software.amazon.awscdk.services.ec2

Interface ClientVpnEndpointOptions

All Superinterfaces:

software.amazon.jsii.JsiiSerializable

All Known Subinterfaces:

ClientVpnEndpointProps

All Known Implementing Classes:

ClientVpnEndpointOptions.Jsii$Proxy, ClientVpnEndpointProps.Jsii$Proxy

@Generated(value="jsii-pacmak/1.74.0 (build 6d08790)",
           date="2023-05-19T23:09:26.198Z")
 @Stability(value=Stable)
public interface ClientVpnEndpointOptions
extends software.amazon.jsii.JsiiSerializable

Options for a client VPN endpoint.

Example:

 ClientVpnEndpoint endpoint = vpc.addClientVpnEndpoint("Endpoint", ClientVpnEndpointOptions.builder()
         .cidr("10.100.0.0/16")
         .serverCertificateArn("arn:aws:acm:us-east-1:123456789012:certificate/server-certificate-id")
         .userBasedAuthentication(ClientVpnUserBasedAuthentication.federated(samlProvider))
         .authorizeAllUsersToVpcCidr(false)
         .build());
 endpoint.addAuthorizationRule("Rule", ClientVpnAuthorizationRuleOptions.builder()
         .cidr("10.0.10.0/32")
         .groupId("group-id")
         .build());
 

Nested Class Summary

Nested Classes

Modifier and Type	Interface and Description
static class	ClientVpnEndpointOptions.Builder A builder for ClientVpnEndpointOptions
static class	ClientVpnEndpointOptions.Jsii$Proxy An implementation for ClientVpnEndpointOptions

Method Summary

Modifier and Type	Method and Description
static ClientVpnEndpointOptions.Builder	builder()
default Boolean	getAuthorizeAllUsersToVpcCidr() Whether to authorize all users to the VPC CIDR.
String	getCidr() The IPv4 address range, in CIDR notation, from which to assign client IP addresses.
default String	getClientCertificateArn() The ARN of the client certificate for mutual authentication.
default IClientVpnConnectionHandler	getClientConnectionHandler() The AWS Lambda function used for connection authorization.
default String	getClientLoginBanner() Customizable text that will be displayed in a banner on AWS provided clients when a VPN session is established.
default String	getDescription() A brief description of the Client VPN endpoint.
default List<String>	getDnsServers() Information about the DNS servers to be used for DNS resolution.
default Boolean	getLogging() Whether to enable connections logging.
default ILogGroup	getLogGroup() A CloudWatch Logs log group for connection logging.
default ILogStream	getLogStream() A CloudWatch Logs log stream for connection logging.
default VpnPort	getPort() The port number to assign to the Client VPN endpoint for TCP and UDP traffic.
default List<ISecurityGroup>	getSecurityGroups() The security groups to apply to the target network.
default Boolean	getSelfServicePortal() Specify whether to enable the self-service portal for the Client VPN endpoint.
String	getServerCertificateArn() The ARN of the server certificate.
default ClientVpnSessionTimeout	getSessionTimeout() The maximum VPN session duration time.
default Boolean	getSplitTunnel() Indicates whether split-tunnel is enabled on the AWS Client VPN endpoint.
default TransportProtocol	getTransportProtocol() The transport protocol to be used by the VPN session.
default ClientVpnUserBasedAuthentication	getUserBasedAuthentication() The type of user-based authentication to use.
default SubnetSelection	getVpcSubnets() Subnets to associate to the client VPN endpoint.

Methods inherited from interface software.amazon.jsii.JsiiSerializable

$jsii$toJson

Method Detail

getCidr

@Stability(value=Stable)
 @NotNull
String getCidr()

The IPv4 address range, in CIDR notation, from which to assign client IP addresses.

The address range cannot overlap with the local CIDR of the VPC in which the associated subnet is located, or the routes that you add manually.

Changing the address range will replace the Client VPN endpoint.

