This is the new *CloudFormation Template Reference Guide*. Please update your bookmarks and links. For help getting started with CloudFormation, see the [AWS CloudFormation User Guide](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/Welcome.html). # AWS::EC2::VerifiedAccessEndpoint An AWS Verified Access endpoint specifies the application that AWS Verified Access provides access to. It must be attached to an AWS Verified Access group. An AWS Verified Access endpoint must also have an attached access policy before you attached it to a group. ## Syntax To declare this entity in your CloudFormation template, use the following syntax: ### JSON ``` { "Type" : "AWS::EC2::VerifiedAccessEndpoint", "Properties" : { "[ApplicationDomain](#cfn-ec2-verifiedaccessendpoint-applicationdomain)" : String, "[AttachmentType](#cfn-ec2-verifiedaccessendpoint-attachmenttype)" : String, "[CidrOptions](#cfn-ec2-verifiedaccessendpoint-cidroptions)" : CidrOptions, "[Description](#cfn-ec2-verifiedaccessendpoint-description)" : String, "[DomainCertificateArn](#cfn-ec2-verifiedaccessendpoint-domaincertificatearn)" : String, "[EndpointDomainPrefix](#cfn-ec2-verifiedaccessendpoint-endpointdomainprefix)" : String, "[EndpointType](#cfn-ec2-verifiedaccessendpoint-endpointtype)" : String, "[LoadBalancerOptions](#cfn-ec2-verifiedaccessendpoint-loadbalanceroptions)" : LoadBalancerOptions, "[NetworkInterfaceOptions](#cfn-ec2-verifiedaccessendpoint-networkinterfaceoptions)" : NetworkInterfaceOptions, "[PolicyDocument](#cfn-ec2-verifiedaccessendpoint-policydocument)" : String, "[PolicyEnabled](#cfn-ec2-verifiedaccessendpoint-policyenabled)" : Boolean, "[RdsOptions](#cfn-ec2-verifiedaccessendpoint-rdsoptions)" : RdsOptions, "[SecurityGroupIds](#cfn-ec2-verifiedaccessendpoint-securitygroupids)" : [ String, ... ], "[SseSpecification](#cfn-ec2-verifiedaccessendpoint-ssespecification)" : SseSpecification, "[Tags](#cfn-ec2-verifiedaccessendpoint-tags)" : [ Tag, ... ], "[VerifiedAccessGroupId](#cfn-ec2-verifiedaccessendpoint-verifiedaccessgroupid)" : String } } ``` ### YAML ``` Type: AWS::EC2::VerifiedAccessEndpoint Properties: [ApplicationDomain](#cfn-ec2-verifiedaccessendpoint-applicationdomain): String [AttachmentType](#cfn-ec2-verifiedaccessendpoint-attachmenttype): String [CidrOptions](#cfn-ec2-verifiedaccessendpoint-cidroptions): CidrOptions [Description](#cfn-ec2-verifiedaccessendpoint-description): String [DomainCertificateArn](#cfn-ec2-verifiedaccessendpoint-domaincertificatearn): String [EndpointDomainPrefix](#cfn-ec2-verifiedaccessendpoint-endpointdomainprefix): String [EndpointType](#cfn-ec2-verifiedaccessendpoint-endpointtype): String [LoadBalancerOptions](#cfn-ec2-verifiedaccessendpoint-loadbalanceroptions): LoadBalancerOptions [NetworkInterfaceOptions](#cfn-ec2-verifiedaccessendpoint-networkinterfaceoptions): NetworkInterfaceOptions [PolicyDocument](#cfn-ec2-verifiedaccessendpoint-policydocument): String [PolicyEnabled](#cfn-ec2-verifiedaccessendpoint-policyenabled): Boolean [RdsOptions](#cfn-ec2-verifiedaccessendpoint-rdsoptions): RdsOptions [SecurityGroupIds](#cfn-ec2-verifiedaccessendpoint-securitygroupids): - String [SseSpecification](#cfn-ec2-verifiedaccessendpoint-ssespecification): SseSpecification [Tags](#cfn-ec2-verifiedaccessendpoint-tags): - Tag [VerifiedAccessGroupId](#cfn-ec2-verifiedaccessendpoint-verifiedaccessgroupid): String ``` ## Properties `ApplicationDomain` The DNS name for users to reach your application. *Required*: No *Type*: String *Update requires*: [Replacement](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-cfn-updating-stacks-update-behaviors.html#update-replacement) `AttachmentType` The type of attachment used to provide connectivity between the AWS Verified Access endpoint and the application. *Required*: Yes *Type*: String *Allowed values*: `vpc` *Update requires*: [Replacement](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-cfn-updating-stacks-update-behaviors.html#update-replacement) `CidrOptions` The options for a CIDR endpoint. *Required*: No *Type*: [CidrOptions](aws-properties-ec2-verifiedaccessendpoint-cidroptions.md) *Update requires*: [No interruption](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-cfn-updating-stacks-update-behaviors.html#update-no-interrupt) `Description` A description for the AWS Verified Access endpoint. *Required*: No *Type*: String *Update requires*: [No interruption](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-cfn-updating-stacks-update-behaviors.html#update-no-interrupt) `DomainCertificateArn` The ARN of a public TLS/SSL certificate imported into or created with ACM. *Required*: No *Type*: String *Update requires*: [Replacement](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-cfn-updating-stacks-update-behaviors.html#update-replacement) `EndpointDomainPrefix` A custom identifier that is prepended to the DNS name that is generated for the endpoint. *Required*: No *Type*: String *Update requires*: [Replacement](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-cfn-updating-stacks-update-behaviors.html#update-replacement) `EndpointType` The type of AWS Verified Access endpoint. Incoming application requests will be sent to an IP address, load balancer or a network interface depending on the endpoint type specified. *Required*: Yes *Type*: String *Allowed values*: `load-balancer | network-interface | rds | cidr` *Update requires*: [Replacement](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-cfn-updating-stacks-update-behaviors.html#update-replacement) `LoadBalancerOptions` The load balancer details if creating the AWS Verified Access endpoint as `load-balancer`type. *Required*: No *Type*: [LoadBalancerOptions](aws-properties-ec2-verifiedaccessendpoint-loadbalanceroptions.md) *Update requires*: [No interruption](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-cfn-updating-stacks-update-behaviors.html#update-no-interrupt) `NetworkInterfaceOptions` The options for network-interface type endpoint. *Required*: No *Type*: [NetworkInterfaceOptions](aws-properties-ec2-verifiedaccessendpoint-networkinterfaceoptions.md) *Update requires*: [No interruption](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-cfn-updating-stacks-update-behaviors.html#update-no-interrupt) `PolicyDocument` The Verified Access policy document. *Required*: No *Type*: String *Update requires*: [No interruption](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-cfn-updating-stacks-update-behaviors.html#update-no-interrupt) `PolicyEnabled` The status of the Verified Access policy. *Required*: No *Type*: Boolean *Update requires*: [No interruption](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-cfn-updating-stacks-update-behaviors.html#update-no-interrupt) `RdsOptions` The options for an RDS endpoint. *Required*: No *Type*: [RdsOptions](aws-properties-ec2-verifiedaccessendpoint-rdsoptions.md) *Update requires*: [No interruption](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-cfn-updating-stacks-update-behaviors.html#update-no-interrupt) `SecurityGroupIds` The IDs of the security groups for the endpoint. *Required*: No *Type*: Array of String *Update requires*: [Replacement](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-cfn-updating-stacks-update-behaviors.html#update-replacement) `SseSpecification` The options for additional server side encryption. *Required*: No *Type*: [SseSpecification](aws-properties-ec2-verifiedaccessendpoint-ssespecification.md) *Update requires*: [No interruption](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-cfn-updating-stacks-update-behaviors.html#update-no-interrupt) `Tags` The tags. *Required*: No *Type*: Array of [Tag](aws-properties-ec2-verifiedaccessendpoint-tag.md) *Update requires*: [No interruption](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-cfn-updating-stacks-update-behaviors.html#update-no-interrupt) `VerifiedAccessGroupId` The ID of the AWS Verified Access group. *Required*: Yes *Type*: String *Update requires*: [No interruption](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-cfn-updating-stacks-update-behaviors.html#update-no-interrupt) ## Return values ### Ref When you pass the logical ID of this resource to the intrinsic `Ref` function, `Ref` returns the ID of the Verified Access endpoint. For more information about using the `Ref` function, see [https://docs.aws.amazon.com/AWSCloudFormation/latest/TemplateReference/intrinsic-function-reference-ref.html](https://docs.aws.amazon.com/AWSCloudFormation/latest/TemplateReference/intrinsic-function-reference-ref.html). ### Fn::GetAtt The `Fn::GetAtt` intrinsic function returns a value for a specified attribute of this type. The following are the available attributes and sample return values. For more information about using the `Fn::GetAtt` intrinsic function, see [https://docs.aws.amazon.com/AWSCloudFormation/latest/TemplateReference/intrinsic-function-reference-getatt.html](https://docs.aws.amazon.com/AWSCloudFormation/latest/TemplateReference/intrinsic-function-reference-getatt.html). #### `CreationTime` The creation time. `DeviceValidationDomain` Use this to construct the redirect URI to add to your OIDC provider's allow list. `EndpointDomain` The DNS name generated for the endpoint. `LastUpdatedTime` The last updated time. `Status` The endpoint status. `VerifiedAccessEndpointId` The ID of the Verified Access endpoint. `VerifiedAccessInstanceId` The instance identifier.