software.amazon.awscdk.services.ec2

Interface ClientVpnEndpointOptions

All Known Subinterfaces:

ClientVpnEndpointProps

All Known Implementing Classes:

ClientVpnEndpointOptions.Jsii$Proxy, ClientVpnEndpointProps.Jsii$Proxy

@Generated(value="jsii-pacmak/1.63.2 (build a8a8833)",
           date="2022-08-09T19:16:37.390Z")
public interface ClientVpnEndpointOptions

Options for a client VPN endpoint.

Example:

 ClientVpnEndpoint endpoint = vpc.addClientVpnEndpoint("Endpoint", ClientVpnEndpointOptions.builder()
         .cidr("10.100.0.0/16")
         .serverCertificateArn("arn:aws:acm:us-east-1:123456789012:certificate/server-certificate-id")
         .userBasedAuthentication(ClientVpnUserBasedAuthentication.federated(samlProvider))
         .authorizeAllUsersToVpcCidr(false)
         .build());
 endpoint.addAuthorizationRule("Rule", ClientVpnAuthorizationRuleOptions.builder()
         .cidr("10.0.10.0/32")
         .groupId("group-id")
         .build());
 

Nested Class Summary

Nested Classes

Modifier and Type	Interface and Description
static class	ClientVpnEndpointOptions.Builder A builder for ClientVpnEndpointOptions
static class	ClientVpnEndpointOptions.Jsii$Proxy An implementation for ClientVpnEndpointOptions

Method Summary

Modifier and Type	Method and Description
static ClientVpnEndpointOptions.Builder	builder()
default java.lang.Boolean	getAuthorizeAllUsersToVpcCidr() Whether to authorize all users to the VPC CIDR.
java.lang.String	getCidr() The IPv4 address range, in CIDR notation, from which to assign client IP addresses.
default java.lang.String	getClientCertificateArn() The ARN of the client certificate for mutual authentication.
default IClientVpnConnectionHandler	getClientConnectionHandler() The AWS Lambda function used for connection authorization.
default java.lang.String	getClientLoginBanner() Customizable text that will be displayed in a banner on AWS provided clients when a VPN session is established.
default java.lang.String	getDescription() A brief description of the Client VPN endpoint.
default java.util.List<java.lang.String>	getDnsServers() Information about the DNS servers to be used for DNS resolution.
default java.lang.Boolean	getLogging() Whether to enable connections logging.
default ILogGroup	getLogGroup() A CloudWatch Logs log group for connection logging.
default ILogStream	getLogStream() A CloudWatch Logs log stream for connection logging.
default VpnPort	getPort() The port number to assign to the Client VPN endpoint for TCP and UDP traffic.
default java.util.List<ISecurityGroup>	getSecurityGroups() The security groups to apply to the target network.
default java.lang.Boolean	getSelfServicePortal() Specify whether to enable the self-service portal for the Client VPN endpoint.
java.lang.String	getServerCertificateArn() The ARN of the server certificate.
default ClientVpnSessionTimeout	getSessionTimeout() The maximum VPN session duration time.
default java.lang.Boolean	getSplitTunnel() Indicates whether split-tunnel is enabled on the AWS Client VPN endpoint.
default TransportProtocol	getTransportProtocol() The transport protocol to be used by the VPN session.
default ClientVpnUserBasedAuthentication	getUserBasedAuthentication() The type of user-based authentication to use.
default SubnetSelection	getVpcSubnets() Subnets to associate to the client VPN endpoint.

Method Detail

getCidr

java.lang.String getCidr()

The IPv4 address range, in CIDR notation, from which to assign client IP addresses.

The address range cannot overlap with the local CIDR of the VPC in which the associated subnet is located, or the routes that you add manually.

Changing the address range will replace the Client VPN endpoint.

The CIDR block should be /22 or greater.

getServerCertificateArn

java.lang.String getServerCertificateArn()

The ARN of the server certificate.

getAuthorizeAllUsersToVpcCidr

default java.lang.Boolean getAuthorizeAllUsersToVpcCidr()

Whether to authorize all users to the VPC CIDR.

This automatically creates an authorization rule. Set this to false and use addAuthorizationRule() to create your own rules instead.

Default: true

getClientCertificateArn

default java.lang.String getClientCertificateArn()

The ARN of the client certificate for mutual authentication.

The certificate must be signed by a certificate authority (CA) and it must be provisioned in AWS Certificate Manager (ACM).

Default: - use user-based authentication

getClientConnectionHandler

default IClientVpnConnectionHandler getClientConnectionHandler()

The AWS Lambda function used for connection authorization.

The name of the Lambda function must begin with the AWSClientVPN- prefix

Default: - no connection handler

getClientLoginBanner

default java.lang.String getClientLoginBanner()

Customizable text that will be displayed in a banner on AWS provided clients when a VPN session is established.

UTF-8 encoded characters only. Maximum of 1400 characters.

Default: - no banner is presented to the client

getDescription

default java.lang.String getDescription()

A brief description of the Client VPN endpoint.

Default: - no description

getDnsServers

default java.util.List<java.lang.String> getDnsServers()

Information about the DNS servers to be used for DNS resolution.

A Client VPN endpoint can have up to two DNS servers.

Default: - use the DNS address configured on the device

getLogging

default java.lang.Boolean getLogging()

Whether to enable connections logging.

Default: true

getLogGroup

default ILogGroup getLogGroup()

A CloudWatch Logs log group for connection logging.

Default: - a new group is created

getLogStream

default ILogStream getLogStream()

A CloudWatch Logs log stream for connection logging.

Default: - a new stream is created

getPort

default VpnPort getPort()

The port number to assign to the Client VPN endpoint for TCP and UDP traffic.

Default: VpnPort.HTTPS

getSecurityGroups

default java.util.List<ISecurityGroup> getSecurityGroups()

The security groups to apply to the target network.

Default: - a new security group is created

getSelfServicePortal

default java.lang.Boolean getSelfServicePortal()

Specify whether to enable the self-service portal for the Client VPN endpoint.

Default: true

getSessionTimeout

default ClientVpnSessionTimeout getSessionTimeout()

The maximum VPN session duration time.

Default: ClientVpnSessionTimeout.TWENTY_FOUR_HOURS

getSplitTunnel

default java.lang.Boolean getSplitTunnel()

Indicates whether split-tunnel is enabled on the AWS Client VPN endpoint.

Default: false

See Also:

https://docs.aws.amazon.com/vpn/latest/clientvpn-admin/split-tunnel-vpn.html

getTransportProtocol

default TransportProtocol getTransportProtocol()

The transport protocol to be used by the VPN session.

Default: TransportProtocol.UDP

getUserBasedAuthentication

default ClientVpnUserBasedAuthentication getUserBasedAuthentication()

The type of user-based authentication to use.

Default: - use mutual authentication

See Also:

https://docs.aws.amazon.com/vpn/latest/clientvpn-admin/client-authentication.html

getVpcSubnets

default SubnetSelection getVpcSubnets()

Subnets to associate to the client VPN endpoint.

Default: - the VPC default strategy

builder

static ClientVpnEndpointOptions.Builder builder()

Returns:

a ClientVpnEndpointOptions.Builder of ClientVpnEndpointOptions