ec2clientvpn

package
v3.12.1 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Nov 6, 2020 License: Apache-2.0 Imports: 4 Imported by: 0

Documentation

Index

Constants

This section is empty.

Variables

This section is empty.

Functions

This section is empty.

Types

type AuthorizationRule 

type AuthorizationRule struct {
	pulumi.CustomResourceState

	// The ID of the group to which the authorization rule grants access. One of `accessGroupId` or `authorizeAllGroups` must be set.
	AccessGroupId pulumi.StringPtrOutput `pulumi:"accessGroupId"`
	// Indicates whether the authorization rule grants access to all clients. One of `accessGroupId` or `authorizeAllGroups` must be set.
	AuthorizeAllGroups pulumi.BoolPtrOutput `pulumi:"authorizeAllGroups"`
	// The ID of the Client VPN endpoint.
	ClientVpnEndpointId pulumi.StringOutput `pulumi:"clientVpnEndpointId"`
	// A brief description of the authorization rule.
	Description pulumi.StringPtrOutput `pulumi:"description"`
	// The IPv4 address range, in CIDR notation, of the network to which the authorization rule applies.
	TargetNetworkCidr pulumi.StringOutput `pulumi:"targetNetworkCidr"`
}

Provides authorization rules for AWS Client VPN endpoints. For more information on usage, please see the [AWS Client VPN Administrator's Guide](https://docs.aws.amazon.com/vpn/latest/clientvpn-admin/what-is.html).

## Example Usage

```go package main

import ( 

"github.com/pulumi/pulumi-aws/sdk/v3/go/aws/ec2clientvpn"
"github.com/pulumi/pulumi/sdk/v2/go/pulumi"

) 

func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		_, err := ec2clientvpn.NewAuthorizationRule(ctx, "example", &ec2clientvpn.AuthorizationRuleArgs{
			ClientVpnEndpointId: pulumi.Any(aws_ec2_client_vpn_endpoint.Example.Id),
			TargetNetworkCidr:   pulumi.Any(aws_subnet.Example.Cidr_block),
			AuthorizeAllGroups:  pulumi.Bool(true),
		})
		if err != nil {
			return err
		}
		return nil
	})
}

```

func GetAuthorizationRule 

func GetAuthorizationRule(ctx *pulumi.Context,
	name string, id pulumi.IDInput, state *AuthorizationRuleState, opts ...pulumi.ResourceOption) (*AuthorizationRule, error)

GetAuthorizationRule gets an existing AuthorizationRule resource's state with the given name, ID, and optional state properties that are used to uniquely qualify the lookup (nil if not required).

func NewAuthorizationRule 

func NewAuthorizationRule(ctx *pulumi.Context,
	name string, args *AuthorizationRuleArgs, opts ...pulumi.ResourceOption) (*AuthorizationRule, error)

NewAuthorizationRule registers a new resource with the given unique name, arguments, and options.

type AuthorizationRuleArgs 

type AuthorizationRuleArgs struct {
	// The ID of the group to which the authorization rule grants access. One of `accessGroupId` or `authorizeAllGroups` must be set.
	AccessGroupId pulumi.StringPtrInput
	// Indicates whether the authorization rule grants access to all clients. One of `accessGroupId` or `authorizeAllGroups` must be set.
	AuthorizeAllGroups pulumi.BoolPtrInput
	// The ID of the Client VPN endpoint.
	ClientVpnEndpointId pulumi.StringInput
	// A brief description of the authorization rule.
	Description pulumi.StringPtrInput
	// The IPv4 address range, in CIDR notation, of the network to which the authorization rule applies.
	TargetNetworkCidr pulumi.StringInput
}

The set of arguments for constructing a AuthorizationRule resource.

func (AuthorizationRuleArgs) ElementType 

func (AuthorizationRuleArgs) ElementType() reflect.Type

type AuthorizationRuleState 

type AuthorizationRuleState struct {
	// The ID of the group to which the authorization rule grants access. One of `accessGroupId` or `authorizeAllGroups` must be set.
	AccessGroupId pulumi.StringPtrInput
	// Indicates whether the authorization rule grants access to all clients. One of `accessGroupId` or `authorizeAllGroups` must be set.
	AuthorizeAllGroups pulumi.BoolPtrInput
	// The ID of the Client VPN endpoint.
	ClientVpnEndpointId pulumi.StringPtrInput
	// A brief description of the authorization rule.
	Description pulumi.StringPtrInput
	// The IPv4 address range, in CIDR notation, of the network to which the authorization rule applies.
	TargetNetworkCidr pulumi.StringPtrInput
}

