This is the new *CloudFormation Template Reference Guide*. Please update your bookmarks and links. For help getting started with CloudFormation, see the [AWS CloudFormation User Guide](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/Welcome.html). # AWS::EC2::VerifiedAccessEndpoint An AWS Verified Access endpoint specifies the application that AWS Verified Access provides access to. It must be attached to an AWS Verified Access group. An AWS Verified Access endpoint must also have an attached access policy before you attached it to a group. ## Syntax To declare this entity in your CloudFormation template, use the following syntax: ### JSON ``` { "Type" : "AWS::EC2::VerifiedAccessEndpoint", "Properties" : { "[ApplicationDomain](#cfn-ec2-verifiedaccessendpoint-applicationdomain)" : String, "[AttachmentType](#cfn-ec2-verifiedaccessendpoint-attachmenttype)" : String, "[CidrOptions](#cfn-ec2-verifiedaccessendpoint-cidroptions)" : CidrOptions, "[Description](#cfn-ec2-verifiedaccessendpoint-description)" : String, "[DomainCertificateArn](#cfn-ec2-verifiedaccessendpoint-domaincertificatearn)" : String, "[EndpointDomainPrefix](#cfn-ec2-verifiedaccessendpoint-endpointdomainprefix)" : String, "[EndpointType](#cfn-ec2-verifiedaccessendpoint-endpointtype)" : String, "[LoadBalancerOptions](#cfn-ec2-verifiedaccessendpoint-loadbalanceroptions)" : LoadBalancerOptions, "[NetworkInterfaceOptions](#cfn-ec2-verifiedaccessendpoint-networkinterfaceoptions)" : NetworkInterfaceOptions, "[PolicyDocument](#cfn-ec2-verifiedaccessendpoint-policydocument)" : String, "[PolicyEnabled](#cfn-ec2-verifiedaccessendpoint-policyenabled)" : Boolean, "[RdsOptions](#cfn-ec2-verifiedaccessendpoint-rdsoptions)" : RdsOptions, "[SecurityGroupIds](#cfn-ec2-verifiedaccessendpoint-securitygroupids)" : [ String, ... ], "[SseSpecification](#cfn-ec2-verifiedaccessendpoint-ssespecification)" : SseSpecification, "[Tags](#cfn-ec2-verifiedaccessendpoint-tags)" : [ Tag, ... ], "[VerifiedAccessGroupId](#cfn-ec2-verifiedaccessendpoint-verifiedaccessgroupid)" : String } } ``` ### YAML ``` Type: AWS::EC2::VerifiedAccessEndpoint Properties: [ApplicationDomain](#cfn-ec2-verifiedaccessendpoint-applicationdomain): String [AttachmentType](#cfn-ec2-verifiedaccessendpoint-attachmenttype): String [CidrOptions](#cfn-ec2-verifiedaccessendpoint-cidroptions): CidrOptions [Description](#cfn-ec2-verifiedaccessendpoint-description): String [DomainCertificateArn](#cfn-ec2-verifiedaccessendpoint-domaincertificatearn): String [EndpointDomainPrefix](#cfn-ec2-verifiedaccessendpoint-endpointdomainprefix): String [EndpointType](#cfn-ec2-verifiedaccessendpoint-endpointtype): String [LoadBalancerOptions](#cfn-ec2-verifiedaccessendpoint-loadbalanceroptions): LoadBalancerOptions [NetworkInterfaceOptions](#cfn-ec2-verifiedaccessendpoint-networkinterfaceoptions): NetworkInterfaceOptions [PolicyDocument](#cfn-ec2-verifiedaccessendpoint-policydocument): String [PolicyEnabled](#cfn-ec2-verifiedaccessendpoint-policyenabled): Boolean [RdsOptions](#cfn-ec2-verifiedaccessendpoint-rdsoptions): RdsOptions [SecurityGroupIds](#cfn-ec2-verifiedaccessendpoint-securitygroupids): - String [SseSpecification](#cfn-ec2-verifiedaccessendpoint-ssespecification): SseSpecification [Tags](#cfn-ec2-verifiedaccessendpoint-tags): - Tag [VerifiedAccessGroupId](#cfn-ec2-verifiedaccessendpoint-verifiedaccessgroupid): String ``` ## Properties `ApplicationDomain` The DNS name for users to reach your application. *Required*: No *Type*: String *Update requires*: [Replacement](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-cfn-updating-stacks-update-behaviors.html#update-replacement) `AttachmentType` The type of attachment used to provide connectivity between the AWS Verified Access endpoint and the