aws.ec2clientvpn.Endpoint
Explore with Pulumi AI
Provides an AWS Client VPN endpoint for OpenVPN clients. For more information on usage, please see the AWS Client VPN Administrator’s Guide.
Example Usage
import * as pulumi from "@pulumi/pulumi";
import * as aws from "@pulumi/aws";
const example = new aws.ec2clientvpn.Endpoint("example", {
description: "clientvpn-example",
serverCertificateArn: cert.arn,
clientCidrBlock: "10.0.0.0/16",
authenticationOptions: [{
type: "certificate-authentication",
rootCertificateChainArn: rootCert.arn,
}],
connectionLogOptions: {
enabled: true,
cloudwatchLogGroup: lg.name,
cloudwatchLogStream: ls.name,
},
});
import pulumi
import pulumi_aws as aws
example = aws.ec2clientvpn.Endpoint("example",
description="clientvpn-example",
server_certificate_arn=cert["arn"],
client_cidr_block="10.0.0.0/16",
authentication_options=[{
"type": "certificate-authentication",
"root_certificate_chain_arn": root_cert["arn"],
}],
connection_log_options={
"enabled": True,
"cloudwatch_log_group": lg["name"],
"cloudwatch_log_stream": ls["name"],
})
package main
import (
"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/ec2clientvpn"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
_, err := ec2clientvpn.NewEndpoint(ctx, "example", &ec2clientvpn.EndpointArgs{
Description: pulumi.String("clientvpn-example"),
ServerCertificateArn: pulumi.Any(cert.Arn),
ClientCidrBlock: pulumi.String("10.0.0.0/16"),
AuthenticationOptions: ec2clientvpn.EndpointAuthenticationOptionArray{
&ec2clientvpn.EndpointAuthenticationOptionArgs{
Type: pulumi.String("certificate-authentication"),
RootCertificateChainArn: pulumi.Any(rootCert.Arn),
},
},
ConnectionLogOptions: &ec2clientvpn.EndpointConnectionLogOptionsArgs{
Enabled: pulumi.Bool(true),
CloudwatchLogGroup: pulumi.Any(lg.Name),
CloudwatchLogStream: pulumi.Any(ls.Name),
},
})
if err != nil {
return err
}
return nil
})
}
using System.Collections.Generic;
using System.Linq;
using Pulumi;
using Aws = Pulumi.Aws;
return await Deployment.RunAsync(() =>
{
var example = new Aws.Ec2ClientVpn.Endpoint("example", new()
{
Description = "clientvpn-example",
ServerCertificateArn = cert.Arn,
ClientCidrBlock = "10.0.0.0/16",
AuthenticationOptions = new[]
{
new Aws.Ec2ClientVpn.Inputs.EndpointAuthenticationOptionArgs
{
Type = "certificate-authentication",
RootCertificateChainArn = rootCert.Arn,
},
},
ConnectionLogOptions = new Aws.Ec2ClientVpn.Inputs.EndpointConnectionLogOptionsArgs
{
Enabled = true,
CloudwatchLogGroup = lg.Name,
CloudwatchLogStream = ls.Name,
},
});
});
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.aws.ec2clientvpn.Endpoint;
import com.pulumi.aws.ec2clientvpn.EndpointArgs;
import com.pulumi.aws.ec2clientvpn.inputs.EndpointAuthenticationOptionArgs;
import com.pulumi.aws.ec2clientvpn.inputs.EndpointConnectionLogOptionsArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
var example = new Endpoint("example", EndpointArgs.builder()
.description("clientvpn-example")
.serverCertificateArn(cert.arn())
.clientCidrBlock("10.0.0.0/16")
.authenticationOptions(EndpointAuthenticationOptionArgs.builder()
.type("certificate-authentication")
.rootCertificateChainArn(rootCert.arn())
.build())
.connectionLogOptions(EndpointConnectionLogOptionsArgs.builder()
.enabled(true)
.cloudwatchLogGroup(lg.name())
.cloudwatchLogStream(ls.name())
.build())
.build());
}
}
resources:
example:
type: aws:ec2clientvpn:Endpoint
properties:
description: clientvpn-example
serverCertificateArn: ${cert.arn}
clientCidrBlock: 10.0.0.0/16
authenticationOptions:
- type: certificate-authentication
rootCertificateChainArn: ${rootCert.arn}
connectionLogOptions:
enabled: true
cloudwatchLogGroup: ${lg.name}
cloudwatchLogStream: ${ls.name}
Create Endpoint Resource
Resources are created with functions called constructors. To learn more about declaring and configuring resources, see Resources.
Constructor syntax
new Endpoint(name: string, args: EndpointArgs, opts?: CustomResourceOptions);
@overload
def Endpoint(resource_name: str,
args: EndpointArgs,
opts: Optional[ResourceOptions] = None)
@overload
def Endpoint(resource_name: str,
opts: Optional[ResourceOptions] = None,
connection_log_options: Optional[EndpointConnectionLogOptionsArgs] = None,
client_cidr_block: Optional[str] = None,
server_certificate_arn: Optional[str] = None,
authentication_options: Optional[Sequence[EndpointAuthenticationOptionArgs]] = None,
self_service_portal: Optional[str] = None,
description: Optional[str] = None,
dns_servers: Optional[Sequence[str]] = None,
security_group_ids: Optional[Sequence[str]] = None,
client_login_banner_options: Optional[EndpointClientLoginBannerOptionsArgs] = None,
client_connect_options: Optional[EndpointClientConnectOptionsArgs] = None,
session_timeout_hours: Optional[int] = None,
split_tunnel: Optional[bool] = None,
tags: Optional[Mapping[str, str]] = None,
transport_protocol: Optional[str] = None,
vpc_id: Optional[str] = None,
vpn_port: Optional[int] = None)
func NewEndpoint(ctx *Context, name string, args EndpointArgs, opts ...ResourceOption) (*Endpoint, error)
public Endpoint(string name, EndpointArgs args, CustomResourceOptions? opts = null)
public Endpoint(String name, EndpointArgs args)
public Endpoint(String name, EndpointArgs args, CustomResourceOptions options)
type: aws:ec2clientvpn:Endpoint
properties: # The arguments to resource properties.
options: # Bag of options to control resource's behavior.
Parameters
- name string
- The unique name of the resource.
- args EndpointArgs
- The arguments to resource properties.
- opts CustomResourceOptions
- Bag of options to control resource's behavior.
- resource_name str
- The unique name of the resource.
- args EndpointArgs
- The arguments to resource properties.
- opts ResourceOptions
- Bag of options to control resource's behavior.
- ctx Context
- Context object for the current deployment.
- name string
- The unique name of the resource.
- args EndpointArgs
- The arguments to resource properties.
- opts ResourceOption
- Bag of options to control resource's behavior.
- name string
- The unique name of the resource.
- args EndpointArgs
- The arguments to resource properties.
- opts CustomResourceOptions
- Bag of options to control resource's behavior.
- name String
- The unique name of the resource.
- args EndpointArgs
- The arguments to resource properties.
