<!--
Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved.
SPDX-License-Identifier: Apache-2.0
-->
# CDK Enterprise IaC
Utilities for using CDK within enterprise constraints.
## Install
Typescript
```zsh
npm install @cdklabs/cdk-enterprise-iac
```
Python
```zsh
pip install cdklabs.cdk-enterprise-iac
```
## Who this project is for
Within large enterprises, builders can come up against enterprise imposed constraints when deploying on AWS.
This could be simple things such as "All IAM roles must have a specific Permissions Boundary attached".
This could also be more restrictive such as strict separation of duties, only allowing certain teams the ability to deploy specific AWS resources (e.g. Networking team can deploy VPCs, Subnets, and route tables. Security team can deploy IAM resources. Developers can deploy Compute. DBAs can deploy Databases, etc.)
Enterprises with very restrictive environments like these would benefit from taking a closer look at their policies to see how they can allow builders to safely deploy resources with less friction. However in many enterprises this is easier said than done, and builders are still expected to deliver.
This project is meant to reduce friction for builders working within these enterprise constraints while the enterprise determines what policies make the most sense for their organization, and is in no way prescriptive.
## Usage
There are many tools available, all detailed in [`API.md`](./API.md).
A few examples of these tools below:
### Adding permissions boundaries to all generated IAM roles
Example for `AddPermissionBoundary` in Typescript project.
```python
# Example automatically generated from non-compiling source. May contain errors.
import aws_cdk as cdk
from ...lib.my_project_stack import MyStack
from aws_cdk import Aspects
from cdklabs.cdk_enterprise_iac import AddPermissionBoundary
app = cdk.App()
MyStack(app, "MyStack")
Aspects.of(app).add(
AddPermissionBoundary(
permissions_boundary_policy_name="MyPermissionBoundaryName",
instance_profile_prefix="MY_PREFIX_", # optional, Defaults to ''
policy_prefix="MY_POLICY_PREFIX_", # optional, Defaults to ''
role_prefix="MY_ROLE_PREFIX_"
))
```
Example for `AddPermissionBoundary` in Python project.
```python
import aws_cdk as cdk
from cdklabs.cdk_enterprise_iac import AddPermissionBoundary
from test_py.test_py_stack import TestPyStack
app = cdk.App()
TestPyStack(app, "TestPyStack")
cdk.Aspects.of(app).add(AddPermissionBoundary(
permissions_boundary_policy_name="MyPermissionBoundaryName",
instance_profile_prefix="MY_PREFIX_", # optional, Defaults to ""
policy_prefix="MY_POLICY_PREFIX_", # optional, Defaults to ""
role_prefix="MY_ROLE_PREFIX_" # optional, Defaults to ""
))
app.synth()
```
### Resource extraction
:warning: Resource extraction is in an experimental phase. Test and validate before using in production. Please open any issues found [here](https://github.com/cdklabs/cdk-enterprise-iac/).
In many enterprises, there are separate teams with different IAM permissions than developers deploying CDK applications.
For example there might be a networking team with permissions to deploy `AWS::EC2::SecurityGroup` and `AWS::EC2::EIP`, or a security team with permissions to deploy `AWS::IAM::Role` and `AWS::IAM::Policy`, but the developers deploying the CDK don't have those permissions.
When a developer doesn't have permissions to deploy necessary resources in their CDK application, writing good code becomes difficult to manage when a cdk deploy will quickly error due to not being able to deploy something like an `AWS::IAM::Role` which is foundational to any project deployed into AWS.
An enterprise should *allow* builders to deploy these resources via CDK for [many reasons](https://github.com/aws/aws-cdk/wiki/Security-And-Safety-Dev-Guide#allowing-creation-of-iam-roles-without-privilege-escalation), and can use [Permissions Boundaries](https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies_boundaries.html) to prevent privilege escalation. For enterprises that haven't yet utilized Permissions Boundaries, the `ResourceExtractor` can make it easier for builders to write good CDK while complying with enterprise policies.
Using the `ResourceExtractor` Aspect, developers can write their CDK code as though they had sufficient IAM permissions, but extract those resources into a separate stack for an external team to deploy on their behalf.
Take the following example stack:
```python
# Example automatically generated from non-compiling source. May contain errors.
from aws_cdk import App, Aspects, RemovalPolicy, Stack
from aws_cdk.aws_lambda import Code, Function, Runtime
from aws_cdk.aws_s3 import Bucket
app = App()
app_stack = Stack(app, "MyAppStack")
func = Function(app_stack, "TestLambda",
code=Code.from_asset(path.join(__dirname, "lambda-handler")),
handler="index.handler",
runtime=Runtime.PYTHON_3_11
)
bucket = Bucket(app_stack, "TestBucket",
auto_delete_objects=True,
removal_policy=RemovalPolicy.DESTROY
)
bucket.grant_read_write(func)
app.synth()
```
The synthesized Cloudformation would include *all* AWS resources required, including resources a developer might not have permissions to deploy
The above example would include the following snippet in the synthesized Cloudformation
```yaml
TestLambdaServiceRoleC28C2D9C:
Type: 'AWS::IAM::Role'
Properties:
AssumeRolePolicyDocument:
Statement:
- Action: 'sts:AssumeRole'
Effect: Allow
Principal:
Service: lambda.amazonaws.com
Version: 2012-10-17
# excluding remaining properties
TestLambda2F70C45E:
Type: 'AWS::Lambda::Function'
Properties:
Role: !GetAtt
- TestLambdaServiceRoleC28C2D9C
- Arn
# excluding remaining properties
```
While including `bucket.grantReadWrite(func)` in the CDK application ensures an IAM role with least privilege IAM policies for the application, the creation of IAM resources such as Roles and Policies may be restricted to a security team, resulting in the synthesized Cloudformation template not being deployable by a developer.
Using the `ResourceExtractor`, we can pull out an arbitrary list of Cloudformation resources that a developer *doesn't* have permissions to provision, and create a separate stack that can be sent to a security team.
```python
# Example automatically generated from non-compiling source. May contain errors.
from aws_cdk import App, Aspects, RemovalPolicy, Stack
from aws_cdk.aws_lambda import Code, Function, Runtime
from aws_cdk.aws_s3 import Bucket
# Import ResourceExtractor
from cdklabs.cdk_enterprise_iac import ResourceExtractor
app = App()
app_stack = Stack(app, "MyAppStack")
# Set up a destination stack to extract resources to
extracted_stack = Stack(app, "ExtractedStack")
func = Function(app_stack, "TestLambda",
code=Code.from_asset(path.join(__dirname, "lambda-handler")),
handler="index.handler",
runtime=Runtime.PYTHON_3_11
)
bucket = Bucket(app_stack, "TestBucket",
auto_delete_objects=True,
removal_policy=RemovalPolicy.DESTROY
)
bucket.grant_read_write(func)
# Capture the output of app.synth()
synthed_app = app.synth()
# Apply the ResourceExtractor Aspect
Aspects.of(app).add(
ResourceExtractor(
# synthesized stacks to examine
stack_artifacts=synthed_app.stacks,
# Array of Cloudformation resources to extract
resource_types_to_extract=["AWS::IAM::Role", "AWS::IAM::Policy", "AWS::IAM::ManagedPolicy", "AWS::IAM::InstanceProfile"
],
# Destination stack for extracted resources
extract_destination_stack=extracted_stack
))
# Resynthing since ResourceExtractor has modified the app
app.synth(force=True)
```
In the example above, *all* resources are created in the `appStack`, and an empty `extractedStack` is also created.
We apply the `ResourceExtractor` Aspect, specifying the Cloudformation resource types the developer is unable to deploy due to insufficient IAM permissions.
Now when we list stacks in the CDK project, we can see an added stack
```zsh
$ cdk ls
MyAppStack
ExtractedStack
```
Taking a look at these synthesized stacks, in the `ExtractedStack` we'll find:
```yaml
Resources:
TestLambdaServiceRoleC28C2D9C:
Type: 'AWS::IAM::Role'
Properties:
AssumeRolePolicyDocument:
Statement:
- Action: 'sts:AssumeRole'
Effect: Allow
Principal:
Service: lambda.amazonaws.com
Version: 2012-10-17
# excluding remaining properties
Outputs:
ExportAppStackTestLambdaServiceRoleC28C2D9C:
Value:
'Fn::GetAtt':
- TestLambdaServiceRoleC28C2D9C
- Arn
Export:
Name: 'AppStack:TestLambdaServiceRoleC28C2D9C' # Exported name
```
And inside the synthesized `MyAppStack` template:
```yaml
Resources:
TestLambda2F70C45E:
Type: 'AWS::Lambda::Function'
Properties:
Role: !ImportValue 'AppStack:TestLambdaServiceRoleC28C2D9C' # Using ImportValue instrinsic function to use pre-created IAM role
# excluding remaining properties
```
In this scenario, a developer is able to provide an external security team with sufficient IAM privileges to deploy the `ExtractedStack`.
Once deployed, a developer can run `cdk deploy MyAppStack` without errors due to insufficient IAM privileges
#### Value Sharing methods
When resources are extracted from a stack, there must be a method to reference the resources that have been extracted.
There are three methods (see `ResourceExtractorShareMethod` enum)
* `CFN_OUTPUT`
* `SSM_PARAMETER`
* `API_LOOKUP`
##### `CFN_OUTPUT`
The default sharing method is `CFN_OUTPUT`, which uses Cloudformation Export/Import to Export values in the extracted stack (see [Outputs](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/outputs-section-structure.html)), and use the [Fn::ImportValue](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/intrinsic-function-reference-importvalue.html) intrinsic function to reference those values.
This works fine, but some teams may prefer a looser coupling between the extracted stack deployed by an external team and the rest of the CDK infrastructure.
##### `SSM_PARAMETER`
In this method, the extracted stack generates Parameters in AWS Systems Manager Parameter Store, and modifies the CDK application to look up the generated parameter using [`aws_ssm.StringParameter.valueFromLookup()`](https://docs.aws.amazon.com/cdk/api/v2/docs/aws-cdk-lib.aws_ssm.StringParameter.html#static-valuewbrfromwbrlookupscope-parametername) at synthesis time.
Example on using this method:
```python
# Example automatically generated from non-compiling source. May contain errors.
from cdklabs.cdk_enterprise_iac import ResourceExtractor, ResourceExtractorShareMethod
Aspects.of(app).add(
ResourceExtractor(
stack_artifacts=synthed_app.stacks,
resource_types_to_extract=["AWS::IAM::Role", "AWS::IAM::Policy", "AWS::IAM::ManagedPolicy", "AWS::IAM::InstanceProfile"
],
extract_destination_stack=extracted_stack,
value_share_method=ResourceExtractorShareMethod.SSM_PARAMETER
))
```
##### `API_LOOKUP`
The `API_LOOKUP` sharing method is a work in progress, and not yet supported
#### Resource Partials
Some resources that get extracted might reference resources that aren't yet created.
In our example CDK application we include the line
```python
# Example automatically generated from non-compiling source. May contain errors.
bucket.grant_read_write(func)
```
This creates an `AWS::IAM::Policy` that includes the necessary Actions scoped down to the S3 bucket.
When the `AWS::IAM::Policy` is extracted, it's unable to use `Ref` or `Fn::GetAtt` to reference the S3 bucket since the S3 bucket wasn't extracted.
In this case we substitute the reference with a "partial ARN" that makes a best effort to scope the resources in the IAM policy statement to the ARN of the yet-to-be created S3 bucket.
There are multiple resource types supported out of the box (found in [`createDefaultTransforms`](src/patches/resource-extractor/resourceTransformer.ts)). In the event you have a resource not yet supported, you'll receive a `MissingTransformError`. In this case you can either open an [issue](https://github.com/cdklabs/cdk-enterprise-iac/issues) with the resource in question, or you can include the `additionalTransforms` property.
Consider the following:
```python
# Example automatically generated from non-compiling source. May contain errors.
vpc = Vpc(stack, "TestVpc")
db = DatabaseInstance(stack, "TestDb",
vpc=vpc,
engine=DatabaseInstanceEngine.POSTGRES
)
func = Function(stack, "TestLambda", {
"code": Code.from_asset(path.join(__dirname, "lambda-handler")),
"handler": "index.handler",
"runtime": Runtime.PYTHON_3_11
})
db.secret.grant_read(func)
synthed_app = app.synth()
Aspects.of(app).add(
ResourceExtractor(
extract_destination_stack=extracted_stack,
stack_artifacts=synthed_app.stacks,
value_share_method=ResourceExtractorShareMethod.CFN_OUTPUT,
resource_types_to_extract=["AWS::IAM::Role", "AWS::IAM::Policy"],
additional_transforms={
"AWS::SecretsManager::SecretTargetAttachment": f"arn:{Aws.PARTITION}:secretsmanager:{Aws.REGION}:{Aws.ACCOUNT_ID}:secret:some-expected-value*"
}
))
app.synth(force=True)
```
In this case, there is a `AWS::SecretsManager::SecretTargetAttachment` generated to complete the final link between a Secrets Manager secret and the associated database by adding the database connection information to the secret JSON, which returns the ARN of the generated secret.
In the context of extracting the IAM policy, we want to tell the `ResourceExtractor` how to handle the resource section of the IAM policy statement so that it is scoped down sufficiently.
In this case rather than using a `Ref: LogicalIdForTheSecretTargetAttachment` we construct the ARN we want to use.
Details in [API.md](API.md)
## Generated API.md
---
Generated API.md below:
<details>
<summary>Expand to view API docs</summary><!--
Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved.
SPDX-License-Identifier: Apache-2.0
-->
# CDK Enterprise IaC
Utilities for using CDK within enterprise constraints.
## Install
Typescript
```zsh
npm install @cdklabs/cdk-enterprise-iac
```
Python
```zsh
pip install cdklabs.cdk-enterprise-iac
```
## Who this project is for
Within large enterprises, builders can come up against enterprise imposed constraints when deploying on AWS.
This could be simple things such as "All IAM roles must have a specific Permissions Boundary attached".
This could also be more restrictive such as strict separation of duties, only allowing certain teams the ability to deploy specific AWS resources (e.g. Networking team can deploy VPCs, Subnets, and route tables. Security team can deploy IAM resources. Developers can deploy Compute. DBAs can deploy Databases, etc.)
Enterprises with very restrictive environments like these would benefit from taking a closer look at their policies to see how they can allow builders to safely deploy resources with less friction. However in many enterprises this is easier said than done, and builders are still expected to deliver.
This project is meant to reduce friction for builders working within these enterprise constraints while the enterprise determines what policies make the most sense for their organization, and is in no way prescriptive.
## Usage
There are many tools available, all detailed in [`API.md`](./API.md).
A few examples of these tools below:
### Adding permissions boundaries to all generated IAM roles
Example for `AddPermissionBoundary` in Typescript project.
```python
# Example automatically generated from non-compiling source. May contain errors.
import aws_cdk as cdk
from ...lib.my_project_stack import MyStack
from aws_cdk import Aspects
from cdklabs.cdk_enterprise_iac import AddPermissionBoundary
app = cdk.App()
MyStack(app, "MyStack")
Aspects.of(app).add(
AddPermissionBoundary(
permissions_boundary_policy_name="MyPermissionBoundaryName",
instance_profile_prefix="MY_PREFIX_", # optional, Defaults to ''
policy_prefix="MY_POLICY_PREFIX_", # optional, Defaults to ''
role_prefix="MY_ROLE_PREFIX_"
))
```
Example for `AddPermissionBoundary` in Python project.
```python
import aws_cdk as cdk
from cdklabs.cdk_enterprise_iac import AddPermissionBoundary
from test_py.test_py_stack import TestPyStack
app = cdk.App()
TestPyStack(app, "TestPyStack")
cdk.Aspects.of(app).add(AddPermissionBoundary(
permissions_boundary_policy_name="MyPermissionBoundaryName",
instance_profile_prefix="MY_PREFIX_", # optional, Defaults to ""
policy_prefix="MY_POLICY_PREFIX_", # optional, Defaults to ""
role_prefix="MY_ROLE_PREFIX_" # optional, Defaults to ""
))
app.synth()
```
### Resource extraction
:warning: Resource extraction is in an experimental phase. Test and validate before using in production. Please open any issues found [here](https://github.com/cdklabs/cdk-enterprise-iac/).
In many enterprises, there are separate teams with different IAM permissions than developers deploying CDK applications.
For example there might be a networking team with permissions to deploy `AWS::EC2::SecurityGroup` and `AWS::EC2::EIP`, or a security team with permissions to deploy `AWS::IAM::Role` and `AWS::IAM::Policy`, but the developers deploying the CDK don't have those permissions.
When a developer doesn't have permissions to deploy necessary resources in their CDK application, writing good code becomes difficult to manage when a cdk deploy will quickly error due to not being able to deploy something like an `AWS::IAM::Role` which is foundational to any project deployed into AWS.
An enterprise should *allow* builders to deploy these resources via CDK for [many reasons](https://github.com/aws/aws-cdk/wiki/Security-And-Safety-Dev-Guide#allowing-creation-of-iam-roles-without-privilege-escalation), and can use [Permissions Boundaries](https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies_boundaries.html) to prevent privilege escalation. For enterprises that haven't yet utilized Permissions Boundaries, the `ResourceExtractor` can make it easier for builders to write good CDK while complying with enterprise policies.
Using the `ResourceExtractor` Aspect, developers can write their CDK code as though they had sufficient IAM permissions, but extract those resources into a separate stack for an external team to deploy on their behalf.
Take the following example stack:
```python
# Example automatically generated from non-compiling source. May contain errors.
from aws_cdk import App, Aspects, RemovalPolicy, Stack
from aws_cdk.aws_lambda import Code, Function, Runtime
from aws_cdk.aws_s3 import Bucket
app = App()
app_stack = Stack(app, "MyAppStack")
func = Function(app_stack, "TestLambda",
code=Code.from_asset(path.join(__dirname, "lambda-handler")),
handler="index.handler",
runtime=Runtime.PYTHON_3_11
)
bucket = Bucket(app_stack, "TestBucket",
auto_delete_objects=True,
removal_policy=RemovalPolicy.DESTROY
)
bucket.grant_read_write(func)
app.synth()
```
The synthesized Cloudformation would include *all* AWS resources required, including resources a developer might not have permissions to deploy
The above example would include the following snippet in the synthesized Cloudformation
```yaml
TestLambdaServiceRoleC28C2D9C:
Type: 'AWS::IAM::Role'
Properties:
AssumeRolePolicyDocument:
Statement:
- Action: 'sts:AssumeRole'
Effect: Allow
Principal:
Service: lambda.amazonaws.com
Version: 2012-10-17
# excluding remaining properties
TestLambda2F70C45E:
Type: 'AWS::Lambda::Function'
Properties:
Role: !GetAtt
- TestLambdaServiceRoleC28C2D9C
- Arn
# excluding remaining properties
```
While including `bucket.grantReadWrite(func)` in the CDK application ensures an IAM role with least privilege IAM policies for the application, the creation of IAM resources such as Roles and Policies may be restricted to a security team, resulting in the synthesized Cloudformation template not being deployable by a developer.
Using the `ResourceExtractor`, we can pull out an arbitrary list of Cloudformation resources that a developer *doesn't* have permissions to provision, and create a separate stack that can be sent to a security team.
```python
# Example automatically generated from non-compiling source. May contain errors.
from aws_cdk import App, Aspects, RemovalPolicy, Stack
from aws_cdk.aws_lambda import Code, Function, Runtime
from aws_cdk.aws_s3 import Bucket
# Import ResourceExtractor
from cdklabs.cdk_enterprise_iac import ResourceExtractor
app = App()
app_stack = Stack(app, "MyAppStack")
# Set up a destination stack to extract resources to
extracted_stack = Stack(app, "ExtractedStack")
func = Function(app_stack, "TestLambda",
code=Code.from_asset(path.join(__dirname, "lambda-handler")),
handler="index.handler",
runtime=Runtime.PYTHON_3_11
)
bucket = Bucket(app_stack, "TestBucket",
auto_delete_objects=True,
removal_policy=RemovalPolicy.DESTROY
)
bucket.grant_read_write(func)
# Capture the output of app.synth()
synthed_app = app.synth()
# Apply the ResourceExtractor Aspect
Aspects.of(app).add(
ResourceExtractor(
# synthesized stacks to examine
stack_artifacts=synthed_app.stacks,
# Array of Cloudformation resources to extract
resource_types_to_extract=["AWS::IAM::Role", "AWS::IAM::Policy", "AWS::IAM::ManagedPolicy", "AWS::IAM::InstanceProfile"
],
# Destination stack for extracted resources
extract_destination_stack=extracted_stack
))
# Resynthing since ResourceExtractor has modified the app
app.synth(force=True)
```
In the example above, *all* resources are created in the `appStack`, and an empty `extractedStack` is also created.
We apply the `ResourceExtractor` Aspect, specifying the Cloudformation resource types the developer is unable to deploy due to insufficient IAM permissions.
Now when we list stacks in the CDK project, we can see an added stack
```zsh
$ cdk ls
MyAppStack
ExtractedStack
```
Taking a look at these synthesized stacks, in the `ExtractedStack` we'll find:
```yaml
Resources:
TestLambdaServiceRoleC28C2D9C:
Type: 'AWS::IAM::Role'
Properties:
AssumeRolePolicyDocument:
Statement:
- Action: 'sts:AssumeRole'
Effect: Allow
Principal:
Service: lambda.amazonaws.com
Version: 2012-10-17
# excluding remaining properties
Outputs:
ExportAppStackTestLambdaServiceRoleC28C2D9C:
Value:
'Fn::GetAtt':
- TestLambdaServiceRoleC28C2D9C
- Arn
Export:
Name: 'AppStack:TestLambdaServiceRoleC28C2D9C' # Exported name
```
And inside the synthesized `MyAppStack` template:
```yaml
Resources:
TestLambda2F70C45E:
Type: 'AWS::Lambda::Function'
Properties:
Role: !ImportValue 'AppStack:TestLambdaServiceRoleC28C2D9C' # Using ImportValue instrinsic function to use pre-created IAM role
# excluding remaining properties
```
In this scenario, a developer is able to provide an external security team with sufficient IAM privileges to deploy the `ExtractedStack`.
Once deployed, a developer can run `cdk deploy MyAppStack` without errors due to insufficient IAM privileges
#### Value Sharing methods
When resources are extracted from a stack, there must be a method to reference the resources that have been extracted.
There are three methods (see `ResourceExtractorShareMethod` enum)
* `CFN_OUTPUT`
* `SSM_PARAMETER`
* `API_LOOKUP`
##### `CFN_OUTPUT`
The default sharing method is `CFN_OUTPUT`, which uses Cloudformation Export/Import to Export values in the extracted stack (see [Outputs](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/outputs-section-structure.html)), and use the [Fn::ImportValue](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/intrinsic-function-reference-importvalue.html) intrinsic function to reference those values.
This works fine, but some teams may prefer a looser coupling between the extracted stack deployed by an external team and the rest of the CDK infrastructure.
##### `SSM_PARAMETER`
In this method, the extracted stack generates Parameters in AWS Systems Manager Parameter Store, and modifies the CDK application to look up the generated parameter using [`aws_ssm.StringParameter.valueFromLookup()`](https://docs.aws.amazon.com/cdk/api/v2/docs/aws-cdk-lib.aws_ssm.StringParameter.html#static-valuewbrfromwbrlookupscope-parametername) at synthesis time.
Example on using this method:
```python
# Example automatically generated from non-compiling source. May contain errors.
from cdklabs.cdk_enterprise_iac import ResourceExtractor, ResourceExtractorShareMethod
Aspects.of(app).add(
ResourceExtractor(
stack_artifacts=synthed_app.stacks,
resource_types_to_extract=["AWS::IAM::Role", "AWS::IAM::Policy", "AWS::IAM::ManagedPolicy", "AWS::IAM::InstanceProfile"
],
extract_destination_stack=extracted_stack,
value_share_method=ResourceExtractorShareMethod.SSM_PARAMETER
))
```
##### `API_LOOKUP`
The `API_LOOKUP` sharing method is a work in progress, and not yet supported
#### Resource Partials
Some resources that get extracted might reference resources that aren't yet created.
In our example CDK application we include the line
```python
# Example automatically generated from non-compiling source. May contain errors.
bucket.grant_read_write(func)
```
This creates an `AWS::IAM::Policy` that includes the necessary Actions scoped down to the S3 bucket.
When the `AWS::IAM::Policy` is extracted, it's unable to use `Ref` or `Fn::GetAtt` to reference the S3 bucket since the S3 bucket wasn't extracted.
In this case we substitute the reference with a "partial ARN" that makes a best effort to scope the resources in the IAM policy statement to the ARN of the yet-to-be created S3 bucket.
There are multiple resource types supported out of the box (found in [`createDefaultTransforms`](src/patches/resource-extractor/resourceTransformer.ts)). In the event you have a resource not yet supported, you'll receive a `MissingTransformError`. In this case you can either open an [issue](https://github.com/cdklabs/cdk-enterprise-iac/issues) with the resource in question, or you can include the `additionalTransforms` property.
Consider the following:
```python
# Example automatically generated from non-compiling source. May contain errors.
vpc = Vpc(stack, "TestVpc")
db = DatabaseInstance(stack, "TestDb",
vpc=vpc,
engine=DatabaseInstanceEngine.POSTGRES
)
func = Function(stack, "TestLambda", {
"code": Code.from_asset(path.join(__dirname, "lambda-handler")),
"handler": "index.handler",
"runtime": Runtime.PYTHON_3_11
})
db.secret.grant_read(func)
synthed_app = app.synth()
Aspects.of(app).add(
ResourceExtractor(
extract_destination_stack=extracted_stack,
stack_artifacts=synthed_app.stacks,
value_share_method=ResourceExtractorShareMethod.CFN_OUTPUT,
resource_types_to_extract=["AWS::IAM::Role", "AWS::IAM::Policy"],
additional_transforms={
"AWS::SecretsManager::SecretTargetAttachment": f"arn:{Aws.PARTITION}:secretsmanager:{Aws.REGION}:{Aws.ACCOUNT_ID}:secret:some-expected-value*"
}
))
app.synth(force=True)
```
In this case, there is a `AWS::SecretsManager::SecretTargetAttachment` generated to complete the final link between a Secrets Manager secret and the associated database by adding the database connection information to the secret JSON, which returns the ARN of the generated secret.
In the context of extracting the IAM policy, we want to tell the `ResourceExtractor` how to handle the resource section of the IAM policy statement so that it is scoped down sufficiently.
In this case rather than using a `Ref: LogicalIdForTheSecretTargetAttachment` we construct the ARN we want to use.
Details in [API.md](API.md)
## Generated API.md
---
Generated API.md below:
<details>
<summary>Expand to view API docs</summary>
# API Reference <a name="API Reference" id="api-reference"></a>
## Constructs <a name="Constructs" id="Constructs"></a>
### EcsIsoServiceAutoscaler <a name="EcsIsoServiceAutoscaler" id="@cdklabs/cdk-enterprise-iac.EcsIsoServiceAutoscaler"></a>
Creates a EcsIsoServiceAutoscaler construct.
This construct allows you to scale an ECS service in an ISO
region where classic ECS Autoscaling may not be available.
#### Initializers <a name="Initializers" id="@cdklabs/cdk-enterprise-iac.EcsIsoServiceAutoscaler.Initializer"></a>
```python
# Example automatically generated from non-compiling source. May contain errors.
from cdklabs.cdk_enterprise_iac import EcsIsoServiceAutoscaler
EcsIsoServiceAutoscaler(scope, Construct, id, string, props, EcsIsoServiceAutoscalerProps)
```
| **Name** | **Type** | **Description** |
| --- | --- | --- |
| <code><a href="#@cdklabs/cdk-enterprise-iac.EcsIsoServiceAutoscaler.Initializer.parameter.scope">scope</a></code> | <code>constructs.Construct</code> | *No description.* |
| <code><a href="#@cdklabs/cdk-enterprise-iac.EcsIsoServiceAutoscaler.Initializer.parameter.id">id</a></code> | <code>string</code> | *No description.* |
| <code><a href="#@cdklabs/cdk-enterprise-iac.EcsIsoServiceAutoscaler.Initializer.parameter.props">props</a></code> | <code><a href="#@cdklabs/cdk-enterprise-iac.EcsIsoServiceAutoscalerProps">EcsIsoServiceAutoscalerProps</a></code> | *No description.* |
---
##### `scope`<sup>Required</sup> <a name="scope" id="@cdklabs/cdk-enterprise-iac.EcsIsoServiceAutoscaler.Initializer.parameter.scope"></a>
* *Type:* constructs.Construct
---
##### `id`<sup>Required</sup> <a name="id" id="@cdklabs/cdk-enterprise-iac.EcsIsoServiceAutoscaler.Initializer.parameter.id"></a>
* *Type:* string
---
##### `props`<sup>Required</sup> <a name="props" id="@cdklabs/cdk-enterprise-iac.EcsIsoServiceAutoscaler.Initializer.parameter.props"></a>
* *Type:* <a href="#@cdklabs/cdk-enterprise-iac.EcsIsoServiceAutoscalerProps">EcsIsoServiceAutoscalerProps</a>
---
#### Methods <a name="Methods" id="Methods"></a>
| **Name** | **Description** |
| --- | --- |
| <code><a href="#@cdklabs/cdk-enterprise-iac.EcsIsoServiceAutoscaler.toString">toString</a></code> | Returns a string representation of this construct. |
---
##### `toString` <a name="toString" id="@cdklabs/cdk-enterprise-iac.EcsIsoServiceAutoscaler.toString"></a>
```python
# Example automatically generated from non-compiling source. May contain errors.
to_string()string
```
Returns a string representation of this construct.
#### Static Functions <a name="Static Functions" id="Static Functions"></a>
| **Name** | **Description** |
| --- | --- |
| <code><a href="#@cdklabs/cdk-enterprise-iac.EcsIsoServiceAutoscaler.isConstruct">isConstruct</a></code> | Checks if `x` is a construct. |
---
##### ~~`isConstruct`~~ <a name="isConstruct" id="@cdklabs/cdk-enterprise-iac.EcsIsoServiceAutoscaler.isConstruct"></a>
```python
# Example automatically generated from non-compiling source. May contain errors.
from cdklabs.cdk_enterprise_iac import EcsIsoServiceAutoscaler
EcsIsoServiceAutoscaler.is_construct(x, any)
```
Checks if `x` is a construct.
###### `x`<sup>Required</sup> <a name="x" id="@cdklabs/cdk-enterprise-iac.EcsIsoServiceAutoscaler.isConstruct.parameter.x"></a>
* *Type:* any
Any object.
---
#### Properties <a name="Properties" id="Properties"></a>
| **Name** | **Type** | **Description** |
| --- | --- | --- |
| <code><a href="#@cdklabs/cdk-enterprise-iac.EcsIsoServiceAutoscaler.property.node">node</a></code> | <code>constructs.Node</code> | The tree node. |
| <code><a href="#@cdklabs/cdk-enterprise-iac.EcsIsoServiceAutoscaler.property.ecsScalingManagerFunction">ecsScalingManagerFunction</a></code> | <code>aws-cdk-lib.aws_lambda.Function</code> | *No description.* |
---
##### `node`<sup>Required</sup> <a name="node" id="@cdklabs/cdk-enterprise-iac.EcsIsoServiceAutoscaler.property.node"></a>
```python
# Example automatically generated from non-compiling source. May contain errors.
node: Node;
```
* *Type:* constructs.Node
The tree node.
---
##### `ecsScalingManagerFunction`<sup>Required</sup> <a name="ecsScalingManagerFunction" id="@cdklabs/cdk-enterprise-iac.EcsIsoServiceAutoscaler.property.ecsScalingManagerFunction"></a>
```python
ecsScalingManagerFunction: Function;
```
* *Type:* aws-cdk-lib.aws_lambda.Function
---
### PopulateWithConfig <a name="PopulateWithConfig" id="@cdklabs/cdk-enterprise-iac.PopulateWithConfig"></a>
Populate a provided VPC with subnets based on a provided configuration.
*Example*
```python
# Example automatically generated from non-compiling source. May contain errors.
my_subnet_config = [{
"group_name": "app",
"cidr_range": "172.31.0.0/27",
"availability_zone": "a",
"subnet_type": subnet_type.PUBLIC
}, {
"group_name": "app",
"cidr_range": "172.31.0.32/27",
"availability_zone": "b",
"subnet_type": subnet_type.PUBLIC
}, {
"group_name": "db",
"cidr_range": "172.31.0.64/27",
"availability_zone": "a",
"subnet_type": subnet_type.PRIVATE_WITH_EGRESS
}, {
"group_name": "db",
"cidr_range": "172.31.0.96/27",
"availability_zone": "b",
"subnet_type": subnet_type.PRIVATE_WITH_EGRESS
}, {
"group_name": "iso",
"cidr_range": "172.31.0.128/26",
"availability_zone": "a",
"subnet_type": subnet_type.PRIVATE_ISOLATED
}, {
"group_name": "iso",
"cidr_range": "172.31.0.196/26",
"availability_zone": "b",
"subnet_type": subnet_type.PRIVATE_ISOLATED
}
]
PopulateWithConfig(self, "vpcPopulater",
vpc_id="vpc-abcdefg1234567",
private_route_table_id="rt-abcdefg123456",
local_route_table_id="rt-123456abcdefg",
subnet_config=my_subnet_config
)
```
#### Initializers <a name="Initializers" id="@cdklabs/cdk-enterprise-iac.PopulateWithConfig.Initializer"></a>
```python
# Example automatically generated from non-compiling source. May contain errors.
from cdklabs.cdk_enterprise_iac import PopulateWithConfig
PopulateWithConfig(scope, Construct, id, string, props, PopulateWithConfigProps)
```
| **Name** | **Type** | **Description** |
| --- | --- | --- |
| <code><a href="#@cdklabs/cdk-enterprise-iac.PopulateWithConfig.Initializer.parameter.scope">scope</a></code> | <code>constructs.Construct</code> | *No description.* |
| <code><a href="#@cdklabs/cdk-enterprise-iac.PopulateWithConfig.Initializer.parameter.id">id</a></code> | <code>string</code> | *No description.* |
| <code><a href="#@cdklabs/cdk-enterprise-iac.PopulateWithConfig.Initializer.parameter.props">props</a></code> | <code><a href="#@cdklabs/cdk-enterprise-iac.PopulateWithConfigProps">PopulateWithConfigProps</a></code> | *No description.* |
---
##### `scope`<sup>Required</sup> <a name="scope" id="@cdklabs/cdk-enterprise-iac.PopulateWithConfig.Initializer.parameter.scope"></a>
* *Type:* constructs.Construct
---
##### `id`<sup>Required</sup> <a name="id" id="@cdklabs/cdk-enterprise-iac.PopulateWithConfig.Initializer.parameter.id"></a>
* *Type:* string
---
##### `props`<sup>Required</sup> <a name="props" id="@cdklabs/cdk-enterprise-iac.PopulateWithConfig.Initializer.parameter.props"></a>
* *Type:* <a href="#@cdklabs/cdk-enterprise-iac.PopulateWithConfigProps">PopulateWithConfigProps</a>
---
#### Methods <a name="Methods" id="Methods"></a>
| **Name** | **Description** |
| --- | --- |
| <code><a href="#@cdklabs/cdk-enterprise-iac.PopulateWithConfig.toString">toString</a></code> | Returns a string representation of this construct. |
---
##### `toString` <a name="toString" id="@cdklabs/cdk-enterprise-iac.PopulateWithConfig.toString"></a>
```python
# Example automatically generated from non-compiling source. May contain errors.
to_string()string
```
Returns a string representation of this construct.
#### Static Functions <a name="Static Functions" id="Static Functions"></a>
| **Name** | **Description** |
| --- | --- |
| <code><a href="#@cdklabs/cdk-enterprise-iac.PopulateWithConfig.isConstruct">isConstruct</a></code> | Checks if `x` is a construct. |
---
##### ~~`isConstruct`~~ <a name="isConstruct" id="@cdklabs/cdk-enterprise-iac.PopulateWithConfig.isConstruct"></a>
```python
# Example automatically generated from non-compiling source. May contain errors.
from cdklabs.cdk_enterprise_iac import PopulateWithConfig
PopulateWithConfig.is_construct(x, any)
```
Checks if `x` is a construct.
###### `x`<sup>Required</sup> <a name="x" id="@cdklabs/cdk-enterprise-iac.PopulateWithConfig.isConstruct.parameter.x"></a>
* *Type:* any
Any object.
---
#### Properties <a name="Properties" id="Properties"></a>
| **Name** | **Type** | **Description** |
| --- | --- | --- |
| <code><a href="#@cdklabs/cdk-enterprise-iac.PopulateWithConfig.property.node">node</a></code> | <code>constructs.Node</code> | The tree node. |
---
##### `node`<sup>Required</sup> <a name="node" id="@cdklabs/cdk-enterprise-iac.PopulateWithConfig.property.node"></a>
```python
# Example automatically generated from non-compiling source. May contain errors.
node: Node;
```
* *Type:* constructs.Node
The tree node.
---
### SplitVpcEvenly <a name="SplitVpcEvenly" id="@cdklabs/cdk-enterprise-iac.SplitVpcEvenly"></a>
Splits a VPC evenly between a provided number of AZs (3 if not defined), and attaches a provided route table to each, and labels.
*Example*
```python
# Example automatically generated from non-compiling source. May contain errors.
# with more specific properties
SplitVpcEvenly(self, "evenSplitVpc",
vpc_id="vpc-abcdefg123456",
vpc_cidr="172.16.0.0/16",
route_table_id="rt-abcdefgh123456",
cidr_bits="10",
number_of_azs=4,
subnet_type=subnet_type.PRIVATE_ISOLATED
)
```
#### Initializers <a name="Initializers" id="@cdklabs/cdk-enterprise-iac.SplitVpcEvenly.Initializer"></a>
```python
# Example automatically generated from non-compiling source. May contain errors.
from cdklabs.cdk_enterprise_iac import SplitVpcEvenly
SplitVpcEvenly(scope, Construct, id, string, props, SplitVpcEvenlyProps)
```
| **Name** | **Type** | **Description** |
| --- | --- | --- |
| <code><a href="#@cdklabs/cdk-enterprise-iac.SplitVpcEvenly.Initializer.parameter.scope">scope</a></code> | <code>constructs.Construct</code> | *No description.* |
| <code><a href="#@cdklabs/cdk-enterprise-iac.SplitVpcEvenly.Initializer.parameter.id">id</a></code> | <code>string</code> | *No description.* |
| <code><a href="#@cdklabs/cdk-enterprise-iac.SplitVpcEvenly.Initializer.parameter.props">props</a></code> | <code><a href="#@cdklabs/cdk-enterprise-iac.SplitVpcEvenlyProps">SplitVpcEvenlyProps</a></code> | *No description.* |
---
##### `scope`<sup>Required</sup> <a name="scope" id="@cdklabs/cdk-enterprise-iac.SplitVpcEvenly.Initializer.parameter.scope"></a>
* *Type:* constructs.Construct
---
##### `id`<sup>Required</sup> <a name="id" id="@cdklabs/cdk-enterprise-iac.SplitVpcEvenly.Initializer.parameter.id"></a>
* *Type:* string
---
##### `props`<sup>Required</sup> <a name="props" id="@cdklabs/cdk-enterprise-iac.SplitVpcEvenly.Initializer.parameter.props"></a>
* *Type:* <a href="#@cdklabs/cdk-enterprise-iac.SplitVpcEvenlyProps">SplitVpcEvenlyProps</a>
---
#### Methods <a name="Methods" id="Methods"></a>
| **Name** | **Description** |
| --- | --- |
| <code><a href="#@cdklabs/cdk-enterprise-iac.SplitVpcEvenly.toString">toString</a></code> | Returns a string representation of this construct. |
---
##### `toString` <a name="toString" id="@cdklabs/cdk-enterprise-iac.SplitVpcEvenly.toString"></a>
```python
# Example automatically generated from non-compiling source. May contain errors.
to_string()string
```
Returns a string representation of this construct.
#### Static Functions <a name="Static Functions" id="Static Functions"></a>
| **Name** | **Description** |
| --- | --- |
| <code><a href="#@cdklabs/cdk-enterprise-iac.SplitVpcEvenly.isConstruct">isConstruct</a></code> | Checks if `x` is a construct. |
---
##### ~~`isConstruct`~~ <a name="isConstruct" id="@cdklabs/cdk-enterprise-iac.SplitVpcEvenly.isConstruct"></a>
```python
# Example automatically generated from non-compiling source. May contain errors.
from cdklabs.cdk_enterprise_iac import SplitVpcEvenly
SplitVpcEvenly.is_construct(x, any)
```
Checks if `x` is a construct.
###### `x`<sup>Required</sup> <a name="x" id="@cdklabs/cdk-enterprise-iac.SplitVpcEvenly.isConstruct.parameter.x"></a>
* *Type:* any
Any object.
---
#### Properties <a name="Properties" id="Properties"></a>
| **Name** | **Type** | **Description** |
| --- | --- | --- |
| <code><a href="#@cdklabs/cdk-enterprise-iac.SplitVpcEvenly.property.node">node</a></code> | <code>constructs.Node</code> | The tree node. |
---
##### `node`<sup>Required</sup> <a name="node" id="@cdklabs/cdk-enterprise-iac.SplitVpcEvenly.property.node"></a>
```python
# Example automatically generated from non-compiling source. May contain errors.
node: Node;
```
* *Type:* constructs.Node
The tree node.
---
## Structs <a name="Structs" id="Structs"></a>
### AddCfnInitProxyProps <a name="AddCfnInitProxyProps" id="@cdklabs/cdk-enterprise-iac.AddCfnInitProxyProps"></a>
Properties for the proxy server to use with cfn helper commands.
#### Initializer <a name="Initializer" id="@cdklabs/cdk-enterprise-iac.AddCfnInitProxyProps.Initializer"></a>
```python
# Example automatically generated from non-compiling source. May contain errors.
from cdklabs.cdk_enterprise_iac import AddCfnInitProxyProps
add_cfn_init_proxy_props = AddCfnInitProxyProps(...)
```
#### Properties <a name="Properties" id="Properties"></a>
| **Name** | **Type** | **Description** |
| --- | --- | --- |
| <code><a href="#@cdklabs/cdk-enterprise-iac.AddCfnInitProxyProps.property.proxyHost">proxyHost</a></code> | <code>string</code> | host of your proxy. |
| <code><a href="#@cdklabs/cdk-enterprise-iac.AddCfnInitProxyProps.property.proxyPort">proxyPort</a></code> | <code>number</code> | proxy port. |
| <code><a href="#@cdklabs/cdk-enterprise-iac.AddCfnInitProxyProps.property.proxyCredentials">proxyCredentials</a></code> | <code>aws-cdk-lib.aws_secretsmanager.ISecret</code> | JSON secret containing `user` and `password` properties to use if your proxy requires credentials `http://user:password@host:port` could contain sensitive data, so using a Secret. |
| <code><a href="#@cdklabs/cdk-enterprise-iac.AddCfnInitProxyProps.property.proxyType">proxyType</a></code> | <code><a href="#@cdklabs/cdk-enterprise-iac.ProxyType">ProxyType</a></code> | Proxy Type. |
---
##### `proxyHost`<sup>Required</sup> <a name="proxyHost" id="@cdklabs/cdk-enterprise-iac.AddCfnInitProxyProps.property.proxyHost"></a>
```python
# Example automatically generated from non-compiling source. May contain errors.
proxyHost: string;
```
* *Type:* string
host of your proxy.
---
*Example*
```python
# Example automatically generated from non-compiling source. May contain errors.
example.com
```
##### `proxyPort`<sup>Required</sup> <a name="proxyPort" id="@cdklabs/cdk-enterprise-iac.AddCfnInitProxyProps.property.proxyPort"></a>
```python
# Example automatically generated from non-compiling source. May contain errors.
proxyPort: number;
```
* *Type:* number
proxy port.
---
*Example*
```python
8080
```
##### `proxyCredentials`<sup>Optional</sup> <a name="proxyCredentials" id="@cdklabs/cdk-enterprise-iac.AddCfnInitProxyProps.property.proxyCredentials"></a>
```python
# Example automatically generated from non-compiling source. May contain errors.
proxyCredentials: ISecret;
```
* *Type:* aws-cdk-lib.aws_secretsmanager.ISecret
JSON secret containing `user` and `password` properties to use if your proxy requires credentials `http://user:password@host:port` could contain sensitive data, so using a Secret.
Note that while the `user` and `password` won't be visible in the cloudformation template
they **will** be in plain text inside your `UserData`
---
*Example*
```python
# Example automatically generated from non-compiling source. May contain errors.
secret = Secret(stack, "TestSecret",
secret_object_value={
"user": SecretValue,
"password": SecretValue
}
)
```
##### `proxyType`<sup>Optional</sup> <a name="proxyType" id="@cdklabs/cdk-enterprise-iac.AddCfnInitProxyProps.property.proxyType"></a>
```python
# Example automatically generated from non-compiling source. May contain errors.
proxyType: ProxyType;
```
* *Type:* <a href="#@cdklabs/cdk-enterprise-iac.ProxyType">ProxyType</a>
* *Default:* ProxyType.HTTP
Proxy Type.
---
*Example*
```python
# Example automatically generated from non-compiling source. May contain errors.
ProxyType.HTTPS
```
### AddPermissionBoundaryProps <a name="AddPermissionBoundaryProps" id="@cdklabs/cdk-enterprise-iac.AddPermissionBoundaryProps"></a>
Properties to pass to the AddPermissionBoundary.