application. *Required*: Yes *Type*: String *Allowed values*: `vpc` *Update requires*: [Replacement](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-cfn-updating-stacks-update-behaviors.html#update-replacement) `CidrOptions` The options for a CIDR endpoint. *Required*: No *Type*: [CidrOptions](aws-properties-ec2-verifiedaccessendpoint-cidroptions.md) *Update requires*: [No interruption](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-cfn-updating-stacks-update-behaviors.html#update-no-interrupt) `Description` A description for the AWS Verified Access endpoint. *Required*: No *Type*: String *Update requires*: [No interruption](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-cfn-updating-stacks-update-behaviors.html#update-no-interrupt) `DomainCertificateArn` The ARN of a public TLS/SSL certificate imported into or created with ACM. *Required*: No *Type*: String *Update requires*: [Replacement](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-cfn-updating-stacks-update-behaviors.html#update-replacement) `EndpointDomainPrefix` A custom identifier that is prepended to the DNS name that is generated for the endpoint. *Required*: No *Type*: String *Update requires*: [Replacement](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-cfn-updating-stacks-update-behaviors.html#update-replacement) `EndpointType` The type of AWS Verified Access endpoint. Incoming application requests will be sent to an IP address, load balancer or a network interface depending on the endpoint type specified. *Required*: Yes *Type*: String *Allowed values*: `load-balancer | network-interface | rds | cidr` *Update requires*: [Replacement](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-cfn-updating-stacks-update-behaviors.html#update-replacement) `LoadBalancerOptions` The load balancer details if creating the AWS Verified Access endpoint as `load-balancer`type. *Required*: No *Type*: [LoadBalancerOptions](aws-properties-ec2-verifiedaccessendpoint-loadbalanceroptions.md) *Update requires*: [No interruption](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-cfn-updating-stacks-update-behaviors.html#update-no-interrupt) `NetworkInterfaceOptions` The options for network-interface type endpoint. *Required*: No *Type*: [NetworkInterfaceOptions](aws-properties-ec2-verifiedaccessendpoint-networkinterfaceoptions.md) *Update requires*: [No interruption](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-cfn-updating-stacks-update-behaviors.html#update-no-interrupt) `PolicyDocument` The Verified Access policy document. *Required*: No *Type*: String *Update requires*: [No interruption](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-cfn-updating-stacks-update-behaviors.html#update-no-interrupt) `PolicyEnabled` The status of the Verified Access policy. *Required*: No *Type*: Boolean *Update requires*: [No interruption](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-cfn-updating-stacks-update-behaviors.html#update-no-interrupt) `RdsOptions` The options for an RDS endpoint. *Required*: No *Type*: [RdsOptions](aws-properties-ec2-verifiedaccessendpoint-rdsoptions.md) *Update requires*: [No interruption](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-cfn-updating-stacks-update-behaviors.html#update-no-interrupt) `SecurityGroupIds` The IDs of the security groups for the endpoint. *Required*: No *Type*: Array of String *Update requires*: [Replacement](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-cfn-updating-stacks-update-behaviors.html#update-replacement) `SseSpecification` The options for additional server side encryption. *Required*: No *Type*: [SseSpecification](aws-properties-ec2-verifiedaccessendpoint-ssespecification.md) *Update requires*: [No