Viewing docs for AWS v5.43.0 (Older version)
published on Tuesday, Mar 10, 2026 by Pulumi
published on Tuesday, Mar 10, 2026 by Pulumi
Viewing docs for AWS v5.43.0 (Older version)
published on Tuesday, Mar 10, 2026 by Pulumi
published on Tuesday, Mar 10, 2026 by Pulumi
Provides network associations for AWS Client VPN endpoints. For more information on usage, please see the AWS Client VPN Administrator’s Guide.
NOTE on Client VPN endpoint target network security groups: The provider provides both a standalone Client VPN endpoint network association resource with a (deprecated)
security_groupsargument and a Client VPN endpoint resource with asecurity_group_idsargument. Do not specify security groups in both resources. Doing so will cause a conflict and will overwrite the target network security group association.
Example Usage
Using default security group
using System.Collections.Generic;
using System.Linq;
using Pulumi;
using Aws = Pulumi.Aws;
return await Deployment.RunAsync(() =>
{
var example = new Aws.Ec2ClientVpn.NetworkAssociation("example", new()
{
ClientVpnEndpointId = aws_ec2_client_vpn_endpoint.Example.Id,
SubnetId = aws_subnet.Example.Id,
});
});
package main
import (
"github.com/pulumi/pulumi-aws/sdk/v5/go/aws/ec2clientvpn"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
_, err := ec2clientvpn.NewNetworkAssociation(ctx, "example", &ec2clientvpn.NetworkAssociationArgs{
ClientVpnEndpointId: pulumi.Any(aws_ec2_client_vpn_endpoint.Example.Id),
SubnetId: pulumi.Any(aws_subnet.Example.Id),
})
if err != nil {
return err
}
return nil
})
}
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.aws.ec2clientvpn.NetworkAssociation;
import com.pulumi.aws.ec2clientvpn.NetworkAssociationArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
var example = new NetworkAssociation("example", NetworkAssociationArgs.builder()
.clientVpnEndpointId(aws_ec2_client_vpn_endpoint.example().id())
.subnetId(aws_subnet.example().id())
.build());
}
}
import * as pulumi from "@pulumi/pulumi";
import * as aws from "@pulumi/aws";
const example = new aws.ec2clientvpn.NetworkAssociation("example", {
clientVpnEndpointId: aws_ec2_client_vpn_endpoint.example.id,
subnetId: aws_subnet.example.id,
});
import pulumi
import pulumi_aws as aws
example = aws.ec2clientvpn.NetworkAssociation("example",
client_vpn_endpoint_id=aws_ec2_client_vpn_endpoint["example"]["id"],
subnet_id=aws_subnet["example"]["id"])
resources:
example:
type: aws:ec2clientvpn:NetworkAssociation
properties:
clientVpnEndpointId: ${aws_ec2_client_vpn_endpoint.example.id}
subnetId: ${aws_subnet.example.id}
Using custom security groups
using System.Collections.Generic;
using System.Linq;
using Pulumi;
using Aws = Pulumi.Aws;
return await Deployment.RunAsync(() =>
{
var example = new Aws.Ec2ClientVpn.NetworkAssociation("example", new()
{
ClientVpnEndpointId = aws_ec2_client_vpn_endpoint.Example.Id,
SubnetId = aws_subnet.Example.Id,
SecurityGroups = new[]
{
aws_security_group.Example1.Id,
aws_security_group.Example2.Id,
},
});
});
package main
import (
"github.com/pulumi/pulumi-aws/sdk/v5/go/aws/ec2clientvpn"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
_, err := ec2clientvpn.NewNetworkAssociation(ctx, "example", &ec2clientvpn.NetworkAssociationArgs{
ClientVpnEndpointId: pulumi.Any(aws_ec2_client_vpn_endpoint.Example.Id),
SubnetId: pulumi.Any(aws_subnet.Example.Id),
SecurityGroups: pulumi.StringArray{
aws_security_group.Example1.Id,
aws_security_group.Example2.Id,
},
})
if err != nil {
return err
}
return nil
})
}
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.aws.ec2clientvpn.NetworkAssociation;
import com.pulumi.aws.ec2clientvpn.NetworkAssociationArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
var example = new NetworkAssociation("example", NetworkAssociationArgs.builder()
.clientVpnEndpointId(aws_ec2_client_vpn_endpoint.example().id())
.subnetId(aws_subnet.example().id())
.securityGroups(
aws_security_group.example1().id(),
aws_security_group.example2().id())
.build());
}
}
import * as pulumi from "@pulumi/pulumi";
import * as aws from "@pulumi/aws";
const example = new aws.ec2clientvpn.NetworkAssociation("example", {