#### Initializer <a name="Initializer" id="@cdklabs/cdk-enterprise-iac.AddPermissionBoundaryProps.Initializer"></a>
```python
# Example automatically generated from non-compiling source. May contain errors.
from cdklabs.cdk_enterprise_iac import AddPermissionBoundaryProps
add_permission_boundary_props = AddPermissionBoundaryProps(...)
```
#### Properties <a name="Properties" id="Properties"></a>
| **Name** | **Type** | **Description** |
| --- | --- | --- |
| <code><a href="#@cdklabs/cdk-enterprise-iac.AddPermissionBoundaryProps.property.permissionsBoundaryPolicyName">permissionsBoundaryPolicyName</a></code> | <code>string</code> | Name of Permissions Boundary Policy to add to all IAM roles. |
| <code><a href="#@cdklabs/cdk-enterprise-iac.AddPermissionBoundaryProps.property.instanceProfilePrefix">instanceProfilePrefix</a></code> | <code>string</code> | A prefix to prepend to the name of the IAM InstanceProfiles (Default: ''). |
| <code><a href="#@cdklabs/cdk-enterprise-iac.AddPermissionBoundaryProps.property.policyPrefix">policyPrefix</a></code> | <code>string</code> | A prefix to prepend to the name of the IAM Policies and ManagedPolicies (Default: ''). |
| <code><a href="#@cdklabs/cdk-enterprise-iac.AddPermissionBoundaryProps.property.rolePrefix">rolePrefix</a></code> | <code>string</code> | A prefix to prepend to the name of IAM Roles (Default: ''). |
---
##### `permissionsBoundaryPolicyName`<sup>Required</sup> <a name="permissionsBoundaryPolicyName" id="@cdklabs/cdk-enterprise-iac.AddPermissionBoundaryProps.property.permissionsBoundaryPolicyName"></a>
```python
# Example automatically generated from non-compiling source. May contain errors.
permissionsBoundaryPolicyName: string;
```
* *Type:* string
Name of Permissions Boundary Policy to add to all IAM roles.
---
##### `instanceProfilePrefix`<sup>Optional</sup> <a name="instanceProfilePrefix" id="@cdklabs/cdk-enterprise-iac.AddPermissionBoundaryProps.property.instanceProfilePrefix"></a>
```python
# Example automatically generated from non-compiling source. May contain errors.
instanceProfilePrefix: string;
```
* *Type:* string
A prefix to prepend to the name of the IAM InstanceProfiles (Default: '').
---
##### `policyPrefix`<sup>Optional</sup> <a name="policyPrefix" id="@cdklabs/cdk-enterprise-iac.AddPermissionBoundaryProps.property.policyPrefix"></a>
```python
# Example automatically generated from non-compiling source. May contain errors.
policyPrefix: string;
```
* *Type:* string
A prefix to prepend to the name of the IAM Policies and ManagedPolicies (Default: '').
---
##### `rolePrefix`<sup>Optional</sup> <a name="rolePrefix" id="@cdklabs/cdk-enterprise-iac.AddPermissionBoundaryProps.property.rolePrefix"></a>
```python
# Example automatically generated from non-compiling source. May contain errors.
rolePrefix: string;
```
* *Type:* string
A prefix to prepend to the name of IAM Roles (Default: '').
---
### EcsIsoServiceAutoscalerProps <a name="EcsIsoServiceAutoscalerProps" id="@cdklabs/cdk-enterprise-iac.EcsIsoServiceAutoscalerProps"></a>
#### Initializer <a name="Initializer" id="@cdklabs/cdk-enterprise-iac.EcsIsoServiceAutoscalerProps.Initializer"></a>
```python
# Example automatically generated from non-compiling source. May contain errors.
from cdklabs.cdk_enterprise_iac import EcsIsoServiceAutoscalerProps
ecs_iso_service_autoscaler_props = EcsIsoServiceAutoscalerProps(...)
```
#### Properties <a name="Properties" id="Properties"></a>
| **Name** | **Type** | **Description** |
| --- | --- | --- |
| <code><a href="#@cdklabs/cdk-enterprise-iac.EcsIsoServiceAutoscalerProps.property.ecsCluster">ecsCluster</a></code> | <code>aws-cdk-lib.aws_ecs.Cluster</code> | The cluster the service you wish to scale resides in. |
| <code><a href="#@cdklabs/cdk-enterprise-iac.EcsIsoServiceAutoscalerProps.property.ecsService">ecsService</a></code> | <code>aws-cdk-lib.aws_ecs.IService</code> | The ECS service you wish to scale. |
| <code><a href="#@cdklabs/cdk-enterprise-iac.EcsIsoServiceAutoscalerProps.property.scaleAlarm">scaleAlarm</a></code> | <code>aws-cdk-lib.aws_cloudwatch.AlarmBase</code> | The Cloudwatch Alarm that will cause scaling actions to be invoked, whether it's in or not in alarm will determine scale up and down actions. |
| <code><a href="#@cdklabs/cdk-enterprise-iac.EcsIsoServiceAutoscalerProps.property.maximumTaskCount">maximumTaskCount</a></code> | <code>number</code> | The maximum number of tasks that the service will scale out to. |
| <code><a href="#@cdklabs/cdk-enterprise-iac.EcsIsoServiceAutoscalerProps.property.minimumTaskCount">minimumTaskCount</a></code> | <code>number</code> | The minimum number of tasks the service will have. |
| <code><a href="#@cdklabs/cdk-enterprise-iac.EcsIsoServiceAutoscalerProps.property.role">role</a></code> | <code>aws-cdk-lib.aws_iam.IRole</code> | Optional IAM role to attach to the created lambda to adjust the desired count on the ECS Service. |
| <code><a href="#@cdklabs/cdk-enterprise-iac.EcsIsoServiceAutoscalerProps.property.scaleInCooldown">scaleInCooldown</a></code> | <code>aws-cdk-lib.Duration</code> | How long will the application wait before performing another scale in action. |
| <code><a href="#@cdklabs/cdk-enterprise-iac.EcsIsoServiceAutoscalerProps.property.scaleInIncrement">scaleInIncrement</a></code> | <code>number</code> | The number of tasks that will scale in on scale in alarm status. |
| <code><a href="#@cdklabs/cdk-enterprise-iac.EcsIsoServiceAutoscalerProps.property.scaleOutCooldown">scaleOutCooldown</a></code> | <code>aws-cdk-lib.Duration</code> | How long will a the application wait before performing another scale out action. |
| <code><a href="#@cdklabs/cdk-enterprise-iac.EcsIsoServiceAutoscalerProps.property.scaleOutIncrement">scaleOutIncrement</a></code> | <code>number</code> | The number of tasks that will scale out on scale out alarm status. |
---
##### `ecsCluster`<sup>Required</sup> <a name="ecsCluster" id="@cdklabs/cdk-enterprise-iac.EcsIsoServiceAutoscalerProps.property.ecsCluster"></a>
```python
# Example automatically generated from non-compiling source. May contain errors.
ecsCluster: Cluster;
```
* *Type:* aws-cdk-lib.aws_ecs.Cluster
The cluster the service you wish to scale resides in.
---
##### `ecsService`<sup>Required</sup> <a name="ecsService" id="@cdklabs/cdk-enterprise-iac.EcsIsoServiceAutoscalerProps.property.ecsService"></a>
```python
# Example automatically generated from non-compiling source. May contain errors.
ecsService: IService;
```
* *Type:* aws-cdk-lib.aws_ecs.IService
The ECS service you wish to scale.
---
##### `scaleAlarm`<sup>Required</sup> <a name="scaleAlarm" id="@cdklabs/cdk-enterprise-iac.EcsIsoServiceAutoscalerProps.property.scaleAlarm"></a>
```python
# Example automatically generated from non-compiling source. May contain errors.
scaleAlarm: AlarmBase;
```
* *Type:* aws-cdk-lib.aws_cloudwatch.AlarmBase
The Cloudwatch Alarm that will cause scaling actions to be invoked, whether it's in or not in alarm will determine scale up and down actions.
Note: composite alarms can not be generated with CFN in all regions, while this allows you to pass in a composite alarm alarm creation is outside the scope of this construct
---
##### `maximumTaskCount`<sup>Optional</sup> <a name="maximumTaskCount" id="@cdklabs/cdk-enterprise-iac.EcsIsoServiceAutoscalerProps.property.maximumTaskCount"></a>
```python
# Example automatically generated from non-compiling source. May contain errors.
maximumTaskCount: number;
```
* *Type:* number
* *Default:* 10
The maximum number of tasks that the service will scale out to.
Note: This does not provide any protection from scaling out above the maximum allowed in your account, set this variable and manage account quotas appropriately.
---
##### `minimumTaskCount`<sup>Optional</sup> <a name="minimumTaskCount" id="@cdklabs/cdk-enterprise-iac.EcsIsoServiceAutoscalerProps.property.minimumTaskCount"></a>
```python
# Example automatically generated from non-compiling source. May contain errors.
minimumTaskCount: number;
```
* *Type:* number
* *Default:* 1
The minimum number of tasks the service will have.
---
##### `role`<sup>Optional</sup> <a name="role" id="@cdklabs/cdk-enterprise-iac.EcsIsoServiceAutoscalerProps.property.role"></a>
```python
# Example automatically generated from non-compiling source. May contain errors.
role: IRole;
```
* *Type:* aws-cdk-lib.aws_iam.IRole
* *Default:* A role is created for you with least privilege IAM policy
Optional IAM role to attach to the created lambda to adjust the desired count on the ECS Service.
Ensure this role has appropriate privileges. Example IAM policy statements:
```json
{
"PolicyDocument": {
"Statement": [
{
"Action": "cloudwatch:DescribeAlarms",
"Effect": "Allow",
"Resource": "*"
},
{
"Action": [
"ecs:DescribeServices",
"ecs:UpdateService"
],
"Condition": {
"StringEquals": {
"ecs:cluster": "arn:${Partition}:ecs:${Region}:${Account}:cluster/${ClusterName}"
}
},
"Effect": "Allow",
"Resource": "arn:${Partition}:ecs:${Region}:${Account}:service/${ClusterName}/${ServiceName}"
}
],
"Version": "2012-10-17"
}
}
```
---
##### `scaleInCooldown`<sup>Optional</sup> <a name="scaleInCooldown" id="@cdklabs/cdk-enterprise-iac.EcsIsoServiceAutoscalerProps.property.scaleInCooldown"></a>
```python
# Example automatically generated from non-compiling source. May contain errors.
scaleInCooldown: Duration;
```
* *Type:* aws-cdk-lib.Duration
* *Default:* 60 seconds
How long will the application wait before performing another scale in action.
---
##### `scaleInIncrement`<sup>Optional</sup> <a name="scaleInIncrement" id="@cdklabs/cdk-enterprise-iac.EcsIsoServiceAutoscalerProps.property.scaleInIncrement"></a>
```python
# Example automatically generated from non-compiling source. May contain errors.
scaleInIncrement: number;
```
* *Type:* number
* *Default:* 1
The number of tasks that will scale in on scale in alarm status.
---
##### `scaleOutCooldown`<sup>Optional</sup> <a name="scaleOutCooldown" id="@cdklabs/cdk-enterprise-iac.EcsIsoServiceAutoscalerProps.property.scaleOutCooldown"></a>
```python
# Example automatically generated from non-compiling source. May contain errors.
scaleOutCooldown: Duration;
```
* *Type:* aws-cdk-lib.Duration
* *Default:* 60 seconds
How long will a the application wait before performing another scale out action.
---
##### `scaleOutIncrement`<sup>Optional</sup> <a name="scaleOutIncrement" id="@cdklabs/cdk-enterprise-iac.EcsIsoServiceAutoscalerProps.property.scaleOutIncrement"></a>
```python
# Example automatically generated from non-compiling source. May contain errors.
scaleOutIncrement: number;
```
* *Type:* number
* *Default:* 1
The number of tasks that will scale out on scale out alarm status.
---
### PopulateWithConfigProps <a name="PopulateWithConfigProps" id="@cdklabs/cdk-enterprise-iac.PopulateWithConfigProps"></a>
#### Initializer <a name="Initializer" id="@cdklabs/cdk-enterprise-iac.PopulateWithConfigProps.Initializer"></a>
```python
# Example automatically generated from non-compiling source. May contain errors.
from cdklabs.cdk_enterprise_iac import PopulateWithConfigProps
populate_with_config_props = PopulateWithConfigProps(...)
```
#### Properties <a name="Properties" id="Properties"></a>
| **Name** | **Type** | **Description** |
| --- | --- | --- |
| <code><a href="#@cdklabs/cdk-enterprise-iac.PopulateWithConfigProps.property.localRouteTableId">localRouteTableId</a></code> | <code>string</code> | Local route table ID, with routes only to local VPC. |
| <code><a href="#@cdklabs/cdk-enterprise-iac.PopulateWithConfigProps.property.privateRouteTableId">privateRouteTableId</a></code> | <code>string</code> | Route table ID for a provided route table with routes to enterprise network. |
| <code><a href="#@cdklabs/cdk-enterprise-iac.PopulateWithConfigProps.property.subnetConfig">subnetConfig</a></code> | <code><a href="#@cdklabs/cdk-enterprise-iac.SubnetConfig">SubnetConfig</a>[]</code> | List of Subnet configs to provision to provision. |
| <code><a href="#@cdklabs/cdk-enterprise-iac.PopulateWithConfigProps.property.vpcId">vpcId</a></code> | <code>string</code> | ID of the VPC provided that needs to be populated. |
---
##### `localRouteTableId`<sup>Required</sup> <a name="localRouteTableId" id="@cdklabs/cdk-enterprise-iac.PopulateWithConfigProps.property.localRouteTableId"></a>
```python
# Example automatically generated from non-compiling source. May contain errors.
localRouteTableId: string;
```
* *Type:* string
Local route table ID, with routes only to local VPC.
---
##### `privateRouteTableId`<sup>Required</sup> <a name="privateRouteTableId" id="@cdklabs/cdk-enterprise-iac.PopulateWithConfigProps.property.privateRouteTableId"></a>
```python
# Example automatically generated from non-compiling source. May contain errors.
privateRouteTableId: string;
```
* *Type:* string
Route table ID for a provided route table with routes to enterprise network.
Both subnetType.PUBLIC and subnetType.PRIVATE_WITH_EGRESS will use this property
---
##### `subnetConfig`<sup>Required</sup> <a name="subnetConfig" id="@cdklabs/cdk-enterprise-iac.PopulateWithConfigProps.property.subnetConfig"></a>
```python
# Example automatically generated from non-compiling source. May contain errors.
subnetConfig: SubnetConfig[];
```
* *Type:* <a href="#@cdklabs/cdk-enterprise-iac.SubnetConfig">SubnetConfig</a>[]
List of Subnet configs to provision to provision.
---
##### `vpcId`<sup>Required</sup> <a name="vpcId" id="@cdklabs/cdk-enterprise-iac.PopulateWithConfigProps.property.vpcId"></a>
```python
# Example automatically generated from non-compiling source. May contain errors.
vpcId: string;
```
* *Type:* string
ID of the VPC provided that needs to be populated.
---
### RemoveTagsProps <a name="RemoveTagsProps" id="@cdklabs/cdk-enterprise-iac.RemoveTagsProps"></a>
#### Initializer <a name="Initializer" id="@cdklabs/cdk-enterprise-iac.RemoveTagsProps.Initializer"></a>
```python
# Example automatically generated from non-compiling source. May contain errors.
from cdklabs.cdk_enterprise_iac import RemoveTagsProps
remove_tags_props = RemoveTagsProps(...)
```
#### Properties <a name="Properties" id="Properties"></a>
| **Name** | **Type** | **Description** |
| --- | --- | --- |
| <code><a href="#@cdklabs/cdk-enterprise-iac.RemoveTagsProps.property.cloudformationResource">cloudformationResource</a></code> | <code>string</code> | Name of Cloudformation resource Type (e.g. 'AWS::Lambda::Function'). |
| <code><a href="#@cdklabs/cdk-enterprise-iac.RemoveTagsProps.property.tagPropertyName">tagPropertyName</a></code> | <code>string</code> | Name of the tag property to remove from the resource. |
---
##### `cloudformationResource`<sup>Required</sup> <a name="cloudformationResource" id="@cdklabs/cdk-enterprise-iac.RemoveTagsProps.property.cloudformationResource"></a>
```python
# Example automatically generated from non-compiling source. May contain errors.
cloudformationResource: string;
```
* *Type:* string
Name of Cloudformation resource Type (e.g. 'AWS::Lambda::Function').
---
##### `tagPropertyName`<sup>Optional</sup> <a name="tagPropertyName" id="@cdklabs/cdk-enterprise-iac.RemoveTagsProps.property.tagPropertyName"></a>
```python
# Example automatically generated from non-compiling source. May contain errors.
tagPropertyName: string;
```
* *Type:* string
* *Default:* Tags
Name of the tag property to remove from the resource.
---
### ResourceExtractorProps <a name="ResourceExtractorProps" id="@cdklabs/cdk-enterprise-iac.ResourceExtractorProps"></a>
#### Initializer <a name="Initializer" id="@cdklabs/cdk-enterprise-iac.ResourceExtractorProps.Initializer"></a>
```python
# Example automatically generated from non-compiling source. May contain errors.
from cdklabs.cdk_enterprise_iac import ResourceExtractorProps
resource_extractor_props = ResourceExtractorProps(...)
```
#### Properties <a name="Properties" id="Properties"></a>
| **Name** | **Type** | **Description** |
| --- | --- | --- |
| <code><a href="#@cdklabs/cdk-enterprise-iac.ResourceExtractorProps.property.extractDestinationStack">extractDestinationStack</a></code> | <code>aws-cdk-lib.Stack</code> | Stack to move found extracted resources into. |
| <code><a href="#@cdklabs/cdk-enterprise-iac.ResourceExtractorProps.property.resourceTypesToExtract">resourceTypesToExtract</a></code> | <code>string[]</code> | List of resource types to extract, ex: `AWS::IAM::Role`. |
| <code><a href="#@cdklabs/cdk-enterprise-iac.ResourceExtractorProps.property.stackArtifacts">stackArtifacts</a></code> | <code>aws-cdk-lib.cx_api.CloudFormationStackArtifact[]</code> | Synthed stack artifacts from your CDK app. |
| <code><a href="#@cdklabs/cdk-enterprise-iac.ResourceExtractorProps.property.additionalTransforms">additionalTransforms</a></code> | <code>{[ key: string ]: string}</code> | Additional resource transformations. |
| <code><a href="#@cdklabs/cdk-enterprise-iac.ResourceExtractorProps.property.valueShareMethod">valueShareMethod</a></code> | <code><a href="#@cdklabs/cdk-enterprise-iac.ResourceExtractorShareMethod">ResourceExtractorShareMethod</a></code> | The sharing method to use when passing exported resources from the "Extracted Stack" into the original stack(s). |
---
##### `extractDestinationStack`<sup>Required</sup> <a name="extractDestinationStack" id="@cdklabs/cdk-enterprise-iac.ResourceExtractorProps.property.extractDestinationStack"></a>
```python
extractDestinationStack: Stack;
```
* *Type:* aws-cdk-lib.Stack
Stack to move found extracted resources into.
---
##### `resourceTypesToExtract`<sup>Required</sup> <a name="resourceTypesToExtract" id="@cdklabs/cdk-enterprise-iac.ResourceExtractorProps.property.resourceTypesToExtract"></a>
```python
# Example automatically generated from non-compiling source. May contain errors.
resourceTypesToExtract: string[];
```
* *Type:* string[]
List of resource types to extract, ex: `AWS::IAM::Role`.
---
##### `stackArtifacts`<sup>Required</sup> <a name="stackArtifacts" id="@cdklabs/cdk-enterprise-iac.ResourceExtractorProps.property.stackArtifacts"></a>
```python
# Example automatically generated from non-compiling source. May contain errors.
stackArtifacts: CloudFormationStackArtifact[];
```
* *Type:* aws-cdk-lib.cx_api.CloudFormationStackArtifact[]
Synthed stack artifacts from your CDK app.
---
##### `additionalTransforms`<sup>Optional</sup> <a name="additionalTransforms" id="@cdklabs/cdk-enterprise-iac.ResourceExtractorProps.property.additionalTransforms"></a>
```python
# Example automatically generated from non-compiling source. May contain errors.
additionalTransforms: {[ key: string ]: string}
```
* *Type:* {[ key: string ]: string}
Additional resource transformations.
---
##### `valueShareMethod`<sup>Optional</sup> <a name="valueShareMethod" id="@cdklabs/cdk-enterprise-iac.ResourceExtractorProps.property.valueShareMethod"></a>
```python
# Example automatically generated from non-compiling source. May contain errors.
valueShareMethod: ResourceExtractorShareMethod;
```
* *Type:* <a href="#@cdklabs/cdk-enterprise-iac.ResourceExtractorShareMethod">ResourceExtractorShareMethod</a>
The sharing method to use when passing exported resources from the "Extracted Stack" into the original stack(s).
---
### SetApiGatewayEndpointConfigurationProps <a name="SetApiGatewayEndpointConfigurationProps" id="@cdklabs/cdk-enterprise-iac.SetApiGatewayEndpointConfigurationProps"></a>
#### Initializer <a name="Initializer" id="@cdklabs/cdk-enterprise-iac.SetApiGatewayEndpointConfigurationProps.Initializer"></a>
```python
# Example automatically generated from non-compiling source. May contain errors.
from cdklabs.cdk_enterprise_iac import SetApiGatewayEndpointConfigurationProps
set_api_gateway_endpoint_configuration_props = SetApiGatewayEndpointConfigurationProps(...)
```
#### Properties <a name="Properties" id="Properties"></a>
| **Name** | **Type** | **Description** |
| --- | --- | --- |
| <code><a href="#@cdklabs/cdk-enterprise-iac.SetApiGatewayEndpointConfigurationProps.property.endpointType">endpointType</a></code> | <code>aws-cdk-lib.aws_apigateway.EndpointType</code> | API Gateway endpoint type to override to. |
---
##### `endpointType`<sup>Optional</sup> <a name="endpointType" id="@cdklabs/cdk-enterprise-iac.SetApiGatewayEndpointConfigurationProps.property.endpointType"></a>
```python
# Example automatically generated from non-compiling source. May contain errors.
endpointType: EndpointType;
```
* *Type:* aws-cdk-lib.aws_apigateway.EndpointType
* *Default:* EndpointType.REGIONAL
API Gateway endpoint type to override to.
Defaults to EndpointType.REGIONAL
---
### SplitVpcEvenlyProps <a name="SplitVpcEvenlyProps" id="@cdklabs/cdk-enterprise-iac.SplitVpcEvenlyProps"></a>
#### Initializer <a name="Initializer" id="@cdklabs/cdk-enterprise-iac.SplitVpcEvenlyProps.Initializer"></a>
```python
# Example automatically generated from non-compiling source. May contain errors.
from cdklabs.cdk_enterprise_iac import SplitVpcEvenlyProps
split_vpc_evenly_props = SplitVpcEvenlyProps(...)
```
#### Properties <a name="Properties" id="Properties"></a>
| **Name** | **Type** | **Description** |
| --- | --- | --- |
| <code><a href="#@cdklabs/cdk-enterprise-iac.SplitVpcEvenlyProps.property.routeTableId">routeTableId</a></code> | <code>string</code> | Route Table ID that will be attached to each subnet created. |
| <code><a href="#@cdklabs/cdk-enterprise-iac.SplitVpcEvenlyProps.property.vpcCidr">vpcCidr</a></code> | <code>string</code> | CIDR range of the VPC you're populating. |
| <code><a href="#@cdklabs/cdk-enterprise-iac.SplitVpcEvenlyProps.property.vpcId">vpcId</a></code> | <code>string</code> | ID of the existing VPC you're trying to populate. |
| <code><a href="#@cdklabs/cdk-enterprise-iac.SplitVpcEvenlyProps.property.cidrBits">cidrBits</a></code> | <code>string</code> | `cidrBits` argument for the [`Fn::Cidr`](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/intrinsic-function-reference-cidr.html) Cloudformation intrinsic function. |
| <code><a href="#@cdklabs/cdk-enterprise-iac.SplitVpcEvenlyProps.property.numberOfAzs">numberOfAzs</a></code> | <code>number</code> | Number of AZs to evenly split into. |
| <code><a href="#@cdklabs/cdk-enterprise-iac.SplitVpcEvenlyProps.property.subnetType">subnetType</a></code> | <code>aws-cdk-lib.aws_ec2.SubnetType</code> | *No description.* |
---
##### `routeTableId`<sup>Required</sup> <a name="routeTableId" id="@cdklabs/cdk-enterprise-iac.SplitVpcEvenlyProps.property.routeTableId"></a>
```python
# Example automatically generated from non-compiling source. May contain errors.
routeTableId: string;
```
* *Type:* string
Route Table ID that will be attached to each subnet created.
---
##### `vpcCidr`<sup>Required</sup> <a name="vpcCidr" id="@cdklabs/cdk-enterprise-iac.SplitVpcEvenlyProps.property.vpcCidr"></a>
```python
# Example automatically generated from non-compiling source. May contain errors.
vpcCidr: string;
```
* *Type:* string
CIDR range of the VPC you're populating.
---
##### `vpcId`<sup>Required</sup> <a name="vpcId" id="@cdklabs/cdk-enterprise-iac.SplitVpcEvenlyProps.property.vpcId"></a>
```python
# Example automatically generated from non-compiling source. May contain errors.
vpcId: string;
```
* *Type:* string
ID of the existing VPC you're trying to populate.
---
##### `cidrBits`<sup>Optional</sup> <a name="cidrBits" id="@cdklabs/cdk-enterprise-iac.SplitVpcEvenlyProps.property.cidrBits"></a>
```python
# Example automatically generated from non-compiling source. May contain errors.
cidrBits: string;
```
* *Type:* string
* *Default:* '6'
`cidrBits` argument for the [`Fn::Cidr`](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/intrinsic-function-reference-cidr.html) Cloudformation intrinsic function.
---
##### `numberOfAzs`<sup>Optional</sup> <a name="numberOfAzs" id="@cdklabs/cdk-enterprise-iac.SplitVpcEvenlyProps.property.numberOfAzs"></a>
```python
# Example automatically generated from non-compiling source. May contain errors.
numberOfAzs: number;
```
* *Type:* number
* *Default:* 3
Number of AZs to evenly split into.
---
##### `subnetType`<sup>Optional</sup> <a name="subnetType" id="@cdklabs/cdk-enterprise-iac.SplitVpcEvenlyProps.property.subnetType"></a>
```python
# Example automatically generated from non-compiling source. May contain errors.
subnetType: SubnetType;
```
* *Type:* aws-cdk-lib.aws_ec2.SubnetType
* *Default:* subnetType.PRIVATE
---
### SubnetConfig <a name="SubnetConfig" id="@cdklabs/cdk-enterprise-iac.SubnetConfig"></a>
#### Initializer <a name="Initializer" id="@cdklabs/cdk-enterprise-iac.SubnetConfig.Initializer"></a>
```python
# Example automatically generated from non-compiling source. May contain errors.
from cdklabs.cdk_enterprise_iac import SubnetConfig
subnet_config = SubnetConfig(...)
```
#### Properties <a name="Properties" id="Properties"></a>
| **Name** | **Type** | **Description** |
| --- | --- | --- |
| <code><a href="#@cdklabs/cdk-enterprise-iac.SubnetConfig.property.availabilityZone">availabilityZone</a></code> | <code>string</code> | Which availability zone the subnet should be in. |
| <code><a href="#@cdklabs/cdk-enterprise-iac.SubnetConfig.property.cidrRange">cidrRange</a></code> | <code>string</code> | Cidr range of the subnet to create. |
| <code><a href="#@cdklabs/cdk-enterprise-iac.SubnetConfig.property.groupName">groupName</a></code> | <code>string</code> | Logical group name of a subnet. |
| <code><a href="#@cdklabs/cdk-enterprise-iac.SubnetConfig.property.subnetType">subnetType</a></code> | <code>aws-cdk-lib.aws_ec2.SubnetType</code> | What [SubnetType](https://docs.aws.amazon.com/cdk/api/v2/docs/aws-cdk-lib.aws_ec2.SubnetType.html) to use. |
---
##### `availabilityZone`<sup>Required</sup> <a name="availabilityZone" id="@cdklabs/cdk-enterprise-iac.SubnetConfig.property.availabilityZone"></a>
```python
# Example automatically generated from non-compiling source. May contain errors.
availabilityZone: string;
```
* *Type:* string
Which availability zone the subnet should be in.
---
##### `cidrRange`<sup>Required</sup> <a name="cidrRange" id="@cdklabs/cdk-enterprise-iac.SubnetConfig.property.cidrRange"></a>
```python
# Example automatically generated from non-compiling source. May contain errors.
cidrRange: string;
```
* *Type:* string
Cidr range of the subnet to create.
---
##### `groupName`<sup>Required</sup> <a name="groupName" id="@cdklabs/cdk-enterprise-iac.SubnetConfig.property.groupName"></a>
```python
# Example automatically generated from non-compiling source. May contain errors.
groupName: string;
```
* *Type:* string
Logical group name of a subnet.
---
*Example*
```python
# Example automatically generated from non-compiling source. May contain errors.
db
```
##### `subnetType`<sup>Required</sup> <a name="subnetType" id="@cdklabs/cdk-enterprise-iac.SubnetConfig.property.subnetType"></a>
```python
# Example automatically generated from non-compiling source. May contain errors.
subnetType: SubnetType;
```
* *Type:* aws-cdk-lib.aws_ec2.SubnetType
What [SubnetType](https://docs.aws.amazon.com/cdk/api/v2/docs/aws-cdk-lib.aws_ec2.SubnetType.html) to use.
This will govern the `aws-cdk:subnet-type` tag on the subnet
SubnetType | `aws-cdk:subnet-type` tag value
--- | ---
`PRIVATE_ISOLATED` | 'Isolated'
`PRIVATE_WITH_EGRESS` | 'Private'
`PUBLIC` | 'Public'
---
## Classes <a name="Classes" id="Classes"></a>
### AddCfnInitProxy <a name="AddCfnInitProxy" id="@cdklabs/cdk-enterprise-iac.AddCfnInitProxy"></a>
* *Implements:* aws-cdk-lib.IAspect
Add proxy configuration to Cloudformation helper functions.
#### Initializers <a name="Initializers" id="@cdklabs/cdk-enterprise-iac.AddCfnInitProxy.Initializer"></a>
```python
# Example automatically generated from non-compiling source. May contain errors.
from cdklabs.cdk_enterprise_iac import AddCfnInitProxy
AddCfnInitProxy(props, AddCfnInitProxyProps)
```
| **Name** | **Type** | **Description** |
| --- | --- | --- |
| <code><a href="#@cdklabs/cdk-enterprise-iac.AddCfnInitProxy.Initializer.parameter.props">props</a></code> | <code><a href="#@cdklabs/cdk-enterprise-iac.AddCfnInitProxyProps">AddCfnInitProxyProps</a></code> | *No description.* |
---
##### `props`<sup>Required</sup> <a name="props" id="@cdklabs/cdk-enterprise-iac.AddCfnInitProxy.Initializer.parameter.props"></a>
* *Type:* <a href="#@cdklabs/cdk-enterprise-iac.AddCfnInitProxyProps">AddCfnInitProxyProps</a>
---
#### Methods <a name="Methods" id="Methods"></a>
| **Name** | **Description** |
| --- | --- |
| <code><a href="#@cdklabs/cdk-enterprise-iac.AddCfnInitProxy.visit">visit</a></code> | All aspects can visit an IConstruct. |
---
##### `visit` <a name="visit" id="@cdklabs/cdk-enterprise-iac.AddCfnInitProxy.visit"></a>
```python
# Example automatically generated from non-compiling source. May contain errors.
visit(node, IConstruct)
```
All aspects can visit an IConstruct.
###### `node`<sup>Required</sup> <a name="node" id="@cdklabs/cdk-enterprise-iac.AddCfnInitProxy.visit.parameter.node"></a>
* *Type:* constructs.IConstruct
---
### AddLambdaEnvironmentVariables <a name="AddLambdaEnvironmentVariables" id="@cdklabs/cdk-enterprise-iac.AddLambdaEnvironmentVariables"></a>
* *Implements:* aws-cdk-lib.IAspect
Add one or more environment variables to *all* lambda functions within a scope.
#### Initializers <a name="Initializers" id="@cdklabs/cdk-enterprise-iac.AddLambdaEnvironmentVariables.Initializer"></a>
```python
# Example automatically generated from non-compiling source. May contain errors.
from cdklabs.cdk_enterprise_iac import AddLambdaEnvironmentVariables
AddLambdaEnvironmentVariables(props, {"key": string, "string": string})
```
| **Name** | **Type** | **Description** |
| --- | --- | --- |
| <code><a href="#@cdklabs/cdk-enterprise-iac.AddLambdaEnvironmentVariables.Initializer.parameter.props">props</a></code> | <code>{[ key: string ]: string}</code> | : string} props - Key Value pair(s) for environment variables to add to all lambda functions. |
---
##### `props`<sup>Required</sup> <a name="props" id="@cdklabs/cdk-enterprise-iac.AddLambdaEnvironmentVariables.Initializer.parameter.props"></a>
* *Type:* {[ key: string ]: string}
: string} props - Key Value pair(s) for environment variables to add to all lambda functions.
---
#### Methods <a name="Methods" id="Methods"></a>
| **Name** | **Description** |
| --- | --- |
| <code><a href="#@cdklabs/cdk-enterprise-iac.AddLambdaEnvironmentVariables.visit">visit</a></code> | All aspects can visit an IConstruct. |
---
##### `visit` <a name="visit" id="@cdklabs/cdk-enterprise-iac.AddLambdaEnvironmentVariables.visit"></a>
```python
# Example automatically generated from non-compiling source. May contain errors.
visit(node, IConstruct)
```
All aspects can visit an IConstruct.
###### `node`<sup>Required</sup> <a name="node" id="@cdklabs/cdk-enterprise-iac.AddLambdaEnvironmentVariables.visit.parameter.node"></a>
* *Type:* constructs.IConstruct
---
### AddPermissionBoundary <a name="AddPermissionBoundary" id="@cdklabs/cdk-enterprise-iac.AddPermissionBoundary"></a>
* *Implements:* aws-cdk-lib.IAspect
A patch for Adding Permissions Boundaries to all IAM roles.
Additional options for adding prefixes to IAM role, policy and instance profile names
Can account for non commercial partitions (e.g. aws-gov, aws-cn)
#### Initializers <a name="Initializers" id="@cdklabs/cdk-enterprise-iac.AddPermissionBoundary.Initializer"></a>
```python
# Example automatically generated from non-compiling source. May contain errors.
from cdklabs.cdk_enterprise_iac import AddPermissionBoundary
AddPermissionBoundary(props, AddPermissionBoundaryProps)
```
| **Name** | **Type** | **Description** |
| --- | --- | --- |
| <code><a href="#@cdklabs/cdk-enterprise-iac.AddPermissionBoundary.Initializer.parameter.props">props</a></code> | <code><a href="#@cdklabs/cdk-enterprise-iac.AddPermissionBoundaryProps">AddPermissionBoundaryProps</a></code> | *No description.* |
---
##### `props`<sup>Required</sup> <a name="props" id="@cdklabs/cdk-enterprise-iac.AddPermissionBoundary.Initializer.parameter.props"></a>
* *Type:* <a href="#@cdklabs/cdk-enterprise-iac.AddPermissionBoundaryProps">AddPermissionBoundaryProps</a>
---
#### Methods <a name="Methods" id="Methods"></a>
| **Name** | **Description** |
| --- | --- |
| <code><a href="#@cdklabs/cdk-enterprise-iac.AddPermissionBoundary.checkAndOverride">checkAndOverride</a></code> | *No description.* |
| <code><a href="#@cdklabs/cdk-enterprise-iac.AddPermissionBoundary.visit">visit</a></code> | All aspects can visit an IConstruct. |
---
##### `checkAndOverride` <a name="checkAndOverride" id="@cdklabs/cdk-enterprise-iac.AddPermissionBoundary.checkAndOverride"></a>
```python
# Example automatically generated from non-compiling source. May contain errors.
check_and_override(node, CfnResource, prefix, string, length, number, cfn_prop, string, cdkProp?: string)
```
###### `node`<sup>Required</sup> <a name="node" id="@cdklabs/cdk-enterprise-iac.AddPermissionBoundary.checkAndOverride.parameter.node"></a>
* *Type:* aws-cdk-lib.CfnResource
---
###### `prefix`<sup>Required</sup> <a name="prefix" id="@cdklabs/cdk-enterprise-iac.AddPermissionBoundary.checkAndOverride.parameter.prefix"></a>
* *Type:* string
---
###### `length`<sup>Required</sup> <a name="length" id="@cdklabs/cdk-enterprise-iac.AddPermissionBoundary.checkAndOverride.parameter.length"></a>
* *Type:* number
---
###### `cfnProp`<sup>Required</sup> <a name="cfnProp" id="@cdklabs/cdk-enterprise-iac.AddPermissionBoundary.checkAndOverride.parameter.cfnProp"></a>
* *Type:* string
---
###### `cdkProp`<sup>Optional</sup> <a name="cdkProp" id="@cdklabs/cdk-enterprise-iac.AddPermissionBoundary.checkAndOverride.parameter.cdkProp"></a>
* *Type:* string
---
##### `visit` <a name="visit" id="@cdklabs/cdk-enterprise-iac.AddPermissionBoundary.visit"></a>
```python
# Example automatically generated from non-compiling source. May contain errors.
visit(node, IConstruct)
```
All aspects can visit an IConstruct.
###### `node`<sup>Required</sup> <a name="node" id="@cdklabs/cdk-enterprise-iac.AddPermissionBoundary.visit.parameter.node"></a>
* *Type:* constructs.IConstruct
---
### ConvertInlinePoliciesToManaged <a name="ConvertInlinePoliciesToManaged" id="@cdklabs/cdk-enterprise-iac.ConvertInlinePoliciesToManaged"></a>
* *Implements:* aws-cdk-lib.IAspect
Patch for turning all Policies into ConvertInlinePoliciesToManaged.
Some users have policies in place that make it impossible to create inline policies. Instead,
they must use managed policies.
Note that order matters with this aspect. Specifically, it should generally be added first.
This is because other aspects may add overrides that would be lost if applied before
this aspect since the original aspect is removed and replaced.
*Example*
```python
# Example automatically generated from non-compiling source. May contain errors.
# Replace all AWS::IAM::Policy resources with equivalent AWS::IAM::ManagedPolicy
Aspects.of(stack).add(ConvertInlinePoliciesToManaged())
```
#### Initializers <a name="Initializers" id="@cdklabs/cdk-enterprise-iac.ConvertInlinePoliciesToManaged.Initializer"></a>
```python
from cdklabs.cdk_enterprise_iac import ConvertInlinePoliciesToManaged
ConvertInlinePoliciesToManaged()
```
| **Name** | **Type** | **Description** |
| --- | --- | --- |
---
#### Methods <a name="Methods" id="Methods"></a>
| **Name** | **Description** |
| --- | --- |
| <code><a href="#@cdklabs/cdk-enterprise-iac.ConvertInlinePoliciesToManaged.visit">visit</a></code> | All aspects can visit an IConstruct. |
---
##### `visit` <a name="visit" id="@cdklabs/cdk-enterprise-iac.ConvertInlinePoliciesToManaged.visit"></a>
```python
# Example automatically generated from non-compiling source. May contain errors.
visit(node, IConstruct)
```
All aspects can visit an IConstruct.
###### `node`<sup>Required</sup> <a name="node" id="@cdklabs/cdk-enterprise-iac.ConvertInlinePoliciesToManaged.visit.parameter.node"></a>
* *Type:* constructs.IConstruct
---
### RemovePublicAccessBlockConfiguration <a name="RemovePublicAccessBlockConfiguration" id="@cdklabs/cdk-enterprise-iac.RemovePublicAccessBlockConfiguration"></a>
* *Implements:* aws-cdk-lib.IAspect
Looks for S3 Buckets, and removes the `PublicAccessBlockConfiguration` property.
For use in regions where Cloudformation doesn't support this property
#### Initializers <a name="Initializers" id="@cdklabs/cdk-enterprise-iac.RemovePublicAccessBlockConfiguration.Initializer"></a>
```python
from cdklabs.cdk_enterprise_iac import RemovePublicAccessBlockConfiguration
RemovePublicAccessBlockConfiguration()
```
| **Name** | **Type** | **Description** |
| --- | --- | --- |
---
#### Methods <a name="Methods" id="Methods"></a>
| **Name** | **Description** |
| --- | --- |
| <code><a href="#@cdklabs/cdk-enterprise-iac.RemovePublicAccessBlockConfiguration.visit">visit</a></code> | All aspects can visit an IConstruct. |
---
##### `visit` <a name="visit" id="@cdklabs/cdk-enterprise-iac.RemovePublicAccessBlockConfiguration.visit"></a>
```python
# Example automatically generated from non-compiling source. May contain errors.
visit(node, IConstruct)
```
All aspects can visit an IConstruct.
###### `node`<sup>Required</sup> <a name="node" id="@cdklabs/cdk-enterprise-iac.RemovePublicAccessBlockConfiguration.visit.parameter.node"></a>
* *Type:* constructs.IConstruct
---
### RemoveTags <a name="RemoveTags" id="@cdklabs/cdk-enterprise-iac.RemoveTags"></a>
* *Implements:* aws-cdk-lib.IAspect
Patch for removing tags from a specific Cloudformation Resource.
In some regions, the 'Tags' property isn't supported in Cloudformation. This patch makes it easy to remove
*Example*
```python
# Example automatically generated from non-compiling source. May contain errors.
# Remove tags on a resource
Aspects.of(stack).add(RemoveTags(
cloudformation_resource="AWS::ECS::Cluster"
))
# Remove tags without the standard 'Tags' name
Aspects.of(stack).add(RemoveTags(
cloudformation_resource="AWS::Backup::BackupPlan",
tag_property_name="BackupPlanTags"
))
```
#### Initializers <a name="Initializers" id="@cdklabs/cdk-enterprise-iac.RemoveTags.Initializer"></a>
```python
# Example automatically generated from non-compiling source. May contain errors.
from cdklabs.cdk_enterprise_iac import RemoveTags
RemoveTags(props, RemoveTagsProps)
```
| **Name** | **Type** | **Description** |
| --- | --- | --- |
| <code><a href="#@cdklabs/cdk-enterprise-iac.RemoveTags.Initializer.parameter.props">props</a></code> | <code><a href="#@cdklabs/cdk-enterprise-iac.RemoveTagsProps">RemoveTagsProps</a></code> | *No description.* |
---
##### `props`<sup>Required</sup> <a name="props" id="@cdklabs/cdk-enterprise-iac.RemoveTags.Initializer.parameter.props"></a>
* *Type:* <a href="#@cdklabs/cdk-enterprise-iac.RemoveTagsProps">RemoveTagsProps</a>
---
#### Methods <a name="Methods" id="Methods"></a>
| **Name** | **Description** |
| --- | --- |
| <code><a href="#@cdklabs/cdk-enterprise-iac.RemoveTags.visit">visit</a></code> | All aspects can visit an IConstruct. |
---
##### `visit` <a name="visit" id="@cdklabs/cdk-enterprise-iac.RemoveTags.visit"></a>
```python
# Example automatically generated from non-compiling source. May contain errors.
visit(node, IConstruct)
```
All aspects can visit an IConstruct.
###### `node`<sup>Required</sup> <a name="node" id="@cdklabs/cdk-enterprise-iac.RemoveTags.visit.parameter.node"></a>
* *Type:* constructs.IConstruct
---
### ResourceExtractor <a name="ResourceExtractor" id="@cdklabs/cdk-enterprise-iac.ResourceExtractor"></a>
* *Implements:* aws-cdk-lib.IAspect
This Aspect takes a CDK application, all synthesized CloudFormationStackArtifact, a value share method, and a list of Cloudformation resources that should be pulled out of the main CDK application, which should be synthesized to a cloudformation template that an external team (e.g. security team) to deploy, and adjusting the CDK application to reference pre-created resources already pulled out.
*Example*
```python
# Example automatically generated from non-compiling source. May contain errors.
app = App()
stack = Stack(app, "MyStack")
extracted_stack = Stack(app, "ExtractedStack")
synthed_app = app.synth()
Aspects.of(app).add(ResourceExtractor(
extract_destination_stack=extracted_stack,
stack_artifacts=synthed_app.stacks,
value_share_method=ResourceExtractorShareMethod.CFN_OUTPUT,
resource_types_to_extract=["AWS::IAM::Role", "AWS::IAM::Policy", "AWS::IAM::ManagedPolicy", "AWS::IAM::InstanceProfile"
]
))
app.synth(force=True)
```
#### Initializers <a name="Initializers" id="@cdklabs/cdk-enterprise-iac.ResourceExtractor.Initializer"></a>
```python
# Example automatically generated from non-compiling source. May contain errors.
from cdklabs.cdk_enterprise_iac import ResourceExtractor
ResourceExtractor(props, ResourceExtractorProps)
```
| **Name** | **Type** | **Description** |
| --- | --- | --- |
| <code><a href="#@cdklabs/cdk-enterprise-iac.ResourceExtractor.Initializer.parameter.props">props</a></code> | <code><a href="#@cdklabs/cdk-enterprise-iac.ResourceExtractorProps">ResourceExtractorProps</a></code> | *No description.* |
---
##### `props`<sup>Required</sup> <a name="props" id="@cdklabs/cdk-enterprise-iac.ResourceExtractor.Initializer.parameter.props"></a>
* *Type:* <a href="#@cdklabs/cdk-enterprise-iac.ResourceExtractorProps">ResourceExtractorProps</a>
---
#### Methods <a name="Methods" id="Methods"></a>
| **Name** | **Description** |
| --- | --- |
| <code><a href="#@cdklabs/cdk-enterprise-iac.ResourceExtractor.visit">visit</a></code> | Entrypoint. |
---
##### `visit` <a name="visit" id="@cdklabs/cdk-enterprise-iac.ResourceExtractor.visit"></a>
```python
# Example automatically generated from non-compiling source. May contain errors.
visit(node, IConstruct)
```
Entrypoint.