The CIDR block should be /22 or greater.

getServerCertificateArn

@Stability(value=Stable)
 @NotNull
String getServerCertificateArn()

The ARN of the server certificate.

getAuthorizeAllUsersToVpcCidr

@Stability(value=Stable)
 @Nullable
default Boolean getAuthorizeAllUsersToVpcCidr()

Whether to authorize all users to the VPC CIDR.

This automatically creates an authorization rule. Set this to false and use addAuthorizationRule() to create your own rules instead.

Default: true

getClientCertificateArn

@Stability(value=Stable)
 @Nullable
default String getClientCertificateArn()

The ARN of the client certificate for mutual authentication.

The certificate must be signed by a certificate authority (CA) and it must be provisioned in AWS Certificate Manager (ACM).

Default: - use user-based authentication

getClientConnectionHandler

@Stability(value=Stable)
 @Nullable
default IClientVpnConnectionHandler getClientConnectionHandler()

The AWS Lambda function used for connection authorization.

The name of the Lambda function must begin with the AWSClientVPN- prefix

Default: - no connection handler

getClientLoginBanner

@Stability(value=Stable)
 @Nullable
default String getClientLoginBanner()

Customizable text that will be displayed in a banner on AWS provided clients when a VPN session is established.

UTF-8 encoded characters only. Maximum of 1400 characters.

Default: - no banner is presented to the client

getDescription

@Stability(value=Stable)
 @Nullable
default String getDescription()

A brief description of the Client VPN endpoint.

Default: - no description

getDnsServers

@Stability(value=Stable)
 @Nullable
default List<String> getDnsServers()

Information about the DNS servers to be used for DNS resolution.

A Client VPN endpoint can have up to two DNS servers.

Default: - use the DNS address configured on the device

getLogging

@Stability(value=Stable)
 @Nullable
default Boolean getLogging()

Whether to enable connections logging.

Default: true

getLogGroup

@Stability(value=Stable)
 @Nullable
default ILogGroup getLogGroup()

A CloudWatch Logs log group for connection logging.

Default: - a new group is created

getLogStream

@Stability(value=Stable)
 @Nullable
default ILogStream getLogStream()

A CloudWatch Logs log stream for connection logging.

Default: - a new stream is created

getPort

@Stability(value=Stable)
 @Nullable
default VpnPort getPort()

The port number to assign to the Client VPN endpoint for TCP and UDP traffic.

Default: VpnPort.HTTPS

getSecurityGroups

@Stability(value=Stable)
 @Nullable
default List<ISecurityGroup> getSecurityGroups()

The security groups to apply to the target network.

Default: - a new security group is created

getSelfServicePortal

@Stability(value=Stable)
 @Nullable
default Boolean getSelfServicePortal()

Specify whether to enable the self-service portal for the Client VPN endpoint.

Default: true

getSessionTimeout

@Stability(value=Stable)
 @Nullable
default ClientVpnSessionTimeout getSessionTimeout()

The maximum VPN session duration time.

Default: ClientVpnSessionTimeout.TWENTY_FOUR_HOURS

getSplitTunnel

@Stability(value=Stable)
 @Nullable
default Boolean getSplitTunnel()

Indicates whether split-tunnel is enabled on the AWS Client VPN endpoint.

Default: false

See Also:

https://docs.aws.amazon.com/vpn/latest/clientvpn-admin/split-tunnel-vpn.html

getTransportProtocol

@Stability(value=Stable)
 @Nullable
default TransportProtocol getTransportProtocol()

The transport protocol to be used by the VPN session.

Default: TransportProtocol.UDP

getUserBasedAuthentication

@Stability(value=Stable)
 @Nullable
default ClientVpnUserBasedAuthentication getUserBasedAuthentication()

The type of user-based authentication to use.

Default: - use mutual authentication

See Also:

https://docs.aws.amazon.com/vpn/latest/clientvpn-admin/client-authentication.html

getVpcSubnets

@Stability(value=Stable)
 @Nullable
default SubnetSelection getVpcSubnets()

Subnets to associate to the client VPN endpoint.

Default: - the VPC default strategy

builder

@Stability(value=Stable)
static ClientVpnEndpointOptions.Builder builder()

Returns:

a ClientVpnEndpointOptions.Builder of ClientVpnEndpointOptions