Class: AWSCDK::EC2::ClientVpnEndpointOptions
- Inherits:
-
Jsii::Struct
- Object
- Jsii::Struct
- AWSCDK::EC2::ClientVpnEndpointOptions
- Defined in:
- ec2/client_vpn_endpoint_options.rb
Overview
Options for a client VPN endpoint.
Direct Known Subclasses
Instance Attribute Summary collapse
-
#authorize_all_users_to_vpc_cidr ⇒ Boolean?
readonly
Whether to authorize all users to the VPC CIDR.
-
#cidr ⇒ String
readonly
The IPv4 address range, in CIDR notation, from which to assign client IP addresses.
-
#client_certificate_arn ⇒ String?
readonly
The ARN of the client certificate for mutual authentication.
-
#client_connection_handler ⇒ AWSCDK::EC2::IClientVpnConnectionHandler?
readonly
The AWS Lambda function used for connection authorization.
-
#client_login_banner ⇒ String?
readonly
Customizable text that will be displayed in a banner on AWS provided clients when a VPN session is established.
-
#client_route_enforcement_options ⇒ AWSCDK::EC2::ClientRouteEnforcementOptions?
readonly
Options for Client Route Enforcement.
-
#description ⇒ String?
readonly
A brief description of the Client VPN endpoint.
-
#disconnect_on_session_timeout ⇒ Boolean?
readonly
Indicates whether the client VPN session is disconnected after the maximum
sessionTimeoutis reached. -
#dns_servers ⇒ Array<String>?
readonly
Information about the DNS servers to be used for DNS resolution.
-
#log_group ⇒ AWSCDK::Interfaces::AWSLogs::ILogGroupRef?
readonly
A CloudWatch Logs log group for connection logging.
-
#log_stream ⇒ AWSCDK::Interfaces::AWSLogs::ILogStreamRef?
readonly
A CloudWatch Logs log stream for connection logging.
-
#logging ⇒ Boolean?
readonly
Whether to enable connections logging.
-
#port ⇒ AWSCDK::EC2::VpnPort?
readonly
The port number to assign to the Client VPN endpoint for TCP and UDP traffic.
-
#security_groups ⇒ Array<AWSCDK::EC2::ISecurityGroup>?
readonly
The security groups to apply to the target network.
-
#self_service_portal ⇒ Boolean?
readonly
Specify whether to enable the self-service portal for the Client VPN endpoint.
-
#server_certificate_arn ⇒ String
readonly
The ARN of the server certificate.
-
#session_timeout ⇒ AWSCDK::EC2::ClientVpnSessionTimeout?
readonly
The maximum VPN session duration time.
-
#split_tunnel ⇒ Boolean?
readonly
Indicates whether split-tunnel is enabled on the AWS Client VPN endpoint.
-
#transport_protocol ⇒ AWSCDK::EC2::TransportProtocol?
readonly
The transport protocol to be used by the VPN session.
-
#user_based_authentication ⇒ AWSCDK::EC2::ClientVpnUserBasedAuthentication?
readonly
The type of user-based authentication to use.
-
#vpc_subnets ⇒ AWSCDK::EC2::SubnetSelection?
readonly
Subnets to associate to the client VPN endpoint.
Class Method Summary collapse
Instance Method Summary collapse
-
#initialize(cidr:, server_certificate_arn:, authorize_all_users_to_vpc_cidr: nil, client_certificate_arn: nil, client_connection_handler: nil, client_login_banner: nil, client_route_enforcement_options: nil, description: nil, disconnect_on_session_timeout: nil, dns_servers: nil, logging: nil, log_group: nil, log_stream: nil, port: nil, security_groups: nil, self_service_portal: nil, session_timeout: nil, split_tunnel: nil, transport_protocol: nil, user_based_authentication: nil, vpc_subnets: nil) ⇒ ClientVpnEndpointOptions
constructor
A new instance of ClientVpnEndpointOptions.
