Class ClientVpnEndpointProps
Properties for a client VPN endpoint.
Inheritance
Namespace: Amazon.CDK.AWS.EC2
Assembly: Amazon.CDK.AWS.EC2.dll
Syntax (csharp)
public class ClientVpnEndpointProps : Object, IClientVpnEndpointProps, IClientVpnEndpointOptionsSyntax (vb)
Public Class ClientVpnEndpointProps
Inherits Object
Implements IClientVpnEndpointProps, IClientVpnEndpointOptionsRemarks
ExampleMetadata: fixture=_generated
Examples
// The code below shows an example of how to instantiate this type.
// The values are placeholders you should change.
using Amazon.CDK.AWS.EC2;
using Amazon.CDK.AWS.Logs;
IClientVpnConnectionHandler clientVpnConnectionHandler;
ClientVpnUserBasedAuthentication clientVpnUserBasedAuthentication;
LogGroup logGroup;
LogStream logStream;
SecurityGroup securityGroup;
Subnet subnet;
SubnetFilter subnetFilter;
Vpc vpc;
ClientVpnEndpointProps clientVpnEndpointProps = new ClientVpnEndpointProps {
Cidr = "cidr",
ServerCertificateArn = "serverCertificateArn",
Vpc = vpc,
// the properties below are optional
AuthorizeAllUsersToVpcCidr = false,
ClientCertificateArn = "clientCertificateArn",
ClientConnectionHandler = clientVpnConnectionHandler,
ClientLoginBanner = "clientLoginBanner",
Description = "description",
DnsServers = new [] { "dnsServers" },
Logging = false,
LogGroup = logGroup,
LogStream = logStream,
Port = VpnPort.HTTPS,
SecurityGroups = new [] { securityGroup },
SelfServicePortal = false,
SessionTimeout = ClientVpnSessionTimeout.EIGHT_HOURS,
SplitTunnel = false,
TransportProtocol = TransportProtocol.TCP,
UserBasedAuthentication = clientVpnUserBasedAuthentication,
VpcSubnets = new SubnetSelection {
AvailabilityZones = new [] { "availabilityZones" },
OnePerAz = false,
SubnetFilters = new [] { subnetFilter },
SubnetGroupName = "subnetGroupName",
SubnetName = "subnetName",
Subnets = new [] { subnet },
SubnetType = SubnetType.ISOLATED
}
};Synopsis
Constructors
| ClientVpnEndpointProps() |
Properties
| AuthorizeAllUsersToVpcCidr | Whether to authorize all users to the VPC CIDR. |
| Cidr | The IPv4 address range, in CIDR notation, from which to assign client IP addresses. |
| ClientCertificateArn | The ARN of the client certificate for mutual authentication. |
| ClientConnectionHandler | The AWS Lambda function used for connection authorization. |
| ClientLoginBanner | Customizable text that will be displayed in a banner on AWS provided clients when a VPN session is established. |
| Description | A brief description of the Client VPN endpoint. |
| DnsServers | Information about the DNS servers to be used for DNS resolution. |
| Logging | Whether to enable connections logging. |
| LogGroup | A CloudWatch Logs log group for connection logging. |
| LogStream | A CloudWatch Logs log stream for connection logging. |
| Port | The port number to assign to the Client VPN endpoint for TCP and UDP traffic. |
| SecurityGroups | The security groups to apply to the target network. |
| SelfServicePortal | Specify whether to enable the self-service portal for the Client VPN endpoint. |
| ServerCertificateArn | The ARN of the server certificate. |
| SessionTimeout | The maximum VPN session duration time. |
| SplitTunnel | Indicates whether split-tunnel is enabled on the AWS Client VPN endpoint. |
| TransportProtocol | The transport protocol to be used by the VPN session. |
| UserBasedAuthentication | The type of user-based authentication to use. |
| Vpc | The VPC to connect to. |
| VpcSubnets | Subnets to associate to the client VPN endpoint. |
Constructors
ClientVpnEndpointProps()
public ClientVpnEndpointProps()Properties
AuthorizeAllUsersToVpcCidr
Whether to authorize all users to the VPC CIDR.
public Nullable<bool> AuthorizeAllUsersToVpcCidr { get; set; }Property Value
System.Nullable<System.Boolean>
Remarks
This automatically creates an authorization rule. Set this to false and
use addAuthorizationRule() to create your own rules instead.