func (AuthorizationRuleState) ElementType 

func (AuthorizationRuleState) ElementType() reflect.Type

type Endpoint 

type Endpoint struct {
	pulumi.CustomResourceState

	// The ARN of the Client VPN endpoint.
	Arn pulumi.StringOutput `pulumi:"arn"`
	// Information about the authentication method to be used to authenticate clients.
	AuthenticationOptions EndpointAuthenticationOptionArrayOutput `pulumi:"authenticationOptions"`
	// The IPv4 address range, in CIDR notation, from which to assign client IP addresses. The address range cannot overlap with the local CIDR of the VPC in which the associated subnet is located, or the routes that you add manually. The address range cannot be changed after the Client VPN endpoint has been created. The CIDR block should be /22 or greater.
	ClientCidrBlock pulumi.StringOutput `pulumi:"clientCidrBlock"`
	// Information about the client connection logging options.
	ConnectionLogOptions EndpointConnectionLogOptionsOutput `pulumi:"connectionLogOptions"`
	// Name of the repository.
	Description pulumi.StringPtrOutput `pulumi:"description"`
	// The DNS name to be used by clients when establishing their VPN session.
	DnsName pulumi.StringOutput `pulumi:"dnsName"`
	// Information about the DNS servers to be used for DNS resolution. A Client VPN endpoint can have up to two DNS servers. If no DNS server is specified, the DNS address of the VPC that is to be associated with Client VPN endpoint is used as the DNS server.
	DnsServers pulumi.StringArrayOutput `pulumi:"dnsServers"`
	// The ARN of the ACM server certificate.
	ServerCertificateArn pulumi.StringOutput `pulumi:"serverCertificateArn"`
	// Indicates whether split-tunnel is enabled on VPN endpoint. Default value is `false`.
	SplitTunnel pulumi.BoolPtrOutput `pulumi:"splitTunnel"`
	// The current state of the Client VPN endpoint.
	Status pulumi.StringOutput `pulumi:"status"`
	// A mapping of tags to assign to the resource.
	Tags pulumi.StringMapOutput `pulumi:"tags"`
	// The transport protocol to be used by the VPN session. Default value is `udp`.
	TransportProtocol pulumi.StringPtrOutput `pulumi:"transportProtocol"`
}

Provides an AWS Client VPN endpoint for OpenVPN clients. For more information on usage, please see the [AWS Client VPN Administrator's Guide](https://docs.aws.amazon.com/vpn/latest/clientvpn-admin/what-is.html).

## Example Usage

```go package main

import ( 

"github.com/pulumi/pulumi-aws/sdk/v3/go/aws/ec2clientvpn"
"github.com/pulumi/pulumi/sdk/v2/go/pulumi"

) 

func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		_, err := ec2clientvpn.NewEndpoint(ctx, "example", &ec2clientvpn.EndpointArgs{
			Description:          pulumi.String("clientvpn-example"),
			ServerCertificateArn: pulumi.Any(aws_acm_certificate.Cert.Arn),
			ClientCidrBlock:      pulumi.String("10.0.0.0/16"),
			AuthenticationOptions: ec2clientvpn.EndpointAuthenticationOptionArray{
				&ec2clientvpn.EndpointAuthenticationOptionArgs{
					Type:                    pulumi.String("certificate-authentication"),
					RootCertificateChainArn: pulumi.Any(aws_acm_certificate.Root_cert.Arn),
				},
			},
			ConnectionLogOptions: &ec2clientvpn.EndpointConnectionLogOptionsArgs{
				Enabled:             pulumi.Bool(true),
				CloudwatchLogGroup:  pulumi.Any(aws_cloudwatch_log_group.Lg.Name),
				CloudwatchLogStream: pulumi.Any(aws_cloudwatch_log_stream.Ls.Name),
			},
		})
		if err != nil {
			return err
		}
		return nil
	})
}

```

func GetEndpoint 

func GetEndpoint(ctx *pulumi.Context,
	name string, id pulumi.IDInput, state *EndpointState, opts ...pulumi.ResourceOption) (*Endpoint, error)

GetEndpoint gets an existing Endpoint resource's state with the given name, ID, and optional state properties that are used to uniquely qualify the lookup (nil if not required).

func NewEndpoint 

func NewEndpoint(ctx *pulumi.Context,
	name string, args *EndpointArgs, opts ...pulumi.ResourceOption) (*Endpoint, error)

NewEndpoint registers a new resource with the given unique name, arguments, and options.