###### `node`<sup>Required</sup> <a name="node" id="@cdklabs/cdk-enterprise-iac.ResourceExtractor.visit.parameter.node"></a>
* *Type:* constructs.IConstruct
---
### SetApiGatewayEndpointConfiguration <a name="SetApiGatewayEndpointConfiguration" id="@cdklabs/cdk-enterprise-iac.SetApiGatewayEndpointConfiguration"></a>
* *Implements:* aws-cdk-lib.IAspect
Override RestApis to use a set endpoint configuration.
Some regions don't support EDGE endpoints, and some enterprises require
specific endpoint types for RestApis
#### Initializers <a name="Initializers" id="@cdklabs/cdk-enterprise-iac.SetApiGatewayEndpointConfiguration.Initializer"></a>
```python
# Example automatically generated from non-compiling source. May contain errors.
from cdklabs.cdk_enterprise_iac import SetApiGatewayEndpointConfiguration
SetApiGatewayEndpointConfiguration(props?: SetApiGatewayEndpointConfigurationProps)
```
| **Name** | **Type** | **Description** |
| --- | --- | --- |
| <code><a href="#@cdklabs/cdk-enterprise-iac.SetApiGatewayEndpointConfiguration.Initializer.parameter.props">props</a></code> | <code><a href="#@cdklabs/cdk-enterprise-iac.SetApiGatewayEndpointConfigurationProps">SetApiGatewayEndpointConfigurationProps</a></code> | *No description.* |
---
##### `props`<sup>Optional</sup> <a name="props" id="@cdklabs/cdk-enterprise-iac.SetApiGatewayEndpointConfiguration.Initializer.parameter.props"></a>
* *Type:* <a href="#@cdklabs/cdk-enterprise-iac.SetApiGatewayEndpointConfigurationProps">SetApiGatewayEndpointConfigurationProps</a>
---
#### Methods <a name="Methods" id="Methods"></a>
| **Name** | **Description** |
| --- | --- |
| <code><a href="#@cdklabs/cdk-enterprise-iac.SetApiGatewayEndpointConfiguration.visit">visit</a></code> | All aspects can visit an IConstruct. |
---
##### `visit` <a name="visit" id="@cdklabs/cdk-enterprise-iac.SetApiGatewayEndpointConfiguration.visit"></a>
```python
# Example automatically generated from non-compiling source. May contain errors.
visit(node, IConstruct)
```
All aspects can visit an IConstruct.
###### `node`<sup>Required</sup> <a name="node" id="@cdklabs/cdk-enterprise-iac.SetApiGatewayEndpointConfiguration.visit.parameter.node"></a>
* *Type:* constructs.IConstruct
---
## Enums <a name="Enums" id="Enums"></a>
### ProxyType <a name="ProxyType" id="@cdklabs/cdk-enterprise-iac.ProxyType"></a>
Whether an http-proxy or https-proxy.
#### Members <a name="Members" id="Members"></a>
| **Name** | **Description** |
| --- | --- |
| <code><a href="#@cdklabs/cdk-enterprise-iac.ProxyType.HTTP">HTTP</a></code> | --http-proxy. |
| <code><a href="#@cdklabs/cdk-enterprise-iac.ProxyType.HTTPS">HTTPS</a></code> | --https-proxy. |
---
##### `HTTP` <a name="HTTP" id="@cdklabs/cdk-enterprise-iac.ProxyType.HTTP"></a>
-http-proxy.
---
##### `HTTPS` <a name="HTTPS" id="@cdklabs/cdk-enterprise-iac.ProxyType.HTTPS"></a>
-https-proxy.
---
### ResourceExtractorShareMethod <a name="ResourceExtractorShareMethod" id="@cdklabs/cdk-enterprise-iac.ResourceExtractorShareMethod"></a>
The available value sharing methods to pass values from the extracted stack onto the original stack(s).
#### Members <a name="Members" id="Members"></a>
| **Name** | **Description** |
| --- | --- |
| <code><a href="#@cdklabs/cdk-enterprise-iac.ResourceExtractorShareMethod.CFN_OUTPUT">CFN_OUTPUT</a></code> | *No description.* |
| <code><a href="#@cdklabs/cdk-enterprise-iac.ResourceExtractorShareMethod.SSM_PARAMETER">SSM_PARAMETER</a></code> | *No description.* |
| <code><a href="#@cdklabs/cdk-enterprise-iac.ResourceExtractorShareMethod.API_LOOKUP">API_LOOKUP</a></code> | *No description.* |
---
##### `CFN_OUTPUT` <a name="CFN_OUTPUT" id="@cdklabs/cdk-enterprise-iac.ResourceExtractorShareMethod.CFN_OUTPUT"></a>
---
##### `SSM_PARAMETER` <a name="SSM_PARAMETER" id="@cdklabs/cdk-enterprise-iac.ResourceExtractorShareMethod.SSM_PARAMETER"></a>
---
##### `API_LOOKUP` <a name="API_LOOKUP" id="@cdklabs/cdk-enterprise-iac.ResourceExtractorShareMethod.API_LOOKUP"></a>
---
### ResourceTransform <a name="ResourceTransform" id="@cdklabs/cdk-enterprise-iac.ResourceTransform"></a>
#### Members <a name="Members" id="Members"></a>
| **Name** | **Description** |
| --- | --- |
| <code><a href="#@cdklabs/cdk-enterprise-iac.ResourceTransform.STACK_NAME">STACK_NAME</a></code> | *No description.* |
| <code><a href="#@cdklabs/cdk-enterprise-iac.ResourceTransform.LOGICAL_ID">LOGICAL_ID</a></code> | *No description.* |
---
##### `STACK_NAME` <a name="STACK_NAME" id="@cdklabs/cdk-enterprise-iac.ResourceTransform.STACK_NAME"></a>
---
##### `LOGICAL_ID` <a name="LOGICAL_ID" id="@cdklabs/cdk-enterprise-iac.ResourceTransform.LOGICAL_ID"></a>
---
</details>
# API Reference <a name="API Reference" id="api-reference"></a>
## Constructs <a name="Constructs" id="Constructs"></a>
### EcsIsoServiceAutoscaler <a name="EcsIsoServiceAutoscaler" id="@cdklabs/cdk-enterprise-iac.EcsIsoServiceAutoscaler"></a>
Creates a EcsIsoServiceAutoscaler construct.
This construct allows you to scale an ECS service in an ISO
region where classic ECS Autoscaling may not be available.
#### Initializers <a name="Initializers" id="@cdklabs/cdk-enterprise-iac.EcsIsoServiceAutoscaler.Initializer"></a>
```python
# Example automatically generated from non-compiling source. May contain errors.
from cdklabs.cdk_enterprise_iac import EcsIsoServiceAutoscaler
EcsIsoServiceAutoscaler(scope, Construct, id, string, props, EcsIsoServiceAutoscalerProps)
```
| **Name** | **Type** | **Description** |
| --- | --- | --- |
| <code><a href="#@cdklabs/cdk-enterprise-iac.EcsIsoServiceAutoscaler.Initializer.parameter.scope">scope</a></code> | <code>constructs.Construct</code> | *No description.* |
| <code><a href="#@cdklabs/cdk-enterprise-iac.EcsIsoServiceAutoscaler.Initializer.parameter.id">id</a></code> | <code>string</code> | *No description.* |
| <code><a href="#@cdklabs/cdk-enterprise-iac.EcsIsoServiceAutoscaler.Initializer.parameter.props">props</a></code> | <code><a href="#@cdklabs/cdk-enterprise-iac.EcsIsoServiceAutoscalerProps">EcsIsoServiceAutoscalerProps</a></code> | *No description.* |
---
##### `scope`<sup>Required</sup> <a name="scope" id="@cdklabs/cdk-enterprise-iac.EcsIsoServiceAutoscaler.Initializer.parameter.scope"></a>
* *Type:* constructs.Construct
---
##### `id`<sup>Required</sup> <a name="id" id="@cdklabs/cdk-enterprise-iac.EcsIsoServiceAutoscaler.Initializer.parameter.id"></a>
* *Type:* string
---
##### `props`<sup>Required</sup> <a name="props" id="@cdklabs/cdk-enterprise-iac.EcsIsoServiceAutoscaler.Initializer.parameter.props"></a>
* *Type:* <a href="#@cdklabs/cdk-enterprise-iac.EcsIsoServiceAutoscalerProps">EcsIsoServiceAutoscalerProps</a>
---
#### Methods <a name="Methods" id="Methods"></a>
| **Name** | **Description** |
| --- | --- |
| <code><a href="#@cdklabs/cdk-enterprise-iac.EcsIsoServiceAutoscaler.toString">toString</a></code> | Returns a string representation of this construct. |
---
##### `toString` <a name="toString" id="@cdklabs/cdk-enterprise-iac.EcsIsoServiceAutoscaler.toString"></a>
```python
# Example automatically generated from non-compiling source. May contain errors.
to_string()string
```
Returns a string representation of this construct.
#### Static Functions <a name="Static Functions" id="Static Functions"></a>
| **Name** | **Description** |
| --- | --- |
| <code><a href="#@cdklabs/cdk-enterprise-iac.EcsIsoServiceAutoscaler.isConstruct">isConstruct</a></code> | Checks if `x` is a construct. |
---
##### ~~`isConstruct`~~ <a name="isConstruct" id="@cdklabs/cdk-enterprise-iac.EcsIsoServiceAutoscaler.isConstruct"></a>
```python
# Example automatically generated from non-compiling source. May contain errors.
from cdklabs.cdk_enterprise_iac import EcsIsoServiceAutoscaler
EcsIsoServiceAutoscaler.is_construct(x, any)
```
Checks if `x` is a construct.
###### `x`<sup>Required</sup> <a name="x" id="@cdklabs/cdk-enterprise-iac.EcsIsoServiceAutoscaler.isConstruct.parameter.x"></a>
* *Type:* any
Any object.
---
#### Properties <a name="Properties" id="Properties"></a>
| **Name** | **Type** | **Description** |
| --- | --- | --- |
| <code><a href="#@cdklabs/cdk-enterprise-iac.EcsIsoServiceAutoscaler.property.node">node</a></code> | <code>constructs.Node</code> | The tree node. |
| <code><a href="#@cdklabs/cdk-enterprise-iac.EcsIsoServiceAutoscaler.property.ecsScalingManagerFunction">ecsScalingManagerFunction</a></code> | <code>aws-cdk-lib.aws_lambda.Function</code> | *No description.* |
---
##### `node`<sup>Required</sup> <a name="node" id="@cdklabs/cdk-enterprise-iac.EcsIsoServiceAutoscaler.property.node"></a>
```python
# Example automatically generated from non-compiling source. May contain errors.
node: Node;
```
* *Type:* constructs.Node
The tree node.
---
##### `ecsScalingManagerFunction`<sup>Required</sup> <a name="ecsScalingManagerFunction" id="@cdklabs/cdk-enterprise-iac.EcsIsoServiceAutoscaler.property.ecsScalingManagerFunction"></a>
```python
ecsScalingManagerFunction: Function;
```
* *Type:* aws-cdk-lib.aws_lambda.Function
---
### PopulateWithConfig <a name="PopulateWithConfig" id="@cdklabs/cdk-enterprise-iac.PopulateWithConfig"></a>
Populate a provided VPC with subnets based on a provided configuration.
*Example*
```python
# Example automatically generated from non-compiling source. May contain errors.
my_subnet_config = [{
"group_name": "app",
"cidr_range": "172.31.0.0/27",
"availability_zone": "a",
"subnet_type": subnet_type.PUBLIC
}, {
"group_name": "app",
"cidr_range": "172.31.0.32/27",
"availability_zone": "b",
"subnet_type": subnet_type.PUBLIC
}, {
"group_name": "db",
"cidr_range": "172.31.0.64/27",
"availability_zone": "a",
"subnet_type": subnet_type.PRIVATE_WITH_EGRESS
}, {
"group_name": "db",
"cidr_range": "172.31.0.96/27",
"availability_zone": "b",
"subnet_type": subnet_type.PRIVATE_WITH_EGRESS
}, {
"group_name": "iso",
"cidr_range": "172.31.0.128/26",
"availability_zone": "a",
"subnet_type": subnet_type.PRIVATE_ISOLATED
}, {
"group_name": "iso",
"cidr_range": "172.31.0.196/26",
"availability_zone": "b",
"subnet_type": subnet_type.PRIVATE_ISOLATED
}
]
PopulateWithConfig(self, "vpcPopulater",
vpc_id="vpc-abcdefg1234567",
private_route_table_id="rt-abcdefg123456",
local_route_table_id="rt-123456abcdefg",
subnet_config=my_subnet_config
)
```
#### Initializers <a name="Initializers" id="@cdklabs/cdk-enterprise-iac.PopulateWithConfig.Initializer"></a>
```python
# Example automatically generated from non-compiling source. May contain errors.
from cdklabs.cdk_enterprise_iac import PopulateWithConfig
PopulateWithConfig(scope, Construct, id, string, props, PopulateWithConfigProps)
```
| **Name** | **Type** | **Description** |
| --- | --- | --- |
| <code><a href="#@cdklabs/cdk-enterprise-iac.PopulateWithConfig.Initializer.parameter.scope">scope</a></code> | <code>constructs.Construct</code> | *No description.* |
| <code><a href="#@cdklabs/cdk-enterprise-iac.PopulateWithConfig.Initializer.parameter.id">id</a></code> | <code>string</code> | *No description.* |
| <code><a href="#@cdklabs/cdk-enterprise-iac.PopulateWithConfig.Initializer.parameter.props">props</a></code> | <code><a href="#@cdklabs/cdk-enterprise-iac.PopulateWithConfigProps">PopulateWithConfigProps</a></code> | *No description.* |
---
##### `scope`<sup>Required</sup> <a name="scope" id="@cdklabs/cdk-enterprise-iac.PopulateWithConfig.Initializer.parameter.scope"></a>
* *Type:* constructs.Construct
---
##### `id`<sup>Required</sup> <a name="id" id="@cdklabs/cdk-enterprise-iac.PopulateWithConfig.Initializer.parameter.id"></a>
* *Type:* string
---
##### `props`<sup>Required</sup> <a name="props" id="@cdklabs/cdk-enterprise-iac.PopulateWithConfig.Initializer.parameter.props"></a>
* *Type:* <a href="#@cdklabs/cdk-enterprise-iac.PopulateWithConfigProps">PopulateWithConfigProps</a>
---
#### Methods <a name="Methods" id="Methods"></a>
| **Name** | **Description** |
| --- | --- |
| <code><a href="#@cdklabs/cdk-enterprise-iac.PopulateWithConfig.toString">toString</a></code> | Returns a string representation of this construct. |
---
##### `toString` <a name="toString" id="@cdklabs/cdk-enterprise-iac.PopulateWithConfig.toString"></a>
```python
# Example automatically generated from non-compiling source. May contain errors.
to_string()string
```
Returns a string representation of this construct.
#### Static Functions <a name="Static Functions" id="Static Functions"></a>
| **Name** | **Description** |
| --- | --- |
| <code><a href="#@cdklabs/cdk-enterprise-iac.PopulateWithConfig.isConstruct">isConstruct</a></code> | Checks if `x` is a construct. |
---
##### ~~`isConstruct`~~ <a name="isConstruct" id="@cdklabs/cdk-enterprise-iac.PopulateWithConfig.isConstruct"></a>
```python
# Example automatically generated from non-compiling source. May contain errors.
from cdklabs.cdk_enterprise_iac import PopulateWithConfig
PopulateWithConfig.is_construct(x, any)
```
Checks if `x` is a construct.
###### `x`<sup>Required</sup> <a name="x" id="@cdklabs/cdk-enterprise-iac.PopulateWithConfig.isConstruct.parameter.x"></a>
* *Type:* any
Any object.
---
#### Properties <a name="Properties" id="Properties"></a>
| **Name** | **Type** | **Description** |
| --- | --- | --- |
| <code><a href="#@cdklabs/cdk-enterprise-iac.PopulateWithConfig.property.node">node</a></code> | <code>constructs.Node</code> | The tree node. |
---
##### `node`<sup>Required</sup> <a name="node" id="@cdklabs/cdk-enterprise-iac.PopulateWithConfig.property.node"></a>
```python
# Example automatically generated from non-compiling source. May contain errors.
node: Node;
```
* *Type:* constructs.Node
The tree node.
---
### SplitVpcEvenly <a name="SplitVpcEvenly" id="@cdklabs/cdk-enterprise-iac.SplitVpcEvenly"></a>
Splits a VPC evenly between a provided number of AZs (3 if not defined), and attaches a provided route table to each, and labels.
*Example*
```python
# Example automatically generated from non-compiling source. May contain errors.
# with more specific properties
SplitVpcEvenly(self, "evenSplitVpc",
vpc_id="vpc-abcdefg123456",
vpc_cidr="172.16.0.0/16",
route_table_id="rt-abcdefgh123456",
cidr_bits="10",
number_of_azs=4,
subnet_type=subnet_type.PRIVATE_ISOLATED
)
```
#### Initializers <a name="Initializers" id="@cdklabs/cdk-enterprise-iac.SplitVpcEvenly.Initializer"></a>
```python
# Example automatically generated from non-compiling source. May contain errors.
from cdklabs.cdk_enterprise_iac import SplitVpcEvenly
SplitVpcEvenly(scope, Construct, id, string, props, SplitVpcEvenlyProps)
```
| **Name** | **Type** | **Description** |
| --- | --- | --- |
| <code><a href="#@cdklabs/cdk-enterprise-iac.SplitVpcEvenly.Initializer.parameter.scope">scope</a></code> | <code>constructs.Construct</code> | *No description.* |
| <code><a href="#@cdklabs/cdk-enterprise-iac.SplitVpcEvenly.Initializer.parameter.id">id</a></code> | <code>string</code> | *No description.* |
| <code><a href="#@cdklabs/cdk-enterprise-iac.SplitVpcEvenly.Initializer.parameter.props">props</a></code> | <code><a href="#@cdklabs/cdk-enterprise-iac.SplitVpcEvenlyProps">SplitVpcEvenlyProps</a></code> | *No description.* |
---
##### `scope`<sup>Required</sup> <a name="scope" id="@cdklabs/cdk-enterprise-iac.SplitVpcEvenly.Initializer.parameter.scope"></a>
* *Type:* constructs.Construct
---
##### `id`<sup>Required</sup> <a name="id" id="@cdklabs/cdk-enterprise-iac.SplitVpcEvenly.Initializer.parameter.id"></a>
* *Type:* string
---
##### `props`<sup>Required</sup> <a name="props" id="@cdklabs/cdk-enterprise-iac.SplitVpcEvenly.Initializer.parameter.props"></a>
* *Type:* <a href="#@cdklabs/cdk-enterprise-iac.SplitVpcEvenlyProps">SplitVpcEvenlyProps</a>
---
#### Methods <a name="Methods" id="Methods"></a>
| **Name** | **Description** |
| --- | --- |
| <code><a href="#@cdklabs/cdk-enterprise-iac.SplitVpcEvenly.toString">toString</a></code> | Returns a string representation of this construct. |
---
##### `toString` <a name="toString" id="@cdklabs/cdk-enterprise-iac.SplitVpcEvenly.toString"></a>
```python
# Example automatically generated from non-compiling source. May contain errors.
to_string()string
```
Returns a string representation of this construct.
#### Static Functions <a name="Static Functions" id="Static Functions"></a>
| **Name** | **Description** |
| --- | --- |
| <code><a href="#@cdklabs/cdk-enterprise-iac.SplitVpcEvenly.isConstruct">isConstruct</a></code> | Checks if `x` is a construct. |
---
##### ~~`isConstruct`~~ <a name="isConstruct" id="@cdklabs/cdk-enterprise-iac.SplitVpcEvenly.isConstruct"></a>
```python
# Example automatically generated from non-compiling source. May contain errors.
from cdklabs.cdk_enterprise_iac import SplitVpcEvenly
SplitVpcEvenly.is_construct(x, any)
```
Checks if `x` is a construct.
###### `x`<sup>Required</sup> <a name="x" id="@cdklabs/cdk-enterprise-iac.SplitVpcEvenly.isConstruct.parameter.x"></a>
* *Type:* any
Any object.
---
#### Properties <a name="Properties" id="Properties"></a>
| **Name** | **Type** | **Description** |
| --- | --- | --- |
| <code><a href="#@cdklabs/cdk-enterprise-iac.SplitVpcEvenly.property.node">node</a></code> | <code>constructs.Node</code> | The tree node. |
---
##### `node`<sup>Required</sup> <a name="node" id="@cdklabs/cdk-enterprise-iac.SplitVpcEvenly.property.node"></a>
```python
# Example automatically generated from non-compiling source. May contain errors.
node: Node;
```
* *Type:* constructs.Node
The tree node.
---
## Structs <a name="Structs" id="Structs"></a>
### AddCfnInitProxyProps <a name="AddCfnInitProxyProps" id="@cdklabs/cdk-enterprise-iac.AddCfnInitProxyProps"></a>
Properties for the proxy server to use with cfn helper commands.
#### Initializer <a name="Initializer" id="@cdklabs/cdk-enterprise-iac.AddCfnInitProxyProps.Initializer"></a>
```python
# Example automatically generated from non-compiling source. May contain errors.
from cdklabs.cdk_enterprise_iac import AddCfnInitProxyProps
add_cfn_init_proxy_props = AddCfnInitProxyProps(...)
```
#### Properties <a name="Properties" id="Properties"></a>
| **Name** | **Type** | **Description** |
| --- | --- | --- |
| <code><a href="#@cdklabs/cdk-enterprise-iac.AddCfnInitProxyProps.property.proxyHost">proxyHost</a></code> | <code>string</code> | host of your proxy. |
| <code><a href="#@cdklabs/cdk-enterprise-iac.AddCfnInitProxyProps.property.proxyPort">proxyPort</a></code> | <code>number</code> | proxy port. |
| <code><a href="#@cdklabs/cdk-enterprise-iac.AddCfnInitProxyProps.property.proxyCredentials">proxyCredentials</a></code> | <code>aws-cdk-lib.aws_secretsmanager.ISecret</code> | JSON secret containing `user` and `password` properties to use if your proxy requires credentials `http://user:password@host:port` could contain sensitive data, so using a Secret. |
| <code><a href="#@cdklabs/cdk-enterprise-iac.AddCfnInitProxyProps.property.proxyType">proxyType</a></code> | <code><a href="#@cdklabs/cdk-enterprise-iac.ProxyType">ProxyType</a></code> | Proxy Type. |
---
##### `proxyHost`<sup>Required</sup> <a name="proxyHost" id="@cdklabs/cdk-enterprise-iac.AddCfnInitProxyProps.property.proxyHost"></a>
```python
# Example automatically generated from non-compiling source. May contain errors.
proxyHost: string;
```
* *Type:* string
host of your proxy.
---
*Example*
```python
# Example automatically generated from non-compiling source. May contain errors.
example.com
```
##### `proxyPort`<sup>Required</sup> <a name="proxyPort" id="@cdklabs/cdk-enterprise-iac.AddCfnInitProxyProps.property.proxyPort"></a>
```python
# Example automatically generated from non-compiling source. May contain errors.
proxyPort: number;
```
* *Type:* number
proxy port.
---
*Example*
```python
8080
```
##### `proxyCredentials`<sup>Optional</sup> <a name="proxyCredentials" id="@cdklabs/cdk-enterprise-iac.AddCfnInitProxyProps.property.proxyCredentials"></a>
```python
# Example automatically generated from non-compiling source. May contain errors.
proxyCredentials: ISecret;
```
* *Type:* aws-cdk-lib.aws_secretsmanager.ISecret
JSON secret containing `user` and `password` properties to use if your proxy requires credentials `http://user:password@host:port` could contain sensitive data, so using a Secret.
Note that while the `user` and `password` won't be visible in the cloudformation template
they **will** be in plain text inside your `UserData`
---
*Example*
```python
# Example automatically generated from non-compiling source. May contain errors.
secret = Secret(stack, "TestSecret",
secret_object_value={
"user": SecretValue,
"password": SecretValue
}
)
```
##### `proxyType`<sup>Optional</sup> <a name="proxyType" id="@cdklabs/cdk-enterprise-iac.AddCfnInitProxyProps.property.proxyType"></a>
```python
# Example automatically generated from non-compiling source. May contain errors.
proxyType: ProxyType;
```
* *Type:* <a href="#@cdklabs/cdk-enterprise-iac.ProxyType">ProxyType</a>
* *Default:* ProxyType.HTTP
Proxy Type.
---
*Example*
```python
# Example automatically generated from non-compiling source. May contain errors.
ProxyType.HTTPS
```
### AddPermissionBoundaryProps <a name="AddPermissionBoundaryProps" id="@cdklabs/cdk-enterprise-iac.AddPermissionBoundaryProps"></a>
Properties to pass to the AddPermissionBoundary.
#### Initializer <a name="Initializer" id="@cdklabs/cdk-enterprise-iac.AddPermissionBoundaryProps.Initializer"></a>
```python
# Example automatically generated from non-compiling source. May contain errors.
from cdklabs.cdk_enterprise_iac import AddPermissionBoundaryProps
add_permission_boundary_props = AddPermissionBoundaryProps(...)
```
#### Properties <a name="Properties" id="Properties"></a>
| **Name** | **Type** | **Description** |
| --- | --- | --- |
| <code><a href="#@cdklabs/cdk-enterprise-iac.AddPermissionBoundaryProps.property.permissionsBoundaryPolicyName">permissionsBoundaryPolicyName</a></code> | <code>string</code> | Name of Permissions Boundary Policy to add to all IAM roles. |
| <code><a href="#@cdklabs/cdk-enterprise-iac.AddPermissionBoundaryProps.property.instanceProfilePrefix">instanceProfilePrefix</a></code> | <code>string</code> | A prefix to prepend to the name of the IAM InstanceProfiles (Default: ''). |
| <code><a href="#@cdklabs/cdk-enterprise-iac.AddPermissionBoundaryProps.property.policyPrefix">policyPrefix</a></code> | <code>string</code> | A prefix to prepend to the name of the IAM Policies and ManagedPolicies (Default: ''). |
| <code><a href="#@cdklabs/cdk-enterprise-iac.AddPermissionBoundaryProps.property.rolePrefix">rolePrefix</a></code> | <code>string</code> | A prefix to prepend to the name of IAM Roles (Default: ''). |
---
##### `permissionsBoundaryPolicyName`<sup>Required</sup> <a name="permissionsBoundaryPolicyName" id="@cdklabs/cdk-enterprise-iac.AddPermissionBoundaryProps.property.permissionsBoundaryPolicyName"></a>
```python
# Example automatically generated from non-compiling source. May contain errors.
permissionsBoundaryPolicyName: string;
```
* *Type:* string
Name of Permissions Boundary Policy to add to all IAM roles.
---
##### `instanceProfilePrefix`<sup>Optional</sup> <a name="instanceProfilePrefix" id="@cdklabs/cdk-enterprise-iac.AddPermissionBoundaryProps.property.instanceProfilePrefix"></a>
```python
# Example automatically generated from non-compiling source. May contain errors.
instanceProfilePrefix: string;
```
* *Type:* string
A prefix to prepend to the name of the IAM InstanceProfiles (Default: '').
---
##### `policyPrefix`<sup>Optional</sup> <a name="policyPrefix" id="@cdklabs/cdk-enterprise-iac.AddPermissionBoundaryProps.property.policyPrefix"></a>
```python
# Example automatically generated from non-compiling source. May contain errors.
policyPrefix: string;
```
* *Type:* string
A prefix to prepend to the name of the IAM Policies and ManagedPolicies (Default: '').
---
##### `rolePrefix`<sup>Optional</sup> <a name="rolePrefix" id="@cdklabs/cdk-enterprise-iac.AddPermissionBoundaryProps.property.rolePrefix"></a>
```python
# Example automatically generated from non-compiling source. May contain errors.
rolePrefix: string;
```
* *Type:* string
A prefix to prepend to the name of IAM Roles (Default: '').
---
### EcsIsoServiceAutoscalerProps <a name="EcsIsoServiceAutoscalerProps" id="@cdklabs/cdk-enterprise-iac.EcsIsoServiceAutoscalerProps"></a>
#### Initializer <a name="Initializer" id="@cdklabs/cdk-enterprise-iac.EcsIsoServiceAutoscalerProps.Initializer"></a>
```python
# Example automatically generated from non-compiling source. May contain errors.
from cdklabs.cdk_enterprise_iac import EcsIsoServiceAutoscalerProps
ecs_iso_service_autoscaler_props = EcsIsoServiceAutoscalerProps(...)
```
#### Properties <a name="Properties" id="Properties"></a>
| **Name** | **Type** | **Description** |
| --- | --- | --- |
| <code><a href="#@cdklabs/cdk-enterprise-iac.EcsIsoServiceAutoscalerProps.property.ecsCluster">ecsCluster</a></code> | <code>aws-cdk-lib.aws_ecs.Cluster</code> | The cluster the service you wish to scale resides in. |
| <code><a href="#@cdklabs/cdk-enterprise-iac.EcsIsoServiceAutoscalerProps.property.ecsService">ecsService</a></code> | <code>aws-cdk-lib.aws_ecs.IService</code> | The ECS service you wish to scale. |
| <code><a href="#@cdklabs/cdk-enterprise-iac.EcsIsoServiceAutoscalerProps.property.scaleAlarm">scaleAlarm</a></code> | <code>aws-cdk-lib.aws_cloudwatch.AlarmBase</code> | The Cloudwatch Alarm that will cause scaling actions to be invoked, whether it's in or not in alarm will determine scale up and down actions. |
| <code><a href="#@cdklabs/cdk-enterprise-iac.EcsIsoServiceAutoscalerProps.property.maximumTaskCount">maximumTaskCount</a></code> | <code>number</code> | The maximum number of tasks that the service will scale out to. |
| <code><a href="#@cdklabs/cdk-enterprise-iac.EcsIsoServiceAutoscalerProps.property.minimumTaskCount">minimumTaskCount</a></code> | <code>number</code> | The minimum number of tasks the service will have. |
| <code><a href="#@cdklabs/cdk-enterprise-iac.EcsIsoServiceAutoscalerProps.property.role">role</a></code> | <code>aws-cdk-lib.aws_iam.IRole</code> | Optional IAM role to attach to the created lambda to adjust the desired count on the ECS Service. |
| <code><a href="#@cdklabs/cdk-enterprise-iac.EcsIsoServiceAutoscalerProps.property.scaleInCooldown">scaleInCooldown</a></code> | <code>aws-cdk-lib.Duration</code> | How long will the application wait before performing another scale in action. |
| <code><a href="#@cdklabs/cdk-enterprise-iac.EcsIsoServiceAutoscalerProps.property.scaleInIncrement">scaleInIncrement</a></code> | <code>number</code> | The number of tasks that will scale in on scale in alarm status. |
| <code><a href="#@cdklabs/cdk-enterprise-iac.EcsIsoServiceAutoscalerProps.property.scaleOutCooldown">scaleOutCooldown</a></code> | <code>aws-cdk-lib.Duration</code> | How long will a the application wait before performing another scale out action. |
| <code><a href="#@cdklabs/cdk-enterprise-iac.EcsIsoServiceAutoscalerProps.property.scaleOutIncrement">scaleOutIncrement</a></code> | <code>number</code> | The number of tasks that will scale out on scale out alarm status. |
---
##### `ecsCluster`<sup>Required</sup> <a name="ecsCluster" id="@cdklabs/cdk-enterprise-iac.EcsIsoServiceAutoscalerProps.property.ecsCluster"></a>
```python
# Example automatically generated from non-compiling source. May contain errors.
ecsCluster: Cluster;
```
* *Type:* aws-cdk-lib.aws_ecs.Cluster
The cluster the service you wish to scale resides in.
---
##### `ecsService`<sup>Required</sup> <a name="ecsService" id="@cdklabs/cdk-enterprise-iac.EcsIsoServiceAutoscalerProps.property.ecsService"></a>
```python
# Example automatically generated from non-compiling source. May contain errors.
ecsService: IService;
```
* *Type:* aws-cdk-lib.aws_ecs.IService
The ECS service you wish to scale.
---
##### `scaleAlarm`<sup>Required</sup> <a name="scaleAlarm" id="@cdklabs/cdk-enterprise-iac.EcsIsoServiceAutoscalerProps.property.scaleAlarm"></a>
```python
# Example automatically generated from non-compiling source. May contain errors.
scaleAlarm: AlarmBase;
```
* *Type:* aws-cdk-lib.aws_cloudwatch.AlarmBase
The Cloudwatch Alarm that will cause scaling actions to be invoked, whether it's in or not in alarm will determine scale up and down actions.
Note: composite alarms can not be generated with CFN in all regions, while this allows you to pass in a composite alarm alarm creation is outside the scope of this construct
---
##### `maximumTaskCount`<sup>Optional</sup> <a name="maximumTaskCount" id="@cdklabs/cdk-enterprise-iac.EcsIsoServiceAutoscalerProps.property.maximumTaskCount"></a>
```python
# Example automatically generated from non-compiling source. May contain errors.
maximumTaskCount: number;
```
* *Type:* number
* *Default:* 10
The maximum number of tasks that the service will scale out to.
Note: This does not provide any protection from scaling out above the maximum allowed in your account, set this variable and manage account quotas appropriately.
---
##### `minimumTaskCount`<sup>Optional</sup> <a name="minimumTaskCount" id="@cdklabs/cdk-enterprise-iac.EcsIsoServiceAutoscalerProps.property.minimumTaskCount"></a>
```python
# Example automatically generated from non-compiling source. May contain errors.
minimumTaskCount: number;
```
* *Type:* number
* *Default:* 1
The minimum number of tasks the service will have.
---
##### `role`<sup>Optional</sup> <a name="role" id="@cdklabs/cdk-enterprise-iac.EcsIsoServiceAutoscalerProps.property.role"></a>
```python
# Example automatically generated from non-compiling source. May contain errors.
role: IRole;
```
* *Type:* aws-cdk-lib.aws_iam.IRole
* *Default:* A role is created for you with least privilege IAM policy
Optional IAM role to attach to the created lambda to adjust the desired count on the ECS Service.
Ensure this role has appropriate privileges. Example IAM policy statements:
```json
{
"PolicyDocument": {
"Statement": [
{
"Action": "cloudwatch:DescribeAlarms",
"Effect": "Allow",
"Resource": "*"
},
{
"Action": [
"ecs:DescribeServices",
"ecs:UpdateService"
],
"Condition": {
"StringEquals": {
"ecs:cluster": "arn:${Partition}:ecs:${Region}:${Account}:cluster/${ClusterName}"
}
},
"Effect": "Allow",
"Resource": "arn:${Partition}:ecs:${Region}:${Account}:service/${ClusterName}/${ServiceName}"
}
],
"Version": "2012-10-17"
}
}
```
---
##### `scaleInCooldown`<sup>Optional</sup> <a name="scaleInCooldown" id="@cdklabs/cdk-enterprise-iac.EcsIsoServiceAutoscalerProps.property.scaleInCooldown"></a>
```python
# Example automatically generated from non-compiling source. May contain errors.
scaleInCooldown: Duration;
```
* *Type:* aws-cdk-lib.Duration
* *Default:* 60 seconds
How long will the application wait before performing another scale in action.
---
##### `scaleInIncrement`<sup>Optional</sup> <a name="scaleInIncrement" id="@cdklabs/cdk-enterprise-iac.EcsIsoServiceAutoscalerProps.property.scaleInIncrement"></a>
```python
# Example automatically generated from non-compiling source. May contain errors.
scaleInIncrement: number;
```
* *Type:* number
* *Default:* 1
The number of tasks that will scale in on scale in alarm status.
---
##### `scaleOutCooldown`<sup>Optional</sup> <a name="scaleOutCooldown" id="@cdklabs/cdk-enterprise-iac.EcsIsoServiceAutoscalerProps.property.scaleOutCooldown"></a>
```python
# Example automatically generated from non-compiling source. May contain errors.
scaleOutCooldown: Duration;
```
* *Type:* aws-cdk-lib.Duration
* *Default:* 60 seconds
How long will a the application wait before performing another scale out action.
---
##### `scaleOutIncrement`<sup>Optional</sup> <a name="scaleOutIncrement" id="@cdklabs/cdk-enterprise-iac.EcsIsoServiceAutoscalerProps.property.scaleOutIncrement"></a>
```python
# Example automatically generated from non-compiling source. May contain errors.
scaleOutIncrement: number;
```
* *Type:* number
* *Default:* 1
The number of tasks that will scale out on scale out alarm status.
---
### PopulateWithConfigProps <a name="PopulateWithConfigProps" id="@cdklabs/cdk-enterprise-iac.PopulateWithConfigProps"></a>
#### Initializer <a name="Initializer" id="@cdklabs/cdk-enterprise-iac.PopulateWithConfigProps.Initializer"></a>
```python
# Example automatically generated from non-compiling source. May contain errors.
from cdklabs.cdk_enterprise_iac import PopulateWithConfigProps
populate_with_config_props = PopulateWithConfigProps(...)
```
#### Properties <a name="Properties" id="Properties"></a>
| **Name** | **Type** | **Description** |
| --- | --- | --- |
| <code><a href="#@cdklabs/cdk-enterprise-iac.PopulateWithConfigProps.property.localRouteTableId">localRouteTableId</a></code> | <code>string</code> | Local route table ID, with routes only to local VPC. |
| <code><a href="#@cdklabs/cdk-enterprise-iac.PopulateWithConfigProps.property.privateRouteTableId">privateRouteTableId</a></code> | <code>string</code> | Route table ID for a provided route table with routes to enterprise network. |
| <code><a href="#@cdklabs/cdk-enterprise-iac.PopulateWithConfigProps.property.subnetConfig">subnetConfig</a></code> | <code><a href="#@cdklabs/cdk-enterprise-iac.SubnetConfig">SubnetConfig</a>[]</code> | List of Subnet configs to provision to provision. |
| <code><a href="#@cdklabs/cdk-enterprise-iac.PopulateWithConfigProps.property.vpcId">vpcId</a></code> | <code>string</code> | ID of the VPC provided that needs to be populated. |
---
##### `localRouteTableId`<sup>Required</sup> <a name="localRouteTableId" id="@cdklabs/cdk-enterprise-iac.PopulateWithConfigProps.property.localRouteTableId"></a>
```python
# Example automatically generated from non-compiling source. May contain errors.
localRouteTableId: string;
```
* *Type:* string
Local route table ID, with routes only to local VPC.
---
##### `privateRouteTableId`<sup>Required</sup> <a name="privateRouteTableId" id="@cdklabs/cdk-enterprise-iac.PopulateWithConfigProps.property.privateRouteTableId"></a>
```python
# Example automatically generated from non-compiling source. May contain errors.
privateRouteTableId: string;
```
* *Type:* string
Route table ID for a provided route table with routes to enterprise network.
Both subnetType.PUBLIC and subnetType.PRIVATE_WITH_EGRESS will use this property
---
##### `subnetConfig`<sup>Required</sup> <a name="subnetConfig" id="@cdklabs/cdk-enterprise-iac.PopulateWithConfigProps.property.subnetConfig"></a>
```python
# Example automatically generated from non-compiling source. May contain errors.
subnetConfig: SubnetConfig[];
```
* *Type:* <a href="#@cdklabs/cdk-enterprise-iac.SubnetConfig">SubnetConfig</a>[]
List of Subnet configs to provision to provision.
---
##### `vpcId`<sup>Required</sup> <a name="vpcId" id="@cdklabs/cdk-enterprise-iac.PopulateWithConfigProps.property.vpcId"></a>
```python
# Example automatically generated from non-compiling source. May contain errors.
vpcId: string;
```
* *Type:* string
ID of the VPC provided that needs to be populated.
---
### RemoveTagsProps <a name="RemoveTagsProps" id="@cdklabs/cdk-enterprise-iac.RemoveTagsProps"></a>
#### Initializer <a name="Initializer" id="@cdklabs/cdk-enterprise-iac.RemoveTagsProps.Initializer"></a>
```python
# Example automatically generated from non-compiling source. May contain errors.
from cdklabs.cdk_enterprise_iac import RemoveTagsProps
remove_tags_props = RemoveTagsProps(...)
```
#### Properties <a name="Properties" id="Properties"></a>
| **Name** | **Type** | **Description** |
| --- | --- | --- |
| <code><a href="#@cdklabs/cdk-enterprise-iac.RemoveTagsProps.property.cloudformationResource">cloudformationResource</a></code> | <code>string</code> | Name of Cloudformation resource Type (e.g. 'AWS::Lambda::Function'). |
| <code><a href="#@cdklabs/cdk-enterprise-iac.RemoveTagsProps.property.tagPropertyName">tagPropertyName</a></code> | <code>string</code> | Name of the tag property to remove from the resource. |
---
##### `cloudformationResource`<sup>Required</sup> <a name="cloudformationResource" id="@cdklabs/cdk-enterprise-iac.RemoveTagsProps.property.cloudformationResource"></a>
```python
# Example automatically generated from non-compiling source. May contain errors.
cloudformationResource: string;
```
* *Type:* string
Name of Cloudformation resource Type (e.g. 'AWS::Lambda::Function').
---
##### `tagPropertyName`<sup>Optional</sup> <a name="tagPropertyName" id="@cdklabs/cdk-enterprise-iac.RemoveTagsProps.property.tagPropertyName"></a>
```python
# Example automatically generated from non-compiling source. May contain errors.
tagPropertyName: string;
```
* *Type:* string
* *Default:* Tags
Name of the tag property to remove from the resource.
---
### ResourceExtractorProps <a name="ResourceExtractorProps" id="@cdklabs/cdk-enterprise-iac.ResourceExtractorProps"></a>
#### Initializer <a name="Initializer" id="@cdklabs/cdk-enterprise-iac.ResourceExtractorProps.Initializer"></a>
```python
# Example automatically generated from non-compiling source. May contain errors.
from cdklabs.cdk_enterprise_iac import ResourceExtractorProps
resource_extractor_props = ResourceExtractorProps(...)
```
#### Properties <a name="Properties" id="Properties"></a>
| **Name** | **Type** | **Description** |
| --- | --- | --- |
| <code><a href="#@cdklabs/cdk-enterprise-iac.ResourceExtractorProps.property.extractDestinationStack">extractDestinationStack</a></code> | <code>aws-cdk-lib.Stack</code> | Stack to move found extracted resources into. |
| <code><a href="#@cdklabs/cdk-enterprise-iac.ResourceExtractorProps.property.resourceTypesToExtract">resourceTypesToExtract</a></code> | <code>string[]</code> | List of resource types to extract, ex: `AWS::IAM::Role`. |
| <code><a href="#@cdklabs/cdk-enterprise-iac.ResourceExtractorProps.property.stackArtifacts">stackArtifacts</a></code> | <code>aws-cdk-lib.cx_api.CloudFormationStackArtifact[]</code> | Synthed stack artifacts from your CDK app. |
| <code><a href="#@cdklabs/cdk-enterprise-iac.ResourceExtractorProps.property.additionalTransforms">additionalTransforms</a></code> | <code>{[ key: string ]: string}</code> | Additional resource transformations. |
| <code><a href="#@cdklabs/cdk-enterprise-iac.ResourceExtractorProps.property.valueShareMethod">valueShareMethod</a></code> | <code><a href="#@cdklabs/cdk-enterprise-iac.ResourceExtractorShareMethod">ResourceExtractorShareMethod</a></code> | The sharing method to use when passing exported resources from the "Extracted Stack" into the original stack(s). |
---
##### `extractDestinationStack`<sup>Required</sup> <a name="extractDestinationStack" id="@cdklabs/cdk-enterprise-iac.ResourceExtractorProps.property.extractDestinationStack"></a>
```python
extractDestinationStack: Stack;
```
* *Type:* aws-cdk-lib.Stack
Stack to move found extracted resources into.
---
##### `resourceTypesToExtract`<sup>Required</sup> <a name="resourceTypesToExtract" id="@cdklabs/cdk-enterprise-iac.ResourceExtractorProps.property.resourceTypesToExtract"></a>
```python
# Example automatically generated from non-compiling source. May contain errors.
resourceTypesToExtract: string[];
```
* *Type:* string[]
List of resource types to extract, ex: `AWS::IAM::Role`.
---
##### `stackArtifacts`<sup>Required</sup> <a name="stackArtifacts" id="@cdklabs/cdk-enterprise-iac.ResourceExtractorProps.property.stackArtifacts"></a>
```python
# Example automatically generated from non-compiling source. May contain errors.
stackArtifacts: CloudFormationStackArtifact[];
```
* *Type:* aws-cdk-lib.cx_api.CloudFormationStackArtifact[]
Synthed stack artifacts from your CDK app.
---
##### `additionalTransforms`<sup>Optional</sup> <a name="additionalTransforms" id="@cdklabs/cdk-enterprise-iac.ResourceExtractorProps.property.additionalTransforms"></a>
```python
# Example automatically generated from non-compiling source. May contain errors.
additionalTransforms: {[ key: string ]: string}
```
* *Type:* {[ key: string ]: string}
Additional resource transformations.
