Package software.amazon.awscdk.services.ec2

Interface InterfaceVpcEndpointOptions

All Superinterfaces:

software.amazon.jsii.JsiiSerializable

All Known Subinterfaces:

InterfaceVpcEndpointProps

All Known Implementing Classes:

InterfaceVpcEndpointOptions.Jsii$Proxy, InterfaceVpcEndpointProps.Jsii$Proxy

@Generated(value="jsii-pacmak/1.118.0 (build 02eec31)",
           date="2025-11-04T09:27:40.405Z")
@Stability(Stable)
public interface InterfaceVpcEndpointOptions
extends software.amazon.jsii.JsiiSerializable

Options to add an interface endpoint to a VPC.

Example:

 // Add gateway endpoints when creating the VPC
 Vpc vpc = Vpc.Builder.create(this, "MyVpc")
         .gatewayEndpoints(Map.of(
                 "S3", GatewayVpcEndpointOptions.builder()
                         .service(GatewayVpcEndpointAwsService.S3)
                         .build()))
         .build();
 // Alternatively gateway endpoints can be added on the VPC
 GatewayVpcEndpoint dynamoDbEndpoint = vpc.addGatewayEndpoint("DynamoDbEndpoint", GatewayVpcEndpointOptions.builder()
         .service(GatewayVpcEndpointAwsService.DYNAMODB)
         .build());
 // This allows to customize the endpoint policy
 dynamoDbEndpoint.addToPolicy(
 PolicyStatement.Builder.create() // Restrict to listing and describing tables
         .principals(List.of(new AnyPrincipal()))
         .actions(List.of("dynamodb:DescribeTable", "dynamodb:ListTables"))
         .resources(List.of("*")).build());
 // Add an interface endpoint
 vpc.addInterfaceEndpoint("EcrDockerEndpoint", InterfaceVpcEndpointOptions.builder()
         .service(InterfaceVpcEndpointAwsService.ECR_DOCKER)
         .build());
 

Nested Class Summary

Nested Classes

Modifier and Type	Interface	Description
static final class	InterfaceVpcEndpointOptions.Builder	A builder for InterfaceVpcEndpointOptions
static final class	InterfaceVpcEndpointOptions.Jsii$Proxy	An implementation for InterfaceVpcEndpointOptions

Method Summary

Modifier and Type	Method	Description
static InterfaceVpcEndpointOptions.Builder	builder()
default VpcEndpointDnsRecordIpType	getDnsRecordIpType()	Type of DNS records created for the VPC endpoint.
default VpcEndpointIpAddressType	getIpAddressType()	The IP address type for the endpoint.
default Boolean	getLookupSupportedAzs()	Limit to only those availability zones where the endpoint service can be created.
default Boolean	getOpen()	Whether to automatically allow VPC traffic to the endpoint.
default Boolean	getPrivateDnsEnabled()	Whether to associate a private hosted zone with the specified VPC.
default VpcEndpointPrivateDnsOnlyForInboundResolverEndpoint	getPrivateDnsOnlyForInboundResolverEndpoint()	Whether to enable private DNS only for inbound endpoints.
default List<ISecurityGroup>	getSecurityGroups()	The security groups to associate with this interface VPC endpoint.
IInterfaceVpcEndpointService	getService()	The service to use for this interface VPC endpoint.
default String	getServiceRegion()	The region where the VPC endpoint service is located.
default SubnetSelection	getSubnets()	The subnets in which to create an endpoint network interface.

Methods inherited from interface software.amazon.jsii.JsiiSerializable

$jsii$toJson

Method Details

getService

@Stability(Stable)
@NotNull
IInterfaceVpcEndpointService getService()

The service to use for this interface VPC endpoint.

getDnsRecordIpType

@Stability(Stable)
@Nullable
default VpcEndpointDnsRecordIpType getDnsRecordIpType()

Type of DNS records created for the VPC endpoint.

Default: not specified

getIpAddressType

@Stability(Stable)
@Nullable
default VpcEndpointIpAddressType getIpAddressType()

The IP address type for the endpoint.

Default: not specified

getLookupSupportedAzs

@Stability(Stable)
@Nullable
default Boolean getLookupSupportedAzs()

Limit to only those availability zones where the endpoint service can be created.

Setting this to 'true' requires a lookup to be performed at synthesis time. Account and region must be set on the containing stack for this to work.

Default: false

getOpen

@Stability(Stable)
@Nullable
default Boolean getOpen()

Whether to automatically allow VPC traffic to the endpoint.

If enabled, all traffic to the endpoint from within the VPC will be automatically allowed. This is done based on the VPC's CIDR range.

Default: true

getPrivateDnsEnabled

@Stability(Stable)
@Nullable
default Boolean getPrivateDnsEnabled()

Whether to associate a private hosted zone with the specified VPC.

This allows you to make requests to the service using its default DNS hostname.

Default: set by the instance of IInterfaceVpcEndpointService, or true if not defined by the instance of IInterfaceVpcEndpointService

getPrivateDnsOnlyForInboundResolverEndpoint

@Stability(Stable)
@Nullable
default VpcEndpointPrivateDnsOnlyForInboundResolverEndpoint getPrivateDnsOnlyForInboundResolverEndpoint()

Whether to enable private DNS only for inbound endpoints.

Default: not specified

getSecurityGroups

@Stability(Stable)
@Nullable
default List<ISecurityGroup> getSecurityGroups()

The security groups to associate with this interface VPC endpoint.

Default: - a new security group is created

getServiceRegion

@Stability(Stable)
@Nullable
default String getServiceRegion()

The region where the VPC endpoint service is located.

Only needs to be specified for cross-region VPC endpoints.

Default: - Same region as the interface VPC endpoint

getSubnets

@Stability(Stable)
@Nullable
default SubnetSelection getSubnets()

The subnets in which to create an endpoint network interface.

At most one per availability zone.

Default: - private subnets

builder

@Stability(Stable)
static InterfaceVpcEndpointOptions.Builder builder()

Returns:

a InterfaceVpcEndpointOptions.Builder of InterfaceVpcEndpointOptions