AWS v6.77.0, Apr 9 25

AWS v6.77.0 published on Wednesday, Apr 9, 2025 by Pulumi

aws.ec2clientvpn.Endpoint

Explore with Pulumi AI

AWS v6.77.0 published on Wednesday, Apr 9, 2025 by Pulumi

Example Usage

TypeScript
Python
Go
C#
Java
YAML

import * as pulumi from "@pulumi/pulumi";
import * as aws from "@pulumi/aws";

const example = new aws.ec2clientvpn.Endpoint("example", {
    description: "clientvpn-example",
    serverCertificateArn: cert.arn,
    clientCidrBlock: "10.0.0.0/16",
    authenticationOptions: [{
        type: "certificate-authentication",
        rootCertificateChainArn: rootCert.arn,
    }],
    connectionLogOptions: {
        enabled: true,
        cloudwatchLogGroup: lg.name,
        cloudwatchLogStream: ls.name,
    },
});

import pulumi
import pulumi_aws as aws

example = aws.ec2clientvpn.Endpoint("example",
    description="clientvpn-example",
    server_certificate_arn=cert["arn"],
    client_cidr_block="10.0.0.0/16",
    authentication_options=[{
        "type": "certificate-authentication",
        "root_certificate_chain_arn": root_cert["arn"],
    }],
    connection_log_options={
        "enabled": True,
        "cloudwatch_log_group": lg["name"],
        "cloudwatch_log_stream": ls["name"],
    })

package main

import (
	"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/ec2clientvpn"
	"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)

func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		_, err := ec2clientvpn.NewEndpoint(ctx, "example", &ec2clientvpn.EndpointArgs{
			Description:          pulumi.String("clientvpn-example"),
			ServerCertificateArn: pulumi.Any(cert.Arn),
			ClientCidrBlock:      pulumi.String("10.0.0.0/16"),
			AuthenticationOptions: ec2clientvpn.EndpointAuthenticationOptionArray{
				&ec2clientvpn.EndpointAuthenticationOptionArgs{
					Type:                    pulumi.String("certificate-authentication"),
					RootCertificateChainArn: pulumi.Any(rootCert.Arn),
				},
			},
			ConnectionLogOptions: &ec2clientvpn.EndpointConnectionLogOptionsArgs{
				Enabled:             pulumi.Bool(true),
				CloudwatchLogGroup:  pulumi.Any(lg.Name),
				CloudwatchLogStream: pulumi.Any(ls.Name),
			},
		})
		if err != nil {
			return err
		}
		return nil
	})
}

using System.Collections.Generic;
using System.Linq;
using Pulumi;
using Aws = Pulumi.Aws;

return await Deployment.RunAsync(() => 
{
    var example = new Aws.Ec2ClientVpn.Endpoint("example", new()
    {
        Description = "clientvpn-example",
        ServerCertificateArn = cert.Arn,
        ClientCidrBlock = "10.0.0.0/16",
        AuthenticationOptions = new[]
        {
            new Aws.Ec2ClientVpn.Inputs.EndpointAuthenticationOptionArgs
            {
                Type = "certificate-authentication",
                RootCertificateChainArn = rootCert.Arn,
            },
        },
        ConnectionLogOptions = new Aws.Ec2ClientVpn.Inputs.EndpointConnectionLogOptionsArgs
        {
            Enabled = true,
            CloudwatchLogGroup = lg.Name,
            CloudwatchLogStream = ls.Name,
        },
    });

});

package generated_program;

import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.aws.ec2clientvpn.Endpoint;
import com.pulumi.aws.ec2clientvpn.EndpointArgs;
import com.pulumi.aws.ec2clientvpn.inputs.EndpointAuthenticationOptionArgs;
import com.pulumi.aws.ec2clientvpn.inputs.EndpointConnectionLogOptionsArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;

public class App {
    public static void main(String[] args) {
        Pulumi.run(App::stack);
    }

    public static void stack(Context ctx) {
        var example = new Endpoint("example", EndpointArgs.builder()
            .description("clientvpn-example")
            .serverCertificateArn(cert.arn())
            .clientCidrBlock("10.0.0.0/16")
            .authenticationOptions(EndpointAuthenticationOptionArgs.builder()
                .type("certificate-authentication")
                .rootCertificateChainArn(rootCert.arn())
                .build())
            .connectionLogOptions(EndpointConnectionLogOptionsArgs.builder()
                .enabled(true)
                .cloudwatchLogGroup(lg.name())
                .cloudwatchLogStream(ls.name())
                .build())
            .build());

    }
}

resources:
  example:
    type: aws:ec2clientvpn:Endpoint
    properties:
      description: clientvpn-example
      serverCertificateArn: ${cert.arn}
      clientCidrBlock: 10.0.0.0/16
      authenticationOptions:
        - type: certificate-authentication
          rootCertificateChainArn: ${rootCert.arn}
      connectionLogOptions:
        enabled: true
        cloudwatchLogGroup: ${lg.name}
        cloudwatchLogStream: ${ls.name}

Create Endpoint Resource

Resources are created with functions called constructors. To learn more about declaring and configuring resources, see Resources.

new Endpoint(name: string, args: EndpointArgs, opts?: CustomResourceOptions);

@overload
def Endpoint(resource_name: str,
             args: EndpointArgs,
             opts: Optional[ResourceOptions] = None)

@overload
def Endpoint(resource_name: str,
             opts: Optional[ResourceOptions] = None,
             connection_log_options: Optional[EndpointConnectionLogOptionsArgs] = None,
             client_cidr_block: Optional[str] = None,
             server_certificate_arn: Optional[str] = None,
             authentication_options: Optional[Sequence[EndpointAuthenticationOptionArgs]] = None,
             security_group_ids: Optional[Sequence[str]] = None,
             description: Optional[str] = None,
             disconnect_on_session_timeout: Optional[bool] = None,
             dns_servers: Optional[Sequence[str]] = None,
             client_login_banner_options: Optional[EndpointClientLoginBannerOptionsArgs] = None,
             self_service_portal: Optional[str] = None,
             client_connect_options: Optional[EndpointClientConnectOptionsArgs] = None,
             session_timeout_hours: Optional[int] = None,
             split_tunnel: Optional[bool] = None,
             tags: Optional[Mapping[str, str]] = None,
             transport_protocol: Optional[str] = None,
             vpc_id: Optional[str] = None,
             vpn_port: Optional[int] = None)

func NewEndpoint(ctx *Context, name string, args EndpointArgs, opts ...ResourceOption) (*Endpoint, error)

public Endpoint(string name, EndpointArgs args, CustomResourceOptions? opts = null)

public Endpoint(String name, EndpointArgs args)
public Endpoint(String name, EndpointArgs args, CustomResourceOptions options)

type: aws:ec2clientvpn:Endpoint
properties: # The arguments to resource properties.
options: # Bag of options to control resource's behavior.

Parameters

name string: The unique name of the resource.
args EndpointArgs: The arguments to resource properties.
opts CustomResourceOptions: Bag of options to control resource's behavior.

resource_name str: The unique name of the resource.
args EndpointArgs: The arguments to resource properties.
opts ResourceOptions: Bag of options to control resource's behavior.

ctx Context: Context object for the current deployment.
name string: The unique name of the resource.
args EndpointArgs: The arguments to resource properties.
opts ResourceOption: Bag of options to control resource's behavior.

name string: The unique name of the resource.
args EndpointArgs: The arguments to resource properties.
opts CustomResourceOptions: Bag of options to control resource's behavior.

name String: The unique name of the resource.
args EndpointArgs: The arguments to resource properties.
options CustomResourceOptions: Bag of options to control resource's behavior.

Constructor example

The following reference example uses placeholder values for all input properties.