clientVpnEndpointId: aws_ec2_client_vpn_endpoint.example.id,
subnetId: aws_subnet.example.id,
securityGroups: [
aws_security_group.example1.id,
aws_security_group.example2.id,
],
});
import pulumi
import pulumi_aws as aws
example = aws.ec2clientvpn.NetworkAssociation("example",
client_vpn_endpoint_id=aws_ec2_client_vpn_endpoint["example"]["id"],
subnet_id=aws_subnet["example"]["id"],
security_groups=[
aws_security_group["example1"]["id"],
aws_security_group["example2"]["id"],
])
resources:
example:
type: aws:ec2clientvpn:NetworkAssociation
properties:
clientVpnEndpointId: ${aws_ec2_client_vpn_endpoint.example.id}
subnetId: ${aws_subnet.example.id}
securityGroups:
- ${aws_security_group.example1.id}
- ${aws_security_group.example2.id}
Create NetworkAssociation Resource
Resources are created with functions called constructors. To learn more about declaring and configuring resources, see Resources.
Constructor syntax
new NetworkAssociation(name: string, args: NetworkAssociationArgs, opts?: CustomResourceOptions);@overload
def NetworkAssociation(resource_name: str,
args: NetworkAssociationArgs,
opts: Optional[ResourceOptions] = None)
@overload
def NetworkAssociation(resource_name: str,
opts: Optional[ResourceOptions] = None,
client_vpn_endpoint_id: Optional[str] = None,
subnet_id: Optional[str] = None,
security_groups: Optional[Sequence[str]] = None)func NewNetworkAssociation(ctx *Context, name string, args NetworkAssociationArgs, opts ...ResourceOption) (*NetworkAssociation, error)public NetworkAssociation(string name, NetworkAssociationArgs args, CustomResourceOptions? opts = null)
public NetworkAssociation(String name, NetworkAssociationArgs args)
public NetworkAssociation(String name, NetworkAssociationArgs args, CustomResourceOptions options)
type: aws:ec2clientvpn:NetworkAssociation
properties: # The arguments to resource properties.
options: # Bag of options to control resource's behavior.
Parameters
- name string
- The unique name of the resource.
- args NetworkAssociationArgs
- The arguments to resource properties.
- opts CustomResourceOptions
- Bag of options to control resource's behavior.
- resource_name str
- The unique name of the resource.
- args NetworkAssociationArgs
- The arguments to resource properties.
- opts ResourceOptions
- Bag of options to control resource's behavior.
- ctx Context
- Context object for the current deployment.
- name string
- The unique name of the resource.
- args NetworkAssociationArgs
- The arguments to resource properties.
- opts ResourceOption
- Bag of options to control resource's behavior.
- name string
- The unique name of the resource.
- args NetworkAssociationArgs
- The arguments to resource properties.
- opts CustomResourceOptions
- Bag of options to control resource's behavior.
- name String
- The unique name of the resource.
- args NetworkAssociationArgs
- The arguments to resource properties.
- options CustomResourceOptions
- Bag of options to control resource's behavior.
Constructor example
The following reference example uses placeholder values for all input properties.
var networkAssociationResource = new Aws.Ec2ClientVpn.NetworkAssociation("networkAssociationResource", new()
{
ClientVpnEndpointId = "string",
SubnetId = "string",
});
example, err := ec2clientvpn.NewNetworkAssociation(ctx, "networkAssociationResource", &ec2clientvpn.NetworkAssociationArgs{
ClientVpnEndpointId: pulumi.String("string"),
SubnetId: pulumi.String("string"),
})
var networkAssociationResource = new NetworkAssociation("networkAssociationResource", NetworkAssociationArgs.builder()
.clientVpnEndpointId("string")
.subnetId("string")
.build());
network_association_resource = aws.ec2clientvpn.NetworkAssociation("networkAssociationResource",
client_vpn_endpoint_id="string",
subnet_id="string")
const networkAssociationResource = new aws.ec2clientvpn.NetworkAssociation("networkAssociationResource", {
clientVpnEndpointId: "string",
subnetId: "string",
});
type: aws:ec2clientvpn:NetworkAssociation
properties:
clientVpnEndpointId: string
subnetId: string
NetworkAssociation Resource Properties
To learn more about resource properties and how to use them, see Inputs and Outputs in the Architecture and Concepts docs.
