Interface IClientVpnEndpointOptions
Options for a client VPN endpoint.
Namespace: Amazon.CDK.AWS.EC2
Assembly: Amazon.CDK.AWS.EC2.dll
Syntax (csharp)
public interface IClientVpnEndpointOptions
Syntax (vb)
Public Interface IClientVpnEndpointOptions
Remarks
ExampleMetadata: fixture=client-vpn infused
Examples
var endpoint = vpc.AddClientVpnEndpoint("Endpoint", new ClientVpnEndpointOptions {
Cidr = "10.100.0.0/16",
ServerCertificateArn = "arn:aws:acm:us-east-1:123456789012:certificate/server-certificate-id",
UserBasedAuthentication = ClientVpnUserBasedAuthentication.Federated(samlProvider),
AuthorizeAllUsersToVpcCidr = false
});
endpoint.AddAuthorizationRule("Rule", new ClientVpnAuthorizationRuleOptions {
Cidr = "10.0.10.0/32",
GroupId = "group-id"
});
Synopsis
Properties
AuthorizeAllUsersToVpcCidr | Whether to authorize all users to the VPC CIDR. |
Cidr | The IPv4 address range, in CIDR notation, from which to assign client IP addresses. |
ClientCertificateArn | The ARN of the client certificate for mutual authentication. |
ClientConnectionHandler | The AWS Lambda function used for connection authorization. |
ClientLoginBanner | Customizable text that will be displayed in a banner on AWS provided clients when a VPN session is established. |
Description | A brief description of the Client VPN endpoint. |
DnsServers | Information about the DNS servers to be used for DNS resolution. |
Logging | Whether to enable connections logging. |
LogGroup | A CloudWatch Logs log group for connection logging. |
LogStream | A CloudWatch Logs log stream for connection logging. |
Port | The port number to assign to the Client VPN endpoint for TCP and UDP traffic. |
SecurityGroups | The security groups to apply to the target network. |
SelfServicePortal | Specify whether to enable the self-service portal for the Client VPN endpoint. |
ServerCertificateArn | The ARN of the server certificate. |
SessionTimeout | The maximum VPN session duration time. |
SplitTunnel | Indicates whether split-tunnel is enabled on the AWS Client VPN endpoint. |
TransportProtocol | The transport protocol to be used by the VPN session. |
UserBasedAuthentication | The type of user-based authentication to use. |
VpcSubnets | Subnets to associate to the client VPN endpoint. |
Properties
AuthorizeAllUsersToVpcCidr
Whether to authorize all users to the VPC CIDR.
virtual Nullable<bool> AuthorizeAllUsersToVpcCidr { get; }
Property Value
System.Nullable<System.Boolean>
Remarks
This automatically creates an authorization rule. Set this to false
and
use addAuthorizationRule()
to create your own rules instead.
Default: true
Cidr
The IPv4 address range, in CIDR notation, from which to assign client IP addresses.
string Cidr { get; }
Property Value
System.String
Remarks
The address range cannot overlap with the local CIDR of the VPC in which the associated subnet is located, or the routes that you add manually.
Changing the address range will replace the Client VPN endpoint.
The CIDR block should be /22 or greater.
ClientCertificateArn
The ARN of the client certificate for mutual authentication.
virtual string ClientCertificateArn { get; }
Property Value
System.String
Remarks
The certificate must be signed by a certificate authority (CA) and it must be provisioned in AWS Certificate Manager (ACM).
Default: - use user-based authentication
ClientConnectionHandler
The AWS Lambda function used for connection authorization.
virtual IClientVpnConnectionHandler ClientConnectionHandler { get; }
Property Value
Remarks
The name of the Lambda function must begin with the AWSClientVPN-
prefix
Default: - no connection handler
ClientLoginBanner
Customizable text that will be displayed in a banner on AWS provided clients when a VPN session is established.
virtual string ClientLoginBanner { get; }
Property Value
System.String
Remarks
UTF-8 encoded characters only. Maximum of 1400 characters.
Default: - no banner is presented to the client
Description
A brief description of the Client VPN endpoint.
virtual string Description { get; }
Property Value
System.String
Remarks
Default: - no description
DnsServers
Information about the DNS servers to be used for DNS resolution.
virtual string[] DnsServers { get; }
Property Value
System.String[]
Remarks
A Client VPN endpoint can have up to two DNS servers.
Default: - use the DNS address configured on the device
Logging
Whether to enable connections logging.
virtual Nullable<bool> Logging { get; }
Property Value
System.Nullable<System.Boolean>
Remarks
Default: true
LogGroup
A CloudWatch Logs log group for connection logging.
virtual ILogGroup LogGroup { get; }
Property Value
Remarks
Default: - a new group is created
LogStream
A CloudWatch Logs log stream for connection logging.
virtual ILogStream LogStream { get; }
Property Value
Remarks
Default: - a new stream is created
Port
The port number to assign to the Client VPN endpoint for TCP and UDP traffic.
virtual Nullable<VpnPort> Port { get; }
Property Value
System.Nullable<VpnPort>
Remarks
Default: VpnPort.HTTPS
SecurityGroups
The security groups to apply to the target network.
virtual ISecurityGroup[] SecurityGroups { get; }
Property Value
Remarks
Default: - a new security group is created
SelfServicePortal
Specify whether to enable the self-service portal for the Client VPN endpoint.
virtual Nullable<bool> SelfServicePortal { get; }
Property Value
System.Nullable<System.Boolean>
Remarks
Default: true
ServerCertificateArn
The ARN of the server certificate.
string ServerCertificateArn { get; }
Property Value
System.String
SessionTimeout
The maximum VPN session duration time.
virtual Nullable<ClientVpnSessionTimeout> SessionTimeout { get; }
Property Value
System.Nullable<ClientVpnSessionTimeout>
Remarks
Default: ClientVpnSessionTimeout.TWENTY_FOUR_HOURS
SplitTunnel
Indicates whether split-tunnel is enabled on the AWS Client VPN endpoint.
virtual Nullable<bool> SplitTunnel { get; }
Property Value
System.Nullable<System.Boolean>
Remarks
Default: false
See: https://docs.aws.amazon.com/vpn/latest/clientvpn-admin/split-tunnel-vpn.html
TransportProtocol
The transport protocol to be used by the VPN session.
virtual Nullable<TransportProtocol> TransportProtocol { get; }
Property Value
System.Nullable<TransportProtocol>
Remarks
Default: TransportProtocol.UDP
UserBasedAuthentication
The type of user-based authentication to use.
virtual ClientVpnUserBasedAuthentication UserBasedAuthentication { get; }
Property Value
ClientVpnUserBasedAuthentication
Remarks
Default: - use mutual authentication
See: https://docs.aws.amazon.com/vpn/latest/clientvpn-admin/client-authentication.html
VpcSubnets
Subnets to associate to the client VPN endpoint.
virtual ISubnetSelection VpcSubnets { get; }
Property Value
Remarks
Default: - the VPC default strategy