type EndpointArgs 

type EndpointArgs struct {
	// Information about the authentication method to be used to authenticate clients.
	AuthenticationOptions EndpointAuthenticationOptionArrayInput
	// The IPv4 address range, in CIDR notation, from which to assign client IP addresses. The address range cannot overlap with the local CIDR of the VPC in which the associated subnet is located, or the routes that you add manually. The address range cannot be changed after the Client VPN endpoint has been created. The CIDR block should be /22 or greater.
	ClientCidrBlock pulumi.StringInput
	// Information about the client connection logging options.
	ConnectionLogOptions EndpointConnectionLogOptionsInput
	// Name of the repository.
	Description pulumi.StringPtrInput
	// Information about the DNS servers to be used for DNS resolution. A Client VPN endpoint can have up to two DNS servers. If no DNS server is specified, the DNS address of the VPC that is to be associated with Client VPN endpoint is used as the DNS server.
	DnsServers pulumi.StringArrayInput
	// The ARN of the ACM server certificate.
	ServerCertificateArn pulumi.StringInput
	// Indicates whether split-tunnel is enabled on VPN endpoint. Default value is `false`.
	SplitTunnel pulumi.BoolPtrInput
	// A mapping of tags to assign to the resource.
	Tags pulumi.StringMapInput
	// The transport protocol to be used by the VPN session. Default value is `udp`.
	TransportProtocol pulumi.StringPtrInput
}

The set of arguments for constructing a Endpoint resource.

func (EndpointArgs) ElementType 

func (EndpointArgs) ElementType() reflect.Type

type EndpointAuthenticationOption 

type EndpointAuthenticationOption struct {
	// The ID of the Active Directory to be used for authentication if type is `directory-service-authentication`.
	ActiveDirectoryId *string `pulumi:"activeDirectoryId"`
	// The ARN of the client certificate. The certificate must be signed by a certificate authority (CA) and it must be provisioned in AWS Certificate Manager (ACM). Only necessary when type is set to `certificate-authentication`.
	RootCertificateChainArn *string `pulumi:"rootCertificateChainArn"`
	// The ARN of the IAM SAML identity provider if type is `federated-authentication`.
	SamlProviderArn *string `pulumi:"samlProviderArn"`
	// The type of client authentication to be used. Specify `certificate-authentication` to use certificate-based authentication, `directory-service-authentication` to use Active Directory authentication, or `federated-authentication` to use Federated Authentication via SAML 2.0.
	Type string `pulumi:"type"`
}

type EndpointAuthenticationOptionArgs 

type EndpointAuthenticationOptionArgs struct {
	// The ID of the Active Directory to be used for authentication if type is `directory-service-authentication`.
	ActiveDirectoryId pulumi.StringPtrInput `pulumi:"activeDirectoryId"`
	// The ARN of the client certificate. The certificate must be signed by a certificate authority (CA) and it must be provisioned in AWS Certificate Manager (ACM). Only necessary when type is set to `certificate-authentication`.
	RootCertificateChainArn pulumi.StringPtrInput `pulumi:"rootCertificateChainArn"`
	// The ARN of the IAM SAML identity provider if type is `federated-authentication`.
	SamlProviderArn pulumi.StringPtrInput `pulumi:"samlProviderArn"`
	// The type of client authentication to be used. Specify `certificate-authentication` to use certificate-based authentication, `directory-service-authentication` to use Active Directory authentication, or `federated-authentication` to use Federated Authentication via SAML 2.0.
	Type pulumi.StringInput `pulumi:"type"`
}

func (EndpointAuthenticationOptionArgs) ElementType 

func (EndpointAuthenticationOptionArgs) ElementType() reflect.Type

func (EndpointAuthenticationOptionArgs) ToEndpointAuthenticationOptionOutput 

func (i EndpointAuthenticationOptionArgs) ToEndpointAuthenticationOptionOutput() EndpointAuthenticationOptionOutput

func (EndpointAuthenticationOptionArgs) ToEndpointAuthenticationOptionOutputWithContext 

func (i EndpointAuthenticationOptionArgs) ToEndpointAuthenticationOptionOutputWithContext(ctx context.Context) EndpointAuthenticationOptionOutput

type EndpointAuthenticationOptionArray 

type EndpointAuthenticationOptionArray []EndpointAuthenticationOptionInput

func (EndpointAuthenticationOptionArray) ElementType 

func (EndpointAuthenticationOptionArray) ElementType() reflect.Type

func (EndpointAuthenticationOptionArray) ToEndpointAuthenticationOptionArrayOutput 

func (i EndpointAuthenticationOptionArray) ToEndpointAuthenticationOptionArrayOutput() EndpointAuthenticationOptionArrayOutput

func (EndpointAuthenticationOptionArray) ToEndpointAuthenticationOptionArrayOutputWithContext 

func (i EndpointAuthenticationOptionArray) ToEndpointAuthenticationOptionArrayOutputWithContext(ctx context.Context) EndpointAuthenticationOptionArrayOutput

type EndpointAuthenticationOptionArrayInput 

type EndpointAuthenticationOptionArrayInput interface {
	pulumi.Input

	ToEndpointAuthenticationOptionArrayOutput() EndpointAuthenticationOptionArrayOutput
	ToEndpointAuthenticationOptionArrayOutputWithContext(context.Context) EndpointAuthenticationOptionArrayOutput
}

