Package software.amazon.awscdk.services.ec2

Interface CfnClientVpnEndpointProps

All Superinterfaces:

software.amazon.jsii.JsiiSerializable

All Known Implementing Classes:

CfnClientVpnEndpointProps.Jsii$Proxy

@Generated(value="jsii-pacmak/1.101.0 (build b95fe5d)",
           date="2024-07-12T19:34:00.432Z")
@Stability(Stable)
public interface CfnClientVpnEndpointProps
extends software.amazon.jsii.JsiiSerializable

Properties for defining a CfnClientVpnEndpoint.

Example:

 // The code below shows an example of how to instantiate this type.
 // The values are placeholders you should change.
 import software.amazon.awscdk.services.ec2.*;
 CfnClientVpnEndpointProps cfnClientVpnEndpointProps = CfnClientVpnEndpointProps.builder()
         .authenticationOptions(List.of(ClientAuthenticationRequestProperty.builder()
                 .type("type")
                 // the properties below are optional
                 .activeDirectory(DirectoryServiceAuthenticationRequestProperty.builder()
                         .directoryId("directoryId")
                         .build())
                 .federatedAuthentication(FederatedAuthenticationRequestProperty.builder()
                         .samlProviderArn("samlProviderArn")
                         // the properties below are optional
                         .selfServiceSamlProviderArn("selfServiceSamlProviderArn")
                         .build())
                 .mutualAuthentication(CertificateAuthenticationRequestProperty.builder()
                         .clientRootCertificateChainArn("clientRootCertificateChainArn")
                         .build())
                 .build()))
         .clientCidrBlock("clientCidrBlock")
         .connectionLogOptions(ConnectionLogOptionsProperty.builder()
                 .enabled(false)
                 // the properties below are optional
                 .cloudwatchLogGroup("cloudwatchLogGroup")
                 .cloudwatchLogStream("cloudwatchLogStream")
                 .build())
         .serverCertificateArn("serverCertificateArn")
         // the properties below are optional
         .clientConnectOptions(ClientConnectOptionsProperty.builder()
                 .enabled(false)
                 // the properties below are optional
                 .lambdaFunctionArn("lambdaFunctionArn")
                 .build())
         .clientLoginBannerOptions(ClientLoginBannerOptionsProperty.builder()
                 .enabled(false)
                 // the properties below are optional
                 .bannerText("bannerText")
                 .build())
         .description("description")
         .dnsServers(List.of("dnsServers"))
         .securityGroupIds(List.of("securityGroupIds"))
         .selfServicePortal("selfServicePortal")
         .sessionTimeoutHours(123)
         .splitTunnel(false)
         .tagSpecifications(List.of(TagSpecificationProperty.builder()
                 .resourceType("resourceType")
                 .tags(List.of(CfnTag.builder()
                         .key("key")
                         .value("value")
                         .build()))
                 .build()))
         .transportProtocol("transportProtocol")
         .vpcId("vpcId")
         .vpnPort(123)
         .build();
 

See Also:

• http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ec2-clientvpnendpoint.html

Nested Class Summary

Nested Classes

Modifier and Type	Interface	Description
static final class	CfnClientVpnEndpointProps.Builder	A builder for CfnClientVpnEndpointProps
static final class	CfnClientVpnEndpointProps.Jsii$Proxy	An implementation for CfnClientVpnEndpointProps

Method Summary

Modifier and Type	Method	Description
static CfnClientVpnEndpointProps.Builder	builder()
Object	getAuthenticationOptions()	Information about the authentication method to be used to authenticate clients.
String	getClientCidrBlock()	The IPv4 address range, in CIDR notation, from which to assign client IP addresses.
default Object	getClientConnectOptions()	The options for managing connection authorization for new client connections.
default Object	getClientLoginBannerOptions()	Options for enabling a customizable text banner that will be displayed on AWS provided clients when a VPN session is established.
Object	getConnectionLogOptions()	Information about the client connection logging options.
default String	getDescription()	A brief description of the Client VPN endpoint.
default List<String>	getDnsServers()	Information about the DNS servers to be used for DNS resolution.
default List<String>	getSecurityGroupIds()	The IDs of one or more security groups to apply to the target network.
default String	getSelfServicePortal()	Specify whether to enable the self-service portal for the Client VPN endpoint.
String	getServerCertificateArn()	The ARN of the server certificate.
default Number	getSessionTimeoutHours()	The maximum VPN session duration time in hours.
default Object	getSplitTunnel()	Indicates whether split-tunnel is enabled on the AWS Client VPN endpoint.
default Object	getTagSpecifications()	The tags to apply to the Client VPN endpoint during creation.
default String	getTransportProtocol()	The transport protocol to be used by the VPN session.
default String	getVpcId()	The ID of the VPC to associate with the Client VPN endpoint.
default Number	getVpnPort()	The port number to assign to the Client VPN endpoint for TCP and UDP traffic.

Methods inherited from interface software.amazon.jsii.JsiiSerializable

$jsii$toJson

Method Details

getAuthenticationOptions

@Stability(Stable)
@NotNull
Object getAuthenticationOptions()

Information about the authentication method to be used to authenticate clients.

See Also:

• http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ec2-clientvpnendpoint.html#cfn-ec2-clientvpnendpoint-authenticationoptions

getClientCidrBlock

@Stability(Stable)
@NotNull
String getClientCidrBlock()

The IPv4 address range, in CIDR notation, from which to assign client IP addresses.

