Endpoint
Provides an AWS Client VPN endpoint for OpenVPN clients. For more information on usage, please see the AWS Client VPN Administrator's Guide.
Example Usage
import * as pulumi from "@pulumi/pulumi";
import * as aws from "@pulumi/aws";
const example = new aws.ec2clientvpn.Endpoint("example", {
description: "clientvpn-example",
serverCertificateArn: cert.arn,
clientCidrBlock: "10.0.0.0/16",
authenticationOptions: [{
type: "certificate-authentication",
rootCertificateChainArn: rootCert.arn,
}],
connectionLogOptions: {
enabled: true,
cloudwatchLogGroup: lg.name,
cloudwatchLogStream: ls.name,
},
});import pulumi
import pulumi_aws as aws
example = aws.ec2clientvpn.Endpoint("example",
description="clientvpn-example",
server_certificate_arn=cert["arn"],
client_cidr_block="10.0.0.0/16",
authentication_options=[{
"type": "certificate-authentication",
"root_certificate_chain_arn": root_cert["arn"],
}],
connection_log_options={
"enabled": True,
"cloudwatch_log_group": lg["name"],
"cloudwatch_log_stream": ls["name"],
})using System.Collections.Generic;
using System.Linq;
using Pulumi;
using Aws = Pulumi.Aws;
return await Deployment.RunAsync(() =>
{
var example = new Aws.Ec2ClientVpn.Endpoint("example", new()
{
Description = "clientvpn-example",
ServerCertificateArn = cert.Arn,
ClientCidrBlock = "10.0.0.0/16",
AuthenticationOptions = new[]
{
new Aws.Ec2ClientVpn.Inputs.EndpointAuthenticationOptionArgs
{
Type = "certificate-authentication",
RootCertificateChainArn = rootCert.Arn,
},
},
ConnectionLogOptions = new Aws.Ec2ClientVpn.Inputs.EndpointConnectionLogOptionsArgs
{
Enabled = true,
CloudwatchLogGroup = lg.Name,
CloudwatchLogStream = ls.Name,
},
});
});package main
import (
"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/ec2clientvpn"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
_, err := ec2clientvpn.NewEndpoint(ctx, "example", &ec2clientvpn.EndpointArgs{
Description: pulumi.String("clientvpn-example"),
ServerCertificateArn: pulumi.Any(cert.Arn),
ClientCidrBlock: pulumi.String("10.0.0.0/16"),
AuthenticationOptions: ec2clientvpn.EndpointAuthenticationOptionArray{
&ec2clientvpn.EndpointAuthenticationOptionArgs{
Type: pulumi.String("certificate-authentication"),
RootCertificateChainArn: pulumi.Any(rootCert.Arn),
},
},
ConnectionLogOptions: &ec2clientvpn.EndpointConnectionLogOptionsArgs{
Enabled: pulumi.Bool(true),
CloudwatchLogGroup: pulumi.Any(lg.Name),
CloudwatchLogStream: pulumi.Any(ls.Name),
},
})
if err != nil {
return err
}
return nil
})
}package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.aws.ec2clientvpn.Endpoint;
import com.pulumi.aws.ec2clientvpn.EndpointArgs;
import com.pulumi.aws.ec2clientvpn.inputs.EndpointAuthenticationOptionArgs;
import com.pulumi.aws.ec2clientvpn.inputs.EndpointConnectionLogOptionsArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
var example = new Endpoint("example", EndpointArgs.builder()
.description("clientvpn-example")
.serverCertificateArn(cert.arn())
.clientCidrBlock("10.0.0.0/16")
.authenticationOptions(EndpointAuthenticationOptionArgs.builder()
.type("certificate-authentication")
.rootCertificateChainArn(rootCert.arn())
.build())
.connectionLogOptions(EndpointConnectionLogOptionsArgs.builder()
.enabled(true)
.cloudwatchLogGroup(lg.name())
.cloudwatchLogStream(ls.name())
.build())
.build());
}
}resources:
example:
type: aws:ec2clientvpn:Endpoint
properties:
description: clientvpn-example
serverCertificateArn: ${cert.arn}
clientCidrBlock: 10.0.0.0/16
authenticationOptions:
- type: certificate-authentication
rootCertificateChainArn: ${rootCert.arn}
connectionLogOptions:
enabled: true
cloudwatchLogGroup: ${lg.name}
cloudwatchLogStream: ${ls.name}Import
Using pulumi import, import AWS Client VPN endpoints using the id value found via aws ec2 describe-client-vpn-endpoints. For example:
$ pulumi import aws:ec2clientvpn/endpoint:Endpoint example cvpn-endpoint-0ac3a1abbccddd666Constructors
Properties
Information about the authentication method to be used to authenticate clients.
The IPv4 address range, in CIDR notation, from which to assign client IP addresses. The address range cannot overlap with the local CIDR of the VPC in which the associated subnet is located, or the routes that you add manually. The address range cannot be changed after the Client VPN endpoint has been created. The CIDR block should be /22 or greater.
The options for managing connection authorization for new client connections.
Options for enabling a customizable text banner that will be displayed on AWS provided clients when a VPN session is established.
Information about the client connection logging options.
A brief description of the Client VPN endpoint.
Indicates whether the client VPN session is disconnected after the maximum session_timeout_hours is reached. If true, users are prompted to reconnect client VPN. If false, client VPN attempts to reconnect automatically. The default value is false.
Information about the DNS servers to be used for DNS resolution. A Client VPN endpoint can have up to two DNS servers. If no DNS server is specified, the DNS address of the connecting device is used.
The IDs of one or more security groups to apply to the target network. You must also specify the ID of the VPC that contains the security groups.
Specify whether to enable the self-service portal for the Client VPN endpoint. Values can be enabled or disabled. Default value is disabled.
The ARN of the ACM server certificate.
The maximum session duration is a trigger by which end-users are required to re-authenticate prior to establishing a VPN session. Default value is 24 - Valid values: 8 | 10 | 12 | 24
Indicates whether split-tunnel is enabled on VPN endpoint. Default value is false.
The transport protocol to be used by the VPN session. Default value is udp.