How to use the @aws-cdk/aws-ec2.SubnetType.PRIVATE function in @aws-cdk/aws-ec2

});
    // Cluster all the containers will run in
    const cluster = new ecs.Cluster(this, 'ecscluster', { vpc });

    const secret = new secretsmanager.Secret(this, 'DBSecret', {
      secretName: "wordpressDBPassword",
      generateSecretString: {
        excludePunctuation: true
      }
    });

    // we need RDS DB subnet group and security group, so we can create the secondary region RDS replication
    const dbSubnetGroup: rds.CfnDBSubnetGroup = new rds.CfnDBSubnetGroup(this, 'DB-SubnetGrp', {
      dbSubnetGroupDescription: 'Subnet group to access RDS',
      dbSubnetGroupName: 'SecondaryRegion-WordpressDB-subnetgroup',
      subnetIds: vpc.selectSubnets({ subnetType: SubnetType.PRIVATE }).subnetIds
    });

    const dbsecuritygroup = new ec2.SecurityGroup(this, 'wordpress-dbsg', {
      vpc: vpc,
      description: "wordpress database security group",
      securityGroupName: "wordpressDB-SG"
    })
    dbsecuritygroup.addIngressRule(ec2.Peer.anyIpv4(), ec2.Port.tcp(3306), "Allow inbound to db")

    // wordpress ECS
    const wordpressSvc = new ecs_patterns.ApplicationLoadBalancedFargateService(this, 'wordpress-svc', {
      cluster: cluster,
      taskImageOptions: {
        image: ecs.ContainerImage.fromRegistry('wordpress:5.2.3-php7.2-apache'),
        containerPort: 80,
        secrets: {

launchType: 'FARGATE',
          networkConfiguration: {
            awsvpcConfiguration: {
              subnets: vpc.privateSubnets.map(privateSubnet => privateSubnet.subnetId),
              assignPublicIp: 'DISABLED',
            }
          }
        },
        physicalResourceId: Date.now().toString()
      }
    })
    loadWordpressDB.node.addDependency(dbcluster) // can only load wordpress DB when dbcluster is created., only do this for Primary Region

    // cdk/cfn output
    new cdk.CfnOutput(this, 'Primary Region VpcId_' + props.region, { value: vpc.vpcId });
    new cdk.CfnOutput(this, 'Primary Region private subnet for Elasticache (bookstoreSubnet1)', { value: vpc.selectSubnets({ subnetType: SubnetType.PRIVATE }).subnetIds[0] });
    //new cdk.CfnOutput(this, 'Wildcard_ACM_ARN_' + props.region, { value: validatedWildCardCert.certificateArn });
    new cdk.CfnOutput(this, 'Cloudfront_ACM_ARN_useast1', { value: validatedCloudFrontCert.certificateArn });
    new cdk.CfnOutput(this, 'RDS replication-source-identifier', { value: `arn:aws:rds:${this.region}:${this.account}:cluster:${dbcluster.clusterIdentifier}` });
  }
}

new route53.CfnRecordSet(this, 'blog-alias-primary', {
      name: "blog." + myDomainName + ".",
      type: route53.RecordType.A,
      hostedZoneId: props.hostedZoneID,
      aliasTarget: {
        dnsName: "primary.blog." + myDomainName + ".",
        evaluateTargetHealth: true,
        hostedZoneId: props.hostedZoneID
      },
      failover: "PRIMARY",
      setIdentifier: "blog-Primary",
    })

    // cdk/cfn output
    new cdk.CfnOutput(this, 'Secondary Region VpcId_' + props.region, { value: vpc.vpcId });
    new cdk.CfnOutput(this, 'Secondary Region private subnet for Elasticache', { value: vpc.selectSubnets({ subnetType: SubnetType.PRIVATE }).subnetIds[0] });
    new cdk.CfnOutput(this, 'Wildcard_ACM_ARN_' + props.region, { value: validatedWildCardCert.certificateArn });
    new cdk.CfnOutput(this, 'WordpressDB SubnetGroup Name', { value: dbSubnetGroup.dbSubnetGroupName!.toLowerCase() || "" });
    new cdk.CfnOutput(this, 'WordpressDB securityGroup Id', { value: dbsecuritygroup.securityGroupName });
  }
}