pulumi-aws-kotlin/com.pulumi.aws.verifiedaccess.kotlin/Endpoint

Endpoint

class Endpoint : KotlinCustomResource

Resource for managing an AWS EC2 (Elastic Compute Cloud) Verified Access Endpoint.

Example Usage

ALB Example

import * as pulumi from "@pulumi/pulumi";
import * as aws from "@pulumi/aws";
const example = new aws.verifiedaccess.Endpoint("example", {
    applicationDomain: "example.com",
    attachmentType: "vpc",
    description: "example",
    domainCertificateArn: exampleAwsAcmCertificate.arn,
    endpointDomainPrefix: "example",
    endpointType: "load-balancer",
    loadBalancerOptions: {
        loadBalancerArn: exampleAwsLb.arn,
        port: 443,
        protocol: "https",
        subnetIds: .map(subnet => (subnet.id)),
    },
    securityGroupIds: [exampleAwsSecurityGroup&#46;id],
    verifiedAccessGroupId: exampleAwsVerifiedaccessGroup.id,
});

import pulumi
import pulumi_aws as aws
example = aws.verifiedaccess.Endpoint("example",
    application_domain="example.com",
    attachment_type="vpc",
    description="example",
    domain_certificate_arn=example_aws_acm_certificate["arn"],
    endpoint_domain_prefix="example",
    endpoint_type="load-balancer",
    load_balancer_options=aws.verifiedaccess.EndpointLoadBalancerOptionsArgs(
        load_balancer_arn=example_aws_lb["arn"],
        port=443,
        protocol="https",
        subnet_ids=[subnet["id"] for subnet in public],
    ),
    security_group_ids=[example_aws_security_group["id"]],
    verified_access_group_id=example_aws_verifiedaccess_group["id"])

using System.Collections.Generic;
using System.Linq;
using Pulumi;
using Aws = Pulumi.Aws;
return await Deployment.RunAsync(() =>
{
    var example = new Aws.VerifiedAccess.Endpoint("example", new()
    {
        ApplicationDomain = "example.com",
        AttachmentType = "vpc",
        Description = "example",
        DomainCertificateArn = exampleAwsAcmCertificate.Arn,
        EndpointDomainPrefix = "example",
        EndpointType = "load-balancer",
        LoadBalancerOptions = new Aws.VerifiedAccess.Inputs.EndpointLoadBalancerOptionsArgs
        {
            LoadBalancerArn = exampleAwsLb.Arn,
            Port = 443,
            Protocol = "https",
            SubnetIds = .Select(subnet =>
            {
                return subnet.Id;
            }).ToList(),
        },
        SecurityGroupIds = new[]
        {
            exampleAwsSecurityGroup.Id,
        },
        VerifiedAccessGroupId = exampleAwsVerifiedaccessGroup.Id,
    });
});

Network Interface Example

import * as pulumi from "@pulumi/pulumi";
import * as aws from "@pulumi/aws";
const example = new aws.verifiedaccess.Endpoint("example", {
    applicationDomain: "example.com",
    attachmentType: "vpc",
    description: "example",
    domainCertificateArn: exampleAwsAcmCertificate.arn,
    endpointDomainPrefix: "example",
    endpointType: "network-interface",
    networkInterfaceOptions: {
        networkInterfaceId: exampleAwsNetworkInterface.id,
        port: 443,
        protocol: "https",
    },
    securityGroupIds: [exampleAwsSecurityGroup&#46;id],
    verifiedAccessGroupId: exampleAwsVerifiedaccessGroup.id,
});

import pulumi
import pulumi_aws as aws
example = aws.verifiedaccess.Endpoint("example",
    application_domain="example.com",
    attachment_type="vpc",
    description="example",
    domain_certificate_arn=example_aws_acm_certificate["arn"],
    endpoint_domain_prefix="example",
    endpoint_type="network-interface",
    network_interface_options=aws.verifiedaccess.EndpointNetworkInterfaceOptionsArgs(
        network_interface_id=example_aws_network_interface["id"],
        port=443,
        protocol="https",
    ),
    security_group_ids=[example_aws_security_group["id"]],
    verified_access_group_id=example_aws_verifiedaccess_group["id"])

using System.Collections.Generic;
using System.Linq;
using Pulumi;
using Aws = Pulumi.Aws;
return await Deployment.RunAsync(() =>
{
    var example = new Aws.VerifiedAccess.Endpoint("example", new()
    {
        ApplicationDomain = "example.com",
        AttachmentType = "vpc",
        Description = "example",
        DomainCertificateArn = exampleAwsAcmCertificate.Arn,
        EndpointDomainPrefix = "example",
        EndpointType = "network-interface",
        NetworkInterfaceOptions = new Aws.VerifiedAccess.Inputs.EndpointNetworkInterfaceOptionsArgs
        {
            NetworkInterfaceId = exampleAwsNetworkInterface.Id,
            Port = 443,
            Protocol = "https",
        },
        SecurityGroupIds = new[]
        {
            exampleAwsSecurityGroup.Id,
        },
        VerifiedAccessGroupId = exampleAwsVerifiedaccessGroup.Id,
    });
});

