Endpoint
data class EndpointArgs(val applicationDomain: Output<String>? = null, val attachmentType: Output<String>? = null, val cidrOptions: Output<EndpointCidrOptionsArgs>? = null, val description: Output<String>? = null, val domainCertificateArn: Output<String>? = null, val endpointDomainPrefix: Output<String>? = null, val endpointType: Output<String>? = null, val loadBalancerOptions: Output<EndpointLoadBalancerOptionsArgs>? = null, val networkInterfaceOptions: Output<EndpointNetworkInterfaceOptionsArgs>? = null, val policyDocument: Output<String>? = null, val rdsOptions: Output<EndpointRdsOptionsArgs>? = null, val securityGroupIds: Output<List<String>>? = null, val sseSpecification: Output<EndpointSseSpecificationArgs>? = null, val tags: Output<Map<String, String>>? = null, val verifiedAccessGroupId: Output<String>? = null) : ConvertibleToJava<EndpointArgs>
Resource for managing an AWS EC2 (Elastic Compute Cloud) Verified Access Endpoint.
Example Usage
ALB Example
import * as pulumi from "@pulumi/pulumi";
import * as aws from "@pulumi/aws";
const example = new aws.verifiedaccess.Endpoint("example", {
applicationDomain: "example.com",
attachmentType: "vpc",
description: "example",
domainCertificateArn: exampleAwsAcmCertificate.arn,
endpointDomainPrefix: "example",
endpointType: "load-balancer",
loadBalancerOptions: {
loadBalancerArn: exampleAwsLb.arn,
port: 443,
protocol: "https",
subnetIds: .map(subnet => (subnet.id)),
},
securityGroupIds: [exampleAwsSecurityGroup.id],
verifiedAccessGroupId: exampleAwsVerifiedaccessGroup.id,
});Content copied to clipboard
import pulumi
import pulumi_aws as aws
example = aws.verifiedaccess.Endpoint("example",
application_domain="example.com",
attachment_type="vpc",
description="example",
domain_certificate_arn=example_aws_acm_certificate["arn"],
endpoint_domain_prefix="example",
endpoint_type="load-balancer",
load_balancer_options={
"load_balancer_arn": example_aws_lb["arn"],
"port": 443,
"protocol": "https",
"subnet_ids": [subnet["id"] for subnet in public],
},
security_group_ids=[example_aws_security_group["id"]],
verified_access_group_id=example_aws_verifiedaccess_group["id"])Content copied to clipboard
using System.Collections.Generic;
using System.Linq;
using Pulumi;
using Aws = Pulumi.Aws;
return await Deployment.RunAsync(() =>
{
var example = new Aws.VerifiedAccess.Endpoint("example", new()
{
ApplicationDomain = "example.com",
AttachmentType = "vpc",
Description = "example",
DomainCertificateArn = exampleAwsAcmCertificate.Arn,
EndpointDomainPrefix = "example",
EndpointType = "load-balancer",
LoadBalancerOptions = new Aws.VerifiedAccess.Inputs.EndpointLoadBalancerOptionsArgs
{
LoadBalancerArn = exampleAwsLb.Arn,
Port = 443,
Protocol = "https",
SubnetIds = .Select(subnet =>
{
return subnet.Id;
}).ToList(),
},
SecurityGroupIds = new[]
{
exampleAwsSecurityGroup.Id,
},
VerifiedAccessGroupId = exampleAwsVerifiedaccessGroup.Id,
});
});Content copied to clipboard
Network Interface Example
import * as pulumi from "@pulumi/pulumi";
import * as aws from "@pulumi/aws";
const example = new aws.verifiedaccess.Endpoint("example", {
applicationDomain: "example.com",
attachmentType: "vpc",
description: "example",
domainCertificateArn: exampleAwsAcmCertificate.arn,
endpointDomainPrefix: "example",
endpointType: "network-interface",
networkInterfaceOptions: {
networkInterfaceId: exampleAwsNetworkInterface.id,
port: 443,
protocol: "https",
},
securityGroupIds: [exampleAwsSecurityGroup.id],
verifiedAccessGroupId: exampleAwsVerifiedaccessGroup.id,
});Content copied to clipboard
import pulumi
import pulumi_aws as aws
example = aws.verifiedaccess.Endpoint("example",
application_domain="example.com",
attachment_type="vpc",
description="example",
domain_certificate_arn=example_aws_acm_certificate["arn"],
endpoint_domain_prefix="example",