EndpointAuthenticationOptionArrayInput is an input type that accepts EndpointAuthenticationOptionArray and EndpointAuthenticationOptionArrayOutput values. You can construct a concrete instance of `EndpointAuthenticationOptionArrayInput` via: 

EndpointAuthenticationOptionArray{ EndpointAuthenticationOptionArgs{...} }

type EndpointAuthenticationOptionArrayOutput 

type EndpointAuthenticationOptionArrayOutput struct{ *pulumi.OutputState }

func (EndpointAuthenticationOptionArrayOutput) ElementType 

func (EndpointAuthenticationOptionArrayOutput) ElementType() reflect.Type

func (EndpointAuthenticationOptionArrayOutput) Index 

func (o EndpointAuthenticationOptionArrayOutput) Index(i pulumi.IntInput) EndpointAuthenticationOptionOutput

func (EndpointAuthenticationOptionArrayOutput) ToEndpointAuthenticationOptionArrayOutput 

func (o EndpointAuthenticationOptionArrayOutput) ToEndpointAuthenticationOptionArrayOutput() EndpointAuthenticationOptionArrayOutput

func (EndpointAuthenticationOptionArrayOutput) ToEndpointAuthenticationOptionArrayOutputWithContext 

func (o EndpointAuthenticationOptionArrayOutput) ToEndpointAuthenticationOptionArrayOutputWithContext(ctx context.Context) EndpointAuthenticationOptionArrayOutput

type EndpointAuthenticationOptionInput 

type EndpointAuthenticationOptionInput interface {
	pulumi.Input

	ToEndpointAuthenticationOptionOutput() EndpointAuthenticationOptionOutput
	ToEndpointAuthenticationOptionOutputWithContext(context.Context) EndpointAuthenticationOptionOutput
}

EndpointAuthenticationOptionInput is an input type that accepts EndpointAuthenticationOptionArgs and EndpointAuthenticationOptionOutput values. You can construct a concrete instance of `EndpointAuthenticationOptionInput` via: 

EndpointAuthenticationOptionArgs{...}

type EndpointAuthenticationOptionOutput 

type EndpointAuthenticationOptionOutput struct{ *pulumi.OutputState }

func (EndpointAuthenticationOptionOutput) ActiveDirectoryId 

func (o EndpointAuthenticationOptionOutput) ActiveDirectoryId() pulumi.StringPtrOutput

The ID of the Active Directory to be used for authentication if type is `directory-service-authentication`.

func (EndpointAuthenticationOptionOutput) ElementType 

func (EndpointAuthenticationOptionOutput) ElementType() reflect.Type

func (EndpointAuthenticationOptionOutput) RootCertificateChainArn 

func (o EndpointAuthenticationOptionOutput) RootCertificateChainArn() pulumi.StringPtrOutput

The ARN of the client certificate. The certificate must be signed by a certificate authority (CA) and it must be provisioned in AWS Certificate Manager (ACM). Only necessary when type is set to `certificate-authentication`.

func (EndpointAuthenticationOptionOutput) SamlProviderArn added in v3.3.0 

func (o EndpointAuthenticationOptionOutput) SamlProviderArn() pulumi.StringPtrOutput

The ARN of the IAM SAML identity provider if type is `federated-authentication`.

func (EndpointAuthenticationOptionOutput) ToEndpointAuthenticationOptionOutput 

func (o EndpointAuthenticationOptionOutput) ToEndpointAuthenticationOptionOutput() EndpointAuthenticationOptionOutput

func (EndpointAuthenticationOptionOutput) ToEndpointAuthenticationOptionOutputWithContext 

func (o EndpointAuthenticationOptionOutput) ToEndpointAuthenticationOptionOutputWithContext(ctx context.Context) EndpointAuthenticationOptionOutput

func (EndpointAuthenticationOptionOutput) Type 

func (o EndpointAuthenticationOptionOutput) Type() pulumi.StringOutput

The type of client authentication to be used. Specify `certificate-authentication` to use certificate-based authentication, `directory-service-authentication` to use Active Directory authentication, or `federated-authentication` to use Federated Authentication via SAML 2.0.