---
##### `valueShareMethod`<sup>Optional</sup> <a name="valueShareMethod" id="@cdklabs/cdk-enterprise-iac.ResourceExtractorProps.property.valueShareMethod"></a>
```python
# Example automatically generated from non-compiling source. May contain errors.
valueShareMethod: ResourceExtractorShareMethod;
```
* *Type:* <a href="#@cdklabs/cdk-enterprise-iac.ResourceExtractorShareMethod">ResourceExtractorShareMethod</a>
The sharing method to use when passing exported resources from the "Extracted Stack" into the original stack(s).
---
### SetApiGatewayEndpointConfigurationProps <a name="SetApiGatewayEndpointConfigurationProps" id="@cdklabs/cdk-enterprise-iac.SetApiGatewayEndpointConfigurationProps"></a>
#### Initializer <a name="Initializer" id="@cdklabs/cdk-enterprise-iac.SetApiGatewayEndpointConfigurationProps.Initializer"></a>
```python
# Example automatically generated from non-compiling source. May contain errors.
from cdklabs.cdk_enterprise_iac import SetApiGatewayEndpointConfigurationProps
set_api_gateway_endpoint_configuration_props = SetApiGatewayEndpointConfigurationProps(...)
```
#### Properties <a name="Properties" id="Properties"></a>
| **Name** | **Type** | **Description** |
| --- | --- | --- |
| <code><a href="#@cdklabs/cdk-enterprise-iac.SetApiGatewayEndpointConfigurationProps.property.endpointType">endpointType</a></code> | <code>aws-cdk-lib.aws_apigateway.EndpointType</code> | API Gateway endpoint type to override to. |
---
##### `endpointType`<sup>Optional</sup> <a name="endpointType" id="@cdklabs/cdk-enterprise-iac.SetApiGatewayEndpointConfigurationProps.property.endpointType"></a>
```python
# Example automatically generated from non-compiling source. May contain errors.
endpointType: EndpointType;
```
* *Type:* aws-cdk-lib.aws_apigateway.EndpointType
* *Default:* EndpointType.REGIONAL
API Gateway endpoint type to override to.
Defaults to EndpointType.REGIONAL
---
### SplitVpcEvenlyProps <a name="SplitVpcEvenlyProps" id="@cdklabs/cdk-enterprise-iac.SplitVpcEvenlyProps"></a>
#### Initializer <a name="Initializer" id="@cdklabs/cdk-enterprise-iac.SplitVpcEvenlyProps.Initializer"></a>
```python
# Example automatically generated from non-compiling source. May contain errors.
from cdklabs.cdk_enterprise_iac import SplitVpcEvenlyProps
split_vpc_evenly_props = SplitVpcEvenlyProps(...)
```
#### Properties <a name="Properties" id="Properties"></a>
| **Name** | **Type** | **Description** |
| --- | --- | --- |
| <code><a href="#@cdklabs/cdk-enterprise-iac.SplitVpcEvenlyProps.property.routeTableId">routeTableId</a></code> | <code>string</code> | Route Table ID that will be attached to each subnet created. |
| <code><a href="#@cdklabs/cdk-enterprise-iac.SplitVpcEvenlyProps.property.vpcCidr">vpcCidr</a></code> | <code>string</code> | CIDR range of the VPC you're populating. |
| <code><a href="#@cdklabs/cdk-enterprise-iac.SplitVpcEvenlyProps.property.vpcId">vpcId</a></code> | <code>string</code> | ID of the existing VPC you're trying to populate. |
| <code><a href="#@cdklabs/cdk-enterprise-iac.SplitVpcEvenlyProps.property.cidrBits">cidrBits</a></code> | <code>string</code> | `cidrBits` argument for the [`Fn::Cidr`](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/intrinsic-function-reference-cidr.html) Cloudformation intrinsic function. |
| <code><a href="#@cdklabs/cdk-enterprise-iac.SplitVpcEvenlyProps.property.numberOfAzs">numberOfAzs</a></code> | <code>number</code> | Number of AZs to evenly split into. |
| <code><a href="#@cdklabs/cdk-enterprise-iac.SplitVpcEvenlyProps.property.subnetType">subnetType</a></code> | <code>aws-cdk-lib.aws_ec2.SubnetType</code> | *No description.* |
---
##### `routeTableId`<sup>Required</sup> <a name="routeTableId" id="@cdklabs/cdk-enterprise-iac.SplitVpcEvenlyProps.property.routeTableId"></a>
```python
# Example automatically generated from non-compiling source. May contain errors.
routeTableId: string;
```
* *Type:* string
Route Table ID that will be attached to each subnet created.
---
##### `vpcCidr`<sup>Required</sup> <a name="vpcCidr" id="@cdklabs/cdk-enterprise-iac.SplitVpcEvenlyProps.property.vpcCidr"></a>
```python
# Example automatically generated from non-compiling source. May contain errors.
vpcCidr: string;
```
* *Type:* string
CIDR range of the VPC you're populating.
---
##### `vpcId`<sup>Required</sup> <a name="vpcId" id="@cdklabs/cdk-enterprise-iac.SplitVpcEvenlyProps.property.vpcId"></a>
```python
# Example automatically generated from non-compiling source. May contain errors.
vpcId: string;
```
* *Type:* string
ID of the existing VPC you're trying to populate.
---
##### `cidrBits`<sup>Optional</sup> <a name="cidrBits" id="@cdklabs/cdk-enterprise-iac.SplitVpcEvenlyProps.property.cidrBits"></a>
```python
# Example automatically generated from non-compiling source. May contain errors.
cidrBits: string;
```
* *Type:* string
* *Default:* '6'
`cidrBits` argument for the [`Fn::Cidr`](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/intrinsic-function-reference-cidr.html) Cloudformation intrinsic function.
---
##### `numberOfAzs`<sup>Optional</sup> <a name="numberOfAzs" id="@cdklabs/cdk-enterprise-iac.SplitVpcEvenlyProps.property.numberOfAzs"></a>
```python
# Example automatically generated from non-compiling source. May contain errors.
numberOfAzs: number;
```
* *Type:* number
* *Default:* 3
Number of AZs to evenly split into.
---
##### `subnetType`<sup>Optional</sup> <a name="subnetType" id="@cdklabs/cdk-enterprise-iac.SplitVpcEvenlyProps.property.subnetType"></a>
```python
# Example automatically generated from non-compiling source. May contain errors.
subnetType: SubnetType;
```
* *Type:* aws-cdk-lib.aws_ec2.SubnetType
* *Default:* subnetType.PRIVATE
---
### SubnetConfig <a name="SubnetConfig" id="@cdklabs/cdk-enterprise-iac.SubnetConfig"></a>
#### Initializer <a name="Initializer" id="@cdklabs/cdk-enterprise-iac.SubnetConfig.Initializer"></a>
```python
# Example automatically generated from non-compiling source. May contain errors.
from cdklabs.cdk_enterprise_iac import SubnetConfig
subnet_config = SubnetConfig(...)
```
#### Properties <a name="Properties" id="Properties"></a>
| **Name** | **Type** | **Description** |
| --- | --- | --- |
| <code><a href="#@cdklabs/cdk-enterprise-iac.SubnetConfig.property.availabilityZone">availabilityZone</a></code> | <code>string</code> | Which availability zone the subnet should be in. |
| <code><a href="#@cdklabs/cdk-enterprise-iac.SubnetConfig.property.cidrRange">cidrRange</a></code> | <code>string</code> | Cidr range of the subnet to create. |
| <code><a href="#@cdklabs/cdk-enterprise-iac.SubnetConfig.property.groupName">groupName</a></code> | <code>string</code> | Logical group name of a subnet. |
| <code><a href="#@cdklabs/cdk-enterprise-iac.SubnetConfig.property.subnetType">subnetType</a></code> | <code>aws-cdk-lib.aws_ec2.SubnetType</code> | What [SubnetType](https://docs.aws.amazon.com/cdk/api/v2/docs/aws-cdk-lib.aws_ec2.SubnetType.html) to use. |
---
##### `availabilityZone`<sup>Required</sup> <a name="availabilityZone" id="@cdklabs/cdk-enterprise-iac.SubnetConfig.property.availabilityZone"></a>
```python
# Example automatically generated from non-compiling source. May contain errors.
availabilityZone: string;
```
* *Type:* string
Which availability zone the subnet should be in.
---
##### `cidrRange`<sup>Required</sup> <a name="cidrRange" id="@cdklabs/cdk-enterprise-iac.SubnetConfig.property.cidrRange"></a>
```python
# Example automatically generated from non-compiling source. May contain errors.
cidrRange: string;
```
* *Type:* string
Cidr range of the subnet to create.
---
##### `groupName`<sup>Required</sup> <a name="groupName" id="@cdklabs/cdk-enterprise-iac.SubnetConfig.property.groupName"></a>
```python
# Example automatically generated from non-compiling source. May contain errors.
groupName: string;
```
* *Type:* string
Logical group name of a subnet.
---
*Example*
```python
# Example automatically generated from non-compiling source. May contain errors.
db
```
##### `subnetType`<sup>Required</sup> <a name="subnetType" id="@cdklabs/cdk-enterprise-iac.SubnetConfig.property.subnetType"></a>
```python
# Example automatically generated from non-compiling source. May contain errors.
subnetType: SubnetType;
```
* *Type:* aws-cdk-lib.aws_ec2.SubnetType
What [SubnetType](https://docs.aws.amazon.com/cdk/api/v2/docs/aws-cdk-lib.aws_ec2.SubnetType.html) to use.
This will govern the `aws-cdk:subnet-type` tag on the subnet
SubnetType | `aws-cdk:subnet-type` tag value
--- | ---
`PRIVATE_ISOLATED` | 'Isolated'
`PRIVATE_WITH_EGRESS` | 'Private'
`PUBLIC` | 'Public'
---
## Classes <a name="Classes" id="Classes"></a>
### AddCfnInitProxy <a name="AddCfnInitProxy" id="@cdklabs/cdk-enterprise-iac.AddCfnInitProxy"></a>
* *Implements:* aws-cdk-lib.IAspect
Add proxy configuration to Cloudformation helper functions.
#### Initializers <a name="Initializers" id="@cdklabs/cdk-enterprise-iac.AddCfnInitProxy.Initializer"></a>
```python
# Example automatically generated from non-compiling source. May contain errors.
from cdklabs.cdk_enterprise_iac import AddCfnInitProxy
AddCfnInitProxy(props, AddCfnInitProxyProps)
```
| **Name** | **Type** | **Description** |
| --- | --- | --- |
| <code><a href="#@cdklabs/cdk-enterprise-iac.AddCfnInitProxy.Initializer.parameter.props">props</a></code> | <code><a href="#@cdklabs/cdk-enterprise-iac.AddCfnInitProxyProps">AddCfnInitProxyProps</a></code> | *No description.* |
---
##### `props`<sup>Required</sup> <a name="props" id="@cdklabs/cdk-enterprise-iac.AddCfnInitProxy.Initializer.parameter.props"></a>
* *Type:* <a href="#@cdklabs/cdk-enterprise-iac.AddCfnInitProxyProps">AddCfnInitProxyProps</a>
---
#### Methods <a name="Methods" id="Methods"></a>
| **Name** | **Description** |
| --- | --- |
| <code><a href="#@cdklabs/cdk-enterprise-iac.AddCfnInitProxy.visit">visit</a></code> | All aspects can visit an IConstruct. |
---
##### `visit` <a name="visit" id="@cdklabs/cdk-enterprise-iac.AddCfnInitProxy.visit"></a>
```python
# Example automatically generated from non-compiling source. May contain errors.
visit(node, IConstruct)
```
All aspects can visit an IConstruct.
###### `node`<sup>Required</sup> <a name="node" id="@cdklabs/cdk-enterprise-iac.AddCfnInitProxy.visit.parameter.node"></a>
* *Type:* constructs.IConstruct
---
### AddLambdaEnvironmentVariables <a name="AddLambdaEnvironmentVariables" id="@cdklabs/cdk-enterprise-iac.AddLambdaEnvironmentVariables"></a>
* *Implements:* aws-cdk-lib.IAspect
Add one or more environment variables to *all* lambda functions within a scope.
#### Initializers <a name="Initializers" id="@cdklabs/cdk-enterprise-iac.AddLambdaEnvironmentVariables.Initializer"></a>
```python
# Example automatically generated from non-compiling source. May contain errors.
from cdklabs.cdk_enterprise_iac import AddLambdaEnvironmentVariables
AddLambdaEnvironmentVariables(props, {"key": string, "string": string})
```
| **Name** | **Type** | **Description** |
| --- | --- | --- |
| <code><a href="#@cdklabs/cdk-enterprise-iac.AddLambdaEnvironmentVariables.Initializer.parameter.props">props</a></code> | <code>{[ key: string ]: string}</code> | : string} props - Key Value pair(s) for environment variables to add to all lambda functions. |
---
##### `props`<sup>Required</sup> <a name="props" id="@cdklabs/cdk-enterprise-iac.AddLambdaEnvironmentVariables.Initializer.parameter.props"></a>
* *Type:* {[ key: string ]: string}
: string} props - Key Value pair(s) for environment variables to add to all lambda functions.
---
#### Methods <a name="Methods" id="Methods"></a>
| **Name** | **Description** |
| --- | --- |
| <code><a href="#@cdklabs/cdk-enterprise-iac.AddLambdaEnvironmentVariables.visit">visit</a></code> | All aspects can visit an IConstruct. |
---
##### `visit` <a name="visit" id="@cdklabs/cdk-enterprise-iac.AddLambdaEnvironmentVariables.visit"></a>
```python
# Example automatically generated from non-compiling source. May contain errors.
visit(node, IConstruct)
```
All aspects can visit an IConstruct.
###### `node`<sup>Required</sup> <a name="node" id="@cdklabs/cdk-enterprise-iac.AddLambdaEnvironmentVariables.visit.parameter.node"></a>
* *Type:* constructs.IConstruct
---
### AddPermissionBoundary <a name="AddPermissionBoundary" id="@cdklabs/cdk-enterprise-iac.AddPermissionBoundary"></a>
* *Implements:* aws-cdk-lib.IAspect
A patch for Adding Permissions Boundaries to all IAM roles.
Additional options for adding prefixes to IAM role, policy and instance profile names
Can account for non commercial partitions (e.g. aws-gov, aws-cn)
#### Initializers <a name="Initializers" id="@cdklabs/cdk-enterprise-iac.AddPermissionBoundary.Initializer"></a>
```python
# Example automatically generated from non-compiling source. May contain errors.
from cdklabs.cdk_enterprise_iac import AddPermissionBoundary
AddPermissionBoundary(props, AddPermissionBoundaryProps)
```
| **Name** | **Type** | **Description** |
| --- | --- | --- |
| <code><a href="#@cdklabs/cdk-enterprise-iac.AddPermissionBoundary.Initializer.parameter.props">props</a></code> | <code><a href="#@cdklabs/cdk-enterprise-iac.AddPermissionBoundaryProps">AddPermissionBoundaryProps</a></code> | *No description.* |
---
##### `props`<sup>Required</sup> <a name="props" id="@cdklabs/cdk-enterprise-iac.AddPermissionBoundary.Initializer.parameter.props"></a>
* *Type:* <a href="#@cdklabs/cdk-enterprise-iac.AddPermissionBoundaryProps">AddPermissionBoundaryProps</a>
---
#### Methods <a name="Methods" id="Methods"></a>
| **Name** | **Description** |
| --- | --- |
| <code><a href="#@cdklabs/cdk-enterprise-iac.AddPermissionBoundary.checkAndOverride">checkAndOverride</a></code> | *No description.* |
| <code><a href="#@cdklabs/cdk-enterprise-iac.AddPermissionBoundary.visit">visit</a></code> | All aspects can visit an IConstruct. |
---
##### `checkAndOverride` <a name="checkAndOverride" id="@cdklabs/cdk-enterprise-iac.AddPermissionBoundary.checkAndOverride"></a>
```python
# Example automatically generated from non-compiling source. May contain errors.
check_and_override(node, CfnResource, prefix, string, length, number, cfn_prop, string, cdkProp?: string)
```
###### `node`<sup>Required</sup> <a name="node" id="@cdklabs/cdk-enterprise-iac.AddPermissionBoundary.checkAndOverride.parameter.node"></a>
* *Type:* aws-cdk-lib.CfnResource
---
###### `prefix`<sup>Required</sup> <a name="prefix" id="@cdklabs/cdk-enterprise-iac.AddPermissionBoundary.checkAndOverride.parameter.prefix"></a>
* *Type:* string
---
###### `length`<sup>Required</sup> <a name="length" id="@cdklabs/cdk-enterprise-iac.AddPermissionBoundary.checkAndOverride.parameter.length"></a>
* *Type:* number
---
###### `cfnProp`<sup>Required</sup> <a name="cfnProp" id="@cdklabs/cdk-enterprise-iac.AddPermissionBoundary.checkAndOverride.parameter.cfnProp"></a>
* *Type:* string
---
###### `cdkProp`<sup>Optional</sup> <a name="cdkProp" id="@cdklabs/cdk-enterprise-iac.AddPermissionBoundary.checkAndOverride.parameter.cdkProp"></a>
* *Type:* string
---
##### `visit` <a name="visit" id="@cdklabs/cdk-enterprise-iac.AddPermissionBoundary.visit"></a>
```python
# Example automatically generated from non-compiling source. May contain errors.
visit(node, IConstruct)
```
All aspects can visit an IConstruct.
###### `node`<sup>Required</sup> <a name="node" id="@cdklabs/cdk-enterprise-iac.AddPermissionBoundary.visit.parameter.node"></a>
* *Type:* constructs.IConstruct
---
### ConvertInlinePoliciesToManaged <a name="ConvertInlinePoliciesToManaged" id="@cdklabs/cdk-enterprise-iac.ConvertInlinePoliciesToManaged"></a>
* *Implements:* aws-cdk-lib.IAspect
Patch for turning all Policies into ConvertInlinePoliciesToManaged.
Some users have policies in place that make it impossible to create inline policies. Instead,
they must use managed policies.
Note that order matters with this aspect. Specifically, it should generally be added first.
This is because other aspects may add overrides that would be lost if applied before
this aspect since the original aspect is removed and replaced.
*Example*
```python
# Example automatically generated from non-compiling source. May contain errors.
# Replace all AWS::IAM::Policy resources with equivalent AWS::IAM::ManagedPolicy
Aspects.of(stack).add(ConvertInlinePoliciesToManaged())
```
#### Initializers <a name="Initializers" id="@cdklabs/cdk-enterprise-iac.ConvertInlinePoliciesToManaged.Initializer"></a>
```python
from cdklabs.cdk_enterprise_iac import ConvertInlinePoliciesToManaged
ConvertInlinePoliciesToManaged()
```
| **Name** | **Type** | **Description** |
| --- | --- | --- |
---
#### Methods <a name="Methods" id="Methods"></a>
| **Name** | **Description** |
| --- | --- |
| <code><a href="#@cdklabs/cdk-enterprise-iac.ConvertInlinePoliciesToManaged.visit">visit</a></code> | All aspects can visit an IConstruct. |
---
##### `visit` <a name="visit" id="@cdklabs/cdk-enterprise-iac.ConvertInlinePoliciesToManaged.visit"></a>
```python
# Example automatically generated from non-compiling source. May contain errors.
visit(node, IConstruct)
```
All aspects can visit an IConstruct.
###### `node`<sup>Required</sup> <a name="node" id="@cdklabs/cdk-enterprise-iac.ConvertInlinePoliciesToManaged.visit.parameter.node"></a>
* *Type:* constructs.IConstruct
---
### RemovePublicAccessBlockConfiguration <a name="RemovePublicAccessBlockConfiguration" id="@cdklabs/cdk-enterprise-iac.RemovePublicAccessBlockConfiguration"></a>
* *Implements:* aws-cdk-lib.IAspect
Looks for S3 Buckets, and removes the `PublicAccessBlockConfiguration` property.
For use in regions where Cloudformation doesn't support this property
#### Initializers <a name="Initializers" id="@cdklabs/cdk-enterprise-iac.RemovePublicAccessBlockConfiguration.Initializer"></a>
```python
from cdklabs.cdk_enterprise_iac import RemovePublicAccessBlockConfiguration
RemovePublicAccessBlockConfiguration()
```
| **Name** | **Type** | **Description** |
| --- | --- | --- |
---
#### Methods <a name="Methods" id="Methods"></a>
| **Name** | **Description** |
| --- | --- |
| <code><a href="#@cdklabs/cdk-enterprise-iac.RemovePublicAccessBlockConfiguration.visit">visit</a></code> | All aspects can visit an IConstruct. |
---
##### `visit` <a name="visit" id="@cdklabs/cdk-enterprise-iac.RemovePublicAccessBlockConfiguration.visit"></a>
```python
# Example automatically generated from non-compiling source. May contain errors.
visit(node, IConstruct)
```
All aspects can visit an IConstruct.
###### `node`<sup>Required</sup> <a name="node" id="@cdklabs/cdk-enterprise-iac.RemovePublicAccessBlockConfiguration.visit.parameter.node"></a>
* *Type:* constructs.IConstruct
---
### RemoveTags <a name="RemoveTags" id="@cdklabs/cdk-enterprise-iac.RemoveTags"></a>
* *Implements:* aws-cdk-lib.IAspect
Patch for removing tags from a specific Cloudformation Resource.
In some regions, the 'Tags' property isn't supported in Cloudformation. This patch makes it easy to remove
*Example*
```python
# Example automatically generated from non-compiling source. May contain errors.
# Remove tags on a resource
Aspects.of(stack).add(RemoveTags(
cloudformation_resource="AWS::ECS::Cluster"
))
# Remove tags without the standard 'Tags' name
Aspects.of(stack).add(RemoveTags(
cloudformation_resource="AWS::Backup::BackupPlan",
tag_property_name="BackupPlanTags"
))
```
#### Initializers <a name="Initializers" id="@cdklabs/cdk-enterprise-iac.RemoveTags.Initializer"></a>
```python
# Example automatically generated from non-compiling source. May contain errors.
from cdklabs.cdk_enterprise_iac import RemoveTags
RemoveTags(props, RemoveTagsProps)
```
| **Name** | **Type** | **Description** |
| --- | --- | --- |
| <code><a href="#@cdklabs/cdk-enterprise-iac.RemoveTags.Initializer.parameter.props">props</a></code> | <code><a href="#@cdklabs/cdk-enterprise-iac.RemoveTagsProps">RemoveTagsProps</a></code> | *No description.* |
---
##### `props`<sup>Required</sup> <a name="props" id="@cdklabs/cdk-enterprise-iac.RemoveTags.Initializer.parameter.props"></a>
* *Type:* <a href="#@cdklabs/cdk-enterprise-iac.RemoveTagsProps">RemoveTagsProps</a>
---
#### Methods <a name="Methods" id="Methods"></a>
| **Name** | **Description** |
| --- | --- |
| <code><a href="#@cdklabs/cdk-enterprise-iac.RemoveTags.visit">visit</a></code> | All aspects can visit an IConstruct. |
---
##### `visit` <a name="visit" id="@cdklabs/cdk-enterprise-iac.RemoveTags.visit"></a>
```python
# Example automatically generated from non-compiling source. May contain errors.
visit(node, IConstruct)
```
All aspects can visit an IConstruct.
###### `node`<sup>Required</sup> <a name="node" id="@cdklabs/cdk-enterprise-iac.RemoveTags.visit.parameter.node"></a>
* *Type:* constructs.IConstruct
---
### ResourceExtractor <a name="ResourceExtractor" id="@cdklabs/cdk-enterprise-iac.ResourceExtractor"></a>
* *Implements:* aws-cdk-lib.IAspect
This Aspect takes a CDK application, all synthesized CloudFormationStackArtifact, a value share method, and a list of Cloudformation resources that should be pulled out of the main CDK application, which should be synthesized to a cloudformation template that an external team (e.g. security team) to deploy, and adjusting the CDK application to reference pre-created resources already pulled out.
*Example*
```python
# Example automatically generated from non-compiling source. May contain errors.
app = App()
stack = Stack(app, "MyStack")
extracted_stack = Stack(app, "ExtractedStack")
synthed_app = app.synth()
Aspects.of(app).add(ResourceExtractor(
extract_destination_stack=extracted_stack,
stack_artifacts=synthed_app.stacks,
value_share_method=ResourceExtractorShareMethod.CFN_OUTPUT,
resource_types_to_extract=["AWS::IAM::Role", "AWS::IAM::Policy", "AWS::IAM::ManagedPolicy", "AWS::IAM::InstanceProfile"
]
))
app.synth(force=True)
```
#### Initializers <a name="Initializers" id="@cdklabs/cdk-enterprise-iac.ResourceExtractor.Initializer"></a>
```python
# Example automatically generated from non-compiling source. May contain errors.
from cdklabs.cdk_enterprise_iac import ResourceExtractor
ResourceExtractor(props, ResourceExtractorProps)
```
| **Name** | **Type** | **Description** |
| --- | --- | --- |
| <code><a href="#@cdklabs/cdk-enterprise-iac.ResourceExtractor.Initializer.parameter.props">props</a></code> | <code><a href="#@cdklabs/cdk-enterprise-iac.ResourceExtractorProps">ResourceExtractorProps</a></code> | *No description.* |
---
##### `props`<sup>Required</sup> <a name="props" id="@cdklabs/cdk-enterprise-iac.ResourceExtractor.Initializer.parameter.props"></a>
* *Type:* <a href="#@cdklabs/cdk-enterprise-iac.ResourceExtractorProps">ResourceExtractorProps</a>
---
#### Methods <a name="Methods" id="Methods"></a>
| **Name** | **Description** |
| --- | --- |
| <code><a href="#@cdklabs/cdk-enterprise-iac.ResourceExtractor.visit">visit</a></code> | Entrypoint. |
---
##### `visit` <a name="visit" id="@cdklabs/cdk-enterprise-iac.ResourceExtractor.visit"></a>
```python
# Example automatically generated from non-compiling source. May contain errors.
visit(node, IConstruct)
```
Entrypoint.
###### `node`<sup>Required</sup> <a name="node" id="@cdklabs/cdk-enterprise-iac.ResourceExtractor.visit.parameter.node"></a>
* *Type:* constructs.IConstruct
---
### SetApiGatewayEndpointConfiguration <a name="SetApiGatewayEndpointConfiguration" id="@cdklabs/cdk-enterprise-iac.SetApiGatewayEndpointConfiguration"></a>
* *Implements:* aws-cdk-lib.IAspect
Override RestApis to use a set endpoint configuration.
Some regions don't support EDGE endpoints, and some enterprises require
specific endpoint types for RestApis
#### Initializers <a name="Initializers" id="@cdklabs/cdk-enterprise-iac.SetApiGatewayEndpointConfiguration.Initializer"></a>
```python
# Example automatically generated from non-compiling source. May contain errors.
from cdklabs.cdk_enterprise_iac import SetApiGatewayEndpointConfiguration
SetApiGatewayEndpointConfiguration(props?: SetApiGatewayEndpointConfigurationProps)
```
| **Name** | **Type** | **Description** |
| --- | --- | --- |
| <code><a href="#@cdklabs/cdk-enterprise-iac.SetApiGatewayEndpointConfiguration.Initializer.parameter.props">props</a></code> | <code><a href="#@cdklabs/cdk-enterprise-iac.SetApiGatewayEndpointConfigurationProps">SetApiGatewayEndpointConfigurationProps</a></code> | *No description.* |
---
##### `props`<sup>Optional</sup> <a name="props" id="@cdklabs/cdk-enterprise-iac.SetApiGatewayEndpointConfiguration.Initializer.parameter.props"></a>
* *Type:* <a href="#@cdklabs/cdk-enterprise-iac.SetApiGatewayEndpointConfigurationProps">SetApiGatewayEndpointConfigurationProps</a>
---
#### Methods <a name="Methods" id="Methods"></a>
| **Name** | **Description** |
| --- | --- |
| <code><a href="#@cdklabs/cdk-enterprise-iac.SetApiGatewayEndpointConfiguration.visit">visit</a></code> | All aspects can visit an IConstruct. |
---
##### `visit` <a name="visit" id="@cdklabs/cdk-enterprise-iac.SetApiGatewayEndpointConfiguration.visit"></a>
```python
# Example automatically generated from non-compiling source. May contain errors.
visit(node, IConstruct)
```
All aspects can visit an IConstruct.
###### `node`<sup>Required</sup> <a name="node" id="@cdklabs/cdk-enterprise-iac.SetApiGatewayEndpointConfiguration.visit.parameter.node"></a>
* *Type:* constructs.IConstruct
---
## Enums <a name="Enums" id="Enums"></a>
### ProxyType <a name="ProxyType" id="@cdklabs/cdk-enterprise-iac.ProxyType"></a>
Whether an http-proxy or https-proxy.
#### Members <a name="Members" id="Members"></a>
| **Name** | **Description** |
| --- | --- |
| <code><a href="#@cdklabs/cdk-enterprise-iac.ProxyType.HTTP">HTTP</a></code> | --http-proxy. |
| <code><a href="#@cdklabs/cdk-enterprise-iac.ProxyType.HTTPS">HTTPS</a></code> | --https-proxy. |
---
##### `HTTP` <a name="HTTP" id="@cdklabs/cdk-enterprise-iac.ProxyType.HTTP"></a>
-http-proxy.
---
##### `HTTPS` <a name="HTTPS" id="@cdklabs/cdk-enterprise-iac.ProxyType.HTTPS"></a>
-https-proxy.
---
### ResourceExtractorShareMethod <a name="ResourceExtractorShareMethod" id="@cdklabs/cdk-enterprise-iac.ResourceExtractorShareMethod"></a>
The available value sharing methods to pass values from the extracted stack onto the original stack(s).
#### Members <a name="Members" id="Members"></a>
| **Name** | **Description** |
| --- | --- |
| <code><a href="#@cdklabs/cdk-enterprise-iac.ResourceExtractorShareMethod.CFN_OUTPUT">CFN_OUTPUT</a></code> | *No description.* |
| <code><a href="#@cdklabs/cdk-enterprise-iac.ResourceExtractorShareMethod.SSM_PARAMETER">SSM_PARAMETER</a></code> | *No description.* |
| <code><a href="#@cdklabs/cdk-enterprise-iac.ResourceExtractorShareMethod.API_LOOKUP">API_LOOKUP</a></code> | *No description.* |
---
##### `CFN_OUTPUT` <a name="CFN_OUTPUT" id="@cdklabs/cdk-enterprise-iac.ResourceExtractorShareMethod.CFN_OUTPUT"></a>
---
##### `SSM_PARAMETER` <a name="SSM_PARAMETER" id="@cdklabs/cdk-enterprise-iac.ResourceExtractorShareMethod.SSM_PARAMETER"></a>
---
##### `API_LOOKUP` <a name="API_LOOKUP" id="@cdklabs/cdk-enterprise-iac.ResourceExtractorShareMethod.API_LOOKUP"></a>
---
### ResourceTransform <a name="ResourceTransform" id="@cdklabs/cdk-enterprise-iac.ResourceTransform"></a>
#### Members <a name="Members" id="Members"></a>
| **Name** | **Description** |
| --- | --- |
| <code><a href="#@cdklabs/cdk-enterprise-iac.ResourceTransform.STACK_NAME">STACK_NAME</a></code> | *No description.* |
| <code><a href="#@cdklabs/cdk-enterprise-iac.ResourceTransform.LOGICAL_ID">LOGICAL_ID</a></code> | *No description.* |
---
##### `STACK_NAME` <a name="STACK_NAME" id="@cdklabs/cdk-enterprise-iac.ResourceTransform.STACK_NAME"></a>
---
##### `LOGICAL_ID` <a name="LOGICAL_ID" id="@cdklabs/cdk-enterprise-iac.ResourceTransform.LOGICAL_ID"></a>
---
</details>
Raw data
{
"_id": null,
"home_page": "https://github.com/cdklabs/cdk-enterprise-iac.git",
"name": "cdklabs.cdk-enterprise-iac",
"maintainer": null,
"docs_url": null,
"requires_python": "~=3.8",
"maintainer_email": null,
"keywords": null,
"author": "Amazon Web Services<aws-cdk-dev@amazon.com>",
"author_email": null,
"download_url": "https://files.pythonhosted.org/packages/36/42/611e37a231a0ba1810b50b75f903d5dcadf201a883f295e143954c17f0cf/cdklabs.cdk-enterprise-iac-0.0.446.tar.gz",
"platform": null,
"description": "<!--\nCopyright Amazon.com, Inc. or its affiliates. All Rights Reserved.\nSPDX-License-Identifier: Apache-2.0\n-->\n\n# CDK Enterprise IaC\n\nUtilities for using CDK within enterprise constraints.\n\n## Install\n\nTypescript\n\n```zsh\nnpm install @cdklabs/cdk-enterprise-iac\n```\n\nPython\n\n```zsh\npip install cdklabs.cdk-enterprise-iac\n```\n\n## Who this project is for\n\nWithin large enterprises, builders can come up against enterprise imposed constraints when deploying on AWS.\n\nThis could be simple things such as \"All IAM roles must have a specific Permissions Boundary attached\".\n\nThis could also be more restrictive such as strict separation of duties, only allowing certain teams the ability to deploy specific AWS resources (e.g. Networking team can deploy VPCs, Subnets, and route tables. Security team can deploy IAM resources. Developers can deploy Compute. DBAs can deploy Databases, etc.)\n\nEnterprises with very restrictive environments like these would benefit from taking a closer look at their policies to see how they can allow builders to safely deploy resources with less friction. However in many enterprises this is easier said than done, and builders are still expected to deliver.\n\nThis project is meant to reduce friction for builders working within these enterprise constraints while the enterprise determines what policies make the most sense for their organization, and is in no way prescriptive.\n\n## Usage\n\nThere are many tools available, all detailed in [`API.md`](./API.md).\n\nA few examples of these tools below:\n\n### Adding permissions boundaries to all generated IAM roles\n\nExample for `AddPermissionBoundary` in Typescript project.\n\n```python\n# Example automatically generated from non-compiling source. May contain errors.\nimport aws_cdk as cdk\nfrom ...lib.my_project_stack import MyStack\nfrom aws_cdk import Aspects\nfrom cdklabs.cdk_enterprise_iac import AddPermissionBoundary\n\n\napp = cdk.App()\nMyStack(app, \"MyStack\")\n\nAspects.of(app).add(\n AddPermissionBoundary(\n permissions_boundary_policy_name=\"MyPermissionBoundaryName\",\n instance_profile_prefix=\"MY_PREFIX_\", # optional, Defaults to ''\n policy_prefix=\"MY_POLICY_PREFIX_\", # optional, Defaults to ''\n role_prefix=\"MY_ROLE_PREFIX_\"\n ))\n```\n\nExample for `AddPermissionBoundary` in Python project.\n\n```python\nimport aws_cdk as cdk\nfrom cdklabs.cdk_enterprise_iac import AddPermissionBoundary\nfrom test_py.test_py_stack import TestPyStack\n\n\napp = cdk.App()\nTestPyStack(app, \"TestPyStack\")\n\ncdk.Aspects.of(app).add(AddPermissionBoundary(\n permissions_boundary_policy_name=\"MyPermissionBoundaryName\",\n instance_profile_prefix=\"MY_PREFIX_\", # optional, Defaults to \"\"\n policy_prefix=\"MY_POLICY_PREFIX_\", # optional, Defaults to \"\"\n role_prefix=\"MY_ROLE_PREFIX_\" # optional, Defaults to \"\"\n))\n\napp.synth()\n```\n\n### Resource extraction\n\n:warning: Resource extraction is in an experimental phase. Test and validate before using in production. Please open any issues found [here](https://github.com/cdklabs/cdk-enterprise-iac/).\n\nIn many enterprises, there are separate teams with different IAM permissions than developers deploying CDK applications.\n\nFor example there might be a networking team with permissions to deploy `AWS::EC2::SecurityGroup` and `AWS::EC2::EIP`, or a security team with permissions to deploy `AWS::IAM::Role` and `AWS::IAM::Policy`, but the developers deploying the CDK don't have those permissions.\n\nWhen a developer doesn't have permissions to deploy necessary resources in their CDK application, writing good code becomes difficult to manage when a cdk deploy will quickly error due to not being able to deploy something like an `AWS::IAM::Role` which is foundational to any project deployed into AWS.\n\nAn enterprise should *allow* builders to deploy these resources via CDK for [many reasons](https://github.com/aws/aws-cdk/wiki/Security-And-Safety-Dev-Guide#allowing-creation-of-iam-roles-without-privilege-escalation), and can use [Permissions Boundaries](https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies_boundaries.html) to prevent privilege escalation. For enterprises that haven't yet utilized Permissions Boundaries, the `ResourceExtractor` can make it easier for builders to write good CDK while complying with enterprise policies.\n\nUsing the `ResourceExtractor` Aspect, developers can write their CDK code as though they had sufficient IAM permissions, but extract those resources into a separate stack for an external team to deploy on their behalf.\n\nTake the following example stack:\n\n```python\n# Example automatically generated from non-compiling source. May contain errors.\nfrom aws_cdk import App, Aspects, RemovalPolicy, Stack\nfrom aws_cdk.aws_lambda import Code, Function, Runtime\nfrom aws_cdk.aws_s3 import Bucket\n\n\napp = App()\napp_stack = Stack(app, \"MyAppStack\")\n\nfunc = Function(app_stack, \"TestLambda\",\n code=Code.from_asset(path.join(__dirname, \"lambda-handler\")),\n handler=\"index.handler\",\n runtime=Runtime.PYTHON_3_11\n)\nbucket = Bucket(app_stack, \"TestBucket\",\n auto_delete_objects=True,\n removal_policy=RemovalPolicy.DESTROY\n)\nbucket.grant_read_write(func)\n\napp.synth()\n```\n\nThe synthesized Cloudformation would include *all* AWS resources required, including resources a developer might not have permissions to deploy\n\nThe above example would include the following snippet in the synthesized Cloudformation\n\n```yaml\nTestLambdaServiceRoleC28C2D9C:\n Type: 'AWS::IAM::Role'\n Properties:\n AssumeRolePolicyDocument:\n Statement:\n - Action: 'sts:AssumeRole'\n Effect: Allow\n Principal:\n Service: lambda.amazonaws.com\n Version: 2012-10-17\n # excluding remaining properties\n TestLambda2F70C45E:\n Type: 'AWS::Lambda::Function'\n Properties:\n Role: !GetAtt\n - TestLambdaServiceRoleC28C2D9C\n - Arn\n # excluding remaining properties\n```\n\nWhile including `bucket.grantReadWrite(func)` in the CDK application ensures an IAM role with least privilege IAM policies for the application, the creation of IAM resources such as Roles and Policies may be restricted to a security team, resulting in the synthesized Cloudformation template not being deployable by a developer.\n\nUsing the `ResourceExtractor`, we can pull out an arbitrary list of Cloudformation resources that a developer *doesn't* have permissions to provision, and create a separate stack that can be sent to a security team.\n\n```python\n# Example automatically generated from non-compiling source. May contain errors.\nfrom aws_cdk import App, Aspects, RemovalPolicy, Stack\nfrom aws_cdk.aws_lambda import Code, Function, Runtime\nfrom aws_cdk.aws_s3 import Bucket\n# Import ResourceExtractor\nfrom cdklabs.cdk_enterprise_iac import ResourceExtractor\n\n\napp = App()\napp_stack = Stack(app, \"MyAppStack\")\n# Set up a destination stack to extract resources to\nextracted_stack = Stack(app, \"ExtractedStack\")\n\nfunc = Function(app_stack, \"TestLambda\",\n code=Code.from_asset(path.join(__dirname, \"lambda-handler\")),\n handler=\"index.handler\",\n runtime=Runtime.PYTHON_3_11\n)\nbucket = Bucket(app_stack, \"TestBucket\",\n auto_delete_objects=True,\n removal_policy=RemovalPolicy.DESTROY\n)\nbucket.grant_read_write(func)\n\n# Capture the output of app.synth()\nsynthed_app = app.synth()\n# Apply the ResourceExtractor Aspect\nAspects.of(app).add(\n ResourceExtractor(\n # synthesized stacks to examine\n stack_artifacts=synthed_app.stacks,\n # Array of Cloudformation resources to extract\n resource_types_to_extract=[\"AWS::IAM::Role\", \"AWS::IAM::Policy\", \"AWS::IAM::ManagedPolicy\", \"AWS::IAM::InstanceProfile\"\n ],\n # Destination stack for extracted resources\n extract_destination_stack=extracted_stack\n ))\n# Resynthing since ResourceExtractor has modified the app\napp.synth(force=True)\n```\n\nIn the example above, *all* resources are created in the `appStack`, and an empty `extractedStack` is also created.\n\nWe apply the `ResourceExtractor` Aspect, specifying the Cloudformation resource types the developer is unable to deploy due to insufficient IAM permissions.\n\nNow when we list stacks in the CDK project, we can see an added stack\n\n```zsh\n$ cdk ls\nMyAppStack\nExtractedStack\n```\n\nTaking a look at these synthesized stacks, in the `ExtractedStack` we'll find:\n\n```yaml\nResources:\n TestLambdaServiceRoleC28C2D9C:\n Type: 'AWS::IAM::Role'\n Properties:\n AssumeRolePolicyDocument:\n Statement:\n - Action: 'sts:AssumeRole'\n Effect: Allow\n Principal:\n Service: lambda.amazonaws.com\n Version: 2012-10-17\n # excluding remaining properties\nOutputs:\n ExportAppStackTestLambdaServiceRoleC28C2D9C:\n Value:\n 'Fn::GetAtt':\n - TestLambdaServiceRoleC28C2D9C\n - Arn\n Export:\n Name: 'AppStack:TestLambdaServiceRoleC28C2D9C' # Exported name\n```\n\nAnd inside the synthesized `MyAppStack` template:\n\n```yaml\nResources:\n TestLambda2F70C45E:\n Type: 'AWS::Lambda::Function'\n Properties:\n Role: !ImportValue 'AppStack:TestLambdaServiceRoleC28C2D9C' # Using ImportValue instrinsic function to use pre-created IAM role\n # excluding remaining properties\n```\n\nIn this scenario, a developer is able to provide an external security team with sufficient IAM privileges to deploy the `ExtractedStack`.\n\nOnce deployed, a developer can run `cdk deploy MyAppStack` without errors due to insufficient IAM privileges\n\n#### Value Sharing methods\n\nWhen resources are extracted from a stack, there must be a method to reference the resources that have been extracted.\n\nThere are three methods (see `ResourceExtractorShareMethod` enum)\n\n* `CFN_OUTPUT`\n* `SSM_PARAMETER`\n* `API_LOOKUP`\n\n##### `CFN_OUTPUT`\n\nThe default sharing method is `CFN_OUTPUT`, which uses Cloudformation Export/Import to Export values in the extracted stack (see [Outputs](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/outputs-section-structure.html)), and use the [Fn::ImportValue](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/intrinsic-function-reference-importvalue.html) intrinsic function to reference those values.\n\nThis works fine, but some teams may prefer a looser coupling between the extracted stack deployed by an external team and the rest of the CDK infrastructure.