endpoint_type="network-interface",
network_interface_options={
"network_interface_id": example_aws_network_interface["id"],
"port": 443,
"protocol": "https",
},
security_group_ids=[example_aws_security_group["id"]],
verified_access_group_id=example_aws_verifiedaccess_group["id"])Content copied to clipboard
using System.Collections.Generic;
using System.Linq;
using Pulumi;
using Aws = Pulumi.Aws;
return await Deployment.RunAsync(() =>
{
var example = new Aws.VerifiedAccess.Endpoint("example", new()
{
ApplicationDomain = "example.com",
AttachmentType = "vpc",
Description = "example",
DomainCertificateArn = exampleAwsAcmCertificate.Arn,
EndpointDomainPrefix = "example",
EndpointType = "network-interface",
NetworkInterfaceOptions = new Aws.VerifiedAccess.Inputs.EndpointNetworkInterfaceOptionsArgs
{
NetworkInterfaceId = exampleAwsNetworkInterface.Id,
Port = 443,
Protocol = "https",
},
SecurityGroupIds = new[]
{
exampleAwsSecurityGroup.Id,
},
VerifiedAccessGroupId = exampleAwsVerifiedaccessGroup.Id,
});
});Content copied to clipboard
package main
import (
"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/verifiedaccess"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
_, err := verifiedaccess.NewEndpoint(ctx, "example", &verifiedaccess.EndpointArgs{
ApplicationDomain: pulumi.String("example.com"),
AttachmentType: pulumi.String("vpc"),
Description: pulumi.String("example"),
DomainCertificateArn: pulumi.Any(exampleAwsAcmCertificate.Arn),
EndpointDomainPrefix: pulumi.String("example"),
EndpointType: pulumi.String("network-interface"),
NetworkInterfaceOptions: &verifiedaccess.EndpointNetworkInterfaceOptionsArgs{
NetworkInterfaceId: pulumi.Any(exampleAwsNetworkInterface.Id),
Port: pulumi.Int(443),
Protocol: pulumi.String("https"),
},
SecurityGroupIds: pulumi.StringArray{
exampleAwsSecurityGroup.Id,
},
VerifiedAccessGroupId: pulumi.Any(exampleAwsVerifiedaccessGroup.Id),
})
if err != nil {
return err
}
return nil
})
}Content copied to clipboard
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.aws.verifiedaccess.Endpoint;
import com.pulumi.aws.verifiedaccess.EndpointArgs;
import com.pulumi.aws.verifiedaccess.inputs.EndpointNetworkInterfaceOptionsArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
var example = new Endpoint("example", EndpointArgs.builder()
.applicationDomain("example.com")
.attachmentType("vpc")
.description("example")
.domainCertificateArn(exampleAwsAcmCertificate.arn())
.endpointDomainPrefix("example")
.endpointType("network-interface")
.networkInterfaceOptions(EndpointNetworkInterfaceOptionsArgs.builder()
.networkInterfaceId(exampleAwsNetworkInterface.id())
.port(443)
.protocol("https")
.build())
.securityGroupIds(exampleAwsSecurityGroup.id())
.verifiedAccessGroupId(exampleAwsVerifiedaccessGroup.id())
.build());
}
}Content copied to clipboard
resources:
example:
type: aws:verifiedaccess:Endpoint
properties:
applicationDomain: example.com
attachmentType: vpc
description: example
domainCertificateArn: ${exampleAwsAcmCertificate.arn}
endpointDomainPrefix: example
endpointType: network-interface
networkInterfaceOptions:
networkInterfaceId: ${exampleAwsNetworkInterface.id}
port: 443
protocol: https
securityGroupIds:
- ${exampleAwsSecurityGroup.id}
verifiedAccessGroupId: ${exampleAwsVerifiedaccessGroup.id}Content copied to clipboard
Cidr Example
import * as pulumi from "@pulumi/pulumi";
import * as aws from "@pulumi/aws";
const example = new aws.verifiedaccess.Endpoint("example", {
attachmentType: "vpc",
description: "example",
endpointType: "cidr",
cidrOptions: {
cidr: test[0].cidrBlock,
portRanges: [{
fromPort: 443,
toPort: 443,
}],
protocol: "tcp",
subnetIds: .map(subnet => (subnet.id)),
},
securityGroupIds: [testAwsSecurityGroup.id],
verifiedAccessGroupId: testAwsVerifiedaccessGroup.id,
});Content copied to clipboard
import pulumi
