Class ClientVpnEndpointProps
Properties for a client VPN endpoint.
Inherited Members
Namespace: Amazon.CDK.AWS.EC2
Assembly: Amazon.CDK.Lib.dll
Syntax (csharp)
public class ClientVpnEndpointProps : IClientVpnEndpointProps, IClientVpnEndpointOptionsSyntax (vb)
Public Class ClientVpnEndpointProps Implements IClientVpnEndpointProps, IClientVpnEndpointOptionsRemarks
ExampleMetadata: fixture=_generated
Examples
// The code below shows an example of how to instantiate this type.
// The values are placeholders you should change.
using Amazon.CDK.AWS.EC2;
using Amazon.CDK.AWS.Logs;
IClientVpnConnectionHandler clientVpnConnectionHandler;
ClientVpnUserBasedAuthentication clientVpnUserBasedAuthentication;
LogGroup logGroup;
LogStream logStream;
SecurityGroup securityGroup;
Subnet subnet;
SubnetFilter subnetFilter;
Vpc vpc;
var clientVpnEndpointProps = new ClientVpnEndpointProps {
Cidr = "cidr",
ServerCertificateArn = "serverCertificateArn",
Vpc = vpc,
// the properties below are optional
AuthorizeAllUsersToVpcCidr = false,
ClientCertificateArn = "clientCertificateArn",
ClientConnectionHandler = clientVpnConnectionHandler,
ClientLoginBanner = "clientLoginBanner",
ClientRouteEnforcementOptions = new ClientRouteEnforcementOptions {
Enforced = false
},
Description = "description",
DisconnectOnSessionTimeout = false,
DnsServers = new [] { "dnsServers" },
Logging = false,
LogGroup = logGroup,
LogStream = logStream,
Port = VpnPort.HTTPS,
SecurityGroups = new [] { securityGroup },
SelfServicePortal = false,
SessionTimeout = ClientVpnSessionTimeout.EIGHT_HOURS,
SplitTunnel = false,
TransportProtocol = TransportProtocol.TCP,
UserBasedAuthentication = clientVpnUserBasedAuthentication,
VpcSubnets = new SubnetSelection {
AvailabilityZones = new [] { "availabilityZones" },
OnePerAz = false,
SubnetFilters = new [] { subnetFilter },
SubnetGroupName = "subnetGroupName",
Subnets = new [] { subnet },
SubnetType = SubnetType.PRIVATE_ISOLATED
}
};Synopsis
Constructors
| ClientVpnEndpointProps() | Properties for a client VPN endpoint. |
Properties
| AuthorizeAllUsersToVpcCidr | Whether to authorize all users to the VPC CIDR. |
| Cidr | The IPv4 address range, in CIDR notation, from which to assign client IP addresses. |
| ClientCertificateArn | The ARN of the client certificate for mutual authentication. |
| ClientConnectionHandler | The AWS Lambda function used for connection authorization. |
| ClientLoginBanner | Customizable text that will be displayed in a banner on AWS provided clients when a VPN session is established. |
| ClientRouteEnforcementOptions | Options for Client Route Enforcement. |
| Description | A brief description of the Client VPN endpoint. |
| DisconnectOnSessionTimeout | Indicates whether the client VPN session is disconnected after the maximum |
| DnsServers | Information about the DNS servers to be used for DNS resolution. |
| LogGroup | A CloudWatch Logs log group for connection logging. |
| LogStream | A CloudWatch Logs log stream for connection logging. |
| Logging | Whether to enable connections logging. |
| Port | The port number to assign to the Client VPN endpoint for TCP and UDP traffic. |
| SecurityGroups | The security groups to apply to the target network. |
| SelfServicePortal | Specify whether to enable the self-service portal for the Client VPN endpoint. |
| ServerCertificateArn | The ARN of the server certificate. |
| SessionTimeout | The maximum VPN session duration time. |
| SplitTunnel | Indicates whether split-tunnel is enabled on the AWS Client VPN endpoint. |
| TransportProtocol | The transport protocol to be used by the VPN session. |
| UserBasedAuthentication | The type of user-based authentication to use. |
| Vpc | The VPC to connect to. |
| VpcSubnets | Subnets to associate to the client VPN endpoint. |
Constructors
ClientVpnEndpointProps()
Properties for a client VPN endpoint.
public ClientVpnEndpointProps()Remarks
ExampleMetadata: fixture=_generated
Examples
// The code below shows an example of how to instantiate this type.