\n\n##### `SSM_PARAMETER`\n\nIn this method, the extracted stack generates Parameters in AWS Systems Manager Parameter Store, and modifies the CDK application to look up the generated parameter using [`aws_ssm.StringParameter.valueFromLookup()`](https://docs.aws.amazon.com/cdk/api/v2/docs/aws-cdk-lib.aws_ssm.StringParameter.html#static-valuewbrfromwbrlookupscope-parametername) at synthesis time.\n\nExample on using this method:\n\n```python\n# Example automatically generated from non-compiling source. May contain errors.\nfrom cdklabs.cdk_enterprise_iac import ResourceExtractor, ResourceExtractorShareMethod\n\n\nAspects.of(app).add(\n ResourceExtractor(\n stack_artifacts=synthed_app.stacks,\n resource_types_to_extract=[\"AWS::IAM::Role\", \"AWS::IAM::Policy\", \"AWS::IAM::ManagedPolicy\", \"AWS::IAM::InstanceProfile\"\n ],\n extract_destination_stack=extracted_stack,\n value_share_method=ResourceExtractorShareMethod.SSM_PARAMETER\n ))\n```\n\n##### `API_LOOKUP`\n\nThe `API_LOOKUP` sharing method is a work in progress, and not yet supported\n\n#### Resource Partials\n\nSome resources that get extracted might reference resources that aren't yet created.\n\nIn our example CDK application we include the line\n\n```python\n# Example automatically generated from non-compiling source. May contain errors.\nbucket.grant_read_write(func)\n```\n\nThis creates an `AWS::IAM::Policy` that includes the necessary Actions scoped down to the S3 bucket.\n\nWhen the `AWS::IAM::Policy` is extracted, it's unable to use `Ref` or `Fn::GetAtt` to reference the S3 bucket since the S3 bucket wasn't extracted.\n\nIn this case we substitute the reference with a \"partial ARN\" that makes a best effort to scope the resources in the IAM policy statement to the ARN of the yet-to-be created S3 bucket.\n\nThere are multiple resource types supported out of the box (found in [`createDefaultTransforms`](src/patches/resource-extractor/resourceTransformer.ts)). In the event you have a resource not yet supported, you'll receive a `MissingTransformError`. In this case you can either open an [issue](https://github.com/cdklabs/cdk-enterprise-iac/issues) with the resource in question, or you can include the `additionalTransforms` property.\n\nConsider the following:\n\n```python\n# Example automatically generated from non-compiling source. May contain errors.\nvpc = Vpc(stack, \"TestVpc\")\ndb = DatabaseInstance(stack, \"TestDb\",\n vpc=vpc,\n engine=DatabaseInstanceEngine.POSTGRES\n)\nfunc = Function(stack, \"TestLambda\", {\n \"code\": Code.from_asset(path.join(__dirname, \"lambda-handler\")),\n \"handler\": \"index.handler\",\n \"runtime\": Runtime.PYTHON_3_11\n})\ndb.secret.grant_read(func)\n\nsynthed_app = app.synth()\nAspects.of(app).add(\n ResourceExtractor(\n extract_destination_stack=extracted_stack,\n stack_artifacts=synthed_app.stacks,\n value_share_method=ResourceExtractorShareMethod.CFN_OUTPUT,\n resource_types_to_extract=[\"AWS::IAM::Role\", \"AWS::IAM::Policy\"],\n additional_transforms={\n \"AWS::SecretsManager::SecretTargetAttachment\": f\"arn:{Aws.PARTITION}:secretsmanager:{Aws.REGION}:{Aws.ACCOUNT_ID}:secret:some-expected-value*\"\n }\n ))\napp.synth(force=True)\n```\n\nIn this case, there is a `AWS::SecretsManager::SecretTargetAttachment` generated to complete the final link between a Secrets Manager secret and the associated database by adding the database connection information to the secret JSON, which returns the ARN of the generated secret.\n\nIn the context of extracting the IAM policy, we want to tell the `ResourceExtractor` how to handle the resource section of the IAM policy statement so that it is scoped down sufficiently.\n\nIn this case rather than using a `Ref: LogicalIdForTheSecretTargetAttachment` we construct the ARN we want to use.\n\nDetails in [API.md](API.md)\n\n## Generated API.md\n\n---\n\n\nGenerated API.md below:\n\n<details>\n <summary>Expand to view API docs</summary><!--\nCopyright Amazon.com, Inc. or its affiliates. All Rights Reserved.\nSPDX-License-Identifier: Apache-2.0\n-->\n\n# CDK Enterprise IaC\n\nUtilities for using CDK within enterprise constraints.\n\n## Install\n\nTypescript\n\n```zsh\nnpm install @cdklabs/cdk-enterprise-iac\n```\n\nPython\n\n```zsh\npip install cdklabs.cdk-enterprise-iac\n```\n\n## Who this project is for\n\nWithin large enterprises, builders can come up against enterprise imposed constraints when deploying on AWS.\n\nThis could be simple things such as \"All IAM roles must have a specific Permissions Boundary attached\".\n\nThis could also be more restrictive such as strict separation of duties, only allowing certain teams the ability to deploy specific AWS resources (e.g. Networking team can deploy VPCs, Subnets, and route tables. Security team can deploy IAM resources. Developers can deploy Compute. DBAs can deploy Databases, etc.)\n\nEnterprises with very restrictive environments like these would benefit from taking a closer look at their policies to see how they can allow builders to safely deploy resources with less friction. However in many enterprises this is easier said than done, and builders are still expected to deliver.\n\nThis project is meant to reduce friction for builders working within these enterprise constraints while the enterprise determines what policies make the most sense for their organization, and is in no way prescriptive.\n\n## Usage\n\nThere are many tools available, all detailed in [`API.md`](./API.md).\n\nA few examples of these tools below:\n\n### Adding permissions boundaries to all generated IAM roles\n\nExample for `AddPermissionBoundary` in Typescript project.\n\n```python\n# Example automatically generated from non-compiling source. May contain errors.\nimport aws_cdk as cdk\nfrom ...lib.my_project_stack import MyStack\nfrom aws_cdk import Aspects\nfrom cdklabs.cdk_enterprise_iac import AddPermissionBoundary\n\n\napp = cdk.App()\nMyStack(app, \"MyStack\")\n\nAspects.of(app).add(\n AddPermissionBoundary(\n permissions_boundary_policy_name=\"MyPermissionBoundaryName\",\n instance_profile_prefix=\"MY_PREFIX_\", # optional, Defaults to ''\n policy_prefix=\"MY_POLICY_PREFIX_\", # optional, Defaults to ''\n role_prefix=\"MY_ROLE_PREFIX_\"\n ))\n```\n\nExample for `AddPermissionBoundary` in Python project.\n\n```python\nimport aws_cdk as cdk\nfrom cdklabs.cdk_enterprise_iac import AddPermissionBoundary\nfrom test_py.test_py_stack import TestPyStack\n\n\napp = cdk.App()\nTestPyStack(app, \"TestPyStack\")\n\ncdk.Aspects.of(app).add(AddPermissionBoundary(\n permissions_boundary_policy_name=\"MyPermissionBoundaryName\",\n instance_profile_prefix=\"MY_PREFIX_\", # optional, Defaults to \"\"\n policy_prefix=\"MY_POLICY_PREFIX_\", # optional, Defaults to \"\"\n role_prefix=\"MY_ROLE_PREFIX_\" # optional, Defaults to \"\"\n))\n\napp.synth()\n```\n\n### Resource extraction\n\n:warning: Resource extraction is in an experimental phase. Test and validate before using in production. Please open any issues found [here](https://github.com/cdklabs/cdk-enterprise-iac/).\n\nIn many enterprises, there are separate teams with different IAM permissions than developers deploying CDK applications.\n\nFor example there might be a networking team with permissions to deploy `AWS::EC2::SecurityGroup` and `AWS::EC2::EIP`, or a security team with permissions to deploy `AWS::IAM::Role` and `AWS::IAM::Policy`, but the developers deploying the CDK don't have those permissions.\n\nWhen a developer doesn't have permissions to deploy necessary resources in their CDK application, writing good code becomes difficult to manage when a cdk deploy will quickly error due to not being able to deploy something like an `AWS::IAM::Role` which is foundational to any project deployed into AWS.\n\nAn enterprise should *allow* builders to deploy these resources via CDK for [many reasons](https://github.com/aws/aws-cdk/wiki/Security-And-Safety-Dev-Guide#allowing-creation-of-iam-roles-without-privilege-escalation), and can use [Permissions Boundaries](https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies_boundaries.html) to prevent privilege escalation. For enterprises that haven't yet utilized Permissions Boundaries, the `ResourceExtractor` can make it easier for builders to write good CDK while complying with enterprise policies.\n\nUsing the `ResourceExtractor` Aspect, developers can write their CDK code as though they had sufficient IAM permissions, but extract those resources into a separate stack for an external team to deploy on their behalf.\n\nTake the following example stack:\n\n```python\n# Example automatically generated from non-compiling source. May contain errors.\nfrom aws_cdk import App, Aspects, RemovalPolicy, Stack\nfrom aws_cdk.aws_lambda import Code, Function, Runtime\nfrom aws_cdk.aws_s3 import Bucket\n\n\napp = App()\napp_stack = Stack(app, \"MyAppStack\")\n\nfunc = Function(app_stack, \"TestLambda\",\n code=Code.from_asset(path.join(__dirname, \"lambda-handler\")),\n handler=\"index.handler\",\n runtime=Runtime.PYTHON_3_11\n)\nbucket = Bucket(app_stack, \"TestBucket\",\n auto_delete_objects=True,\n removal_policy=RemovalPolicy.DESTROY\n)\nbucket.grant_read_write(func)\n\napp.synth()\n```\n\nThe synthesized Cloudformation would include *all* AWS resources required, including resources a developer might not have permissions to deploy\n\nThe above example would include the following snippet in the synthesized Cloudformation\n\n```yaml\nTestLambdaServiceRoleC28C2D9C:\n Type: 'AWS::IAM::Role'\n Properties:\n AssumeRolePolicyDocument:\n Statement:\n - Action: 'sts:AssumeRole'\n Effect: Allow\n Principal:\n Service: lambda.amazonaws.com\n Version: 2012-10-17\n # excluding remaining properties\n TestLambda2F70C45E:\n Type: 'AWS::Lambda::Function'\n Properties:\n Role: !GetAtt\n - TestLambdaServiceRoleC28C2D9C\n - Arn\n # excluding remaining properties\n```\n\nWhile including `bucket.grantReadWrite(func)` in the CDK application ensures an IAM role with least privilege IAM policies for the application, the creation of IAM resources such as Roles and Policies may be restricted to a security team, resulting in the synthesized Cloudformation template not being deployable by a developer.\n\nUsing the `ResourceExtractor`, we can pull out an arbitrary list of Cloudformation resources that a developer *doesn't* have permissions to provision, and create a separate stack that can be sent to a security team.\n\n```python\n# Example automatically generated from non-compiling source. May contain errors.\nfrom aws_cdk import App, Aspects, RemovalPolicy, Stack\nfrom aws_cdk.aws_lambda import Code, Function, Runtime\nfrom aws_cdk.aws_s3 import Bucket\n# Import ResourceExtractor\nfrom cdklabs.cdk_enterprise_iac import ResourceExtractor\n\n\napp = App()\napp_stack = Stack(app, \"MyAppStack\")\n# Set up a destination stack to extract resources to\nextracted_stack = Stack(app, \"ExtractedStack\")\n\nfunc = Function(app_stack, \"TestLambda\",\n code=Code.from_asset(path.join(__dirname, \"lambda-handler\")),\n handler=\"index.handler\",\n runtime=Runtime.PYTHON_3_11\n)\nbucket = Bucket(app_stack, \"TestBucket\",\n auto_delete_objects=True,\n removal_policy=RemovalPolicy.DESTROY\n)\nbucket.grant_read_write(func)\n\n# Capture the output of app.synth()\nsynthed_app = app.synth()\n# Apply the ResourceExtractor Aspect\nAspects.of(app).add(\n ResourceExtractor(\n # synthesized stacks to examine\n stack_artifacts=synthed_app.stacks,\n # Array of Cloudformation resources to extract\n resource_types_to_extract=[\"AWS::IAM::Role\", \"AWS::IAM::Policy\", \"AWS::IAM::ManagedPolicy\", \"AWS::IAM::InstanceProfile\"\n ],\n # Destination stack for extracted resources\n extract_destination_stack=extracted_stack\n ))\n# Resynthing since ResourceExtractor has modified the app\napp.synth(force=True)\n```\n\nIn the example above, *all* resources are created in the `appStack`, and an empty `extractedStack` is also created.\n\nWe apply the `ResourceExtractor` Aspect, specifying the Cloudformation resource types the developer is unable to deploy due to insufficient IAM permissions.\n\nNow when we list stacks in the CDK project, we can see an added stack\n\n```zsh\n$ cdk ls\nMyAppStack\nExtractedStack\n```\n\nTaking a look at these synthesized stacks, in the `ExtractedStack` we'll find:\n\n```yaml\nResources:\n TestLambdaServiceRoleC28C2D9C:\n Type: 'AWS::IAM::Role'\n Properties:\n AssumeRolePolicyDocument:\n Statement:\n - Action: 'sts:AssumeRole'\n Effect: Allow\n Principal:\n Service: lambda.amazonaws.com\n Version: 2012-10-17\n # excluding remaining properties\nOutputs:\n ExportAppStackTestLambdaServiceRoleC28C2D9C:\n Value:\n 'Fn::GetAtt':\n - TestLambdaServiceRoleC28C2D9C\n - Arn\n Export:\n Name: 'AppStack:TestLambdaServiceRoleC28C2D9C' # Exported name\n```\n\nAnd inside the synthesized `MyAppStack` template:\n\n```yaml\nResources:\n TestLambda2F70C45E:\n Type: 'AWS::Lambda::Function'\n Properties:\n Role: !ImportValue 'AppStack:TestLambdaServiceRoleC28C2D9C' # Using ImportValue instrinsic function to use pre-created IAM role\n # excluding remaining properties\n```\n\nIn this scenario, a developer is able to provide an external security team with sufficient IAM privileges to deploy the `ExtractedStack`.\n\nOnce deployed, a developer can run `cdk deploy MyAppStack` without errors due to insufficient IAM privileges\n\n#### Value Sharing methods\n\nWhen resources are extracted from a stack, there must be a method to reference the resources that have been extracted.\n\nThere are three methods (see `ResourceExtractorShareMethod` enum)\n\n* `CFN_OUTPUT`\n* `SSM_PARAMETER`\n* `API_LOOKUP`\n\n##### `CFN_OUTPUT`\n\nThe default sharing method is `CFN_OUTPUT`, which uses Cloudformation Export/Import to Export values in the extracted stack (see [Outputs](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/outputs-section-structure.html)), and use the [Fn::ImportValue](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/intrinsic-function-reference-importvalue.html) intrinsic function to reference those values.\n\nThis works fine, but some teams may prefer a looser coupling between the extracted stack deployed by an external team and the rest of the CDK infrastructure.\n\n##### `SSM_PARAMETER`\n\nIn this method, the extracted stack generates Parameters in AWS Systems Manager Parameter Store, and modifies the CDK application to look up the generated parameter using [`aws_ssm.StringParameter.valueFromLookup()`](https://docs.aws.amazon.com/cdk/api/v2/docs/aws-cdk-lib.aws_ssm.StringParameter.html#static-valuewbrfromwbrlookupscope-parametername) at synthesis time.\n\nExample on using this method:\n\n```python\n# Example automatically generated from non-compiling source. May contain errors.\nfrom cdklabs.cdk_enterprise_iac import ResourceExtractor, ResourceExtractorShareMethod\n\n\nAspects.of(app).add(\n ResourceExtractor(\n stack_artifacts=synthed_app.stacks,\n resource_types_to_extract=[\"AWS::IAM::Role\", \"AWS::IAM::Policy\", \"AWS::IAM::ManagedPolicy\", \"AWS::IAM::InstanceProfile\"\n ],\n extract_destination_stack=extracted_stack,\n value_share_method=ResourceExtractorShareMethod.SSM_PARAMETER\n ))\n```\n\n##### `API_LOOKUP`\n\nThe `API_LOOKUP` sharing method is a work in progress, and not yet supported\n\n#### Resource Partials\n\nSome resources that get extracted might reference resources that aren't yet created.\n\nIn our example CDK application we include the line\n\n```python\n# Example automatically generated from non-compiling source. May contain errors.\nbucket.grant_read_write(func)\n```\n\nThis creates an `AWS::IAM::Policy` that includes the necessary Actions scoped down to the S3 bucket.\n\nWhen the `AWS::IAM::Policy` is extracted, it's unable to use `Ref` or `Fn::GetAtt` to reference the S3 bucket since the S3 bucket wasn't extracted.\n\nIn this case we substitute the reference with a \"partial ARN\" that makes a best effort to scope the resources in the IAM policy statement to the ARN of the yet-to-be created S3 bucket.\n\nThere are multiple resource types supported out of the box (found in [`createDefaultTransforms`](src/patches/resource-extractor/resourceTransformer.ts)). In the event you have a resource not yet supported, you'll receive a `MissingTransformError`. In this case you can either open an [issue](https://github.com/cdklabs/cdk-enterprise-iac/issues) with the resource in question, or you can include the `additionalTransforms` property.\n\nConsider the following:\n\n```python\n# Example automatically generated from non-compiling source. May contain errors.\nvpc = Vpc(stack, \"TestVpc\")\ndb = DatabaseInstance(stack, \"TestDb\",\n vpc=vpc,\n engine=DatabaseInstanceEngine.POSTGRES\n)\nfunc = Function(stack, \"TestLambda\", {\n \"code\": Code.from_asset(path.join(__dirname, \"lambda-handler\")),\n \"handler\": \"index.handler\",\n \"runtime\": Runtime.PYTHON_3_11\n})\ndb.secret.grant_read(func)\n\nsynthed_app = app.synth()\nAspects.of(app).add(\n ResourceExtractor(\n extract_destination_stack=extracted_stack,\n stack_artifacts=synthed_app.stacks,\n value_share_method=ResourceExtractorShareMethod.CFN_OUTPUT,\n resource_types_to_extract=[\"AWS::IAM::Role\", \"AWS::IAM::Policy\"],\n additional_transforms={\n \"AWS::SecretsManager::SecretTargetAttachment\": f\"arn:{Aws.PARTITION}:secretsmanager:{Aws.REGION}:{Aws.ACCOUNT_ID}:secret:some-expected-value*\"\n }\n ))\napp.synth(force=True)\n```\n\nIn this case, there is a `AWS::SecretsManager::SecretTargetAttachment` generated to complete the final link between a Secrets Manager secret and the associated database by adding the database connection information to the secret JSON, which returns the ARN of the generated secret.\n\nIn the context of extracting the IAM policy, we want to tell the `ResourceExtractor` how to handle the resource section of the IAM policy statement so that it is scoped down sufficiently.\n\nIn this case rather than using a `Ref: LogicalIdForTheSecretTargetAttachment` we construct the ARN we want to use.\n\nDetails in [API.md](API.md)\n\n## Generated API.md\n\n---\n\n\nGenerated API.md below:\n\n<details>\n <summary>Expand to view API docs</summary>\n\n# API Reference <a name=\"API Reference\" id=\"api-reference\"></a>\n\n## Constructs <a name=\"Constructs\" id=\"Constructs\"></a>\n\n### EcsIsoServiceAutoscaler <a name=\"EcsIsoServiceAutoscaler\" id=\"@cdklabs/cdk-enterprise-iac.EcsIsoServiceAutoscaler\"></a>\n\nCreates a EcsIsoServiceAutoscaler construct.\n\nThis construct allows you to scale an ECS service in an ISO\nregion where classic ECS Autoscaling may not be available.\n\n#### Initializers <a name=\"Initializers\" id=\"@cdklabs/cdk-enterprise-iac.EcsIsoServiceAutoscaler.Initializer\"></a>\n\n```python\n# Example automatically generated from non-compiling source. May contain errors.\nfrom cdklabs.cdk_enterprise_iac import EcsIsoServiceAutoscaler\n\n\nEcsIsoServiceAutoscaler(scope, Construct, id, string, props, EcsIsoServiceAutoscalerProps)\n```\n\n| **Name** | **Type** | **Description** |\n| --- | --- | --- |\n| <code><a href=\"#@cdklabs/cdk-enterprise-iac.EcsIsoServiceAutoscaler.Initializer.parameter.scope\">scope</a></code> | <code>constructs.Construct</code> | *No description.* |\n| <code><a href=\"#@cdklabs/cdk-enterprise-iac.EcsIsoServiceAutoscaler.Initializer.parameter.id\">id</a></code> | <code>string</code> | *No description.* |\n| <code><a href=\"#@cdklabs/cdk-enterprise-iac.EcsIsoServiceAutoscaler.Initializer.parameter.props\">props</a></code> | <code><a href=\"#@cdklabs/cdk-enterprise-iac.EcsIsoServiceAutoscalerProps\">EcsIsoServiceAutoscalerProps</a></code> | *No description.* |\n\n---\n\n\n##### `scope`<sup>Required</sup> <a name=\"scope\" id=\"@cdklabs/cdk-enterprise-iac.EcsIsoServiceAutoscaler.Initializer.parameter.scope\"></a>\n\n* *Type:* constructs.Construct\n\n---\n\n\n##### `id`<sup>Required</sup> <a name=\"id\" id=\"@cdklabs/cdk-enterprise-iac.EcsIsoServiceAutoscaler.Initializer.parameter.id\"></a>\n\n* *Type:* string\n\n---\n\n\n##### `props`<sup>Required</sup> <a name=\"props\" id=\"@cdklabs/cdk-enterprise-iac.EcsIsoServiceAutoscaler.Initializer.parameter.props\"></a>\n\n* *Type:* <a href=\"#@cdklabs/cdk-enterprise-iac.EcsIsoServiceAutoscalerProps\">EcsIsoServiceAutoscalerProps</a>\n\n---\n\n\n#### Methods <a name=\"Methods\" id=\"Methods\"></a>\n\n| **Name** | **Description** |\n| --- | --- |\n| <code><a href=\"#@cdklabs/cdk-enterprise-iac.EcsIsoServiceAutoscaler.toString\">toString</a></code> | Returns a string representation of this construct. |\n\n---\n\n\n##### `toString` <a name=\"toString\" id=\"@cdklabs/cdk-enterprise-iac.EcsIsoServiceAutoscaler.toString\"></a>\n\n```python\n# Example automatically generated from non-compiling source. May contain errors.\nto_string()string\n```\n\nReturns a string representation of this construct.\n\n#### Static Functions <a name=\"Static Functions\" id=\"Static Functions\"></a>\n\n| **Name** | **Description** |\n| --- | --- |\n| <code><a href=\"#@cdklabs/cdk-enterprise-iac.EcsIsoServiceAutoscaler.isConstruct\">isConstruct</a></code> | Checks if `x` is a construct. |\n\n---\n\n\n##### ~~`isConstruct`~~ <a name=\"isConstruct\" id=\"@cdklabs/cdk-enterprise-iac.EcsIsoServiceAutoscaler.isConstruct\"></a>\n\n```python\n# Example automatically generated from non-compiling source. May contain errors.\nfrom cdklabs.cdk_enterprise_iac import EcsIsoServiceAutoscaler\n\n\nEcsIsoServiceAutoscaler.is_construct(x, any)\n```\n\nChecks if `x` is a construct.\n\n###### `x`<sup>Required</sup> <a name=\"x\" id=\"@cdklabs/cdk-enterprise-iac.EcsIsoServiceAutoscaler.isConstruct.parameter.x\"></a>\n\n* *Type:* any\n\nAny object.\n\n---\n\n\n#### Properties <a name=\"Properties\" id=\"Properties\"></a>\n\n| **Name** | **Type** | **Description** |\n| --- | --- | --- |\n| <code><a href=\"#@cdklabs/cdk-enterprise-iac.EcsIsoServiceAutoscaler.property.node\">node</a></code> | <code>constructs.Node</code> | The tree node. |\n| <code><a href=\"#@cdklabs/cdk-enterprise-iac.EcsIsoServiceAutoscaler.property.ecsScalingManagerFunction\">ecsScalingManagerFunction</a></code> | <code>aws-cdk-lib.aws_lambda.Function</code> | *No description.* |\n\n---\n\n\n##### `node`<sup>Required</sup> <a name=\"node\" id=\"@cdklabs/cdk-enterprise-iac.EcsIsoServiceAutoscaler.property.node\"></a>\n\n```python\n# Example automatically generated from non-compiling source. May contain errors.\nnode: Node;\n```\n\n* *Type:* constructs.Node\n\nThe tree node.\n\n---\n\n\n##### `ecsScalingManagerFunction`<sup>Required</sup> <a name=\"ecsScalingManagerFunction\" id=\"@cdklabs/cdk-enterprise-iac.EcsIsoServiceAutoscaler.property.ecsScalingManagerFunction\"></a>\n\n```python\necsScalingManagerFunction: Function;\n```\n\n* *Type:* aws-cdk-lib.aws_lambda.Function\n\n---\n\n\n### PopulateWithConfig <a name=\"PopulateWithConfig\" id=\"@cdklabs/cdk-enterprise-iac.PopulateWithConfig\"></a>\n\nPopulate a provided VPC with subnets based on a provided configuration.\n\n*Example*\n\n```python\n# Example automatically generated from non-compiling source. May contain errors.\nmy_subnet_config = [{\n \"group_name\": \"app\",\n \"cidr_range\": \"172.31.0.0/27\",\n \"availability_zone\": \"a\",\n \"subnet_type\": subnet_type.PUBLIC\n}, {\n \"group_name\": \"app\",\n \"cidr_range\": \"172.31.0.32/27\",\n \"availability_zone\": \"b\",\n \"subnet_type\": subnet_type.PUBLIC\n}, {\n \"group_name\": \"db\",\n \"cidr_range\": \"172.31.0.64/27\",\n \"availability_zone\": \"a\",\n \"subnet_type\": subnet_type.PRIVATE_WITH_EGRESS\n}, {\n \"group_name\": \"db\",\n \"cidr_range\": \"172.31.0.96/27\",\n \"availability_zone\": \"b\",\n \"subnet_type\": subnet_type.PRIVATE_WITH_EGRESS\n}, {\n \"group_name\": \"iso\",\n \"cidr_range\": \"172.31.0.128/26\",\n \"availability_zone\": \"a\",\n \"subnet_type\": subnet_type.PRIVATE_ISOLATED\n}, {\n \"group_name\": \"iso\",\n \"cidr_range\": \"172.31.0.196/26\",\n \"availability_zone\": \"b\",\n \"subnet_type\": subnet_type.PRIVATE_ISOLATED\n}\n]\nPopulateWithConfig(self, \"vpcPopulater\",\n vpc_id=\"vpc-abcdefg1234567\",\n private_route_table_id=\"rt-abcdefg123456\",\n local_route_table_id=\"rt-123456abcdefg\",\n subnet_config=my_subnet_config\n)\n```\n\n#### Initializers <a name=\"Initializers\" id=\"@cdklabs/cdk-enterprise-iac.PopulateWithConfig.Initializer\"></a>\n\n```python\n# Example automatically generated from non-compiling source. May contain errors.\nfrom cdklabs.cdk_enterprise_iac import PopulateWithConfig\n\n\nPopulateWithConfig(scope, Construct, id, string, props, PopulateWithConfigProps)\n```\n\n| **Name** | **Type** | **Description** |\n| --- | --- | --- |\n| <code><a href=\"#@cdklabs/cdk-enterprise-iac.PopulateWithConfig.Initializer.parameter.scope\">scope</a></code> | <code>constructs.Construct</code> | *No description.* |\n| <code><a href=\"#@cdklabs/cdk-enterprise-iac.PopulateWithConfig.Initializer.parameter.id\">id</a></code> | <code>string</code> | *No description.* |\n| <code><a href=\"#@cdklabs/cdk-enterprise-iac.PopulateWithConfig.Initializer.parameter.props\">props</a></code> | <code><a href=\"#@cdklabs/cdk-enterprise-iac.PopulateWithConfigProps\">PopulateWithConfigProps</a></code> | *No description.* |\n\n---\n\n\n##### `scope`<sup>Required</sup> <a name=\"scope\" id=\"@cdklabs/cdk-enterprise-iac.PopulateWithConfig.Initializer.parameter.scope\"></a>\n\n* *Type:* constructs.Construct\n\n---\n\n\n##### `id`<sup>Required</sup> <a name=\"id\" id=\"@cdklabs/cdk-enterprise-iac.PopulateWithConfig.Initializer.parameter.id\"></a>\n\n* *Type:* string\n\n---\n\n\n##### `props`<sup>Required</sup> <a name=\"props\" id=\"@cdklabs/cdk-enterprise-iac.PopulateWithConfig.Initializer.parameter.props\"></a>\n\n* *Type:* <a href=\"#@cdklabs/cdk-enterprise-iac.PopulateWithConfigProps\">PopulateWithConfigProps</a>\n\n---\n\n\n#### Methods <a name=\"Methods\" id=\"Methods\"></a>\n\n| **Name** | **Description** |\n| --- | --- |\n| <code><a href=\"#@cdklabs/cdk-enterprise-iac.PopulateWithConfig.toString\">toString</a></code> | Returns a string representation of this construct. |\n\n---\n\n\n##### `toString` <a name=\"toString\" id=\"@cdklabs/cdk-enterprise-iac.PopulateWithConfig.toString\"></a>\n\n```python\n# Example automatically generated from non-compiling source. May contain errors.\nto_string()string\n```\n\nReturns a string representation of this construct.\n\n#### Static Functions <a name=\"Static Functions\" id=\"Static Functions\"></a>\n\n| **Name** | **Description** |\n| --- | --- |\n| <code><a href=\"#@cdklabs/cdk-enterprise-iac.PopulateWithConfig.isConstruct\">isConstruct</a></code> | Checks if `x` is a construct. |\n\n---\n\n\n##### ~~`isConstruct`~~ <a name=\"isConstruct\" id=\"@cdklabs/cdk-enterprise-iac.PopulateWithConfig.isConstruct\"></a>\n\n```python\n# Example automatically generated from non-compiling source. May contain errors.\nfrom cdklabs.cdk_enterprise_iac import PopulateWithConfig\n\n\nPopulateWithConfig.is_construct(x, any)\n```\n\nChecks if `x` is a construct.\n\n###### `x`<sup>Required</sup> <a name=\"x\" id=\"@cdklabs/cdk-enterprise-iac.PopulateWithConfig.isConstruct.parameter.x\"></a>\n\n* *Type:* any\n\nAny object.\n\n---\n\n\n#### Properties <a name=\"Properties\" id=\"Properties\"></a>\n\n| **Name** | **Type** | **Description** |\n| --- | --- | --- |\n| <code><a href=\"#@cdklabs/cdk-enterprise-iac.PopulateWithConfig.property.node\">node</a></code> | <code>constructs.Node</code> | The tree node. |\n\n---\n\n\n##### `node`<sup>Required</sup> <a name=\"node\" id=\"@cdklabs/cdk-enterprise-iac.PopulateWithConfig.property.node\"></a>\n\n```python\n# Example automatically generated from non-compiling source. May contain errors.\nnode: Node;\n```\n\n* *Type:* constructs.Node\n\nThe tree node.\n\n---\n\n\n### SplitVpcEvenly <a name=\"SplitVpcEvenly\" id=\"@cdklabs/cdk-enterprise-iac.SplitVpcEvenly\"></a>\n\nSplits a VPC evenly between a provided number of AZs (3 if not defined), and attaches a provided route table to each, and labels.\n\n*Example*\n\n```python\n# Example automatically generated from non-compiling source. May contain errors.\n# with more specific properties\nSplitVpcEvenly(self, \"evenSplitVpc\",\n vpc_id=\"vpc-abcdefg123456\",\n vpc_cidr=\"172.16.0.0/16\",\n route_table_id=\"rt-abcdefgh123456\",\n cidr_bits=\"10\",\n number_of_azs=4,\n subnet_type=subnet_type.PRIVATE_ISOLATED\n)\n```\n\n#### Initializers <a name=\"Initializers\" id=\"@cdklabs/cdk-enterprise-iac.SplitVpcEvenly.Initializer\"></a>\n\n```python\n# Example automatically generated from non-compiling source. May contain errors.\nfrom cdklabs.cdk_enterprise_iac import SplitVpcEvenly\n\n\nSplitVpcEvenly(scope, Construct, id, string, props, SplitVpcEvenlyProps)\n```\n\n| **Name** | **Type** | **Description** |\n| --- | --- | --- |\n| <code><a href=\"#@cdklabs/cdk-enterprise-iac.SplitVpcEvenly.Initializer.parameter.scope\">scope</a></code> | <code>constructs.Construct</code> | *No description.* |\n| <code><a href=\"#@cdklabs/cdk-enterprise-iac.SplitVpcEvenly.Initializer.parameter.id\">id</a></code> | <code>string</code> | *No description.* |\n| <code><a href=\"#@cdklabs/cdk-enterprise-iac.SplitVpcEvenly.Initializer.parameter.props\">props</a></code> | <code><a href=\"#@cdklabs/cdk-enterprise-iac.SplitVpcEvenlyProps\">SplitVpcEvenlyProps</a></code> | *No description.* |\n\n---\n\n\n##### `scope`<sup>Required</sup> <a name=\"scope\" id=\"@cdklabs/cdk-enterprise-iac.SplitVpcEvenly.Initializer.parameter.scope\"></a>\n\n* *Type:* constructs.Construct\n\n---\n\n\n##### `id`<sup>Required</sup> <a name=\"id\" id=\"@cdklabs/cdk-enterprise-iac.SplitVpcEvenly.Initializer.parameter.id\"></a>\n\n* *Type:* string\n\n---\n\n\n##### `props`<sup>Required</sup> <a name=\"props\" id=\"@cdklabs/cdk-enterprise-iac.SplitVpcEvenly.Initializer.parameter.props\"></a>\n\n* *Type:* <a href=\"#@cdklabs/cdk-enterprise-iac.SplitVpcEvenlyProps\">SplitVpcEvenlyProps</a>\n\n---\n\n\n#### Methods <a name=\"Methods\" id=\"Methods\"></a>\n\n| **Name** | **Description** |\n| --- | --- |\n| <code><a href=\"#@cdklabs/cdk-enterprise-iac.SplitVpcEvenly.toString\">toString</a></code> | Returns a string representation of this construct. |\n\n---\n\n\n##### `toString` <a name=\"toString\" id=\"@cdklabs/cdk-enterprise-iac.SplitVpcEvenly.toString\"></a>\n\n```python\n# Example automatically generated from non-compiling source. May contain errors.\nto_string()string\n```\n\nReturns a string representation of this construct.\n\n#### Static Functions <a name=\"Static Functions\" id=\"Static Functions\"></a>\n\n| **Name** | **Description** |\n| --- | --- |\n| <code><a href=\"#@cdklabs/cdk-enterprise-iac.SplitVpcEvenly.isConstruct\">isConstruct</a></code> | Checks if `x` is a construct. |\n\n---\n\n\n##### ~~`isConstruct`~~ <a name=\"isConstruct\" id=\"@cdklabs/cdk-enterprise-iac.SplitVpcEvenly.isConstruct\"></a>\n\n```python\n# Example automatically generated from non-compiling source. May contain errors.\nfrom cdklabs.cdk_enterprise_iac import SplitVpcEvenly\n\n\nSplitVpcEvenly.is_construct(x, any)\n```\n\nChecks if `x` is a construct.\n\n###### `x`<sup>Required</sup> <a name=\"x\" id=\"@cdklabs/cdk-enterprise-iac.SplitVpcEvenly.isConstruct.parameter.x\"></a>\n\n* *Type:* any\n\nAny object.\n\n---\n\n\n#### Properties <a name=\"Properties\" id=\"Properties\"></a>\n\n| **Name** | **Type** | **Description** |\n| --- | --- | --- |\n| <code><a href=\"#@cdklabs/cdk-enterprise-iac.SplitVpcEvenly.property.node\">node</a></code> | <code>constructs.Node</code> | The tree node. |\n\n---\n\n\n##### `node`<sup>Required</sup> <a name=\"node\" id=\"@cdklabs/cdk-enterprise-iac.SplitVpcEvenly.property.node\"></a>\n\n```python\n# Example automatically generated from non-compiling source. May contain errors.\nnode: Node;\n```\n\n* *Type:* constructs.Node\n\nThe tree node.\n\n---\n\n\n## Structs <a name=\"Structs\" id=\"Structs\"></a>\n\n### AddCfnInitProxyProps <a name=\"AddCfnInitProxyProps\" id=\"@cdklabs/cdk-enterprise-iac.AddCfnInitProxyProps\"></a>\n\nProperties for the proxy server to use with cfn helper commands.\n\n#### Initializer <a name=\"Initializer\" id=\"@cdklabs/cdk-enterprise-iac.AddCfnInitProxyProps.Initializer\"></a>\n\n```python\n# Example automatically generated from non-compiling source. May contain errors.\nfrom cdklabs.cdk_enterprise_iac import AddCfnInitProxyProps\n\n\nadd_cfn_init_proxy_props = AddCfnInitProxyProps(...)\n```\n\n#### Properties <a name=\"Properties\" id=\"Properties\"></a>\n\n| **Name** | **Type** | **Description** |\n| --- | --- | --- |\n| <code><a href=\"#@cdklabs/cdk-enterprise-iac.AddCfnInitProxyProps.property.proxyHost\">proxyHost</a></code> | <code>string</code> | host of your proxy. |\n| <code><a href=\"#@cdklabs/cdk-enterprise-iac.AddCfnInitProxyProps.property.proxyPort\">proxyPort</a></code> | <code>number</code> | proxy port. |\n| <code><a href=\"#@cdklabs/cdk-enterprise-iac.AddCfnInitProxyProps.property.proxyCredentials\">proxyCredentials</a></code> | <code>aws-cdk-lib.aws_secretsmanager.ISecret</code> | JSON secret containing `user` and `password` properties to use if your proxy requires credentials `http://user:password@host:port` could contain sensitive data, so using a Secret. |\n| <code><a href=\"#@cdklabs/cdk-enterprise-iac.AddCfnInitProxyProps.property.proxyType\">proxyType</a></code> | <code><a href=\"#@cdklabs/cdk-enterprise-iac.ProxyType\">ProxyType</a></code> | Proxy Type. |\n\n---\n\n\n##### `proxyHost`<sup>Required</sup> <a name=\"proxyHost\" id=\"@cdklabs/cdk-enterprise-iac.AddCfnInitProxyProps.property.proxyHost\"></a>\n\n```python\n# Example automatically generated from non-compiling source. May contain errors.\nproxyHost: string;\n```\n\n* *Type:* string\n\nhost of your proxy.\n\n---\n\n\n*Example*\n\n```python\n# Example automatically generated from non-compiling source. May contain errors.\nexample.com\n```\n\n##### `proxyPort`<sup>Required</sup> <a name=\"proxyPort\" id=\"@cdklabs/cdk-enterprise-iac.AddCfnInitProxyProps.property.proxyPort\"></a>\n\n```python\n# Example automatically generated from non-compiling source. May contain errors.\nproxyPort: number;\n```\n\n* *Type:* number\n\nproxy port.\n\n---\n\n\n*Example*\n\n```python\n8080\n```\n\n##### `proxyCredentials`<sup>Optional</sup> <a name=\"proxyCredentials\" id=\"@cdklabs/cdk-enterprise-iac.AddCfnInitProxyProps.property.proxyCredentials\"></a>\n\n```python\n# Example automatically generated from non-compiling source. May contain errors.\nproxyCredentials: ISecret;\n```\n\n* *Type:* aws-cdk-lib.aws_secretsmanager.ISecret\n\nJSON secret containing `user` and `password` properties to use if your proxy requires credentials `http://user:password@host:port` could contain sensitive data, so using a Secret.\n\nNote that while the `user` and `password` won't be visible in the cloudformation template\nthey **will** be in plain text inside your `UserData`\n\n---\n\n\n*Example*\n\n```python\n# Example automatically generated from non-compiling source. May contain errors.\nsecret = Secret(stack, \"TestSecret\",\n secret_object_value={\n \"user\": SecretValue,\n \"password\": SecretValue\n }\n)\n```\n\n##### `proxyType`<sup>Optional</sup> <a name=\"proxyType\" id=\"@cdklabs/cdk-enterprise-iac.AddCfnInitProxyProps.property.proxyType\"></a>\n\n```python\n# Example automatically generated from non-compiling source. May contain errors.\nproxyType: ProxyType;\n```\n\n* *Type:* <a href=\"#@cdklabs/cdk-enterprise-iac.ProxyType\">ProxyType</a>\n* *Default:* ProxyType.HTTP\n\nProxy Type.\n\n---\n\n\n*Example*\n\n```python\n# Example automatically generated from non-compiling source. May contain errors.\nProxyType.HTTPS\n```\n\n### AddPermissionBoundaryProps <a name=\"AddPermissionBoundaryProps\" id=\"@cdklabs/cdk-enterprise-iac.AddPermissionBoundaryProps\"></a>\n\nProperties to pass to the AddPermissionBoundary.\n\n#### Initializer <a name=\"Initializer\" id=\"@cdklabs/cdk-enterprise-iac.AddPermissionBoundaryProps.Initializer\"></a>\n\n```python\n# Example automatically generated from non-compiling source. May contain errors.\nfrom cdklabs.cdk_enterprise_iac import AddPermissionBoundaryProps\n\n\nadd_permission_boundary_props = AddPermissionBoundaryProps(...)\n```\n\n#### Properties <a name=\"Properties\" id=\"Properties\"></a>\n\n| **Name** | **Type** | **Description** |\n| --- | --- | --- |\n| <code><a href=\"#@cdklabs/cdk-enterprise-iac.AddPermissionBoundaryProps.property.permissionsBoundaryPolicyName\">permissionsBoundaryPolicyName</a></code> | <code>string</code> | Name of Permissions Boundary Policy to add to all IAM roles. |\n| <code><a href=\"#@cdklabs/cdk-enterprise-iac.AddPermissionBoundaryProps.property.instanceProfilePrefix\">instanceProfilePrefix</a></code> | <code>string</code> | A prefix to prepend to the name of the IAM InstanceProfiles (Default: ''). |\n| <code><a href=\"#@cdklabs/cdk-enterprise-iac.AddPermissionBoundaryProps.property.policyPrefix\">policyPrefix</a></code> | <code>string</code> | A prefix to prepend to the name of the IAM Policies and ManagedPolicies (Default: ''). |\n| <code><a href=\"#@cdklabs/cdk-enterprise-iac.AddPermissionBoundaryProps.property.rolePrefix\">rolePrefix</a></code> | <code>string</code> | A prefix to prepend to the name of IAM Roles (Default: ''). |\n\n---\n\n\n##### `permissionsBoundaryPolicyName`<sup>Required</sup> <a name=\"permissionsBoundaryPolicyName\" id=\"@cdklabs/cdk-enterprise-iac.AddPermissionBoundaryProps.property.permissionsBoundaryPolicyName\"></a>\n\n```python\n# Example automatically generated from non-compiling source. May contain errors.\npermissionsBoundaryPolicyName: string;\n```\n\n* *Type:* string\n\nName of Permissions Boundary Policy to add to all IAM roles.\n\n---\n\n\n##### `instanceProfilePrefix`<sup>Optional</sup> <a name=\"instanceProfilePrefix\" id=\"@cdklabs/cdk-enterprise-iac.AddPermissionBoundaryProps.property.instanceProfilePrefix\"></a>\n\n```python\n# Example automatically generated from non-compiling source. May contain errors.\ninstanceProfilePrefix: string;\n```\n\n* *Type:* string\n\nA prefix to prepend to the name of the IAM InstanceProfiles (Default: '').\n\n---\n\n\n##### `policyPrefix`<sup>Optional</sup> <a name=\"policyPrefix\" id=\"@cdklabs/cdk-enterprise-iac.AddPermissionBoundaryProps.property.policyPrefix\"></a>\n\n```python\n# Example automatically generated from non-compiling source. May contain errors.