pulumi-aws-kotlin/com.pulumi.aws.verifiedaccess.kotlin/Endpoint

Endpoint

class Endpoint : KotlinCustomResource

Resource for managing an AWS EC2 (Elastic Compute Cloud) Verified Access Endpoint.

Example Usage

ALB Example

import * as pulumi from "@pulumi/pulumi";
import * as aws from "@pulumi/aws";
const example = new aws.verifiedaccess.Endpoint("example", {
    applicationDomain: "example.com",
    attachmentType: "vpc",
    description: "example",
    domainCertificateArn: exampleAwsAcmCertificate.arn,
    endpointDomainPrefix: "example",
    endpointType: "load-balancer",
    loadBalancerOptions: {
        loadBalancerArn: exampleAwsLb.arn,
        port: 443,
        protocol: "https",
        subnetIds: .map(subnet => (subnet.id)),
    },
    securityGroupIds: [exampleAwsSecurityGroup.id],
    verifiedAccessGroupId: exampleAwsVerifiedaccessGroup.id,
});
Content copied to clipboard
import pulumi
import pulumi_aws as aws
example = aws.verifiedaccess.Endpoint("example",
    application_domain="example.com",
    attachment_type="vpc",
    description="example",
    domain_certificate_arn=example_aws_acm_certificate["arn"],
    endpoint_domain_prefix="example",
    endpoint_type="load-balancer",
    load_balancer_options={
        "load_balancer_arn": example_aws_lb["arn"],
        "port": 443,
        "protocol": "https",
        "subnet_ids": [subnet["id"] for subnet in public],
    },
    security_group_ids=[example_aws_security_group["id"]],
    verified_access_group_id=example_aws_verifiedaccess_group["id"])
Content copied to clipboard
using System.Collections.Generic;
using System.Linq;
using Pulumi;
using Aws = Pulumi.Aws;
return await Deployment.RunAsync(() =>
{
    var example = new Aws.VerifiedAccess.Endpoint("example", new()
    {
        ApplicationDomain = "example.com",
        AttachmentType = "vpc",
        Description = "example",
        DomainCertificateArn = exampleAwsAcmCertificate.Arn,
        EndpointDomainPrefix = "example",
        EndpointType = "load-balancer",
        LoadBalancerOptions = new Aws.VerifiedAccess.Inputs.EndpointLoadBalancerOptionsArgs
        {
            LoadBalancerArn = exampleAwsLb.Arn,
            Port = 443,
            Protocol = "https",
            SubnetIds = .Select(subnet =>
            {
                return subnet.Id;
            }).ToList(),
        },
        SecurityGroupIds = new[]
        {
            exampleAwsSecurityGroup.Id,
        },
        VerifiedAccessGroupId = exampleAwsVerifiedaccessGroup.Id,
    });
});
Content copied to clipboard