Default: true
Cidr
The IPv4 address range, in CIDR notation, from which to assign client IP addresses.
public string Cidr { get; set; }Property Value
System.String
Remarks
The address range cannot overlap with the local CIDR of the VPC in which the associated subnet is located, or the routes that you add manually.
Changing the address range will replace the Client VPN endpoint.
The CIDR block should be /22 or greater.
ClientCertificateArn
The ARN of the client certificate for mutual authentication.
public string ClientCertificateArn { get; set; }Property Value
System.String
Remarks
The certificate must be signed by a certificate authority (CA) and it must be provisioned in AWS Certificate Manager (ACM).
Default: - use user-based authentication
ClientConnectionHandler
The AWS Lambda function used for connection authorization.
public IClientVpnConnectionHandler ClientConnectionHandler { get; set; }Property Value
Remarks
The name of the Lambda function must begin with the AWSClientVPN- prefix
Default: - no connection handler
ClientLoginBanner
Customizable text that will be displayed in a banner on AWS provided clients when a VPN session is established.
public string ClientLoginBanner { get; set; }Property Value
System.String
Remarks
UTF-8 encoded characters only. Maximum of 1400 characters.
Default: - no banner is presented to the client
Description
A brief description of the Client VPN endpoint.
public string Description { get; set; }Property Value
System.String
Remarks
Default: - no description
DnsServers
Information about the DNS servers to be used for DNS resolution.
public string[] DnsServers { get; set; }Property Value
System.String[]
Remarks
A Client VPN endpoint can have up to two DNS servers.
Default: - use the DNS address configured on the device
Logging
Whether to enable connections logging.
public Nullable<bool> Logging { get; set; }Property Value
System.Nullable<System.Boolean>
Remarks
Default: true
LogGroup
A CloudWatch Logs log group for connection logging.
public ILogGroup LogGroup { get; set; }Property Value
Remarks
Default: - a new group is created
LogStream
A CloudWatch Logs log stream for connection logging.
public ILogStream LogStream { get; set; }Property Value
Remarks
Default: - a new stream is created
Port
The port number to assign to the Client VPN endpoint for TCP and UDP traffic.
public Nullable<VpnPort> Port { get; set; }Property Value
System.Nullable<VpnPort>
Remarks
Default: VpnPort.HTTPS
SecurityGroups
The security groups to apply to the target network.
public ISecurityGroup[] SecurityGroups { get; set; }Property Value
Remarks
Default: - a new security group is created
SelfServicePortal
Specify whether to enable the self-service portal for the Client VPN endpoint.
public Nullable<bool> SelfServicePortal { get; set; }Property Value
System.Nullable<System.Boolean>
Remarks
Default: true
ServerCertificateArn
The ARN of the server certificate.
public string ServerCertificateArn { get; set; }Property Value
System.String
SessionTimeout
The maximum VPN session duration time.
public Nullable<ClientVpnSessionTimeout> SessionTimeout { get; set; }Property Value
System.Nullable<ClientVpnSessionTimeout>
Remarks
Default: ClientVpnSessionTimeout.TWENTY_FOUR_HOURS
SplitTunnel
Indicates whether split-tunnel is enabled on the AWS Client VPN endpoint.
public Nullable<bool> SplitTunnel { get; set; }Property Value
System.Nullable<System.Boolean>
Remarks
Default: false
See: https://docs.aws.amazon.com/vpn/latest/clientvpn-admin/split-tunnel-vpn.html
TransportProtocol
The transport protocol to be used by the VPN session.
public Nullable<TransportProtocol> TransportProtocol { get; set; }Property Value
System.Nullable<TransportProtocol>
Remarks
Default: TransportProtocol.UDP
UserBasedAuthentication
The type of user-based authentication to use.
public ClientVpnUserBasedAuthentication UserBasedAuthentication { get; set; }Property Value
ClientVpnUserBasedAuthentication
Remarks
Default: - use mutual authentication
See: https://docs.aws.amazon.com/vpn/latest/clientvpn-admin/client-authentication.html
Vpc
VpcSubnets
Subnets to associate to the client VPN endpoint.
public ISubnetSelection VpcSubnets { get; set; }Property Value
Remarks
Default: - the VPC default strategy