- options CustomResourceOptions
- Bag of options to control resource's behavior.
Constructor example
The following reference example uses placeholder values for all input properties.
var awsEndpointResource = new Aws.Ec2ClientVpn.Endpoint("awsEndpointResource", new()
{
ConnectionLogOptions = new Aws.Ec2ClientVpn.Inputs.EndpointConnectionLogOptionsArgs
{
Enabled = false,
CloudwatchLogGroup = "string",
CloudwatchLogStream = "string",
},
ClientCidrBlock = "string",
ServerCertificateArn = "string",
AuthenticationOptions = new[]
{
new Aws.Ec2ClientVpn.Inputs.EndpointAuthenticationOptionArgs
{
Type = "string",
ActiveDirectoryId = "string",
RootCertificateChainArn = "string",
SamlProviderArn = "string",
SelfServiceSamlProviderArn = "string",
},
},
SelfServicePortal = "string",
Description = "string",
DnsServers = new[]
{
"string",
},
SecurityGroupIds = new[]
{
"string",
},
ClientLoginBannerOptions = new Aws.Ec2ClientVpn.Inputs.EndpointClientLoginBannerOptionsArgs
{
BannerText = "string",
Enabled = false,
},
ClientConnectOptions = new Aws.Ec2ClientVpn.Inputs.EndpointClientConnectOptionsArgs
{
Enabled = false,
LambdaFunctionArn = "string",
},
SessionTimeoutHours = 0,
SplitTunnel = false,
Tags =
{
{ "string", "string" },
},
TransportProtocol = "string",
VpcId = "string",
VpnPort = 0,
});
example, err := ec2clientvpn.NewEndpoint(ctx, "awsEndpointResource", &ec2clientvpn.EndpointArgs{
ConnectionLogOptions: &ec2clientvpn.EndpointConnectionLogOptionsArgs{
Enabled: pulumi.Bool(false),
CloudwatchLogGroup: pulumi.String("string"),
CloudwatchLogStream: pulumi.String("string"),
},
ClientCidrBlock: pulumi.String("string"),
ServerCertificateArn: pulumi.String("string"),
AuthenticationOptions: ec2clientvpn.EndpointAuthenticationOptionArray{
&ec2clientvpn.EndpointAuthenticationOptionArgs{
Type: pulumi.String("string"),
ActiveDirectoryId: pulumi.String("string"),
RootCertificateChainArn: pulumi.String("string"),
SamlProviderArn: pulumi.String("string"),
SelfServiceSamlProviderArn: pulumi.String("string"),
},
},
SelfServicePortal: pulumi.String("string"),
Description: pulumi.String("string"),
DnsServers: pulumi.StringArray{
pulumi.String("string"),
},
SecurityGroupIds: pulumi.StringArray{
pulumi.String("string"),
},
ClientLoginBannerOptions: &ec2clientvpn.EndpointClientLoginBannerOptionsArgs{
BannerText: pulumi.String("string"),
Enabled: pulumi.Bool(false),
},
ClientConnectOptions: &ec2clientvpn.EndpointClientConnectOptionsArgs{
Enabled: pulumi.Bool(false),
LambdaFunctionArn: pulumi.String("string"),
},
SessionTimeoutHours: pulumi.Int(0),
SplitTunnel: pulumi.Bool(false),
Tags: pulumi.StringMap{
"string": pulumi.String("string"),
},
TransportProtocol: pulumi.String("string"),
VpcId: pulumi.String("string"),
VpnPort: pulumi.Int(0),
})
var awsEndpointResource = new Endpoint("awsEndpointResource", EndpointArgs.builder()
.connectionLogOptions(EndpointConnectionLogOptionsArgs.builder()
.enabled(false)
.cloudwatchLogGroup("string")
.cloudwatchLogStream("string")
.build())
.clientCidrBlock("string")
.serverCertificateArn("string")
.authenticationOptions(EndpointAuthenticationOptionArgs.builder()
.type("string")
.activeDirectoryId("string")
.rootCertificateChainArn("string")
.samlProviderArn("string")
.selfServiceSamlProviderArn("string")
.build())
.selfServicePortal("string")
.description("string")
.dnsServers("string")
.securityGroupIds("string")
.clientLoginBannerOptions(EndpointClientLoginBannerOptionsArgs.builder()
.bannerText("string")
.enabled(false)
.build())
.clientConnectOptions(EndpointClientConnectOptionsArgs.builder()
.enabled(false)
.lambdaFunctionArn("string")
.build())
.sessionTimeoutHours(0)
.splitTunnel(false)
.tags(Map.of("string", "string"))
.transportProtocol("string")
.vpcId("string")
.vpnPort(0)
.build());
aws_endpoint_resource = aws.ec2clientvpn.Endpoint("awsEndpointResource",
connection_log_options={
"enabled": False,
"cloudwatch_log_group": "string",
"cloudwatch_log_stream": "string",
},
client_cidr_block="string",
server_certificate_arn="string",
authentication_options=[{
"type": "string",
"active_directory_id": "string",
"root_certificate_chain_arn": "string",
"saml_provider_arn": "string",
"self_service_saml_provider_arn": "string",
}],
self_service_portal="string",
description="string",
dns_servers=["string"],
security_group_ids=["string"],
client_login_banner_options={
"banner_text": "string",
"enabled": False,
},
client_connect_options={
"enabled": False,
"lambda_function_arn": "string",
},
session_timeout_hours=0,
split_tunnel=False,
tags={
"string": "string",
},
transport_protocol="string",
vpc_id="string",
vpn_port=0)
const awsEndpointResource = new aws.ec2clientvpn.Endpoint("awsEndpointResource", {
connectionLogOptions: {
enabled: false,
cloudwatchLogGroup: "string",
cloudwatchLogStream: "string",
},
clientCidrBlock: "string",
serverCertificateArn: "string",
authenticationOptions: [{
type: "string",
activeDirectoryId: "string",
rootCertificateChainArn: "string",
samlProviderArn: "string",
selfServiceSamlProviderArn: "string",
}],
selfServicePortal: "string",
description: "string",
dnsServers: ["string"],
securityGroupIds: ["string"],
clientLoginBannerOptions: {
bannerText: "string",
enabled: false,
},
clientConnectOptions: {
enabled: false,
lambdaFunctionArn: "string",
},
sessionTimeoutHours: 0,
splitTunnel: false,
tags: {
string: "string",
},
transportProtocol: "string",
vpcId: "string",
vpnPort: 0,
});
type: aws:ec2clientvpn:Endpoint
properties:
authenticationOptions:
- activeDirectoryId: string
rootCertificateChainArn: string
samlProviderArn: string
selfServiceSamlProviderArn: string
type: string
clientCidrBlock: string
clientConnectOptions:
enabled: false
lambdaFunctionArn: string
clientLoginBannerOptions:
bannerText: string
enabled: false
connectionLogOptions:
cloudwatchLogGroup: string
cloudwatchLogStream: string
enabled: false
description: string
dnsServers:
- string
securityGroupIds:
- string
selfServicePortal: string
serverCertificateArn: string
sessionTimeoutHours: 0
splitTunnel: false
tags:
string: string
transportProtocol: string
vpcId: string
vpnPort: 0
Endpoint Resource Properties
To learn more about resource properties and how to use them, see Inputs and Outputs in the Architecture and Concepts docs.
