ClientVpnAuthorizationRuleOptions

class aws_cdk.aws_ec2.ClientVpnAuthorizationRuleOptions(*, cidr, description=None, group_id=None)

Bases: object

Options for a ClientVpnAuthorizationRule.

Parameters
  • cidr (str) – The IPv4 address range, in CIDR notation, of the network for which access is being authorized.

  • description (Optional[str]) – A brief description of the authorization rule. Default: - no description

  • group_id (Optional[str]) – The ID of the group to grant access to, for example, the Active Directory group or identity provider (IdP) group. Default: - authorize all groups

ExampleMetadata

fixture=client-vpn infused

Example:

endpoint = vpc.add_client_vpn_endpoint("Endpoint",
    cidr="10.100.0.0/16",
    server_certificate_arn="arn:aws:acm:us-east-1:123456789012:certificate/server-certificate-id",
    user_based_authentication=ec2.ClientVpnUserBasedAuthentication.federated(saml_provider),
    authorize_all_users_to_vpc_cidr=False
)

endpoint.add_authorization_rule("Rule",
    cidr="10.0.10.0/32",
    group_id="group-id"
)

Attributes

cidr

The IPv4 address range, in CIDR notation, of the network for which access is being authorized.

Return type

str

description

A brief description of the authorization rule.

Default
  • no description

Return type

Optional[str]

group_id

The ID of the group to grant access to, for example, the Active Directory group or identity provider (IdP) group.

Default
  • authorize all groups

Return type

Optional[str]