Package com.cloudforge.core.enums

Enum Class NetworkMode

java.lang.Object
java.lang.Enum<NetworkMode>
com.cloudforge.core.enums.NetworkMode
All Implemented Interfaces:
Serializable, Comparable<NetworkMode>, Constable
public enum NetworkMode extends Enum<NetworkMode>
Network topology mode for VPC configuration.

Configuration

Set via deployment context (case-insensitive): 

 cfc.put("networkMode", "private-with-nat");  // Private subnets with NAT Gateway
 cfc.put("networkMode", "public");            // Public subnets only
 cfc.put("networkMode", "isolated");          // No internet access

Modes

  • PRIVATE_WITH_NAT - Services in private subnets, outbound via NAT Gateway (recommended for production)
  • PUBLIC - Services in public subnets with public IPs (cost-effective for dev/testing)
  • ISOLATED - No internet access, requires VPC endpoints for AWS services

Compliance Impact

  • PCI-DSS: Requires PRIVATE_WITH_NAT for cardholder data environments
  • HIPAA: PRIVATE_WITH_NAT recommended for PHI protection
  • SOC2: PRIVATE_WITH_NAT provides better boundary protection (CC6.1)

Cost Considerations

  • PRIVATE_WITH_NAT: ~$45/month per NAT Gateway + data processing charges
  • PUBLIC: No NAT costs, minimal additional charges
  • ISOLATED: No NAT costs, but VPC endpoint costs if needed

  • Enum Constant Details

    • PRIVATE_WITH_NAT

      public static final NetworkMode PRIVATE_WITH_NAT
      Private subnets with NAT Gateway for outbound internet access. Recommended for production workloads requiring compliance. Serializes as "private-with-nat".

    • PUBLIC

      public static final NetworkMode PUBLIC
      Public subnets with direct internet access. Cost-effective for development and testing. Legacy alias "public-no-nat" also supported. Serializes as "public".

    • ISOLATED

      public static final NetworkMode ISOLATED
      Isolated subnets with no internet access. Requires VPC endpoints for AWS service access. Serializes as "isolated".

  • Method Details

    • values

      public static NetworkMode[] values()
      Returns an array containing the constants of this enum class, in the order they are declared.
      Returns:
      an array containing the constants of this enum class, in the order they are declared

    • valueOf

      public static NetworkMode valueOf(String name)
      Returns the enum constant of this class with the specified name. The string must match exactly an identifier used to declare an enum constant in this class. (Extraneous whitespace characters are not permitted.)
      Parameters:
      name - the name of the enum constant to be returned.
      Returns:
      the enum constant with the specified name
      Throws:
      IllegalArgumentException - if this enum class has no constant with the specified name
      NullPointerException - if the argument is null

    • getValue

      public String getValue()
      Returns the JSON/string value for this network mode.

    • toString

      public String toString()
      Returns the string representation (same as getValue for consistency).
      Overrides:
      toString in class Enum<NetworkMode>

    • fromString

      public static NetworkMode fromString(String value)
      Parse network mode from string (case-insensitive). Supports both enum names and JSON values.
      Parameters:
      value - String value from deployment context
      Returns:
      NetworkMode enum value
      Throws:
      IllegalArgumentException - if value is not recognized

    • defaultForProfile

      public static NetworkMode defaultForProfile(SecurityProfile profile)
      Get default network mode for a security profile. PRODUCTION defaults to PRIVATE_WITH_NAT, others default to PUBLIC.
      Parameters:
      profile - Security profile
      Returns:
      Default network mode for the profile

    • isPrivate

      public boolean isPrivate()
      Check if this mode uses private subnets (no public IPs on instances).

    • hasInternetAccess

      public boolean hasInternetAccess()
      Check if this mode has outbound internet access.

    • requiresNat

      public boolean requiresNat()
      Check if this mode requires NAT Gateway.