npm package discovery and stats viewer.

Discover Tips

  • General search

    [free text search, go nuts!]

  • Package details

    pkg:[package-name]

  • User packages

    @[username]

Sponsor

Optimize Toolset

I’ve always been into building performant and accessible sites, but lately I’ve been taking it extremely seriously. So much so that I’ve been building a tool to help me optimize and monitor the sites that I build to make sure that I’m making an attempt to offer the best experience to those who visit them. If you’re into performant, accessible and SEO friendly sites, you might like it too! You can check it out at Optimize Toolset.

About

Hi, 👋, I’m Ryan Hefner  and I built this site for me, and you! The goal of this site was to provide an easy way for me to check the stats on my npm packages, both for prioritizing issues and updates, and to give me a little kick in the pants to keep up on stuff.

As I was building it, I realized that I was actually using the tool to build the tool, and figured I might as well put this out there and hopefully others will find it to be a fast and useful way to search and browse npm packages as I have.

If you’re interested in other things I’m working on, follow me on Twitter or check out the open source projects I’ve been publishing on GitHub.

I am also working on a Twitter bot for this site to tweet the most popular, newest, random packages from npm. Please follow that account now and it will start sending out packages soon–ish.

Open Software & Tools

This site wouldn’t be possible without the immense generosity and tireless efforts from the people who make contributions to the world and share their work via open source initiatives. Thank you 🙏

© 2025 – Pkg Stats / Ryan Hefner

cdk-vpclattice-alpha

v0.0.9

Published

A CDK L2 Construct Library for VPCLattice

Downloads

172

Vulnerabilities

Powered byPowered by Snyk
  • 0High
  • 0Medium
  • 0Low

Links

Git

Maintainers

clopcaclopca

Keywords

aws-cdkcdkvpclattice

Readme

AWS VPC Lattice Construct Library

cdk-constructs: Experimental

The APIs of higher level constructs in this module are experimental and under active development. They are subject to non-backward compatible changes or removal in any future version. These are not subject to the Semantic Versioning model and breaking changes will be announced in the release notes. This means that while you may use them, you may need to update your source code when upgrading to a newer version of this package.

This module is part of the AWS Cloud Development Kit project.

import * as vpclattice from '@aws-cdk/aws-vpclattice-alpha';

Introduction

AWS VPC Lattice is a fully managed application networking service that helps you connect, secure, and monitor communications between your services, whether they run in Amazon VPC, containers, or serverless environments. You can use VPC Lattice with a single virtual private cloud (VPC) or across multiple VPCs from one or more accounts.

Service

In VPC Lattice, we refer to a microservice as a service. It represents an independently deployable unit of software that delivers a specific task or function.

To create a service, use the Service Construct:

const logBucket = new Bucket(stack, 'LogsBucket', {});

new Service(stack, 'Service', {
  authType: vpclattice.AuthType.AWS_IAM,
  name: 'my-custom-name',
  removalPolicy: cdk.RemovalPolicy.DESTROY,
  loggingDestinations: [vpclattice.LoggingDestination.s3(logBucket)],
});

Service access

Access settings enable you to configure and manage client access to a service. Access settings include auth type and auth policies. Auth policies help you authenticate and authorize traffic flowing to services within VPC Lattice.

You can apply auth policies at the service network level, the service level, or both. At the service level, service owners can apply fine-grained controls, which can be more restrictive.

  • You can chooose to not define an auth policy:
const testSvc = new Service(stack, 'Parking', {
  ...
  authType: AuthType.NONE,
  ...
});
  • You can chooose a predefined policy template:
const testSvc = new Service(stack, 'Parking', {
  ...
  authType: AuthType.AWS_IAM,
  authPolicy: AuthPolicyDocument.UNAUTHENTICATED,
  ...
});
  • You can create a custom auth policy document using higher level statements:
const testSvc = new Service(stack, 'Parking', {
  ...
  authType: AuthType.AWS_IAM,
  authPolicy: new AuthPolicyDocument({
      statements: [
        AuthPolicyStatement.allowOnlyRole(...)
        AuthPolicyStatement.allowOnlyOrganization(...)
      ]
  }),
  ...
});
  • You can create a custom auth policy document using low level statements:
const testSvc = new Service(stack, 'Parking', {
  ...
  authType: AuthType.AWS_IAM,
  authPolicy: new AuthPolicyDocument({
    statements: [
      new PolicyStatement({
        effect: iam.Effect.ALLOW,
        actions: ['vpc-lattice-svcs:*'],
        resources: ['*'],
        principals: [new iam.StarPrincipal()],
        conditions: {
          StringEquals: { 'vpc-lattice-svcs:RequestMethod': 'GET' },
        },
      }),
    ]
  }),
  ...
});

Target Groups

A VPC Lattice target group is a collection of targets, or compute resources, that run your application. Targets can be EC2 instances, IP addresses, Lambda functions, Application Load Balancers, or Kubernetes Pods. To register an EKS pod as a target, use the AWS Gateway API Controller, which gets the IP addresses from the Kubernetes service.