Inputs
In Python, inputs that are objects can be passed either as argument classes or as dictionary literals.
The Endpoint resource accepts the following input properties:
- Authentication
Options List<EndpointAuthentication Option> - Information about the authentication method to be used to authenticate clients.
- Client
Cidr stringBlock - The IPv4 address range, in CIDR notation, from which to assign client IP addresses. The address range cannot overlap with the local CIDR of the VPC in which the associated subnet is located, or the routes that you add manually. The address range cannot be changed after the Client VPN endpoint has been created. The CIDR block should be /22 or greater.
- Connection
Log EndpointOptions Connection Log Options - Information about the client connection logging options.
- Server
Certificate stringArn - The ARN of the ACM server certificate.
- Client
Connect EndpointOptions Client Connect Options - The options for managing connection authorization for new client connections.
- Endpoint
Client Login Banner Options - Options for enabling a customizable text banner that will be displayed on AWS provided clients when a VPN session is established.
- Description string
- A brief description of the Client VPN endpoint.
- Dns
Servers List<string> - Information about the DNS servers to be used for DNS resolution. A Client VPN endpoint can have up to two DNS servers. If no DNS server is specified, the DNS address of the connecting device is used.
- Security
Group List<string>Ids - The IDs of one or more security groups to apply to the target network. You must also specify the ID of the VPC that contains the security groups.
- Self
Service stringPortal - Specify whether to enable the self-service portal for the Client VPN endpoint. Values can be
enabled
ordisabled
. Default value isdisabled
. - Session
Timeout intHours - The maximum session duration is a trigger by which end-users are required to re-authenticate prior to establishing a VPN session. Default value is
24
- Valid values:8 | 10 | 12 | 24
- Split
Tunnel bool - Indicates whether split-tunnel is enabled on VPN endpoint. Default value is
false
. - Dictionary<string, string>
- A mapping of tags to assign to the resource. If configured with a provider
default_tags
configuration block present, tags with matching keys will overwrite those defined at the provider-level. - Transport
Protocol string - The transport protocol to be used by the VPN session. Default value is
udp
. - Vpc
Id string - The ID of the VPC to associate with the Client VPN endpoint. If no security group IDs are specified in the request, the default security group for the VPC is applied.
- Vpn
Port int - The port number for the Client VPN endpoint. Valid values are
443
and1194
. Default value is443
.
- Authentication
Options []EndpointAuthentication Option Args - Information about the authentication method to be used to authenticate clients.
- Client
Cidr stringBlock - The IPv4 address range, in CIDR notation, from which to assign client IP addresses. The address range cannot overlap with the local CIDR of the VPC in which the associated subnet is located, or the routes that you add manually. The address range cannot be changed after the Client VPN endpoint has been created. The CIDR block should be /22 or greater.
- Connection
Log EndpointOptions Connection Log Options Args - Information about the client connection logging options.
- Server
Certificate stringArn - The ARN of the ACM server certificate.
- Client
Connect EndpointOptions Client Connect Options Args - The options for managing connection authorization for new client connections.
- Endpoint
Client Login Banner Options Args - Options for enabling a customizable text banner that will be displayed on AWS provided clients when a VPN session is established.
- Description string
- A brief description of the Client VPN endpoint.
- Dns
Servers []string - Information about the DNS servers to be used for DNS resolution. A Client VPN endpoint can have up to two DNS servers. If no DNS server is specified, the DNS address of the connecting device is used.
- Security
Group []stringIds - The IDs of one or more security groups to apply to the target network. You must also specify the ID of the VPC that contains the security groups.
- Self
Service stringPortal - Specify whether to enable the self-service portal for the Client VPN endpoint. Values can be
enabled
ordisabled
. Default value isdisabled
. - Session
Timeout intHours - The maximum session duration is a trigger by which end-users are required to re-authenticate prior to establishing a VPN session. Default value is
24
- Valid values:8 | 10 | 12 | 24
- Split
Tunnel bool - Indicates whether split-tunnel is enabled on VPN endpoint. Default value is
false
. - map[string]string
- A mapping of tags to assign to the resource. If configured with a provider
default_tags
configuration block present, tags with matching keys will overwrite those defined at the provider-level. - Transport
Protocol string - The transport protocol to be used by the VPN session. Default value is
udp
. - Vpc
Id string - The ID of the VPC to associate with the Client VPN endpoint. If no security group IDs are specified in the request, the default security group for the VPC is applied.
- Vpn
Port int - The port number for the Client VPN endpoint. Valid values are
443
and1194
. Default value is443
.
- authentication
Options List<EndpointAuthentication Option> - Information about the authentication method to be used to authenticate clients.
- client
Cidr StringBlock - The IPv4 address range, in CIDR notation, from which to assign client IP addresses. The address range cannot overlap with the local CIDR of the VPC in which the associated subnet is located, or the routes that you add manually. The address range cannot be changed after the Client VPN endpoint has been created. The CIDR block should be /22 or greater.
- connection
Log EndpointOptions Connection Log Options - Information about the client connection logging options.
- server
Certificate StringArn - The ARN of the ACM server certificate.
- client
Connect EndpointOptions Client Connect Options - The options for managing connection authorization for new client connections.
- Endpoint
Client Login Banner Options - Options for enabling a customizable text banner that will be displayed on AWS provided clients when a VPN session is established.
- description String
- A brief description of the Client VPN endpoint.
- dns
Servers List<String> - Information about the DNS servers to be used for DNS resolution. A Client VPN endpoint can have up to two DNS servers. If no DNS server is specified, the DNS address of the connecting device is used.
- security
Group List<String>Ids - The IDs of one or more security groups to apply to the target network. You must also specify the ID of the VPC that contains the security groups.
- self
Service StringPortal - Specify whether to enable the self-service portal for the Client VPN endpoint. Values can be
enabled
ordisabled
. Default value isdisabled
. - session
Timeout IntegerHours - The maximum session duration is a trigger by which end-users are required to re-authenticate prior to establishing a VPN session. Default value is
24
- Valid values:8 | 10 | 12 | 24
- split
Tunnel Boolean - Indicates whether split-tunnel is enabled on VPN endpoint. Default value is
false
. - Map<String,String>
- A mapping of tags to assign to the resource. If configured with a provider
default_tags
configuration block present, tags with matching keys will overwrite those defined at the provider-level. - transport
Protocol String - The transport protocol to be used by the VPN session. Default value is
udp
. - vpc
Id String - The ID of the VPC to associate with the Client VPN endpoint. If no security group IDs are specified in the request, the default security group for the VPC is applied.
- vpn
Port Integer - The port number for the Client VPN endpoint. Valid values are
443
and1194
. Default value is443
.
- authentication
Options EndpointAuthentication Option[] - Information about the authentication method to be used to authenticate clients.
