1. Docs
  2. Reference
  3. API
  4. pulumi_aws
  5. ec2clientvpn

This page documents the language specification for the aws package. If you're looking for help working with the inputs, outputs, or functions of aws resources in a Pulumi program, please see the resource documentation for examples and API reference.

ec2clientvpn

This provider is a derived work of the Terraform Provider distributed under MPL 2.0. If you encounter a bug or missing feature, first check the pulumi/pulumi-aws repo; however, if that doesn’t turn up anything, please consult the source terraform-providers/terraform-provider-aws repo.

class pulumi_aws.ec2clientvpn.Endpoint(resource_name, opts=None, authentication_options=None, client_cidr_block=None, connection_log_options=None, description=None, dns_servers=None, server_certificate_arn=None, split_tunnel=None, tags=None, transport_protocol=None, __props__=None, __name__=None, __opts__=None)

Provides an AWS Client VPN endpoint for OpenVPN clients. For more information on usage, please see the AWS Client VPN Administrator’s Guide.

import pulumi
import pulumi_aws as aws

example = aws.ec2clientvpn.Endpoint("example",
    authentication_options=[{
        "rootCertificateChainArn": aws_acm_certificate["root_cert"]["arn"],
        "type": "certificate-authentication",
    }],
    client_cidr_block="10.0.0.0/16",
    connection_log_options={
        "cloudwatchLogGroup": aws_cloudwatch_log_group["lg"]["name"],
        "cloudwatchLogStream": aws_cloudwatch_log_stream["ls"]["name"],
        "enabled": True,
    },
    description="clientvpn-example",
    server_certificate_arn=aws_acm_certificate["cert"]["arn"])
Parameters

  • resource_name (str) – The name of the resource.

  • opts (pulumi.ResourceOptions) – Options for the resource.

  • authentication_options (pulumi.Input[list]) – Information about the authentication method to be used to authenticate clients.

  • client_cidr_block (pulumi.Input[str]) – The IPv4 address range, in CIDR notation, from which to assign client IP addresses. The address range cannot overlap with the local CIDR of the VPC in which the associated subnet is located, or the routes that you add manually. The address range cannot be changed after the Client VPN endpoint has been created. The CIDR block should be /22 or greater.

  • connection_log_options (pulumi.Input[dict]) – Information about the client connection logging options.

  • description (pulumi.Input[str]) – Name of the repository.

  • dns_servers (pulumi.Input[list]) – Information about the DNS servers to be used for DNS resolution. A Client VPN endpoint can have up to two DNS servers. If no DNS server is specified, the DNS address of the VPC that is to be associated with Client VPN endpoint is used as the DNS server.

  • server_certificate_arn (pulumi.Input[str]) – The ARN of the ACM server certificate.

  • split_tunnel (pulumi.Input[bool]) – Indicates whether split-tunnel is enabled on VPN endpoint. Default value is false.

  • tags (pulumi.Input[dict]) – A map of tags to assign to the resource.

  • transport_protocol (pulumi.Input[str]) – The transport protocol to be used by the VPN session. Default value is udp.

The authentication_options object supports the following:

  • active_directory_id (pulumi.Input[str]) - The ID of the Active Directory to be used for authentication if type is directory-service-authentication.

  • rootCertificateChainArn (pulumi.Input[str]) - The ARN of the client certificate. The certificate must be signed by a certificate authority (CA) and it must be provisioned in AWS Certificate Manager (ACM). Only necessary when type is set to certificate-authentication.

  • type (pulumi.Input[str]) - The type of client authentication to be used. Specify certificate-authentication to use certificate-based authentication, or directory-service-authentication to use Active Directory authentication.

The connection_log_options object supports the following:

  • cloudwatchLogGroup (pulumi.Input[str]) - The name of the CloudWatch Logs log group.

  • cloudwatchLogStream (pulumi.Input[str]) - The name of the CloudWatch Logs log stream to which the connection data is published.

  • enabled (pulumi.Input[bool]) - Indicates whether connection logging is enabled.

arn: pulumi.Output[str] = None

The ARN of the Client VPN endpoint.

authentication_options: pulumi.Output[list] = None

Information about the authentication method to be used to authenticate clients.

