Documentation Index
Fetch the complete documentation index at: https://docs.fjall.io/llms.txt
Use this file to discover all available pages before exploring further.
Network Configuration
import { App } from "@fjall/components-infrastructure";
Basic Usage
const app = App.getApp("MyApp", {
network: {
maxAzs: 2,
natGateways: false,
flowLogs: false,
vpcEndpoints: {
interface: {
secretsManager: true,
kms: true,
},
},
},
});
Network Configuration Interface
interface NetworkConfig {
maxAzs: number; // Maximum availability zones
natGateways: boolean | number; // NAT gateway configuration
flowLogs: boolean; // Enable VPC flow logs
vpcEndpoints: {
interface?: {
secretsManager?: boolean;
kms?: boolean;
// ... other interface endpoints
};
gateway?: {
s3?: boolean;
dynamodb?: boolean;
};
};
}
Configuration Options
Maximum Availability Zones
Control how many AZs your VPC spans:
const app = App.getApp("MyApp", {
network: {
maxAzs: 3, // Span 3 availability zones
},
});
NAT Gateways
Configure NAT gateway deployment for private subnet internet access:
// Disable NAT gateways (no internet access from private subnets)
const app = App.getApp("MyApp", {
network: {
natGateways: false,
},
});
// Enable NAT gateways (one per AZ)
const app = App.getApp("MyApp", {
network: {
natGateways: true,
},
});
// Specify exact number
const app = App.getApp("MyApp", {
network: {
natGateways: 1, // Single NAT gateway (cost optimization)
},
});
VPC Flow Logs
Enable VPC flow logs for network traffic monitoring:
const app = App.getApp("MyApp", {
network: {
flowLogs: true,
},
});
VPC Endpoints
Reduce NAT gateway costs by using VPC endpoints for AWS services:
const app = App.getApp("MyApp", {
network: {
vpcEndpoints: {
interface: {
secretsManager: true, // Access Secrets Manager without NAT gateway
kms: true, // Access KMS without NAT gateway
},
gateway: {
s3: true, // Free S3 gateway endpoint
dynamodb: true, // Free DynamoDB gateway endpoint
},
},
},
});
Advanced VPC Usage
For more control, create VPC directly:
import { Vpc } from "@fjall/components-infrastructure/lib/resources/aws/networking/vpc";
const vpc = new Vpc(this, "MyVpc", {
maxAzs: 3,
natGateways: 1,
vpcName: "production-vpc",
accountId: this.account,
ipv4IpamPoolId: "ipam-pool-123",
});
VpcFactory (Alternative)
Rarely used alternative for VPC creation:
import { VpcFactory } from "@fjall/components-infrastructure";
const vpcFactory = VpcFactory.build("AppVpc", {
maxAzs: 2,
natGateways: 1,
});
const vpc = vpcFactory(app, this);
HostedZoneFactory
Import existing Route 53 hosted zones for domain configuration:
import { HostedZoneFactory } from "@fjall/components-infrastructure";
const hostedZone = HostedZoneFactory.import(
app.getDefaultComputeStack(),
"Z08083911D2IFBH8ELIKJ", // Hosted Zone ID
"myapp.com", // Domain name
);
// Use with compute cluster domain config
app.addCompute(
ComputeFactory.build("WebApp", {
type: "ecs",
cluster: {
domainConfig: {
domainName: "myapp.com",
hostedZone: hostedZone,
},
},
})
);
Cost Optimization Strategies
Eliminate NAT Gateways
If your application only needs AWS service access:
const app = App.getApp("MyApp", {
network: {
natGateways: false, // Save ~$32/month per gateway
vpcEndpoints: {
interface: {
secretsManager: true, // ~$7/month
kms: true, // ~$7/month
},
gateway: {
s3: true, // FREE
},
},
},
});
Single NAT Gateway
For non-critical workloads, use one NAT gateway instead of one per AZ:
const app = App.getApp("MyApp", {
network: {
maxAzs: 3,
natGateways: 1, // Single gateway for all AZs
},
});
Gateway Endpoints Only
For S3 and DynamoDB workloads:
const app = App.getApp("MyApp", {
network: {
natGateways: false,
vpcEndpoints: {
gateway: {
s3: true,
dynamodb: true,
},
},
},
});
Common Patterns
Development Environment
Minimal cost configuration:
const app = App.getApp("DevApp", {
network: {
maxAzs: 2,
natGateways: false,
flowLogs: false,
vpcEndpoints: {
interface: {
secretsManager: true,
},
gateway: {
s3: true,
},
},
},
});
Production Environment
High availability with cost optimization:
const app = App.getApp("ProdApp", {
network: {
maxAzs: 3,
natGateways: 2, // Redundancy across 2 AZs
flowLogs: true,
vpcEndpoints: {
interface: {
secretsManager: true,
kms: true,
},
gateway: {
s3: true,
dynamodb: true,
},
},
},
});
Serverless Optimized
No NAT gateways, VPC endpoints only:
const app = App.getApp("ServerlessApp", {
network: {
maxAzs: 2,
natGateways: false,
vpcEndpoints: {
interface: {
secretsManager: true,
kms: true,
ecr: true,
logs: true,
},
gateway: {
s3: true,
},
},
},
});
Access VPC from App
Get the default VPC for use in other constructs:
const app = App.getApp("MyApp", { /* ... */ });
const vpc = app.getDefaultVpc();
// Use in compute or storage
app.addCompute(
ComputeFactory.build("Api", {
vpc: vpc,
// ... other config
})
);
Best Practices
- Start with no NAT gateways: Add them only if external internet access is needed
- Use gateway endpoints: Always enable S3 and DynamoDB gateway endpoints (free)
- Interface endpoints for AWS services: Use interface endpoints instead of NAT gateways for AWS service access
- Multi-AZ for production: Use
maxAzs: 3 with multiple NAT gateways for production high availability
- Flow logs for security: Enable flow logs in production for security monitoring
See Also