- client
Cidr stringBlock - The IPv4 address range, in CIDR notation, from which to assign client IP addresses. The address range cannot overlap with the local CIDR of the VPC in which the associated subnet is located, or the routes that you add manually. The address range cannot be changed after the Client VPN endpoint has been created. The CIDR block should be /22 or greater.
- connection
Log EndpointOptions Connection Log Options - Information about the client connection logging options.
- server
Certificate stringArn - The ARN of the ACM server certificate.
- client
Connect EndpointOptions Client Connect Options - The options for managing connection authorization for new client connections.
- Endpoint
Client Login Banner Options - Options for enabling a customizable text banner that will be displayed on AWS provided clients when a VPN session is established.
- description string
- A brief description of the Client VPN endpoint.
- dns
Servers string[] - Information about the DNS servers to be used for DNS resolution. A Client VPN endpoint can have up to two DNS servers. If no DNS server is specified, the DNS address of the connecting device is used.
- security
Group string[]Ids - The IDs of one or more security groups to apply to the target network. You must also specify the ID of the VPC that contains the security groups.
- self
Service stringPortal - Specify whether to enable the self-service portal for the Client VPN endpoint. Values can be
enabled
ordisabled
. Default value isdisabled
. - session
Timeout numberHours - The maximum session duration is a trigger by which end-users are required to re-authenticate prior to establishing a VPN session. Default value is
24
- Valid values:8 | 10 | 12 | 24
- split
Tunnel boolean - Indicates whether split-tunnel is enabled on VPN endpoint. Default value is
false
. - {[key: string]: string}
- A mapping of tags to assign to the resource. If configured with a provider
default_tags
configuration block present, tags with matching keys will overwrite those defined at the provider-level. - transport
Protocol string - The transport protocol to be used by the VPN session. Default value is
udp
. - vpc
Id string - The ID of the VPC to associate with the Client VPN endpoint. If no security group IDs are specified in the request, the default security group for the VPC is applied.
- vpn
Port number - The port number for the Client VPN endpoint. Valid values are
443
and1194
. Default value is443
.
- authentication_
options Sequence[EndpointAuthentication Option Args] - Information about the authentication method to be used to authenticate clients.
- client_
cidr_ strblock - The IPv4 address range, in CIDR notation, from which to assign client IP addresses. The address range cannot overlap with the local CIDR of the VPC in which the associated subnet is located, or the routes that you add manually. The address range cannot be changed after the Client VPN endpoint has been created. The CIDR block should be /22 or greater.
- connection_
log_ Endpointoptions Connection Log Options Args - Information about the client connection logging options.
- server_
certificate_ strarn - The ARN of the ACM server certificate.
- client_
connect_ Endpointoptions Client Connect Options Args - The options for managing connection authorization for new client connections.
- Endpoint
Client Login Banner Options Args - Options for enabling a customizable text banner that will be displayed on AWS provided clients when a VPN session is established.
- description str
- A brief description of the Client VPN endpoint.
- dns_
servers Sequence[str] - Information about the DNS servers to be used for DNS resolution. A Client VPN endpoint can have up to two DNS servers. If no DNS server is specified, the DNS address of the connecting device is used.
- security_
group_ Sequence[str]ids - The IDs of one or more security groups to apply to the target network. You must also specify the ID of the VPC that contains the security groups.
- self_
service_ strportal - Specify whether to enable the self-service portal for the Client VPN endpoint. Values can be
enabled
ordisabled
. Default value isdisabled
. - session_
timeout_ inthours - The maximum session duration is a trigger by which end-users are required to re-authenticate prior to establishing a VPN session. Default value is
24
- Valid values:8 | 10 | 12 | 24
- split_
tunnel bool - Indicates whether split-tunnel is enabled on VPN endpoint. Default value is
false
. - Mapping[str, str]
- A mapping of tags to assign to the resource. If configured with a provider
default_tags
configuration block present, tags with matching keys will overwrite those defined at the provider-level. - transport_
protocol str - The transport protocol to be used by the VPN session. Default value is
udp
. - vpc_
id str - The ID of the VPC to associate with the Client VPN endpoint. If no security group IDs are specified in the request, the default security group for the VPC is applied.
- vpn_
port int - The port number for the Client VPN endpoint. Valid values are
443
and1194
. Default value is443
.
- authentication
Options List<Property Map> - Information about the authentication method to be used to authenticate clients.
- client
Cidr StringBlock - The IPv4 address range, in CIDR notation, from which to assign client IP addresses. The address range cannot overlap with the local CIDR of the VPC in which the associated subnet is located, or the routes that you add manually. The address range cannot be changed after the Client VPN endpoint has been created. The CIDR block should be /22 or greater.
- connection
Log Property MapOptions - Information about the client connection logging options.
- server
Certificate StringArn - The ARN of the ACM server certificate.
- client
Connect Property MapOptions - The options for managing connection authorization for new client connections.
- Property Map
- Options for enabling a customizable text banner that will be displayed on AWS provided clients when a VPN session is established.
- description String
- A brief description of the Client VPN endpoint.
- dns
Servers List<String> - Information about the DNS servers to be used for DNS resolution. A Client VPN endpoint can have up to two DNS servers. If no DNS server is specified, the DNS address of the connecting device is used.
- security
Group List<String>Ids - The IDs of one or more security groups to apply to the target network. You must also specify the ID of the VPC that contains the security groups.
- self
Service StringPortal - Specify whether to enable the self-service portal for the Client VPN endpoint. Values can be
enabled
ordisabled
. Default value isdisabled
. - session
Timeout NumberHours - The maximum session duration is a trigger by which end-users are required to re-authenticate prior to establishing a VPN session. Default value is
24
- Valid values:8 | 10 | 12 | 24
- split
Tunnel Boolean - Indicates whether split-tunnel is enabled on VPN endpoint. Default value is
false
. - Map<String>
- A mapping of tags to assign to the resource. If configured with a provider
default_tags
configuration block present, tags with matching keys will overwrite those defined at the provider-level. - transport
Protocol String - The transport protocol to be used by the VPN session. Default value is
udp
. - vpc
Id String - The ID of the VPC to associate with the Client VPN endpoint. If no security group IDs are specified in the request, the default security group for the VPC is applied.
- vpn
Port Number - The port number for the Client VPN endpoint. Valid values are
443
and1194
. Default value is443
.
Outputs
All input properties are implicitly available as output properties. Additionally, the Endpoint resource produces the following output properties:
- Arn string
- The ARN of the Client VPN endpoint.
- Dns
Name string - The DNS name to be used by clients when establishing their VPN session.
- Id string
- The provider-assigned unique ID for this managed resource.
- Self
Service stringPortal Url - The URL of the self-service portal.
- Dictionary<string, string>
- A map of tags assigned to the resource, including those inherited from the provider
default_tags
configuration block.
- Arn string
- The ARN of the Client VPN endpoint.
- Dns
Name string - The DNS name to be used by clients when establishing their VPN session.
- Id string
- The provider-assigned unique ID for this managed resource.