Inputs
In Python, inputs that are objects can be passed either as argument classes or as dictionary literals.
The NetworkAssociation resource accepts the following input properties:
- Client
Vpn stringEndpoint Id - The ID of the Client VPN endpoint.
- Subnet
Id string - The ID of the subnet to associate with the Client VPN endpoint.
- Security
Groups List<string> - A list of up to five custom security groups to apply to the target network. If not specified, the VPC's default security group is assigned.
- Client
Vpn stringEndpoint Id - The ID of the Client VPN endpoint.
- Subnet
Id string - The ID of the subnet to associate with the Client VPN endpoint.
- Security
Groups []string - A list of up to five custom security groups to apply to the target network. If not specified, the VPC's default security group is assigned.
- client
Vpn StringEndpoint Id - The ID of the Client VPN endpoint.
- subnet
Id String - The ID of the subnet to associate with the Client VPN endpoint.
- security
Groups List<String> - A list of up to five custom security groups to apply to the target network. If not specified, the VPC's default security group is assigned.
- client
Vpn stringEndpoint Id - The ID of the Client VPN endpoint.
- subnet
Id string - The ID of the subnet to associate with the Client VPN endpoint.
- security
Groups string[] - A list of up to five custom security groups to apply to the target network. If not specified, the VPC's default security group is assigned.
- client_
vpn_ strendpoint_ id - The ID of the Client VPN endpoint.
- subnet_
id str - The ID of the subnet to associate with the Client VPN endpoint.
- security_
groups Sequence[str] - A list of up to five custom security groups to apply to the target network. If not specified, the VPC's default security group is assigned.
- client
Vpn StringEndpoint Id - The ID of the Client VPN endpoint.
- subnet
Id String - The ID of the subnet to associate with the Client VPN endpoint.
- security
Groups List<String> - A list of up to five custom security groups to apply to the target network. If not specified, the VPC's default security group is assigned.
Outputs
All input properties are implicitly available as output properties. Additionally, the NetworkAssociation resource produces the following output properties:
- Association
Id string - The unique ID of the target network association.
- Id string
- The provider-assigned unique ID for this managed resource.
- Status string
- Deprecated The current state of the target network association.
- Vpc
Id string - The ID of the VPC in which the target subnet is located.
- Association
Id string - The unique ID of the target network association.
- Id string
- The provider-assigned unique ID for this managed resource.
- Status string
- Deprecated The current state of the target network association.
- Vpc
Id string - The ID of the VPC in which the target subnet is located.
- association
Id String - The unique ID of the target network association.
- id String
- The provider-assigned unique ID for this managed resource.
- status String
- Deprecated The current state of the target network association.
- vpc
Id String - The ID of the VPC in which the target subnet is located.
- association
Id string - The unique ID of the target network association.
- id string
- The provider-assigned unique ID for this managed resource.
- status string
- Deprecated The current state of the target network association.
- vpc
Id string - The ID of the VPC in which the target subnet is located.
- association_
id str - The unique ID of the target network association.
- id str
- The provider-assigned unique ID for this managed resource.
- status str
- Deprecated The current state of the target network association.
- vpc_
id str - The ID of the VPC in which the target subnet is located.
- association
Id String - The unique ID of the target network association.
- id String
- The provider-assigned unique ID for this managed resource.
- status String
- Deprecated The current state of the target network association.
- vpc
Id String - The ID of the VPC in which the target subnet is located.