TypeScript
Python
Go
C#
Java
YAML

var awsEndpointResource = new Aws.Ec2ClientVpn.Endpoint("awsEndpointResource", new()
{
    ConnectionLogOptions = new Aws.Ec2ClientVpn.Inputs.EndpointConnectionLogOptionsArgs
    {
        Enabled = false,
        CloudwatchLogGroup = "string",
        CloudwatchLogStream = "string",
    },
    ClientCidrBlock = "string",
    ServerCertificateArn = "string",
    AuthenticationOptions = new[]
    {
        new Aws.Ec2ClientVpn.Inputs.EndpointAuthenticationOptionArgs
        {
            Type = "string",
            ActiveDirectoryId = "string",
            RootCertificateChainArn = "string",
            SamlProviderArn = "string",
            SelfServiceSamlProviderArn = "string",
        },
    },
    SecurityGroupIds = new[]
    {
        "string",
    },
    Description = "string",
    DisconnectOnSessionTimeout = false,
    DnsServers = new[]
    {
        "string",
    },
    ClientLoginBannerOptions = new Aws.Ec2ClientVpn.Inputs.EndpointClientLoginBannerOptionsArgs
    {
        BannerText = "string",
        Enabled = false,
    },
    SelfServicePortal = "string",
    ClientConnectOptions = new Aws.Ec2ClientVpn.Inputs.EndpointClientConnectOptionsArgs
    {
        Enabled = false,
        LambdaFunctionArn = "string",
    },
    SessionTimeoutHours = 0,
    SplitTunnel = false,
    Tags = 
    {
        { "string", "string" },
    },
    TransportProtocol = "string",
    VpcId = "string",
    VpnPort = 0,
});

example, err := ec2clientvpn.NewEndpoint(ctx, "awsEndpointResource", &ec2clientvpn.EndpointArgs{
	ConnectionLogOptions: &ec2clientvpn.EndpointConnectionLogOptionsArgs{
		Enabled:             pulumi.Bool(false),
		CloudwatchLogGroup:  pulumi.String("string"),
		CloudwatchLogStream: pulumi.String("string"),
	},
	ClientCidrBlock:      pulumi.String("string"),
	ServerCertificateArn: pulumi.String("string"),
	AuthenticationOptions: ec2clientvpn.EndpointAuthenticationOptionArray{
		&ec2clientvpn.EndpointAuthenticationOptionArgs{
			Type:                       pulumi.String("string"),
			ActiveDirectoryId:          pulumi.String("string"),
			RootCertificateChainArn:    pulumi.String("string"),
			SamlProviderArn:            pulumi.String("string"),
			SelfServiceSamlProviderArn: pulumi.String("string"),
		},
	},
	SecurityGroupIds: pulumi.StringArray{
		pulumi.String("string"),
	},
	Description:                pulumi.String("string"),
	DisconnectOnSessionTimeout: pulumi.Bool(false),
	DnsServers: pulumi.StringArray{
		pulumi.String("string"),
	},
	ClientLoginBannerOptions: &ec2clientvpn.EndpointClientLoginBannerOptionsArgs{
		BannerText: pulumi.String("string"),
		Enabled:    pulumi.Bool(false),
	},
	SelfServicePortal: pulumi.String("string"),
	ClientConnectOptions: &ec2clientvpn.EndpointClientConnectOptionsArgs{
		Enabled:           pulumi.Bool(false),
		LambdaFunctionArn: pulumi.String("string"),
	},
	SessionTimeoutHours: pulumi.Int(0),
	SplitTunnel:         pulumi.Bool(false),
	Tags: pulumi.StringMap{
		"string": pulumi.String("string"),
	},
	TransportProtocol: pulumi.String("string"),
	VpcId:             pulumi.String("string"),
	VpnPort:           pulumi.Int(0),
})

var awsEndpointResource = new Endpoint("awsEndpointResource", EndpointArgs.builder()
    .connectionLogOptions(EndpointConnectionLogOptionsArgs.builder()
        .enabled(false)
        .cloudwatchLogGroup("string")
        .cloudwatchLogStream("string")
        .build())
    .clientCidrBlock("string")
    .serverCertificateArn("string")
    .authenticationOptions(EndpointAuthenticationOptionArgs.builder()
        .type("string")
        .activeDirectoryId("string")
        .rootCertificateChainArn("string")
        .samlProviderArn("string")
        .selfServiceSamlProviderArn("string")
        .build())
    .securityGroupIds("string")
    .description("string")
    .disconnectOnSessionTimeout(false)
    .dnsServers("string")
    .clientLoginBannerOptions(EndpointClientLoginBannerOptionsArgs.builder()
        .bannerText("string")
        .enabled(false)
        .build())
    .selfServicePortal("string")
    .clientConnectOptions(EndpointClientConnectOptionsArgs.builder()
        .enabled(false)
        .lambdaFunctionArn("string")
        .build())
    .sessionTimeoutHours(0)
    .splitTunnel(false)
    .tags(Map.of("string", "string"))
    .transportProtocol("string")
    .vpcId("string")
    .vpnPort(0)
    .build());

aws_endpoint_resource = aws.ec2clientvpn.Endpoint("awsEndpointResource",
    connection_log_options={
        "enabled": False,
        "cloudwatch_log_group": "string",
        "cloudwatch_log_stream": "string",
    },
    client_cidr_block="string",
    server_certificate_arn="string",
    authentication_options=[{
        "type": "string",
        "active_directory_id": "string",
        "root_certificate_chain_arn": "string",
        "saml_provider_arn": "string",
        "self_service_saml_provider_arn": "string",
    }],
    security_group_ids=["string"],
    description="string",
    disconnect_on_session_timeout=False,
    dns_servers=["string"],
    client_login_banner_options={
        "banner_text": "string",
        "enabled": False,
    },
    self_service_portal="string",
    client_connect_options={
        "enabled": False,
        "lambda_function_arn": "string",
    },
    session_timeout_hours=0,
    split_tunnel=False,
    tags={
        "string": "string",
    },
    transport_protocol="string",
    vpc_id="string",
    vpn_port=0)

const awsEndpointResource = new aws.ec2clientvpn.Endpoint("awsEndpointResource", {
    connectionLogOptions: {
        enabled: false,
        cloudwatchLogGroup: "string",
        cloudwatchLogStream: "string",
    },
    clientCidrBlock: "string",
    serverCertificateArn: "string",
    authenticationOptions: [{
        type: "string",
        activeDirectoryId: "string",
        rootCertificateChainArn: "string",
        samlProviderArn: "string",
        selfServiceSamlProviderArn: "string",
    }],
    securityGroupIds: ["string"],
    description: "string",
    disconnectOnSessionTimeout: false,
    dnsServers: ["string"],
    clientLoginBannerOptions: {
        bannerText: "string",
        enabled: false,
    },
    selfServicePortal: "string",
    clientConnectOptions: {
        enabled: false,
        lambdaFunctionArn: "string",
    },
    sessionTimeoutHours: 0,
    splitTunnel: false,
    tags: {
        string: "string",
    },
    transportProtocol: "string",
    vpcId: "string",
    vpnPort: 0,
});

type: aws:ec2clientvpn:Endpoint
properties:
    authenticationOptions:
        - activeDirectoryId: string
          rootCertificateChainArn: string
          samlProviderArn: string
          selfServiceSamlProviderArn: string
          type: string
    clientCidrBlock: string
    clientConnectOptions:
        enabled: false
        lambdaFunctionArn: string
    clientLoginBannerOptions:
        bannerText: string
        enabled: false
    connectionLogOptions:
        cloudwatchLogGroup: string
        cloudwatchLogStream: string
        enabled: false
    description: string
    disconnectOnSessionTimeout: false
    dnsServers:
        - string
    securityGroupIds:
        - string
    selfServicePortal: string
    serverCertificateArn: string
    sessionTimeoutHours: 0
    splitTunnel: false
    tags:
        string: string
    transportProtocol: string
    vpcId: string
    vpnPort: 0

Endpoint Resource Properties

To learn more about resource properties and how to use them, see Inputs and Outputs in the Architecture and Concepts docs.

