Endpoint
Provides an AWS Client VPN endpoint for OpenVPN clients. For more information on usage, please see the AWS Client VPN Administrator’s Guide.
Example Usage
using Pulumi;
using Aws = Pulumi.Aws;
class MyStack : Stack
{
public MyStack()
{
var example = new Aws.Ec2ClientVpn.Endpoint("example", new Aws.Ec2ClientVpn.EndpointArgs
{
AuthenticationOptions =
{
new Aws.Ec2ClientVpn.Inputs.EndpointAuthenticationOptionArgs
{
RootCertificateChainArn = aws_acm_certificate.Root_cert.Arn,
Type = "certificate-authentication",
},
},
ClientCidrBlock = "10.0.0.0/16",
ConnectionLogOptions = new Aws.Ec2ClientVpn.Inputs.EndpointConnectionLogOptionsArgs
{
CloudwatchLogGroup = aws_cloudwatch_log_group.Lg.Name,
CloudwatchLogStream = aws_cloudwatch_log_stream.Ls.Name,
Enabled = true,
},
Description = "clientvpn-example",
ServerCertificateArn = aws_acm_certificate.Cert.Arn,
});
}
}
package main
import (
"github.com/pulumi/pulumi-aws/sdk/v2/go/aws/ec2clientvpn"
"github.com/pulumi/pulumi/sdk/v2/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
_, err := ec2clientvpn.NewEndpoint(ctx, "example", &ec2clientvpn.EndpointArgs{
AuthenticationOptions: ec2clientvpn.EndpointAuthenticationOptionArray{
&ec2clientvpn.EndpointAuthenticationOptionArgs{
RootCertificateChainArn: pulumi.String(aws_acm_certificate.Root_cert.Arn),
Type: pulumi.String("certificate-authentication"),
},
},
ClientCidrBlock: pulumi.String("10.0.0.0/16"),
ConnectionLogOptions: &ec2clientvpn.EndpointConnectionLogOptionsArgs{
CloudwatchLogGroup: pulumi.String(aws_cloudwatch_log_group.Lg.Name),
CloudwatchLogStream: pulumi.String(aws_cloudwatch_log_stream.Ls.Name),
Enabled: pulumi.Bool(true),
},
Description: pulumi.String("clientvpn-example"),
ServerCertificateArn: pulumi.String(aws_acm_certificate.Cert.Arn),
})
if err != nil {
return err
}
return nil
})
}import pulumi
import pulumi_aws as aws
example = aws.ec2clientvpn.Endpoint("example",
authentication_options=[{
"rootCertificateChainArn": aws_acm_certificate["root_cert"]["arn"],
"type": "certificate-authentication",
}],
client_cidr_block="10.0.0.0/16",
connection_log_options={
"cloudwatchLogGroup": aws_cloudwatch_log_group["lg"]["name"],
"cloudwatchLogStream": aws_cloudwatch_log_stream["ls"]["name"],
"enabled": True,
},
description="clientvpn-example",
server_certificate_arn=aws_acm_certificate["cert"]["arn"])import * as pulumi from "@pulumi/pulumi";
import * as aws from "@pulumi/aws";
const example = new aws.ec2clientvpn.Endpoint("example", {
authenticationOptions: [{
rootCertificateChainArn: aws_acm_certificate_root_cert.arn,
type: "certificate-authentication",
}],
clientCidrBlock: "10.0.0.0/16",
connectionLogOptions: {
cloudwatchLogGroup: aws_cloudwatch_log_group_lg.name,
cloudwatchLogStream: aws_cloudwatch_log_stream_ls.name,
enabled: true,
},
description: "clientvpn-example",
serverCertificateArn: aws_acm_certificate_cert.arn,
});Create a Endpoint Resource
new Endpoint(name: string, args: EndpointArgs, opts?: CustomResourceOptions);def Endpoint(resource_name, opts=None, authentication_options=None, client_cidr_block=None, connection_log_options=None, description=None, dns_servers=None, server_certificate_arn=None, split_tunnel=None, tags=None, transport_protocol=None, __props__=None);func NewEndpoint(ctx *Context, name string, args EndpointArgs, opts ...ResourceOption) (*Endpoint, error)public Endpoint(string name, EndpointArgs args, CustomResourceOptions? opts = null)- name string
- The unique name of the resource.
- args EndpointArgs
- The arguments to resource properties.
- opts CustomResourceOptions
- Bag of options to control resource's behavior.
- resource_name str
- The unique name of the resource.
- opts ResourceOptions
- A bag of options that control this resource's behavior.
- ctx Context
- Context object for the current deployment.
- name string
- The unique name of the resource.