interruption](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-cfn-updating-stacks-update-behaviors.html#update-no-interrupt) `Tags` The tags. *Required*: No *Type*: Array of [Tag](aws-properties-ec2-verifiedaccessendpoint-tag.md) *Update requires*: [No interruption](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-cfn-updating-stacks-update-behaviors.html#update-no-interrupt) `VerifiedAccessGroupId` The ID of the AWS Verified Access group. *Required*: Yes *Type*: String *Update requires*: [No interruption](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-cfn-updating-stacks-update-behaviors.html#update-no-interrupt) ## Return values ### Ref When you pass the logical ID of this resource to the intrinsic `Ref` function, `Ref` returns the ID of the Verified Access endpoint. For more information about using the `Ref` function, see [https://docs.aws.amazon.com/AWSCloudFormation/latest/TemplateReference/intrinsic-function-reference-ref.html](https://docs.aws.amazon.com/AWSCloudFormation/latest/TemplateReference/intrinsic-function-reference-ref.html). ### Fn::GetAtt The `Fn::GetAtt` intrinsic function returns a value for a specified attribute of this type. The following are the available attributes and sample return values. For more information about using the `Fn::GetAtt` intrinsic function, see [https://docs.aws.amazon.com/AWSCloudFormation/latest/TemplateReference/intrinsic-function-reference-getatt.html](https://docs.aws.amazon.com/AWSCloudFormation/latest/TemplateReference/intrinsic-function-reference-getatt.html). #### `CreationTime` The creation time. `DeviceValidationDomain` Use this to construct the redirect URI to add to your OIDC provider's allow list. `EndpointDomain` The DNS name generated for the endpoint. `LastUpdatedTime` The last updated time. `Status` The endpoint status. `VerifiedAccessEndpointId` The ID of the Verified Access endpoint. `VerifiedAccessInstanceId` The instance identifier. # AWS::EC2::VerifiedAccessEndpoint CidrOptions Describes the CIDR options for a Verified Access endpoint. ## Syntax To declare this entity in your CloudFormation template, use the following syntax: ### JSON ``` { "[Cidr](#cfn-ec2-verifiedaccessendpoint-cidroptions-cidr)" : String, "[PortRanges](#cfn-ec2-verifiedaccessendpoint-cidroptions-portranges)" : [ PortRange, ... ], "[Protocol](#cfn-ec2-verifiedaccessendpoint-cidroptions-protocol)" : String, "[SubnetIds](#cfn-ec2-verifiedaccessendpoint-cidroptions-subnetids)" : [ String, ... ] } ``` ### YAML ``` [Cidr](#cfn-ec2-verifiedaccessendpoint-cidroptions-cidr): String [PortRanges](#cfn-ec2-verifiedaccessendpoint-cidroptions-portranges): - PortRange [Protocol](#cfn-ec2-verifiedaccessendpoint-cidroptions-protocol): String [SubnetIds](#cfn-ec2-verifiedaccessendpoint-cidroptions-subnetids): - String ``` ## Properties `Cidr` The CIDR. *Required*: No *Type*: String *Update requires*: [Replacement](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-cfn-updating-stacks-update-behaviors.html#update-replacement) `PortRanges` The port ranges. *Required*: No *Type*: Array of [PortRange](aws-properties-ec2-verifiedaccessendpoint-portrange.md) *Update requires*: [No interruption](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-cfn-updating-stacks-update-behaviors.html#update-no-interrupt) `Protocol` The protocol. *Required*: No *Type*: String *Allowed values*: `http | https | tcp` *Update requires*: [Replacement](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-cfn-updating-stacks-update-behaviors.html#update-replacement) `SubnetIds` The IDs of the subnets. *Required*: No *Type*: Array of String *Update requires*: [Replacement](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-cfn-updating-stacks-update-behaviors.html#update-replacement) # AWS::EC2::VerifiedAccessEndpoint