AWS Classic

Pulumi Official
Package maintained by Pulumi
v5.10.0 published on Monday, Jul 11, 2022 by Pulumi

Endpoint

Provides an AWS Client VPN endpoint for OpenVPN clients. For more information on usage, please see the AWS Client VPN Administrator’s Guide.

NOTE on Client VPN endpoint target network security groups: this provider provides both a standalone Client VPN endpoint network association resource with a (deprecated) security_groups argument and a Client VPN endpoint resource with a security_group_ids argument. Do not specify security groups in both resources. Doing so will cause a conflict and will overwrite the target network security group association.

Example Usage

using Pulumi;
using Aws = Pulumi.Aws;

class MyStack : Stack
{
    public MyStack()
    {
        var example = new Aws.Ec2ClientVpn.Endpoint("example", new Aws.Ec2ClientVpn.EndpointArgs
        {
            Description = "clientvpn-example",
            ServerCertificateArn = aws_acm_certificate.Cert.Arn,
            ClientCidrBlock = "10.0.0.0/16",
            AuthenticationOptions = 
            {
                new Aws.Ec2ClientVpn.Inputs.EndpointAuthenticationOptionArgs
                {
                    Type = "certificate-authentication",
                    RootCertificateChainArn = aws_acm_certificate.Root_cert.Arn,
                },
            },
            ConnectionLogOptions = new Aws.Ec2ClientVpn.Inputs.EndpointConnectionLogOptionsArgs
            {
                Enabled = true,
                CloudwatchLogGroup = aws_cloudwatch_log_group.Lg.Name,
                CloudwatchLogStream = aws_cloudwatch_log_stream.Ls.Name,
            },
        });
    }

}
package main

import (
	"github.com/pulumi/pulumi-aws/sdk/v5/go/aws/ec2clientvpn"
	"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)

func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		_, err := ec2clientvpn.NewEndpoint(ctx, "example", &ec2clientvpn.EndpointArgs{
			Description:          pulumi.String("clientvpn-example"),
			ServerCertificateArn: pulumi.Any(aws_acm_certificate.Cert.Arn),
			ClientCidrBlock:      pulumi.String("10.0.0.0/16"),
			AuthenticationOptions: ec2clientvpn.EndpointAuthenticationOptionArray{
				&ec2clientvpn.EndpointAuthenticationOptionArgs{
					Type:                    pulumi.String("certificate-authentication"),
					RootCertificateChainArn: pulumi.Any(aws_acm_certificate.Root_cert.Arn),
				},
			},
			ConnectionLogOptions: &ec2clientvpn.EndpointConnectionLogOptionsArgs{
				Enabled:             pulumi.Bool(true),
				CloudwatchLogGroup:  pulumi.Any(aws_cloudwatch_log_group.Lg.Name),
				CloudwatchLogStream: pulumi.Any(aws_cloudwatch_log_stream.Ls.Name),
			},
		})
		if err != nil {
			return err
		}
		return nil
	})
}
package generated_program;

import java.util.*;
import java.io.*;
import java.nio.*;
import com.pulumi.*;

public class App {
    public static void main(String[] args) {
        Pulumi.run(App::stack);
    }

    public static void stack(Context ctx) {
        var example = new Endpoint("example", EndpointArgs.builder()        
            .description("clientvpn-example")
            .serverCertificateArn(aws_acm_certificate.cert().arn())
            .clientCidrBlock("10.0.0.0/16")
            .authenticationOptions(EndpointAuthenticationOptionArgs.builder()
                .type("certificate-authentication")
                .rootCertificateChainArn(aws_acm_certificate.root_cert().arn())
                .build())
            .connectionLogOptions(EndpointConnectionLogOptionsArgs.builder()
                .enabled(true)
                .cloudwatchLogGroup(aws_cloudwatch_log_group.lg().name())
                .cloudwatchLogStream(aws_cloudwatch_log_stream.ls().name())
                .build())
            .build());

    }
}
import pulumi
import pulumi_aws as aws

example = aws.ec2clientvpn.Endpoint("example",
    description="clientvpn-example",
    server_certificate_arn=aws_acm_certificate["cert"]["arn"],
    client_cidr_block="10.0.0.0/16",
    authentication_options=[aws.ec2clientvpn.EndpointAuthenticationOptionArgs(
        type="certificate-authentication",
        root_certificate_chain_arn=aws_acm_certificate["root_cert"]["arn"],
    )],
    connection_log_options=aws.ec2clientvpn.EndpointConnectionLogOptionsArgs(
        enabled=True,
        cloudwatch_log_group=aws_cloudwatch_log_group["lg"]["name"],
        cloudwatch_log_stream=aws_cloudwatch_log_stream["ls"]["name"],
    ))
import * as pulumi from "@pulumi/pulumi";
import * as aws from "@pulumi/aws";

const example = new aws.ec2clientvpn.Endpoint("example", {
    description: "clientvpn-example",
    serverCertificateArn: aws_acm_certificate.cert.arn,
    clientCidrBlock: "10.0.0.0/16",
    authenticationOptions: [{
        type: "certificate-authentication",
        rootCertificateChainArn: aws_acm_certificate.root_cert.arn,
    }],
    connectionLogOptions: {
        enabled: true,
        cloudwatchLogGroup: aws_cloudwatch_log_group.lg.name,
        cloudwatchLogStream: aws_cloudwatch_log_stream.ls.name,
    },
});
resources:
  example:
    type: aws:ec2clientvpn:Endpoint
    properties:
      description: clientvpn-example
      serverCertificateArn: ${aws_acm_certificate.cert.arn}
      clientCidrBlock: 10.0.0.0/16
      authenticationOptions:
        - type: certificate-authentication
          rootCertificateChainArn: ${aws_acm_certificate.root_cert.arn}
      connectionLogOptions:
        enabled: true
        cloudwatchLogGroup: ${aws_cloudwatch_log_group.lg.name}
        cloudwatchLogStream: ${aws_cloudwatch_log_stream.ls.name}