  • active_directory_id (str) - The ID of the Active Directory to be used for authentication if type is directory-service-authentication.

  • rootCertificateChainArn (str) - The ARN of the client certificate. The certificate must be signed by a certificate authority (CA) and it must be provisioned in AWS Certificate Manager (ACM). Only necessary when type is set to certificate-authentication.

  • type (str) - The type of client authentication to be used. Specify certificate-authentication to use certificate-based authentication, or directory-service-authentication to use Active Directory authentication.

client_cidr_block: pulumi.Output[str] = None

The IPv4 address range, in CIDR notation, from which to assign client IP addresses. The address range cannot overlap with the local CIDR of the VPC in which the associated subnet is located, or the routes that you add manually. The address range cannot be changed after the Client VPN endpoint has been created. The CIDR block should be /22 or greater.

connection_log_options: pulumi.Output[dict] = None

Information about the client connection logging options.

  • cloudwatchLogGroup (str) - The name of the CloudWatch Logs log group.

  • cloudwatchLogStream (str) - The name of the CloudWatch Logs log stream to which the connection data is published.

  • enabled (bool) - Indicates whether connection logging is enabled.

description: pulumi.Output[str] = None

Name of the repository.

dns_name: pulumi.Output[str] = None

The DNS name to be used by clients when establishing their VPN session.

dns_servers: pulumi.Output[list] = None

Information about the DNS servers to be used for DNS resolution. A Client VPN endpoint can have up to two DNS servers. If no DNS server is specified, the DNS address of the VPC that is to be associated with Client VPN endpoint is used as the DNS server.

server_certificate_arn: pulumi.Output[str] = None

The ARN of the ACM server certificate.

split_tunnel: pulumi.Output[bool] = None

Indicates whether split-tunnel is enabled on VPN endpoint. Default value is false.

status: pulumi.Output[str] = None

The current state of the Client VPN endpoint.

tags: pulumi.Output[dict] = None

A map of tags to assign to the resource.

transport_protocol: pulumi.Output[str] = None

The transport protocol to be used by the VPN session. Default value is udp.

static get(resource_name, id, opts=None, arn=None, authentication_options=None, client_cidr_block=None, connection_log_options=None, description=None, dns_name=None, dns_servers=None, server_certificate_arn=None, split_tunnel=None, status=None, tags=None, transport_protocol=None)

Get an existing Endpoint resource’s state with the given name, id, and optional extra properties used to qualify the lookup.

Parameters

  • resource_name (str) – The unique name of the resulting resource.

  • id (str) – The unique provider ID of the resource to lookup.

  • opts (pulumi.ResourceOptions) – Options for the resource.

  • arn (pulumi.Input[str]) – The ARN of the Client VPN endpoint.

  • authentication_options (pulumi.Input[list]) – Information about the authentication method to be used to authenticate clients.

  • client_cidr_block (pulumi.Input[str]) – The IPv4 address range, in CIDR notation, from which to assign client IP addresses. The address range cannot overlap with the local CIDR of the VPC in which the associated subnet is located, or the routes that you add manually. The address range cannot be changed after the Client VPN endpoint has been created. The CIDR block should be /22 or greater.

  • connection_log_options (pulumi.Input[dict]) – Information about the client connection logging options.

  • description (pulumi.Input[str]) – Name of the repository.

  • dns_name (pulumi.Input[str]) – The DNS name to be used by clients when establishing their VPN session.

  • dns_servers (pulumi.Input[list]) – Information about the DNS servers to be used for DNS resolution. A Client VPN endpoint can have up to two DNS servers. If no DNS server is specified, the DNS address of the VPC that is to be associated with Client VPN endpoint is used as the DNS server.

  • server_certificate_arn (pulumi.Input[str]) – The ARN of the ACM server certificate.

  • split_tunnel (pulumi.Input[bool]) – Indicates whether split-tunnel is enabled on VPN endpoint. Default value is false.

  • status (pulumi.Input[str]) – The current state of the Client VPN endpoint.

  • tags (pulumi.Input[dict]) – A map of tags to assign to the resource.

  • transport_protocol (pulumi.Input[str]) – The transport protocol to be used by the VPN session. Default value is udp.

