AWS::EC2::VerifiedAccessEndpoint
An AWS Verified Access endpoint specifies the application that AWS Verified Access provides access to. It must be attached to an AWS Verified Access group. An AWS Verified Access endpoint must also have an attached access policy before you attached it to a group.
Syntax
To declare this entity in your AWS CloudFormation template, use the following syntax:
JSON
{ "Type" : "AWS::EC2::VerifiedAccessEndpoint", "Properties" : { "ApplicationDomain" :
String
, "AttachmentType" :String
, "Description" :String
, "DomainCertificateArn" :String
, "EndpointDomainPrefix" :String
, "EndpointType" :String
, "LoadBalancerOptions" :LoadBalancerOptions
, "NetworkInterfaceOptions" :NetworkInterfaceOptions
, "PolicyDocument" :String
, "PolicyEnabled" :Boolean
, "SecurityGroupIds" :[ String, ... ]
, "SseSpecification" :SseSpecification
, "Tags" :[ Tag, ... ]
, "VerifiedAccessGroupId" :String
} }
YAML
Type: AWS::EC2::VerifiedAccessEndpoint Properties: ApplicationDomain:
String
AttachmentType:String
Description:String
DomainCertificateArn:String
EndpointDomainPrefix:String
EndpointType:String
LoadBalancerOptions:LoadBalancerOptions
NetworkInterfaceOptions:NetworkInterfaceOptions
PolicyDocument:String
PolicyEnabled:Boolean
SecurityGroupIds:- String
SseSpecification:SseSpecification
Tags:- Tag
VerifiedAccessGroupId:String
Properties
ApplicationDomain
-
The DNS name for users to reach your application.
Required: Yes
Type: String
Update requires: Replacement
AttachmentType
-
The type of attachment used to provide connectivity between the AWS Verified Access endpoint and the application.
Required: Yes
Type: String
Allowed values:
vpc
Update requires: Replacement
Description
-
A description for the AWS Verified Access endpoint.
Required: No
Type: String
Update requires: No interruption
DomainCertificateArn
-
The ARN of a public TLS/SSL certificate imported into or created with ACM.
Required: Yes
Type: String
Update requires: Replacement
EndpointDomainPrefix
-
A custom identifier that is prepended to the DNS name that is generated for the endpoint.
Required: Yes
Type: String
Update requires: Replacement
EndpointType
-
The type of AWS Verified Access endpoint. Incoming application requests will be sent to an IP address, load balancer or a network interface depending on the endpoint type specified.
Required: Yes
Type: String
Allowed values:
load-balancer | network-interface | rds | cidr
Update requires: Replacement
LoadBalancerOptions
-
The load balancer details if creating the AWS Verified Access endpoint as
load-balancer
type.Required: No
Type: LoadBalancerOptions
Update requires: No interruption
NetworkInterfaceOptions
-
The options for network-interface type endpoint.
Required: No
Type: NetworkInterfaceOptions
Update requires: No interruption
PolicyDocument
-
The Verified Access policy document.
Required: No
Type: String
Update requires: No interruption
PolicyEnabled
-
The status of the Verified Access policy.
Required: No
Type: Boolean
Update requires: No interruption
SecurityGroupIds
-
The IDs of the security groups for the endpoint.
Required: No
Type: Array of String
Update requires: Replacement
SseSpecification
-
The options for additional server side encryption.
Required: No
Type: SseSpecification
Update requires: No interruption
-
The tags.
Required: No
Type: Array of Tag
Update requires: No interruption
VerifiedAccessGroupId
-
The ID of the AWS Verified Access group.
Required: Yes
Type: String
Update requires: No interruption
Return values
Ref
When you pass the logical ID of this resource to the intrinsic Ref
function, Ref
returns the ID of the Verified Access endpoint.
For more information about using the Ref
function, see Ref
.
Fn::GetAtt
The Fn::GetAtt
intrinsic function returns a value for a specified attribute of this type. The following are the available attributes and sample return values.
For more information about using the Fn::GetAtt
intrinsic function, see Fn::GetAtt
.
CreationTime
-
The creation time.
DeviceValidationDomain
-
Use this to construct the redirect URI to add to your OIDC provider's allow list.
EndpointDomain
-
The DNS name generated for the endpoint.
LastUpdatedTime
-
The last updated time.
Status
-
The endpoint status.
VerifiedAccessEndpointId
-
The ID of the Verified Access endpoint.
VerifiedAccessInstanceId
-
The instance identifier.