Create a Endpoint Resource

new Endpoint(name: string, args: EndpointArgs, opts?: CustomResourceOptions);
@overload
def Endpoint(resource_name: str,
             opts: Optional[ResourceOptions] = None,
             authentication_options: Optional[Sequence[EndpointAuthenticationOptionArgs]] = None,
             client_cidr_block: Optional[str] = None,
             client_connect_options: Optional[EndpointClientConnectOptionsArgs] = None,
             client_login_banner_options: Optional[EndpointClientLoginBannerOptionsArgs] = None,
             connection_log_options: Optional[EndpointConnectionLogOptionsArgs] = None,
             description: Optional[str] = None,
             dns_servers: Optional[Sequence[str]] = None,
             security_group_ids: Optional[Sequence[str]] = None,
             self_service_portal: Optional[str] = None,
             server_certificate_arn: Optional[str] = None,
             session_timeout_hours: Optional[int] = None,
             split_tunnel: Optional[bool] = None,
             tags: Optional[Mapping[str, str]] = None,
             transport_protocol: Optional[str] = None,
             vpc_id: Optional[str] = None,
             vpn_port: Optional[int] = None)
@overload
def Endpoint(resource_name: str,
             args: EndpointArgs,
             opts: Optional[ResourceOptions] = None)
func NewEndpoint(ctx *Context, name string, args EndpointArgs, opts ...ResourceOption) (*Endpoint, error)
public Endpoint(string name, EndpointArgs args, CustomResourceOptions? opts = null)
public Endpoint(String name, EndpointArgs args)
public Endpoint(String name, EndpointArgs args, CustomResourceOptions options)
type: aws:ec2clientvpn:Endpoint
properties: # The arguments to resource properties.
options: # Bag of options to control resource's behavior.

name string
The unique name of the resource.
args EndpointArgs
The arguments to resource properties.
opts CustomResourceOptions
Bag of options to control resource's behavior.
resource_name str
The unique name of the resource.
args EndpointArgs
The arguments to resource properties.
opts ResourceOptions
Bag of options to control resource's behavior.
ctx Context
Context object for the current deployment.
name string
The unique name of the resource.
args EndpointArgs
The arguments to resource properties.
opts ResourceOption
Bag of options to control resource's behavior.
name string
The unique name of the resource.
args EndpointArgs
The arguments to resource properties.
opts CustomResourceOptions
Bag of options to control resource's behavior.
name String
The unique name of the resource.
args EndpointArgs
The arguments to resource properties.
options CustomResourceOptions
Bag of options to control resource's behavior.

Endpoint Resource Properties

To learn more about resource properties and how to use them, see Inputs and Outputs in the Architecture and Concepts docs.

Inputs

The Endpoint resource accepts the following input properties:

AuthenticationOptions List<EndpointAuthenticationOptionArgs>

Information about the authentication method to be used to authenticate clients.

ClientCidrBlock string

The IPv4 address range, in CIDR notation, from which to assign client IP addresses. The address range cannot overlap with the local CIDR of the VPC in which the associated subnet is located, or the routes that you add manually. The address range cannot be changed after the Client VPN endpoint has been created. The CIDR block should be /22 or greater.

ConnectionLogOptions EndpointConnectionLogOptionsArgs

Information about the client connection logging options.

ServerCertificateArn string

The ARN of the ACM server certificate.

ClientConnectOptions EndpointClientConnectOptionsArgs

The options for managing connection authorization for new client connections.

ClientLoginBannerOptions EndpointClientLoginBannerOptionsArgs

Options for enabling a customizable text banner that will be displayed on AWS provided clients when a VPN session is established.

Description string

A brief description of the Client VPN endpoint.

DnsServers List<string>

Information about the DNS servers to be used for DNS resolution. A Client VPN endpoint can have up to two DNS servers. If no DNS server is specified, the DNS address of the connecting device is used.

SecurityGroupIds List<string>

The IDs of one or more security groups to apply to the target network. You must also specify the ID of the VPC that contains the security groups.

SelfServicePortal string

Specify whether to enable the self-service portal for the Client VPN endpoint. Values can be enabled or disabled. Default value is disabled.

SessionTimeoutHours int

The maximum session duration is a trigger by which end-users are required to re-authenticate prior to establishing a VPN session. Default value is 24 - Valid values: 8 | 10 | 12 | 24

SplitTunnel bool

Indicates whether split-tunnel is enabled on VPN endpoint. Default value is false.

Tags Dictionary<string, string>

A mapping of tags to assign to the resource. If configured with a provider default_tags configuration block present, tags with matching keys will overwrite those defined at the provider-level.

TransportProtocol string

The transport protocol to be used by the VPN session. Default value is udp.

VpcId string

The ID of the VPC to associate with the Client VPN endpoint. If no security group IDs are specified in the request, the default security group for the VPC is applied.

VpnPort int

The port number for the Client VPN endpoint. Valid values are 443 and 1194. Default value is 443.

AuthenticationOptions []EndpointAuthenticationOptionArgs

Information about the authentication method to be used to authenticate clients.

ClientCidrBlock string

The IPv4 address range, in CIDR notation, from which to assign client IP addresses. The address range cannot overlap with the local CIDR of the VPC in which the associated subnet is located, or the routes that you add manually. The address range cannot be changed after the Client VPN endpoint has been created. The CIDR block should be /22 or greater.

ConnectionLogOptions EndpointConnectionLogOptionsArgs

Information about the client connection logging options.

ServerCertificateArn string

The ARN of the ACM server certificate.

ClientConnectOptions EndpointClientConnectOptionsArgs

The options for managing connection authorization for new client connections.

ClientLoginBannerOptions EndpointClientLoginBannerOptionsArgs

Options for enabling a customizable text banner that will be displayed on AWS provided clients when a VPN session is established.

Description string

A brief description of the Client VPN endpoint.

DnsServers []string

Information about the DNS servers to be used for DNS resolution. A Client VPN endpoint can have up to two DNS servers. If no DNS server is specified, the DNS address of the connecting device is used.

SecurityGroupIds []string

The IDs of one or more security groups to apply to the target network. You must also specify the ID of the VPC that contains the security groups.

SelfServicePortal string

Specify whether to enable the self-service portal for the Client VPN endpoint. Values can be enabled or disabled. Default value is disabled.

SessionTimeoutHours int

The maximum session duration is a trigger by which end-users are required to re-authenticate prior to establishing a VPN session. Default value is 24 - Valid values: 8 | 10 | 12 | 24

SplitTunnel bool

Indicates whether split-tunnel is enabled on VPN endpoint. Default value is false.