Network Interface Example

import * as pulumi from "@pulumi/pulumi";
import * as aws from "@pulumi/aws";
const example = new aws.verifiedaccess.Endpoint("example", {
    applicationDomain: "example.com",
    attachmentType: "vpc",
    description: "example",
    domainCertificateArn: exampleAwsAcmCertificate.arn,
    endpointDomainPrefix: "example",
    endpointType: "network-interface",
    networkInterfaceOptions: {
        networkInterfaceId: exampleAwsNetworkInterface.id,
        port: 443,
        protocol: "https",
    },
    securityGroupIds: [exampleAwsSecurityGroup.id],
    verifiedAccessGroupId: exampleAwsVerifiedaccessGroup.id,
});
Content copied to clipboard
import pulumi
import pulumi_aws as aws
example = aws.verifiedaccess.Endpoint("example",
    application_domain="example.com",
    attachment_type="vpc",
    description="example",
    domain_certificate_arn=example_aws_acm_certificate["arn"],
    endpoint_domain_prefix="example",
    endpoint_type="network-interface",
    network_interface_options={
        "network_interface_id": example_aws_network_interface["id"],
        "port": 443,
        "protocol": "https",
    },
    security_group_ids=[example_aws_security_group["id"]],
    verified_access_group_id=example_aws_verifiedaccess_group["id"])
Content copied to clipboard
using System.Collections.Generic;
using System.Linq;
using Pulumi;
using Aws = Pulumi.Aws;
return await Deployment.RunAsync(() =>
{
    var example = new Aws.VerifiedAccess.Endpoint("example", new()
    {
        ApplicationDomain = "example.com",
        AttachmentType = "vpc",
        Description = "example",
        DomainCertificateArn = exampleAwsAcmCertificate.Arn,
        EndpointDomainPrefix = "example",
        EndpointType = "network-interface",
        NetworkInterfaceOptions = new Aws.VerifiedAccess.Inputs.EndpointNetworkInterfaceOptionsArgs
        {
            NetworkInterfaceId = exampleAwsNetworkInterface.Id,
            Port = 443,
            Protocol = "https",
        },
        SecurityGroupIds = new[]
        {
            exampleAwsSecurityGroup.Id,
        },
        VerifiedAccessGroupId = exampleAwsVerifiedaccessGroup.Id,
    });
});
Content copied to clipboard
package main
import (
	"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/verifiedaccess"
	"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		_, err := verifiedaccess.NewEndpoint(ctx, "example", &verifiedaccess.EndpointArgs{
			ApplicationDomain:    pulumi.String("example.com"),
			AttachmentType:       pulumi.String("vpc"),
			Description:          pulumi.String("example"),
			DomainCertificateArn: pulumi.Any(exampleAwsAcmCertificate.Arn),
			EndpointDomainPrefix: pulumi.String("example"),
			EndpointType:         pulumi.String("network-interface"),
			NetworkInterfaceOptions: &verifiedaccess.EndpointNetworkInterfaceOptionsArgs{
				NetworkInterfaceId: pulumi.Any(exampleAwsNetworkInterface.Id),
				Port:               pulumi.Int(443),
				Protocol:           pulumi.String("https"),
			},
			SecurityGroupIds: pulumi.StringArray{
				exampleAwsSecurityGroup.Id,
			},
			VerifiedAccessGroupId: pulumi.Any(exampleAwsVerifiedaccessGroup.Id),
		})
		if err != nil {
			return err
		}
		return nil
	})
}
Content copied to clipboard
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.aws.verifiedaccess.Endpoint;
import com.pulumi.aws.verifiedaccess.EndpointArgs;
import com.pulumi.aws.verifiedaccess.inputs.EndpointNetworkInterfaceOptionsArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
    public static void main(String[] args) {
        Pulumi.run(App::stack);
    }
    public static void stack(Context ctx) {
        var example = new Endpoint("example", EndpointArgs.builder()
            .applicationDomain("example.com")
            .attachmentType("vpc")
            .description("example")
            .domainCertificateArn(exampleAwsAcmCertificate.arn())
            .endpointDomainPrefix("example")
            .endpointType("network-interface")
            .networkInterfaceOptions(EndpointNetworkInterfaceOptionsArgs.builder()
                .networkInterfaceId(exampleAwsNetworkInterface.id())
                .port(443)
                .protocol("https")
                .build())
            .securityGroupIds(exampleAwsSecurityGroup.id())
            .verifiedAccessGroupId(exampleAwsVerifiedaccessGroup.id())
            .build());
    }
}
Content copied to clipboard
resources:
  example:
    type: aws:verifiedaccess:Endpoint
    properties:
      applicationDomain: example.com
      attachmentType: vpc
      description: example
      domainCertificateArn: ${exampleAwsAcmCertificate.arn}
      endpointDomainPrefix: example
      endpointType: network-interface
      networkInterfaceOptions:
        networkInterfaceId: ${exampleAwsNetworkInterface.id}
        port: 443
        protocol: https
      securityGroupIds:
        - ${exampleAwsSecurityGroup.id}
      verifiedAccessGroupId: ${exampleAwsVerifiedaccessGroup.id}
Content copied to clipboard