Inputs

In Python, inputs that are objects can be passed either as argument classes or as dictionary literals.

The Endpoint resource accepts the following input properties:

AuthenticationOptions List<EndpointAuthenticationOption>: Information about the authentication method to be used to authenticate clients.
ClientCidrBlock string: The IPv4 address range, in CIDR notation, from which to assign client IP addresses. The address range cannot overlap with the local CIDR of the VPC in which the associated subnet is located, or the routes that you add manually. The address range cannot be changed after the Client VPN endpoint has been created. The CIDR block should be /22 or greater.
ConnectionLogOptions EndpointConnectionLogOptions: Information about the client connection logging options.
ServerCertificateArn string: The ARN of the ACM server certificate.
ClientConnectOptions EndpointClientConnectOptions: The options for managing connection authorization for new client connections.
ClientLoginBannerOptions EndpointClientLoginBannerOptions: Options for enabling a customizable text banner that will be displayed on AWS provided clients when a VPN session is established.
Description string: A brief description of the Client VPN endpoint.
DisconnectOnSessionTimeout bool: Indicates whether the client VPN session is disconnected after the maximum session_timeout_hours is reached. If true, users are prompted to reconnect client VPN. If false, client VPN attempts to reconnect automatically. The default value is false.
DnsServers List<string>: Information about the DNS servers to be used for DNS resolution. A Client VPN endpoint can have up to two DNS servers. If no DNS server is specified, the DNS address of the connecting device is used.
SecurityGroupIds List<string>: The IDs of one or more security groups to apply to the target network. You must also specify the ID of the VPC that contains the security groups.
SelfServicePortal string: Specify whether to enable the self-service portal for the Client VPN endpoint. Values can be enabled or disabled. Default value is disabled.
SessionTimeoutHours int: The maximum session duration is a trigger by which end-users are required to re-authenticate prior to establishing a VPN session. Default value is 24 - Valid values: 8 | 10 | 12 | 24
SplitTunnel bool: Indicates whether split-tunnel is enabled on VPN endpoint. Default value is false.
Tags Dictionary<string, string>: A mapping of tags to assign to the resource. If configured with a provider default_tags configuration block present, tags with matching keys will overwrite those defined at the provider-level.
TransportProtocol string: The transport protocol to be used by the VPN session. Default value is udp.
VpcId string: The ID of the VPC to associate with the Client VPN endpoint. If no security group IDs are specified in the request, the default security group for the VPC is applied.
VpnPort int: The port number for the Client VPN endpoint. Valid values are 443 and 1194. Default value is 443.

AuthenticationOptions []EndpointAuthenticationOptionArgs: Information about the authentication method to be used to authenticate clients.
ClientCidrBlock string: The IPv4 address range, in CIDR notation, from which to assign client IP addresses. The address range cannot overlap with the local CIDR of the VPC in which the associated subnet is located, or the routes that you add manually. The address range cannot be changed after the Client VPN endpoint has been created. The CIDR block should be /22 or greater.
ConnectionLogOptions EndpointConnectionLogOptionsArgs: Information about the client connection logging options.
ServerCertificateArn string: The ARN of the ACM server certificate.
ClientConnectOptions EndpointClientConnectOptionsArgs: The options for managing connection authorization for new client connections.
ClientLoginBannerOptions EndpointClientLoginBannerOptionsArgs: Options for enabling a customizable text banner that will be displayed on AWS provided clients when a VPN session is established.
Description string: A brief description of the Client VPN endpoint.
DisconnectOnSessionTimeout bool: Indicates whether the client VPN session is disconnected after the maximum session_timeout_hours is reached. If true, users are prompted to reconnect client VPN. If false, client VPN attempts to reconnect automatically. The default value is false.
DnsServers []string: Information about the DNS servers to be used for DNS resolution. A Client VPN endpoint can have up to two DNS servers. If no DNS server is specified, the DNS address of the connecting device is used.
SecurityGroupIds []string: The IDs of one or more security groups to apply to the target network. You must also specify the ID of the VPC that contains the security groups.
SelfServicePortal string: Specify whether to enable the self-service portal for the Client VPN endpoint. Values can be enabled or disabled. Default value is disabled.
SessionTimeoutHours int: The maximum session duration is a trigger by which end-users are required to re-authenticate prior to establishing a VPN session. Default value is 24 - Valid values: 8 | 10 | 12 | 24
SplitTunnel bool: Indicates whether split-tunnel is enabled on VPN endpoint. Default value is false.
Tags map[string]string: A mapping of tags to assign to the resource. If configured with a provider default_tags configuration block present, tags with matching keys will overwrite those defined at the provider-level.
TransportProtocol string: The transport protocol to be used by the VPN session. Default value is udp.
VpcId string: The ID of the VPC to associate with the Client VPN endpoint. If no security group IDs are specified in the request, the default security group for the VPC is applied.
VpnPort int: The port number for the Client VPN endpoint. Valid values are 443 and 1194. Default value is 443.

authenticationOptions List<EndpointAuthenticationOption>: Information about the authentication method to be used to authenticate clients.
clientCidrBlock String: The IPv4 address range, in CIDR notation, from which to assign client IP addresses. The address range cannot overlap with the local CIDR of the VPC in which the associated subnet is located, or the routes that you add manually. The address range cannot be changed after the Client VPN endpoint has been created. The CIDR block should be /22 or greater.
connectionLogOptions EndpointConnectionLogOptions: Information about the client connection logging options.
serverCertificateArn String: The ARN of the ACM server certificate.
clientConnectOptions EndpointClientConnectOptions: The options for managing connection authorization for new client connections.
clientLoginBannerOptions EndpointClientLoginBannerOptions: Options for enabling a customizable text banner that will be displayed on AWS provided clients when a VPN session is established.
description String: A brief description of the Client VPN endpoint.
disconnectOnSessionTimeout Boolean: Indicates whether the client VPN session is disconnected after the maximum session_timeout_hours is reached. If true, users are prompted to reconnect client VPN. If false, client VPN attempts to reconnect automatically. The default value is false.
dnsServers List<String>: Information about the DNS servers to be used for DNS resolution. A Client VPN endpoint can have up to two DNS servers. If no DNS server is specified, the DNS address of the connecting device is used.
securityGroupIds List<String>: The IDs of one or more security groups to apply to the target network. You must also specify the ID of the VPC that contains the security groups.
selfServicePortal String: Specify whether to enable the self-service portal for the Client VPN endpoint. Values can be enabled or disabled. Default value is disabled.
sessionTimeoutHours Integer: The maximum session duration is a trigger by which end-users are required to re-authenticate prior to establishing a VPN session. Default value is 24 - Valid values: 8 | 10 | 12 | 24
splitTunnel Boolean: Indicates whether split-tunnel is enabled on VPN endpoint. Default value is false.
tags Map<String,String>: A mapping of tags to assign to the resource. If configured with a provider default_tags configuration block present, tags with matching keys will overwrite those defined at the provider-level.
transportProtocol String: The transport protocol to be used by the VPN session. Default value is udp.
vpcId String: The ID of the VPC to associate with the Client VPN endpoint. If no security group IDs are specified in the request, the default security group for the VPC is applied.
vpnPort Integer: The port number for the Client VPN endpoint. Valid values are 443 and 1194. Default value is 443.