LoadBalancerOptions Describes the load balancer options when creating an AWS Verified Access endpoint using the `load-balancer` type. ## Syntax To declare this entity in your CloudFormation template, use the following syntax: ### JSON ``` { "[LoadBalancerArn](#cfn-ec2-verifiedaccessendpoint-loadbalanceroptions-loadbalancerarn)" : String, "[Port](#cfn-ec2-verifiedaccessendpoint-loadbalanceroptions-port)" : Integer, "[PortRanges](#cfn-ec2-verifiedaccessendpoint-loadbalanceroptions-portranges)" : [ PortRange, ... ], "[Protocol](#cfn-ec2-verifiedaccessendpoint-loadbalanceroptions-protocol)" : String, "[SubnetIds](#cfn-ec2-verifiedaccessendpoint-loadbalanceroptions-subnetids)" : [ String, ... ] } ``` ### YAML ``` [LoadBalancerArn](#cfn-ec2-verifiedaccessendpoint-loadbalanceroptions-loadbalancerarn): String [Port](#cfn-ec2-verifiedaccessendpoint-loadbalanceroptions-port): Integer [PortRanges](#cfn-ec2-verifiedaccessendpoint-loadbalanceroptions-portranges): - PortRange [Protocol](#cfn-ec2-verifiedaccessendpoint-loadbalanceroptions-protocol): String [SubnetIds](#cfn-ec2-verifiedaccessendpoint-loadbalanceroptions-subnetids): - String ``` ## Properties `LoadBalancerArn` The ARN of the load balancer. *Required*: No *Type*: String *Update requires*: [Replacement](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-cfn-updating-stacks-update-behaviors.html#update-replacement) `Port` The IP port number. *Required*: No *Type*: Integer *Minimum*: `1` *Maximum*: `65535` *Update requires*: [No interruption](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-cfn-updating-stacks-update-behaviors.html#update-no-interrupt) `PortRanges` The port ranges. *Required*: No *Type*: Array of [PortRange](aws-properties-ec2-verifiedaccessendpoint-portrange.md) *Update requires*: [No interruption](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-cfn-updating-stacks-update-behaviors.html#update-no-interrupt) `Protocol` The IP protocol. *Required*: No *Type*: String *Allowed values*: `http | https | tcp` *Update requires*: [No interruption](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-cfn-updating-stacks-update-behaviors.html#update-no-interrupt) `SubnetIds` The IDs of the subnets. You can specify only one subnet per Availability Zone. *Required*: No *Type*: Array of String *Update requires*: [No interruption](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-cfn-updating-stacks-update-behaviors.html#update-no-interrupt) # AWS::EC2::VerifiedAccessEndpoint NetworkInterfaceOptions Describes the network interface options when creating an AWS Verified Access endpoint using the `network-interface` type. ## Syntax To declare this entity in your CloudFormation template, use the following syntax: ### JSON ``` { "[NetworkInterfaceId](#cfn-ec2-verifiedaccessendpoint-networkinterfaceoptions-networkinterfaceid)" : String, "[Port](#cfn-ec2-verifiedaccessendpoint-networkinterfaceoptions-port)" : Integer, "[PortRanges](#cfn-ec2-verifiedaccessendpoint-networkinterfaceoptions-portranges)" : [ PortRange, ... ], "[Protocol](#cfn-ec2-verifiedaccessendpoint-networkinterfaceoptions-protocol)" : String } ``` ### YAML ``` [NetworkInterfaceId](#cfn-ec2-verifiedaccessendpoint-networkinterfaceoptions-networkinterfaceid): String [Port](#cfn-ec2-verifiedaccessendpoint-networkinterfaceoptions-port): Integer [PortRanges](#cfn-ec2-verifiedaccessendpoint-networkinterfaceoptions-portranges): - PortRange [Protocol](#cfn-ec2-verifiedaccessendpoint-networkinterfaceoptions-protocol): String ``` ## Properties `NetworkInterfaceId` The ID of the network interface. *Required*: No *Type*: String *Update requires*: [Replacement](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-cfn-updating-stacks-update-behaviors.html#update-replacement) `Port` The