Tags map[string]string

A mapping of tags to assign to the resource. If configured with a provider default_tags configuration block present, tags with matching keys will overwrite those defined at the provider-level.

TransportProtocol string

The transport protocol to be used by the VPN session. Default value is udp.

VpcId string

The ID of the VPC to associate with the Client VPN endpoint. If no security group IDs are specified in the request, the default security group for the VPC is applied.

VpnPort int

The port number for the Client VPN endpoint. Valid values are 443 and 1194. Default value is 443.

authenticationOptions List<EndpointAuthenticationOptionArgs>

Information about the authentication method to be used to authenticate clients.

clientCidrBlock String

The IPv4 address range, in CIDR notation, from which to assign client IP addresses. The address range cannot overlap with the local CIDR of the VPC in which the associated subnet is located, or the routes that you add manually. The address range cannot be changed after the Client VPN endpoint has been created. The CIDR block should be /22 or greater.

connectionLogOptions EndpointConnectionLogOptionsArgs

Information about the client connection logging options.

serverCertificateArn String

The ARN of the ACM server certificate.

clientConnectOptions EndpointClientConnectOptionsArgs

The options for managing connection authorization for new client connections.

clientLoginBannerOptions EndpointClientLoginBannerOptionsArgs

Options for enabling a customizable text banner that will be displayed on AWS provided clients when a VPN session is established.

description String

A brief description of the Client VPN endpoint.

dnsServers List<String>

Information about the DNS servers to be used for DNS resolution. A Client VPN endpoint can have up to two DNS servers. If no DNS server is specified, the DNS address of the connecting device is used.

securityGroupIds List<String>

The IDs of one or more security groups to apply to the target network. You must also specify the ID of the VPC that contains the security groups.

selfServicePortal String

Specify whether to enable the self-service portal for the Client VPN endpoint. Values can be enabled or disabled. Default value is disabled.

sessionTimeoutHours Integer

The maximum session duration is a trigger by which end-users are required to re-authenticate prior to establishing a VPN session. Default value is 24 - Valid values: 8 | 10 | 12 | 24

splitTunnel Boolean

Indicates whether split-tunnel is enabled on VPN endpoint. Default value is false.

tags Map<String,String>

A mapping of tags to assign to the resource. If configured with a provider default_tags configuration block present, tags with matching keys will overwrite those defined at the provider-level.

transportProtocol String

The transport protocol to be used by the VPN session. Default value is udp.

vpcId String

The ID of the VPC to associate with the Client VPN endpoint. If no security group IDs are specified in the request, the default security group for the VPC is applied.

vpnPort Integer

The port number for the Client VPN endpoint. Valid values are 443 and 1194. Default value is 443.

authenticationOptions EndpointAuthenticationOptionArgs[]

Information about the authentication method to be used to authenticate clients.

clientCidrBlock string

The IPv4 address range, in CIDR notation, from which to assign client IP addresses. The address range cannot overlap with the local CIDR of the VPC in which the associated subnet is located, or the routes that you add manually. The address range cannot be changed after the Client VPN endpoint has been created. The CIDR block should be /22 or greater.

connectionLogOptions EndpointConnectionLogOptionsArgs

Information about the client connection logging options.

serverCertificateArn string

The ARN of the ACM server certificate.

clientConnectOptions EndpointClientConnectOptionsArgs

The options for managing connection authorization for new client connections.

clientLoginBannerOptions EndpointClientLoginBannerOptionsArgs

Options for enabling a customizable text banner that will be displayed on AWS provided clients when a VPN session is established.

description string

A brief description of the Client VPN endpoint.

dnsServers string[]

Information about the DNS servers to be used for DNS resolution. A Client VPN endpoint can have up to two DNS servers. If no DNS server is specified, the DNS address of the connecting device is used.

securityGroupIds string[]

The IDs of one or more security groups to apply to the target network. You must also specify the ID of the VPC that contains the security groups.

selfServicePortal string

Specify whether to enable the self-service portal for the Client VPN endpoint. Values can be enabled or disabled. Default value is disabled.

sessionTimeoutHours number

The maximum session duration is a trigger by which end-users are required to re-authenticate prior to establishing a VPN session. Default value is 24 - Valid values: 8 | 10 | 12 | 24

splitTunnel boolean

Indicates whether split-tunnel is enabled on VPN endpoint. Default value is false.

tags {[key: string]: string}

A mapping of tags to assign to the resource. If configured with a provider default_tags configuration block present, tags with matching keys will overwrite those defined at the provider-level.

transportProtocol string

The transport protocol to be used by the VPN session. Default value is udp.

vpcId string

The ID of the VPC to associate with the Client VPN endpoint. If no security group IDs are specified in the request, the default security group for the VPC is applied.

vpnPort number

The port number for the Client VPN endpoint. Valid values are 443 and 1194. Default value is 443.

authentication_options Sequence[EndpointAuthenticationOptionArgs]

Information about the authentication method to be used to authenticate clients.

client_cidr_block str

The IPv4 address range, in CIDR notation, from which to assign client IP addresses. The address range cannot overlap with the local CIDR of the VPC in which the associated subnet is located, or the routes that you add manually. The address range cannot be changed after the Client VPN endpoint has been created. The CIDR block should be /22 or greater.

connection_log_options EndpointConnectionLogOptionsArgs

Information about the client connection logging options.

server_certificate_arn str

The ARN of the ACM server certificate.

client_connect_options EndpointClientConnectOptionsArgs

The options for managing connection authorization for new client connections.

client_login_banner_options EndpointClientLoginBannerOptionsArgs

Options for enabling a customizable text banner that will be displayed on AWS provided clients when a VPN session is established.

description str

A brief description of the Client VPN endpoint.

dns_servers Sequence[str]

Information about the DNS servers to be used for DNS resolution. A Client VPN endpoint can have up to two DNS servers. If no DNS server is specified, the DNS address of the connecting device is used.

security_group_ids Sequence[str]

The IDs of one or more security groups to apply to the target network. You must also specify the ID of the VPC that contains the security groups.

self_service_portal str

Specify whether to enable the self-service portal for the Client VPN endpoint. Values can be enabled or disabled. Default value is disabled.