authenticationOptions EndpointAuthenticationOption[]: Information about the authentication method to be used to authenticate clients.
clientCidrBlock string: The IPv4 address range, in CIDR notation, from which to assign client IP addresses. The address range cannot overlap with the local CIDR of the VPC in which the associated subnet is located, or the routes that you add manually. The address range cannot be changed after the Client VPN endpoint has been created. The CIDR block should be /22 or greater.
connectionLogOptions EndpointConnectionLogOptions: Information about the client connection logging options.
serverCertificateArn string: The ARN of the ACM server certificate.
clientConnectOptions EndpointClientConnectOptions: The options for managing connection authorization for new client connections.
clientLoginBannerOptions EndpointClientLoginBannerOptions: Options for enabling a customizable text banner that will be displayed on AWS provided clients when a VPN session is established.
description string: A brief description of the Client VPN endpoint.
disconnectOnSessionTimeout boolean: Indicates whether the client VPN session is disconnected after the maximum session_timeout_hours is reached. If true, users are prompted to reconnect client VPN. If false, client VPN attempts to reconnect automatically. The default value is false.
dnsServers string[]: Information about the DNS servers to be used for DNS resolution. A Client VPN endpoint can have up to two DNS servers. If no DNS server is specified, the DNS address of the connecting device is used.
securityGroupIds string[]: The IDs of one or more security groups to apply to the target network. You must also specify the ID of the VPC that contains the security groups.
selfServicePortal string: Specify whether to enable the self-service portal for the Client VPN endpoint. Values can be enabled or disabled. Default value is disabled.
sessionTimeoutHours number: The maximum session duration is a trigger by which end-users are required to re-authenticate prior to establishing a VPN session. Default value is 24 - Valid values: 8 | 10 | 12 | 24
splitTunnel boolean: Indicates whether split-tunnel is enabled on VPN endpoint. Default value is false.
tags {[key: string]: string}: A mapping of tags to assign to the resource. If configured with a provider default_tags configuration block present, tags with matching keys will overwrite those defined at the provider-level.
transportProtocol string: The transport protocol to be used by the VPN session. Default value is udp.
vpcId string: The ID of the VPC to associate with the Client VPN endpoint. If no security group IDs are specified in the request, the default security group for the VPC is applied.
vpnPort number: The port number for the Client VPN endpoint. Valid values are 443 and 1194. Default value is 443.

authentication_options Sequence[EndpointAuthenticationOptionArgs]: Information about the authentication method to be used to authenticate clients.
client_cidr_block str: The IPv4 address range, in CIDR notation, from which to assign client IP addresses. The address range cannot overlap with the local CIDR of the VPC in which the associated subnet is located, or the routes that you add manually. The address range cannot be changed after the Client VPN endpoint has been created. The CIDR block should be /22 or greater.
connection_log_options EndpointConnectionLogOptionsArgs: Information about the client connection logging options.
server_certificate_arn str: The ARN of the ACM server certificate.
client_connect_options EndpointClientConnectOptionsArgs: The options for managing connection authorization for new client connections.
client_login_banner_options EndpointClientLoginBannerOptionsArgs: Options for enabling a customizable text banner that will be displayed on AWS provided clients when a VPN session is established.
description str: A brief description of the Client VPN endpoint.
disconnect_on_session_timeout bool: Indicates whether the client VPN session is disconnected after the maximum session_timeout_hours is reached. If true, users are prompted to reconnect client VPN. If false, client VPN attempts to reconnect automatically. The default value is false.
dns_servers Sequence[str]: Information about the DNS servers to be used for DNS resolution. A Client VPN endpoint can have up to two DNS servers. If no DNS server is specified, the DNS address of the connecting device is used.
security_group_ids Sequence[str]: The IDs of one or more security groups to apply to the target network. You must also specify the ID of the VPC that contains the security groups.
self_service_portal str: Specify whether to enable the self-service portal for the Client VPN endpoint. Values can be enabled or disabled. Default value is disabled.
session_timeout_hours int: The maximum session duration is a trigger by which end-users are required to re-authenticate prior to establishing a VPN session. Default value is 24 - Valid values: 8 | 10 | 12 | 24
split_tunnel bool: Indicates whether split-tunnel is enabled on VPN endpoint. Default value is false.
tags Mapping[str, str]: A mapping of tags to assign to the resource. If configured with a provider default_tags configuration block present, tags with matching keys will overwrite those defined at the provider-level.
transport_protocol str: The transport protocol to be used by the VPN session. Default value is udp.
vpc_id str: The ID of the VPC to associate with the Client VPN endpoint. If no security group IDs are specified in the request, the default security group for the VPC is applied.
vpn_port int: The port number for the Client VPN endpoint. Valid values are 443 and 1194. Default value is 443.

authenticationOptions List<Property Map>: Information about the authentication method to be used to authenticate clients.
clientCidrBlock String: The IPv4 address range, in CIDR notation, from which to assign client IP addresses. The address range cannot overlap with the local CIDR of the VPC in which the associated subnet is located, or the routes that you add manually. The address range cannot be changed after the Client VPN endpoint has been created. The CIDR block should be /22 or greater.
connectionLogOptions Property Map: Information about the client connection logging options.
serverCertificateArn String: The ARN of the ACM server certificate.
clientConnectOptions Property Map: The options for managing connection authorization for new client connections.
clientLoginBannerOptions Property Map: Options for enabling a customizable text banner that will be displayed on AWS provided clients when a VPN session is established.
description String: A brief description of the Client VPN endpoint.
disconnectOnSessionTimeout Boolean: Indicates whether the client VPN session is disconnected after the maximum session_timeout_hours is reached. If true, users are prompted to reconnect client VPN. If false, client VPN attempts to reconnect automatically. The default value is false.
dnsServers List<String>: Information about the DNS servers to be used for DNS resolution. A Client VPN endpoint can have up to two DNS servers. If no DNS server is specified, the DNS address of the connecting device is used.
securityGroupIds List<String>: The IDs of one or more security groups to apply to the target network. You must also specify the ID of the VPC that contains the security groups.
selfServicePortal String: Specify whether to enable the self-service portal for the Client VPN endpoint. Values can be enabled or disabled. Default value is disabled.
sessionTimeoutHours Number: The maximum session duration is a trigger by which end-users are required to re-authenticate prior to establishing a VPN session. Default value is 24 - Valid values: 8 | 10 | 12 | 24
splitTunnel Boolean: Indicates whether split-tunnel is enabled on VPN endpoint. Default value is false.
tags Map<String>: A mapping of tags to assign to the resource. If configured with a provider default_tags configuration block present, tags with matching keys will overwrite those defined at the provider-level.
transportProtocol String: The transport protocol to be used by the VPN session. Default value is udp.
vpcId String: The ID of the VPC to associate with the Client VPN endpoint. If no security group IDs are specified in the request, the default security group for the VPC is applied.
vpnPort Number: The port number for the Client VPN endpoint. Valid values are 443 and 1194. Default value is 443.

Outputs

All input properties are implicitly available as output properties. Additionally, the Endpoint resource produces the following output properties:

Arn string: The ARN of the Client VPN endpoint.
DnsName string: The DNS name to be used by clients when establishing their VPN session.
Id string: The provider-assigned unique ID for this managed resource.
SelfServicePortalUrl string: The URL of the self-service portal.
TagsAll Dictionary<string, string>: A map of tags assigned to the resource, including those inherited from the provider default_tags configuration block.
Deprecated: Please use tags instead.

