AWS::EC2::VerifiedAccessEndpoint

An AWS Verified Access endpoint specifies the application that AWS Verified Access provides access to. It must be attached to an AWS Verified Access group. An AWS Verified Access endpoint must also have an attached access policy before you attached it to a group.

Syntax

To declare this entity in your AWS CloudFormation template, use the following syntax:

JSON


{
  "Type" : "AWS::EC2::VerifiedAccessEndpoint",
  "Properties" : {
      "ApplicationDomain" : String,
      "AttachmentType" : String,
      "CidrOptions" : CidrOptions,
      "Description" : String,
      "DomainCertificateArn" : String,
      "EndpointDomainPrefix" : String,
      "EndpointType" : String,
      "LoadBalancerOptions" : LoadBalancerOptions,
      "NetworkInterfaceOptions" : NetworkInterfaceOptions,
      "PolicyDocument" : String,
      "PolicyEnabled" : Boolean,
      "RdsOptions" : RdsOptions,
      "SecurityGroupIds" : [ String, ... ],
      "SseSpecification" : SseSpecification,
      "Tags" : [ Tag, ... ],
      "VerifiedAccessGroupId" : String
    }
}

YAML


Type: AWS::EC2::VerifiedAccessEndpoint
Properties:
  ApplicationDomain: String
  AttachmentType: String
  CidrOptions: 
    CidrOptions
  Description: String
  DomainCertificateArn: String
  EndpointDomainPrefix: String
  EndpointType: String
  LoadBalancerOptions: 
    LoadBalancerOptions
  NetworkInterfaceOptions: 
    NetworkInterfaceOptions
  PolicyDocument: String
  PolicyEnabled: Boolean
  RdsOptions: 
    RdsOptions
  SecurityGroupIds: 
    - String
  SseSpecification: 
    SseSpecification
  Tags: 
    - Tag
  VerifiedAccessGroupId: String

Properties

ApplicationDomain

The DNS name for users to reach your application.

Required: No

Type: String

Update requires: Replacement

AttachmentType

The type of attachment used to provide connectivity between the AWS Verified Access endpoint and the application.

Required: Yes

Type: String

Allowed values: vpc

Update requires: Replacement

CidrOptions

The options for a CIDR endpoint.

Required: No

Type: CidrOptions

Update requires: No interruption

Description

A description for the AWS Verified Access endpoint.

Required: No

Type: String

Update requires: No interruption

DomainCertificateArn

The ARN of a public TLS/SSL certificate imported into or created with ACM.

Required: No

Type: String

Update requires: Replacement

EndpointDomainPrefix

A custom identifier that is prepended to the DNS name that is generated for the endpoint.

Required: No

Type: String

Update requires: Replacement

EndpointType

The type of AWS Verified Access endpoint. Incoming application requests will be sent to an IP address, load balancer or a network interface depending on the endpoint type specified.

Required: Yes

Type: String

Allowed values: load-balancer | network-interface | rds | cidr

Update requires: Replacement

LoadBalancerOptions

The load balancer details if creating the AWS Verified Access endpoint as load-balancertype.

Required: No

Type: LoadBalancerOptions

Update requires: No interruption

NetworkInterfaceOptions

The options for network-interface type endpoint.

Required: No

Type: NetworkInterfaceOptions

Update requires: No interruption

PolicyDocument

The Verified Access policy document.

Required: No

Type: String

Update requires: No interruption

PolicyEnabled

The status of the Verified Access policy.

Required: No

Type: Boolean

Update requires: No interruption

RdsOptions

The options for an RDS endpoint.

Required: No

Type: RdsOptions

Update requires: No interruption

SecurityGroupIds

The IDs of the security groups for the endpoint.

Required: No

Type: Array of String

Update requires: Replacement

SseSpecification

The options for additional server side encryption.

Required: No

Type: SseSpecification

Update requires: No interruption

Tags

The tags.

Required: No

Type: Array of Tag

Update requires: No interruption

VerifiedAccessGroupId

The ID of the AWS Verified Access group.

Required: Yes

Type: String

Update requires: No interruption

Return values

Ref

When you pass the logical ID of this resource to the intrinsic Ref function, Ref returns the ID of the Verified Access endpoint.

For more information about using the Ref function, see Ref.

Fn::GetAtt

The Fn::GetAtt intrinsic function returns a value for a specified attribute of this type. The following are the available attributes and sample return values.

For more information about using the Fn::GetAtt intrinsic function, see Fn::GetAtt.

CreationTime: The creation time.
DeviceValidationDomain: Use this to construct the redirect URI to add to your OIDC provider's allow list.
EndpointDomain: The DNS name generated for the endpoint.
LastUpdatedTime: The last updated time.
Status: The endpoint status.
VerifiedAccessEndpointId: The ID of the Verified Access endpoint.
VerifiedAccessInstanceId: The instance identifier.

Warning Javascript is disabled or is unavailable in your browser.

To use the Amazon Web Services Documentation, Javascript must be enabled. Please refer to your browser's Help pages for instructions.

Document Conventions

Tag

CidrOptions