session_timeout_hours int

The maximum session duration is a trigger by which end-users are required to re-authenticate prior to establishing a VPN session. Default value is 24 - Valid values: 8 | 10 | 12 | 24

split_tunnel bool

Indicates whether split-tunnel is enabled on VPN endpoint. Default value is false.

tags Mapping[str, str]

A mapping of tags to assign to the resource. If configured with a provider default_tags configuration block present, tags with matching keys will overwrite those defined at the provider-level.

transport_protocol str

The transport protocol to be used by the VPN session. Default value is udp.

vpc_id str

The ID of the VPC to associate with the Client VPN endpoint. If no security group IDs are specified in the request, the default security group for the VPC is applied.

vpn_port int

The port number for the Client VPN endpoint. Valid values are 443 and 1194. Default value is 443.

authenticationOptions List<Property Map>

Information about the authentication method to be used to authenticate clients.

clientCidrBlock String

The IPv4 address range, in CIDR notation, from which to assign client IP addresses. The address range cannot overlap with the local CIDR of the VPC in which the associated subnet is located, or the routes that you add manually. The address range cannot be changed after the Client VPN endpoint has been created. The CIDR block should be /22 or greater.

connectionLogOptions Property Map

Information about the client connection logging options.

serverCertificateArn String

The ARN of the ACM server certificate.

clientConnectOptions Property Map

The options for managing connection authorization for new client connections.

clientLoginBannerOptions Property Map

Options for enabling a customizable text banner that will be displayed on AWS provided clients when a VPN session is established.

description String

A brief description of the Client VPN endpoint.

dnsServers List<String>

Information about the DNS servers to be used for DNS resolution. A Client VPN endpoint can have up to two DNS servers. If no DNS server is specified, the DNS address of the connecting device is used.

securityGroupIds List<String>

The IDs of one or more security groups to apply to the target network. You must also specify the ID of the VPC that contains the security groups.

selfServicePortal String

Specify whether to enable the self-service portal for the Client VPN endpoint. Values can be enabled or disabled. Default value is disabled.

sessionTimeoutHours Number

The maximum session duration is a trigger by which end-users are required to re-authenticate prior to establishing a VPN session. Default value is 24 - Valid values: 8 | 10 | 12 | 24

splitTunnel Boolean

Indicates whether split-tunnel is enabled on VPN endpoint. Default value is false.

tags Map<String>

A mapping of tags to assign to the resource. If configured with a provider default_tags configuration block present, tags with matching keys will overwrite those defined at the provider-level.

transportProtocol String

The transport protocol to be used by the VPN session. Default value is udp.

vpcId String

The ID of the VPC to associate with the Client VPN endpoint. If no security group IDs are specified in the request, the default security group for the VPC is applied.

vpnPort Number

The port number for the Client VPN endpoint. Valid values are 443 and 1194. Default value is 443.

Outputs

All input properties are implicitly available as output properties. Additionally, the Endpoint resource produces the following output properties:

Arn string

The ARN of the Client VPN endpoint.

DnsName string

The DNS name to be used by clients when establishing their VPN session.

Id string

The provider-assigned unique ID for this managed resource.

Status string

Deprecated The current state of the Client VPN endpoint.

Deprecated:

This attribute has been deprecated.

TagsAll Dictionary<string, string>

A map of tags assigned to the resource, including those inherited from the provider default_tags configuration block.

Arn string

The ARN of the Client VPN endpoint.

DnsName string

The DNS name to be used by clients when establishing their VPN session.

Id string

The provider-assigned unique ID for this managed resource.

Status string

Deprecated The current state of the Client VPN endpoint.

Deprecated:

This attribute has been deprecated.

TagsAll map[string]string

A map of tags assigned to the resource, including those inherited from the provider default_tags configuration block.

arn String

The ARN of the Client VPN endpoint.

dnsName String

The DNS name to be used by clients when establishing their VPN session.

id String

The provider-assigned unique ID for this managed resource.

status String

Deprecated The current state of the Client VPN endpoint.

Deprecated:

This attribute has been deprecated.

tagsAll Map<String,String>

A map of tags assigned to the resource, including those inherited from the provider default_tags configuration block.

arn string

The ARN of the Client VPN endpoint.

dnsName string

The DNS name to be used by clients when establishing their VPN session.

id string

The provider-assigned unique ID for this managed resource.

status string

Deprecated The current state of the Client VPN endpoint.

Deprecated:

This attribute has been deprecated.

tagsAll {[key: string]: string}

A map of tags assigned to the resource, including those inherited from the provider default_tags configuration block.

arn str

The ARN of the Client VPN endpoint.

dns_name str

The DNS name to be used by clients when establishing their VPN session.

id str

The provider-assigned unique ID for this managed resource.

status str

Deprecated The current state of the Client VPN endpoint.

Deprecated:

This attribute has been deprecated.

tags_all Mapping[str, str]

A map of tags assigned to the resource, including those inherited from the provider default_tags configuration block.

arn String

The ARN of the Client VPN endpoint.

dnsName String

The DNS name to be used by clients when establishing their VPN session.

id String

The provider-assigned unique ID for this managed resource.

status String

Deprecated The current state of the Client VPN endpoint.

Deprecated:

This attribute has been deprecated.

tagsAll Map<String>

A map of tags assigned to the resource, including those inherited from the provider default_tags configuration block.

Look up an Existing Endpoint Resource

Get an existing Endpoint resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.