- Self
Service stringPortal Url - The URL of the self-service portal.
- map[string]string
- A map of tags assigned to the resource, including those inherited from the provider
default_tags
configuration block.
- arn String
- The ARN of the Client VPN endpoint.
- dns
Name String - The DNS name to be used by clients when establishing their VPN session.
- id String
- The provider-assigned unique ID for this managed resource.
- self
Service StringPortal Url - The URL of the self-service portal.
- Map<String,String>
- A map of tags assigned to the resource, including those inherited from the provider
default_tags
configuration block.
- arn string
- The ARN of the Client VPN endpoint.
- dns
Name string - The DNS name to be used by clients when establishing their VPN session.
- id string
- The provider-assigned unique ID for this managed resource.
- self
Service stringPortal Url - The URL of the self-service portal.
- {[key: string]: string}
- A map of tags assigned to the resource, including those inherited from the provider
default_tags
configuration block.
- arn str
- The ARN of the Client VPN endpoint.
- dns_
name str - The DNS name to be used by clients when establishing their VPN session.
- id str
- The provider-assigned unique ID for this managed resource.
- self_
service_ strportal_ url - The URL of the self-service portal.
- Mapping[str, str]
- A map of tags assigned to the resource, including those inherited from the provider
default_tags
configuration block.
- arn String
- The ARN of the Client VPN endpoint.
- dns
Name String - The DNS name to be used by clients when establishing their VPN session.
- id String
- The provider-assigned unique ID for this managed resource.
- self
Service StringPortal Url - The URL of the self-service portal.
- Map<String>
- A map of tags assigned to the resource, including those inherited from the provider
default_tags
configuration block.
Look up Existing Endpoint Resource
Get an existing Endpoint resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.
public static get(name: string, id: Input<ID>, state?: EndpointState, opts?: CustomResourceOptions): Endpoint
@staticmethod
def get(resource_name: str,
id: str,
opts: Optional[ResourceOptions] = None,
arn: Optional[str] = None,
authentication_options: Optional[Sequence[EndpointAuthenticationOptionArgs]] = None,
client_cidr_block: Optional[str] = None,
client_connect_options: Optional[EndpointClientConnectOptionsArgs] = None,
client_login_banner_options: Optional[EndpointClientLoginBannerOptionsArgs] = None,
connection_log_options: Optional[EndpointConnectionLogOptionsArgs] = None,
description: Optional[str] = None,
dns_name: Optional[str] = None,
dns_servers: Optional[Sequence[str]] = None,
security_group_ids: Optional[Sequence[str]] = None,
self_service_portal: Optional[str] = None,
self_service_portal_url: Optional[str] = None,
server_certificate_arn: Optional[str] = None,
session_timeout_hours: Optional[int] = None,
split_tunnel: Optional[bool] = None,
tags: Optional[Mapping[str, str]] = None,
tags_all: Optional[Mapping[str, str]] = None,
transport_protocol: Optional[str] = None,
vpc_id: Optional[str] = None,
vpn_port: Optional[int] = None) -> Endpoint
func GetEndpoint(ctx *Context, name string, id IDInput, state *EndpointState, opts ...ResourceOption) (*Endpoint, error)
public static Endpoint Get(string name, Input<string> id, EndpointState? state, CustomResourceOptions? opts = null)
public static Endpoint get(String name, Output<String> id, EndpointState state, CustomResourceOptions options)
Resource lookup is not supported in YAML
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- resource_name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- Arn string
- The ARN of the Client VPN endpoint.
- Authentication
Options List<EndpointAuthentication Option> - Information about the authentication method to be used to authenticate clients.
- Client
Cidr stringBlock - The IPv4 address range, in CIDR notation, from which to assign client IP addresses. The address range cannot overlap with the local CIDR of the VPC in which the associated subnet is located, or the routes that you add manually. The address range cannot be changed after the Client VPN endpoint has been created. The CIDR block should be /22 or greater.
- Client
Connect EndpointOptions Client Connect Options - The options for managing connection authorization for new client connections.
- Endpoint
Client Login Banner Options - Options for enabling a customizable text banner that will be displayed on AWS provided clients when a VPN session is established.
- Connection
Log EndpointOptions Connection Log Options - Information about the client connection logging options.
- Description string
- A brief description of the Client VPN endpoint.
- Dns
Name string - The DNS name to be used by clients when establishing their VPN session.
- Dns
Servers List<string> - Information about the DNS servers to be used for DNS resolution. A Client VPN endpoint can have up to two DNS servers. If no DNS server is specified, the DNS address of the connecting device is used.
- Security
Group List<string>Ids - The IDs of one or more security groups to apply to the target network. You must also specify the ID of the VPC that contains the security groups.
- Self
Service stringPortal - Specify whether to enable the self-service portal for the Client VPN endpoint. Values can be
enabled
ordisabled
. Default value isdisabled
. - Self
Service stringPortal Url - The URL of the self-service portal.
- Server
Certificate stringArn - The ARN of the ACM server certificate.
- Session
Timeout intHours - The maximum session duration is a trigger by which end-users are required to re-authenticate prior to establishing a VPN session. Default value is
24
- Valid values:8 | 10 | 12 | 24
- Split
Tunnel bool - Indicates whether split-tunnel is enabled on VPN endpoint. Default value is
false
. - Dictionary<string, string>
- A mapping of tags to assign to the resource. If configured with a provider
default_tags
configuration block present, tags with matching keys will overwrite those defined at the provider-level. - Dictionary<string, string>
- A map of tags assigned to the resource, including those inherited from the provider
default_tags
configuration block. - Transport
Protocol string - The transport protocol to be used by the VPN session. Default value is
udp
. - Vpc
Id string - The ID of the VPC to associate with the Client VPN endpoint. If no security group IDs are specified in the request, the default security group for the VPC is applied.
- Vpn
Port int - The port number for the Client VPN endpoint. Valid values are
443
and1194
. Default value is443
.
- Arn string
- The ARN of the Client VPN endpoint.
- Authentication
Options []EndpointAuthentication Option Args - Information about the authentication method to be used to authenticate clients.
- Client
Cidr stringBlock - The IPv4 address range, in CIDR notation, from which to assign client IP addresses. The address range cannot overlap with the local CIDR of the VPC in which the associated subnet is located, or the routes that you add manually. The address range cannot be changed after the Client VPN endpoint has been created. The CIDR block should be /22 or greater.
- Client
Connect EndpointOptions Client Connect Options Args - The options for managing connection authorization for new client connections.
- Endpoint
Client Login Banner Options Args - Options for enabling a customizable text banner that will be displayed on AWS provided clients when a VPN session is established.
- Connection
Log EndpointOptions Connection Log Options Args - Information about the client connection logging options.
- Description string
- A brief description of the Client VPN endpoint.
- Dns
Name string - The DNS name to be used by clients when establishing their VPN session.
- Dns
Servers []string - Information about the DNS servers to be used for DNS resolution. A Client VPN endpoint can have up to two DNS servers. If no DNS server is specified, the DNS address of the connecting device is used.