type EndpointConnectionLogOptions 

type EndpointConnectionLogOptions struct {
	// The name of the CloudWatch Logs log group.
	CloudwatchLogGroup *string `pulumi:"cloudwatchLogGroup"`
	// The name of the CloudWatch Logs log stream to which the connection data is published.
	CloudwatchLogStream *string `pulumi:"cloudwatchLogStream"`
	// Indicates whether connection logging is enabled.
	Enabled bool `pulumi:"enabled"`
}

type EndpointConnectionLogOptionsArgs 

type EndpointConnectionLogOptionsArgs struct {
	// The name of the CloudWatch Logs log group.
	CloudwatchLogGroup pulumi.StringPtrInput `pulumi:"cloudwatchLogGroup"`
	// The name of the CloudWatch Logs log stream to which the connection data is published.
	CloudwatchLogStream pulumi.StringPtrInput `pulumi:"cloudwatchLogStream"`
	// Indicates whether connection logging is enabled.
	Enabled pulumi.BoolInput `pulumi:"enabled"`
}

func (EndpointConnectionLogOptionsArgs) ElementType 

func (EndpointConnectionLogOptionsArgs) ElementType() reflect.Type

func (EndpointConnectionLogOptionsArgs) ToEndpointConnectionLogOptionsOutput 

func (i EndpointConnectionLogOptionsArgs) ToEndpointConnectionLogOptionsOutput() EndpointConnectionLogOptionsOutput

func (EndpointConnectionLogOptionsArgs) ToEndpointConnectionLogOptionsOutputWithContext 

func (i EndpointConnectionLogOptionsArgs) ToEndpointConnectionLogOptionsOutputWithContext(ctx context.Context) EndpointConnectionLogOptionsOutput

func (EndpointConnectionLogOptionsArgs) ToEndpointConnectionLogOptionsPtrOutput 

func (i EndpointConnectionLogOptionsArgs) ToEndpointConnectionLogOptionsPtrOutput() EndpointConnectionLogOptionsPtrOutput

func (EndpointConnectionLogOptionsArgs) ToEndpointConnectionLogOptionsPtrOutputWithContext 

func (i EndpointConnectionLogOptionsArgs) ToEndpointConnectionLogOptionsPtrOutputWithContext(ctx context.Context) EndpointConnectionLogOptionsPtrOutput

type EndpointConnectionLogOptionsInput 

type EndpointConnectionLogOptionsInput interface {
	pulumi.Input

	ToEndpointConnectionLogOptionsOutput() EndpointConnectionLogOptionsOutput
	ToEndpointConnectionLogOptionsOutputWithContext(context.Context) EndpointConnectionLogOptionsOutput
}

EndpointConnectionLogOptionsInput is an input type that accepts EndpointConnectionLogOptionsArgs and EndpointConnectionLogOptionsOutput values. You can construct a concrete instance of `EndpointConnectionLogOptionsInput` via: 

EndpointConnectionLogOptionsArgs{...}

type EndpointConnectionLogOptionsOutput 

type EndpointConnectionLogOptionsOutput struct{ *pulumi.OutputState }

func (EndpointConnectionLogOptionsOutput) CloudwatchLogGroup 

func (o EndpointConnectionLogOptionsOutput) CloudwatchLogGroup() pulumi.StringPtrOutput

The name of the CloudWatch Logs log group.

func (EndpointConnectionLogOptionsOutput) CloudwatchLogStream 

func (o EndpointConnectionLogOptionsOutput) CloudwatchLogStream() pulumi.StringPtrOutput

The name of the CloudWatch Logs log stream to which the connection data is published.

func (EndpointConnectionLogOptionsOutput) ElementType 

func (EndpointConnectionLogOptionsOutput) ElementType() reflect.Type

func (EndpointConnectionLogOptionsOutput) Enabled 

func (o EndpointConnectionLogOptionsOutput) Enabled() pulumi.BoolOutput

Indicates whether connection logging is enabled.

func (EndpointConnectionLogOptionsOutput) ToEndpointConnectionLogOptionsOutput 

func (o EndpointConnectionLogOptionsOutput) ToEndpointConnectionLogOptionsOutput() EndpointConnectionLogOptionsOutput

func (EndpointConnectionLogOptionsOutput) ToEndpointConnectionLogOptionsOutputWithContext 

func (o EndpointConnectionLogOptionsOutput) ToEndpointConnectionLogOptionsOutputWithContext(ctx context.Context) EndpointConnectionLogOptionsOutput

func (EndpointConnectionLogOptionsOutput) ToEndpointConnectionLogOptionsPtrOutput 

func (o EndpointConnectionLogOptionsOutput) ToEndpointConnectionLogOptionsPtrOutput() EndpointConnectionLogOptionsPtrOutput