public static get(name: string, id: Input<ID>, state?: EndpointState, opts?: CustomResourceOptions): Endpoint
@staticmethod
def get(resource_name: str,
        id: str,
        opts: Optional[ResourceOptions] = None,
        arn: Optional[str] = None,
        authentication_options: Optional[Sequence[EndpointAuthenticationOptionArgs]] = None,
        client_cidr_block: Optional[str] = None,
        client_connect_options: Optional[EndpointClientConnectOptionsArgs] = None,
        client_login_banner_options: Optional[EndpointClientLoginBannerOptionsArgs] = None,
        connection_log_options: Optional[EndpointConnectionLogOptionsArgs] = None,
        description: Optional[str] = None,
        dns_name: Optional[str] = None,
        dns_servers: Optional[Sequence[str]] = None,
        security_group_ids: Optional[Sequence[str]] = None,
        self_service_portal: Optional[str] = None,
        server_certificate_arn: Optional[str] = None,
        session_timeout_hours: Optional[int] = None,
        split_tunnel: Optional[bool] = None,
        status: Optional[str] = None,
        tags: Optional[Mapping[str, str]] = None,
        tags_all: Optional[Mapping[str, str]] = None,
        transport_protocol: Optional[str] = None,
        vpc_id: Optional[str] = None,
        vpn_port: Optional[int] = None) -> Endpoint
func GetEndpoint(ctx *Context, name string, id IDInput, state *EndpointState, opts ...ResourceOption) (*Endpoint, error)
public static Endpoint Get(string name, Input<string> id, EndpointState? state, CustomResourceOptions? opts = null)
public static Endpoint get(String name, Output<String> id, EndpointState state, CustomResourceOptions options)
Resource lookup is not supported in YAML
name
The unique name of the resulting resource.
id
The unique provider ID of the resource to lookup.
state
Any extra arguments used during the lookup.
opts
A bag of options that control this resource's behavior.
resource_name
The unique name of the resulting resource.
id
The unique provider ID of the resource to lookup.
name
The unique name of the resulting resource.
id
The unique provider ID of the resource to lookup.
state
Any extra arguments used during the lookup.
opts
A bag of options that control this resource's behavior.
name
The unique name of the resulting resource.
id
The unique provider ID of the resource to lookup.
state
Any extra arguments used during the lookup.
opts
A bag of options that control this resource's behavior.
name
The unique name of the resulting resource.
id
The unique provider ID of the resource to lookup.
state
Any extra arguments used during the lookup.
opts
A bag of options that control this resource's behavior.
The following state arguments are supported:
Arn string

The ARN of the Client VPN endpoint.

AuthenticationOptions List<EndpointAuthenticationOptionArgs>

Information about the authentication method to be used to authenticate clients.

ClientCidrBlock string

The IPv4 address range, in CIDR notation, from which to assign client IP addresses. The address range cannot overlap with the local CIDR of the VPC in which the associated subnet is located, or the routes that you add manually. The address range cannot be changed after the Client VPN endpoint has been created. The CIDR block should be /22 or greater.

ClientConnectOptions EndpointClientConnectOptionsArgs

The options for managing connection authorization for new client connections.

ClientLoginBannerOptions EndpointClientLoginBannerOptionsArgs

Options for enabling a customizable text banner that will be displayed on AWS provided clients when a VPN session is established.

ConnectionLogOptions EndpointConnectionLogOptionsArgs

Information about the client connection logging options.

Description string

A brief description of the Client VPN endpoint.

DnsName string

The DNS name to be used by clients when establishing their VPN session.

DnsServers List<string>

Information about the DNS servers to be used for DNS resolution. A Client VPN endpoint can have up to two DNS servers. If no DNS server is specified, the DNS address of the connecting device is used.

SecurityGroupIds List<string>

The IDs of one or more security groups to apply to the target network. You must also specify the ID of the VPC that contains the security groups.

SelfServicePortal string

Specify whether to enable the self-service portal for the Client VPN endpoint. Values can be enabled or disabled. Default value is disabled.

ServerCertificateArn string

The ARN of the ACM server certificate.

SessionTimeoutHours int

The maximum session duration is a trigger by which end-users are required to re-authenticate prior to establishing a VPN session. Default value is 24 - Valid values: 8 | 10 | 12 | 24

SplitTunnel bool

Indicates whether split-tunnel is enabled on VPN endpoint. Default value is false.

Status string

Deprecated The current state of the Client VPN endpoint.

Deprecated:

This attribute has been deprecated.

Tags Dictionary<string, string>

A mapping of tags to assign to the resource. If configured with a provider default_tags configuration block present, tags with matching keys will overwrite those defined at the provider-level.

TagsAll Dictionary<string, string>

A map of tags assigned to the resource, including those inherited from the provider default_tags configuration block.

TransportProtocol string

The transport protocol to be used by the VPN session. Default value is udp.

VpcId string

The ID of the VPC to associate with the Client VPN endpoint. If no security group IDs are specified in the request, the default security group for the VPC is applied.

VpnPort int

The port number for the Client VPN endpoint. Valid values are 443 and 1194. Default value is 443.

Arn string

The ARN of the Client VPN endpoint.

AuthenticationOptions []EndpointAuthenticationOptionArgs

Information about the authentication method to be used to authenticate clients.

ClientCidrBlock string

The IPv4 address range, in CIDR notation, from which to assign client IP addresses. The address range cannot overlap with the local CIDR of the VPC in which the associated subnet is located, or the routes that you add manually. The address range cannot be changed after the Client VPN endpoint has been created. The CIDR block should be /22 or greater.

ClientConnectOptions EndpointClientConnectOptionsArgs

The options for managing connection authorization for new client connections.

ClientLoginBannerOptions EndpointClientLoginBannerOptionsArgs

Options for enabling a customizable text banner that will be displayed on AWS provided clients when a VPN session is established.

ConnectionLogOptions EndpointConnectionLogOptionsArgs

Information about the client connection logging options.

Description string

A brief description of the Client VPN endpoint.

DnsName string

The DNS name to be used by clients when establishing their VPN session.

DnsServers []string

Information about the DNS servers to be used for DNS resolution. A Client VPN endpoint can have up to two DNS servers. If no DNS server is specified, the DNS address of the connecting device is used.

SecurityGroupIds []string

The IDs of one or more security groups to apply to the target network. You must also specify the ID of the VPC that contains the security groups.

SelfServicePortal string

Specify whether to enable the self-service portal for the Client VPN endpoint. Values can be enabled or disabled. Default value is disabled.

ServerCertificateArn string

The ARN of the ACM server certificate.

SessionTimeoutHours int

The maximum session duration is a trigger by which end-users are required to re-authenticate prior to establishing a VPN session. Default value is 24 - Valid values: 8 | 10 | 12 | 24

SplitTunnel bool

Indicates whether split-tunnel is enabled on VPN endpoint. Default value is false.

Status string

Deprecated The current state of the Client VPN endpoint.

Deprecated:

This attribute has been deprecated.

Tags map[string]string

A mapping of tags to assign to the resource. If configured with a provider default_tags configuration block present, tags with matching keys will overwrite those defined at the provider-level.

TagsAll map[string]string

A map of tags assigned to the resource, including those inherited from the provider default_tags configuration block.