\npolicyPrefix: string;\n```\n\n* *Type:* string\n\nA prefix to prepend to the name of the IAM Policies and ManagedPolicies (Default: '').\n\n---\n\n\n##### `rolePrefix`<sup>Optional</sup> <a name=\"rolePrefix\" id=\"@cdklabs/cdk-enterprise-iac.AddPermissionBoundaryProps.property.rolePrefix\"></a>\n\n```python\n# Example automatically generated from non-compiling source. May contain errors.\nrolePrefix: string;\n```\n\n* *Type:* string\n\nA prefix to prepend to the name of IAM Roles (Default: '').\n\n---\n\n\n### EcsIsoServiceAutoscalerProps <a name=\"EcsIsoServiceAutoscalerProps\" id=\"@cdklabs/cdk-enterprise-iac.EcsIsoServiceAutoscalerProps\"></a>\n\n#### Initializer <a name=\"Initializer\" id=\"@cdklabs/cdk-enterprise-iac.EcsIsoServiceAutoscalerProps.Initializer\"></a>\n\n```python\n# Example automatically generated from non-compiling source. May contain errors.\nfrom cdklabs.cdk_enterprise_iac import EcsIsoServiceAutoscalerProps\n\n\necs_iso_service_autoscaler_props = EcsIsoServiceAutoscalerProps(...)\n```\n\n#### Properties <a name=\"Properties\" id=\"Properties\"></a>\n\n| **Name** | **Type** | **Description** |\n| --- | --- | --- |\n| <code><a href=\"#@cdklabs/cdk-enterprise-iac.EcsIsoServiceAutoscalerProps.property.ecsCluster\">ecsCluster</a></code> | <code>aws-cdk-lib.aws_ecs.Cluster</code> | The cluster the service you wish to scale resides in. |\n| <code><a href=\"#@cdklabs/cdk-enterprise-iac.EcsIsoServiceAutoscalerProps.property.ecsService\">ecsService</a></code> | <code>aws-cdk-lib.aws_ecs.IService</code> | The ECS service you wish to scale. |\n| <code><a href=\"#@cdklabs/cdk-enterprise-iac.EcsIsoServiceAutoscalerProps.property.scaleAlarm\">scaleAlarm</a></code> | <code>aws-cdk-lib.aws_cloudwatch.AlarmBase</code> | The Cloudwatch Alarm that will cause scaling actions to be invoked, whether it's in or not in alarm will determine scale up and down actions. |\n| <code><a href=\"#@cdklabs/cdk-enterprise-iac.EcsIsoServiceAutoscalerProps.property.maximumTaskCount\">maximumTaskCount</a></code> | <code>number</code> | The maximum number of tasks that the service will scale out to. |\n| <code><a href=\"#@cdklabs/cdk-enterprise-iac.EcsIsoServiceAutoscalerProps.property.minimumTaskCount\">minimumTaskCount</a></code> | <code>number</code> | The minimum number of tasks the service will have. |\n| <code><a href=\"#@cdklabs/cdk-enterprise-iac.EcsIsoServiceAutoscalerProps.property.role\">role</a></code> | <code>aws-cdk-lib.aws_iam.IRole</code> | Optional IAM role to attach to the created lambda to adjust the desired count on the ECS Service. |\n| <code><a href=\"#@cdklabs/cdk-enterprise-iac.EcsIsoServiceAutoscalerProps.property.scaleInCooldown\">scaleInCooldown</a></code> | <code>aws-cdk-lib.Duration</code> | How long will the application wait before performing another scale in action. |\n| <code><a href=\"#@cdklabs/cdk-enterprise-iac.EcsIsoServiceAutoscalerProps.property.scaleInIncrement\">scaleInIncrement</a></code> | <code>number</code> | The number of tasks that will scale in on scale in alarm status. |\n| <code><a href=\"#@cdklabs/cdk-enterprise-iac.EcsIsoServiceAutoscalerProps.property.scaleOutCooldown\">scaleOutCooldown</a></code> | <code>aws-cdk-lib.Duration</code> | How long will a the application wait before performing another scale out action. |\n| <code><a href=\"#@cdklabs/cdk-enterprise-iac.EcsIsoServiceAutoscalerProps.property.scaleOutIncrement\">scaleOutIncrement</a></code> | <code>number</code> | The number of tasks that will scale out on scale out alarm status. |\n\n---\n\n\n##### `ecsCluster`<sup>Required</sup> <a name=\"ecsCluster\" id=\"@cdklabs/cdk-enterprise-iac.EcsIsoServiceAutoscalerProps.property.ecsCluster\"></a>\n\n```python\n# Example automatically generated from non-compiling source. May contain errors.\necsCluster: Cluster;\n```\n\n* *Type:* aws-cdk-lib.aws_ecs.Cluster\n\nThe cluster the service you wish to scale resides in.\n\n---\n\n\n##### `ecsService`<sup>Required</sup> <a name=\"ecsService\" id=\"@cdklabs/cdk-enterprise-iac.EcsIsoServiceAutoscalerProps.property.ecsService\"></a>\n\n```python\n# Example automatically generated from non-compiling source. May contain errors.\necsService: IService;\n```\n\n* *Type:* aws-cdk-lib.aws_ecs.IService\n\nThe ECS service you wish to scale.\n\n---\n\n\n##### `scaleAlarm`<sup>Required</sup> <a name=\"scaleAlarm\" id=\"@cdklabs/cdk-enterprise-iac.EcsIsoServiceAutoscalerProps.property.scaleAlarm\"></a>\n\n```python\n# Example automatically generated from non-compiling source. May contain errors.\nscaleAlarm: AlarmBase;\n```\n\n* *Type:* aws-cdk-lib.aws_cloudwatch.AlarmBase\n\nThe Cloudwatch Alarm that will cause scaling actions to be invoked, whether it's in or not in alarm will determine scale up and down actions.\n\nNote: composite alarms can not be generated with CFN in all regions, while this allows you to pass in a composite alarm alarm creation is outside the scope of this construct\n\n---\n\n\n##### `maximumTaskCount`<sup>Optional</sup> <a name=\"maximumTaskCount\" id=\"@cdklabs/cdk-enterprise-iac.EcsIsoServiceAutoscalerProps.property.maximumTaskCount\"></a>\n\n```python\n# Example automatically generated from non-compiling source. May contain errors.\nmaximumTaskCount: number;\n```\n\n* *Type:* number\n* *Default:* 10\n\nThe maximum number of tasks that the service will scale out to.\n\nNote: This does not provide any protection from scaling out above the maximum allowed in your account, set this variable and manage account quotas appropriately.\n\n---\n\n\n##### `minimumTaskCount`<sup>Optional</sup> <a name=\"minimumTaskCount\" id=\"@cdklabs/cdk-enterprise-iac.EcsIsoServiceAutoscalerProps.property.minimumTaskCount\"></a>\n\n```python\n# Example automatically generated from non-compiling source. May contain errors.\nminimumTaskCount: number;\n```\n\n* *Type:* number\n* *Default:* 1\n\nThe minimum number of tasks the service will have.\n\n---\n\n\n##### `role`<sup>Optional</sup> <a name=\"role\" id=\"@cdklabs/cdk-enterprise-iac.EcsIsoServiceAutoscalerProps.property.role\"></a>\n\n```python\n# Example automatically generated from non-compiling source. May contain errors.\nrole: IRole;\n```\n\n* *Type:* aws-cdk-lib.aws_iam.IRole\n* *Default:* A role is created for you with least privilege IAM policy\n\nOptional IAM role to attach to the created lambda to adjust the desired count on the ECS Service.\n\nEnsure this role has appropriate privileges. Example IAM policy statements:\n\n```json\n{\n \"PolicyDocument\": {\n \"Statement\": [\n {\n \"Action\": \"cloudwatch:DescribeAlarms\",\n \"Effect\": \"Allow\",\n \"Resource\": \"*\"\n },\n {\n \"Action\": [\n \"ecs:DescribeServices\",\n \"ecs:UpdateService\"\n ],\n \"Condition\": {\n \"StringEquals\": {\n \"ecs:cluster\": \"arn:${Partition}:ecs:${Region}:${Account}:cluster/${ClusterName}\"\n }\n },\n \"Effect\": \"Allow\",\n \"Resource\": \"arn:${Partition}:ecs:${Region}:${Account}:service/${ClusterName}/${ServiceName}\"\n }\n ],\n \"Version\": \"2012-10-17\"\n }\n}\n```\n\n---\n\n\n##### `scaleInCooldown`<sup>Optional</sup> <a name=\"scaleInCooldown\" id=\"@cdklabs/cdk-enterprise-iac.EcsIsoServiceAutoscalerProps.property.scaleInCooldown\"></a>\n\n```python\n# Example automatically generated from non-compiling source. May contain errors.\nscaleInCooldown: Duration;\n```\n\n* *Type:* aws-cdk-lib.Duration\n* *Default:* 60 seconds\n\nHow long will the application wait before performing another scale in action.\n\n---\n\n\n##### `scaleInIncrement`<sup>Optional</sup> <a name=\"scaleInIncrement\" id=\"@cdklabs/cdk-enterprise-iac.EcsIsoServiceAutoscalerProps.property.scaleInIncrement\"></a>\n\n```python\n# Example automatically generated from non-compiling source. May contain errors.\nscaleInIncrement: number;\n```\n\n* *Type:* number\n* *Default:* 1\n\nThe number of tasks that will scale in on scale in alarm status.\n\n---\n\n\n##### `scaleOutCooldown`<sup>Optional</sup> <a name=\"scaleOutCooldown\" id=\"@cdklabs/cdk-enterprise-iac.EcsIsoServiceAutoscalerProps.property.scaleOutCooldown\"></a>\n\n```python\n# Example automatically generated from non-compiling source. May contain errors.\nscaleOutCooldown: Duration;\n```\n\n* *Type:* aws-cdk-lib.Duration\n* *Default:* 60 seconds\n\nHow long will a the application wait before performing another scale out action.\n\n---\n\n\n##### `scaleOutIncrement`<sup>Optional</sup> <a name=\"scaleOutIncrement\" id=\"@cdklabs/cdk-enterprise-iac.EcsIsoServiceAutoscalerProps.property.scaleOutIncrement\"></a>\n\n```python\n# Example automatically generated from non-compiling source. May contain errors.\nscaleOutIncrement: number;\n```\n\n* *Type:* number\n* *Default:* 1\n\nThe number of tasks that will scale out on scale out alarm status.\n\n---\n\n\n### PopulateWithConfigProps <a name=\"PopulateWithConfigProps\" id=\"@cdklabs/cdk-enterprise-iac.PopulateWithConfigProps\"></a>\n\n#### Initializer <a name=\"Initializer\" id=\"@cdklabs/cdk-enterprise-iac.PopulateWithConfigProps.Initializer\"></a>\n\n```python\n# Example automatically generated from non-compiling source. May contain errors.\nfrom cdklabs.cdk_enterprise_iac import PopulateWithConfigProps\n\n\npopulate_with_config_props = PopulateWithConfigProps(...)\n```\n\n#### Properties <a name=\"Properties\" id=\"Properties\"></a>\n\n| **Name** | **Type** | **Description** |\n| --- | --- | --- |\n| <code><a href=\"#@cdklabs/cdk-enterprise-iac.PopulateWithConfigProps.property.localRouteTableId\">localRouteTableId</a></code> | <code>string</code> | Local route table ID, with routes only to local VPC. |\n| <code><a href=\"#@cdklabs/cdk-enterprise-iac.PopulateWithConfigProps.property.privateRouteTableId\">privateRouteTableId</a></code> | <code>string</code> | Route table ID for a provided route table with routes to enterprise network. |\n| <code><a href=\"#@cdklabs/cdk-enterprise-iac.PopulateWithConfigProps.property.subnetConfig\">subnetConfig</a></code> | <code><a href=\"#@cdklabs/cdk-enterprise-iac.SubnetConfig\">SubnetConfig</a>[]</code> | List of Subnet configs to provision to provision. |\n| <code><a href=\"#@cdklabs/cdk-enterprise-iac.PopulateWithConfigProps.property.vpcId\">vpcId</a></code> | <code>string</code> | ID of the VPC provided that needs to be populated. |\n\n---\n\n\n##### `localRouteTableId`<sup>Required</sup> <a name=\"localRouteTableId\" id=\"@cdklabs/cdk-enterprise-iac.PopulateWithConfigProps.property.localRouteTableId\"></a>\n\n```python\n# Example automatically generated from non-compiling source. May contain errors.\nlocalRouteTableId: string;\n```\n\n* *Type:* string\n\nLocal route table ID, with routes only to local VPC.\n\n---\n\n\n##### `privateRouteTableId`<sup>Required</sup> <a name=\"privateRouteTableId\" id=\"@cdklabs/cdk-enterprise-iac.PopulateWithConfigProps.property.privateRouteTableId\"></a>\n\n```python\n# Example automatically generated from non-compiling source. May contain errors.\nprivateRouteTableId: string;\n```\n\n* *Type:* string\n\nRoute table ID for a provided route table with routes to enterprise network.\n\nBoth subnetType.PUBLIC and subnetType.PRIVATE_WITH_EGRESS will use this property\n\n---\n\n\n##### `subnetConfig`<sup>Required</sup> <a name=\"subnetConfig\" id=\"@cdklabs/cdk-enterprise-iac.PopulateWithConfigProps.property.subnetConfig\"></a>\n\n```python\n# Example automatically generated from non-compiling source. May contain errors.\nsubnetConfig: SubnetConfig[];\n```\n\n* *Type:* <a href=\"#@cdklabs/cdk-enterprise-iac.SubnetConfig\">SubnetConfig</a>[]\n\nList of Subnet configs to provision to provision.\n\n---\n\n\n##### `vpcId`<sup>Required</sup> <a name=\"vpcId\" id=\"@cdklabs/cdk-enterprise-iac.PopulateWithConfigProps.property.vpcId\"></a>\n\n```python\n# Example automatically generated from non-compiling source. May contain errors.\nvpcId: string;\n```\n\n* *Type:* string\n\nID of the VPC provided that needs to be populated.\n\n---\n\n\n### RemoveTagsProps <a name=\"RemoveTagsProps\" id=\"@cdklabs/cdk-enterprise-iac.RemoveTagsProps\"></a>\n\n#### Initializer <a name=\"Initializer\" id=\"@cdklabs/cdk-enterprise-iac.RemoveTagsProps.Initializer\"></a>\n\n```python\n# Example automatically generated from non-compiling source. May contain errors.\nfrom cdklabs.cdk_enterprise_iac import RemoveTagsProps\n\n\nremove_tags_props = RemoveTagsProps(...)\n```\n\n#### Properties <a name=\"Properties\" id=\"Properties\"></a>\n\n| **Name** | **Type** | **Description** |\n| --- | --- | --- |\n| <code><a href=\"#@cdklabs/cdk-enterprise-iac.RemoveTagsProps.property.cloudformationResource\">cloudformationResource</a></code> | <code>string</code> | Name of Cloudformation resource Type (e.g. 'AWS::Lambda::Function'). |\n| <code><a href=\"#@cdklabs/cdk-enterprise-iac.RemoveTagsProps.property.tagPropertyName\">tagPropertyName</a></code> | <code>string</code> | Name of the tag property to remove from the resource. |\n\n---\n\n\n##### `cloudformationResource`<sup>Required</sup> <a name=\"cloudformationResource\" id=\"@cdklabs/cdk-enterprise-iac.RemoveTagsProps.property.cloudformationResource\"></a>\n\n```python\n# Example automatically generated from non-compiling source. May contain errors.\ncloudformationResource: string;\n```\n\n* *Type:* string\n\nName of Cloudformation resource Type (e.g. 'AWS::Lambda::Function').\n\n---\n\n\n##### `tagPropertyName`<sup>Optional</sup> <a name=\"tagPropertyName\" id=\"@cdklabs/cdk-enterprise-iac.RemoveTagsProps.property.tagPropertyName\"></a>\n\n```python\n# Example automatically generated from non-compiling source. May contain errors.\ntagPropertyName: string;\n```\n\n* *Type:* string\n* *Default:* Tags\n\nName of the tag property to remove from the resource.\n\n---\n\n\n### ResourceExtractorProps <a name=\"ResourceExtractorProps\" id=\"@cdklabs/cdk-enterprise-iac.ResourceExtractorProps\"></a>\n\n#### Initializer <a name=\"Initializer\" id=\"@cdklabs/cdk-enterprise-iac.ResourceExtractorProps.Initializer\"></a>\n\n```python\n# Example automatically generated from non-compiling source. May contain errors.\nfrom cdklabs.cdk_enterprise_iac import ResourceExtractorProps\n\n\nresource_extractor_props = ResourceExtractorProps(...)\n```\n\n#### Properties <a name=\"Properties\" id=\"Properties\"></a>\n\n| **Name** | **Type** | **Description** |\n| --- | --- | --- |\n| <code><a href=\"#@cdklabs/cdk-enterprise-iac.ResourceExtractorProps.property.extractDestinationStack\">extractDestinationStack</a></code> | <code>aws-cdk-lib.Stack</code> | Stack to move found extracted resources into. |\n| <code><a href=\"#@cdklabs/cdk-enterprise-iac.ResourceExtractorProps.property.resourceTypesToExtract\">resourceTypesToExtract</a></code> | <code>string[]</code> | List of resource types to extract, ex: `AWS::IAM::Role`. |\n| <code><a href=\"#@cdklabs/cdk-enterprise-iac.ResourceExtractorProps.property.stackArtifacts\">stackArtifacts</a></code> | <code>aws-cdk-lib.cx_api.CloudFormationStackArtifact[]</code> | Synthed stack artifacts from your CDK app. |\n| <code><a href=\"#@cdklabs/cdk-enterprise-iac.ResourceExtractorProps.property.additionalTransforms\">additionalTransforms</a></code> | <code>{[ key: string ]: string}</code> | Additional resource transformations. |\n| <code><a href=\"#@cdklabs/cdk-enterprise-iac.ResourceExtractorProps.property.valueShareMethod\">valueShareMethod</a></code> | <code><a href=\"#@cdklabs/cdk-enterprise-iac.ResourceExtractorShareMethod\">ResourceExtractorShareMethod</a></code> | The sharing method to use when passing exported resources from the \"Extracted Stack\" into the original stack(s). |\n\n---\n\n\n##### `extractDestinationStack`<sup>Required</sup> <a name=\"extractDestinationStack\" id=\"@cdklabs/cdk-enterprise-iac.ResourceExtractorProps.property.extractDestinationStack\"></a>\n\n```python\nextractDestinationStack: Stack;\n```\n\n* *Type:* aws-cdk-lib.Stack\n\nStack to move found extracted resources into.\n\n---\n\n\n##### `resourceTypesToExtract`<sup>Required</sup> <a name=\"resourceTypesToExtract\" id=\"@cdklabs/cdk-enterprise-iac.ResourceExtractorProps.property.resourceTypesToExtract\"></a>\n\n```python\n# Example automatically generated from non-compiling source. May contain errors.\nresourceTypesToExtract: string[];\n```\n\n* *Type:* string[]\n\nList of resource types to extract, ex: `AWS::IAM::Role`.\n\n---\n\n\n##### `stackArtifacts`<sup>Required</sup> <a name=\"stackArtifacts\" id=\"@cdklabs/cdk-enterprise-iac.ResourceExtractorProps.property.stackArtifacts\"></a>\n\n```python\n# Example automatically generated from non-compiling source. May contain errors.\nstackArtifacts: CloudFormationStackArtifact[];\n```\n\n* *Type:* aws-cdk-lib.cx_api.CloudFormationStackArtifact[]\n\nSynthed stack artifacts from your CDK app.\n\n---\n\n\n##### `additionalTransforms`<sup>Optional</sup> <a name=\"additionalTransforms\" id=\"@cdklabs/cdk-enterprise-iac.ResourceExtractorProps.property.additionalTransforms\"></a>\n\n```python\n# Example automatically generated from non-compiling source. May contain errors.\nadditionalTransforms: {[ key: string ]: string}\n```\n\n* *Type:* {[ key: string ]: string}\n\nAdditional resource transformations.\n\n---\n\n\n##### `valueShareMethod`<sup>Optional</sup> <a name=\"valueShareMethod\" id=\"@cdklabs/cdk-enterprise-iac.ResourceExtractorProps.property.valueShareMethod\"></a>\n\n```python\n# Example automatically generated from non-compiling source. May contain errors.\nvalueShareMethod: ResourceExtractorShareMethod;\n```\n\n* *Type:* <a href=\"#@cdklabs/cdk-enterprise-iac.ResourceExtractorShareMethod\">ResourceExtractorShareMethod</a>\n\nThe sharing method to use when passing exported resources from the \"Extracted Stack\" into the original stack(s).\n\n---\n\n\n### SetApiGatewayEndpointConfigurationProps <a name=\"SetApiGatewayEndpointConfigurationProps\" id=\"@cdklabs/cdk-enterprise-iac.SetApiGatewayEndpointConfigurationProps\"></a>\n\n#### Initializer <a name=\"Initializer\" id=\"@cdklabs/cdk-enterprise-iac.SetApiGatewayEndpointConfigurationProps.Initializer\"></a>\n\n```python\n# Example automatically generated from non-compiling source. May contain errors.\nfrom cdklabs.cdk_enterprise_iac import SetApiGatewayEndpointConfigurationProps\n\n\nset_api_gateway_endpoint_configuration_props = SetApiGatewayEndpointConfigurationProps(...)\n```\n\n#### Properties <a name=\"Properties\" id=\"Properties\"></a>\n\n| **Name** | **Type** | **Description** |\n| --- | --- | --- |\n| <code><a href=\"#@cdklabs/cdk-enterprise-iac.SetApiGatewayEndpointConfigurationProps.property.endpointType\">endpointType</a></code> | <code>aws-cdk-lib.aws_apigateway.EndpointType</code> | API Gateway endpoint type to override to. |\n\n---\n\n\n##### `endpointType`<sup>Optional</sup> <a name=\"endpointType\" id=\"@cdklabs/cdk-enterprise-iac.SetApiGatewayEndpointConfigurationProps.property.endpointType\"></a>\n\n```python\n# Example automatically generated from non-compiling source. May contain errors.\nendpointType: EndpointType;\n```\n\n* *Type:* aws-cdk-lib.aws_apigateway.EndpointType\n* *Default:* EndpointType.REGIONAL\n\nAPI Gateway endpoint type to override to.\n\nDefaults to EndpointType.REGIONAL\n\n---\n\n\n### SplitVpcEvenlyProps <a name=\"SplitVpcEvenlyProps\" id=\"@cdklabs/cdk-enterprise-iac.SplitVpcEvenlyProps\"></a>\n\n#### Initializer <a name=\"Initializer\" id=\"@cdklabs/cdk-enterprise-iac.SplitVpcEvenlyProps.Initializer\"></a>\n\n```python\n# Example automatically generated from non-compiling source. May contain errors.\nfrom cdklabs.cdk_enterprise_iac import SplitVpcEvenlyProps\n\n\nsplit_vpc_evenly_props = SplitVpcEvenlyProps(...)\n```\n\n#### Properties <a name=\"Properties\" id=\"Properties\"></a>\n\n| **Name** | **Type** | **Description** |\n| --- | --- | --- |\n| <code><a href=\"#@cdklabs/cdk-enterprise-iac.SplitVpcEvenlyProps.property.routeTableId\">routeTableId</a></code> | <code>string</code> | Route Table ID that will be attached to each subnet created. |\n| <code><a href=\"#@cdklabs/cdk-enterprise-iac.SplitVpcEvenlyProps.property.vpcCidr\">vpcCidr</a></code> | <code>string</code> | CIDR range of the VPC you're populating. |\n| <code><a href=\"#@cdklabs/cdk-enterprise-iac.SplitVpcEvenlyProps.property.vpcId\">vpcId</a></code> | <code>string</code> | ID of the existing VPC you're trying to populate. |\n| <code><a href=\"#@cdklabs/cdk-enterprise-iac.SplitVpcEvenlyProps.property.cidrBits\">cidrBits</a></code> | <code>string</code> | `cidrBits` argument for the [`Fn::Cidr`](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/intrinsic-function-reference-cidr.html) Cloudformation intrinsic function. |\n| <code><a href=\"#@cdklabs/cdk-enterprise-iac.SplitVpcEvenlyProps.property.numberOfAzs\">numberOfAzs</a></code> | <code>number</code> | Number of AZs to evenly split into. |\n| <code><a href=\"#@cdklabs/cdk-enterprise-iac.SplitVpcEvenlyProps.property.subnetType\">subnetType</a></code> | <code>aws-cdk-lib.aws_ec2.SubnetType</code> | *No description.* |\n\n---\n\n\n##### `routeTableId`<sup>Required</sup> <a name=\"routeTableId\" id=\"@cdklabs/cdk-enterprise-iac.SplitVpcEvenlyProps.property.routeTableId\"></a>\n\n```python\n# Example automatically generated from non-compiling source. May contain errors.\nrouteTableId: string;\n```\n\n* *Type:* string\n\nRoute Table ID that will be attached to each subnet created.\n\n---\n\n\n##### `vpcCidr`<sup>Required</sup> <a name=\"vpcCidr\" id=\"@cdklabs/cdk-enterprise-iac.SplitVpcEvenlyProps.property.vpcCidr\"></a>\n\n```python\n# Example automatically generated from non-compiling source. May contain errors.\nvpcCidr: string;\n```\n\n* *Type:* string\n\nCIDR range of the VPC you're populating.\n\n---\n\n\n##### `vpcId`<sup>Required</sup> <a name=\"vpcId\" id=\"@cdklabs/cdk-enterprise-iac.SplitVpcEvenlyProps.property.vpcId\"></a>\n\n```python\n# Example automatically generated from non-compiling source. May contain errors.\nvpcId: string;\n```\n\n* *Type:* string\n\nID of the existing VPC you're trying to populate.\n\n---\n\n\n##### `cidrBits`<sup>Optional</sup> <a name=\"cidrBits\" id=\"@cdklabs/cdk-enterprise-iac.SplitVpcEvenlyProps.property.cidrBits\"></a>\n\n```python\n# Example automatically generated from non-compiling source. May contain errors.\ncidrBits: string;\n```\n\n* *Type:* string\n* *Default:* '6'\n\n`cidrBits` argument for the [`Fn::Cidr`](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/intrinsic-function-reference-cidr.html) Cloudformation intrinsic function.\n\n---\n\n\n##### `numberOfAzs`<sup>Optional</sup> <a name=\"numberOfAzs\" id=\"@cdklabs/cdk-enterprise-iac.SplitVpcEvenlyProps.property.numberOfAzs\"></a>\n\n```python\n# Example automatically generated from non-compiling source. May contain errors.\nnumberOfAzs: number;\n```\n\n* *Type:* number\n* *Default:* 3\n\nNumber of AZs to evenly split into.\n\n---\n\n\n##### `subnetType`<sup>Optional</sup> <a name=\"subnetType\" id=\"@cdklabs/cdk-enterprise-iac.SplitVpcEvenlyProps.property.subnetType\"></a>\n\n```python\n# Example automatically generated from non-compiling source. May contain errors.\nsubnetType: SubnetType;\n```\n\n* *Type:* aws-cdk-lib.aws_ec2.SubnetType\n* *Default:* subnetType.PRIVATE\n\n---\n\n\n### SubnetConfig <a name=\"SubnetConfig\" id=\"@cdklabs/cdk-enterprise-iac.SubnetConfig\"></a>\n\n#### Initializer <a name=\"Initializer\" id=\"@cdklabs/cdk-enterprise-iac.SubnetConfig.Initializer\"></a>\n\n```python\n# Example automatically generated from non-compiling source. May contain errors.\nfrom cdklabs.cdk_enterprise_iac import SubnetConfig\n\n\nsubnet_config = SubnetConfig(...)\n```\n\n#### Properties <a name=\"Properties\" id=\"Properties\"></a>\n\n| **Name** | **Type** | **Description** |\n| --- | --- | --- |\n| <code><a href=\"#@cdklabs/cdk-enterprise-iac.SubnetConfig.property.availabilityZone\">availabilityZone</a></code> | <code>string</code> | Which availability zone the subnet should be in. |\n| <code><a href=\"#@cdklabs/cdk-enterprise-iac.SubnetConfig.property.cidrRange\">cidrRange</a></code> | <code>string</code> | Cidr range of the subnet to create. |\n| <code><a href=\"#@cdklabs/cdk-enterprise-iac.SubnetConfig.property.groupName\">groupName</a></code> | <code>string</code> | Logical group name of a subnet. |\n| <code><a href=\"#@cdklabs/cdk-enterprise-iac.SubnetConfig.property.subnetType\">subnetType</a></code> | <code>aws-cdk-lib.aws_ec2.SubnetType</code> | What [SubnetType](https://docs.aws.amazon.com/cdk/api/v2/docs/aws-cdk-lib.aws_ec2.SubnetType.html) to use. |\n\n---\n\n\n##### `availabilityZone`<sup>Required</sup> <a name=\"availabilityZone\" id=\"@cdklabs/cdk-enterprise-iac.SubnetConfig.property.availabilityZone\"></a>\n\n```python\n# Example automatically generated from non-compiling source. May contain errors.\navailabilityZone: string;\n```\n\n* *Type:* string\n\nWhich availability zone the subnet should be in.\n\n---\n\n\n##### `cidrRange`<sup>Required</sup> <a name=\"cidrRange\" id=\"@cdklabs/cdk-enterprise-iac.SubnetConfig.property.cidrRange\"></a>\n\n```python\n# Example automatically generated from non-compiling source. May contain errors.\ncidrRange: string;\n```\n\n* *Type:* string\n\nCidr range of the subnet to create.\n\n---\n\n\n##### `groupName`<sup>Required</sup> <a name=\"groupName\" id=\"@cdklabs/cdk-enterprise-iac.SubnetConfig.property.groupName\"></a>\n\n```python\n# Example automatically generated from non-compiling source. May contain errors.\ngroupName: string;\n```\n\n* *Type:* string\n\nLogical group name of a subnet.\n\n---\n\n\n*Example*\n\n```python\n# Example automatically generated from non-compiling source. May contain errors.\ndb\n```\n\n##### `subnetType`<sup>Required</sup> <a name=\"subnetType\" id=\"@cdklabs/cdk-enterprise-iac.SubnetConfig.property.subnetType\"></a>\n\n```python\n# Example automatically generated from non-compiling source. May contain errors.\nsubnetType: SubnetType;\n```\n\n* *Type:* aws-cdk-lib.aws_ec2.SubnetType\n\nWhat [SubnetType](https://docs.aws.amazon.com/cdk/api/v2/docs/aws-cdk-lib.aws_ec2.SubnetType.html) to use.\n\nThis will govern the `aws-cdk:subnet-type` tag on the subnet\n\nSubnetType | `aws-cdk:subnet-type` tag value\n--- | ---\n`PRIVATE_ISOLATED` | 'Isolated'\n`PRIVATE_WITH_EGRESS` | 'Private'\n`PUBLIC` | 'Public'\n\n---\n\n\n## Classes <a name=\"Classes\" id=\"Classes\"></a>\n\n### AddCfnInitProxy <a name=\"AddCfnInitProxy\" id=\"@cdklabs/cdk-enterprise-iac.AddCfnInitProxy\"></a>\n\n* *Implements:* aws-cdk-lib.IAspect\n\nAdd proxy configuration to Cloudformation helper functions.\n\n#### Initializers <a name=\"Initializers\" id=\"@cdklabs/cdk-enterprise-iac.AddCfnInitProxy.Initializer\"></a>\n\n```python\n# Example automatically generated from non-compiling source. May contain errors.\nfrom cdklabs.cdk_enterprise_iac import AddCfnInitProxy\n\n\nAddCfnInitProxy(props, AddCfnInitProxyProps)\n```\n\n| **Name** | **Type** | **Description** |\n| --- | --- | --- |\n| <code><a href=\"#@cdklabs/cdk-enterprise-iac.AddCfnInitProxy.Initializer.parameter.props\">props</a></code> | <code><a href=\"#@cdklabs/cdk-enterprise-iac.AddCfnInitProxyProps\">AddCfnInitProxyProps</a></code> | *No description.* |\n\n---\n\n\n##### `props`<sup>Required</sup> <a name=\"props\" id=\"@cdklabs/cdk-enterprise-iac.AddCfnInitProxy.Initializer.parameter.props\"></a>\n\n* *Type:* <a href=\"#@cdklabs/cdk-enterprise-iac.AddCfnInitProxyProps\">AddCfnInitProxyProps</a>\n\n---\n\n\n#### Methods <a name=\"Methods\" id=\"Methods\"></a>\n\n| **Name** | **Description** |\n| --- | --- |\n| <code><a href=\"#@cdklabs/cdk-enterprise-iac.AddCfnInitProxy.visit\">visit</a></code> | All aspects can visit an IConstruct. |\n\n---\n\n\n##### `visit` <a name=\"visit\" id=\"@cdklabs/cdk-enterprise-iac.AddCfnInitProxy.visit\"></a>\n\n```python\n# Example automatically generated from non-compiling source. May contain errors.\nvisit(node, IConstruct)\n```\n\nAll aspects can visit an IConstruct.\n\n###### `node`<sup>Required</sup> <a name=\"node\" id=\"@cdklabs/cdk-enterprise-iac.AddCfnInitProxy.visit.parameter.node\"></a>\n\n* *Type:* constructs.IConstruct\n\n---\n\n\n### AddLambdaEnvironmentVariables <a name=\"AddLambdaEnvironmentVariables\" id=\"@cdklabs/cdk-enterprise-iac.AddLambdaEnvironmentVariables\"></a>\n\n* *Implements:* aws-cdk-lib.IAspect\n\nAdd one or more environment variables to *all* lambda functions within a scope.\n\n#### Initializers <a name=\"Initializers\" id=\"@cdklabs/cdk-enterprise-iac.AddLambdaEnvironmentVariables.Initializer\"></a>\n\n```python\n# Example automatically generated from non-compiling source. May contain errors.\nfrom cdklabs.cdk_enterprise_iac import AddLambdaEnvironmentVariables\n\n\nAddLambdaEnvironmentVariables(props, {\"key\": string, \"string\": string})\n```\n\n| **Name** | **Type** | **Description** |\n| --- | --- | --- |\n| <code><a href=\"#@cdklabs/cdk-enterprise-iac.AddLambdaEnvironmentVariables.Initializer.parameter.props\">props</a></code> | <code>{[ key: string ]: string}</code> | : string} props - Key Value pair(s) for environment variables to add to all lambda functions. |\n\n---\n\n\n##### `props`<sup>Required</sup> <a name=\"props\" id=\"@cdklabs/cdk-enterprise-iac.AddLambdaEnvironmentVariables.Initializer.parameter.props\"></a>\n\n* *Type:* {[ key: string ]: string}\n\n: string} props - Key Value pair(s) for environment variables to add to all lambda functions.\n\n---\n\n\n#### Methods <a name=\"Methods\" id=\"Methods\"></a>\n\n| **Name** | **Description** |\n| --- | --- |\n| <code><a href=\"#@cdklabs/cdk-enterprise-iac.AddLambdaEnvironmentVariables.visit\">visit</a></code> | All aspects can visit an IConstruct. |\n\n---\n\n\n##### `visit` <a name=\"visit\" id=\"@cdklabs/cdk-enterprise-iac.AddLambdaEnvironmentVariables.visit\"></a>\n\n```python\n# Example automatically generated from non-compiling source. May contain errors.\nvisit(node, IConstruct)\n```\n\nAll aspects can visit an IConstruct.\n\n###### `node`<sup>Required</sup> <a name=\"node\" id=\"@cdklabs/cdk-enterprise-iac.AddLambdaEnvironmentVariables.visit.parameter.node\"></a>\n\n* *Type:* constructs.IConstruct\n\n---\n\n\n### AddPermissionBoundary <a name=\"AddPermissionBoundary\" id=\"@cdklabs/cdk-enterprise-iac.AddPermissionBoundary\"></a>\n\n* *Implements:* aws-cdk-lib.IAspect\n\nA patch for Adding Permissions Boundaries to all IAM roles.\n\nAdditional options for adding prefixes to IAM role, policy and instance profile names\n\nCan account for non commercial partitions (e.g. aws-gov, aws-cn)\n\n#### Initializers <a name=\"Initializers\" id=\"@cdklabs/cdk-enterprise-iac.AddPermissionBoundary.Initializer\"></a>\n\n```python\n# Example automatically generated from non-compiling source. May contain errors.\nfrom cdklabs.cdk_enterprise_iac import AddPermissionBoundary\n\n\nAddPermissionBoundary(props, AddPermissionBoundaryProps)\n```\n\n| **Name** | **Type** | **Description** |\n| --- | --- | --- |\n| <code><a href=\"#@cdklabs/cdk-enterprise-iac.AddPermissionBoundary.Initializer.parameter.props\">props</a></code> | <code><a href=\"#@cdklabs/cdk-enterprise-iac.AddPermissionBoundaryProps\">AddPermissionBoundaryProps</a></code> | *No description.* |\n\n---\n\n\n##### `props`<sup>Required</sup> <a name=\"props\" id=\"@cdklabs/cdk-enterprise-iac.AddPermissionBoundary.Initializer.parameter.props\"></a>\n\n* *Type:* <a href=\"#@cdklabs/cdk-enterprise-iac.AddPermissionBoundaryProps\">AddPermissionBoundaryProps</a>\n\n---\n\n\n#### Methods <a name=\"Methods\" id=\"Methods\"></a>\n\n| **Name** | **Description** |\n| --- | --- |\n| <code><a href=\"#@cdklabs/cdk-enterprise-iac.AddPermissionBoundary.checkAndOverride\">checkAndOverride</a></code> | *No description.* |\n| <code><a href=\"#@cdklabs/cdk-enterprise-iac.AddPermissionBoundary.visit\">visit</a></code> | All aspects can visit an IConstruct. |\n\n---\n\n\n##### `checkAndOverride` <a name=\"checkAndOverride\" id=\"@cdklabs/cdk-enterprise-iac.AddPermissionBoundary.checkAndOverride\"></a>\n\n```python\n# Example automatically generated from non-compiling source. May contain errors.\ncheck_and_override(node, CfnResource, prefix, string, length, number, cfn_prop, string, cdkProp?: string)\n```\n\n###### `node`<sup>Required</sup> <a name=\"node\" id=\"@cdklabs/cdk-enterprise-iac.AddPermissionBoundary.checkAndOverride.parameter.node\"></a>\n\n* *Type:* aws-cdk-lib.CfnResource\n\n---\n\n\n###### `prefix`<sup>Required</sup> <a name=\"prefix\" id=\"@cdklabs/cdk-enterprise-iac.AddPermissionBoundary.checkAndOverride.parameter.prefix\"></a>\n\n* *Type:* string\n\n---\n\n\n###### `length`<sup>Required</sup> <a name=\"length\" id=\"@cdklabs/cdk-enterprise-iac.AddPermissionBoundary.checkAndOverride.parameter.length\"></a>\n\n* *Type:* number\n\n---\n\n\n###### `cfnProp`<sup>Required</sup> <a name=\"cfnProp\" id=\"@cdklabs/cdk-enterprise-iac.AddPermissionBoundary.checkAndOverride.parameter.cfnProp\"></a>\n\n* *Type:* string\n\n---\n\n\n###### `cdkProp`<sup>Optional</sup> <a name=\"cdkProp\" id=\"@cdklabs/cdk-enterprise-iac.AddPermissionBoundary.checkAndOverride.parameter.cdkProp\"></a>\n\n* *Type:* string\n\n---\n\n\n##### `visit` <a name=\"visit\" id=\"@cdklabs/cdk-enterprise-iac.AddPermissionBoundary.visit\"></a>\n\n```python\n# Example automatically generated from non-compiling source. May contain errors.\nvisit(node, IConstruct)\n```\n\nAll aspects can visit an IConstruct.\n\n###### `node`<sup>Required</sup> <a name=\"node\" id=\"@cdklabs/cdk-enterprise-iac.AddPermissionBoundary.visit.parameter.node\"></a>\n\n* *Type:* constructs.IConstruct\n\n---\n\n\n### ConvertInlinePoliciesToManaged <a name=\"ConvertInlinePoliciesToManaged\" id=\"@cdklabs/cdk-enterprise-iac.ConvertInlinePoliciesToManaged\"></a>\n\n* *Implements:* aws-cdk-lib.IAspect\n\nPatch for turning all Policies into ConvertInlinePoliciesToManaged.\n\nSome users have policies in place that make it impossible to create inline policies. Instead,\nthey must use managed policies.\n\nNote that order matters with this aspect. Specifically, it should generally be added first.\nThis is because other aspects may add overrides that would be lost if applied before\nthis aspect since the original aspect is removed and replaced.\n\n*Example*\n\n```python\n# Example automatically generated from non-compiling source. May contain errors.\n# Replace all AWS::IAM::Policy resources with equivalent AWS::IAM::ManagedPolicy\nAspects.of(stack).add(ConvertInlinePoliciesToManaged())\n```\n\n#### Initializers <a name=\"Initializers\" id=\"@cdklabs/cdk-enterprise-iac.ConvertInlinePoliciesToManaged.Initializer\"></a>\n\n```python\nfrom cdklabs.cdk_enterprise_iac import ConvertInlinePoliciesToManaged\n\n\nConvertInlinePoliciesToManaged()\n```\n\n| **Name** | **Type** | **Description** |\n| --- | --- | --- |\n\n---\n\n\n#### Methods <a name=\"Methods\" id=\"Methods\"></a>\n\n| **Name** | **Description** |\n| --- | --- |\n| <code><a href=\"#@cdklabs/cdk-enterprise-iac.ConvertInlinePoliciesToManaged.visit\">visit</a></code> | All aspects can visit an IConstruct. |\n\n---\n\n\n##### `visit` <a name=\"visit\" id=\"@cdklabs/cdk-enterprise-iac.ConvertInlinePoliciesToManaged.visit\"></a>\n\n```python\n# Example automatically generated from non-compiling source. May contain errors.\nvisit(node, IConstruct)\n```\n\nAll aspects can visit an IConstruct.\n\n###### `node`<sup>Required</sup> <a name=\"node\" id=\"@cdklabs/cdk-enterprise-iac.ConvertInlinePoliciesToManaged.visit.parameter.node\"></a>\n\n* *Type:* constructs.IConstruct\n\n---\n\n\n### RemovePublicAccessBlockConfiguration <a name=\"RemovePublicAccessBlockConfiguration\" id=\"@cdklabs/cdk-enterprise-iac.RemovePublicAccessBlockConfiguration\"></a>\n\n* *Implements:* aws-cdk-lib.IAspect\n\nLooks for S3 Buckets, and removes the `PublicAccessBlockConfiguration` property.\n\nFor use in regions where Cloudformation doesn't support this property\n\n#### Initializers <a name=\"Initializers\" id=\"@cdklabs/cdk-enterprise-iac.RemovePublicAccessBlockConfiguration.Initializer\"></a>\n\n```python\nfrom cdklabs.cdk_enterprise_iac import RemovePublicAccessBlockConfiguration\n\n\nRemovePublicAccessBlockConfiguration()\n```\n\n| **Name** | **Type** | **Description** |\n| --- | --- | --- |\n\n---\n\n\n#### Methods <a name=\"Methods\" id=\"Methods\"></a>\n\n| **Name** | **Description** |\n| --- | --- |\n| <code><a href=\"#@cdklabs/cdk-enterprise-iac.RemovePublicAccessBlockConfiguration.visit\">visit</a></code> | All aspects can visit an IConstruct. |\n\n---\n\n\n##### `visit` <a name=\"visit\" id=\"@cdklabs/cdk-enterprise-iac.RemovePublicAccessBlockConfiguration.visit\"></a>\n\n```python\n# Example automatically generated from non-compiling source. May contain errors.\nvisit(node, IConstruct)\n```\n\nAll aspects can visit an IConstruct.\n\n###### `node`<sup>Required</sup> <a name=\"node\" id=\"@cdklabs/cdk-enterprise-iac.RemovePublicAccessBlockConfiguration.visit.parameter.node\"></a>\n\n* *Type:* constructs.IConstruct\n\n---\n\n\n### RemoveTags <a name=\"RemoveTags\" id=\"@cdklabs/cdk-enterprise-iac.RemoveTags\"></a>\n\n* *Implements:* aws-cdk-lib.IAspect\n\nPatch for removing tags from a specific Cloudformation Resource.\n\nIn some regions, the 'Tags' property isn't supported in Cloudformation. This patch makes it easy to remove\n\n*Example*\n\n```python\n# Example automatically generated from non-compiling source. May contain errors.\n# Remove tags on a resource\nAspects.of(stack).add(RemoveTags(\n cloudformation_resource=\"AWS::ECS::Cluster\"\n))\n# Remove tags without the standard 'Tags' name\nAspects.of(stack).add(RemoveTags(\n cloudformation_resource=\"AWS::Backup::BackupPlan\",\n tag_property_name=\"BackupPlanTags\"\n))\n```\n\n#### Initializers <a name=\"Initializers\" id=\"@cdklabs/cdk-enterprise-iac.RemoveTags.Initializer\"></a>\n\n```python\n# Example automatically generated from non-compiling source. May contain errors.\nfrom cdklabs.cdk_enterprise_iac import RemoveTags\n\n\nRemoveTags(props, RemoveTagsProps)\n```\n\n| **Name** | **Type** | **Description** |\n| --- | --- | --- |\n| <code><a href=\"#@cdklabs/cdk-enterprise-iac.RemoveTags.Initializer.parameter.props\">props</a></code> | <code><a href=\"#@cdklabs/cdk-enterprise-iac.RemoveTagsProps\">RemoveTagsProps</a></code> | *No description.* |\n\n---\n\n\n##### `props`<sup>Required</sup> <a name=\"props\" id=\"@cdklabs/cdk-enterprise-iac.RemoveTags.Initializer.parameter.props\"></a>\n\n* *Type:* <a href=\"#@cdklabs/cdk-enterprise-iac.RemoveTagsProps\">RemoveTagsProps</a>\n\n---\n\n\n#### Methods <a name=\"Methods\" id=\"Methods\"></a>\n\n| **Name** | **Description** |\n| --- | --- |\n| <code><a href=\"#@cdklabs/cdk-enterprise-iac.RemoveTags.visit\">visit</a></code> | All aspects can visit an IConstruct. |\n\n---\n\n\n##### `visit` <a name=\"visit\" id=\"@cdklabs/cdk-enterprise-iac.RemoveTags.visit\"></a>\n\n```python\n# Example automatically generated from non-compiling source. May contain errors.