- args EndpointArgs
- The arguments to resource properties.
- opts ResourceOption
- Bag of options to control resource's behavior.
- name string
- The unique name of the resource.
- args EndpointArgs
- The arguments to resource properties.
- opts CustomResourceOptions
- Bag of options to control resource's behavior.
Endpoint Resource Properties
To learn more about resource properties and how to use them, see Inputs and Outputs in the Programming Model docs.
Inputs
The Endpoint resource accepts the following input properties:
- Authentication
Options List<EndpointAuthentication Option Args> Information about the authentication method to be used to authenticate clients.
- Client
Cidr stringBlock The IPv4 address range, in CIDR notation, from which to assign client IP addresses. The address range cannot overlap with the local CIDR of the VPC in which the associated subnet is located, or the routes that you add manually. The address range cannot be changed after the Client VPN endpoint has been created. The CIDR block should be /22 or greater.
- Connection
Log EndpointOptions Connection Log Options Args Information about the client connection logging options.
- Server
Certificate stringArn The ARN of the ACM server certificate.
- Description string
Name of the repository.
- Dns
Servers List<string> Information about the DNS servers to be used for DNS resolution. A Client VPN endpoint can have up to two DNS servers. If no DNS server is specified, the DNS address of the VPC that is to be associated with Client VPN endpoint is used as the DNS server.
- Split
Tunnel bool Indicates whether split-tunnel is enabled on VPN endpoint. Default value is
false.- Dictionary<string, string>
A map of tags to assign to the resource.
- Transport
Protocol string The transport protocol to be used by the VPN session. Default value is
udp.
- Authentication
Options []EndpointAuthentication Option Information about the authentication method to be used to authenticate clients.
- Client
Cidr stringBlock The IPv4 address range, in CIDR notation, from which to assign client IP addresses. The address range cannot overlap with the local CIDR of the VPC in which the associated subnet is located, or the routes that you add manually. The address range cannot be changed after the Client VPN endpoint has been created. The CIDR block should be /22 or greater.
- Connection
Log EndpointOptions Connection Log Options Information about the client connection logging options.
- Server
Certificate stringArn The ARN of the ACM server certificate.
- Description string
Name of the repository.
- Dns
Servers []string Information about the DNS servers to be used for DNS resolution. A Client VPN endpoint can have up to two DNS servers. If no DNS server is specified, the DNS address of the VPC that is to be associated with Client VPN endpoint is used as the DNS server.
- Split
Tunnel bool Indicates whether split-tunnel is enabled on VPN endpoint. Default value is
false.- map[string]string
A map of tags to assign to the resource.
- Transport
Protocol string The transport protocol to be used by the VPN session. Default value is
udp.
- authentication
Options EndpointAuthentication Option[] Information about the authentication method to be used to authenticate clients.
- client
Cidr stringBlock The IPv4 address range, in CIDR notation, from which to assign client IP addresses. The address range cannot overlap with the local CIDR of the VPC in which the associated subnet is located, or the routes that you add manually. The address range cannot be changed after the Client VPN endpoint has been created. The CIDR block should be /22 or greater.
- connection
Log EndpointOptions Connection Log Options Information about the client connection logging options.
- server
Certificate stringArn The ARN of the ACM server certificate.
- description string
Name of the repository.
- dns
Servers string[] Information about the DNS servers to be used for DNS resolution. A Client VPN endpoint can have up to two DNS servers. If no DNS server is specified, the DNS address of the VPC that is to be associated with Client VPN endpoint is used as the DNS server.
- split
Tunnel boolean Indicates whether split-tunnel is enabled on VPN endpoint. Default value is
false.- {[key: string]: string}
A map of tags to assign to the resource.
- transport
Protocol string The transport protocol to be used by the VPN session. Default value is
udp.
- authentication_
options List[EndpointAuthentication Option] Information about the authentication method to be used to authenticate clients.
- client_
cidr_ strblock The IPv4 address range, in CIDR notation, from which to assign client IP addresses. The address range cannot overlap with the local CIDR of the VPC in which the associated subnet is located, or the routes that you add manually. The address range cannot be changed after the Client VPN endpoint has been created. The CIDR block should be /22 or greater.
- connection_
log_ Dict[Endpointoptions Connection Log Options] Information about the client connection logging options.
- server_
certificate_ strarn The ARN of the ACM server certificate.
- description str
Name of the repository.
- dns_
servers List[str] Information about the DNS servers to be used for DNS resolution. A Client VPN endpoint can have up to two DNS servers. If no DNS server is specified, the DNS address of the VPC that is to be associated with Client VPN endpoint is used as the DNS server.