Look up Existing NetworkAssociation Resource
Get an existing NetworkAssociation resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.
public static get(name: string, id: Input<ID>, state?: NetworkAssociationState, opts?: CustomResourceOptions): NetworkAssociation@staticmethod
def get(resource_name: str,
id: str,
opts: Optional[ResourceOptions] = None,
association_id: Optional[str] = None,
client_vpn_endpoint_id: Optional[str] = None,
security_groups: Optional[Sequence[str]] = None,
status: Optional[str] = None,
subnet_id: Optional[str] = None,
vpc_id: Optional[str] = None) -> NetworkAssociationfunc GetNetworkAssociation(ctx *Context, name string, id IDInput, state *NetworkAssociationState, opts ...ResourceOption) (*NetworkAssociation, error)public static NetworkAssociation Get(string name, Input<string> id, NetworkAssociationState? state, CustomResourceOptions? opts = null)public static NetworkAssociation get(String name, Output<String> id, NetworkAssociationState state, CustomResourceOptions options)resources: _: type: aws:ec2clientvpn:NetworkAssociation get: id: ${id}- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- resource_name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- Association
Id string - The unique ID of the target network association.
- Client
Vpn stringEndpoint Id - The ID of the Client VPN endpoint.
- Security
Groups List<string> - A list of up to five custom security groups to apply to the target network. If not specified, the VPC's default security group is assigned.
- Status string
- Deprecated The current state of the target network association.
- Subnet
Id string - The ID of the subnet to associate with the Client VPN endpoint.
- Vpc
Id string - The ID of the VPC in which the target subnet is located.
- Association
Id string - The unique ID of the target network association.
- Client
Vpn stringEndpoint Id - The ID of the Client VPN endpoint.
- Security
Groups []string - A list of up to five custom security groups to apply to the target network. If not specified, the VPC's default security group is assigned.
- Status string
- Deprecated The current state of the target network association.
- Subnet
Id string - The ID of the subnet to associate with the Client VPN endpoint.
- Vpc
Id string - The ID of the VPC in which the target subnet is located.
- association
Id String - The unique ID of the target network association.
- client
Vpn StringEndpoint Id - The ID of the Client VPN endpoint.
- security
Groups List<String> - A list of up to five custom security groups to apply to the target network. If not specified, the VPC's default security group is assigned.
- status String
- Deprecated The current state of the target network association.
- subnet
Id String - The ID of the subnet to associate with the Client VPN endpoint.
- vpc
Id String - The ID of the VPC in which the target subnet is located.
- association
Id string - The unique ID of the target network association.
- client
Vpn stringEndpoint Id - The ID of the Client VPN endpoint.
- security
Groups string[] - A list of up to five custom security groups to apply to the target network. If not specified, the VPC's default security group is assigned.
- status string
- Deprecated The current state of the target network association.
- subnet
Id string - The ID of the subnet to associate with the Client VPN endpoint.
- vpc
Id string - The ID of the VPC in which the target subnet is located.
- association_
id str - The unique ID of the target network association.
- client_
vpn_ strendpoint_ id - The ID of the Client VPN endpoint.
- security_
groups Sequence[str] - A list of up to five custom security groups to apply to the target network. If not specified, the VPC's default security group is assigned.
- status str
- Deprecated The current state of the target network association.
- subnet_
id str - The ID of the subnet to associate with the Client VPN endpoint.
- vpc_
id str - The ID of the VPC in which the target subnet is located.
- association
Id String - The unique ID of the target network association.
- client
Vpn StringEndpoint Id - The ID of the Client VPN endpoint.
- security
Groups List<String> - A list of up to five custom security groups to apply to the target network. If not specified, the VPC's default security group is assigned.
- status String
- Deprecated The current state of the target network association.
- subnet
Id String - The ID of the subnet to associate with the Client VPN endpoint.
- vpc
Id String - The ID of the VPC in which the target subnet is located.
Import
AWS Client VPN network associations can be imported using the endpoint ID and the association ID. Values are separated by a ,.
$ pulumi import aws:ec2clientvpn/networkAssociation:NetworkAssociation example cvpn-endpoint-0ac3a1abbccddd666,vpn-assoc-0b8db902465d069ad
To learn more about importing existing cloud resources, see Importing resources.
Package Details
- Repository
- AWS Classic pulumi/pulumi-aws
- License
- Apache-2.0
- Notes
- This Pulumi package is based on the
awsTerraform Provider.
Viewing docs for AWS v5.43.0 (Older version)
published on Tuesday, Mar 10, 2026 by Pulumi
published on Tuesday, Mar 10, 2026 by Pulumi