pulumi-aws-kotlin/com.pulumi.aws.ec2clientvpn.kotlin/EndpointArgs

EndpointArgs

data class EndpointArgs(val authenticationOptions: Output<List<EndpointAuthenticationOptionArgs>>? = null, val clientCidrBlock: Output<String>? = null, val clientConnectOptions: Output<EndpointClientConnectOptionsArgs>? = null, val clientLoginBannerOptions: Output<EndpointClientLoginBannerOptionsArgs>? = null, val connectionLogOptions: Output<EndpointConnectionLogOptionsArgs>? = null, val description: Output<String>? = null, val dnsServers: Output<List<String>>? = null, val securityGroupIds: Output<List<String>>? = null, val selfServicePortal: Output<String>? = null, val serverCertificateArn: Output<String>? = null, val sessionTimeoutHours: Output<Int>? = null, val splitTunnel: Output<Boolean>? = null, val tags: Output<Map<String, String>>? = null, val transportProtocol: Output<String>? = null, val vpcId: Output<String>? = null, val vpnPort: Output<Int>? = null) : ConvertibleToJava<EndpointArgs>

Provides an AWS Client VPN endpoint for OpenVPN clients. For more information on usage, please see the AWS Client VPN Administrator's Guide.

NOTE on Client VPN endpoint target network security groups: this provider provides both a standalone Client VPN endpoint network association resource with a (deprecated) security_groups argument and a Client VPN endpoint resource with a security_group_ids argument. Do not specify security groups in both resources. Doing so will cause a conflict and will overwrite the target network security group association.

Example Usage

package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.aws.ec2clientvpn.Endpoint;
import com.pulumi.aws.ec2clientvpn.EndpointArgs;
import com.pulumi.aws.ec2clientvpn.inputs.EndpointAuthenticationOptionArgs;
import com.pulumi.aws.ec2clientvpn.inputs.EndpointConnectionLogOptionsArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
    public static void main(String[] args) {
        Pulumi.run(App::stack);
    }
    public static void stack(Context ctx) {
        var example = new Endpoint("example", EndpointArgs.builder()
            .description("clientvpn-example")
            .serverCertificateArn(aws_acm_certificate.cert().arn())
            .clientCidrBlock("10.0.0.0/16")
            .authenticationOptions(EndpointAuthenticationOptionArgs.builder()
                .type("certificate-authentication")
                .rootCertificateChainArn(aws_acm_certificate.root_cert().arn())
                .build())
            .connectionLogOptions(EndpointConnectionLogOptionsArgs.builder()
                .enabled(true)
                .cloudwatchLogGroup(aws_cloudwatch_log_group.lg().name())
                .cloudwatchLogStream(aws_cloudwatch_log_stream.ls().name())
                .build())
            .build());
    }
}
Content copied to clipboard

Import

AWS Client VPN endpoints can be imported using the id value found via aws ec2 describe-client-vpn-endpoints, e.g.,

$ pulumi import aws:ec2clientvpn/endpoint:Endpoint example cvpn-endpoint-0ac3a1abbccddd666
Content copied to clipboard

Constructors

Link copied to clipboard
fun EndpointArgs(authenticationOptions: Output<List<EndpointAuthenticationOptionArgs>>? = null, clientCidrBlock: Output<String>? = null, clientConnectOptions: Output<EndpointClientConnectOptionsArgs>? = null, clientLoginBannerOptions: Output<EndpointClientLoginBannerOptionsArgs>? = null, connectionLogOptions: Output<EndpointConnectionLogOptionsArgs>? = null, description: Output<String>? = null, dnsServers: Output<List<String>>? = null, securityGroupIds: Output<List<String>>? = null, selfServicePortal: Output<String>? = null, serverCertificateArn: Output<String>? = null, sessionTimeoutHours: Output<Int>? = null, splitTunnel: Output<Boolean>? = null, tags: Output<Map<String, String>>? = null, transportProtocol: Output<String>? = null, vpcId: Output<String>? = null, vpnPort: Output<Int>? = null)

Functions

Link copied to clipboard
open override fun toJava(): EndpointArgs

Properties

Link copied to clipboard
val authenticationOptions: Output<List<EndpointAuthenticationOptionArgs>>? = null

Information about the authentication method to be used to authenticate clients.

Link copied to clipboard
val clientCidrBlock: Output<String>? = null

The IPv4 address range, in CIDR notation, from which to assign client IP addresses. The address range cannot overlap with the local CIDR of the VPC in which the associated subnet is located, or the routes that you add manually. The address range cannot be changed after the Client VPN endpoint has been created. The CIDR block should be /22 or greater.

Link copied to clipboard
val clientConnectOptions: Output<EndpointClientConnectOptionsArgs>? = null

The options for managing connection authorization for new client connections.

Link copied to clipboard
val clientLoginBannerOptions: Output<EndpointClientLoginBannerOptionsArgs>? = null

Options for enabling a customizable text banner that will be displayed on AWS provided clients when a VPN session is established.

Link copied to clipboard
val connectionLogOptions: Output<EndpointConnectionLogOptionsArgs>? = null

Information about the client connection logging options.

Link copied to clipboard
val description: Output<String>? = null

A brief description of the Client VPN endpoint.

Link copied to clipboard
val dnsServers: Output<List<String>>? = null

Information about the DNS servers to be used for DNS resolution. A Client VPN endpoint can have up to two DNS servers. If no DNS server is specified, the DNS address of the connecting device is used.

Link copied to clipboard
val securityGroupIds: Output<List<String>>? = null

The IDs of one or more security groups to apply to the target network. You must also specify the ID of the VPC that contains the security groups.

Link copied to clipboard
val selfServicePortal: Output<String>? = null

Specify whether to enable the self-service portal for the Client VPN endpoint. Values can be enabled or disabled. Default value is disabled.

Link copied to clipboard
val serverCertificateArn: Output<String>? = null

The ARN of the ACM server certificate.

Link copied to clipboard
val sessionTimeoutHours: Output<Int>? = null

The maximum session duration is a trigger by which end-users are required to re-authenticate prior to establishing a VPN session. Default value is 24 - Valid values: 8 | 10 | 12 | 24

Link copied to clipboard
val splitTunnel: Output<Boolean>? = null

Indicates whether split-tunnel is enabled on VPN endpoint. Default value is false.

Link copied to clipboard
val tags: Output<Map<String, String>>? = null

A mapping of tags to assign to the resource. If configured with a provider default_tags configuration block present, tags with matching keys will overwrite those defined at the provider-level.

Link copied to clipboard
val transportProtocol: Output<String>? = null

The transport protocol to be used by the VPN session. Default value is udp.

Link copied to clipboard
val vpcId: Output<String>? = null

The ID of the VPC to associate with the Client VPN endpoint. If no security group IDs are specified in the request, the default security group for the VPC is applied.

Link copied to clipboard
val vpnPort: Output<Int>? = null

The port number for the Client VPN endpoint. Valid values are 443 and 1194. Default value is 443.