Cidr Example

import * as pulumi from "@pulumi/pulumi";
import * as aws from "@pulumi/aws";
const example = new aws.verifiedaccess.Endpoint("example", {
    attachmentType: "vpc",
    description: "example",
    endpointType: "cidr",
    cidrOptions: {
        cidr: test[0].cidrBlock,
        portRanges: [{
            fromPort: 443,
            toPort: 443,
        }],
        protocol: "tcp",
        subnetIds: .map(subnet => (subnet.id)),
    },
    securityGroupIds: [testAwsSecurityGroup.id],
    verifiedAccessGroupId: testAwsVerifiedaccessGroup.id,
});
Content copied to clipboard
import pulumi
import pulumi_aws as aws
example = aws.verifiedaccess.Endpoint("example",
    attachment_type="vpc",
    description="example",
    endpoint_type="cidr",
    cidr_options={
        "cidr": test[0]["cidrBlock"],
        "port_ranges": [{
            "from_port": 443,
            "to_port": 443,
        }],
        "protocol": "tcp",
        "subnet_ids": [subnet["id"] for subnet in test],
    },
    security_group_ids=[test_aws_security_group["id"]],
    verified_access_group_id=test_aws_verifiedaccess_group["id"])
Content copied to clipboard
using System.Collections.Generic;
using System.Linq;
using Pulumi;
using Aws = Pulumi.Aws;
return await Deployment.RunAsync(() =>
{
    var example = new Aws.VerifiedAccess.Endpoint("example", new()
    {
        AttachmentType = "vpc",
        Description = "example",
        EndpointType = "cidr",
        CidrOptions = new Aws.VerifiedAccess.Inputs.EndpointCidrOptionsArgs
        {
            Cidr = test[0].CidrBlock,
            PortRanges = new[]
            {
                new Aws.VerifiedAccess.Inputs.EndpointCidrOptionsPortRangeArgs
                {
                    FromPort = 443,
                    ToPort = 443,
                },
            },
            Protocol = "tcp",
            SubnetIds = .Select(subnet =>
            {
                return subnet.Id;
            }).ToList(),
        },
        SecurityGroupIds = new[]
        {
            testAwsSecurityGroup.Id,
        },
        VerifiedAccessGroupId = testAwsVerifiedaccessGroup.Id,
    });
});
Content copied to clipboard

Import

Using pulumi import, import Verified Access Instances using the id. For example:

$ pulumi import aws:verifiedaccess/endpoint:Endpoint example vae-8012925589
Content copied to clipboard

Properties

Link copied to clipboard
val applicationDomain: Output<String>?

The DNS name for users to reach your application. This parameter is required if the endpoint type is load-balancer or network-interface.

Link copied to clipboard
val attachmentType: Output<String>

The type of attachment. Currently, only vpc is supported.

Link copied to clipboard
val cidrOptions: Output<EndpointCidrOptions>?

The CIDR block details. This parameter is required if the endpoint type is cidr.

Link copied to clipboard
val description: Output<String>?

A description for the Verified Access endpoint.

Link copied to clipboard
val deviceValidationDomain: Output<String>

Returned if endpoint has a device trust provider attached.

Link copied to clipboard
val domainCertificateArn: Output<String>?

The ARN of the public TLS/SSL certificate in AWS Certificate Manager to associate with the endpoint. The CN in the certificate must match the DNS name your end users will use to reach your application. This parameter is required if the endpoint type is load-balancer or network-interface.

Link copied to clipboard
val endpointDomain: Output<String>

A DNS name that is generated for the endpoint.

Link copied to clipboard
val endpointDomainPrefix: Output<String>?

A custom identifier that is prepended to the DNS name that is generated for the endpoint.

Link copied to clipboard
val endpointType: Output<String>

The type of Verified Access endpoint to create. Currently load-balancer or network-interface are supported.

Link copied to clipboard
val id: Output<String>
Link copied to clipboard
val loadBalancerOptions: Output<EndpointLoadBalancerOptions>?

The load balancer details. This parameter is required if the endpoint type is load-balancer.

Link copied to clipboard
val networkInterfaceOptions: Output<EndpointNetworkInterfaceOptions>?

The network interface details. This parameter is required if the endpoint type is network-interface.

Link copied to clipboard
val policyDocument: Output<String>?

The policy document that is associated with this resource.

Link copied to clipboard
val pulumiChildResources: Set<KotlinResource>
Link copied to clipboard
Link copied to clipboard
Link copied to clipboard
Link copied to clipboard
val securityGroupIds: Output<List<String>>?

List of the the security groups IDs to associate with the Verified Access endpoint.

Link copied to clipboard
val sseSpecification: Output<EndpointSseSpecification>

The options in use for server side encryption.

Link copied to clipboard
val tags: Output<Map<String, String>>?

Key-value tags for the Verified Access Endpoint. If configured with a provider default_tags configuration block present, tags with matching keys will overwrite those defined at the provider-level.

Link copied to clipboard
val tagsAll: Output<Map<String, String>>
Link copied to clipboard
val urn: Output<String>
Link copied to clipboard
val verifiedAccessGroupId: Output<String>

The ID of the Verified Access group to associate the endpoint with. The following arguments are optional:

Link copied to clipboard