Interface ClientVpnEndpointOptions
- All Superinterfaces:
software.amazon.jsii.JsiiSerializable
- All Known Subinterfaces:
ClientVpnEndpointProps
- All Known Implementing Classes:
ClientVpnEndpointOptions.Jsii$Proxy
,ClientVpnEndpointProps.Jsii$Proxy
Example:
ClientVpnEndpoint endpoint = vpc.addClientVpnEndpoint("Endpoint", ClientVpnEndpointOptions.builder() .cidr("10.100.0.0/16") .serverCertificateArn("arn:aws:acm:us-east-1:123456789012:certificate/server-certificate-id") .userBasedAuthentication(ClientVpnUserBasedAuthentication.federated(samlProvider)) .authorizeAllUsersToVpcCidr(false) .build()); endpoint.addAuthorizationRule("Rule", ClientVpnAuthorizationRuleOptions.builder() .cidr("10.0.10.0/32") .groupId("group-id") .build());
-
Nested Class Summary
Modifier and TypeInterfaceDescriptionstatic final class
A builder forClientVpnEndpointOptions
static final class
An implementation forClientVpnEndpointOptions
-
Method Summary
Modifier and TypeMethodDescriptionbuilder()
default Boolean
Whether to authorize all users to the VPC CIDR.getCidr()
The IPv4 address range, in CIDR notation, from which to assign client IP addresses.default String
The ARN of the client certificate for mutual authentication.default IClientVpnConnectionHandler
The AWS Lambda function used for connection authorization.default String
Customizable text that will be displayed in a banner on AWS provided clients when a VPN session is established.default String
A brief description of the Client VPN endpoint.Information about the DNS servers to be used for DNS resolution.default Boolean
Whether to enable connections logging.default ILogGroup
A CloudWatch Logs log group for connection logging.default ILogStream
A CloudWatch Logs log stream for connection logging.default VpnPort
getPort()
The port number to assign to the Client VPN endpoint for TCP and UDP traffic.default List<ISecurityGroup>
The security groups to apply to the target network.default Boolean
Specify whether to enable the self-service portal for the Client VPN endpoint.The ARN of the server certificate.default ClientVpnSessionTimeout
The maximum VPN session duration time.default Boolean
Indicates whether split-tunnel is enabled on the AWS Client VPN endpoint.default TransportProtocol
The transport protocol to be used by the VPN session.default ClientVpnUserBasedAuthentication
The type of user-based authentication to use.default SubnetSelection
Subnets to associate to the client VPN endpoint.Methods inherited from interface software.amazon.jsii.JsiiSerializable
$jsii$toJson
-
Method Details
-
getCidr
The IPv4 address range, in CIDR notation, from which to assign client IP addresses.The address range cannot overlap with the local CIDR of the VPC in which the associated subnet is located, or the routes that you add manually.
Changing the address range will replace the Client VPN endpoint.
The CIDR block should be /22 or greater.
-
getServerCertificateArn
The ARN of the server certificate. -
getAuthorizeAllUsersToVpcCidr
Whether to authorize all users to the VPC CIDR.This automatically creates an authorization rule. Set this to
false
and useaddAuthorizationRule()
to create your own rules instead.Default: true
-
getClientCertificateArn
The ARN of the client certificate for mutual authentication.The certificate must be signed by a certificate authority (CA) and it must be provisioned in AWS Certificate Manager (ACM).
Default: - use user-based authentication
-
getClientConnectionHandler
The AWS Lambda function used for connection authorization.The name of the Lambda function must begin with the
AWSClientVPN-
prefixDefault: - no connection handler
-
getClientLoginBanner
Customizable text that will be displayed in a banner on AWS provided clients when a VPN session is established.UTF-8 encoded characters only. Maximum of 1400 characters.
Default: - no banner is presented to the client
-
getDescription
A brief description of the Client VPN endpoint.Default: - no description
-
getDnsServers
Information about the DNS servers to be used for DNS resolution.A Client VPN endpoint can have up to two DNS servers.
Default: - use the DNS address configured on the device
-
getLogging
Whether to enable connections logging.Default: true
-
getLogGroup
A CloudWatch Logs log group for connection logging.Default: - a new group is created
-
getLogStream
A CloudWatch Logs log stream for connection logging.Default: - a new stream is created
-
getPort
The port number to assign to the Client VPN endpoint for TCP and UDP traffic.Default: VpnPort.HTTPS
-
getSecurityGroups
The security groups to apply to the target network.Default: - a new security group is created
-
getSelfServicePortal
Specify whether to enable the self-service portal for the Client VPN endpoint.Default: true
-
getSessionTimeout
The maximum VPN session duration time.Default: ClientVpnSessionTimeout.TWENTY_FOUR_HOURS
-
getSplitTunnel
Indicates whether split-tunnel is enabled on the AWS Client VPN endpoint.Default: false
-
getTransportProtocol
The transport protocol to be used by the VPN session.Default: TransportProtocol.UDP
-
getUserBasedAuthentication
The type of user-based authentication to use.Default: - use mutual authentication
-
getVpcSubnets
Subnets to associate to the client VPN endpoint.Default: - the VPC default strategy
-
builder
- Returns:
- a
ClientVpnEndpointOptions.Builder
ofClientVpnEndpointOptions
-