func (EndpointConnectionLogOptionsOutput) ToEndpointConnectionLogOptionsPtrOutputWithContext 

func (o EndpointConnectionLogOptionsOutput) ToEndpointConnectionLogOptionsPtrOutputWithContext(ctx context.Context) EndpointConnectionLogOptionsPtrOutput

type EndpointConnectionLogOptionsPtrInput 

type EndpointConnectionLogOptionsPtrInput interface {
	pulumi.Input

	ToEndpointConnectionLogOptionsPtrOutput() EndpointConnectionLogOptionsPtrOutput
	ToEndpointConnectionLogOptionsPtrOutputWithContext(context.Context) EndpointConnectionLogOptionsPtrOutput
}

EndpointConnectionLogOptionsPtrInput is an input type that accepts EndpointConnectionLogOptionsArgs, EndpointConnectionLogOptionsPtr and EndpointConnectionLogOptionsPtrOutput values. You can construct a concrete instance of `EndpointConnectionLogOptionsPtrInput` via: 

        EndpointConnectionLogOptionsArgs{...}

or:

        nil

func EndpointConnectionLogOptionsPtr 

func EndpointConnectionLogOptionsPtr(v *EndpointConnectionLogOptionsArgs) EndpointConnectionLogOptionsPtrInput

type EndpointConnectionLogOptionsPtrOutput 

type EndpointConnectionLogOptionsPtrOutput struct{ *pulumi.OutputState }

func (EndpointConnectionLogOptionsPtrOutput) CloudwatchLogGroup 

func (o EndpointConnectionLogOptionsPtrOutput) CloudwatchLogGroup() pulumi.StringPtrOutput

The name of the CloudWatch Logs log group.

func (EndpointConnectionLogOptionsPtrOutput) CloudwatchLogStream 

func (o EndpointConnectionLogOptionsPtrOutput) CloudwatchLogStream() pulumi.StringPtrOutput

The name of the CloudWatch Logs log stream to which the connection data is published.

func (EndpointConnectionLogOptionsPtrOutput) Elem 

func (o EndpointConnectionLogOptionsPtrOutput) Elem() EndpointConnectionLogOptionsOutput

func (EndpointConnectionLogOptionsPtrOutput) ElementType 

func (EndpointConnectionLogOptionsPtrOutput) ElementType() reflect.Type

func (EndpointConnectionLogOptionsPtrOutput) Enabled 

func (o EndpointConnectionLogOptionsPtrOutput) Enabled() pulumi.BoolPtrOutput

Indicates whether connection logging is enabled.

func (EndpointConnectionLogOptionsPtrOutput) ToEndpointConnectionLogOptionsPtrOutput 

func (o EndpointConnectionLogOptionsPtrOutput) ToEndpointConnectionLogOptionsPtrOutput() EndpointConnectionLogOptionsPtrOutput

func (EndpointConnectionLogOptionsPtrOutput) ToEndpointConnectionLogOptionsPtrOutputWithContext 

func (o EndpointConnectionLogOptionsPtrOutput) ToEndpointConnectionLogOptionsPtrOutputWithContext(ctx context.Context) EndpointConnectionLogOptionsPtrOutput

type EndpointState 

type EndpointState struct {
	// The ARN of the Client VPN endpoint.
	Arn pulumi.StringPtrInput
	// Information about the authentication method to be used to authenticate clients.
	AuthenticationOptions EndpointAuthenticationOptionArrayInput
	// The IPv4 address range, in CIDR notation, from which to assign client IP addresses. The address range cannot overlap with the local CIDR of the VPC in which the associated subnet is located, or the routes that you add manually. The address range cannot be changed after the Client VPN endpoint has been created. The CIDR block should be /22 or greater.
	ClientCidrBlock pulumi.StringPtrInput
	// Information about the client connection logging options.
	ConnectionLogOptions EndpointConnectionLogOptionsPtrInput
	// Name of the repository.
	Description pulumi.StringPtrInput
	// The DNS name to be used by clients when establishing their VPN session.
	DnsName pulumi.StringPtrInput
	// Information about the DNS servers to be used for DNS resolution. A Client VPN endpoint can have up to two DNS servers. If no DNS server is specified, the DNS address of the VPC that is to be associated with Client VPN endpoint is used as the DNS server.
	DnsServers pulumi.StringArrayInput
	// The ARN of the ACM server certificate.
	ServerCertificateArn pulumi.StringPtrInput
	// Indicates whether split-tunnel is enabled on VPN endpoint. Default value is `false`.
	SplitTunnel pulumi.BoolPtrInput
	// The current state of the Client VPN endpoint.
	Status pulumi.StringPtrInput
	// A mapping of tags to assign to the resource.
	Tags pulumi.StringMapInput
	// The transport protocol to be used by the VPN session. Default value is `udp`.
	TransportProtocol pulumi.StringPtrInput
}