Arn string: The ARN of the Client VPN endpoint.
DnsName string: The DNS name to be used by clients when establishing their VPN session.
Id string: The provider-assigned unique ID for this managed resource.
SelfServicePortalUrl string: The URL of the self-service portal.
TagsAll map[string]string: A map of tags assigned to the resource, including those inherited from the provider default_tags configuration block.
Deprecated: Please use tags instead.

arn String: The ARN of the Client VPN endpoint.
dnsName String: The DNS name to be used by clients when establishing their VPN session.
id String: The provider-assigned unique ID for this managed resource.
selfServicePortalUrl String: The URL of the self-service portal.
tagsAll Map<String,String>: A map of tags assigned to the resource, including those inherited from the provider default_tags configuration block.
Deprecated: Please use tags instead.

arn string: The ARN of the Client VPN endpoint.
dnsName string: The DNS name to be used by clients when establishing their VPN session.
id string: The provider-assigned unique ID for this managed resource.
selfServicePortalUrl string: The URL of the self-service portal.
tagsAll {[key: string]: string}: A map of tags assigned to the resource, including those inherited from the provider default_tags configuration block.
Deprecated: Please use tags instead.

arn str: The ARN of the Client VPN endpoint.
dns_name str: The DNS name to be used by clients when establishing their VPN session.
id str: The provider-assigned unique ID for this managed resource.
self_service_portal_url str: The URL of the self-service portal.
tags_all Mapping[str, str]: A map of tags assigned to the resource, including those inherited from the provider default_tags configuration block.
Deprecated: Please use tags instead.

arn String: The ARN of the Client VPN endpoint.
dnsName String: The DNS name to be used by clients when establishing their VPN session.
id String: The provider-assigned unique ID for this managed resource.
selfServicePortalUrl String: The URL of the self-service portal.
tagsAll Map<String>: A map of tags assigned to the resource, including those inherited from the provider default_tags configuration block.
Deprecated: Please use tags instead.

Look up Existing Endpoint Resource

Get an existing Endpoint resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.

TypeScript
Python
Go
C#
Java
YAML

public static get(name: string, id: Input<ID>, state?: EndpointState, opts?: CustomResourceOptions): Endpoint

@staticmethod
def get(resource_name: str,
        id: str,
        opts: Optional[ResourceOptions] = None,
        arn: Optional[str] = None,
        authentication_options: Optional[Sequence[EndpointAuthenticationOptionArgs]] = None,
        client_cidr_block: Optional[str] = None,
        client_connect_options: Optional[EndpointClientConnectOptionsArgs] = None,
        client_login_banner_options: Optional[EndpointClientLoginBannerOptionsArgs] = None,
        connection_log_options: Optional[EndpointConnectionLogOptionsArgs] = None,
        description: Optional[str] = None,
        disconnect_on_session_timeout: Optional[bool] = None,
        dns_name: Optional[str] = None,
        dns_servers: Optional[Sequence[str]] = None,
        security_group_ids: Optional[Sequence[str]] = None,
        self_service_portal: Optional[str] = None,
        self_service_portal_url: Optional[str] = None,
        server_certificate_arn: Optional[str] = None,
        session_timeout_hours: Optional[int] = None,
        split_tunnel: Optional[bool] = None,
        tags: Optional[Mapping[str, str]] = None,
        tags_all: Optional[Mapping[str, str]] = None,
        transport_protocol: Optional[str] = None,
        vpc_id: Optional[str] = None,
        vpn_port: Optional[int] = None) -> Endpoint

func GetEndpoint(ctx *Context, name string, id IDInput, state *EndpointState, opts ...ResourceOption) (*Endpoint, error)

public static Endpoint Get(string name, Input<string> id, EndpointState? state, CustomResourceOptions? opts = null)

public static Endpoint get(String name, Output<String> id, EndpointState state, CustomResourceOptions options)

resources:  _:    type: aws:ec2clientvpn:Endpoint    get:      id: ${id}

name: The unique name of the resulting resource.
id: The unique provider ID of the resource to lookup.
state: Any extra arguments used during the lookup.
opts: A bag of options that control this resource's behavior.

resource_name: The unique name of the resulting resource.
id: The unique provider ID of the resource to lookup.

name: The unique name of the resulting resource.
id: The unique provider ID of the resource to lookup.
state: Any extra arguments used during the lookup.
opts: A bag of options that control this resource's behavior.

name: The unique name of the resulting resource.
id: The unique provider ID of the resource to lookup.
state: Any extra arguments used during the lookup.
opts: A bag of options that control this resource's behavior.

name: The unique name of the resulting resource.
id: The unique provider ID of the resource to lookup.
state: Any extra arguments used during the lookup.
opts: A bag of options that control this resource's behavior.

The following state arguments are supported:

Arn string: The ARN of the Client VPN endpoint.
AuthenticationOptions List<EndpointAuthenticationOption>: Information about the authentication method to be used to authenticate clients.
ClientCidrBlock string: The IPv4 address range, in CIDR notation, from which to assign client IP addresses. The address range cannot overlap with the local CIDR of the VPC in which the associated subnet is located, or the routes that you add manually. The address range cannot be changed after the Client VPN endpoint has been created. The CIDR block should be /22 or greater.
ClientConnectOptions EndpointClientConnectOptions: The options for managing connection authorization for new client connections.
ClientLoginBannerOptions EndpointClientLoginBannerOptions: Options for enabling a customizable text banner that will be displayed on AWS provided clients when a VPN session is established.
ConnectionLogOptions EndpointConnectionLogOptions: Information about the client connection logging options.
Description string: A brief description of the Client VPN endpoint.
DisconnectOnSessionTimeout bool: Indicates whether the client VPN session is disconnected after the maximum session_timeout_hours is reached. If true, users are prompted to reconnect client VPN. If false, client VPN attempts to reconnect automatically. The default value is false.
DnsName string: The DNS name to be used by clients when establishing their VPN session.
DnsServers List<string>: Information about the DNS servers to be used for DNS resolution. A Client VPN endpoint can have up to two DNS servers. If no DNS server is specified, the DNS address of the connecting device is used.
SecurityGroupIds List<string>: The IDs of one or more security groups to apply to the target network. You must also specify the ID of the VPC that contains the security groups.
SelfServicePortal string: Specify whether to enable the self-service portal for the Client VPN endpoint. Values can be enabled or disabled. Default value is disabled.
SelfServicePortalUrl string: The URL of the self-service portal.
ServerCertificateArn string: The ARN of the ACM server certificate.
SessionTimeoutHours int: The maximum session duration is a trigger by which end-users are required to re-authenticate prior to establishing a VPN session. Default value is 24 - Valid values: 8 | 10 | 12 | 24
SplitTunnel bool: Indicates whether split-tunnel is enabled on VPN endpoint. Default value is false.
Tags Dictionary<string, string>: A mapping of tags to assign to the resource. If configured with a provider default_tags configuration block present, tags with matching keys will overwrite those defined at the provider-level.
TagsAll Dictionary<string, string>: A map of tags assigned to the resource, including those inherited from the provider default_tags configuration block.
Deprecated: Please use tags instead.
TransportProtocol string: The transport protocol to be used by the VPN session. Default value is udp.
VpcId string: The ID of the VPC to associate with the Client VPN endpoint. If no security group IDs are specified in the request, the default security group for the VPC is applied.
VpnPort int: The port number for the Client VPN endpoint. Valid values are 443 and 1194. Default value is 443.