- Security
Group []stringIds - The IDs of one or more security groups to apply to the target network. You must also specify the ID of the VPC that contains the security groups.
- Self
Service stringPortal - Specify whether to enable the self-service portal for the Client VPN endpoint. Values can be
enabled
ordisabled
. Default value isdisabled
. - Self
Service stringPortal Url - The URL of the self-service portal.
- Server
Certificate stringArn - The ARN of the ACM server certificate.
- Session
Timeout intHours - The maximum session duration is a trigger by which end-users are required to re-authenticate prior to establishing a VPN session. Default value is
24
- Valid values:8 | 10 | 12 | 24
- Split
Tunnel bool - Indicates whether split-tunnel is enabled on VPN endpoint. Default value is
false
. - map[string]string
- A mapping of tags to assign to the resource. If configured with a provider
default_tags
configuration block present, tags with matching keys will overwrite those defined at the provider-level. - map[string]string
- A map of tags assigned to the resource, including those inherited from the provider
default_tags
configuration block. - Transport
Protocol string - The transport protocol to be used by the VPN session. Default value is
udp
. - Vpc
Id string - The ID of the VPC to associate with the Client VPN endpoint. If no security group IDs are specified in the request, the default security group for the VPC is applied.
- Vpn
Port int - The port number for the Client VPN endpoint. Valid values are
443
and1194
. Default value is443
.
- arn String
- The ARN of the Client VPN endpoint.
- authentication
Options List<EndpointAuthentication Option> - Information about the authentication method to be used to authenticate clients.
- client
Cidr StringBlock - The IPv4 address range, in CIDR notation, from which to assign client IP addresses. The address range cannot overlap with the local CIDR of the VPC in which the associated subnet is located, or the routes that you add manually. The address range cannot be changed after the Client VPN endpoint has been created. The CIDR block should be /22 or greater.
- client
Connect EndpointOptions Client Connect Options - The options for managing connection authorization for new client connections.
- Endpoint
Client Login Banner Options - Options for enabling a customizable text banner that will be displayed on AWS provided clients when a VPN session is established.
- connection
Log EndpointOptions Connection Log Options - Information about the client connection logging options.
- description String
- A brief description of the Client VPN endpoint.
- dns
Name String - The DNS name to be used by clients when establishing their VPN session.
- dns
Servers List<String> - Information about the DNS servers to be used for DNS resolution. A Client VPN endpoint can have up to two DNS servers. If no DNS server is specified, the DNS address of the connecting device is used.
- security
Group List<String>Ids - The IDs of one or more security groups to apply to the target network. You must also specify the ID of the VPC that contains the security groups.
- self
Service StringPortal - Specify whether to enable the self-service portal for the Client VPN endpoint. Values can be
enabled
ordisabled
. Default value isdisabled
. - self
Service StringPortal Url - The URL of the self-service portal.
- server
Certificate StringArn - The ARN of the ACM server certificate.
- session
Timeout IntegerHours - The maximum session duration is a trigger by which end-users are required to re-authenticate prior to establishing a VPN session. Default value is
24
- Valid values:8 | 10 | 12 | 24
- split
Tunnel Boolean - Indicates whether split-tunnel is enabled on VPN endpoint. Default value is
false
. - Map<String,String>
- A mapping of tags to assign to the resource. If configured with a provider
default_tags
configuration block present, tags with matching keys will overwrite those defined at the provider-level. - Map<String,String>
- A map of tags assigned to the resource, including those inherited from the provider
default_tags
configuration block. - transport
Protocol String - The transport protocol to be used by the VPN session. Default value is
udp
. - vpc
Id String - The ID of the VPC to associate with the Client VPN endpoint. If no security group IDs are specified in the request, the default security group for the VPC is applied.
- vpn
Port Integer - The port number for the Client VPN endpoint. Valid values are
443
and1194
. Default value is443
.
- arn string
- The ARN of the Client VPN endpoint.
- authentication
Options EndpointAuthentication Option[] - Information about the authentication method to be used to authenticate clients.
- client
Cidr stringBlock - The IPv4 address range, in CIDR notation, from which to assign client IP addresses. The address range cannot overlap with the local CIDR of the VPC in which the associated subnet is located, or the routes that you add manually. The address range cannot be changed after the Client VPN endpoint has been created. The CIDR block should be /22 or greater.
- client
Connect EndpointOptions Client Connect Options - The options for managing connection authorization for new client connections.
- Endpoint
Client Login Banner Options - Options for enabling a customizable text banner that will be displayed on AWS provided clients when a VPN session is established.
- connection
Log EndpointOptions Connection Log Options - Information about the client connection logging options.
- description string
- A brief description of the Client VPN endpoint.
- dns
Name string - The DNS name to be used by clients when establishing their VPN session.
- dns
Servers string[] - Information about the DNS servers to be used for DNS resolution. A Client VPN endpoint can have up to two DNS servers. If no DNS server is specified, the DNS address of the connecting device is used.
- security
Group string[]Ids - The IDs of one or more security groups to apply to the target network. You must also specify the ID of the VPC that contains the security groups.
- self
Service stringPortal - Specify whether to enable the self-service portal for the Client VPN endpoint. Values can be
enabled
ordisabled
. Default value isdisabled
. - self
Service stringPortal Url - The URL of the self-service portal.
- server
Certificate stringArn - The ARN of the ACM server certificate.
- session
Timeout numberHours - The maximum session duration is a trigger by which end-users are required to re-authenticate prior to establishing a VPN session. Default value is
24
- Valid values:8 | 10 | 12 | 24
- split
Tunnel boolean - Indicates whether split-tunnel is enabled on VPN endpoint. Default value is
false
. - {[key: string]: string}
- A mapping of tags to assign to the resource. If configured with a provider
default_tags
configuration block present, tags with matching keys will overwrite those defined at the provider-level. - {[key: string]: string}
- A map of tags assigned to the resource, including those inherited from the provider
default_tags
configuration block. - transport
Protocol string - The transport protocol to be used by the VPN session. Default value is
udp
. - vpc
Id string - The ID of the VPC to associate with the Client VPN endpoint. If no security group IDs are specified in the request, the default security group for the VPC is applied.
- vpn
Port number - The port number for the Client VPN endpoint. Valid values are
443
and1194
. Default value is443
.
- arn str
- The ARN of the Client VPN endpoint.
- authentication_
options Sequence[EndpointAuthentication Option Args] - Information about the authentication method to be used to authenticate clients.
- client_
cidr_ strblock - The IPv4 address range, in CIDR notation, from which to assign client IP addresses. The address range cannot overlap with the local CIDR of the VPC in which the associated subnet is located, or the routes that you add manually. The address range cannot be changed after the Client VPN endpoint has been created. The CIDR block should be /22 or greater.
- client_
connect_ Endpointoptions Client Connect Options Args - The options for managing connection authorization for new client connections.
- Endpoint
Client Login Banner Options Args - Options for enabling a customizable text banner that will be displayed on AWS provided clients when a VPN session is established.
- connection_
log_ Endpointoptions Connection Log Options Args - Information about the client connection logging options.