func (EndpointState) ElementType 

func (EndpointState) ElementType() reflect.Type

type NetworkAssociation 

type NetworkAssociation struct {
	pulumi.CustomResourceState

	// The unique ID of the target network association.
	AssociationId pulumi.StringOutput `pulumi:"associationId"`
	// The ID of the Client VPN endpoint.
	ClientVpnEndpointId pulumi.StringOutput `pulumi:"clientVpnEndpointId"`
	// A list of up to five custom security groups to apply to the target network. If not specified, the VPC's default security group is assigned.
	SecurityGroups pulumi.StringArrayOutput `pulumi:"securityGroups"`
	// The current state of the target network association.
	Status pulumi.StringOutput `pulumi:"status"`
	// The ID of the subnet to associate with the Client VPN endpoint.
	SubnetId pulumi.StringOutput `pulumi:"subnetId"`
	// The ID of the VPC in which the target subnet is located.
	VpcId pulumi.StringOutput `pulumi:"vpcId"`
}

Provides network associations for AWS Client VPN endpoints. For more information on usage, please see the [AWS Client VPN Administrator's Guide](https://docs.aws.amazon.com/vpn/latest/clientvpn-admin/what-is.html).

## Example Usage ### Using default security group

```go package main

import ( 

"github.com/pulumi/pulumi-aws/sdk/v3/go/aws/ec2clientvpn"
"github.com/pulumi/pulumi/sdk/v2/go/pulumi"

) 

func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		_, err := ec2clientvpn.NewNetworkAssociation(ctx, "example", &ec2clientvpn.NetworkAssociationArgs{
			ClientVpnEndpointId: pulumi.Any(aws_ec2_client_vpn_endpoint.Example.Id),
			SubnetId:            pulumi.Any(aws_subnet.Example.Id),
		})
		if err != nil {
			return err
		}
		return nil
	})
}

```

func GetNetworkAssociation 

func GetNetworkAssociation(ctx *pulumi.Context,
	name string, id pulumi.IDInput, state *NetworkAssociationState, opts ...pulumi.ResourceOption) (*NetworkAssociation, error)

GetNetworkAssociation gets an existing NetworkAssociation resource's state with the given name, ID, and optional state properties that are used to uniquely qualify the lookup (nil if not required).

func NewNetworkAssociation 

func NewNetworkAssociation(ctx *pulumi.Context,
	name string, args *NetworkAssociationArgs, opts ...pulumi.ResourceOption) (*NetworkAssociation, error)

NewNetworkAssociation registers a new resource with the given unique name, arguments, and options.

type NetworkAssociationArgs 

type NetworkAssociationArgs struct {
	// The ID of the Client VPN endpoint.
	ClientVpnEndpointId pulumi.StringInput
	// A list of up to five custom security groups to apply to the target network. If not specified, the VPC's default security group is assigned.
	SecurityGroups pulumi.StringArrayInput
	// The ID of the subnet to associate with the Client VPN endpoint.
	SubnetId pulumi.StringInput
}

The set of arguments for constructing a NetworkAssociation resource.

func (NetworkAssociationArgs) ElementType 

func (NetworkAssociationArgs) ElementType() reflect.Type

type NetworkAssociationState 

type NetworkAssociationState struct {
	// The unique ID of the target network association.
	AssociationId pulumi.StringPtrInput
	// The ID of the Client VPN endpoint.
	ClientVpnEndpointId pulumi.StringPtrInput
	// A list of up to five custom security groups to apply to the target network. If not specified, the VPC's default security group is assigned.
	SecurityGroups pulumi.StringArrayInput
	// The current state of the target network association.
	Status pulumi.StringPtrInput
	// The ID of the subnet to associate with the Client VPN endpoint.
	SubnetId pulumi.StringPtrInput
	// The ID of the VPC in which the target subnet is located.
	VpcId pulumi.StringPtrInput
}

func (NetworkAssociationState) ElementType 

func (NetworkAssociationState) ElementType() reflect.Type

type Route 

type Route struct {
	pulumi.CustomResourceState

	// The ID of the Client VPN endpoint.
	ClientVpnEndpointId pulumi.StringOutput `pulumi:"clientVpnEndpointId"`
	// A brief description of the authorization rule.
	Description pulumi.StringPtrOutput `pulumi:"description"`
	// The IPv4 address range, in CIDR notation, of the route destination.
	DestinationCidrBlock pulumi.StringOutput `pulumi:"destinationCidrBlock"`
	// Indicates how the Client VPN route was added. Will be `add-route` for routes created by this resource.
	Origin pulumi.StringOutput `pulumi:"origin"`
	// The ID of the Subnet to route the traffic through. It must already be attached to the Client VPN.
	TargetVpcSubnetId pulumi.StringOutput `pulumi:"targetVpcSubnetId"`
	// The type of the route.
	Type pulumi.StringOutput `pulumi:"type"`
}