Arn string: The ARN of the Client VPN endpoint.
AuthenticationOptions []EndpointAuthenticationOptionArgs: Information about the authentication method to be used to authenticate clients.
ClientCidrBlock string: The IPv4 address range, in CIDR notation, from which to assign client IP addresses. The address range cannot overlap with the local CIDR of the VPC in which the associated subnet is located, or the routes that you add manually. The address range cannot be changed after the Client VPN endpoint has been created. The CIDR block should be /22 or greater.
ClientConnectOptions EndpointClientConnectOptionsArgs: The options for managing connection authorization for new client connections.
ClientLoginBannerOptions EndpointClientLoginBannerOptionsArgs: Options for enabling a customizable text banner that will be displayed on AWS provided clients when a VPN session is established.
ConnectionLogOptions EndpointConnectionLogOptionsArgs: Information about the client connection logging options.
Description string: A brief description of the Client VPN endpoint.
DisconnectOnSessionTimeout bool: Indicates whether the client VPN session is disconnected after the maximum session_timeout_hours is reached. If true, users are prompted to reconnect client VPN. If false, client VPN attempts to reconnect automatically. The default value is false.
DnsName string: The DNS name to be used by clients when establishing their VPN session.
DnsServers []string: Information about the DNS servers to be used for DNS resolution. A Client VPN endpoint can have up to two DNS servers. If no DNS server is specified, the DNS address of the connecting device is used.
SecurityGroupIds []string: The IDs of one or more security groups to apply to the target network. You must also specify the ID of the VPC that contains the security groups.
SelfServicePortal string: Specify whether to enable the self-service portal for the Client VPN endpoint. Values can be enabled or disabled. Default value is disabled.
SelfServicePortalUrl string: The URL of the self-service portal.
ServerCertificateArn string: The ARN of the ACM server certificate.
SessionTimeoutHours int: The maximum session duration is a trigger by which end-users are required to re-authenticate prior to establishing a VPN session. Default value is 24 - Valid values: 8 | 10 | 12 | 24
SplitTunnel bool: Indicates whether split-tunnel is enabled on VPN endpoint. Default value is false.
Tags map[string]string: A mapping of tags to assign to the resource. If configured with a provider default_tags configuration block present, tags with matching keys will overwrite those defined at the provider-level.
TagsAll map[string]string: A map of tags assigned to the resource, including those inherited from the provider default_tags configuration block.
Deprecated: Please use tags instead.
TransportProtocol string: The transport protocol to be used by the VPN session. Default value is udp.
VpcId string: The ID of the VPC to associate with the Client VPN endpoint. If no security group IDs are specified in the request, the default security group for the VPC is applied.
VpnPort int: The port number for the Client VPN endpoint. Valid values are 443 and 1194. Default value is 443.

arn String: The ARN of the Client VPN endpoint.
authenticationOptions List<EndpointAuthenticationOption>: Information about the authentication method to be used to authenticate clients.
clientCidrBlock String: The IPv4 address range, in CIDR notation, from which to assign client IP addresses. The address range cannot overlap with the local CIDR of the VPC in which the associated subnet is located, or the routes that you add manually. The address range cannot be changed after the Client VPN endpoint has been created. The CIDR block should be /22 or greater.
clientConnectOptions EndpointClientConnectOptions: The options for managing connection authorization for new client connections.
clientLoginBannerOptions EndpointClientLoginBannerOptions: Options for enabling a customizable text banner that will be displayed on AWS provided clients when a VPN session is established.
connectionLogOptions EndpointConnectionLogOptions: Information about the client connection logging options.
description String: A brief description of the Client VPN endpoint.
disconnectOnSessionTimeout Boolean: Indicates whether the client VPN session is disconnected after the maximum session_timeout_hours is reached. If true, users are prompted to reconnect client VPN. If false, client VPN attempts to reconnect automatically. The default value is false.
dnsName String: The DNS name to be used by clients when establishing their VPN session.
dnsServers List<String>: Information about the DNS servers to be used for DNS resolution. A Client VPN endpoint can have up to two DNS servers. If no DNS server is specified, the DNS address of the connecting device is used.
securityGroupIds List<String>: The IDs of one or more security groups to apply to the target network. You must also specify the ID of the VPC that contains the security groups.
selfServicePortal String: Specify whether to enable the self-service portal for the Client VPN endpoint. Values can be enabled or disabled. Default value is disabled.
selfServicePortalUrl String: The URL of the self-service portal.
serverCertificateArn String: The ARN of the ACM server certificate.
sessionTimeoutHours Integer: The maximum session duration is a trigger by which end-users are required to re-authenticate prior to establishing a VPN session. Default value is 24 - Valid values: 8 | 10 | 12 | 24
splitTunnel Boolean: Indicates whether split-tunnel is enabled on VPN endpoint. Default value is false.
tags Map<String,String>: A mapping of tags to assign to the resource. If configured with a provider default_tags configuration block present, tags with matching keys will overwrite those defined at the provider-level.
tagsAll Map<String,String>: A map of tags assigned to the resource, including those inherited from the provider default_tags configuration block.
Deprecated: Please use tags instead.
transportProtocol String: The transport protocol to be used by the VPN session. Default value is udp.
vpcId String: The ID of the VPC to associate with the Client VPN endpoint. If no security group IDs are specified in the request, the default security group for the VPC is applied.
vpnPort Integer: The port number for the Client VPN endpoint. Valid values are 443 and 1194. Default value is 443.

arn string: The ARN of the Client VPN endpoint.
authenticationOptions EndpointAuthenticationOption[]: Information about the authentication method to be used to authenticate clients.
clientCidrBlock string: The IPv4 address range, in CIDR notation, from which to assign client IP addresses. The address range cannot overlap with the local CIDR of the VPC in which the associated subnet is located, or the routes that you add manually. The address range cannot be changed after the Client VPN endpoint has been created. The CIDR block should be /22 or greater.
clientConnectOptions EndpointClientConnectOptions: The options for managing connection authorization for new client connections.
clientLoginBannerOptions EndpointClientLoginBannerOptions: Options for enabling a customizable text banner that will be displayed on AWS provided clients when a VPN session is established.
connectionLogOptions EndpointConnectionLogOptions: Information about the client connection logging options.
description string: A brief description of the Client VPN endpoint.
disconnectOnSessionTimeout boolean: Indicates whether the client VPN session is disconnected after the maximum session_timeout_hours is reached. If true, users are prompted to reconnect client VPN. If false, client VPN attempts to reconnect automatically. The default value is false.
dnsName string: The DNS name to be used by clients when establishing their VPN session.
dnsServers string[]: Information about the DNS servers to be used for DNS resolution. A Client VPN endpoint can have up to two DNS servers. If no DNS server is specified, the DNS address of the connecting device is used.
securityGroupIds string[]: The IDs of one or more security groups to apply to the target network. You must also specify the ID of the VPC that contains the security groups.
selfServicePortal string: Specify whether to enable the self-service portal for the Client VPN endpoint. Values can be enabled or disabled. Default value is disabled.
selfServicePortalUrl string: The URL of the self-service portal.
serverCertificateArn string: The ARN of the ACM server certificate.
sessionTimeoutHours number: The maximum session duration is a trigger by which end-users are required to re-authenticate prior to establishing a VPN session. Default value is 24 - Valid values: 8 | 10 | 12 | 24
splitTunnel boolean: Indicates whether split-tunnel is enabled on VPN endpoint. Default value is false.
tags {[key: string]: string}: A mapping of tags to assign to the resource. If configured with a provider default_tags configuration block present, tags with matching keys will overwrite those defined at the provider-level.
tagsAll {[key: string]: string}: A map of tags assigned to the resource, including those inherited from the provider default_tags configuration block.
Deprecated: Please use tags instead.
transportProtocol string: The transport protocol to be used by the VPN session. Default value is udp.
vpcId string: The ID of the VPC to associate with the Client VPN endpoint. If no security group IDs are specified in the request, the default security group for the VPC is applied.
vpnPort number: The port number for the Client VPN endpoint. Valid values are 443 and 1194. Default value is 443.

