Skip to content
Alchemy
GitHubXDiscord

VPCBlockPublicAccessExclusion

The VPCBlockPublicAccessExclusion resource allows you to manage the public access settings for your Amazon EC2 VPCs by excluding specific components such as internet gateways from public access blocking. For more details, refer to the AWS EC2 VPCBlockPublicAccessExclusions documentation.

Minimal Example

Section titled “Minimal Example”

Create a basic VPCBlockPublicAccessExclusion resource to exclude an internet gateway from public access blocking.

import AWS from "alchemy/aws/control";


const basicExclusion = await AWS.EC2.VPCBlockPublicAccessExclusion("basicExclusion", {
  InternetGatewayExclusionMode: "ExcludeGateway",
  VpcId: "vpc-123abc45", // Replace with your VPC ID
  Tags: [
    { Key: "Environment", Value: "Development" },
    { Key: "Project", Value: "WebApp" }
  ]
});

Advanced Configuration

Section titled “Advanced Configuration”

Configure a VPCBlockPublicAccessExclusion with a subnet ID for more granular control over public access settings.

const advancedExclusion = await AWS.EC2.VPCBlockPublicAccessExclusion("advancedExclusion", {
  InternetGatewayExclusionMode: "ExcludeGateway",
  VpcId: "vpc-678def90", // Replace with your VPC ID
  SubnetId: "subnet-abc12345", // Replace with your Subnet ID
  Tags: [
    { Key: "Environment", Value: "Production" },
    { Key: "Department", Value: "IT" }
  ]
});

Excluding Multiple Resources

Section titled “Excluding Multiple Resources”

Create multiple exclusions for different internet gateways within the same VPC.

const exclusion1 = await AWS.EC2.VPCBlockPublicAccessExclusion("exclusion1", {
  InternetGatewayExclusionMode: "ExcludeGateway",
  VpcId: "vpc-abc12345", // Replace with your VPC ID
  Tags: [
    { Key: "Purpose", Value: "Web Server" }
  ]
});


const exclusion2 = await AWS.EC2.VPCBlockPublicAccessExclusion("exclusion2", {
  InternetGatewayExclusionMode: "ExcludeGateway",
  VpcId: "vpc-abc12345", // Same VPC ID
  Tags: [
    { Key: "Purpose", Value: "Load Balancer" }
  ]
});

Adoption of Existing Resources

Section titled “Adoption of Existing Resources”

If you want to adopt an existing VPCBlockPublicAccessExclusion without failing, you can set the adopt property to true.

const adoptExistingExclusion = await AWS.EC2.VPCBlockPublicAccessExclusion("adoptExistingExclusion", {
  InternetGatewayExclusionMode: "ExcludeGateway",
  VpcId: "vpc-abc12345", // Replace with your VPC ID
  adopt: true // Adopt existing resource if it exists
});