- description str
- A brief description of the Client VPN endpoint.
- dns_
name str - The DNS name to be used by clients when establishing their VPN session.
- dns_
servers Sequence[str] - Information about the DNS servers to be used for DNS resolution. A Client VPN endpoint can have up to two DNS servers. If no DNS server is specified, the DNS address of the connecting device is used.
- security_
group_ Sequence[str]ids - The IDs of one or more security groups to apply to the target network. You must also specify the ID of the VPC that contains the security groups.
- self_
service_ strportal - Specify whether to enable the self-service portal for the Client VPN endpoint. Values can be
enabled
ordisabled
. Default value isdisabled
. - self_
service_ strportal_ url - The URL of the self-service portal.
- server_
certificate_ strarn - The ARN of the ACM server certificate.
- session_
timeout_ inthours - The maximum session duration is a trigger by which end-users are required to re-authenticate prior to establishing a VPN session. Default value is
24
- Valid values:8 | 10 | 12 | 24
- split_
tunnel bool - Indicates whether split-tunnel is enabled on VPN endpoint. Default value is
false
. - Mapping[str, str]
- A mapping of tags to assign to the resource. If configured with a provider
default_tags
configuration block present, tags with matching keys will overwrite those defined at the provider-level. - Mapping[str, str]
- A map of tags assigned to the resource, including those inherited from the provider
default_tags
configuration block. - transport_
protocol str - The transport protocol to be used by the VPN session. Default value is
udp
. - vpc_
id str - The ID of the VPC to associate with the Client VPN endpoint. If no security group IDs are specified in the request, the default security group for the VPC is applied.
- vpn_
port int - The port number for the Client VPN endpoint. Valid values are
443
and1194
. Default value is443
.
- arn String
- The ARN of the Client VPN endpoint.
- authentication
Options List<Property Map> - Information about the authentication method to be used to authenticate clients.
- client
Cidr StringBlock - The IPv4 address range, in CIDR notation, from which to assign client IP addresses. The address range cannot overlap with the local CIDR of the VPC in which the associated subnet is located, or the routes that you add manually. The address range cannot be changed after the Client VPN endpoint has been created. The CIDR block should be /22 or greater.
- client
Connect Property MapOptions - The options for managing connection authorization for new client connections.
- Property Map
- Options for enabling a customizable text banner that will be displayed on AWS provided clients when a VPN session is established.
- connection
Log Property MapOptions - Information about the client connection logging options.
- description String
- A brief description of the Client VPN endpoint.
- dns
Name String - The DNS name to be used by clients when establishing their VPN session.
- dns
Servers List<String> - Information about the DNS servers to be used for DNS resolution. A Client VPN endpoint can have up to two DNS servers. If no DNS server is specified, the DNS address of the connecting device is used.
- security
Group List<String>Ids - The IDs of one or more security groups to apply to the target network. You must also specify the ID of the VPC that contains the security groups.
- self
Service StringPortal - Specify whether to enable the self-service portal for the Client VPN endpoint. Values can be
enabled
ordisabled
. Default value isdisabled
. - self
Service StringPortal Url - The URL of the self-service portal.
- server
Certificate StringArn - The ARN of the ACM server certificate.
- session
Timeout NumberHours - The maximum session duration is a trigger by which end-users are required to re-authenticate prior to establishing a VPN session. Default value is
24
- Valid values:8 | 10 | 12 | 24
- split
Tunnel Boolean - Indicates whether split-tunnel is enabled on VPN endpoint. Default value is
false
. - Map<String>
- A mapping of tags to assign to the resource. If configured with a provider
default_tags
configuration block present, tags with matching keys will overwrite those defined at the provider-level. - Map<String>
- A map of tags assigned to the resource, including those inherited from the provider
default_tags
configuration block. - transport
Protocol String - The transport protocol to be used by the VPN session. Default value is
udp
. - vpc
Id String - The ID of the VPC to associate with the Client VPN endpoint. If no security group IDs are specified in the request, the default security group for the VPC is applied.
- vpn
Port Number - The port number for the Client VPN endpoint. Valid values are
443
and1194
. Default value is443
.
Supporting Types
EndpointAuthenticationOption, EndpointAuthenticationOptionArgs
- Type string
- The type of client authentication to be used. Specify
certificate-authentication
to use certificate-based authentication,directory-service-authentication
to use Active Directory authentication, orfederated-authentication
to use Federated Authentication via SAML 2.0. - Active
Directory stringId - The ID of the Active Directory to be used for authentication if type is
directory-service-authentication
. - Root
Certificate stringChain Arn - The ARN of the client certificate. The certificate must be signed by a certificate authority (CA) and it must be provisioned in AWS Certificate Manager (ACM). Only necessary when type is set to
certificate-authentication
. - Saml
Provider stringArn - The ARN of the IAM SAML identity provider if type is
federated-authentication
. - Self
Service stringSaml Provider Arn - The ARN of the IAM SAML identity provider for the self service portal if type is
federated-authentication
.
- Type string
- The type of client authentication to be used. Specify
certificate-authentication
to use certificate-based authentication,directory-service-authentication
to use Active Directory authentication, orfederated-authentication
to use Federated Authentication via SAML 2.0. - Active
Directory stringId - The ID of the Active Directory to be used for authentication if type is
directory-service-authentication
. - Root
Certificate stringChain Arn - The ARN of the client certificate. The certificate must be signed by a certificate authority (CA) and it must be provisioned in AWS Certificate Manager (ACM). Only necessary when type is set to
certificate-authentication
. - Saml
Provider stringArn - The ARN of the IAM SAML identity provider if type is
federated-authentication
. - Self
Service stringSaml Provider Arn - The ARN of the IAM SAML identity provider for the self service portal if type is
federated-authentication
.
- type String
- The type of client authentication to be used. Specify
certificate-authentication
to use certificate-based authentication,directory-service-authentication
to use Active Directory authentication, orfederated-authentication
to use Federated Authentication via SAML 2.0. - active
Directory StringId - The ID of the Active Directory to be used for authentication if type is
directory-service-authentication
. - root
Certificate StringChain Arn - The ARN of the client certificate. The certificate must be signed by a certificate authority (CA) and it must be provisioned in AWS Certificate Manager (ACM). Only necessary when type is set to
certificate-authentication
. - saml
Provider StringArn - The ARN of the IAM SAML identity provider if type is
federated-authentication
. - self
Service StringSaml Provider Arn - The ARN of the IAM SAML identity provider for the self service portal if type is
federated-authentication
.
- type string
- The type of client authentication to be used. Specify
certificate-authentication
to use certificate-based authentication,directory-service-authentication
to use Active Directory authentication, orfederated-authentication
to use Federated Authentication via SAML 2.0. - active
Directory stringId - The ID of the Active Directory to be used for authentication if type is
directory-service-authentication
. - root
Certificate stringChain Arn - The ARN of the client certificate. The certificate must be signed by a certificate authority (CA) and it must be provisioned in AWS Certificate Manager (ACM). Only necessary when type is set to
certificate-authentication
. - saml
Provider stringArn - The ARN of the IAM SAML identity provider if type is
federated-authentication
. - self
Service stringSaml Provider Arn - The ARN of the IAM SAML identity provider for the self service portal if type is
federated-authentication
.