TransportProtocol string

The transport protocol to be used by the VPN session. Default value is udp.

VpcId string

The ID of the VPC to associate with the Client VPN endpoint. If no security group IDs are specified in the request, the default security group for the VPC is applied.

VpnPort int

The port number for the Client VPN endpoint. Valid values are 443 and 1194. Default value is 443.

arn String

The ARN of the Client VPN endpoint.

authenticationOptions List<EndpointAuthenticationOptionArgs>

Information about the authentication method to be used to authenticate clients.

clientCidrBlock String

The IPv4 address range, in CIDR notation, from which to assign client IP addresses. The address range cannot overlap with the local CIDR of the VPC in which the associated subnet is located, or the routes that you add manually. The address range cannot be changed after the Client VPN endpoint has been created. The CIDR block should be /22 or greater.

clientConnectOptions EndpointClientConnectOptionsArgs

The options for managing connection authorization for new client connections.

clientLoginBannerOptions EndpointClientLoginBannerOptionsArgs

Options for enabling a customizable text banner that will be displayed on AWS provided clients when a VPN session is established.

connectionLogOptions EndpointConnectionLogOptionsArgs

Information about the client connection logging options.

description String

A brief description of the Client VPN endpoint.

dnsName String

The DNS name to be used by clients when establishing their VPN session.

dnsServers List<String>

Information about the DNS servers to be used for DNS resolution. A Client VPN endpoint can have up to two DNS servers. If no DNS server is specified, the DNS address of the connecting device is used.

securityGroupIds List<String>

The IDs of one or more security groups to apply to the target network. You must also specify the ID of the VPC that contains the security groups.

selfServicePortal String

Specify whether to enable the self-service portal for the Client VPN endpoint. Values can be enabled or disabled. Default value is disabled.

serverCertificateArn String

The ARN of the ACM server certificate.

sessionTimeoutHours Integer

The maximum session duration is a trigger by which end-users are required to re-authenticate prior to establishing a VPN session. Default value is 24 - Valid values: 8 | 10 | 12 | 24

splitTunnel Boolean

Indicates whether split-tunnel is enabled on VPN endpoint. Default value is false.

status String

Deprecated The current state of the Client VPN endpoint.

Deprecated:

This attribute has been deprecated.

tags Map<String,String>

A mapping of tags to assign to the resource. If configured with a provider default_tags configuration block present, tags with matching keys will overwrite those defined at the provider-level.

tagsAll Map<String,String>

A map of tags assigned to the resource, including those inherited from the provider default_tags configuration block.

transportProtocol String

The transport protocol to be used by the VPN session. Default value is udp.

vpcId String

The ID of the VPC to associate with the Client VPN endpoint. If no security group IDs are specified in the request, the default security group for the VPC is applied.

vpnPort Integer

The port number for the Client VPN endpoint. Valid values are 443 and 1194. Default value is 443.

arn string

The ARN of the Client VPN endpoint.

authenticationOptions EndpointAuthenticationOptionArgs[]

Information about the authentication method to be used to authenticate clients.

clientCidrBlock string

The IPv4 address range, in CIDR notation, from which to assign client IP addresses. The address range cannot overlap with the local CIDR of the VPC in which the associated subnet is located, or the routes that you add manually. The address range cannot be changed after the Client VPN endpoint has been created. The CIDR block should be /22 or greater.

clientConnectOptions EndpointClientConnectOptionsArgs

The options for managing connection authorization for new client connections.

clientLoginBannerOptions EndpointClientLoginBannerOptionsArgs

Options for enabling a customizable text banner that will be displayed on AWS provided clients when a VPN session is established.

connectionLogOptions EndpointConnectionLogOptionsArgs

Information about the client connection logging options.

description string

A brief description of the Client VPN endpoint.

dnsName string

The DNS name to be used by clients when establishing their VPN session.

dnsServers string[]

Information about the DNS servers to be used for DNS resolution. A Client VPN endpoint can have up to two DNS servers. If no DNS server is specified, the DNS address of the connecting device is used.

securityGroupIds string[]

The IDs of one or more security groups to apply to the target network. You must also specify the ID of the VPC that contains the security groups.

selfServicePortal string

Specify whether to enable the self-service portal for the Client VPN endpoint. Values can be enabled or disabled. Default value is disabled.

serverCertificateArn string

The ARN of the ACM server certificate.

sessionTimeoutHours number

The maximum session duration is a trigger by which end-users are required to re-authenticate prior to establishing a VPN session. Default value is 24 - Valid values: 8 | 10 | 12 | 24

splitTunnel boolean

Indicates whether split-tunnel is enabled on VPN endpoint. Default value is false.

status string

Deprecated The current state of the Client VPN endpoint.

Deprecated:

This attribute has been deprecated.

tags {[key: string]: string}

A mapping of tags to assign to the resource. If configured with a provider default_tags configuration block present, tags with matching keys will overwrite those defined at the provider-level.

tagsAll {[key: string]: string}

A map of tags assigned to the resource, including those inherited from the provider default_tags configuration block.

transportProtocol string

The transport protocol to be used by the VPN session. Default value is udp.

vpcId string

The ID of the VPC to associate with the Client VPN endpoint. If no security group IDs are specified in the request, the default security group for the VPC is applied.

vpnPort number

The port number for the Client VPN endpoint. Valid values are 443 and 1194. Default value is 443.

arn str

The ARN of the Client VPN endpoint.

authentication_options Sequence[EndpointAuthenticationOptionArgs]

Information about the authentication method to be used to authenticate clients.

client_cidr_block str

The IPv4 address range, in CIDR notation, from which to assign client IP addresses. The address range cannot overlap with the local CIDR of the VPC in which the associated subnet is located, or the routes that you add manually. The address range cannot be changed after the Client VPN endpoint has been created. The CIDR block should be /22 or greater.

client_connect_options EndpointClientConnectOptionsArgs

The options for managing connection authorization for new client connections.

client_login_banner_options EndpointClientLoginBannerOptionsArgs

Options for enabling a customizable text banner that will be displayed on AWS provided clients when a VPN session is established.

connection_log_options EndpointConnectionLogOptionsArgs

Information about the client connection logging options.

description str

A brief description of the Client VPN endpoint.

