AWS::EC2::VerifiedAccessEndpoint - AWS CloudFormation

AWS::EC2::VerifiedAccessEndpoint

An AWS Verified Access endpoint specifies the application that AWS Verified Access provides access to. It must be attached to an AWS Verified Access group. An AWS Verified Access endpoint must also have an attached access policy before you attached it to a group.

Syntax

To declare this entity in your AWS CloudFormation template, use the following syntax:

JSON

{ "Type" : "AWS::EC2::VerifiedAccessEndpoint", "Properties" : { "ApplicationDomain" : String, "AttachmentType" : String, "Description" : String, "DomainCertificateArn" : String, "EndpointDomainPrefix" : String, "EndpointType" : String, "LoadBalancerOptions" : LoadBalancerOptions, "NetworkInterfaceOptions" : NetworkInterfaceOptions, "PolicyDocument" : String, "PolicyEnabled" : Boolean, "SecurityGroupIds" : [ String, ... ], "SseSpecification" : SseSpecification, "Tags" : [ Tag, ... ], "VerifiedAccessGroupId" : String } }

Properties

ApplicationDomain

The DNS name for users to reach your application.

Required: Yes

Type: String

Update requires: Replacement

AttachmentType

The type of attachment used to provide connectivity between the AWS Verified Access endpoint and the application.

Required: Yes

Type: String

Allowed values: vpc

Update requires: Replacement

Description

A description for the AWS Verified Access endpoint.

Required: No

Type: String

Update requires: No interruption

DomainCertificateArn

The ARN of a public TLS/SSL certificate imported into or created with ACM.

Required: Yes

Type: String

Update requires: Replacement

EndpointDomainPrefix

A custom identifier that is prepended to the DNS name that is generated for the endpoint.

Required: Yes

Type: String

Update requires: Replacement

EndpointType

The type of AWS Verified Access endpoint. Incoming application requests will be sent to an IP address, load balancer or a network interface depending on the endpoint type specified.

Required: Yes

Type: String

Allowed values: load-balancer | network-interface | rds | cidr

Update requires: Replacement

LoadBalancerOptions

The load balancer details if creating the AWS Verified Access endpoint as load-balancertype.

Required: No

Type: LoadBalancerOptions

Update requires: No interruption

NetworkInterfaceOptions

The options for network-interface type endpoint.

Required: No

Type: NetworkInterfaceOptions

Update requires: No interruption

PolicyDocument

The Verified Access policy document.

Required: No

Type: String

Update requires: No interruption

PolicyEnabled

The status of the Verified Access policy.

Required: No

Type: Boolean

Update requires: No interruption

SecurityGroupIds

The IDs of the security groups for the endpoint.

Required: No

Type: Array of String

Update requires: Replacement

SseSpecification

The options for additional server side encryption.

Required: No

Type: SseSpecification

Update requires: No interruption

Tags

The tags.

Required: No

Type: Array of Tag

Update requires: No interruption

VerifiedAccessGroupId

The ID of the AWS Verified Access group.

Required: Yes

Type: String

Update requires: No interruption

Return values

Ref

When you pass the logical ID of this resource to the intrinsic Ref function, Ref returns the ID of the Verified Access endpoint.

For more information about using the Ref function, see Ref.

Fn::GetAtt

The Fn::GetAtt intrinsic function returns a value for a specified attribute of this type. The following are the available attributes and sample return values.

For more information about using the Fn::GetAtt intrinsic function, see Fn::GetAtt.

CreationTime

The creation time.

DeviceValidationDomain

Use this to construct the redirect URI to add to your OIDC provider's allow list.

EndpointDomain

The DNS name generated for the endpoint.

LastUpdatedTime

The last updated time.

Status

The endpoint status.

VerifiedAccessEndpointId

The ID of the Verified Access endpoint.

VerifiedAccessInstanceId

The instance identifier.