- type str
- The type of client authentication to be used. Specify
certificate-authentication
to use certificate-based authentication,directory-service-authentication
to use Active Directory authentication, orfederated-authentication
to use Federated Authentication via SAML 2.0. - active_
directory_ strid - The ID of the Active Directory to be used for authentication if type is
directory-service-authentication
. - root_
certificate_ strchain_ arn - The ARN of the client certificate. The certificate must be signed by a certificate authority (CA) and it must be provisioned in AWS Certificate Manager (ACM). Only necessary when type is set to
certificate-authentication
. - saml_
provider_ strarn - The ARN of the IAM SAML identity provider if type is
federated-authentication
. - self_
service_ strsaml_ provider_ arn - The ARN of the IAM SAML identity provider for the self service portal if type is
federated-authentication
.
- type String
- The type of client authentication to be used. Specify
certificate-authentication
to use certificate-based authentication,directory-service-authentication
to use Active Directory authentication, orfederated-authentication
to use Federated Authentication via SAML 2.0. - active
Directory StringId - The ID of the Active Directory to be used for authentication if type is
directory-service-authentication
. - root
Certificate StringChain Arn - The ARN of the client certificate. The certificate must be signed by a certificate authority (CA) and it must be provisioned in AWS Certificate Manager (ACM). Only necessary when type is set to
certificate-authentication
. - saml
Provider StringArn - The ARN of the IAM SAML identity provider if type is
federated-authentication
. - self
Service StringSaml Provider Arn - The ARN of the IAM SAML identity provider for the self service portal if type is
federated-authentication
.
EndpointClientConnectOptions, EndpointClientConnectOptionsArgs
- Enabled bool
- Indicates whether client connect options are enabled. The default is
false
(not enabled). - Lambda
Function stringArn - The Amazon Resource Name (ARN) of the Lambda function used for connection authorization.
- Enabled bool
- Indicates whether client connect options are enabled. The default is
false
(not enabled). - Lambda
Function stringArn - The Amazon Resource Name (ARN) of the Lambda function used for connection authorization.
- enabled Boolean
- Indicates whether client connect options are enabled. The default is
false
(not enabled). - lambda
Function StringArn - The Amazon Resource Name (ARN) of the Lambda function used for connection authorization.
- enabled boolean
- Indicates whether client connect options are enabled. The default is
false
(not enabled). - lambda
Function stringArn - The Amazon Resource Name (ARN) of the Lambda function used for connection authorization.
- enabled bool
- Indicates whether client connect options are enabled. The default is
false
(not enabled). - lambda_
function_ strarn - The Amazon Resource Name (ARN) of the Lambda function used for connection authorization.
- enabled Boolean
- Indicates whether client connect options are enabled. The default is
false
(not enabled). - lambda
Function StringArn - The Amazon Resource Name (ARN) of the Lambda function used for connection authorization.
EndpointClientLoginBannerOptions, EndpointClientLoginBannerOptionsArgs
- string
- Customizable text that will be displayed in a banner on AWS provided clients when a VPN session is established. UTF-8 encoded characters only. Maximum of 1400 characters.
- Enabled bool
- Enable or disable a customizable text banner that will be displayed on AWS provided clients when a VPN session is established. The default is
false
(not enabled).
- string
- Customizable text that will be displayed in a banner on AWS provided clients when a VPN session is established. UTF-8 encoded characters only. Maximum of 1400 characters.
- Enabled bool
- Enable or disable a customizable text banner that will be displayed on AWS provided clients when a VPN session is established. The default is
false
(not enabled).
- String
- Customizable text that will be displayed in a banner on AWS provided clients when a VPN session is established. UTF-8 encoded characters only. Maximum of 1400 characters.
- enabled Boolean
- Enable or disable a customizable text banner that will be displayed on AWS provided clients when a VPN session is established. The default is
false
(not enabled).
- string
- Customizable text that will be displayed in a banner on AWS provided clients when a VPN session is established. UTF-8 encoded characters only. Maximum of 1400 characters.
- enabled boolean
- Enable or disable a customizable text banner that will be displayed on AWS provided clients when a VPN session is established. The default is
false
(not enabled).
- str
- Customizable text that will be displayed in a banner on AWS provided clients when a VPN session is established. UTF-8 encoded characters only. Maximum of 1400 characters.
- enabled bool
- Enable or disable a customizable text banner that will be displayed on AWS provided clients when a VPN session is established. The default is
false
(not enabled).
- String
- Customizable text that will be displayed in a banner on AWS provided clients when a VPN session is established. UTF-8 encoded characters only. Maximum of 1400 characters.
- enabled Boolean
- Enable or disable a customizable text banner that will be displayed on AWS provided clients when a VPN session is established. The default is
false
(not enabled).
EndpointConnectionLogOptions, EndpointConnectionLogOptionsArgs
- Enabled bool
- Indicates whether connection logging is enabled.
- Cloudwatch
Log stringGroup - The name of the CloudWatch Logs log group.
- Cloudwatch
Log stringStream - The name of the CloudWatch Logs log stream to which the connection data is published.
- Enabled bool
- Indicates whether connection logging is enabled.
- Cloudwatch
Log stringGroup - The name of the CloudWatch Logs log group.
- Cloudwatch
Log stringStream - The name of the CloudWatch Logs log stream to which the connection data is published.
- enabled Boolean
- Indicates whether connection logging is enabled.
- cloudwatch
Log StringGroup - The name of the CloudWatch Logs log group.
- cloudwatch
Log StringStream - The name of the CloudWatch Logs log stream to which the connection data is published.
- enabled boolean
- Indicates whether connection logging is enabled.
- cloudwatch
Log stringGroup - The name of the CloudWatch Logs log group.
- cloudwatch
Log stringStream - The name of the CloudWatch Logs log stream to which the connection data is published.
- enabled bool
- Indicates whether connection logging is enabled.
- cloudwatch_
log_ strgroup - The name of the CloudWatch Logs log group.
- cloudwatch_
log_ strstream - The name of the CloudWatch Logs log stream to which the connection data is published.
- enabled Boolean
- Indicates whether connection logging is enabled.
- cloudwatch
Log StringGroup - The name of the CloudWatch Logs log group.
- cloudwatch
Log StringStream - The name of the CloudWatch Logs log stream to which the connection data is published.
Import
Using pulumi import
, import AWS Client VPN endpoints using the id
value found via aws ec2 describe-client-vpn-endpoints
. For example:
$ pulumi import aws:ec2clientvpn/endpoint:Endpoint example cvpn-endpoint-0ac3a1abbccddd666
To learn more about importing existing cloud resources, see Importing resources.
Package Details
- Repository
- AWS Classic pulumi/pulumi-aws
- License
- Apache-2.0
- Notes
- This Pulumi package is based on the
aws
Terraform Provider.