dns_name str

The DNS name to be used by clients when establishing their VPN session.

dns_servers Sequence[str]

Information about the DNS servers to be used for DNS resolution. A Client VPN endpoint can have up to two DNS servers. If no DNS server is specified, the DNS address of the connecting device is used.

security_group_ids Sequence[str]

The IDs of one or more security groups to apply to the target network. You must also specify the ID of the VPC that contains the security groups.

self_service_portal str

Specify whether to enable the self-service portal for the Client VPN endpoint. Values can be enabled or disabled. Default value is disabled.

server_certificate_arn str

The ARN of the ACM server certificate.

session_timeout_hours int

The maximum session duration is a trigger by which end-users are required to re-authenticate prior to establishing a VPN session. Default value is 24 - Valid values: 8 | 10 | 12 | 24

split_tunnel bool

Indicates whether split-tunnel is enabled on VPN endpoint. Default value is false.

status str

Deprecated The current state of the Client VPN endpoint.

Deprecated:

This attribute has been deprecated.

tags Mapping[str, str]

A mapping of tags to assign to the resource. If configured with a provider default_tags configuration block present, tags with matching keys will overwrite those defined at the provider-level.

tags_all Mapping[str, str]

A map of tags assigned to the resource, including those inherited from the provider default_tags configuration block.

transport_protocol str

The transport protocol to be used by the VPN session. Default value is udp.

vpc_id str

The ID of the VPC to associate with the Client VPN endpoint. If no security group IDs are specified in the request, the default security group for the VPC is applied.

vpn_port int

The port number for the Client VPN endpoint. Valid values are 443 and 1194. Default value is 443.

arn String

The ARN of the Client VPN endpoint.

authenticationOptions List<Property Map>

Information about the authentication method to be used to authenticate clients.

clientCidrBlock String

The IPv4 address range, in CIDR notation, from which to assign client IP addresses. The address range cannot overlap with the local CIDR of the VPC in which the associated subnet is located, or the routes that you add manually. The address range cannot be changed after the Client VPN endpoint has been created. The CIDR block should be /22 or greater.

clientConnectOptions Property Map

The options for managing connection authorization for new client connections.

clientLoginBannerOptions Property Map

Options for enabling a customizable text banner that will be displayed on AWS provided clients when a VPN session is established.

connectionLogOptions Property Map

Information about the client connection logging options.

description String

A brief description of the Client VPN endpoint.

dnsName String

The DNS name to be used by clients when establishing their VPN session.

dnsServers List<String>

Information about the DNS servers to be used for DNS resolution. A Client VPN endpoint can have up to two DNS servers. If no DNS server is specified, the DNS address of the connecting device is used.

securityGroupIds List<String>

The IDs of one or more security groups to apply to the target network. You must also specify the ID of the VPC that contains the security groups.

selfServicePortal String

Specify whether to enable the self-service portal for the Client VPN endpoint. Values can be enabled or disabled. Default value is disabled.

serverCertificateArn String

The ARN of the ACM server certificate.

sessionTimeoutHours Number

The maximum session duration is a trigger by which end-users are required to re-authenticate prior to establishing a VPN session. Default value is 24 - Valid values: 8 | 10 | 12 | 24

splitTunnel Boolean

Indicates whether split-tunnel is enabled on VPN endpoint. Default value is false.

status String

Deprecated The current state of the Client VPN endpoint.

Deprecated:

This attribute has been deprecated.

tags Map<String>

A mapping of tags to assign to the resource. If configured with a provider default_tags configuration block present, tags with matching keys will overwrite those defined at the provider-level.

tagsAll Map<String>

A map of tags assigned to the resource, including those inherited from the provider default_tags configuration block.

transportProtocol String

The transport protocol to be used by the VPN session. Default value is udp.

vpcId String

The ID of the VPC to associate with the Client VPN endpoint. If no security group IDs are specified in the request, the default security group for the VPC is applied.

vpnPort Number

The port number for the Client VPN endpoint. Valid values are 443 and 1194. Default value is 443.

Supporting Types

EndpointAuthenticationOption

Type string

The type of client authentication to be used. Specify certificate-authentication to use certificate-based authentication, directory-service-authentication to use Active Directory authentication, or federated-authentication to use Federated Authentication via SAML 2.0.

ActiveDirectoryId string

The ID of the Active Directory to be used for authentication if type is directory-service-authentication.

RootCertificateChainArn string

The ARN of the client certificate. The certificate must be signed by a certificate authority (CA) and it must be provisioned in AWS Certificate Manager (ACM). Only necessary when type is set to certificate-authentication.

SamlProviderArn string

The ARN of the IAM SAML identity provider if type is federated-authentication.

SelfServiceSamlProviderArn string

The ARN of the IAM SAML identity provider for the self service portal if type is federated-authentication.

Type string

The type of client authentication to be used. Specify certificate-authentication to use certificate-based authentication, directory-service-authentication to use Active Directory authentication, or federated-authentication to use Federated Authentication via SAML 2.0.

ActiveDirectoryId string

The ID of the Active Directory to be used for authentication if type is directory-service-authentication.

RootCertificateChainArn string

The ARN of the client certificate. The certificate must be signed by a certificate authority (CA) and it must be provisioned in AWS Certificate Manager (ACM). Only necessary when type is set to certificate-authentication.

SamlProviderArn string

The ARN of the IAM SAML identity provider if type is federated-authentication.