- split_
tunnel bool Indicates whether split-tunnel is enabled on VPN endpoint. Default value is
false.- Dict[str, str]
A map of tags to assign to the resource.
- transport_
protocol str The transport protocol to be used by the VPN session. Default value is
udp.
Outputs
All input properties are implicitly available as output properties. Additionally, the Endpoint resource produces the following output properties:
Look up an Existing Endpoint Resource
Get an existing Endpoint resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.
public static get(name: string, id: Input<ID>, state?: EndpointState, opts?: CustomResourceOptions): Endpointstatic get(resource_name, id, opts=None, arn=None, authentication_options=None, client_cidr_block=None, connection_log_options=None, description=None, dns_name=None, dns_servers=None, server_certificate_arn=None, split_tunnel=None, status=None, tags=None, transport_protocol=None, __props__=None);func GetEndpoint(ctx *Context, name string, id IDInput, state *EndpointState, opts ...ResourceOption) (*Endpoint, error)public static Endpoint Get(string name, Input<string> id, EndpointState? state, CustomResourceOptions? opts = null)- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- resource_name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
The following state arguments are supported:
- Arn string
The ARN of the Client VPN endpoint.
- Authentication
Options List<EndpointAuthentication Option Args> Information about the authentication method to be used to authenticate clients.
- Client
Cidr stringBlock The IPv4 address range, in CIDR notation, from which to assign client IP addresses. The address range cannot overlap with the local CIDR of the VPC in which the associated subnet is located, or the routes that you add manually. The address range cannot be changed after the Client VPN endpoint has been created. The CIDR block should be /22 or greater.
- Connection
Log EndpointOptions Connection Log Options Args Information about the client connection logging options.
- Description string
Name of the repository.
- Dns
Name string The DNS name to be used by clients when establishing their VPN session.
- Dns
Servers List<string> Information about the DNS servers to be used for DNS resolution. A Client VPN endpoint can have up to two DNS servers. If no DNS server is specified, the DNS address of the VPC that is to be associated with Client VPN endpoint is used as the DNS server.
- Server
Certificate stringArn The ARN of the ACM server certificate.
- Split
Tunnel bool Indicates whether split-tunnel is enabled on VPN endpoint. Default value is
false.- Status string
The current state of the Client VPN endpoint.
- Dictionary<string, string>
A map of tags to assign to the resource.
- Transport
Protocol string The transport protocol to be used by the VPN session. Default value is
udp.
- Arn string
The ARN of the Client VPN endpoint.
- Authentication
Options []EndpointAuthentication Option Information about the authentication method to be used to authenticate clients.
- Client
Cidr stringBlock The IPv4 address range, in CIDR notation, from which to assign client IP addresses. The address range cannot overlap with the local CIDR of the VPC in which the associated subnet is located, or the routes that you add manually. The address range cannot be changed after the Client VPN endpoint has been created. The CIDR block should be /22 or greater.
- Connection
Log EndpointOptions Connection Log Options Information about the client connection logging options.
- Description string
Name of the repository.
- Dns
Name string The DNS name to be used by clients when establishing their VPN session.
- Dns
Servers []string Information about the DNS servers to be used for DNS resolution. A Client VPN endpoint can have up to two DNS servers. If no DNS server is specified, the DNS address of the VPC that is to be associated with Client VPN endpoint is used as the DNS server.
- Server
Certificate stringArn The ARN of the ACM server certificate.
- Split
Tunnel bool Indicates whether split-tunnel is enabled on VPN endpoint. Default value is
false.- Status string
The current state of the Client VPN endpoint.
- map[string]string
A map of tags to assign to the resource.
- Transport
Protocol string The transport protocol to be used by the VPN session. Default value is
udp.
- arn string
The ARN of the Client VPN endpoint.
- authentication
Options EndpointAuthentication Option[] Information about the authentication method to be used to authenticate clients.
- client
Cidr stringBlock The IPv4 address range, in CIDR notation, from which to assign client IP addresses. The address range cannot overlap with the local CIDR of the VPC in which the associated subnet is located, or the routes that you add manually. The address range cannot be changed after the Client VPN endpoint has been created. The CIDR block should be /22 or greater.
- connection
Log EndpointOptions Connection Log Options Information about the client connection logging options.
- description string
Name of the repository.
- dns
Name string The DNS name to be used by clients when establishing their VPN session.
- dns
Servers string[] Information about the DNS servers to be used for DNS resolution. A Client VPN endpoint can have up to two DNS servers. If no DNS server is specified, the DNS address of the VPC that is to be associated with Client VPN endpoint is used as the DNS server.
- server
Certificate stringArn The ARN of the ACM server certificate.