// The values are placeholders you should change.
using Amazon.CDK.AWS.EC2;
using Amazon.CDK.AWS.Logs;
IClientVpnConnectionHandler clientVpnConnectionHandler;
ClientVpnUserBasedAuthentication clientVpnUserBasedAuthentication;
LogGroup logGroup;
LogStream logStream;
SecurityGroup securityGroup;
Subnet subnet;
SubnetFilter subnetFilter;
Vpc vpc;
var clientVpnEndpointProps = new ClientVpnEndpointProps {
Cidr = "cidr",
ServerCertificateArn = "serverCertificateArn",
Vpc = vpc,
// the properties below are optional
AuthorizeAllUsersToVpcCidr = false,
ClientCertificateArn = "clientCertificateArn",
ClientConnectionHandler = clientVpnConnectionHandler,
ClientLoginBanner = "clientLoginBanner",
ClientRouteEnforcementOptions = new ClientRouteEnforcementOptions {
Enforced = false
},
Description = "description",
DisconnectOnSessionTimeout = false,
DnsServers = new [] { "dnsServers" },
Logging = false,
LogGroup = logGroup,
LogStream = logStream,
Port = VpnPort.HTTPS,
SecurityGroups = new [] { securityGroup },
SelfServicePortal = false,
SessionTimeout = ClientVpnSessionTimeout.EIGHT_HOURS,
SplitTunnel = false,
TransportProtocol = TransportProtocol.TCP,
UserBasedAuthentication = clientVpnUserBasedAuthentication,
VpcSubnets = new SubnetSelection {
AvailabilityZones = new [] { "availabilityZones" },
OnePerAz = false,
SubnetFilters = new [] { subnetFilter },
SubnetGroupName = "subnetGroupName",
Subnets = new [] { subnet },
SubnetType = SubnetType.PRIVATE_ISOLATED
}
};Properties
AuthorizeAllUsersToVpcCidr
Whether to authorize all users to the VPC CIDR.
public bool? AuthorizeAllUsersToVpcCidr { get; set; }Property Value
bool?
Remarks
This automatically creates an authorization rule. Set this to false and
use addAuthorizationRule() to create your own rules instead.
Default: true
Cidr
The IPv4 address range, in CIDR notation, from which to assign client IP addresses.
public string Cidr { get; set; }Property Value
Remarks
The address range cannot overlap with the local CIDR of the VPC in which the associated subnet is located, or the routes that you add manually.
Changing the address range will replace the Client VPN endpoint.
The CIDR block should be /22 or greater.
ClientCertificateArn
The ARN of the client certificate for mutual authentication.
public string? ClientCertificateArn { get; set; }Property Value
Remarks
The certificate must be signed by a certificate authority (CA) and it must be provisioned in AWS Certificate Manager (ACM).
Default: - use user-based authentication
ClientConnectionHandler
The AWS Lambda function used for connection authorization.
public IClientVpnConnectionHandler? ClientConnectionHandler { get; set; }Property Value
Remarks
The name of the Lambda function must begin with the AWSClientVPN- prefix
Default: - no connection handler
ClientLoginBanner
Customizable text that will be displayed in a banner on AWS provided clients when a VPN session is established.
public string? ClientLoginBanner { get; set; }Property Value
Remarks
UTF-8 encoded characters only. Maximum of 1400 characters.