IP port number. *Required*: No *Type*: Integer *Minimum*: `1` *Maximum*: `65535` *Update requires*: [No interruption](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-cfn-updating-stacks-update-behaviors.html#update-no-interrupt) `PortRanges` The port ranges. *Required*: No *Type*: Array of [PortRange](aws-properties-ec2-verifiedaccessendpoint-portrange.md) *Update requires*: [No interruption](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-cfn-updating-stacks-update-behaviors.html#update-no-interrupt) `Protocol` The IP protocol. *Required*: No *Type*: String *Allowed values*: `http | https | tcp` *Update requires*: [No interruption](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-cfn-updating-stacks-update-behaviors.html#update-no-interrupt) # AWS::EC2::VerifiedAccessEndpoint PortRange Describes the port range for a Verified Access endpoint. ## Syntax To declare this entity in your CloudFormation template, use the following syntax: ### JSON ``` { "[FromPort](#cfn-ec2-verifiedaccessendpoint-portrange-fromport)" : Integer, "[ToPort](#cfn-ec2-verifiedaccessendpoint-portrange-toport)" : Integer } ``` ### YAML ``` [FromPort](#cfn-ec2-verifiedaccessendpoint-portrange-fromport): Integer [ToPort](#cfn-ec2-verifiedaccessendpoint-portrange-toport): Integer ``` ## Properties `FromPort` The start of the port range. *Required*: No *Type*: Integer *Minimum*: `1` *Maximum*: `65535` *Update requires*: [No interruption](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-cfn-updating-stacks-update-behaviors.html#update-no-interrupt) `ToPort` The end of the port range. *Required*: No *Type*: Integer *Minimum*: `1` *Maximum*: `65535` *Update requires*: [No interruption](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-cfn-updating-stacks-update-behaviors.html#update-no-interrupt) # AWS::EC2::VerifiedAccessEndpoint RdsOptions Describes the RDS options for a Verified Access endpoint. ## Syntax To declare this entity in your CloudFormation template, use the following syntax: ### JSON ``` { "[Port](#cfn-ec2-verifiedaccessendpoint-rdsoptions-port)" : Integer, "[Protocol](#cfn-ec2-verifiedaccessendpoint-rdsoptions-protocol)" : String, "[RdsDbClusterArn](#cfn-ec2-verifiedaccessendpoint-rdsoptions-rdsdbclusterarn)" : String, "[RdsDbInstanceArn](#cfn-ec2-verifiedaccessendpoint-rdsoptions-rdsdbinstancearn)" : String, "[RdsDbProxyArn](#cfn-ec2-verifiedaccessendpoint-rdsoptions-rdsdbproxyarn)" : String, "[RdsEndpoint](#cfn-ec2-verifiedaccessendpoint-rdsoptions-rdsendpoint)" : String, "[SubnetIds](#cfn-ec2-verifiedaccessendpoint-rdsoptions-subnetids)" : [ String, ... ] } ``` ### YAML ``` [Port](#cfn-ec2-verifiedaccessendpoint-rdsoptions-port): Integer [Protocol](#cfn-ec2-verifiedaccessendpoint-rdsoptions-protocol): String [RdsDbClusterArn](#cfn-ec2-verifiedaccessendpoint-rdsoptions-rdsdbclusterarn): String [RdsDbInstanceArn](#cfn-ec2-verifiedaccessendpoint-rdsoptions-rdsdbinstancearn): String [RdsDbProxyArn](#cfn-ec2-verifiedaccessendpoint-rdsoptions-rdsdbproxyarn): String [RdsEndpoint](#cfn-ec2-verifiedaccessendpoint-rdsoptions-rdsendpoint): String [SubnetIds](#cfn-ec2-verifiedaccessendpoint-rdsoptions-subnetids): - String ``` ## Properties `Port` The port. *Required*: No *Type*: Integer *Minimum*: `1` *Maximum*: `65535` *Update requires*: [No interruption](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-cfn-updating-stacks-update-behaviors.html#update-no-interrupt) `Protocol` The protocol. *Required*: No *Type*: String *Allowed values*: `http | https | tcp` *Update requires*: [Replacement](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-cfn-updating-stacks-update-behaviors.html#update-replacement) `RdsDbClusterArn` The ARN of the DB cluster. *Required*: No *Type*: String *Update requires*: [Replacement](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-cfn-updating-stacks-update-behaviors.html#update-replacement) `RdsDbInstanceArn` The ARN of the RDS instance. *Required*: No *Type*: String *Update requires*: [Replacement](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-cfn-updating-stacks-update-behaviors.html#update-replacement) `RdsDbProxyArn` The ARN of the RDS proxy. *Required*: No *Type*: String *Update requires*: [Replacement](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-cfn-updating-stacks-update-behaviors.html#update-replacement) `RdsEndpoint` The RDS endpoint. *Required*: No *Type*: String *Update requires*: [No interruption](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-cfn-updating-stacks-update-behaviors.html#update-no-interrupt) `SubnetIds` The IDs of the subnets. You can specify only one subnet per Availability Zone. *Required*: No *Type*: Array of String *Update requires*: [No interruption](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-cfn-updating-stacks-update-behaviors.html#update-no-interrupt) # AWS::EC2::VerifiedAccessEndpoint SseSpecification AWS Verified Access provides server side encryption by default to data at rest using AWS-owned KMS keys. You also have the option of using customer managed KMS keys, which can be specified using the options below. ## Syntax To declare this entity in your CloudFormation template, use the following syntax: ### JSON ``` { "[CustomerManagedKeyEnabled](#cfn-ec2-verifiedaccessendpoint-ssespecification-customermanagedkeyenabled)" : Boolean, "[KmsKeyArn](#cfn-ec2-verifiedaccessendpoint-ssespecification-kmskeyarn)" : String } ``` ### YAML ``` [CustomerManagedKeyEnabled](#cfn-ec2-verifiedaccessendpoint-ssespecification-customermanagedkeyenabled): Boolean [KmsKeyArn](#cfn-ec2-verifiedaccessendpoint-ssespecification-kmskeyarn): String ``` ## Properties `CustomerManagedKeyEnabled` Enable or disable the use of customer managed KMS keys for server side encryption. Valid values: `True` \$1 `False` *Required*: No *Type*: Boolean *Update requires*: [No interruption](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-cfn-updating-stacks-update-behaviors.html#update-no-interrupt) `KmsKeyArn` The ARN of the KMS key. *Required*: No *Type*: String *Update requires*: [No interruption](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-cfn-updating-stacks-update-behaviors.html#update-no-interrupt) # AWS::EC2::VerifiedAccessEndpoint Tag Specifies a tag. For more information, see [Resource tags](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-resource-tags.html). ## Syntax To declare this entity in your CloudFormation template, use the following syntax: ### JSON ``` { "[Key](#cfn-ec2-verifiedaccessendpoint-tag-key)" : String, "[Value](#cfn-ec2-verifiedaccessendpoint-tag-value)" : String } ``` ### YAML ``` [Key](#cfn-ec2-verifiedaccessendpoint-tag-key): String [Value](#cfn-ec2-verifiedaccessendpoint-tag-value): String ``` ## Properties `Key` The tag key. *Required*: Yes *Type*: String *Minimum*: `1` *Maximum*: `128` *Update requires*: [No interruption](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-cfn-updating-stacks-update-behaviors.html#update-no-interrupt) `Value` The tag value. *Required*: Yes *Type*: String *Minimum*: `0` *Maximum*: `256` *Update requires*: [No interruption](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-cfn-updating-stacks-update-behaviors.html#update-no-interrupt) ## Examples ### This example specifies two tags for the Verified Access endpoint. #### JSON ``` "Tags" : [ { "Key" : "key1", "Value" : "value1" }, { "Key" : "key2", "Value" : "value2" } ] ``` #### YAML ``` Tags: - Key: "key1" Value: "value1" - Key: "key2" Value: "value2" ```