- #to_jsii ⇒ Object
Constructor Details
#initialize(cidr:, server_certificate_arn:, authorize_all_users_to_vpc_cidr: nil, client_certificate_arn: nil, client_connection_handler: nil, client_login_banner: nil, client_route_enforcement_options: nil, description: nil, disconnect_on_session_timeout: nil, dns_servers: nil, logging: nil, log_group: nil, log_stream: nil, port: nil, security_groups: nil, self_service_portal: nil, session_timeout: nil, split_tunnel: nil, transport_protocol: nil, user_based_authentication: nil, vpc_subnets: nil) ⇒ ClientVpnEndpointOptions
Returns a new instance of ClientVpnEndpointOptions.
28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 |
# File 'ec2/client_vpn_endpoint_options.rb', line 28 def initialize(cidr:, server_certificate_arn:, authorize_all_users_to_vpc_cidr: nil, client_certificate_arn: nil, client_connection_handler: nil, client_login_banner: nil, client_route_enforcement_options: nil, description: nil, disconnect_on_session_timeout: nil, dns_servers: nil, logging: nil, log_group: nil, log_stream: nil, port: nil, security_groups: nil, self_service_portal: nil, session_timeout: nil, split_tunnel: nil, transport_protocol: nil, user_based_authentication: nil, vpc_subnets: nil) @cidr = cidr Jsii::Type.check_type(@cidr, JSON.parse(Base64.strict_decode64("eyJwcmltaXRpdmUiOiJzdHJpbmcifQ==")), "cidr") @server_certificate_arn = server_certificate_arn Jsii::Type.check_type(@server_certificate_arn, JSON.parse(Base64.strict_decode64("eyJwcmltaXRpdmUiOiJzdHJpbmcifQ==")), "serverCertificateArn") @authorize_all_users_to_vpc_cidr = Jsii::Type.check_type(@authorize_all_users_to_vpc_cidr, JSON.parse(Base64.strict_decode64("eyJwcmltaXRpdmUiOiJib29sZWFuIn0=")), "authorizeAllUsersToVpcCidr") unless @authorize_all_users_to_vpc_cidr.nil? @client_certificate_arn = client_certificate_arn Jsii::Type.check_type(@client_certificate_arn, JSON.parse(Base64.strict_decode64("eyJwcmltaXRpdmUiOiJzdHJpbmcifQ==")), "clientCertificateArn") unless @client_certificate_arn.nil? @client_connection_handler = client_connection_handler Jsii::Type.check_type(@client_connection_handler, JSON.parse(Base64.strict_decode64("eyJmcW4iOiJhd3MtY2RrLWxpYi5hd3NfZWMyLklDbGllbnRWcG5Db25uZWN0aW9uSGFuZGxlciJ9")), "clientConnectionHandler") unless @client_connection_handler.nil? @client_login_banner = Jsii::Type.check_type(@client_login_banner, JSON.parse(Base64.strict_decode64("eyJwcmltaXRpdmUiOiJzdHJpbmcifQ==")), "clientLoginBanner") unless @client_login_banner.nil? @client_route_enforcement_options = .is_a?(Hash) ? ::AWSCDK::EC2::ClientRouteEnforcementOptions.new(**.transform_keys(&:to_sym)) : Jsii::Type.check_type(@client_route_enforcement_options, JSON.parse(Base64.strict_decode64("eyJmcW4iOiJhd3MtY2RrLWxpYi5hd3NfZWMyLkNsaWVudFJvdXRlRW5mb3JjZW1lbnRPcHRpb25zIn0=")), "clientRouteEnforcementOptions") unless @client_route_enforcement_options.nil? @description = description Jsii::Type.check_type(@description, JSON.parse(Base64.strict_decode64("eyJwcmltaXRpdmUiOiJzdHJpbmcifQ==")), "description") unless @description.nil? @disconnect_on_session_timeout = disconnect_on_session_timeout Jsii::Type.check_type(@disconnect_on_session_timeout, JSON.parse(Base64.strict_decode64("eyJwcmltaXRpdmUiOiJib29sZWFuIn0=")), "disconnectOnSessionTimeout") unless @disconnect_on_session_timeout.nil? @dns_servers = dns_servers Jsii::Type.check_type(@dns_servers, JSON.parse(Base64.strict_decode64("eyJjb2xsZWN0aW9uIjp7ImVsZW1lbnR0eXBlIjp7InByaW1pdGl2ZSI6InN0cmluZyJ9LCJraW5kIjoiYXJyYXkifX0=")), "dnsServers") unless @dns_servers.nil? @logging = logging Jsii::Type.check_type(@logging, JSON.parse(Base64.strict_decode64("eyJwcmltaXRpdmUiOiJib29sZWFuIn0=")), "logging") unless @logging.nil? @log_group = log_group Jsii::Type.check_type(@log_group, JSON.parse(Base64.strict_decode64("eyJmcW4iOiJhd3MtY2RrLWxpYi5pbnRlcmZhY2VzLmF3c19sb2dzLklMb2dHcm91cFJlZiJ9")), "logGroup") unless @log_group.nil? @log_stream = log_stream Jsii::Type.check_type(@log_stream, JSON.parse(Base64.strict_decode64("eyJmcW4iOiJhd3MtY2RrLWxpYi5pbnRlcmZhY2VzLmF3c19sb2dzLklMb2dTdHJlYW1SZWYifQ==")), "logStream") unless @log_stream.nil? @port = port Jsii::Type.check_type(@port, JSON.parse(Base64.strict_decode64("eyJmcW4iOiJhd3MtY2RrLWxpYi5hd3NfZWMyLlZwblBvcnQifQ==")), "port") unless @port.nil? @security_groups = security_groups Jsii::Type.check_type(@security_groups, JSON.parse(Base64.strict_decode64("eyJjb2xsZWN0aW9uIjp7ImVsZW1lbnR0eXBlIjp7ImZxbiI6ImF3cy1jZGstbGliLmF3c19lYzIuSVNlY3VyaXR5R3JvdXAifSwia2luZCI6ImFycmF5In19")), "securityGroups") unless @security_groups.nil? @self_service_portal = self_service_portal Jsii::Type.check_type(@self_service_portal, JSON.parse(Base64.strict_decode64("eyJwcmltaXRpdmUiOiJib29sZWFuIn0=")), "selfServicePortal") unless @self_service_portal.nil? @session_timeout = session_timeout Jsii::Type.check_type(@session_timeout, JSON.parse(Base64.strict_decode64("eyJmcW4iOiJhd3MtY2RrLWxpYi5hd3NfZWMyLkNsaWVudFZwblNlc3Npb25UaW1lb3V0In0=")), "sessionTimeout") unless @session_timeout.nil? @split_tunnel = split_tunnel Jsii::Type.check_type(@split_tunnel, JSON.parse(Base64.strict_decode64("eyJwcmltaXRpdmUiOiJib29sZWFuIn0=")), "splitTunnel") unless @split_tunnel.nil? @transport_protocol = transport_protocol Jsii::Type.check_type(@transport_protocol, JSON.parse(Base64.strict_decode64("eyJmcW4iOiJhd3MtY2RrLWxpYi5hd3NfZWMyLlRyYW5zcG9ydFByb3RvY29sIn0=")), "transportProtocol") unless @transport_protocol.nil? @user_based_authentication = user_based_authentication Jsii::Type.check_type(@user_based_authentication, JSON.parse(Base64.strict_decode64("eyJmcW4iOiJhd3MtY2RrLWxpYi5hd3NfZWMyLkNsaWVudFZwblVzZXJCYXNlZEF1dGhlbnRpY2F0aW9uIn0=")), "userBasedAuthentication") unless @user_based_authentication.nil? @vpc_subnets = vpc_subnets.is_a?(Hash) ? ::AWSCDK::EC2::SubnetSelection.new(**vpc_subnets.transform_keys(&:to_sym)) : vpc_subnets Jsii::Type.check_type(@vpc_subnets, JSON.parse(Base64.strict_decode64("eyJmcW4iOiJhd3MtY2RrLWxpYi5hd3NfZWMyLlN1Ym5ldFNlbGVjdGlvbiJ9")), "vpcSubnets") unless @vpc_subnets.nil? end |
Instance Attribute Details
#authorize_all_users_to_vpc_cidr ⇒ Boolean? (readonly)
Default: true
Whether to authorize all users to the VPC CIDR.
