: {\n },\n },\n ],\n vpcEndpoints: [\n {\n name: \"s3-gw\",\n service: ec2.GatewayVpcEndpointAwsService.S3,\n subnetGroupNames: [\"Private\",\"Database\"],\n externalSubnets: [\n {\n id: \"subnet-\u003cid\u003e\",\n availabilityZone: \"ap-south-1a\",\n routeTableId: \"rtb-\u003cid\u003e\"\n },\n {\n id: \"subnet-\u003cid\u003e\",\n availabilityZone: \"ap-south-1b\",\n routeTableId: \"rtb-\u003cid\u003e\"\n }\n ],\n iamPolicyStatements: [s3EndpointIamPermission]\n },\n {\n name: \"da-stag-monitoring-vpe\",\n service: ec2.InterfaceVpcEndpointAwsService.CLOUDWATCH_MONITORING,\n subnetGroupNames: [\"ManageServicePrivate\"],\n iamPolicyStatements: [monitoringEndpointIamPermission],\n securityGroupRules: [\n {\n peer: ec2.Peer.ipv4(\"10.10.0.0/16\"),\n port: ec2.Port.tcp(443),\n description: \"From Test VPC\"\n }\n ],\n },\n ]\n });\n }\n}\nconst envDef = {\n account: '\u003cAWS-ID\u003e',\n region: '\u003cAWS-REGION\u003e',\n};\n\nconst app = new App();\n\nnew VPCStack(app, 'TEST', {\n env: envDef,\n terminationProtection: true,\n tags: {\n});\napp.synth();\n```\nPlease refer [here](/API.md) to check how to use individual resource constructs.\n\n## :clapper: Quick Start\n\nThe quick start shows you how to create an **AWS-VPC** using this module.\n\n### Prerequisites\n\n- A working [`aws`](https://aws.amazon.com/cli/) CLI installation with access to an account and administrator privileges\n- You'll need a recent [NodeJS](https://nodejs.org) installation\n\nTo get going you'll need a CDK project. For details please refer to the [detailed guide for CDK](https://docs.aws.amazon.com/cdk/latest/guide/hello_world.html).\n\nCreate an empty directory on your system.\n\n```bash\nmkdir aws-quick-start-vpc \u0026\u0026 cd aws-quick-start-vpc\n```\n\nBootstrap your CDK project, we will use TypeScript, but you can switch to any other supported language.\n\n```bash\nnpx cdk init sample-vpc --language typescript\nnpx cdk bootstrap \n```\n\nInstall using NPM:\n```\nnpm install @smallcase/cdk-vpc-module\n```\nUsing yarn\n```\nyarn add @smallcase/cdk-vpc-module\n```\n\nCheck the changed which are to be deployed\n```bash\n~ -\u003e npx cdk diff\n```\n\nDeploy using\n```bash\n~ -\u003e npx cdk deploy\n```\n\n\nFeatures\nMultiple VPC Endpoints: Define and manage multiple VPC Endpoints in one configuration.\nFlexible Subnet Selection: Attach VPC Endpoints to multiple subnet groups or external subnets.\nCustom Security Groups: Configure security groups for Interface VPC Endpoints.\nIAM Policies: Attach custom IAM policies to control access to the VPC Endpoints.\nTagging: Apply custom tags to each VPC Endpoint.\n\nDefining VPC Endpoints Configuration\nYou can define multiple VPC Endpoints in the vpcEndpoints: [] configuration array. Each VPC Endpoint can be customized with different subnet groups, IAM policies, security group rules, and tags.\n```\nvpcEndpoints: [\n {\n name: \"test-s3-gw\",\n service: ec2.GatewayVpcEndpointAwsService.S3,\n subnetGroupNames: [\"ManageServicePrivate\", \"ToolPrivate\", \"Database\"], // Subnet groups for the endpoint\n externalSubnets: [\n {\n id: \"subnet-\u003cid\u003e\",\n availabilityZone: \"ap-south-1a\",\n routeTableId: \"rtb-\u003cid\u003e\",\n },\n {\n id: \"subnet-\u003cid\u003e\",\n availabilityZone: \"ap-south-1b\",\n routeTableId: \"rtb-\u003cid\u003e\",\n }\n ],\n iamPolicyStatements: [s3EndpointIamPermission], // Custom IAM policy for the endpoint\n },\n {\n name: \"DynamoDbGatewayEndpoint\",\n service: ec2.GatewayVpcEndpointAwsService.DYNAMODB,\n subnetGroupNames: [\"private-subnet\"],\n additionalTags: {\n Environment: \"Staging\",\n },\n },\n],\n```\nIn this example:\n\nThe S3 Gateway Endpoint is created in three subnet groups: ManageServicePrivate, ToolPrivate, and Database.\nExternal subnets are specified with their IDs, availability zones, and route table IDs for the S3 endpoint.\nA custom IAM policy (s3EndpointIamPermission) is attached to control access to the S3 endpoint.\nA DynamoDB Gateway Endpoint is created in the private-subnet with additional tags specifying the environment and ownership.\n\nConfiguration Options\nHere’s a breakdown of the configuration options available:\n1. name: A unique name for the VPC Endpoint.\n2. service: The AWS service the VPC Endpoint connects to (e.g., S3, DynamoDB, Secrets Manager)\n3. subnetGroupNames: The subnet group names where the VPC Endpoint will be deployed.\n4. externalSubnets: Specify external subnets if you need to define subnets manually (each with an id, availabilityZone, and routeTableId).\n5. iamPolicyStatements: (Optional) Attach IAM policy statements to control access to the endpoint.\n6. additionalTags: (Optional) Add custom tags to the VPC Endpoint for easier identification and tracking.\n\n\n\n- :white_check_mark: Configurable route table entry naming for subnet routes via `routeTableStringFormat`","funding_links":[],"categories":[],"sub_categories":[],"project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fsmallcase%2Fcdk-vpc-module","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fsmallcase%2Fcdk-vpc-module","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fsmallcase%2Fcdk-vpc-module/lists"}