SelfServiceSamlProviderArn string

The ARN of the IAM SAML identity provider for the self service portal if type is federated-authentication.

type String

The type of client authentication to be used. Specify certificate-authentication to use certificate-based authentication, directory-service-authentication to use Active Directory authentication, or federated-authentication to use Federated Authentication via SAML 2.0.

activeDirectoryId String

The ID of the Active Directory to be used for authentication if type is directory-service-authentication.

rootCertificateChainArn String

The ARN of the client certificate. The certificate must be signed by a certificate authority (CA) and it must be provisioned in AWS Certificate Manager (ACM). Only necessary when type is set to certificate-authentication.

samlProviderArn String

The ARN of the IAM SAML identity provider if type is federated-authentication.

selfServiceSamlProviderArn String

The ARN of the IAM SAML identity provider for the self service portal if type is federated-authentication.

type string

The type of client authentication to be used. Specify certificate-authentication to use certificate-based authentication, directory-service-authentication to use Active Directory authentication, or federated-authentication to use Federated Authentication via SAML 2.0.

activeDirectoryId string

The ID of the Active Directory to be used for authentication if type is directory-service-authentication.

rootCertificateChainArn string

The ARN of the client certificate. The certificate must be signed by a certificate authority (CA) and it must be provisioned in AWS Certificate Manager (ACM). Only necessary when type is set to certificate-authentication.

samlProviderArn string

The ARN of the IAM SAML identity provider if type is federated-authentication.

selfServiceSamlProviderArn string

The ARN of the IAM SAML identity provider for the self service portal if type is federated-authentication.

type str

The type of client authentication to be used. Specify certificate-authentication to use certificate-based authentication, directory-service-authentication to use Active Directory authentication, or federated-authentication to use Federated Authentication via SAML 2.0.

active_directory_id str

The ID of the Active Directory to be used for authentication if type is directory-service-authentication.

root_certificate_chain_arn str

The ARN of the client certificate. The certificate must be signed by a certificate authority (CA) and it must be provisioned in AWS Certificate Manager (ACM). Only necessary when type is set to certificate-authentication.

saml_provider_arn str

The ARN of the IAM SAML identity provider if type is federated-authentication.

self_service_saml_provider_arn str

The ARN of the IAM SAML identity provider for the self service portal if type is federated-authentication.

type String

The type of client authentication to be used. Specify certificate-authentication to use certificate-based authentication, directory-service-authentication to use Active Directory authentication, or federated-authentication to use Federated Authentication via SAML 2.0.

activeDirectoryId String

The ID of the Active Directory to be used for authentication if type is directory-service-authentication.

rootCertificateChainArn String

The ARN of the client certificate. The certificate must be signed by a certificate authority (CA) and it must be provisioned in AWS Certificate Manager (ACM). Only necessary when type is set to certificate-authentication.

samlProviderArn String

The ARN of the IAM SAML identity provider if type is federated-authentication.

selfServiceSamlProviderArn String

The ARN of the IAM SAML identity provider for the self service portal if type is federated-authentication.

EndpointClientConnectOptions

Enabled bool

Indicates whether connection logging is enabled.

LambdaFunctionArn string

The Amazon Resource Name (ARN) of the Lambda function used for connection authorization.

Enabled bool

Indicates whether connection logging is enabled.

LambdaFunctionArn string

The Amazon Resource Name (ARN) of the Lambda function used for connection authorization.

enabled Boolean

Indicates whether connection logging is enabled.

lambdaFunctionArn String

The Amazon Resource Name (ARN) of the Lambda function used for connection authorization.

enabled boolean

Indicates whether connection logging is enabled.

lambdaFunctionArn string

The Amazon Resource Name (ARN) of the Lambda function used for connection authorization.

enabled bool

Indicates whether connection logging is enabled.

lambda_function_arn str

The Amazon Resource Name (ARN) of the Lambda function used for connection authorization.

enabled Boolean

Indicates whether connection logging is enabled.

lambdaFunctionArn String

The Amazon Resource Name (ARN) of the Lambda function used for connection authorization.

EndpointClientLoginBannerOptions

BannerText string

Customizable text that will be displayed in a banner on AWS provided clients when a VPN session is established. UTF-8 encoded characters only. Maximum of 1400 characters.

Enabled bool

Indicates whether connection logging is enabled.

BannerText string

Customizable text that will be displayed in a banner on AWS provided clients when a VPN session is established. UTF-8 encoded characters only. Maximum of 1400 characters.

Enabled bool

Indicates whether connection logging is enabled.

bannerText String

Customizable text that will be displayed in a banner on AWS provided clients when a VPN session is established. UTF-8 encoded characters only. Maximum of 1400 characters.

enabled Boolean

Indicates whether connection logging is enabled.

bannerText string

Customizable text that will be displayed in a banner on AWS provided clients when a VPN session is established. UTF-8 encoded characters only. Maximum of 1400 characters.

enabled boolean

Indicates whether connection logging is enabled.

str

Customizable text that will be displayed in a banner on AWS provided clients when a VPN session is established. UTF-8 encoded characters only. Maximum of 1400 characters.

enabled bool

Indicates whether connection logging is enabled.

bannerText String

Customizable text that will be displayed in a banner on AWS provided clients when a VPN session is established. UTF-8 encoded characters only. Maximum of 1400 characters.

enabled Boolean

Indicates whether connection logging is enabled.

EndpointConnectionLogOptions

Enabled bool

Indicates whether connection logging is enabled.

CloudwatchLogGroup string

The name of the CloudWatch Logs log group.

CloudwatchLogStream string

The name of the CloudWatch Logs log stream to which the connection data is published.

Enabled bool

Indicates whether connection logging is enabled.

CloudwatchLogGroup string

The name of the CloudWatch Logs log group.

CloudwatchLogStream string

The name of the CloudWatch Logs log stream to which the connection data is published.

enabled Boolean

Indicates whether connection logging is enabled.

cloudwatchLogGroup String

The name of the CloudWatch Logs log group.

cloudwatchLogStream String

The name of the CloudWatch Logs log stream to which the connection data is published.

enabled boolean

Indicates whether connection logging is enabled.

cloudwatchLogGroup string

The name of the CloudWatch Logs log group.

cloudwatchLogStream string

The name of the CloudWatch Logs log stream to which the connection data is published.

enabled bool

Indicates whether connection logging is enabled.

cloudwatch_log_group str

The name of the CloudWatch Logs log group.

cloudwatch_log_stream str

The name of the CloudWatch Logs log stream to which the connection data is published.

enabled Boolean

Indicates whether connection logging is enabled.

cloudwatchLogGroup String

The name of the CloudWatch Logs log group.

cloudwatchLogStream String

The name of the CloudWatch Logs log stream to which the connection data is published.

Import

AWS Client VPN endpoints can be imported using the id value found via aws ec2 describe-client-vpn-endpoints, e.g.,

 $ pulumi import aws:ec2clientvpn/endpoint:Endpoint example cvpn-endpoint-0ac3a1abbccddd666

Package Details

Repository
https://github.com/pulumi/pulumi-aws
License
Apache-2.0
Notes

This Pulumi package is based on the aws Terraform Provider.