This automatically creates an authorization rule. Set this to false and
use add_authorization_rule() to create your own rules instead.
95 96 97 |
# File 'ec2/client_vpn_endpoint_options.rb', line 95 def @authorize_all_users_to_vpc_cidr end |
#cidr ⇒ String (readonly)
The IPv4 address range, in CIDR notation, from which to assign client IP addresses.
The address range cannot overlap with the local CIDR of the VPC in which the associated subnet is located, or the routes that you add manually.
Changing the address range will replace the Client VPN endpoint.
The CIDR block should be /22 or greater.
83 84 85 |
# File 'ec2/client_vpn_endpoint_options.rb', line 83 def cidr @cidr end |
#client_certificate_arn ⇒ String? (readonly)
Default: - use user-based authentication
The ARN of the client certificate for mutual authentication.
The certificate must be signed by a certificate authority (CA) and it must be provisioned in AWS Certificate Manager (ACM).
103 104 105 |
# File 'ec2/client_vpn_endpoint_options.rb', line 103 def client_certificate_arn @client_certificate_arn end |
#client_connection_handler ⇒ AWSCDK::EC2::IClientVpnConnectionHandler? (readonly)
Default: - no connection handler
The AWS Lambda function used for connection authorization.
The name of the Lambda function must begin with the AWSClientVPN- prefix
110 111 112 |
# File 'ec2/client_vpn_endpoint_options.rb', line 110 def client_connection_handler @client_connection_handler end |
#client_login_banner ⇒ String? (readonly)
Default: - no banner is presented to the client
Customizable text that will be displayed in a banner on AWS provided clients when a VPN session is established.
UTF-8 encoded characters only. Maximum of 1400 characters.
117 118 119 |
# File 'ec2/client_vpn_endpoint_options.rb', line 117 def @client_login_banner end |
#client_route_enforcement_options ⇒ AWSCDK::EC2::ClientRouteEnforcementOptions? (readonly)
Default: undefined - AWS Client VPN default setting is disable client route enforcement
Options for Client Route Enforcement.
Client Route Enforcement is a feature of Client VPN that helps enforce administrator defined routes on devices connected through the VPN. This feature helps improve your security posture by ensuring that network traffic originating from a connected client is not inadvertently sent outside the VPN tunnel.
126 127 128 |
# File 'ec2/client_vpn_endpoint_options.rb', line 126 def @client_route_enforcement_options end |
#description ⇒ String? (readonly)
Default: - no description
A brief description of the Client VPN endpoint.
131 132 133 |
# File 'ec2/client_vpn_endpoint_options.rb', line 131 def description @description end |
#disconnect_on_session_timeout ⇒ Boolean? (readonly)
Default: undefined - AWS Client VPN default is true
Indicates whether the client VPN session is disconnected after the maximum sessionTimeout is reached.
If true, users are prompted to reconnect client VPN.
If false, client VPN attempts to reconnect automatically.
140 141 142 |
# File 'ec2/client_vpn_endpoint_options.rb', line 140 def disconnect_on_session_timeout @disconnect_on_session_timeout end |
#dns_servers ⇒ Array<String>? (readonly)
Default: - use the DNS address configured on the device
Information about the DNS servers to be used for DNS resolution.
A Client VPN endpoint can have up to two DNS servers.
147 148 149 |
# File 'ec2/client_vpn_endpoint_options.rb', line 147 def dns_servers @dns_servers end |
#log_group ⇒ AWSCDK::Interfaces::AWSLogs::ILogGroupRef? (readonly)
Default: - a new group is created
A CloudWatch Logs log group for connection logging.
157 158 159 |
# File 'ec2/client_vpn_endpoint_options.rb', line 157 def log_group @log_group end |
#log_stream ⇒ AWSCDK::Interfaces::AWSLogs::ILogStreamRef? (readonly)
Default: - a new stream is created
A CloudWatch Logs log stream for connection logging.
