Skip to content
SST
Docs Guide Console Examples
21K

Vpc

Reference doc for the `sst.aws.Vpc` component.

The Vpc component lets you add a VPC to your app. It uses Amazon VPC. This is useful for services like RDS and Fargate that need to be hosted inside a VPC.

This creates a VPC with 2 Availability Zones by default. It also creates the following resources:

  1. A default security group blocking all incoming internet traffic.
  2. A public subnet in each AZ.
  3. A private subnet in each AZ.
  4. An Internet Gateway. All the traffic from the public subnets are routed through it.
  5. If nat is enabled, a NAT Gateway in each AZ. All the traffic from the private subnets are routed to the NAT Gateway in the same AZ.

NAT Gateways are billed per hour and per gigabyte of data processed. Each NAT Gateway roughly costs $33 per month. Make sure to review the pricing.

Create a VPC

sst.config.ts
new sst.aws.Vpc("MyVPC");

Create it with 3 Availability Zones

sst.config.ts
new sst.aws.Vpc("MyVPC", {
  az: 3
});

Enable NAT

sst.config.ts
new sst.aws.Vpc("MyVPC", {
  nat: "managed"
});

Constructor

new Vpc(name, args?, opts?)

Parameters

VpcArgs

az?

Type Input<number>

Default 2

Number of Availability Zones or AZs for the VPC. By default, it creates a VPC with 2 availability zones since services like RDS and Fargate need at least 2 AZs.

{
  az: 3
}

bastion?

Type Input<true>

Default Bastion is not created

Configures a bastion host that can be used to connect to resources in the VPC.

When enabled, an EC2 instance with the bastion AMI will be launched in a public subnet. The instance will have AWS SSM (AWS Session Manager) enabled for secure access without the need for SSH key management.

{
  bastion: true
}

nat?

Type Input<managed>

Default NAT is disabled

Configures NAT. Enabling NAT allows resources in private subnets to connect to the internet.

{
  nat: "managed"
}

transform?

Type Object

Transform how this component creates its underlying resources.

transform.bastionInstance?

Type InstanceArgs | (args: InstanceArgs, opts: ComponentResourceOptions, name: string) => void

Transform the EC2 bastion instance resource.

transform.elasticIp?

Type EipArgs | (args: EipArgs, opts: ComponentResourceOptions, name: string) => void

Transform the EC2 Elastic IP resource.

transform.internetGateway?

Type InternetGatewayArgs | (args: InternetGatewayArgs, opts: ComponentResourceOptions, name: string) => void

Transform the EC2 Internet Gateway resource.

transform.natGateway?

Type NatGatewayArgs | (args: NatGatewayArgs, opts: ComponentResourceOptions, name: string) => void

Transform the EC2 NAT Gateway resource.

transform.privateRouteTable?

Type RouteTableArgs | (args: RouteTableArgs, opts: ComponentResourceOptions, name: string) => void

Transform the EC2 route table resource for the private subnet.

transform.privateSubnet?

Type SubnetArgs | (args: SubnetArgs, opts: ComponentResourceOptions, name: string) => void

Transform the EC2 private subnet resource.

transform.publicRouteTable?

Type RouteTableArgs | (args: RouteTableArgs, opts: ComponentResourceOptions, name: string) => void

Transform the EC2 route table resource for the public subnet.

transform.publicSubnet?

Type SubnetArgs | (args: SubnetArgs, opts: ComponentResourceOptions, name: string) => void

Transform the EC2 public subnet resource.

transform.securityGroup?

Type SecurityGroupArgs | (args: SecurityGroupArgs, opts: ComponentResourceOptions, name: string) => void

Transform the EC2 Security Group resource.

transform.vpc?

Type VpcArgs | (args: VpcArgs, opts: ComponentResourceOptions, name: string) => void

Transform the EC2 VPC resource.

Properties

bastion

Type Output<string>

The bastion instance id.

id

Type Output<string>

The VPC ID.

nodes

Type Object

The underlying resources this component creates.

nodes.bastionInstance

Type Output<undefined | Instance>

The Amazon EC2 bastion instance.

nodes.elasticIps

Type Output<Eip[]>

The Amazon EC2 Elastic IP.

nodes.internetGateway

Type InternetGateway

The Amazon EC2 Internet Gateway.

nodes.natGateways

Type Output<NatGateway[]>

The Amazon EC2 NAT Gateway.

nodes.privateRouteTables

Type Output<RouteTable[]>

The Amazon EC2 route table for the private subnet.

nodes.privateSubnets

Type Output<Subnet[]>

The Amazon EC2 private subnet.

nodes.publicRouteTables

Type Output<RouteTable[]>

The Amazon EC2 route table for the public subnet.

nodes.publicSubnets

Type Output<Subnet[]>

The Amazon EC2 public subnet.

nodes.securityGroup

Type SecurityGroup

The Amazon EC2 Security Group.

nodes.vpc

Type Vpc

The Amazon EC2 VPC.

privateSubnets

Type Output<Output<string>[]>

A list of private subnet IDs in the VPC.

publicSubnets

Type Output<Output<string>[]>

A list of public subnet IDs in the VPC.

securityGroups

Type Output<string>[]

A list of VPC security group IDs.

SDK

Use the SDK in your runtime to interact with your infrastructure.

This is accessible through the Resource object in the SDK.

  • bastion undefined | Output<string>

    The bastion instance id.

Methods

static get

Vpc.get(name, vpcID)

Parameters

  • name string

    The name of the component.

  • vpcID Input<string>

    The ID of the existing VPC.

Returns Vpc

Reference an existing VPC with the given ID. This is useful when you create a VPC in one stage and want to share it in another stage. It avoids having to create a new VPC in the other stage.

Imagine you create a VPC in the dev stage. And in your personal stage frank, instead of creating a new VPC, you want to share the VPC from dev.

sst.config.ts
const vpc = $app.stage === "frank"
  ? sst.aws.Vpc.get("MyVPC", "vpc-0be8fa4de860618bb")
  : new sst.aws.Vpc("MyVPC");

Here vpc-0be8fa4de860618bb is the ID of the VPC created in the dev stage. You can find this by outputting the VPC ID in the dev stage.

sst.config.ts
return {
  vpc: vpc.id
};