arn str: The ARN of the Client VPN endpoint.
authentication_options Sequence[EndpointAuthenticationOptionArgs]: Information about the authentication method to be used to authenticate clients.
client_cidr_block str: The IPv4 address range, in CIDR notation, from which to assign client IP addresses. The address range cannot overlap with the local CIDR of the VPC in which the associated subnet is located, or the routes that you add manually. The address range cannot be changed after the Client VPN endpoint has been created. The CIDR block should be /22 or greater.
client_connect_options EndpointClientConnectOptionsArgs: The options for managing connection authorization for new client connections.
client_login_banner_options EndpointClientLoginBannerOptionsArgs: Options for enabling a customizable text banner that will be displayed on AWS provided clients when a VPN session is established.
connection_log_options EndpointConnectionLogOptionsArgs: Information about the client connection logging options.
description str: A brief description of the Client VPN endpoint.
disconnect_on_session_timeout bool: Indicates whether the client VPN session is disconnected after the maximum session_timeout_hours is reached. If true, users are prompted to reconnect client VPN. If false, client VPN attempts to reconnect automatically. The default value is false.
dns_name str: The DNS name to be used by clients when establishing their VPN session.
dns_servers Sequence[str]: Information about the DNS servers to be used for DNS resolution. A Client VPN endpoint can have up to two DNS servers. If no DNS server is specified, the DNS address of the connecting device is used.
security_group_ids Sequence[str]: The IDs of one or more security groups to apply to the target network. You must also specify the ID of the VPC that contains the security groups.
self_service_portal str: Specify whether to enable the self-service portal for the Client VPN endpoint. Values can be enabled or disabled. Default value is disabled.
self_service_portal_url str: The URL of the self-service portal.
server_certificate_arn str: The ARN of the ACM server certificate.
session_timeout_hours int: The maximum session duration is a trigger by which end-users are required to re-authenticate prior to establishing a VPN session. Default value is 24 - Valid values: 8 | 10 | 12 | 24
split_tunnel bool: Indicates whether split-tunnel is enabled on VPN endpoint. Default value is false.
tags Mapping[str, str]: A mapping of tags to assign to the resource. If configured with a provider default_tags configuration block present, tags with matching keys will overwrite those defined at the provider-level.
tags_all Mapping[str, str]: A map of tags assigned to the resource, including those inherited from the provider default_tags configuration block.
Deprecated: Please use tags instead.
transport_protocol str: The transport protocol to be used by the VPN session. Default value is udp.
vpc_id str: The ID of the VPC to associate with the Client VPN endpoint. If no security group IDs are specified in the request, the default security group for the VPC is applied.
vpn_port int: The port number for the Client VPN endpoint. Valid values are 443 and 1194. Default value is 443.

arn String: The ARN of the Client VPN endpoint.
authenticationOptions List<Property Map>: Information about the authentication method to be used to authenticate clients.
clientCidrBlock String: The IPv4 address range, in CIDR notation, from which to assign client IP addresses. The address range cannot overlap with the local CIDR of the VPC in which the associated subnet is located, or the routes that you add manually. The address range cannot be changed after the Client VPN endpoint has been created. The CIDR block should be /22 or greater.
clientConnectOptions Property Map: The options for managing connection authorization for new client connections.
clientLoginBannerOptions Property Map: Options for enabling a customizable text banner that will be displayed on AWS provided clients when a VPN session is established.
connectionLogOptions Property Map: Information about the client connection logging options.
description String: A brief description of the Client VPN endpoint.
disconnectOnSessionTimeout Boolean: Indicates whether the client VPN session is disconnected after the maximum session_timeout_hours is reached. If true, users are prompted to reconnect client VPN. If false, client VPN attempts to reconnect automatically. The default value is false.
dnsName String: The DNS name to be used by clients when establishing their VPN session.
dnsServers List<String>: Information about the DNS servers to be used for DNS resolution. A Client VPN endpoint can have up to two DNS servers. If no DNS server is specified, the DNS address of the connecting device is used.
securityGroupIds List<String>: The IDs of one or more security groups to apply to the target network. You must also specify the ID of the VPC that contains the security groups.
selfServicePortal String: Specify whether to enable the self-service portal for the Client VPN endpoint. Values can be enabled or disabled. Default value is disabled.
selfServicePortalUrl String: The URL of the self-service portal.
serverCertificateArn String: The ARN of the ACM server certificate.
sessionTimeoutHours Number: The maximum session duration is a trigger by which end-users are required to re-authenticate prior to establishing a VPN session. Default value is 24 - Valid values: 8 | 10 | 12 | 24
splitTunnel Boolean: Indicates whether split-tunnel is enabled on VPN endpoint. Default value is false.
tags Map<String>: A mapping of tags to assign to the resource. If configured with a provider default_tags configuration block present, tags with matching keys will overwrite those defined at the provider-level.
tagsAll Map<String>: A map of tags assigned to the resource, including those inherited from the provider default_tags configuration block.
Deprecated: Please use tags instead.
transportProtocol String: The transport protocol to be used by the VPN session. Default value is udp.
vpcId String: The ID of the VPC to associate with the Client VPN endpoint. If no security group IDs are specified in the request, the default security group for the VPC is applied.
vpnPort Number: The port number for the Client VPN endpoint. Valid values are 443 and 1194. Default value is 443.

Supporting Types

EndpointAuthenticationOption
, EndpointAuthenticationOptionArgs

Type string: The type of client authentication to be used. Specify certificate-authentication to use certificate-based authentication, directory-service-authentication to use Active Directory authentication, or federated-authentication to use Federated Authentication via SAML 2.0.
ActiveDirectoryId string: The ID of the Active Directory to be used for authentication if type is directory-service-authentication.
RootCertificateChainArn string: The ARN of the client certificate. The certificate must be signed by a certificate authority (CA) and it must be provisioned in AWS Certificate Manager (ACM). Only necessary when type is set to certificate-authentication.
SamlProviderArn string: The ARN of the IAM SAML identity provider if type is federated-authentication.
SelfServiceSamlProviderArn string: The ARN of the IAM SAML identity provider for the self service portal if type is federated-authentication.

Type string: The type of client authentication to be used. Specify certificate-authentication to use certificate-based authentication, directory-service-authentication to use Active Directory authentication, or federated-authentication to use Federated Authentication via SAML 2.0.
ActiveDirectoryId string: The ID of the Active Directory to be used for authentication if type is directory-service-authentication.
RootCertificateChainArn string: The ARN of the client certificate. The certificate must be signed by a certificate authority (CA) and it must be provisioned in AWS Certificate Manager (ACM). Only necessary when type is set to certificate-authentication.
SamlProviderArn string: The ARN of the IAM SAML identity provider if type is federated-authentication.
SelfServiceSamlProviderArn string: The ARN of the IAM SAML identity provider for the self service portal if type is federated-authentication.

type String: The type of client authentication to be used. Specify certificate-authentication to use certificate-based authentication, directory-service-authentication to use Active Directory authentication, or federated-authentication to use Federated Authentication via SAML 2.0.
activeDirectoryId String: The ID of the Active Directory to be used for authentication if type is directory-service-authentication.
rootCertificateChainArn String: The ARN of the client certificate. The certificate must be signed by a certificate authority (CA) and it must be provisioned in AWS Certificate Manager (ACM). Only necessary when type is set to certificate-authentication.
samlProviderArn String: The ARN of the IAM SAML identity provider if type is federated-authentication.
selfServiceSamlProviderArn String: The ARN of the IAM SAML identity provider for the self service portal if type is federated-authentication.

type string: The type of client authentication to be used. Specify certificate-authentication to use certificate-based authentication, directory-service-authentication to use Active Directory authentication, or federated-authentication to use Federated Authentication via SAML 2.0.
activeDirectoryId string: The ID of the Active Directory to be used for authentication if type is directory-service-authentication.
rootCertificateChainArn string: The ARN of the client certificate. The certificate must be signed by a certificate authority (CA) and it must be provisioned in AWS Certificate Manager (ACM). Only necessary when type is set to certificate-authentication.
samlProviderArn string: The ARN of the IAM SAML identity provider if type is federated-authentication.
selfServiceSamlProviderArn string: The ARN of the IAM SAML identity provider for the self service portal if type is federated-authentication.

type str: The type of client authentication to be used. Specify certificate-authentication to use certificate-based authentication, directory-service-authentication to use Active Directory authentication, or federated-authentication to use Federated Authentication via SAML 2.0.
active_directory_id str: The ID of the Active Directory to be used for authentication if type is directory-service-authentication.
root_certificate_chain_arn str: The ARN of the client certificate. The certificate must be signed by a certificate authority (CA) and it must be provisioned in AWS Certificate Manager (ACM). Only necessary when type is set to certificate-authentication.
saml_provider_arn str: The ARN of the IAM SAML identity provider if type is federated-authentication.
self_service_saml_provider_arn str: The ARN of the IAM SAML identity provider for the self service portal if type is federated-authentication.

type String: The type of client authentication to be used. Specify certificate-authentication to use certificate-based authentication, directory-service-authentication to use Active Directory authentication, or federated-authentication to use Federated Authentication via SAML 2.0.
activeDirectoryId String: The ID of the Active Directory to be used for authentication if type is directory-service-authentication.
rootCertificateChainArn String: The ARN of the client certificate. The certificate must be signed by a certificate authority (CA) and it must be provisioned in AWS Certificate Manager (ACM). Only necessary when type is set to certificate-authentication.
samlProviderArn String: The ARN of the IAM SAML identity provider if type is federated-authentication.
selfServiceSamlProviderArn String: The ARN of the IAM SAML identity provider for the self service portal if type is federated-authentication.

EndpointClientConnectOptions
, EndpointClientConnectOptionsArgs

Enabled bool: Indicates whether client connect options are enabled. The default is false (not enabled).
LambdaFunctionArn string: The Amazon Resource Name (ARN) of the Lambda function used for connection authorization.

Enabled bool: Indicates whether client connect options are enabled. The default is false (not enabled).
LambdaFunctionArn string: The Amazon Resource Name (ARN) of the Lambda function used for connection authorization.

enabled Boolean: Indicates whether client connect options are enabled. The default is false (not enabled).
lambdaFunctionArn String: The Amazon Resource Name (ARN) of the Lambda function used for connection authorization.

enabled boolean: Indicates whether client connect options are enabled. The default is false (not enabled).
lambdaFunctionArn string: The Amazon Resource Name (ARN) of the Lambda function used for connection authorization.

enabled bool: Indicates whether client connect options are enabled. The default is false (not enabled).
lambda_function_arn str: The Amazon Resource Name (ARN) of the Lambda function used for connection authorization.

enabled Boolean: Indicates whether client connect options are enabled. The default is false (not enabled).
lambdaFunctionArn String: The Amazon Resource Name (ARN) of the Lambda function used for connection authorization.

EndpointClientLoginBannerOptions
, EndpointClientLoginBannerOptionsArgs

BannerText string: Customizable text that will be displayed in a banner on AWS provided clients when a VPN session is established. UTF-8 encoded characters only. Maximum of 1400 characters.
Enabled bool: Enable or disable a customizable text banner that will be displayed on AWS provided clients when a VPN session is established. The default is false (not enabled).

BannerText string: Customizable text that will be displayed in a banner on AWS provided clients when a VPN session is established. UTF-8 encoded characters only. Maximum of 1400 characters.
Enabled bool: Enable or disable a customizable text banner that will be displayed on AWS provided clients when a VPN session is established. The default is false (not enabled).

bannerText String: Customizable text that will be displayed in a banner on AWS provided clients when a VPN session is established. UTF-8 encoded characters only. Maximum of 1400 characters.
enabled Boolean: Enable or disable a customizable text banner that will be displayed on AWS provided clients when a VPN session is established. The default is false (not enabled).

bannerText string: Customizable text that will be displayed in a banner on AWS provided clients when a VPN session is established. UTF-8 encoded characters only. Maximum of 1400 characters.
enabled boolean: Enable or disable a customizable text banner that will be displayed on AWS provided clients when a VPN session is established. The default is false (not enabled).

banner_text str: Customizable text that will be displayed in a banner on AWS provided clients when a VPN session is established. UTF-8 encoded characters only. Maximum of 1400 characters.
enabled bool: Enable or disable a customizable text banner that will be displayed on AWS provided clients when a VPN session is established. The default is false (not enabled).

bannerText String: Customizable text that will be displayed in a banner on AWS provided clients when a VPN session is established. UTF-8 encoded characters only. Maximum of 1400 characters.
enabled Boolean: Enable or disable a customizable text banner that will be displayed on AWS provided clients when a VPN session is established. The default is false (not enabled).

EndpointConnectionLogOptions
, EndpointConnectionLogOptionsArgs

Enabled bool: Indicates whether connection logging is enabled.
CloudwatchLogGroup string: The name of the CloudWatch Logs log group.
CloudwatchLogStream string: The name of the CloudWatch Logs log stream to which the connection data is published.

Enabled bool: Indicates whether connection logging is enabled.
CloudwatchLogGroup string: The name of the CloudWatch Logs log group.
CloudwatchLogStream string: The name of the CloudWatch Logs log stream to which the connection data is published.

enabled Boolean: Indicates whether connection logging is enabled.
cloudwatchLogGroup String: The name of the CloudWatch Logs log group.
cloudwatchLogStream String: The name of the CloudWatch Logs log stream to which the connection data is published.

enabled boolean: Indicates whether connection logging is enabled.
cloudwatchLogGroup string: The name of the CloudWatch Logs log group.
cloudwatchLogStream string: The name of the CloudWatch Logs log stream to which the connection data is published.

enabled bool: Indicates whether connection logging is enabled.
cloudwatch_log_group str: The name of the CloudWatch Logs log group.
cloudwatch_log_stream str: The name of the CloudWatch Logs log stream to which the connection data is published.

enabled Boolean: Indicates whether connection logging is enabled.
cloudwatchLogGroup String: The name of the CloudWatch Logs log group.
cloudwatchLogStream String: The name of the CloudWatch Logs log stream to which the connection data is published.

Import

Using pulumi import, import AWS Client VPN endpoints using the id value found via aws ec2 describe-client-vpn-endpoints. For example:

$ pulumi import aws:ec2clientvpn/endpoint:Endpoint example cvpn-endpoint-0ac3a1abbccddd666

To learn more about importing existing cloud resources, see Importing resources.

Package Details

Repository: AWS Classic pulumi/pulumi-aws
License: Apache-2.0
Notes: This Pulumi package is based on the aws Terraform Provider.

AWS v6.77.0 published on Wednesday, Apr 9, 2025 by Pulumi

pulumi/pulumi-aws

aws.ec2clientvpn.Endpoint

On this page

On this page

Example Usage

Create Endpoint Resource

Constructor syntax

Parameters

Constructor example

Endpoint Resource Properties

Inputs

Outputs

Look up Existing Endpoint Resource

Supporting Types

EndpointAuthenticationOption
, EndpointAuthenticationOptionArgs

EndpointClientConnectOptions
, EndpointClientConnectOptionsArgs

EndpointClientLoginBannerOptions
, EndpointClientLoginBannerOptionsArgs

EndpointConnectionLogOptions
, EndpointConnectionLogOptionsArgs

Import

Package Details

On this page

On this page

aws.ec2clientvpn.Endpoint

On this page

On this page

Example Usage

Create Endpoint Resource

Constructor syntax

Parameters

Constructor example

Endpoint Resource Properties

Inputs

Outputs

Look up Existing Endpoint Resource

Supporting Types

EndpointAuthenticationOption, EndpointAuthenticationOptionArgs

EndpointClientConnectOptions, EndpointClientConnectOptionsArgs

EndpointClientLoginBannerOptions, EndpointClientLoginBannerOptionsArgs

EndpointConnectionLogOptions, EndpointConnectionLogOptionsArgs

Import

Package Details

On this page

On this page

EndpointAuthenticationOption
, EndpointAuthenticationOptionArgs

EndpointClientConnectOptions
, EndpointClientConnectOptionsArgs

EndpointClientLoginBannerOptions
, EndpointClientLoginBannerOptionsArgs

EndpointConnectionLogOptions
, EndpointConnectionLogOptionsArgs