The address range cannot overlap with the local CIDR of the VPC in which the associated subnet is located, or the routes that you add manually. The address range cannot be changed after the Client VPN endpoint has been created. Client CIDR range must have a size of at least /22 and must not be greater than /12.

See Also:

• http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ec2-clientvpnendpoint.html#cfn-ec2-clientvpnendpoint-clientcidrblock

getConnectionLogOptions

@Stability(Stable)
@NotNull
Object getConnectionLogOptions()

Information about the client connection logging options.

If you enable client connection logging, data about client connections is sent to a Cloudwatch Logs log stream. The following information is logged:

• Client connection requests
• Client connection results (successful and unsuccessful)
• Reasons for unsuccessful client connection requests
• Client connection termination time

See Also:

• http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ec2-clientvpnendpoint.html#cfn-ec2-clientvpnendpoint-connectionlogoptions

getServerCertificateArn

@Stability(Stable)
@NotNull
String getServerCertificateArn()

The ARN of the server certificate.

For more information, see the AWS Certificate Manager User Guide .

See Also:

• http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ec2-clientvpnendpoint.html#cfn-ec2-clientvpnendpoint-servercertificatearn

getClientConnectOptions

@Stability(Stable)
@Nullable
default Object getClientConnectOptions()

The options for managing connection authorization for new client connections.

See Also:

• http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ec2-clientvpnendpoint.html#cfn-ec2-clientvpnendpoint-clientconnectoptions

getClientLoginBannerOptions

@Stability(Stable)
@Nullable
default Object getClientLoginBannerOptions()

Options for enabling a customizable text banner that will be displayed on AWS provided clients when a VPN session is established.

See Also:

• http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ec2-clientvpnendpoint.html#cfn-ec2-clientvpnendpoint-clientloginbanneroptions

getDescription

@Stability(Stable)
@Nullable
default String getDescription()

A brief description of the Client VPN endpoint.

See Also:

• http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ec2-clientvpnendpoint.html#cfn-ec2-clientvpnendpoint-description

getDnsServers

@Stability(Stable)
@Nullable
default List<String> getDnsServers()

Information about the DNS servers to be used for DNS resolution.

A Client VPN endpoint can have up to two DNS servers. If no DNS server is specified, the DNS address configured on the device is used for the DNS server.

See Also:

• http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ec2-clientvpnendpoint.html#cfn-ec2-clientvpnendpoint-dnsservers

getSecurityGroupIds

@Stability(Stable)
@Nullable
default List<String> getSecurityGroupIds()

The IDs of one or more security groups to apply to the target network.

You must also specify the ID of the VPC that contains the security groups.

See Also:

• http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ec2-clientvpnendpoint.html#cfn-ec2-clientvpnendpoint-securitygroupids

getSelfServicePortal

@Stability(Stable)
@Nullable
default String getSelfServicePortal()

Specify whether to enable the self-service portal for the Client VPN endpoint.

Default Value: enabled

See Also:

• http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ec2-clientvpnendpoint.html#cfn-ec2-clientvpnendpoint-selfserviceportal

getSessionTimeoutHours

@Stability(Stable)
@Nullable
default Number getSessionTimeoutHours()

The maximum VPN session duration time in hours.

Valid values: 8 | 10 | 12 | 24

Default value: 24

See Also:

• http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ec2-clientvpnendpoint.html#cfn-ec2-clientvpnendpoint-sessiontimeouthours

getSplitTunnel

@Stability(Stable)
@Nullable
default Object getSplitTunnel()

Indicates whether split-tunnel is enabled on the AWS Client VPN endpoint.

By default, split-tunnel on a VPN endpoint is disabled.

For information about split-tunnel VPN endpoints, see Split-tunnel AWS Client VPN endpoint in the AWS Client VPN Administrator Guide .

See Also:

• http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ec2-clientvpnendpoint.html#cfn-ec2-clientvpnendpoint-splittunnel

getTagSpecifications

@Stability(Stable)
@Nullable
default Object getTagSpecifications()

The tags to apply to the Client VPN endpoint during creation.

See Also:

• http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ec2-clientvpnendpoint.html#cfn-ec2-clientvpnendpoint-tagspecifications

getTransportProtocol

@Stability(Stable)
@Nullable
default String getTransportProtocol()

The transport protocol to be used by the VPN session.

Default value: udp

See Also:

• http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ec2-clientvpnendpoint.html#cfn-ec2-clientvpnendpoint-transportprotocol

getVpcId

@Stability(Stable)
@Nullable
default String getVpcId()

The ID of the VPC to associate with the Client VPN endpoint.

If no security group IDs are specified in the request, the default security group for the VPC is applied.

See Also:

• http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ec2-clientvpnendpoint.html#cfn-ec2-clientvpnendpoint-vpcid

getVpnPort

@Stability(Stable)
@Nullable
default Number getVpnPort()

The port number to assign to the Client VPN endpoint for TCP and UDP traffic.

Valid Values: 443 | 1194

Default Value: 443

See Also:

• http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ec2-clientvpnendpoint.html#cfn-ec2-clientvpnendpoint-vpnport

builder

@Stability(Stable)
static CfnClientVpnEndpointProps.Builder builder()

Returns:

a CfnClientVpnEndpointProps.Builder of CfnClientVpnEndpointProps