The authentication_options object supports the following:

  • active_directory_id (pulumi.Input[str]) - The ID of the Active Directory to be used for authentication if type is directory-service-authentication.

  • rootCertificateChainArn (pulumi.Input[str]) - The ARN of the client certificate. The certificate must be signed by a certificate authority (CA) and it must be provisioned in AWS Certificate Manager (ACM). Only necessary when type is set to certificate-authentication.

  • type (pulumi.Input[str]) - The type of client authentication to be used. Specify certificate-authentication to use certificate-based authentication, or directory-service-authentication to use Active Directory authentication.

The connection_log_options object supports the following:

  • cloudwatchLogGroup (pulumi.Input[str]) - The name of the CloudWatch Logs log group.

  • cloudwatchLogStream (pulumi.Input[str]) - The name of the CloudWatch Logs log stream to which the connection data is published.

  • enabled (pulumi.Input[bool]) - Indicates whether connection logging is enabled.

translate_output_property(prop)

Provides subclasses of Resource an opportunity to translate names of output properties into a format of their choosing before writing those properties to the resource object.

Parameters

prop (str) – A property name.

Returns

A potentially transformed property name.

Return type

str

translate_input_property(prop)

Provides subclasses of Resource an opportunity to translate names of input properties into a format of their choosing before sending those properties to the Pulumi engine.

Parameters

prop (str) – A property name.

Returns

A potentially transformed property name.

Return type

str

class pulumi_aws.ec2clientvpn.NetworkAssociation(resource_name, opts=None, client_vpn_endpoint_id=None, subnet_id=None, __props__=None, __name__=None, __opts__=None)

Provides network associations for AWS Client VPN endpoints. For more information on usage, please see the AWS Client VPN Administrator’s Guide.

import pulumi
import pulumi_aws as aws

example = aws.ec2clientvpn.NetworkAssociation("example",
    client_vpn_endpoint_id=aws_ec2_client_vpn_endpoint["example"]["id"],
    subnet_id=aws_subnet["example"]["id"])
Parameters

  • resource_name (str) – The name of the resource.

  • opts (pulumi.ResourceOptions) – Options for the resource.

  • client_vpn_endpoint_id (pulumi.Input[str]) – The ID of the Client VPN endpoint.

  • subnet_id (pulumi.Input[str]) – The ID of the subnet to associate with the Client VPN endpoint.

client_vpn_endpoint_id: pulumi.Output[str] = None

The ID of the Client VPN endpoint.

security_groups: pulumi.Output[list] = None

The IDs of the security groups applied to the target network association.

status: pulumi.Output[str] = None

The current state of the target network association.

subnet_id: pulumi.Output[str] = None

The ID of the subnet to associate with the Client VPN endpoint.

vpc_id: pulumi.Output[str] = None

The ID of the VPC in which the target network (subnet) is located.

static get(resource_name, id, opts=None, client_vpn_endpoint_id=None, security_groups=None, status=None, subnet_id=None, vpc_id=None)

Get an existing NetworkAssociation resource’s state with the given name, id, and optional extra properties used to qualify the lookup.

Parameters

  • resource_name (str) – The unique name of the resulting resource.

  • id (str) – The unique provider ID of the resource to lookup.

  • opts (pulumi.ResourceOptions) – Options for the resource.

  • client_vpn_endpoint_id (pulumi.Input[str]) – The ID of the Client VPN endpoint.

  • security_groups (pulumi.Input[list]) – The IDs of the security groups applied to the target network association.

  • status (pulumi.Input[str]) – The current state of the target network association.

  • subnet_id (pulumi.Input[str]) – The ID of the subnet to associate with the Client VPN endpoint.

  • vpc_id (pulumi.Input[str]) – The ID of the VPC in which the target network (subnet) is located.

translate_output_property(prop)

Provides subclasses of Resource an opportunity to translate names of output properties into a format of their choosing before writing those properties to the resource object.

Parameters

prop (str) – A property name.

Returns

A potentially transformed property name.

Return type

str

translate_input_property(prop)

Provides subclasses of Resource an opportunity to translate names of input properties into a format of their choosing before sending those properties to the Pulumi engine.

Parameters

prop (str) – A property name.

Returns

A potentially transformed property name.

Return type

str