To create a target group use the appropriate cosntruct according to the target type.

Lambda Function

const lambdaFunction = new LambdaFunction(stack, 'LambdaTargetFunction', {
  runtime: Runtime.NODEJS_18_X,
  code: Code.fromInline(`
        exports.handler = async (event) => {
            return {
                isBase64Encoded: false,
                statusCode: 200,
                body: JSON.stringify({ message: "Hello from Lambda!" }),
            };
        };
    `),
  handler: 'index.handler',
});

const tg1 = new LambdaTargetGroup(stack, 'LambdaTG', {
  name: 'lambda-tg1',
  target: lambdaFunction,
});

Application Load Balancer

const albSvc = new ApplicationLoadBalancedFargateService(stack, 'Service', {
  vpc,
  memoryLimitMiB: 1024,
  cpu: 512,
  taskImageOptions: {
    image: ecs.ContainerImage.fromRegistry('amazon/amazon-ecs-sample'),
    containerPort: 80,
  },
  publicLoadBalancer: false,
});

new AlbTargetGroup(stack, 'ALBTG', {
  vpc,
  loadBalancer: albSvc.loadBalancer,
});

IP Targets

const instance1 = new Instance(stack, 'Instance1', {
  vpc,
  instanceType: cdk.aws_ec2.InstanceType.of(cdk.aws_ec2.InstanceClass.T3, cdk.aws_ec2.InstanceSize.SMALL),
  machineImage: cdk.aws_ec2.MachineImage.latestAmazonLinux2(),
});

const instance2 = new Instance(stack, 'Instance2', {
  vpc,
  instanceType: cdk.aws_ec2.InstanceType.of(cdk.aws_ec2.InstanceClass.T3, cdk.aws_ec2.InstanceSize.SMALL),
  machineImage: cdk.aws_ec2.MachineImage.latestAmazonLinux2(),
});

const tg1 = new IpTargetGroup(stack, 'IpTG', {
  name: 'ip-tg1',
  vpc,
  targets: [
    {
      ipAddress: instance1.instancePrivateIp,
      port: 80,
    },
  ],
});

tg1.addTarget({
  ipAddress: instance2.instancePrivateIp,
  port: 80,
});

Instance

const instance1 = new Instance(stack, 'Instance1', {
  vpc,
  instanceType: cdk.aws_ec2.InstanceType.of(cdk.aws_ec2.InstanceClass.T3, cdk.aws_ec2.InstanceSize.SMALL),
  machineImage: cdk.aws_ec2.MachineImage.latestAmazonLinux2(),
});

const instance2 = new Instance(stack, 'Instance2', {
  vpc,
  instanceType: cdk.aws_ec2.InstanceType.of(cdk.aws_ec2.InstanceClass.T3, cdk.aws_ec2.InstanceSize.SMALL),
  machineImage: cdk.aws_ec2.MachineImage.latestAmazonLinux2(),
});

const tg1 = new InstanceTargetGroup(stack, 'Ec2TG', {
  vpc,
  instances: [
    {
      instance: instance1,
      port: 80,
    },
  ],
  healthCheck: {
    enabled: false,
    protocol: HealthCheckProtocol.HTTP,
    path: '/health',
    port: 8080,
  },
});

Auto-scaling Group

const asg = new AutoScalingGroup(stack, 'ASG', {
  vpc,
  instanceType: cdk.aws_ec2.InstanceType.of(cdk.aws_ec2.InstanceClass.T2, cdk.aws_ec2.InstanceSize.MICRO),
  machineImage: cdk.aws_ec2.MachineImage.latestAmazonLinux2(),
});

const tg1 = new InstanceTargetGroup(stack, 'ASG-TG', {
  vpc,
  autoScalingGroups: [asg],
  healthCheck: {
    enabled: false,
    protocol: HealthCheckProtocol.HTTP,
    path: '/health',
    port: 8080,
  },
});

Listeners and Rules

Before you start using your VPC Lattice service, you must add a listener. A listener is a process that checks for connection requests, using the protocol and port that you configure. The rules that you define for a listener determine how the service routes requests to its registered targets.

Project Information

Status (DRAFT)

Original Author(s): @clopca, @aws-rafams

Tracking Issue: #502

API Bar Raiser: @TheRealAmazonKendra

Public Issues ( aws-cdk)

  • (vpclattice): L2 for Amazon VPC Lattice #25452

Prototype Code

https://github.com/clopca/cdk-vpclattice-alpha (Private repo, to be shared with AWS)

Example implementation

Blog

VpcLattice

Amazon VPC Lattice is an application networking service that consistently connects, monitors, and secures communications between your services, helping to improve productivity so that your developers can focus on building features that matter to your business. You can define policies for network traffic management, access, and monitoring to connect compute services in a simplified and consistent way across instances, containers, and serverless applications.

The L2 Construct seeks to assist the consumer to create a lattice service easily by abstracting some of the detail. The major part of this is in creating the underlying auth policy and listener rules together, as their is significant intersection in the properties require for both.