import pulumi_aws as aws
example = aws.verifiedaccess.Endpoint("example",
attachment_type="vpc",
description="example",
endpoint_type="cidr",
cidr_options={
"cidr": test[0]["cidrBlock"],
"port_ranges": [{
"from_port": 443,
"to_port": 443,
}],
"protocol": "tcp",
"subnet_ids": [subnet["id"] for subnet in test],
},
security_group_ids=[test_aws_security_group["id"]],
verified_access_group_id=test_aws_verifiedaccess_group["id"])Content copied to clipboard
using System.Collections.Generic;
using System.Linq;
using Pulumi;
using Aws = Pulumi.Aws;
return await Deployment.RunAsync(() =>
{
var example = new Aws.VerifiedAccess.Endpoint("example", new()
{
AttachmentType = "vpc",
Description = "example",
EndpointType = "cidr",
CidrOptions = new Aws.VerifiedAccess.Inputs.EndpointCidrOptionsArgs
{
Cidr = test[0].CidrBlock,
PortRanges = new[]
{
new Aws.VerifiedAccess.Inputs.EndpointCidrOptionsPortRangeArgs
{
FromPort = 443,
ToPort = 443,
},
},
Protocol = "tcp",
SubnetIds = .Select(subnet =>
{
return subnet.Id;
}).ToList(),
},
SecurityGroupIds = new[]
{
testAwsSecurityGroup.Id,
},
VerifiedAccessGroupId = testAwsVerifiedaccessGroup.Id,
});
});Content copied to clipboard
Import
Using pulumi import, import Verified Access Instances using the id. For example:
$ pulumi import aws:verifiedaccess/endpoint:Endpoint example vae-8012925589Content copied to clipboard
Constructors
Link copied to clipboard
constructor(applicationDomain: Output<String>? = null, attachmentType: Output<String>? = null, cidrOptions: Output<EndpointCidrOptionsArgs>? = null, description: Output<String>? = null, domainCertificateArn: Output<String>? = null, endpointDomainPrefix: Output<String>? = null, endpointType: Output<String>? = null, loadBalancerOptions: Output<EndpointLoadBalancerOptionsArgs>? = null, networkInterfaceOptions: Output<EndpointNetworkInterfaceOptionsArgs>? = null, policyDocument: Output<String>? = null, rdsOptions: Output<EndpointRdsOptionsArgs>? = null, securityGroupIds: Output<List<String>>? = null, sseSpecification: Output<EndpointSseSpecificationArgs>? = null, tags: Output<Map<String, String>>? = null, verifiedAccessGroupId: Output<String>? = null)
Properties
Link copied to clipboard
The DNS name for users to reach your application. This parameter is required if the endpoint type is load-balancer or network-interface.
Link copied to clipboard
The type of attachment. Currently, only vpc is supported.
Link copied to clipboard
The CIDR block details. This parameter is required if the endpoint type is cidr.
Link copied to clipboard
A description for the Verified Access endpoint.
Link copied to clipboard
The ARN of the public TLS/SSL certificate in AWS Certificate Manager to associate with the endpoint. The CN in the certificate must match the DNS name your end users will use to reach your application. This parameter is required if the endpoint type is load-balancer or network-interface.
Link copied to clipboard
A custom identifier that is prepended to the DNS name that is generated for the endpoint.
Link copied to clipboard
The type of Verified Access endpoint to create. Currently load-balancer or network-interface are supported.
Link copied to clipboard
The load balancer details. This parameter is required if the endpoint type is load-balancer.
Link copied to clipboard
The network interface details. This parameter is required if the endpoint type is network-interface.
Link copied to clipboard
The policy document that is associated with this resource.
Link copied to clipboard
Link copied to clipboard
List of the the security groups IDs to associate with the Verified Access endpoint.
Link copied to clipboard
The options in use for server side encryption.
Link copied to clipboard
The ID of the Verified Access group to associate the endpoint with. The following arguments are optional: