CfnClientVpnEndpointPropsMixin

class aws_cdk.mixins_preview.aws_ec2.mixins.CfnClientVpnEndpointPropsMixin(props, *, strategy=None)

Bases: Mixin

Specifies a Client VPN endpoint.

A Client VPN endpoint is the resource you create and configure to enable and manage client VPN sessions. It is the destination endpoint at which all client VPN sessions are terminated.

See:: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ec2-clientvpnendpoint.html
CloudformationResource:: AWS::EC2::ClientVpnEndpoint
Mixin:: true
ExampleMetadata:: fixture=_generated

Example:

# The code below shows an example of how to instantiate this type.
# The values are placeholders you should change.
from aws_cdk.mixins_preview import mixins
from aws_cdk.mixins_preview.aws_ec2 import mixins as ec2_mixins

cfn_client_vpn_endpoint_props_mixin = ec2_mixins.CfnClientVpnEndpointPropsMixin(ec2_mixins.CfnClientVpnEndpointMixinProps(
    authentication_options=[ec2_mixins.CfnClientVpnEndpointPropsMixin.ClientAuthenticationRequestProperty(
        active_directory=ec2_mixins.CfnClientVpnEndpointPropsMixin.DirectoryServiceAuthenticationRequestProperty(
            directory_id="directoryId"
        ),
        federated_authentication=ec2_mixins.CfnClientVpnEndpointPropsMixin.FederatedAuthenticationRequestProperty(
            saml_provider_arn="samlProviderArn",
            self_service_saml_provider_arn="selfServiceSamlProviderArn"
        ),
        mutual_authentication=ec2_mixins.CfnClientVpnEndpointPropsMixin.CertificateAuthenticationRequestProperty(
            client_root_certificate_chain_arn="clientRootCertificateChainArn"
        ),
        type="type"
    )],
    client_cidr_block="clientCidrBlock",
    client_connect_options=ec2_mixins.CfnClientVpnEndpointPropsMixin.ClientConnectOptionsProperty(
        enabled=False,
        lambda_function_arn="lambdaFunctionArn"
    ),
    client_login_banner_options=ec2_mixins.CfnClientVpnEndpointPropsMixin.ClientLoginBannerOptionsProperty(
        banner_text="bannerText",
        enabled=False
    ),
    client_route_enforcement_options=ec2_mixins.CfnClientVpnEndpointPropsMixin.ClientRouteEnforcementOptionsProperty(
        enforced=False
    ),
    connection_log_options=ec2_mixins.CfnClientVpnEndpointPropsMixin.ConnectionLogOptionsProperty(
        cloudwatch_log_group="cloudwatchLogGroup",
        cloudwatch_log_stream="cloudwatchLogStream",
        enabled=False
    ),
    description="description",
    disconnect_on_session_timeout=False,
    dns_servers=["dnsServers"],
    security_group_ids=["securityGroupIds"],
    self_service_portal="selfServicePortal",
    server_certificate_arn="serverCertificateArn",
    session_timeout_hours=123,
    split_tunnel=False,
    tag_specifications=[ec2_mixins.CfnClientVpnEndpointPropsMixin.TagSpecificationProperty(
        resource_type="resourceType",
        tags=[CfnTag(
            key="key",
            value="value"
        )]
    )],
    transport_protocol="transportProtocol",
    vpc_id="vpcId",
    vpn_port=123
),
    strategy=mixins.PropertyMergeStrategy.OVERRIDE
)

Create a mixin to apply properties to AWS::EC2::ClientVpnEndpoint.

Parameters:

props (Union[CfnClientVpnEndpointMixinProps, Dict[str, Any]]) – L1 properties to apply.
strategy (Optional[PropertyMergeStrategy]) – (experimental) Strategy for merging nested properties. Default: - PropertyMergeStrategy.MERGE

Methods

apply_to(construct)

Apply the mixin properties to the construct.

Parameters:: construct (IConstruct)
Return type:: IConstruct

supports(construct)

Check if this mixin supports the given construct.

Parameters:: construct (IConstruct)
Return type:: bool

Attributes

CFN_PROPERTY_KEYS = ['authenticationOptions', 'clientCidrBlock', 'clientConnectOptions', 'clientLoginBannerOptions', 'clientRouteEnforcementOptions', 'connectionLogOptions', 'description', 'disconnectOnSessionTimeout', 'dnsServers', 'securityGroupIds', 'selfServicePortal', 'serverCertificateArn', 'sessionTimeoutHours', 'splitTunnel', 'tagSpecifications', 'transportProtocol', 'vpcId', 'vpnPort']

Static Methods

classmethod is_mixin(x)

(experimental) Checks if x is a Mixin.

Parameters:: x (Any) – Any object.
Return type:: bool
Returns:: true if x is an object created from a class which extends Mixin.
Stability:: experimental

CertificateAuthenticationRequestProperty

class CfnClientVpnEndpointPropsMixin.CertificateAuthenticationRequestProperty(*, client_root_certificate_chain_arn=None)

Bases: object

Information about the client certificate to be used for authentication.

Parameters:: client_root_certificate_chain_arn (Optional[str]) – The ARN of the client certificate. The certificate must be signed by a certificate authority (CA) and it must be provisioned in Certificate Manager (ACM).
See:: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-ec2-clientvpnendpoint-certificateauthenticationrequest.html
ExampleMetadata:: fixture=_generated

Example:

# The code below shows an example of how to instantiate this type.
# The values are placeholders you should change.
from aws_cdk.mixins_preview.aws_ec2 import mixins as ec2_mixins

certificate_authentication_request_property = ec2_mixins.CfnClientVpnEndpointPropsMixin.CertificateAuthenticationRequestProperty(
    client_root_certificate_chain_arn="clientRootCertificateChainArn"
)

Attributes

client_root_certificate_chain_arn

The ARN of the client certificate.

The certificate must be signed by a certificate authority (CA) and it must be provisioned in Certificate Manager (ACM).

See:: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-ec2-clientvpnendpoint-certificateauthenticationrequest.html#cfn-ec2-clientvpnendpoint-certificateauthenticationrequest-clientrootcertificatechainarn

ClientAuthenticationRequestProperty

class CfnClientVpnEndpointPropsMixin.ClientAuthenticationRequestProperty(*, active_directory=None, federated_authentication=None, mutual_authentication=None, type=None)

Bases: object

Describes the authentication method to be used by a Client VPN endpoint.

For more information, see Authentication in the AWS Client VPN Administrator Guide .

Parameters:

active_directory (Union[IResolvable, DirectoryServiceAuthenticationRequestProperty, Dict[str, Any], None]) – Information about the Active Directory to be used, if applicable. You must provide this information if Type is directory-service-authentication .
federated_authentication (Union[IResolvable, FederatedAuthenticationRequestProperty, Dict[str, Any], None]) – Information about the IAM SAML identity provider, if applicable.
mutual_authentication (Union[IResolvable, CertificateAuthenticationRequestProperty, Dict[str, Any], None]) – Information about the authentication certificates to be used, if applicable. You must provide this information if Type is certificate-authentication .
type (Optional[str]) – The type of client authentication to be used.

See:

http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-ec2-clientvpnendpoint-clientauthenticationrequest.html

ExampleMetadata:

fixture=_generated

Example:

# The code below shows an example of how to instantiate this type.
# The values are placeholders you should change.
from aws_cdk.mixins_preview.aws_ec2 import mixins as ec2_mixins

client_authentication_request_property = ec2_mixins.CfnClientVpnEndpointPropsMixin.ClientAuthenticationRequestProperty(
    active_directory=ec2_mixins.CfnClientVpnEndpointPropsMixin.DirectoryServiceAuthenticationRequestProperty(
        directory_id="directoryId"
    ),
    federated_authentication=ec2_mixins.CfnClientVpnEndpointPropsMixin.FederatedAuthenticationRequestProperty(
        saml_provider_arn="samlProviderArn",
        self_service_saml_provider_arn="selfServiceSamlProviderArn"
    ),
    mutual_authentication=ec2_mixins.CfnClientVpnEndpointPropsMixin.CertificateAuthenticationRequestProperty(
        client_root_certificate_chain_arn="clientRootCertificateChainArn"
    ),
    type="type"
)

Attributes

active_directory

Information about the Active Directory to be used, if applicable.

You must provide this information if Type is directory-service-authentication .

See:: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-ec2-clientvpnendpoint-clientauthenticationrequest.html#cfn-ec2-clientvpnendpoint-clientauthenticationrequest-activedirectory

federated_authentication

Information about the IAM SAML identity provider, if applicable.

See:: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-ec2-clientvpnendpoint-clientauthenticationrequest.html#cfn-ec2-clientvpnendpoint-clientauthenticationrequest-federatedauthentication

mutual_authentication

Information about the authentication certificates to be used, if applicable.

You must provide this information if Type is certificate-authentication .

See:: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-ec2-clientvpnendpoint-clientauthenticationrequest.html#cfn-ec2-clientvpnendpoint-clientauthenticationrequest-mutualauthentication

type

The type of client authentication to be used.

See:: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-ec2-clientvpnendpoint-clientauthenticationrequest.html#cfn-ec2-clientvpnendpoint-clientauthenticationrequest-type

ClientConnectOptionsProperty

class CfnClientVpnEndpointPropsMixin.ClientConnectOptionsProperty(*, enabled=None, lambda_function_arn=None)

Bases: object

Indicates whether client connect options are enabled.

The default is false (not enabled).

Parameters:

enabled (Union[bool, IResolvable, None]) – Indicates whether client connect options are enabled. The default is false (not enabled).
lambda_function_arn (Optional[str]) – The Amazon Resource Name (ARN) of the AWS Lambda function used for connection authorization.

See:

http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-ec2-clientvpnendpoint-clientconnectoptions.html

ExampleMetadata:

fixture=_generated

Example:

# The code below shows an example of how to instantiate this type.
# The values are placeholders you should change.
from aws_cdk.mixins_preview.aws_ec2 import mixins as ec2_mixins

client_connect_options_property = ec2_mixins.CfnClientVpnEndpointPropsMixin.ClientConnectOptionsProperty(
    enabled=False,
    lambda_function_arn="lambdaFunctionArn"
)

Attributes

enabled

Indicates whether client connect options are enabled.

The default is false (not enabled).

See:: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-ec2-clientvpnendpoint-clientconnectoptions.html#cfn-ec2-clientvpnendpoint-clientconnectoptions-enabled

lambda_function_arn

The Amazon Resource Name (ARN) of the AWS Lambda function used for connection authorization.

See:: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-ec2-clientvpnendpoint-clientconnectoptions.html#cfn-ec2-clientvpnendpoint-clientconnectoptions-lambdafunctionarn

ClientLoginBannerOptionsProperty

class CfnClientVpnEndpointPropsMixin.ClientLoginBannerOptionsProperty(*, banner_text=None, enabled=None)

Bases: object

Options for enabling a customizable text banner that will be displayed on AWS provided clients when a VPN session is established.

Parameters:

banner_text (Optional[str]) – Customizable text that will be displayed in a banner on AWS provided clients when a VPN session is established. UTF-8 encoded characters only. Maximum of 1400 characters.
enabled (Union[bool, IResolvable, None]) – Enable or disable a customizable text banner that will be displayed on AWS provided clients when a VPN session is established. Valid values: true | false Default value: false

See:

http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-ec2-clientvpnendpoint-clientloginbanneroptions.html

ExampleMetadata:

fixture=_generated

Example:

# The code below shows an example of how to instantiate this type.
# The values are placeholders you should change.
from aws_cdk.mixins_preview.aws_ec2 import mixins as ec2_mixins

client_login_banner_options_property = ec2_mixins.CfnClientVpnEndpointPropsMixin.ClientLoginBannerOptionsProperty(
    banner_text="bannerText",
    enabled=False
)

Attributes

banner_text

Customizable text that will be displayed in a banner on AWS provided clients when a VPN session is established.

UTF-8 encoded characters only. Maximum of 1400 characters.

See:: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-ec2-clientvpnendpoint-clientloginbanneroptions.html#cfn-ec2-clientvpnendpoint-clientloginbanneroptions-bannertext

enabled

Enable or disable a customizable text banner that will be displayed on AWS provided clients when a VPN session is established.

Valid values: true | false

Default value: false

See:: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-ec2-clientvpnendpoint-clientloginbanneroptions.html#cfn-ec2-clientvpnendpoint-clientloginbanneroptions-enabled

ClientRouteEnforcementOptionsProperty

class CfnClientVpnEndpointPropsMixin.ClientRouteEnforcementOptionsProperty(*, enforced=None)

Bases: object

Client Route Enforcement is a feature of Client VPN that helps enforce administrator defined routes on devices connected through the VPN.

This feature helps improve your security posture by ensuring that network traffic originating from a connected client is not inadvertently sent outside the VPN tunnel.

Client Route Enforcement works by monitoring the route table of a connected device for routing policy changes to the VPN connection. If the feature detects any VPN routing policy modifications, it will automatically force an update to the route table, reverting it back to the expected route configurations.

Parameters:: enforced (Union[bool, IResolvable, None]) – Enable or disable Client Route Enforcement. The state can either be true (enabled) or false (disabled). The default is false . Valid values: true | false Default value: false
See:: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-ec2-clientvpnendpoint-clientrouteenforcementoptions.html
ExampleMetadata:: fixture=_generated

Example:

# The code below shows an example of how to instantiate this type.
# The values are placeholders you should change.
from aws_cdk.mixins_preview.aws_ec2 import mixins as ec2_mixins

client_route_enforcement_options_property = ec2_mixins.CfnClientVpnEndpointPropsMixin.ClientRouteEnforcementOptionsProperty(
    enforced=False
)

Attributes

enforced

Enable or disable Client Route Enforcement.

The state can either be true (enabled) or false (disabled). The default is false .

Valid values: true | false

Default value: false

See:: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-ec2-clientvpnendpoint-clientrouteenforcementoptions.html#cfn-ec2-clientvpnendpoint-clientrouteenforcementoptions-enforced

ConnectionLogOptionsProperty

class CfnClientVpnEndpointPropsMixin.ConnectionLogOptionsProperty(*, cloudwatch_log_group=None, cloudwatch_log_stream=None, enabled=None)

Bases: object

Describes the client connection logging options for the Client VPN endpoint.

Parameters:

cloudwatch_log_group (Optional[str]) – The name of the CloudWatch Logs log group. Required if connection logging is enabled.
cloudwatch_log_stream (Optional[str]) – The name of the CloudWatch Logs log stream to which the connection data is published.
enabled (Union[bool, IResolvable, None]) – Indicates whether connection logging is enabled.

See:

http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-ec2-clientvpnendpoint-connectionlogoptions.html

ExampleMetadata:

fixture=_generated

Example:

# The code below shows an example of how to instantiate this type.
# The values are placeholders you should change.
from aws_cdk.mixins_preview.aws_ec2 import mixins as ec2_mixins

connection_log_options_property = ec2_mixins.CfnClientVpnEndpointPropsMixin.ConnectionLogOptionsProperty(
    cloudwatch_log_group="cloudwatchLogGroup",
    cloudwatch_log_stream="cloudwatchLogStream",
    enabled=False
)

Attributes

cloudwatch_log_group

The name of the CloudWatch Logs log group.

Required if connection logging is enabled.

See:: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-ec2-clientvpnendpoint-connectionlogoptions.html#cfn-ec2-clientvpnendpoint-connectionlogoptions-cloudwatchloggroup

cloudwatch_log_stream

The name of the CloudWatch Logs log stream to which the connection data is published.

See:: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-ec2-clientvpnendpoint-connectionlogoptions.html#cfn-ec2-clientvpnendpoint-connectionlogoptions-cloudwatchlogstream

enabled

Indicates whether connection logging is enabled.

See:: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-ec2-clientvpnendpoint-connectionlogoptions.html#cfn-ec2-clientvpnendpoint-connectionlogoptions-enabled

DirectoryServiceAuthenticationRequestProperty

class CfnClientVpnEndpointPropsMixin.DirectoryServiceAuthenticationRequestProperty(*, directory_id=None)

Bases: object

Describes the Active Directory to be used for client authentication.

Parameters:: directory_id (Optional[str]) – The ID of the Active Directory to be used for authentication.
See:: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-ec2-clientvpnendpoint-directoryserviceauthenticationrequest.html
ExampleMetadata:: fixture=_generated

Example:

# The code below shows an example of how to instantiate this type.
# The values are placeholders you should change.
from aws_cdk.mixins_preview.aws_ec2 import mixins as ec2_mixins

directory_service_authentication_request_property = ec2_mixins.CfnClientVpnEndpointPropsMixin.DirectoryServiceAuthenticationRequestProperty(
    directory_id="directoryId"
)

Attributes

directory_id

The ID of the Active Directory to be used for authentication.

See:: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-ec2-clientvpnendpoint-directoryserviceauthenticationrequest.html#cfn-ec2-clientvpnendpoint-directoryserviceauthenticationrequest-directoryid

FederatedAuthenticationRequestProperty

class CfnClientVpnEndpointPropsMixin.FederatedAuthenticationRequestProperty(*, saml_provider_arn=None, self_service_saml_provider_arn=None)

Bases: object

The IAM SAML identity provider used for federated authentication.

Parameters:

saml_provider_arn (Optional[str]) – The Amazon Resource Name (ARN) of the IAM SAML identity provider.
self_service_saml_provider_arn (Optional[str]) – The Amazon Resource Name (ARN) of the IAM SAML identity provider for the self-service portal.

See:

http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-ec2-clientvpnendpoint-federatedauthenticationrequest.html

ExampleMetadata:

fixture=_generated

Example:

# The code below shows an example of how to instantiate this type.
# The values are placeholders you should change.
from aws_cdk.mixins_preview.aws_ec2 import mixins as ec2_mixins

federated_authentication_request_property = ec2_mixins.CfnClientVpnEndpointPropsMixin.FederatedAuthenticationRequestProperty(
    saml_provider_arn="samlProviderArn",
    self_service_saml_provider_arn="selfServiceSamlProviderArn"
)

Attributes

saml_provider_arn

The Amazon Resource Name (ARN) of the IAM SAML identity provider.

See:: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-ec2-clientvpnendpoint-federatedauthenticationrequest.html#cfn-ec2-clientvpnendpoint-federatedauthenticationrequest-samlproviderarn

self_service_saml_provider_arn

The Amazon Resource Name (ARN) of the IAM SAML identity provider for the self-service portal.

See:: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-ec2-clientvpnendpoint-federatedauthenticationrequest.html#cfn-ec2-clientvpnendpoint-federatedauthenticationrequest-selfservicesamlproviderarn

TagSpecificationProperty

class CfnClientVpnEndpointPropsMixin.TagSpecificationProperty(*, resource_type=None, tags=None)

Bases: object

Specifies the tags to apply to the Client VPN endpoint.

Parameters:

resource_type (Optional[str]) – The type of resource to tag. To tag a Client VPN endpoint, ResourceType must be client-vpn-endpoint .
tags (Optional[Sequence[Union[CfnTag, Dict[str, Any]]]]) – The tags to apply to the resource.

See:

http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-ec2-clientvpnendpoint-tagspecification.html

ExampleMetadata:

fixture=_generated

Example:

# The code below shows an example of how to instantiate this type.
# The values are placeholders you should change.
from aws_cdk.mixins_preview.aws_ec2 import mixins as ec2_mixins

tag_specification_property = ec2_mixins.CfnClientVpnEndpointPropsMixin.TagSpecificationProperty(
    resource_type="resourceType",
    tags=[CfnTag(
        key="key",
        value="value"
    )]
)

Attributes

resource_type

The type of resource to tag.

To tag a Client VPN endpoint, ResourceType must be client-vpn-endpoint .

See:: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-ec2-clientvpnendpoint-tagspecification.html#cfn-ec2-clientvpnendpoint-tagspecification-resourcetype

tags

The tags to apply to the resource.

See:: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-ec2-clientvpnendpoint-tagspecification.html#cfn-ec2-clientvpnendpoint-tagspecification-tags