package main
import (
	"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/verifiedaccess"
	"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		_, err := verifiedaccess.NewEndpoint(ctx, "example", &verifiedaccess.EndpointArgs{
			ApplicationDomain:    pulumi.String("example.com"),
			AttachmentType:       pulumi.String("vpc"),
			Description:          pulumi.String("example"),
			DomainCertificateArn: pulumi.Any(exampleAwsAcmCertificate.Arn),
			EndpointDomainPrefix: pulumi.String("example"),
			EndpointType:         pulumi.String("network-interface"),
			NetworkInterfaceOptions: &verifiedaccess.EndpointNetworkInterfaceOptionsArgs{
				NetworkInterfaceId: pulumi.Any(exampleAwsNetworkInterface.Id),
				Port:               pulumi.Int(443),
				Protocol:           pulumi.String("https"),
			},
			SecurityGroupIds: pulumi.StringArray{
				exampleAwsSecurityGroup.Id,
			},
			VerifiedAccessGroupId: pulumi.Any(exampleAwsVerifiedaccessGroup.Id),
		})
		if err != nil {
			return err
		}
		return nil
	})
}

package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.aws.verifiedaccess.Endpoint;
import com.pulumi.aws.verifiedaccess.EndpointArgs;
import com.pulumi.aws.verifiedaccess.inputs.EndpointNetworkInterfaceOptionsArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
    public static void main(String[] args) {
        Pulumi.run(App::stack);
    }
    public static void stack(Context ctx) {
        var example = new Endpoint("example", EndpointArgs.builder()
            .applicationDomain("example.com")
            .attachmentType("vpc")
            .description("example")
            .domainCertificateArn(exampleAwsAcmCertificate.arn())
            .endpointDomainPrefix("example")
            .endpointType("network-interface")
            .networkInterfaceOptions(EndpointNetworkInterfaceOptionsArgs.builder()
                .networkInterfaceId(exampleAwsNetworkInterface.id())
                .port(443)
                .protocol("https")
                .build())
            .securityGroupIds(exampleAwsSecurityGroup.id())
            .verifiedAccessGroupId(exampleAwsVerifiedaccessGroup.id())
            .build());
    }
}

resources:
  example:
    type: aws:verifiedaccess:Endpoint
    properties:
      applicationDomain: example.com
      attachmentType: vpc
      description: example
      domainCertificateArn: ${exampleAwsAcmCertificate.arn}
      endpointDomainPrefix: example
      endpointType: network-interface
      networkInterfaceOptions:
        networkInterfaceId: ${exampleAwsNetworkInterface.id}
        port: 443
        protocol: https
      securityGroupIds:
        - ${exampleAwsSecurityGroup.id}
      verifiedAccessGroupId: ${exampleAwsVerifiedaccessGroup.id}

Import

Using pulumi import, import Verified Access Instances using the id. For example:

$ pulumi import aws:verifiedaccess/endpoint:Endpoint example vae-8012925589

Properties

applicationDomain

val applicationDomain: Output<String>

The DNS name for users to reach your application.

attachmentType

val attachmentType: Output<String>

The type of attachment. Currently, only vpc is supported.

description

val description: Output<String>?

A description for the Verified Access endpoint.

deviceValidationDomain

val deviceValidationDomain: Output<String>

Returned if endpoint has a device trust provider attached.

domainCertificateArn

val domainCertificateArn: Output<String>

The ARN of the public TLS/SSL certificate in AWS Certificate Manager to associate with the endpoint. The CN in the certificate must match the DNS name your end users will use to reach your application.

endpointDomain

val endpointDomain: Output<String>

A DNS name that is generated for the endpoint.

endpointDomainPrefix

val endpointDomainPrefix: Output<String>

A custom identifier that is prepended to the DNS name that is generated for the endpoint.

endpointType

val endpointType: Output<String>

The type of Verified Access endpoint to create. Currently load-balancer or network-interface are supported.

val id: Output<String>

loadBalancerOptions

val loadBalancerOptions: Output<EndpointLoadBalancerOptions>?

The load balancer details. This parameter is required if the endpoint type is load-balancer.

networkInterfaceOptions

val networkInterfaceOptions: Output<EndpointNetworkInterfaceOptions>?

The network interface details. This parameter is required if the endpoint type is network-interface.

policyDocument

val policyDocument: Output<String>?

The policy document that is associated with this resource.

pulumiChildResources

val pulumiChildResources: Set<KotlinResource>

pulumiResourceName

val pulumiResourceName: String

pulumiResourceType

val pulumiResourceType: String

securityGroupIds

val securityGroupIds: Output<List<String>>?

List of the the security groups IDs to associate with the Verified Access endpoint.

sseSpecification

val sseSpecification: Output<EndpointSseSpecification>

The options in use for server side encryption.