\nvisit(node, IConstruct)\n```\n\nAll aspects can visit an IConstruct.\n\n###### `node`<sup>Required</sup> <a name=\"node\" id=\"@cdklabs/cdk-enterprise-iac.RemoveTags.visit.parameter.node\"></a>\n\n* *Type:* constructs.IConstruct\n\n---\n\n\n### ResourceExtractor <a name=\"ResourceExtractor\" id=\"@cdklabs/cdk-enterprise-iac.ResourceExtractor\"></a>\n\n* *Implements:* aws-cdk-lib.IAspect\n\nThis Aspect takes a CDK application, all synthesized CloudFormationStackArtifact, a value share method, and a list of Cloudformation resources that should be pulled out of the main CDK application, which should be synthesized to a cloudformation template that an external team (e.g. security team) to deploy, and adjusting the CDK application to reference pre-created resources already pulled out.\n\n*Example*\n\n```python\n# Example automatically generated from non-compiling source. May contain errors.\napp = App()\nstack = Stack(app, \"MyStack\")\nextracted_stack = Stack(app, \"ExtractedStack\")\nsynthed_app = app.synth()\nAspects.of(app).add(ResourceExtractor(\n extract_destination_stack=extracted_stack,\n stack_artifacts=synthed_app.stacks,\n value_share_method=ResourceExtractorShareMethod.CFN_OUTPUT,\n resource_types_to_extract=[\"AWS::IAM::Role\", \"AWS::IAM::Policy\", \"AWS::IAM::ManagedPolicy\", \"AWS::IAM::InstanceProfile\"\n ]\n))\napp.synth(force=True)\n```\n\n#### Initializers <a name=\"Initializers\" id=\"@cdklabs/cdk-enterprise-iac.ResourceExtractor.Initializer\"></a>\n\n```python\n# Example automatically generated from non-compiling source. May contain errors.\nfrom cdklabs.cdk_enterprise_iac import ResourceExtractor\n\n\nResourceExtractor(props, ResourceExtractorProps)\n```\n\n| **Name** | **Type** | **Description** |\n| --- | --- | --- |\n| <code><a href=\"#@cdklabs/cdk-enterprise-iac.ResourceExtractor.Initializer.parameter.props\">props</a></code> | <code><a href=\"#@cdklabs/cdk-enterprise-iac.ResourceExtractorProps\">ResourceExtractorProps</a></code> | *No description.* |\n\n---\n\n\n##### `props`<sup>Required</sup> <a name=\"props\" id=\"@cdklabs/cdk-enterprise-iac.ResourceExtractor.Initializer.parameter.props\"></a>\n\n* *Type:* <a href=\"#@cdklabs/cdk-enterprise-iac.ResourceExtractorProps\">ResourceExtractorProps</a>\n\n---\n\n\n#### Methods <a name=\"Methods\" id=\"Methods\"></a>\n\n| **Name** | **Description** |\n| --- | --- |\n| <code><a href=\"#@cdklabs/cdk-enterprise-iac.ResourceExtractor.visit\">visit</a></code> | Entrypoint. |\n\n---\n\n\n##### `visit` <a name=\"visit\" id=\"@cdklabs/cdk-enterprise-iac.ResourceExtractor.visit\"></a>\n\n```python\n# Example automatically generated from non-compiling source. May contain errors.\nvisit(node, IConstruct)\n```\n\nEntrypoint.\n\n###### `node`<sup>Required</sup> <a name=\"node\" id=\"@cdklabs/cdk-enterprise-iac.ResourceExtractor.visit.parameter.node\"></a>\n\n* *Type:* constructs.IConstruct\n\n---\n\n\n### SetApiGatewayEndpointConfiguration <a name=\"SetApiGatewayEndpointConfiguration\" id=\"@cdklabs/cdk-enterprise-iac.SetApiGatewayEndpointConfiguration\"></a>\n\n* *Implements:* aws-cdk-lib.IAspect\n\nOverride RestApis to use a set endpoint configuration.\n\nSome regions don't support EDGE endpoints, and some enterprises require\nspecific endpoint types for RestApis\n\n#### Initializers <a name=\"Initializers\" id=\"@cdklabs/cdk-enterprise-iac.SetApiGatewayEndpointConfiguration.Initializer\"></a>\n\n```python\n# Example automatically generated from non-compiling source. May contain errors.\nfrom cdklabs.cdk_enterprise_iac import SetApiGatewayEndpointConfiguration\n\n\nSetApiGatewayEndpointConfiguration(props?: SetApiGatewayEndpointConfigurationProps)\n```\n\n| **Name** | **Type** | **Description** |\n| --- | --- | --- |\n| <code><a href=\"#@cdklabs/cdk-enterprise-iac.SetApiGatewayEndpointConfiguration.Initializer.parameter.props\">props</a></code> | <code><a href=\"#@cdklabs/cdk-enterprise-iac.SetApiGatewayEndpointConfigurationProps\">SetApiGatewayEndpointConfigurationProps</a></code> | *No description.* |\n\n---\n\n\n##### `props`<sup>Optional</sup> <a name=\"props\" id=\"@cdklabs/cdk-enterprise-iac.SetApiGatewayEndpointConfiguration.Initializer.parameter.props\"></a>\n\n* *Type:* <a href=\"#@cdklabs/cdk-enterprise-iac.SetApiGatewayEndpointConfigurationProps\">SetApiGatewayEndpointConfigurationProps</a>\n\n---\n\n\n#### Methods <a name=\"Methods\" id=\"Methods\"></a>\n\n| **Name** | **Description** |\n| --- | --- |\n| <code><a href=\"#@cdklabs/cdk-enterprise-iac.SetApiGatewayEndpointConfiguration.visit\">visit</a></code> | All aspects can visit an IConstruct. |\n\n---\n\n\n##### `visit` <a name=\"visit\" id=\"@cdklabs/cdk-enterprise-iac.SetApiGatewayEndpointConfiguration.visit\"></a>\n\n```python\n# Example automatically generated from non-compiling source. May contain errors.\nvisit(node, IConstruct)\n```\n\nAll aspects can visit an IConstruct.\n\n###### `node`<sup>Required</sup> <a name=\"node\" id=\"@cdklabs/cdk-enterprise-iac.SetApiGatewayEndpointConfiguration.visit.parameter.node\"></a>\n\n* *Type:* constructs.IConstruct\n\n---\n\n\n## Enums <a name=\"Enums\" id=\"Enums\"></a>\n\n### ProxyType <a name=\"ProxyType\" id=\"@cdklabs/cdk-enterprise-iac.ProxyType\"></a>\n\nWhether an http-proxy or https-proxy.\n\n#### Members <a name=\"Members\" id=\"Members\"></a>\n\n| **Name** | **Description** |\n| --- | --- |\n| <code><a href=\"#@cdklabs/cdk-enterprise-iac.ProxyType.HTTP\">HTTP</a></code> | --http-proxy. |\n| <code><a href=\"#@cdklabs/cdk-enterprise-iac.ProxyType.HTTPS\">HTTPS</a></code> | --https-proxy. |\n\n---\n\n\n##### `HTTP` <a name=\"HTTP\" id=\"@cdklabs/cdk-enterprise-iac.ProxyType.HTTP\"></a>\n\n-http-proxy.\n\n---\n\n\n##### `HTTPS` <a name=\"HTTPS\" id=\"@cdklabs/cdk-enterprise-iac.ProxyType.HTTPS\"></a>\n\n-https-proxy.\n\n---\n\n\n### ResourceExtractorShareMethod <a name=\"ResourceExtractorShareMethod\" id=\"@cdklabs/cdk-enterprise-iac.ResourceExtractorShareMethod\"></a>\n\nThe available value sharing methods to pass values from the extracted stack onto the original stack(s).\n\n#### Members <a name=\"Members\" id=\"Members\"></a>\n\n| **Name** | **Description** |\n| --- | --- |\n| <code><a href=\"#@cdklabs/cdk-enterprise-iac.ResourceExtractorShareMethod.CFN_OUTPUT\">CFN_OUTPUT</a></code> | *No description.* |\n| <code><a href=\"#@cdklabs/cdk-enterprise-iac.ResourceExtractorShareMethod.SSM_PARAMETER\">SSM_PARAMETER</a></code> | *No description.* |\n| <code><a href=\"#@cdklabs/cdk-enterprise-iac.ResourceExtractorShareMethod.API_LOOKUP\">API_LOOKUP</a></code> | *No description.* |\n\n---\n\n\n##### `CFN_OUTPUT` <a name=\"CFN_OUTPUT\" id=\"@cdklabs/cdk-enterprise-iac.ResourceExtractorShareMethod.CFN_OUTPUT\"></a>\n\n---\n\n\n##### `SSM_PARAMETER` <a name=\"SSM_PARAMETER\" id=\"@cdklabs/cdk-enterprise-iac.ResourceExtractorShareMethod.SSM_PARAMETER\"></a>\n\n---\n\n\n##### `API_LOOKUP` <a name=\"API_LOOKUP\" id=\"@cdklabs/cdk-enterprise-iac.ResourceExtractorShareMethod.API_LOOKUP\"></a>\n\n---\n\n\n### ResourceTransform <a name=\"ResourceTransform\" id=\"@cdklabs/cdk-enterprise-iac.ResourceTransform\"></a>\n\n#### Members <a name=\"Members\" id=\"Members\"></a>\n\n| **Name** | **Description** |\n| --- | --- |\n| <code><a href=\"#@cdklabs/cdk-enterprise-iac.ResourceTransform.STACK_NAME\">STACK_NAME</a></code> | *No description.* |\n| <code><a href=\"#@cdklabs/cdk-enterprise-iac.ResourceTransform.LOGICAL_ID\">LOGICAL_ID</a></code> | *No description.* |\n\n---\n\n\n##### `STACK_NAME` <a name=\"STACK_NAME\" id=\"@cdklabs/cdk-enterprise-iac.ResourceTransform.STACK_NAME\"></a>\n\n---\n\n\n##### `LOGICAL_ID` <a name=\"LOGICAL_ID\" id=\"@cdklabs/cdk-enterprise-iac.ResourceTransform.LOGICAL_ID\"></a>\n\n---\n</details>\n\n# API Reference <a name=\"API Reference\" id=\"api-reference\"></a>\n\n## Constructs <a name=\"Constructs\" id=\"Constructs\"></a>\n\n### EcsIsoServiceAutoscaler <a name=\"EcsIsoServiceAutoscaler\" id=\"@cdklabs/cdk-enterprise-iac.EcsIsoServiceAutoscaler\"></a>\n\nCreates a EcsIsoServiceAutoscaler construct.\n\nThis construct allows you to scale an ECS service in an ISO\nregion where classic ECS Autoscaling may not be available.\n\n#### Initializers <a name=\"Initializers\" id=\"@cdklabs/cdk-enterprise-iac.EcsIsoServiceAutoscaler.Initializer\"></a>\n\n```python\n# Example automatically generated from non-compiling source. May contain errors.\nfrom cdklabs.cdk_enterprise_iac import EcsIsoServiceAutoscaler\n\n\nEcsIsoServiceAutoscaler(scope, Construct, id, string, props, EcsIsoServiceAutoscalerProps)\n```\n\n| **Name** | **Type** | **Description** |\n| --- | --- | --- |\n| <code><a href=\"#@cdklabs/cdk-enterprise-iac.EcsIsoServiceAutoscaler.Initializer.parameter.scope\">scope</a></code> | <code>constructs.Construct</code> | *No description.* |\n| <code><a href=\"#@cdklabs/cdk-enterprise-iac.EcsIsoServiceAutoscaler.Initializer.parameter.id\">id</a></code> | <code>string</code> | *No description.* |\n| <code><a href=\"#@cdklabs/cdk-enterprise-iac.EcsIsoServiceAutoscaler.Initializer.parameter.props\">props</a></code> | <code><a href=\"#@cdklabs/cdk-enterprise-iac.EcsIsoServiceAutoscalerProps\">EcsIsoServiceAutoscalerProps</a></code> | *No description.* |\n\n---\n\n\n##### `scope`<sup>Required</sup> <a name=\"scope\" id=\"@cdklabs/cdk-enterprise-iac.EcsIsoServiceAutoscaler.Initializer.parameter.scope\"></a>\n\n* *Type:* constructs.Construct\n\n---\n\n\n##### `id`<sup>Required</sup> <a name=\"id\" id=\"@cdklabs/cdk-enterprise-iac.EcsIsoServiceAutoscaler.Initializer.parameter.id\"></a>\n\n* *Type:* string\n\n---\n\n\n##### `props`<sup>Required</sup> <a name=\"props\" id=\"@cdklabs/cdk-enterprise-iac.EcsIsoServiceAutoscaler.Initializer.parameter.props\"></a>\n\n* *Type:* <a href=\"#@cdklabs/cdk-enterprise-iac.EcsIsoServiceAutoscalerProps\">EcsIsoServiceAutoscalerProps</a>\n\n---\n\n\n#### Methods <a name=\"Methods\" id=\"Methods\"></a>\n\n| **Name** | **Description** |\n| --- | --- |\n| <code><a href=\"#@cdklabs/cdk-enterprise-iac.EcsIsoServiceAutoscaler.toString\">toString</a></code> | Returns a string representation of this construct. |\n\n---\n\n\n##### `toString` <a name=\"toString\" id=\"@cdklabs/cdk-enterprise-iac.EcsIsoServiceAutoscaler.toString\"></a>\n\n```python\n# Example automatically generated from non-compiling source. May contain errors.\nto_string()string\n```\n\nReturns a string representation of this construct.\n\n#### Static Functions <a name=\"Static Functions\" id=\"Static Functions\"></a>\n\n| **Name** | **Description** |\n| --- | --- |\n| <code><a href=\"#@cdklabs/cdk-enterprise-iac.EcsIsoServiceAutoscaler.isConstruct\">isConstruct</a></code> | Checks if `x` is a construct. |\n\n---\n\n\n##### ~~`isConstruct`~~ <a name=\"isConstruct\" id=\"@cdklabs/cdk-enterprise-iac.EcsIsoServiceAutoscaler.isConstruct\"></a>\n\n```python\n# Example automatically generated from non-compiling source. May contain errors.\nfrom cdklabs.cdk_enterprise_iac import EcsIsoServiceAutoscaler\n\n\nEcsIsoServiceAutoscaler.is_construct(x, any)\n```\n\nChecks if `x` is a construct.\n\n###### `x`<sup>Required</sup> <a name=\"x\" id=\"@cdklabs/cdk-enterprise-iac.EcsIsoServiceAutoscaler.isConstruct.parameter.x\"></a>\n\n* *Type:* any\n\nAny object.\n\n---\n\n\n#### Properties <a name=\"Properties\" id=\"Properties\"></a>\n\n| **Name** | **Type** | **Description** |\n| --- | --- | --- |\n| <code><a href=\"#@cdklabs/cdk-enterprise-iac.EcsIsoServiceAutoscaler.property.node\">node</a></code> | <code>constructs.Node</code> | The tree node. |\n| <code><a href=\"#@cdklabs/cdk-enterprise-iac.EcsIsoServiceAutoscaler.property.ecsScalingManagerFunction\">ecsScalingManagerFunction</a></code> | <code>aws-cdk-lib.aws_lambda.Function</code> | *No description.* |\n\n---\n\n\n##### `node`<sup>Required</sup> <a name=\"node\" id=\"@cdklabs/cdk-enterprise-iac.EcsIsoServiceAutoscaler.property.node\"></a>\n\n```python\n# Example automatically generated from non-compiling source. May contain errors.\nnode: Node;\n```\n\n* *Type:* constructs.Node\n\nThe tree node.\n\n---\n\n\n##### `ecsScalingManagerFunction`<sup>Required</sup> <a name=\"ecsScalingManagerFunction\" id=\"@cdklabs/cdk-enterprise-iac.EcsIsoServiceAutoscaler.property.ecsScalingManagerFunction\"></a>\n\n```python\necsScalingManagerFunction: Function;\n```\n\n* *Type:* aws-cdk-lib.aws_lambda.Function\n\n---\n\n\n### PopulateWithConfig <a name=\"PopulateWithConfig\" id=\"@cdklabs/cdk-enterprise-iac.PopulateWithConfig\"></a>\n\nPopulate a provided VPC with subnets based on a provided configuration.\n\n*Example*\n\n```python\n# Example automatically generated from non-compiling source. May contain errors.\nmy_subnet_config = [{\n \"group_name\": \"app\",\n \"cidr_range\": \"172.31.0.0/27\",\n \"availability_zone\": \"a\",\n \"subnet_type\": subnet_type.PUBLIC\n}, {\n \"group_name\": \"app\",\n \"cidr_range\": \"172.31.0.32/27\",\n \"availability_zone\": \"b\",\n \"subnet_type\": subnet_type.PUBLIC\n}, {\n \"group_name\": \"db\",\n \"cidr_range\": \"172.31.0.64/27\",\n \"availability_zone\": \"a\",\n \"subnet_type\": subnet_type.PRIVATE_WITH_EGRESS\n}, {\n \"group_name\": \"db\",\n \"cidr_range\": \"172.31.0.96/27\",\n \"availability_zone\": \"b\",\n \"subnet_type\": subnet_type.PRIVATE_WITH_EGRESS\n}, {\n \"group_name\": \"iso\",\n \"cidr_range\": \"172.31.0.128/26\",\n \"availability_zone\": \"a\",\n \"subnet_type\": subnet_type.PRIVATE_ISOLATED\n}, {\n \"group_name\": \"iso\",\n \"cidr_range\": \"172.31.0.196/26\",\n \"availability_zone\": \"b\",\n \"subnet_type\": subnet_type.PRIVATE_ISOLATED\n}\n]\nPopulateWithConfig(self, \"vpcPopulater\",\n vpc_id=\"vpc-abcdefg1234567\",\n private_route_table_id=\"rt-abcdefg123456\",\n local_route_table_id=\"rt-123456abcdefg\",\n subnet_config=my_subnet_config\n)\n```\n\n#### Initializers <a name=\"Initializers\" id=\"@cdklabs/cdk-enterprise-iac.PopulateWithConfig.Initializer\"></a>\n\n```python\n# Example automatically generated from non-compiling source. May contain errors.\nfrom cdklabs.cdk_enterprise_iac import PopulateWithConfig\n\n\nPopulateWithConfig(scope, Construct, id, string, props, PopulateWithConfigProps)\n```\n\n| **Name** | **Type** | **Description** |\n| --- | --- | --- |\n| <code><a href=\"#@cdklabs/cdk-enterprise-iac.PopulateWithConfig.Initializer.parameter.scope\">scope</a></code> | <code>constructs.Construct</code> | *No description.* |\n| <code><a href=\"#@cdklabs/cdk-enterprise-iac.PopulateWithConfig.Initializer.parameter.id\">id</a></code> | <code>string</code> | *No description.* |\n| <code><a href=\"#@cdklabs/cdk-enterprise-iac.PopulateWithConfig.Initializer.parameter.props\">props</a></code> | <code><a href=\"#@cdklabs/cdk-enterprise-iac.PopulateWithConfigProps\">PopulateWithConfigProps</a></code> | *No description.* |\n\n---\n\n\n##### `scope`<sup>Required</sup> <a name=\"scope\" id=\"@cdklabs/cdk-enterprise-iac.PopulateWithConfig.Initializer.parameter.scope\"></a>\n\n* *Type:* constructs.Construct\n\n---\n\n\n##### `id`<sup>Required</sup> <a name=\"id\" id=\"@cdklabs/cdk-enterprise-iac.PopulateWithConfig.Initializer.parameter.id\"></a>\n\n* *Type:* string\n\n---\n\n\n##### `props`<sup>Required</sup> <a name=\"props\" id=\"@cdklabs/cdk-enterprise-iac.PopulateWithConfig.Initializer.parameter.props\"></a>\n\n* *Type:* <a href=\"#@cdklabs/cdk-enterprise-iac.PopulateWithConfigProps\">PopulateWithConfigProps</a>\n\n---\n\n\n#### Methods <a name=\"Methods\" id=\"Methods\"></a>\n\n| **Name** | **Description** |\n| --- | --- |\n| <code><a href=\"#@cdklabs/cdk-enterprise-iac.PopulateWithConfig.toString\">toString</a></code> | Returns a string representation of this construct. |\n\n---\n\n\n##### `toString` <a name=\"toString\" id=\"@cdklabs/cdk-enterprise-iac.PopulateWithConfig.toString\"></a>\n\n```python\n# Example automatically generated from non-compiling source. May contain errors.\nto_string()string\n```\n\nReturns a string representation of this construct.\n\n#### Static Functions <a name=\"Static Functions\" id=\"Static Functions\"></a>\n\n| **Name** | **Description** |\n| --- | --- |\n| <code><a href=\"#@cdklabs/cdk-enterprise-iac.PopulateWithConfig.isConstruct\">isConstruct</a></code> | Checks if `x` is a construct. |\n\n---\n\n\n##### ~~`isConstruct`~~ <a name=\"isConstruct\" id=\"@cdklabs/cdk-enterprise-iac.PopulateWithConfig.isConstruct\"></a>\n\n```python\n# Example automatically generated from non-compiling source. May contain errors.\nfrom cdklabs.cdk_enterprise_iac import PopulateWithConfig\n\n\nPopulateWithConfig.is_construct(x, any)\n```\n\nChecks if `x` is a construct.\n\n###### `x`<sup>Required</sup> <a name=\"x\" id=\"@cdklabs/cdk-enterprise-iac.PopulateWithConfig.isConstruct.parameter.x\"></a>\n\n* *Type:* any\n\nAny object.\n\n---\n\n\n#### Properties <a name=\"Properties\" id=\"Properties\"></a>\n\n| **Name** | **Type** | **Description** |\n| --- | --- | --- |\n| <code><a href=\"#@cdklabs/cdk-enterprise-iac.PopulateWithConfig.property.node\">node</a></code> | <code>constructs.Node</code> | The tree node. |\n\n---\n\n\n##### `node`<sup>Required</sup> <a name=\"node\" id=\"@cdklabs/cdk-enterprise-iac.PopulateWithConfig.property.node\"></a>\n\n```python\n# Example automatically generated from non-compiling source. May contain errors.\nnode: Node;\n```\n\n* *Type:* constructs.Node\n\nThe tree node.\n\n---\n\n\n### SplitVpcEvenly <a name=\"SplitVpcEvenly\" id=\"@cdklabs/cdk-enterprise-iac.SplitVpcEvenly\"></a>\n\nSplits a VPC evenly between a provided number of AZs (3 if not defined), and attaches a provided route table to each, and labels.\n\n*Example*\n\n```python\n# Example automatically generated from non-compiling source. May contain errors.\n# with more specific properties\nSplitVpcEvenly(self, \"evenSplitVpc\",\n vpc_id=\"vpc-abcdefg123456\",\n vpc_cidr=\"172.16.0.0/16\",\n route_table_id=\"rt-abcdefgh123456\",\n cidr_bits=\"10\",\n number_of_azs=4,\n subnet_type=subnet_type.PRIVATE_ISOLATED\n)\n```\n\n#### Initializers <a name=\"Initializers\" id=\"@cdklabs/cdk-enterprise-iac.SplitVpcEvenly.Initializer\"></a>\n\n```python\n# Example automatically generated from non-compiling source. May contain errors.\nfrom cdklabs.cdk_enterprise_iac import SplitVpcEvenly\n\n\nSplitVpcEvenly(scope, Construct, id, string, props, SplitVpcEvenlyProps)\n```\n\n| **Name** | **Type** | **Description** |\n| --- | --- | --- |\n| <code><a href=\"#@cdklabs/cdk-enterprise-iac.SplitVpcEvenly.Initializer.parameter.scope\">scope</a></code> | <code>constructs.Construct</code> | *No description.* |\n| <code><a href=\"#@cdklabs/cdk-enterprise-iac.SplitVpcEvenly.Initializer.parameter.id\">id</a></code> | <code>string</code> | *No description.* |\n| <code><a href=\"#@cdklabs/cdk-enterprise-iac.SplitVpcEvenly.Initializer.parameter.props\">props</a></code> | <code><a href=\"#@cdklabs/cdk-enterprise-iac.SplitVpcEvenlyProps\">SplitVpcEvenlyProps</a></code> | *No description.* |\n\n---\n\n\n##### `scope`<sup>Required</sup> <a name=\"scope\" id=\"@cdklabs/cdk-enterprise-iac.SplitVpcEvenly.Initializer.parameter.scope\"></a>\n\n* *Type:* constructs.Construct\n\n---\n\n\n##### `id`<sup>Required</sup> <a name=\"id\" id=\"@cdklabs/cdk-enterprise-iac.SplitVpcEvenly.Initializer.parameter.id\"></a>\n\n* *Type:* string\n\n---\n\n\n##### `props`<sup>Required</sup> <a name=\"props\" id=\"@cdklabs/cdk-enterprise-iac.SplitVpcEvenly.Initializer.parameter.props\"></a>\n\n* *Type:* <a href=\"#@cdklabs/cdk-enterprise-iac.SplitVpcEvenlyProps\">SplitVpcEvenlyProps</a>\n\n---\n\n\n#### Methods <a name=\"Methods\" id=\"Methods\"></a>\n\n| **Name** | **Description** |\n| --- | --- |\n| <code><a href=\"#@cdklabs/cdk-enterprise-iac.SplitVpcEvenly.toString\">toString</a></code> | Returns a string representation of this construct. |\n\n---\n\n\n##### `toString` <a name=\"toString\" id=\"@cdklabs/cdk-enterprise-iac.SplitVpcEvenly.toString\"></a>\n\n```python\n# Example automatically generated from non-compiling source. May contain errors.\nto_string()string\n```\n\nReturns a string representation of this construct.\n\n#### Static Functions <a name=\"Static Functions\" id=\"Static Functions\"></a>\n\n| **Name** | **Description** |\n| --- | --- |\n| <code><a href=\"#@cdklabs/cdk-enterprise-iac.SplitVpcEvenly.isConstruct\">isConstruct</a></code> | Checks if `x` is a construct. |\n\n---\n\n\n##### ~~`isConstruct`~~ <a name=\"isConstruct\" id=\"@cdklabs/cdk-enterprise-iac.SplitVpcEvenly.isConstruct\"></a>\n\n```python\n# Example automatically generated from non-compiling source. May contain errors.\nfrom cdklabs.cdk_enterprise_iac import SplitVpcEvenly\n\n\nSplitVpcEvenly.is_construct(x, any)\n```\n\nChecks if `x` is a construct.\n\n###### `x`<sup>Required</sup> <a name=\"x\" id=\"@cdklabs/cdk-enterprise-iac.SplitVpcEvenly.isConstruct.parameter.x\"></a>\n\n* *Type:* any\n\nAny object.\n\n---\n\n\n#### Properties <a name=\"Properties\" id=\"Properties\"></a>\n\n| **Name** | **Type** | **Description** |\n| --- | --- | --- |\n| <code><a href=\"#@cdklabs/cdk-enterprise-iac.SplitVpcEvenly.property.node\">node</a></code> | <code>constructs.Node</code> | The tree node. |\n\n---\n\n\n##### `node`<sup>Required</sup> <a name=\"node\" id=\"@cdklabs/cdk-enterprise-iac.SplitVpcEvenly.property.node\"></a>\n\n```python\n# Example automatically generated from non-compiling source. May contain errors.\nnode: Node;\n```\n\n* *Type:* constructs.Node\n\nThe tree node.\n\n---\n\n\n## Structs <a name=\"Structs\" id=\"Structs\"></a>\n\n### AddCfnInitProxyProps <a name=\"AddCfnInitProxyProps\" id=\"@cdklabs/cdk-enterprise-iac.AddCfnInitProxyProps\"></a>\n\nProperties for the proxy server to use with cfn helper commands.\n\n#### Initializer <a name=\"Initializer\" id=\"@cdklabs/cdk-enterprise-iac.AddCfnInitProxyProps.Initializer\"></a>\n\n```python\n# Example automatically generated from non-compiling source. May contain errors.\nfrom cdklabs.cdk_enterprise_iac import AddCfnInitProxyProps\n\n\nadd_cfn_init_proxy_props = AddCfnInitProxyProps(...)\n```\n\n#### Properties <a name=\"Properties\" id=\"Properties\"></a>\n\n| **Name** | **Type** | **Description** |\n| --- | --- | --- |\n| <code><a href=\"#@cdklabs/cdk-enterprise-iac.AddCfnInitProxyProps.property.proxyHost\">proxyHost</a></code> | <code>string</code> | host of your proxy. |\n| <code><a href=\"#@cdklabs/cdk-enterprise-iac.AddCfnInitProxyProps.property.proxyPort\">proxyPort</a></code> | <code>number</code> | proxy port. |\n| <code><a href=\"#@cdklabs/cdk-enterprise-iac.AddCfnInitProxyProps.property.proxyCredentials\">proxyCredentials</a></code> | <code>aws-cdk-lib.aws_secretsmanager.ISecret</code> | JSON secret containing `user` and `password` properties to use if your proxy requires credentials `http://user:password@host:port` could contain sensitive data, so using a Secret. |\n| <code><a href=\"#@cdklabs/cdk-enterprise-iac.AddCfnInitProxyProps.property.proxyType\">proxyType</a></code> | <code><a href=\"#@cdklabs/cdk-enterprise-iac.ProxyType\">ProxyType</a></code> | Proxy Type. |\n\n---\n\n\n##### `proxyHost`<sup>Required</sup> <a name=\"proxyHost\" id=\"@cdklabs/cdk-enterprise-iac.AddCfnInitProxyProps.property.proxyHost\"></a>\n\n```python\n# Example automatically generated from non-compiling source. May contain errors.\nproxyHost: string;\n```\n\n* *Type:* string\n\nhost of your proxy.\n\n---\n\n\n*Example*\n\n```python\n# Example automatically generated from non-compiling source. May contain errors.\nexample.com\n```\n\n##### `proxyPort`<sup>Required</sup> <a name=\"proxyPort\" id=\"@cdklabs/cdk-enterprise-iac.AddCfnInitProxyProps.property.proxyPort\"></a>\n\n```python\n# Example automatically generated from non-compiling source. May contain errors.\nproxyPort: number;\n```\n\n* *Type:* number\n\nproxy port.\n\n---\n\n\n*Example*\n\n```python\n8080\n```\n\n##### `proxyCredentials`<sup>Optional</sup> <a name=\"proxyCredentials\" id=\"@cdklabs/cdk-enterprise-iac.AddCfnInitProxyProps.property.proxyCredentials\"></a>\n\n```python\n# Example automatically generated from non-compiling source. May contain errors.\nproxyCredentials: ISecret;\n```\n\n* *Type:* aws-cdk-lib.aws_secretsmanager.ISecret\n\nJSON secret containing `user` and `password` properties to use if your proxy requires credentials `http://user:password@host:port` could contain sensitive data, so using a Secret.\n\nNote that while the `user` and `password` won't be visible in the cloudformation template\nthey **will** be in plain text inside your `UserData`\n\n---\n\n\n*Example*\n\n```python\n# Example automatically generated from non-compiling source. May contain errors.\nsecret = Secret(stack, \"TestSecret\",\n secret_object_value={\n \"user\": SecretValue,\n \"password\": SecretValue\n }\n)\n```\n\n##### `proxyType`<sup>Optional</sup> <a name=\"proxyType\" id=\"@cdklabs/cdk-enterprise-iac.AddCfnInitProxyProps.property.proxyType\"></a>\n\n```python\n# Example automatically generated from non-compiling source. May contain errors.\nproxyType: ProxyType;\n```\n\n* *Type:* <a href=\"#@cdklabs/cdk-enterprise-iac.ProxyType\">ProxyType</a>\n* *Default:* ProxyType.HTTP\n\nProxy Type.\n\n---\n\n\n*Example*\n\n```python\n# Example automatically generated from non-compiling source. May contain errors.\nProxyType.HTTPS\n```\n\n### AddPermissionBoundaryProps <a name=\"AddPermissionBoundaryProps\" id=\"@cdklabs/cdk-enterprise-iac.AddPermissionBoundaryProps\"></a>\n\nProperties to pass to the AddPermissionBoundary.\n\n#### Initializer <a name=\"Initializer\" id=\"@cdklabs/cdk-enterprise-iac.AddPermissionBoundaryProps.Initializer\"></a>\n\n```python\n# Example automatically generated from non-compiling source. May contain errors.\nfrom cdklabs.cdk_enterprise_iac import AddPermissionBoundaryProps\n\n\nadd_permission_boundary_props = AddPermissionBoundaryProps(...)\n```\n\n#### Properties <a name=\"Properties\" id=\"Properties\"></a>\n\n| **Name** | **Type** | **Description** |\n| --- | --- | --- |\n| <code><a href=\"#@cdklabs/cdk-enterprise-iac.AddPermissionBoundaryProps.property.permissionsBoundaryPolicyName\">permissionsBoundaryPolicyName</a></code> | <code>string</code> | Name of Permissions Boundary Policy to add to all IAM roles. |\n| <code><a href=\"#@cdklabs/cdk-enterprise-iac.AddPermissionBoundaryProps.property.instanceProfilePrefix\">instanceProfilePrefix</a></code> | <code>string</code> | A prefix to prepend to the name of the IAM InstanceProfiles (Default: ''). |\n| <code><a href=\"#@cdklabs/cdk-enterprise-iac.AddPermissionBoundaryProps.property.policyPrefix\">policyPrefix</a></code> | <code>string</code> | A prefix to prepend to the name of the IAM Policies and ManagedPolicies (Default: ''). |\n| <code><a href=\"#@cdklabs/cdk-enterprise-iac.AddPermissionBoundaryProps.property.rolePrefix\">rolePrefix</a></code> | <code>string</code> | A prefix to prepend to the name of IAM Roles (Default: ''). |\n\n---\n\n\n##### `permissionsBoundaryPolicyName`<sup>Required</sup> <a name=\"permissionsBoundaryPolicyName\" id=\"@cdklabs/cdk-enterprise-iac.AddPermissionBoundaryProps.property.permissionsBoundaryPolicyName\"></a>\n\n```python\n# Example automatically generated from non-compiling source. May contain errors.\npermissionsBoundaryPolicyName: string;\n```\n\n* *Type:* string\n\nName of Permissions Boundary Policy to add to all IAM roles.\n\n---\n\n\n##### `instanceProfilePrefix`<sup>Optional</sup> <a name=\"instanceProfilePrefix\" id=\"@cdklabs/cdk-enterprise-iac.AddPermissionBoundaryProps.property.instanceProfilePrefix\"></a>\n\n```python\n# Example automatically generated from non-compiling source. May contain errors.\ninstanceProfilePrefix: string;\n```\n\n* *Type:* string\n\nA prefix to prepend to the name of the IAM InstanceProfiles (Default: '').\n\n---\n\n\n##### `policyPrefix`<sup>Optional</sup> <a name=\"policyPrefix\" id=\"@cdklabs/cdk-enterprise-iac.AddPermissionBoundaryProps.property.policyPrefix\"></a>\n\n```python\n# Example automatically generated from non-compiling source. May contain errors.\npolicyPrefix: string;\n```\n\n* *Type:* string\n\nA prefix to prepend to the name of the IAM Policies and ManagedPolicies (Default: '').\n\n---\n\n\n##### `rolePrefix`<sup>Optional</sup> <a name=\"rolePrefix\" id=\"@cdklabs/cdk-enterprise-iac.AddPermissionBoundaryProps.property.rolePrefix\"></a>\n\n```python\n# Example automatically generated from non-compiling source. May contain errors.\nrolePrefix: string;\n```\n\n* *Type:* string\n\nA prefix to prepend to the name of IAM Roles (Default: '').\n\n---\n\n\n### EcsIsoServiceAutoscalerProps <a name=\"EcsIsoServiceAutoscalerProps\" id=\"@cdklabs/cdk-enterprise-iac.EcsIsoServiceAutoscalerProps\"></a>\n\n#### Initializer <a name=\"Initializer\" id=\"@cdklabs/cdk-enterprise-iac.EcsIsoServiceAutoscalerProps.Initializer\"></a>\n\n```python\n# Example automatically generated from non-compiling source. May contain errors.\nfrom cdklabs.cdk_enterprise_iac import EcsIsoServiceAutoscalerProps\n\n\necs_iso_service_autoscaler_props = EcsIsoServiceAutoscalerProps(...)\n```\n\n#### Properties <a name=\"Properties\" id=\"Properties\"></a>\n\n| **Name** | **Type** | **Description** |\n| --- | --- | --- |\n| <code><a href=\"#@cdklabs/cdk-enterprise-iac.EcsIsoServiceAutoscalerProps.property.ecsCluster\">ecsCluster</a></code> | <code>aws-cdk-lib.aws_ecs.Cluster</code> | The cluster the service you wish to scale resides in. |\n| <code><a href=\"#@cdklabs/cdk-enterprise-iac.EcsIsoServiceAutoscalerProps.property.ecsService\">ecsService</a></code> | <code>aws-cdk-lib.aws_ecs.IService</code> | The ECS service you wish to scale. |\n| <code><a href=\"#@cdklabs/cdk-enterprise-iac.EcsIsoServiceAutoscalerProps.property.scaleAlarm\">scaleAlarm</a></code> | <code>aws-cdk-lib.aws_cloudwatch.AlarmBase</code> | The Cloudwatch Alarm that will cause scaling actions to be invoked, whether it's in or not in alarm will determine scale up and down actions. |\n| <code><a href=\"#@cdklabs/cdk-enterprise-iac.EcsIsoServiceAutoscalerProps.property.maximumTaskCount\">maximumTaskCount</a></code> | <code>number</code> | The maximum number of tasks that the service will scale out to. |\n| <code><a href=\"#@cdklabs/cdk-enterprise-iac.EcsIsoServiceAutoscalerProps.property.minimumTaskCount\">minimumTaskCount</a></code> | <code>number</code> | The minimum number of tasks the service will have. |\n| <code><a href=\"#@cdklabs/cdk-enterprise-iac.EcsIsoServiceAutoscalerProps.property.role\">role</a></code> | <code>aws-cdk-lib.aws_iam.IRole</code> | Optional IAM role to attach to the created lambda to adjust the desired count on the ECS Service. |\n| <code><a href=\"#@cdklabs/cdk-enterprise-iac.EcsIsoServiceAutoscalerProps.property.scaleInCooldown\">scaleInCooldown</a></code> | <code>aws-cdk-lib.Duration</code> | How long will the application wait before performing another scale in action. |\n| <code><a href=\"#@cdklabs/cdk-enterprise-iac.EcsIsoServiceAutoscalerProps.property.scaleInIncrement\">scaleInIncrement</a></code> | <code>number</code> | The number of tasks that will scale in on scale in alarm status. |\n| <code><a href=\"#@cdklabs/cdk-enterprise-iac.EcsIsoServiceAutoscalerProps.property.scaleOutCooldown\">scaleOutCooldown</a></code> | <code>aws-cdk-lib.Duration</code> | How long will a the application wait before performing another scale out action. |\n| <code><a href=\"#@cdklabs/cdk-enterprise-iac.EcsIsoServiceAutoscalerProps.property.scaleOutIncrement\">scaleOutIncrement</a></code> | <code>number</code> | The number of tasks that will scale out on scale out alarm status. |\n\n---\n\n\n##### `ecsCluster`<sup>Required</sup> <a name=\"ecsCluster\" id=\"@cdklabs/cdk-enterprise-iac.EcsIsoServiceAutoscalerProps.property.ecsCluster\"></a>\n\n```python\n# Example automatically generated from non-compiling source. May contain errors.\necsCluster: Cluster;\n```\n\n* *Type:* aws-cdk-lib.aws_ecs.Cluster\n\nThe cluster the service you wish to scale resides in.\n\n---\n\n\n##### `ecsService`<sup>Required</sup> <a name=\"ecsService\" id=\"@cdklabs/cdk-enterprise-iac.EcsIsoServiceAutoscalerProps.property.ecsService\"></a>\n\n```python\n# Example automatically generated from non-compiling source. May contain errors.\necsService: IService;\n```\n\n* *Type:* aws-cdk-lib.aws_ecs.IService\n\nThe ECS service you wish to scale.\n\n---\n\n\n##### `scaleAlarm`<sup>Required</sup> <a name=\"scaleAlarm\" id=\"@cdklabs/cdk-enterprise-iac.EcsIsoServiceAutoscalerProps.property.scaleAlarm\"></a>\n\n```python\n# Example automatically generated from non-compiling source. May contain errors.\nscaleAlarm: AlarmBase;\n```\n\n* *Type:* aws-cdk-lib.aws_cloudwatch.AlarmBase\n\nThe Cloudwatch Alarm that will cause scaling actions to be invoked, whether it's in or not in alarm will determine scale up and down actions.\n\nNote: composite alarms can not be generated with CFN in all regions, while this allows you to pass in a composite alarm alarm creation is outside the scope of this construct\n\n---\n\n\n##### `maximumTaskCount`<sup>Optional</sup> <a name=\"maximumTaskCount\" id=\"@cdklabs/cdk-enterprise-iac.EcsIsoServiceAutoscalerProps.property.maximumTaskCount\"></a>\n\n```python\n# Example automatically generated from non-compiling source. May contain errors.\nmaximumTaskCount: number;\n```\n\n* *Type:* number\n* *Default:* 10\n\nThe maximum number of tasks that the service will scale out to.\n\nNote: This does not provide any protection from scaling out above the maximum allowed in your account, set this variable and manage account quotas appropriately.\n\n---\n\n\n##### `minimumTaskCount`<sup>Optional</sup> <a name=\"minimumTaskCount\" id=\"@cdklabs/cdk-enterprise-iac.EcsIsoServiceAutoscalerProps.property.minimumTaskCount\"></a>\n\n```python\n# Example automatically generated from non-compiling source. May contain errors.\nminimumTaskCount: number;\n```\n\n* *Type:* number\n* *Default:* 1\n\nThe minimum number of tasks the service will have.\n\n---\n\n\n##### `role`<sup>Optional</sup> <a name=\"role\" id=\"@cdklabs/cdk-enterprise-iac.EcsIsoServiceAutoscalerProps.property.role\"></a>\n\n```python\n# Example automatically generated from non-compiling source. May contain errors.\nrole: IRole;\n```\n\n* *Type:* aws-cdk-lib.aws_iam.IRole\n* *Default:* A role is created for you with least privilege IAM policy\n\nOptional IAM role to attach to the created lambda to adjust the desired count on the ECS Service.\n\nEnsure this role has appropriate privileges. Example IAM policy statements:\n\n```json\n{\n \"PolicyDocument\": {\n \"Statement\": [\n {\n \"Action\": \"cloudwatch:DescribeAlarms\",\n \"Effect\": \"Allow\",\n \"Resource\": \"*\"\n },\n {\n \"Action\": [\n \"ecs:DescribeServices\",\n \"ecs:UpdateService\"\n ],\n \"Condition\": {\n \"StringEquals\": {\n \"ecs:cluster\": \"arn:${Partition}:ecs:${Region}:${Account}:cluster/${ClusterName}\"\n }\n },\n \"Effect\": \"Allow\",\n \"Resource\": \"arn:${Partition}:ecs:${Region}:${Account}:service/${ClusterName}/${ServiceName}\"\n }\n ],\n \"Version\": \"2012-10-17\"\n }\n}\n```\n\n---\n\n\n##### `scaleInCooldown`<sup>Optional</sup> <a name=\"scaleInCooldown\" id=\"@cdklabs/cdk-enterprise-iac.EcsIsoServiceAutoscalerProps.property.scaleInCooldown\"></a>\n\n```python\n# Example automatically generated from non-compiling source. May contain errors.\nscaleInCooldown: Duration;\n```\n\n* *Type:* aws-cdk-lib.Duration\n* *Default:* 60 seconds\n\nHow long will the application wait before performing another scale in action.\n\n---\n\n\n##### `scaleInIncrement`<sup>Optional</sup> <a name=\"scaleInIncrement\" id=\"@cdklabs/cdk-enterprise-iac.EcsIsoServiceAutoscalerProps.property.scaleInIncrement\"></a>\n\n```python\n# Example automatically generated from non-compiling source. May contain errors.\nscaleInIncrement: number;\n```\n\n* *Type:* number\n* *Default:* 1\n\nThe number of tasks that will scale in on scale in alarm status.\n\n---\n\n\n##### `scaleOutCooldown`<sup>Optional</sup> <a name=\"scaleOutCooldown\" id=\"@cdklabs/cdk-enterprise-iac.EcsIsoServiceAutoscalerProps.property.scaleOutCooldown\"></a>\n\n```python\n# Example automatically generated from non-compiling source. May contain errors.\nscaleOutCooldown: Duration;\n```\n\n* *Type:* aws-cdk-lib.Duration\n* *Default:* 60 seconds\n\nHow long will a the application wait before performing another scale out action.\n\n---\n\n\n##### `scaleOutIncrement`<sup>Optional</sup> <a name=\"scaleOutIncrement\" id=\"@cdklabs/cdk-enterprise-iac.EcsIsoServiceAutoscalerProps.property.scaleOutIncrement\"></a>\n\n```python\n# Example automatically generated from non-compiling source. May contain errors.\nscaleOutIncrement: number;\n```\n\n* *Type:* number\n* *Default:* 1\n\nThe number of tasks that will scale out on scale out alarm status.\n\n---\n\n\n### PopulateWithConfigProps <a name=\"PopulateWithConfigProps\" id=\"@cdklabs/cdk-enterprise-iac.PopulateWithConfigProps\"></a>\n\n#### Initializer <a name=\"Initializer\" id=\"@cdklabs/cdk-enterprise-iac.PopulateWithConfigProps.Initializer\"></a>\n\n```python\n# Example automatically generated from non-compiling source. May contain errors.\nfrom cdklabs.cdk_enterprise_iac import PopulateWithConfigProps\n\n\npopulate_with_config_props = PopulateWithConfigProps(...)\n```\n\n#### Properties <a name=\"Properties\" id=\"Properties\"></a>\n\n| **Name** | **Type** | **Description** |\n| --- | --- | --- |\n| <code><a href=\"#@cdklabs/cdk-enterprise-iac.PopulateWithConfigProps.property.localRouteTableId\">localRouteTableId</a></code> | <code>string</code> | Local route table ID, with routes only to local VPC. |\n| <code><a href=\"#@cdklabs/cdk-enterprise-iac.PopulateWithConfigProps.property.privateRouteTableId\">privateRouteTableId</a></code> | <code>string</code> | Route table ID for a provided route table with routes to enterprise network. |\n| <code><a href=\"#@cdklabs/cdk-enterprise-iac.PopulateWithConfigProps.property.subnetConfig\">subnetConfig</a></code> | <code><a href=\"#@cdklabs/cdk-enterprise-iac.SubnetConfig\">SubnetConfig</a>[]</code> | List of Subnet configs to provision to provision. |\n| <code><a href=\"#@cdklabs/cdk-enterprise-iac.PopulateWithConfigProps.property.vpcId\">vpcId</a></code> | <code>string</code> | ID of the VPC provided that needs to be populated. |\n\n---\n\n\n##### `localRouteTableId`<sup>Required</sup> <a name=\"localRouteTableId\" id=\"@cdklabs/cdk-enterprise-iac.PopulateWithConfigProps.property.localRouteTableId\"></a>\n\n```python\n# Example automatically generated from non-compiling source. May contain errors.