- split
Tunnel boolean Indicates whether split-tunnel is enabled on VPN endpoint. Default value is
false.- status string
The current state of the Client VPN endpoint.
- {[key: string]: string}
A map of tags to assign to the resource.
- transport
Protocol string The transport protocol to be used by the VPN session. Default value is
udp.
- arn str
The ARN of the Client VPN endpoint.
- authentication_
options List[EndpointAuthentication Option] Information about the authentication method to be used to authenticate clients.
- client_
cidr_ strblock The IPv4 address range, in CIDR notation, from which to assign client IP addresses. The address range cannot overlap with the local CIDR of the VPC in which the associated subnet is located, or the routes that you add manually. The address range cannot be changed after the Client VPN endpoint has been created. The CIDR block should be /22 or greater.
- connection_
log_ Dict[Endpointoptions Connection Log Options] Information about the client connection logging options.
- description str
Name of the repository.
- dns_
name str The DNS name to be used by clients when establishing their VPN session.
- dns_
servers List[str] Information about the DNS servers to be used for DNS resolution. A Client VPN endpoint can have up to two DNS servers. If no DNS server is specified, the DNS address of the VPC that is to be associated with Client VPN endpoint is used as the DNS server.
- server_
certificate_ strarn The ARN of the ACM server certificate.
- split_
tunnel bool Indicates whether split-tunnel is enabled on VPN endpoint. Default value is
false.- status str
The current state of the Client VPN endpoint.
- Dict[str, str]
A map of tags to assign to the resource.
- transport_
protocol str The transport protocol to be used by the VPN session. Default value is
udp.
Supporting Types
EndpointAuthenticationOption
- Type string
The type of client authentication to be used. Specify
certificate-authenticationto use certificate-based authentication, ordirectory-service-authenticationto use Active Directory authentication.- Active
Directory stringId The ID of the Active Directory to be used for authentication if type is
directory-service-authentication.- Root
Certificate stringChain Arn The ARN of the client certificate. The certificate must be signed by a certificate authority (CA) and it must be provisioned in AWS Certificate Manager (ACM). Only necessary when type is set to
certificate-authentication.
- Type string
The type of client authentication to be used. Specify
certificate-authenticationto use certificate-based authentication, ordirectory-service-authenticationto use Active Directory authentication.- Active
Directory stringId The ID of the Active Directory to be used for authentication if type is
directory-service-authentication.- Root
Certificate stringChain Arn The ARN of the client certificate. The certificate must be signed by a certificate authority (CA) and it must be provisioned in AWS Certificate Manager (ACM). Only necessary when type is set to
certificate-authentication.
- type string
The type of client authentication to be used. Specify
certificate-authenticationto use certificate-based authentication, ordirectory-service-authenticationto use Active Directory authentication.- active
Directory stringId The ID of the Active Directory to be used for authentication if type is
directory-service-authentication.- root
Certificate stringChain Arn The ARN of the client certificate. The certificate must be signed by a certificate authority (CA) and it must be provisioned in AWS Certificate Manager (ACM). Only necessary when type is set to
certificate-authentication.
- type str
The type of client authentication to be used. Specify
certificate-authenticationto use certificate-based authentication, ordirectory-service-authenticationto use Active Directory authentication.- active_
directory_ strid The ID of the Active Directory to be used for authentication if type is
directory-service-authentication.- root
Certificate strChain Arn The ARN of the client certificate. The certificate must be signed by a certificate authority (CA) and it must be provisioned in AWS Certificate Manager (ACM). Only necessary when type is set to
certificate-authentication.
EndpointConnectionLogOptions
- Enabled bool
Indicates whether connection logging is enabled.
- Cloudwatch
Log stringGroup The name of the CloudWatch Logs log group.
- Cloudwatch
Log stringStream The name of the CloudWatch Logs log stream to which the connection data is published.
- Enabled bool
Indicates whether connection logging is enabled.
- Cloudwatch
Log stringGroup The name of the CloudWatch Logs log group.
- Cloudwatch
Log stringStream The name of the CloudWatch Logs log stream to which the connection data is published.
- enabled boolean
Indicates whether connection logging is enabled.
- cloudwatch
Log stringGroup The name of the CloudWatch Logs log group.
- cloudwatch
Log stringStream The name of the CloudWatch Logs log stream to which the connection data is published.
- enabled bool
Indicates whether connection logging is enabled.
- cloudwatch
Log strGroup The name of the CloudWatch Logs log group.
- cloudwatch
Log strStream The name of the CloudWatch Logs log stream to which the connection data is published.
Package Details
- Repository
- https://github.com/pulumi/pulumi-aws
- License
- Apache-2.0
- Notes
- This Pulumi package is based on the
awsTerraform Provider.