Provides additional routes for AWS Client VPN endpoints. For more information on usage, please see the [AWS Client VPN Administrator's Guide](https://docs.aws.amazon.com/vpn/latest/clientvpn-admin/what-is.html).

## Example Usage

```go package main

import ( 

"github.com/pulumi/pulumi-aws/sdk/v3/go/aws/ec2clientvpn"
"github.com/pulumi/pulumi/sdk/v2/go/pulumi"

) 

func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		exampleEndpoint, err := ec2clientvpn.NewEndpoint(ctx, "exampleEndpoint", &ec2clientvpn.EndpointArgs{
			Description:          pulumi.String("Example Client VPN endpoint"),
			ServerCertificateArn: pulumi.Any(aws_acm_certificate.Example.Arn),
			ClientCidrBlock:      pulumi.String("10.0.0.0/16"),
			AuthenticationOptions: ec2clientvpn.EndpointAuthenticationOptionArray{
				&ec2clientvpn.EndpointAuthenticationOptionArgs{
					Type:                    pulumi.String("certificate-authentication"),
					RootCertificateChainArn: pulumi.Any(aws_acm_certificate.Example.Arn),
				},
			},
			ConnectionLogOptions: &ec2clientvpn.EndpointConnectionLogOptionsArgs{
				Enabled: pulumi.Bool(false),
			},
		})
		if err != nil {
			return err
		}
		exampleNetworkAssociation, err := ec2clientvpn.NewNetworkAssociation(ctx, "exampleNetworkAssociation", &ec2clientvpn.NetworkAssociationArgs{
			ClientVpnEndpointId: exampleEndpoint.ID(),
			SubnetId:            pulumi.Any(aws_subnet.Example.Id),
		})
		if err != nil {
			return err
		}
		_, err = ec2clientvpn.NewRoute(ctx, "exampleRoute", &ec2clientvpn.RouteArgs{
			ClientVpnEndpointId:  exampleEndpoint.ID(),
			DestinationCidrBlock: pulumi.String("0.0.0.0/0"),
			TargetVpcSubnetId:    exampleNetworkAssociation.SubnetId,
		})
		if err != nil {
			return err
		}
		return nil
	})
}

```

func GetRoute 

func GetRoute(ctx *pulumi.Context,
	name string, id pulumi.IDInput, state *RouteState, opts ...pulumi.ResourceOption) (*Route, error)

GetRoute gets an existing Route resource's state with the given name, ID, and optional state properties that are used to uniquely qualify the lookup (nil if not required).

func NewRoute 

func NewRoute(ctx *pulumi.Context,
	name string, args *RouteArgs, opts ...pulumi.ResourceOption) (*Route, error)

NewRoute registers a new resource with the given unique name, arguments, and options.

type RouteArgs 

type RouteArgs struct {
	// The ID of the Client VPN endpoint.
	ClientVpnEndpointId pulumi.StringInput
	// A brief description of the authorization rule.
	Description pulumi.StringPtrInput
	// The IPv4 address range, in CIDR notation, of the route destination.
	DestinationCidrBlock pulumi.StringInput
	// The ID of the Subnet to route the traffic through. It must already be attached to the Client VPN.
	TargetVpcSubnetId pulumi.StringInput
}

The set of arguments for constructing a Route resource.

func (RouteArgs) ElementType 

func (RouteArgs) ElementType() reflect.Type

type RouteState 

type RouteState struct {
	// The ID of the Client VPN endpoint.
	ClientVpnEndpointId pulumi.StringPtrInput
	// A brief description of the authorization rule.
	Description pulumi.StringPtrInput
	// The IPv4 address range, in CIDR notation, of the route destination.
	DestinationCidrBlock pulumi.StringPtrInput
	// Indicates how the Client VPN route was added. Will be `add-route` for routes created by this resource.
	Origin pulumi.StringPtrInput
	// The ID of the Subnet to route the traffic through. It must already be attached to the Client VPN.
	TargetVpcSubnetId pulumi.StringPtrInput
	// The type of the route.
	Type pulumi.StringPtrInput
}

func (RouteState) ElementType 

func (RouteState) ElementType() reflect.Type

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.