\nlocalRouteTableId: string;\n```\n\n* *Type:* string\n\nLocal route table ID, with routes only to local VPC.\n\n---\n\n\n##### `privateRouteTableId`<sup>Required</sup> <a name=\"privateRouteTableId\" id=\"@cdklabs/cdk-enterprise-iac.PopulateWithConfigProps.property.privateRouteTableId\"></a>\n\n```python\n# Example automatically generated from non-compiling source. May contain errors.\nprivateRouteTableId: string;\n```\n\n* *Type:* string\n\nRoute table ID for a provided route table with routes to enterprise network.\n\nBoth subnetType.PUBLIC and subnetType.PRIVATE_WITH_EGRESS will use this property\n\n---\n\n\n##### `subnetConfig`<sup>Required</sup> <a name=\"subnetConfig\" id=\"@cdklabs/cdk-enterprise-iac.PopulateWithConfigProps.property.subnetConfig\"></a>\n\n```python\n# Example automatically generated from non-compiling source. May contain errors.\nsubnetConfig: SubnetConfig[];\n```\n\n* *Type:* <a href=\"#@cdklabs/cdk-enterprise-iac.SubnetConfig\">SubnetConfig</a>[]\n\nList of Subnet configs to provision to provision.\n\n---\n\n\n##### `vpcId`<sup>Required</sup> <a name=\"vpcId\" id=\"@cdklabs/cdk-enterprise-iac.PopulateWithConfigProps.property.vpcId\"></a>\n\n```python\n# Example automatically generated from non-compiling source. May contain errors.\nvpcId: string;\n```\n\n* *Type:* string\n\nID of the VPC provided that needs to be populated.\n\n---\n\n\n### RemoveTagsProps <a name=\"RemoveTagsProps\" id=\"@cdklabs/cdk-enterprise-iac.RemoveTagsProps\"></a>\n\n#### Initializer <a name=\"Initializer\" id=\"@cdklabs/cdk-enterprise-iac.RemoveTagsProps.Initializer\"></a>\n\n```python\n# Example automatically generated from non-compiling source. May contain errors.\nfrom cdklabs.cdk_enterprise_iac import RemoveTagsProps\n\n\nremove_tags_props = RemoveTagsProps(...)\n```\n\n#### Properties <a name=\"Properties\" id=\"Properties\"></a>\n\n| **Name** | **Type** | **Description** |\n| --- | --- | --- |\n| <code><a href=\"#@cdklabs/cdk-enterprise-iac.RemoveTagsProps.property.cloudformationResource\">cloudformationResource</a></code> | <code>string</code> | Name of Cloudformation resource Type (e.g. 'AWS::Lambda::Function'). |\n| <code><a href=\"#@cdklabs/cdk-enterprise-iac.RemoveTagsProps.property.tagPropertyName\">tagPropertyName</a></code> | <code>string</code> | Name of the tag property to remove from the resource. |\n\n---\n\n\n##### `cloudformationResource`<sup>Required</sup> <a name=\"cloudformationResource\" id=\"@cdklabs/cdk-enterprise-iac.RemoveTagsProps.property.cloudformationResource\"></a>\n\n```python\n# Example automatically generated from non-compiling source. May contain errors.\ncloudformationResource: string;\n```\n\n* *Type:* string\n\nName of Cloudformation resource Type (e.g. 'AWS::Lambda::Function').\n\n---\n\n\n##### `tagPropertyName`<sup>Optional</sup> <a name=\"tagPropertyName\" id=\"@cdklabs/cdk-enterprise-iac.RemoveTagsProps.property.tagPropertyName\"></a>\n\n```python\n# Example automatically generated from non-compiling source. May contain errors.\ntagPropertyName: string;\n```\n\n* *Type:* string\n* *Default:* Tags\n\nName of the tag property to remove from the resource.\n\n---\n\n\n### ResourceExtractorProps <a name=\"ResourceExtractorProps\" id=\"@cdklabs/cdk-enterprise-iac.ResourceExtractorProps\"></a>\n\n#### Initializer <a name=\"Initializer\" id=\"@cdklabs/cdk-enterprise-iac.ResourceExtractorProps.Initializer\"></a>\n\n```python\n# Example automatically generated from non-compiling source. May contain errors.\nfrom cdklabs.cdk_enterprise_iac import ResourceExtractorProps\n\n\nresource_extractor_props = ResourceExtractorProps(...)\n```\n\n#### Properties <a name=\"Properties\" id=\"Properties\"></a>\n\n| **Name** | **Type** | **Description** |\n| --- | --- | --- |\n| <code><a href=\"#@cdklabs/cdk-enterprise-iac.ResourceExtractorProps.property.extractDestinationStack\">extractDestinationStack</a></code> | <code>aws-cdk-lib.Stack</code> | Stack to move found extracted resources into. |\n| <code><a href=\"#@cdklabs/cdk-enterprise-iac.ResourceExtractorProps.property.resourceTypesToExtract\">resourceTypesToExtract</a></code> | <code>string[]</code> | List of resource types to extract, ex: `AWS::IAM::Role`. |\n| <code><a href=\"#@cdklabs/cdk-enterprise-iac.ResourceExtractorProps.property.stackArtifacts\">stackArtifacts</a></code> | <code>aws-cdk-lib.cx_api.CloudFormationStackArtifact[]</code> | Synthed stack artifacts from your CDK app. |\n| <code><a href=\"#@cdklabs/cdk-enterprise-iac.ResourceExtractorProps.property.additionalTransforms\">additionalTransforms</a></code> | <code>{[ key: string ]: string}</code> | Additional resource transformations. |\n| <code><a href=\"#@cdklabs/cdk-enterprise-iac.ResourceExtractorProps.property.valueShareMethod\">valueShareMethod</a></code> | <code><a href=\"#@cdklabs/cdk-enterprise-iac.ResourceExtractorShareMethod\">ResourceExtractorShareMethod</a></code> | The sharing method to use when passing exported resources from the \"Extracted Stack\" into the original stack(s). |\n\n---\n\n\n##### `extractDestinationStack`<sup>Required</sup> <a name=\"extractDestinationStack\" id=\"@cdklabs/cdk-enterprise-iac.ResourceExtractorProps.property.extractDestinationStack\"></a>\n\n```python\nextractDestinationStack: Stack;\n```\n\n* *Type:* aws-cdk-lib.Stack\n\nStack to move found extracted resources into.\n\n---\n\n\n##### `resourceTypesToExtract`<sup>Required</sup> <a name=\"resourceTypesToExtract\" id=\"@cdklabs/cdk-enterprise-iac.ResourceExtractorProps.property.resourceTypesToExtract\"></a>\n\n```python\n# Example automatically generated from non-compiling source. May contain errors.\nresourceTypesToExtract: string[];\n```\n\n* *Type:* string[]\n\nList of resource types to extract, ex: `AWS::IAM::Role`.\n\n---\n\n\n##### `stackArtifacts`<sup>Required</sup> <a name=\"stackArtifacts\" id=\"@cdklabs/cdk-enterprise-iac.ResourceExtractorProps.property.stackArtifacts\"></a>\n\n```python\n# Example automatically generated from non-compiling source. May contain errors.\nstackArtifacts: CloudFormationStackArtifact[];\n```\n\n* *Type:* aws-cdk-lib.cx_api.CloudFormationStackArtifact[]\n\nSynthed stack artifacts from your CDK app.\n\n---\n\n\n##### `additionalTransforms`<sup>Optional</sup> <a name=\"additionalTransforms\" id=\"@cdklabs/cdk-enterprise-iac.ResourceExtractorProps.property.additionalTransforms\"></a>\n\n```python\n# Example automatically generated from non-compiling source. May contain errors.\nadditionalTransforms: {[ key: string ]: string}\n```\n\n* *Type:* {[ key: string ]: string}\n\nAdditional resource transformations.\n\n---\n\n\n##### `valueShareMethod`<sup>Optional</sup> <a name=\"valueShareMethod\" id=\"@cdklabs/cdk-enterprise-iac.ResourceExtractorProps.property.valueShareMethod\"></a>\n\n```python\n# Example automatically generated from non-compiling source. May contain errors.\nvalueShareMethod: ResourceExtractorShareMethod;\n```\n\n* *Type:* <a href=\"#@cdklabs/cdk-enterprise-iac.ResourceExtractorShareMethod\">ResourceExtractorShareMethod</a>\n\nThe sharing method to use when passing exported resources from the \"Extracted Stack\" into the original stack(s).\n\n---\n\n\n### SetApiGatewayEndpointConfigurationProps <a name=\"SetApiGatewayEndpointConfigurationProps\" id=\"@cdklabs/cdk-enterprise-iac.SetApiGatewayEndpointConfigurationProps\"></a>\n\n#### Initializer <a name=\"Initializer\" id=\"@cdklabs/cdk-enterprise-iac.SetApiGatewayEndpointConfigurationProps.Initializer\"></a>\n\n```python\n# Example automatically generated from non-compiling source. May contain errors.\nfrom cdklabs.cdk_enterprise_iac import SetApiGatewayEndpointConfigurationProps\n\n\nset_api_gateway_endpoint_configuration_props = SetApiGatewayEndpointConfigurationProps(...)\n```\n\n#### Properties <a name=\"Properties\" id=\"Properties\"></a>\n\n| **Name** | **Type** | **Description** |\n| --- | --- | --- |\n| <code><a href=\"#@cdklabs/cdk-enterprise-iac.SetApiGatewayEndpointConfigurationProps.property.endpointType\">endpointType</a></code> | <code>aws-cdk-lib.aws_apigateway.EndpointType</code> | API Gateway endpoint type to override to. |\n\n---\n\n\n##### `endpointType`<sup>Optional</sup> <a name=\"endpointType\" id=\"@cdklabs/cdk-enterprise-iac.SetApiGatewayEndpointConfigurationProps.property.endpointType\"></a>\n\n```python\n# Example automatically generated from non-compiling source. May contain errors.\nendpointType: EndpointType;\n```\n\n* *Type:* aws-cdk-lib.aws_apigateway.EndpointType\n* *Default:* EndpointType.REGIONAL\n\nAPI Gateway endpoint type to override to.\n\nDefaults to EndpointType.REGIONAL\n\n---\n\n\n### SplitVpcEvenlyProps <a name=\"SplitVpcEvenlyProps\" id=\"@cdklabs/cdk-enterprise-iac.SplitVpcEvenlyProps\"></a>\n\n#### Initializer <a name=\"Initializer\" id=\"@cdklabs/cdk-enterprise-iac.SplitVpcEvenlyProps.Initializer\"></a>\n\n```python\n# Example automatically generated from non-compiling source. May contain errors.\nfrom cdklabs.cdk_enterprise_iac import SplitVpcEvenlyProps\n\n\nsplit_vpc_evenly_props = SplitVpcEvenlyProps(...)\n```\n\n#### Properties <a name=\"Properties\" id=\"Properties\"></a>\n\n| **Name** | **Type** | **Description** |\n| --- | --- | --- |\n| <code><a href=\"#@cdklabs/cdk-enterprise-iac.SplitVpcEvenlyProps.property.routeTableId\">routeTableId</a></code> | <code>string</code> | Route Table ID that will be attached to each subnet created. |\n| <code><a href=\"#@cdklabs/cdk-enterprise-iac.SplitVpcEvenlyProps.property.vpcCidr\">vpcCidr</a></code> | <code>string</code> | CIDR range of the VPC you're populating. |\n| <code><a href=\"#@cdklabs/cdk-enterprise-iac.SplitVpcEvenlyProps.property.vpcId\">vpcId</a></code> | <code>string</code> | ID of the existing VPC you're trying to populate. |\n| <code><a href=\"#@cdklabs/cdk-enterprise-iac.SplitVpcEvenlyProps.property.cidrBits\">cidrBits</a></code> | <code>string</code> | `cidrBits` argument for the [`Fn::Cidr`](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/intrinsic-function-reference-cidr.html) Cloudformation intrinsic function. |\n| <code><a href=\"#@cdklabs/cdk-enterprise-iac.SplitVpcEvenlyProps.property.numberOfAzs\">numberOfAzs</a></code> | <code>number</code> | Number of AZs to evenly split into. |\n| <code><a href=\"#@cdklabs/cdk-enterprise-iac.SplitVpcEvenlyProps.property.subnetType\">subnetType</a></code> | <code>aws-cdk-lib.aws_ec2.SubnetType</code> | *No description.* |\n\n---\n\n\n##### `routeTableId`<sup>Required</sup> <a name=\"routeTableId\" id=\"@cdklabs/cdk-enterprise-iac.SplitVpcEvenlyProps.property.routeTableId\"></a>\n\n```python\n# Example automatically generated from non-compiling source. May contain errors.\nrouteTableId: string;\n```\n\n* *Type:* string\n\nRoute Table ID that will be attached to each subnet created.\n\n---\n\n\n##### `vpcCidr`<sup>Required</sup> <a name=\"vpcCidr\" id=\"@cdklabs/cdk-enterprise-iac.SplitVpcEvenlyProps.property.vpcCidr\"></a>\n\n```python\n# Example automatically generated from non-compiling source. May contain errors.\nvpcCidr: string;\n```\n\n* *Type:* string\n\nCIDR range of the VPC you're populating.\n\n---\n\n\n##### `vpcId`<sup>Required</sup> <a name=\"vpcId\" id=\"@cdklabs/cdk-enterprise-iac.SplitVpcEvenlyProps.property.vpcId\"></a>\n\n```python\n# Example automatically generated from non-compiling source. May contain errors.\nvpcId: string;\n```\n\n* *Type:* string\n\nID of the existing VPC you're trying to populate.\n\n---\n\n\n##### `cidrBits`<sup>Optional</sup> <a name=\"cidrBits\" id=\"@cdklabs/cdk-enterprise-iac.SplitVpcEvenlyProps.property.cidrBits\"></a>\n\n```python\n# Example automatically generated from non-compiling source. May contain errors.\ncidrBits: string;\n```\n\n* *Type:* string\n* *Default:* '6'\n\n`cidrBits` argument for the [`Fn::Cidr`](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/intrinsic-function-reference-cidr.html) Cloudformation intrinsic function.\n\n---\n\n\n##### `numberOfAzs`<sup>Optional</sup> <a name=\"numberOfAzs\" id=\"@cdklabs/cdk-enterprise-iac.SplitVpcEvenlyProps.property.numberOfAzs\"></a>\n\n```python\n# Example automatically generated from non-compiling source. May contain errors.\nnumberOfAzs: number;\n```\n\n* *Type:* number\n* *Default:* 3\n\nNumber of AZs to evenly split into.\n\n---\n\n\n##### `subnetType`<sup>Optional</sup> <a name=\"subnetType\" id=\"@cdklabs/cdk-enterprise-iac.SplitVpcEvenlyProps.property.subnetType\"></a>\n\n```python\n# Example automatically generated from non-compiling source. May contain errors.\nsubnetType: SubnetType;\n```\n\n* *Type:* aws-cdk-lib.aws_ec2.SubnetType\n* *Default:* subnetType.PRIVATE\n\n---\n\n\n### SubnetConfig <a name=\"SubnetConfig\" id=\"@cdklabs/cdk-enterprise-iac.SubnetConfig\"></a>\n\n#### Initializer <a name=\"Initializer\" id=\"@cdklabs/cdk-enterprise-iac.SubnetConfig.Initializer\"></a>\n\n```python\n# Example automatically generated from non-compiling source. May contain errors.\nfrom cdklabs.cdk_enterprise_iac import SubnetConfig\n\n\nsubnet_config = SubnetConfig(...)\n```\n\n#### Properties <a name=\"Properties\" id=\"Properties\"></a>\n\n| **Name** | **Type** | **Description** |\n| --- | --- | --- |\n| <code><a href=\"#@cdklabs/cdk-enterprise-iac.SubnetConfig.property.availabilityZone\">availabilityZone</a></code> | <code>string</code> | Which availability zone the subnet should be in. |\n| <code><a href=\"#@cdklabs/cdk-enterprise-iac.SubnetConfig.property.cidrRange\">cidrRange</a></code> | <code>string</code> | Cidr range of the subnet to create. |\n| <code><a href=\"#@cdklabs/cdk-enterprise-iac.SubnetConfig.property.groupName\">groupName</a></code> | <code>string</code> | Logical group name of a subnet. |\n| <code><a href=\"#@cdklabs/cdk-enterprise-iac.SubnetConfig.property.subnetType\">subnetType</a></code> | <code>aws-cdk-lib.aws_ec2.SubnetType</code> | What [SubnetType](https://docs.aws.amazon.com/cdk/api/v2/docs/aws-cdk-lib.aws_ec2.SubnetType.html) to use. |\n\n---\n\n\n##### `availabilityZone`<sup>Required</sup> <a name=\"availabilityZone\" id=\"@cdklabs/cdk-enterprise-iac.SubnetConfig.property.availabilityZone\"></a>\n\n```python\n# Example automatically generated from non-compiling source. May contain errors.\navailabilityZone: string;\n```\n\n* *Type:* string\n\nWhich availability zone the subnet should be in.\n\n---\n\n\n##### `cidrRange`<sup>Required</sup> <a name=\"cidrRange\" id=\"@cdklabs/cdk-enterprise-iac.SubnetConfig.property.cidrRange\"></a>\n\n```python\n# Example automatically generated from non-compiling source. May contain errors.\ncidrRange: string;\n```\n\n* *Type:* string\n\nCidr range of the subnet to create.\n\n---\n\n\n##### `groupName`<sup>Required</sup> <a name=\"groupName\" id=\"@cdklabs/cdk-enterprise-iac.SubnetConfig.property.groupName\"></a>\n\n```python\n# Example automatically generated from non-compiling source. May contain errors.\ngroupName: string;\n```\n\n* *Type:* string\n\nLogical group name of a subnet.\n\n---\n\n\n*Example*\n\n```python\n# Example automatically generated from non-compiling source. May contain errors.\ndb\n```\n\n##### `subnetType`<sup>Required</sup> <a name=\"subnetType\" id=\"@cdklabs/cdk-enterprise-iac.SubnetConfig.property.subnetType\"></a>\n\n```python\n# Example automatically generated from non-compiling source. May contain errors.\nsubnetType: SubnetType;\n```\n\n* *Type:* aws-cdk-lib.aws_ec2.SubnetType\n\nWhat [SubnetType](https://docs.aws.amazon.com/cdk/api/v2/docs/aws-cdk-lib.aws_ec2.SubnetType.html) to use.\n\nThis will govern the `aws-cdk:subnet-type` tag on the subnet\n\nSubnetType | `aws-cdk:subnet-type` tag value\n--- | ---\n`PRIVATE_ISOLATED` | 'Isolated'\n`PRIVATE_WITH_EGRESS` | 'Private'\n`PUBLIC` | 'Public'\n\n---\n\n\n## Classes <a name=\"Classes\" id=\"Classes\"></a>\n\n### AddCfnInitProxy <a name=\"AddCfnInitProxy\" id=\"@cdklabs/cdk-enterprise-iac.AddCfnInitProxy\"></a>\n\n* *Implements:* aws-cdk-lib.IAspect\n\nAdd proxy configuration to Cloudformation helper functions.\n\n#### Initializers <a name=\"Initializers\" id=\"@cdklabs/cdk-enterprise-iac.AddCfnInitProxy.Initializer\"></a>\n\n```python\n# Example automatically generated from non-compiling source. May contain errors.\nfrom cdklabs.cdk_enterprise_iac import AddCfnInitProxy\n\n\nAddCfnInitProxy(props, AddCfnInitProxyProps)\n```\n\n| **Name** | **Type** | **Description** |\n| --- | --- | --- |\n| <code><a href=\"#@cdklabs/cdk-enterprise-iac.AddCfnInitProxy.Initializer.parameter.props\">props</a></code> | <code><a href=\"#@cdklabs/cdk-enterprise-iac.AddCfnInitProxyProps\">AddCfnInitProxyProps</a></code> | *No description.* |\n\n---\n\n\n##### `props`<sup>Required</sup> <a name=\"props\" id=\"@cdklabs/cdk-enterprise-iac.AddCfnInitProxy.Initializer.parameter.props\"></a>\n\n* *Type:* <a href=\"#@cdklabs/cdk-enterprise-iac.AddCfnInitProxyProps\">AddCfnInitProxyProps</a>\n\n---\n\n\n#### Methods <a name=\"Methods\" id=\"Methods\"></a>\n\n| **Name** | **Description** |\n| --- | --- |\n| <code><a href=\"#@cdklabs/cdk-enterprise-iac.AddCfnInitProxy.visit\">visit</a></code> | All aspects can visit an IConstruct. |\n\n---\n\n\n##### `visit` <a name=\"visit\" id=\"@cdklabs/cdk-enterprise-iac.AddCfnInitProxy.visit\"></a>\n\n```python\n# Example automatically generated from non-compiling source. May contain errors.\nvisit(node, IConstruct)\n```\n\nAll aspects can visit an IConstruct.\n\n###### `node`<sup>Required</sup> <a name=\"node\" id=\"@cdklabs/cdk-enterprise-iac.AddCfnInitProxy.visit.parameter.node\"></a>\n\n* *Type:* constructs.IConstruct\n\n---\n\n\n### AddLambdaEnvironmentVariables <a name=\"AddLambdaEnvironmentVariables\" id=\"@cdklabs/cdk-enterprise-iac.AddLambdaEnvironmentVariables\"></a>\n\n* *Implements:* aws-cdk-lib.IAspect\n\nAdd one or more environment variables to *all* lambda functions within a scope.\n\n#### Initializers <a name=\"Initializers\" id=\"@cdklabs/cdk-enterprise-iac.AddLambdaEnvironmentVariables.Initializer\"></a>\n\n```python\n# Example automatically generated from non-compiling source. May contain errors.\nfrom cdklabs.cdk_enterprise_iac import AddLambdaEnvironmentVariables\n\n\nAddLambdaEnvironmentVariables(props, {\"key\": string, \"string\": string})\n```\n\n| **Name** | **Type** | **Description** |\n| --- | --- | --- |\n| <code><a href=\"#@cdklabs/cdk-enterprise-iac.AddLambdaEnvironmentVariables.Initializer.parameter.props\">props</a></code> | <code>{[ key: string ]: string}</code> | : string} props - Key Value pair(s) for environment variables to add to all lambda functions. |\n\n---\n\n\n##### `props`<sup>Required</sup> <a name=\"props\" id=\"@cdklabs/cdk-enterprise-iac.AddLambdaEnvironmentVariables.Initializer.parameter.props\"></a>\n\n* *Type:* {[ key: string ]: string}\n\n: string} props - Key Value pair(s) for environment variables to add to all lambda functions.\n\n---\n\n\n#### Methods <a name=\"Methods\" id=\"Methods\"></a>\n\n| **Name** | **Description** |\n| --- | --- |\n| <code><a href=\"#@cdklabs/cdk-enterprise-iac.AddLambdaEnvironmentVariables.visit\">visit</a></code> | All aspects can visit an IConstruct. |\n\n---\n\n\n##### `visit` <a name=\"visit\" id=\"@cdklabs/cdk-enterprise-iac.AddLambdaEnvironmentVariables.visit\"></a>\n\n```python\n# Example automatically generated from non-compiling source. May contain errors.\nvisit(node, IConstruct)\n```\n\nAll aspects can visit an IConstruct.\n\n###### `node`<sup>Required</sup> <a name=\"node\" id=\"@cdklabs/cdk-enterprise-iac.AddLambdaEnvironmentVariables.visit.parameter.node\"></a>\n\n* *Type:* constructs.IConstruct\n\n---\n\n\n### AddPermissionBoundary <a name=\"AddPermissionBoundary\" id=\"@cdklabs/cdk-enterprise-iac.AddPermissionBoundary\"></a>\n\n* *Implements:* aws-cdk-lib.IAspect\n\nA patch for Adding Permissions Boundaries to all IAM roles.\n\nAdditional options for adding prefixes to IAM role, policy and instance profile names\n\nCan account for non commercial partitions (e.g. aws-gov, aws-cn)\n\n#### Initializers <a name=\"Initializers\" id=\"@cdklabs/cdk-enterprise-iac.AddPermissionBoundary.Initializer\"></a>\n\n```python\n# Example automatically generated from non-compiling source. May contain errors.\nfrom cdklabs.cdk_enterprise_iac import AddPermissionBoundary\n\n\nAddPermissionBoundary(props, AddPermissionBoundaryProps)\n```\n\n| **Name** | **Type** | **Description** |\n| --- | --- | --- |\n| <code><a href=\"#@cdklabs/cdk-enterprise-iac.AddPermissionBoundary.Initializer.parameter.props\">props</a></code> | <code><a href=\"#@cdklabs/cdk-enterprise-iac.AddPermissionBoundaryProps\">AddPermissionBoundaryProps</a></code> | *No description.* |\n\n---\n\n\n##### `props`<sup>Required</sup> <a name=\"props\" id=\"@cdklabs/cdk-enterprise-iac.AddPermissionBoundary.Initializer.parameter.props\"></a>\n\n* *Type:* <a href=\"#@cdklabs/cdk-enterprise-iac.AddPermissionBoundaryProps\">AddPermissionBoundaryProps</a>\n\n---\n\n\n#### Methods <a name=\"Methods\" id=\"Methods\"></a>\n\n| **Name** | **Description** |\n| --- | --- |\n| <code><a href=\"#@cdklabs/cdk-enterprise-iac.AddPermissionBoundary.checkAndOverride\">checkAndOverride</a></code> | *No description.* |\n| <code><a href=\"#@cdklabs/cdk-enterprise-iac.AddPermissionBoundary.visit\">visit</a></code> | All aspects can visit an IConstruct. |\n\n---\n\n\n##### `checkAndOverride` <a name=\"checkAndOverride\" id=\"@cdklabs/cdk-enterprise-iac.AddPermissionBoundary.checkAndOverride\"></a>\n\n```python\n# Example automatically generated from non-compiling source. May contain errors.\ncheck_and_override(node, CfnResource, prefix, string, length, number, cfn_prop, string, cdkProp?: string)\n```\n\n###### `node`<sup>Required</sup> <a name=\"node\" id=\"@cdklabs/cdk-enterprise-iac.AddPermissionBoundary.checkAndOverride.parameter.node\"></a>\n\n* *Type:* aws-cdk-lib.CfnResource\n\n---\n\n\n###### `prefix`<sup>Required</sup> <a name=\"prefix\" id=\"@cdklabs/cdk-enterprise-iac.AddPermissionBoundary.checkAndOverride.parameter.prefix\"></a>\n\n* *Type:* string\n\n---\n\n\n###### `length`<sup>Required</sup> <a name=\"length\" id=\"@cdklabs/cdk-enterprise-iac.AddPermissionBoundary.checkAndOverride.parameter.length\"></a>\n\n* *Type:* number\n\n---\n\n\n###### `cfnProp`<sup>Required</sup> <a name=\"cfnProp\" id=\"@cdklabs/cdk-enterprise-iac.AddPermissionBoundary.checkAndOverride.parameter.cfnProp\"></a>\n\n* *Type:* string\n\n---\n\n\n###### `cdkProp`<sup>Optional</sup> <a name=\"cdkProp\" id=\"@cdklabs/cdk-enterprise-iac.AddPermissionBoundary.checkAndOverride.parameter.cdkProp\"></a>\n\n* *Type:* string\n\n---\n\n\n##### `visit` <a name=\"visit\" id=\"@cdklabs/cdk-enterprise-iac.AddPermissionBoundary.visit\"></a>\n\n```python\n# Example automatically generated from non-compiling source. May contain errors.\nvisit(node, IConstruct)\n```\n\nAll aspects can visit an IConstruct.\n\n###### `node`<sup>Required</sup> <a name=\"node\" id=\"@cdklabs/cdk-enterprise-iac.AddPermissionBoundary.visit.parameter.node\"></a>\n\n* *Type:* constructs.IConstruct\n\n---\n\n\n### ConvertInlinePoliciesToManaged <a name=\"ConvertInlinePoliciesToManaged\" id=\"@cdklabs/cdk-enterprise-iac.ConvertInlinePoliciesToManaged\"></a>\n\n* *Implements:* aws-cdk-lib.IAspect\n\nPatch for turning all Policies into ConvertInlinePoliciesToManaged.\n\nSome users have policies in place that make it impossible to create inline policies. Instead,\nthey must use managed policies.\n\nNote that order matters with this aspect. Specifically, it should generally be added first.\nThis is because other aspects may add overrides that would be lost if applied before\nthis aspect since the original aspect is removed and replaced.\n\n*Example*\n\n```python\n# Example automatically generated from non-compiling source. May contain errors.\n# Replace all AWS::IAM::Policy resources with equivalent AWS::IAM::ManagedPolicy\nAspects.of(stack).add(ConvertInlinePoliciesToManaged())\n```\n\n#### Initializers <a name=\"Initializers\" id=\"@cdklabs/cdk-enterprise-iac.ConvertInlinePoliciesToManaged.Initializer\"></a>\n\n```python\nfrom cdklabs.cdk_enterprise_iac import ConvertInlinePoliciesToManaged\n\n\nConvertInlinePoliciesToManaged()\n```\n\n| **Name** | **Type** | **Description** |\n| --- | --- | --- |\n\n---\n\n\n#### Methods <a name=\"Methods\" id=\"Methods\"></a>\n\n| **Name** | **Description** |\n| --- | --- |\n| <code><a href=\"#@cdklabs/cdk-enterprise-iac.ConvertInlinePoliciesToManaged.visit\">visit</a></code> | All aspects can visit an IConstruct. |\n\n---\n\n\n##### `visit` <a name=\"visit\" id=\"@cdklabs/cdk-enterprise-iac.ConvertInlinePoliciesToManaged.visit\"></a>\n\n```python\n# Example automatically generated from non-compiling source. May contain errors.\nvisit(node, IConstruct)\n```\n\nAll aspects can visit an IConstruct.\n\n###### `node`<sup>Required</sup> <a name=\"node\" id=\"@cdklabs/cdk-enterprise-iac.ConvertInlinePoliciesToManaged.visit.parameter.node\"></a>\n\n* *Type:* constructs.IConstruct\n\n---\n\n\n### RemovePublicAccessBlockConfiguration <a name=\"RemovePublicAccessBlockConfiguration\" id=\"@cdklabs/cdk-enterprise-iac.RemovePublicAccessBlockConfiguration\"></a>\n\n* *Implements:* aws-cdk-lib.IAspect\n\nLooks for S3 Buckets, and removes the `PublicAccessBlockConfiguration` property.\n\nFor use in regions where Cloudformation doesn't support this property\n\n#### Initializers <a name=\"Initializers\" id=\"@cdklabs/cdk-enterprise-iac.RemovePublicAccessBlockConfiguration.Initializer\"></a>\n\n```python\nfrom cdklabs.cdk_enterprise_iac import RemovePublicAccessBlockConfiguration\n\n\nRemovePublicAccessBlockConfiguration()\n```\n\n| **Name** | **Type** | **Description** |\n| --- | --- | --- |\n\n---\n\n\n#### Methods <a name=\"Methods\" id=\"Methods\"></a>\n\n| **Name** | **Description** |\n| --- | --- |\n| <code><a href=\"#@cdklabs/cdk-enterprise-iac.RemovePublicAccessBlockConfiguration.visit\">visit</a></code> | All aspects can visit an IConstruct. |\n\n---\n\n\n##### `visit` <a name=\"visit\" id=\"@cdklabs/cdk-enterprise-iac.RemovePublicAccessBlockConfiguration.visit\"></a>\n\n```python\n# Example automatically generated from non-compiling source. May contain errors.\nvisit(node, IConstruct)\n```\n\nAll aspects can visit an IConstruct.\n\n###### `node`<sup>Required</sup> <a name=\"node\" id=\"@cdklabs/cdk-enterprise-iac.RemovePublicAccessBlockConfiguration.visit.parameter.node\"></a>\n\n* *Type:* constructs.IConstruct\n\n---\n\n\n### RemoveTags <a name=\"RemoveTags\" id=\"@cdklabs/cdk-enterprise-iac.RemoveTags\"></a>\n\n* *Implements:* aws-cdk-lib.IAspect\n\nPatch for removing tags from a specific Cloudformation Resource.\n\nIn some regions, the 'Tags' property isn't supported in Cloudformation. This patch makes it easy to remove\n\n*Example*\n\n```python\n# Example automatically generated from non-compiling source. May contain errors.\n# Remove tags on a resource\nAspects.of(stack).add(RemoveTags(\n cloudformation_resource=\"AWS::ECS::Cluster\"\n))\n# Remove tags without the standard 'Tags' name\nAspects.of(stack).add(RemoveTags(\n cloudformation_resource=\"AWS::Backup::BackupPlan\",\n tag_property_name=\"BackupPlanTags\"\n))\n```\n\n#### Initializers <a name=\"Initializers\" id=\"@cdklabs/cdk-enterprise-iac.RemoveTags.Initializer\"></a>\n\n```python\n# Example automatically generated from non-compiling source. May contain errors.\nfrom cdklabs.cdk_enterprise_iac import RemoveTags\n\n\nRemoveTags(props, RemoveTagsProps)\n```\n\n| **Name** | **Type** | **Description** |\n| --- | --- | --- |\n| <code><a href=\"#@cdklabs/cdk-enterprise-iac.RemoveTags.Initializer.parameter.props\">props</a></code> | <code><a href=\"#@cdklabs/cdk-enterprise-iac.RemoveTagsProps\">RemoveTagsProps</a></code> | *No description.* |\n\n---\n\n\n##### `props`<sup>Required</sup> <a name=\"props\" id=\"@cdklabs/cdk-enterprise-iac.RemoveTags.Initializer.parameter.props\"></a>\n\n* *Type:* <a href=\"#@cdklabs/cdk-enterprise-iac.RemoveTagsProps\">RemoveTagsProps</a>\n\n---\n\n\n#### Methods <a name=\"Methods\" id=\"Methods\"></a>\n\n| **Name** | **Description** |\n| --- | --- |\n| <code><a href=\"#@cdklabs/cdk-enterprise-iac.RemoveTags.visit\">visit</a></code> | All aspects can visit an IConstruct. |\n\n---\n\n\n##### `visit` <a name=\"visit\" id=\"@cdklabs/cdk-enterprise-iac.RemoveTags.visit\"></a>\n\n```python\n# Example automatically generated from non-compiling source. May contain errors.\nvisit(node, IConstruct)\n```\n\nAll aspects can visit an IConstruct.\n\n###### `node`<sup>Required</sup> <a name=\"node\" id=\"@cdklabs/cdk-enterprise-iac.RemoveTags.visit.parameter.node\"></a>\n\n* *Type:* constructs.IConstruct\n\n---\n\n\n### ResourceExtractor <a name=\"ResourceExtractor\" id=\"@cdklabs/cdk-enterprise-iac.ResourceExtractor\"></a>\n\n* *Implements:* aws-cdk-lib.IAspect\n\nThis Aspect takes a CDK application, all synthesized CloudFormationStackArtifact, a value share method, and a list of Cloudformation resources that should be pulled out of the main CDK application, which should be synthesized to a cloudformation template that an external team (e.g. security team) to deploy, and adjusting the CDK application to reference pre-created resources already pulled out.\n\n*Example*\n\n```python\n# Example automatically generated from non-compiling source. May contain errors.\napp = App()\nstack = Stack(app, \"MyStack\")\nextracted_stack = Stack(app, \"ExtractedStack\")\nsynthed_app = app.synth()\nAspects.of(app).add(ResourceExtractor(\n extract_destination_stack=extracted_stack,\n stack_artifacts=synthed_app.stacks,\n value_share_method=ResourceExtractorShareMethod.CFN_OUTPUT,\n resource_types_to_extract=[\"AWS::IAM::Role\", \"AWS::IAM::Policy\", \"AWS::IAM::ManagedPolicy\", \"AWS::IAM::InstanceProfile\"\n ]\n))\napp.synth(force=True)\n```\n\n#### Initializers <a name=\"Initializers\" id=\"@cdklabs/cdk-enterprise-iac.ResourceExtractor.Initializer\"></a>\n\n```python\n# Example automatically generated from non-compiling source. May contain errors.\nfrom cdklabs.cdk_enterprise_iac import ResourceExtractor\n\n\nResourceExtractor(props, ResourceExtractorProps)\n```\n\n| **Name** | **Type** | **Description** |\n| --- | --- | --- |\n| <code><a href=\"#@cdklabs/cdk-enterprise-iac.ResourceExtractor.Initializer.parameter.props\">props</a></code> | <code><a href=\"#@cdklabs/cdk-enterprise-iac.ResourceExtractorProps\">ResourceExtractorProps</a></code> | *No description.* |\n\n---\n\n\n##### `props`<sup>Required</sup> <a name=\"props\" id=\"@cdklabs/cdk-enterprise-iac.ResourceExtractor.Initializer.parameter.props\"></a>\n\n* *Type:* <a href=\"#@cdklabs/cdk-enterprise-iac.ResourceExtractorProps\">ResourceExtractorProps</a>\n\n---\n\n\n#### Methods <a name=\"Methods\" id=\"Methods\"></a>\n\n| **Name** | **Description** |\n| --- | --- |\n| <code><a href=\"#@cdklabs/cdk-enterprise-iac.ResourceExtractor.visit\">visit</a></code> | Entrypoint. |\n\n---\n\n\n##### `visit` <a name=\"visit\" id=\"@cdklabs/cdk-enterprise-iac.ResourceExtractor.visit\"></a>\n\n```python\n# Example automatically generated from non-compiling source. May contain errors.\nvisit(node, IConstruct)\n```\n\nEntrypoint.\n\n###### `node`<sup>Required</sup> <a name=\"node\" id=\"@cdklabs/cdk-enterprise-iac.ResourceExtractor.visit.parameter.node\"></a>\n\n* *Type:* constructs.IConstruct\n\n---\n\n\n### SetApiGatewayEndpointConfiguration <a name=\"SetApiGatewayEndpointConfiguration\" id=\"@cdklabs/cdk-enterprise-iac.SetApiGatewayEndpointConfiguration\"></a>\n\n* *Implements:* aws-cdk-lib.IAspect\n\nOverride RestApis to use a set endpoint configuration.\n\nSome regions don't support EDGE endpoints, and some enterprises require\nspecific endpoint types for RestApis\n\n#### Initializers <a name=\"Initializers\" id=\"@cdklabs/cdk-enterprise-iac.SetApiGatewayEndpointConfiguration.Initializer\"></a>\n\n```python\n# Example automatically generated from non-compiling source. May contain errors.\nfrom cdklabs.cdk_enterprise_iac import SetApiGatewayEndpointConfiguration\n\n\nSetApiGatewayEndpointConfiguration(props?: SetApiGatewayEndpointConfigurationProps)\n```\n\n| **Name** | **Type** | **Description** |\n| --- | --- | --- |\n| <code><a href=\"#@cdklabs/cdk-enterprise-iac.SetApiGatewayEndpointConfiguration.Initializer.parameter.props\">props</a></code> | <code><a href=\"#@cdklabs/cdk-enterprise-iac.SetApiGatewayEndpointConfigurationProps\">SetApiGatewayEndpointConfigurationProps</a></code> | *No description.* |\n\n---\n\n\n##### `props`<sup>Optional</sup> <a name=\"props\" id=\"@cdklabs/cdk-enterprise-iac.SetApiGatewayEndpointConfiguration.Initializer.parameter.props\"></a>\n\n* *Type:* <a href=\"#@cdklabs/cdk-enterprise-iac.SetApiGatewayEndpointConfigurationProps\">SetApiGatewayEndpointConfigurationProps</a>\n\n---\n\n\n#### Methods <a name=\"Methods\" id=\"Methods\"></a>\n\n| **Name** | **Description** |\n| --- | --- |\n| <code><a href=\"#@cdklabs/cdk-enterprise-iac.SetApiGatewayEndpointConfiguration.visit\">visit</a></code> | All aspects can visit an IConstruct. |\n\n---\n\n\n##### `visit` <a name=\"visit\" id=\"@cdklabs/cdk-enterprise-iac.SetApiGatewayEndpointConfiguration.visit\"></a>\n\n```python\n# Example automatically generated from non-compiling source. May contain errors.\nvisit(node, IConstruct)\n```\n\nAll aspects can visit an IConstruct.\n\n###### `node`<sup>Required</sup> <a name=\"node\" id=\"@cdklabs/cdk-enterprise-iac.SetApiGatewayEndpointConfiguration.visit.parameter.node\"></a>\n\n* *Type:* constructs.IConstruct\n\n---\n\n\n## Enums <a name=\"Enums\" id=\"Enums\"></a>\n\n### ProxyType <a name=\"ProxyType\" id=\"@cdklabs/cdk-enterprise-iac.ProxyType\"></a>\n\nWhether an http-proxy or https-proxy.\n\n#### Members <a name=\"Members\" id=\"Members\"></a>\n\n| **Name** | **Description** |\n| --- | --- |\n| <code><a href=\"#@cdklabs/cdk-enterprise-iac.ProxyType.HTTP\">HTTP</a></code> | --http-proxy. |\n| <code><a href=\"#@cdklabs/cdk-enterprise-iac.ProxyType.HTTPS\">HTTPS</a></code> | --https-proxy. |\n\n---\n\n\n##### `HTTP` <a name=\"HTTP\" id=\"@cdklabs/cdk-enterprise-iac.ProxyType.HTTP\"></a>\n\n-http-proxy.\n\n---\n\n\n##### `HTTPS` <a name=\"HTTPS\" id=\"@cdklabs/cdk-enterprise-iac.ProxyType.HTTPS\"></a>\n\n-https-proxy.\n\n---\n\n\n### ResourceExtractorShareMethod <a name=\"ResourceExtractorShareMethod\" id=\"@cdklabs/cdk-enterprise-iac.ResourceExtractorShareMethod\"></a>\n\nThe available value sharing methods to pass values from the extracted stack onto the original stack(s).\n\n#### Members <a name=\"Members\" id=\"Members\"></a>\n\n| **Name** | **Description** |\n| --- | --- |\n| <code><a href=\"#@cdklabs/cdk-enterprise-iac.ResourceExtractorShareMethod.CFN_OUTPUT\">CFN_OUTPUT</a></code> | *No description.* |\n| <code><a href=\"#@cdklabs/cdk-enterprise-iac.ResourceExtractorShareMethod.SSM_PARAMETER\">SSM_PARAMETER</a></code> | *No description.* |\n| <code><a href=\"#@cdklabs/cdk-enterprise-iac.ResourceExtractorShareMethod.API_LOOKUP\">API_LOOKUP</a></code> | *No description.* |\n\n---\n\n\n##### `CFN_OUTPUT` <a name=\"CFN_OUTPUT\" id=\"@cdklabs/cdk-enterprise-iac.ResourceExtractorShareMethod.CFN_OUTPUT\"></a>\n\n---\n\n\n##### `SSM_PARAMETER` <a name=\"SSM_PARAMETER\" id=\"@cdklabs/cdk-enterprise-iac.ResourceExtractorShareMethod.SSM_PARAMETER\"></a>\n\n---\n\n\n##### `API_LOOKUP` <a name=\"API_LOOKUP\" id=\"@cdklabs/cdk-enterprise-iac.ResourceExtractorShareMethod.API_LOOKUP\"></a>\n\n---\n\n\n### ResourceTransform <a name=\"ResourceTransform\" id=\"@cdklabs/cdk-enterprise-iac.ResourceTransform\"></a>\n\n#### Members <a name=\"Members\" id=\"Members\"></a>\n\n| **Name** | **Description** |\n| --- | --- |\n| <code><a href=\"#@cdklabs/cdk-enterprise-iac.ResourceTransform.STACK_NAME\">STACK_NAME</a></code> | *No description.* |\n| <code><a href=\"#@cdklabs/cdk-enterprise-iac.ResourceTransform.LOGICAL_ID\">LOGICAL_ID</a></code> | *No description.* |\n\n---\n\n\n##### `STACK_NAME` <a name=\"STACK_NAME\" id=\"@cdklabs/cdk-enterprise-iac.ResourceTransform.STACK_NAME\"></a>\n\n---\n\n\n##### `LOGICAL_ID` <a name=\"LOGICAL_ID\" id=\"@cdklabs/cdk-enterprise-iac.ResourceTransform.LOGICAL_ID\"></a>\n\n---\n</details>\n",
"bugtrack_url": null,
"license": "Apache-2.0",
"summary": "@cdklabs/cdk-enterprise-iac",
"version": "0.0.446",
"project_urls": {
"Homepage": "https://github.com/cdklabs/cdk-enterprise-iac.git",
"Source": "https://github.com/cdklabs/cdk-enterprise-iac.git"
},
"split_keywords": [],
"urls": [
{
"comment_text": "",
"digests": {
"blake2b_256": "f575bae438cf9aa2d9d28e10ed145cbcda6b91f7a578c1daa06b7d1c961b051e",
"md5": "999b1e03fe16a0bd7f30a026fd0f6bec",
"sha256": "42d0521543c7da37b639646988af3a32594b50884e0056dba17cbd18593cad65"
},
"downloads": -1,
"filename": "cdklabs.cdk_enterprise_iac-0.0.446-py3-none-any.whl",
"has_sig": false,
"md5_digest": "999b1e03fe16a0bd7f30a026fd0f6bec",
"packagetype": "bdist_wheel",
"python_version": "py3",
"requires_python": "~=3.8",
"size": 12878624,
"upload_time": "2024-05-11T18:16:14",
"upload_time_iso_8601": "2024-05-11T18:16:14.311607Z",
"url": "https://files.pythonhosted.org/packages/f5/75/bae438cf9aa2d9d28e10ed145cbcda6b91f7a578c1daa06b7d1c961b051e/cdklabs.cdk_enterprise_iac-0.0.446-py3-none-any.whl",
"yanked": false,
"yanked_reason": null
},
{
"comment_text": "",
"digests": {
"blake2b_256": "3642611e37a231a0ba1810b50b75f903d5dcadf201a883f295e143954c17f0cf",
"md5": "ebfef20669e676e9731e60f0c0be271a",
"sha256": "07f0b0083d95d1001cdacba552e8b1b82ae25c0f9002b4916b4e97a9259b170e"
},
"downloads": -1,
"filename": "cdklabs.cdk-enterprise-iac-0.0.446.tar.gz",
"has_sig": false,
"md5_digest": "ebfef20669e676e9731e60f0c0be271a",
"packagetype": "sdist",
"python_version": "source",
"requires_python": "~=3.8",
"size": 12920195,
"upload_time": "2024-05-11T18:16:21",
"upload_time_iso_8601": "2024-05-11T18:16:21.889850Z",
"url": "https://files.pythonhosted.org/packages/36/42/611e37a231a0ba1810b50b75f903d5dcadf201a883f295e143954c17f0cf/cdklabs.cdk-enterprise-iac-0.0.446.tar.gz",
"yanked": false,
"yanked_reason": null
}
],
"upload_time": "2024-05-11 18:16:21",
"github": true,
"gitlab": false,
"bitbucket": false,
"codeberg": false,
"github_user": "cdklabs",
"github_project": "cdk-enterprise-iac",
"travis_ci": false,
"coveralls": false,
"github_actions": true,
"lcname": "cdklabs.cdk-enterprise-iac"
}
JSON