Default: - no banner is presented to the client
ClientRouteEnforcementOptions
Options for Client Route Enforcement.
public IClientRouteEnforcementOptions? ClientRouteEnforcementOptions { get; set; }Property Value
IClientRouteEnforcementOptions
Remarks
Client Route Enforcement is a feature of Client VPN that helps enforce administrator defined routes on devices connected through the VPN. This feature helps improve your security posture by ensuring that network traffic originating from a connected client is not inadvertently sent outside the VPN tunnel.
Default: undefined - AWS Client VPN default setting is disable client route enforcement
See: https://docs.aws.amazon.com/vpn/latest/clientvpn-admin/cvpn-working-cre.html
Description
A brief description of the Client VPN endpoint.
public string? Description { get; set; }Property Value
Remarks
Default: - no description
DisconnectOnSessionTimeout
Indicates whether the client VPN session is disconnected after the maximum sessionTimeout is reached.
public bool? DisconnectOnSessionTimeout { get; set; }Property Value
bool?
Remarks
If true, users are prompted to reconnect client VPN.
If false, client VPN attempts to reconnect automatically.
Default: undefined - AWS Client VPN default is true
See: https://docs.aws.amazon.com/vpn/latest/clientvpn-admin/cvpn-working-max-duration.html
DnsServers
Information about the DNS servers to be used for DNS resolution.
public string[]? DnsServers { get; set; }Property Value
string[]
Remarks
A Client VPN endpoint can have up to two DNS servers.
Default: - use the DNS address configured on the device
LogGroup
A CloudWatch Logs log group for connection logging.
public ILogGroup? LogGroup { get; set; }Property Value
Remarks
Default: - a new group is created
LogStream
A CloudWatch Logs log stream for connection logging.
public ILogStream? LogStream { get; set; }Property Value
Remarks
Default: - a new stream is created
Logging
Whether to enable connections logging.
public bool? Logging { get; set; }Property Value
bool?
Remarks
Default: true
Port
The port number to assign to the Client VPN endpoint for TCP and UDP traffic.
public VpnPort? Port { get; set; }Property Value
Remarks
Default: VpnPort.HTTPS
SecurityGroups
The security groups to apply to the target network.
public ISecurityGroup[]? SecurityGroups { get; set; }Property Value
Remarks
Default: - a new security group is created
SelfServicePortal
Specify whether to enable the self-service portal for the Client VPN endpoint.
public bool? SelfServicePortal { get; set; }Property Value
bool?
Remarks
Default: true
ServerCertificateArn
The ARN of the server certificate.
public string ServerCertificateArn { get; set; }Property Value
Remarks
ExampleMetadata: fixture=_generated
SessionTimeout
The maximum VPN session duration time.
public ClientVpnSessionTimeout? SessionTimeout { get; set; }Property Value
Remarks
Default: ClientVpnSessionTimeout.TWENTY_FOUR_HOURS
SplitTunnel
Indicates whether split-tunnel is enabled on the AWS Client VPN endpoint.
public bool? SplitTunnel { get; set; }Property Value
bool?
Remarks
Default: false
See: https://docs.aws.amazon.com/vpn/latest/clientvpn-admin/split-tunnel-vpn.html
TransportProtocol
The transport protocol to be used by the VPN session.
public TransportProtocol? TransportProtocol { get; set; }Property Value
Remarks
Default: TransportProtocol.UDP
UserBasedAuthentication
The type of user-based authentication to use.
public ClientVpnUserBasedAuthentication? UserBasedAuthentication { get; set; }Property Value
ClientVpnUserBasedAuthentication
Remarks
Default: - use mutual authentication
See: https://docs.aws.amazon.com/vpn/latest/clientvpn-admin/client-authentication.html
Vpc
The VPC to connect to.
public IVpc Vpc { get; set; }Property Value
Remarks
ExampleMetadata: fixture=_generated
VpcSubnets
Subnets to associate to the client VPN endpoint.
public ISubnetSelection? VpcSubnets { get; set; }Property Value
Remarks
Default: - the VPC default strategy