162 163 164 |
# File 'ec2/client_vpn_endpoint_options.rb', line 162 def log_stream @log_stream end |
#logging ⇒ Boolean? (readonly)
Default: true
Whether to enable connections logging.
152 153 154 |
# File 'ec2/client_vpn_endpoint_options.rb', line 152 def logging @logging end |
#port ⇒ AWSCDK::EC2::VpnPort? (readonly)
Default: VpnPort.HTTPS
The port number to assign to the Client VPN endpoint for TCP and UDP traffic.
167 168 169 |
# File 'ec2/client_vpn_endpoint_options.rb', line 167 def port @port end |
#security_groups ⇒ Array<AWSCDK::EC2::ISecurityGroup>? (readonly)
Default: - a new security group is created
The security groups to apply to the target network.
172 173 174 |
# File 'ec2/client_vpn_endpoint_options.rb', line 172 def security_groups @security_groups end |
#self_service_portal ⇒ Boolean? (readonly)
Default: true
Specify whether to enable the self-service portal for the Client VPN endpoint.
177 178 179 |
# File 'ec2/client_vpn_endpoint_options.rb', line 177 def self_service_portal @self_service_portal end |
#server_certificate_arn ⇒ String (readonly)
The ARN of the server certificate.
87 88 89 |
# File 'ec2/client_vpn_endpoint_options.rb', line 87 def server_certificate_arn @server_certificate_arn end |
#session_timeout ⇒ AWSCDK::EC2::ClientVpnSessionTimeout? (readonly)
Default: ClientVpnSessionTimeout.TWENTY_FOUR_HOURS
The maximum VPN session duration time.
182 183 184 |
# File 'ec2/client_vpn_endpoint_options.rb', line 182 def session_timeout @session_timeout end |
#split_tunnel ⇒ Boolean? (readonly)
Default: false
Indicates whether split-tunnel is enabled on the AWS Client VPN endpoint.
188 189 190 |
# File 'ec2/client_vpn_endpoint_options.rb', line 188 def split_tunnel @split_tunnel end |
#transport_protocol ⇒ AWSCDK::EC2::TransportProtocol? (readonly)
Default: TransportProtocol.UDP
The transport protocol to be used by the VPN session.
193 194 195 |
# File 'ec2/client_vpn_endpoint_options.rb', line 193 def transport_protocol @transport_protocol end |
#user_based_authentication ⇒ AWSCDK::EC2::ClientVpnUserBasedAuthentication? (readonly)
Default: - use mutual authentication
The type of user-based authentication to use.
199 200 201 |
# File 'ec2/client_vpn_endpoint_options.rb', line 199 def user_based_authentication @user_based_authentication end |
#vpc_subnets ⇒ AWSCDK::EC2::SubnetSelection? (readonly)
Default: - the VPC default strategy
Subnets to associate to the client VPN endpoint.
204 205 206 |
# File 'ec2/client_vpn_endpoint_options.rb', line 204 def vpc_subnets @vpc_subnets end |
Class Method Details
.jsii_properties ⇒ Object
206 207 208 209 210 211 212 213 214 215 216 217 218 219 220 221 222 223 224 225 226 227 228 229 230 |
# File 'ec2/client_vpn_endpoint_options.rb', line 206 def self.jsii_properties { :cidr => "cidr", :server_certificate_arn => "serverCertificateArn", :authorize_all_users_to_vpc_cidr => "authorizeAllUsersToVpcCidr", :client_certificate_arn => "clientCertificateArn", :client_connection_handler => "clientConnectionHandler", :client_login_banner => "clientLoginBanner", :client_route_enforcement_options => "clientRouteEnforcementOptions", :description => "description", :disconnect_on_session_timeout => "disconnectOnSessionTimeout", :dns_servers => "dnsServers", :logging => "logging", :log_group => "logGroup", :log_stream => "logStream", :port => "port", :security_groups => "securityGroups", :self_service_portal => "selfServicePortal", :session_timeout => "sessionTimeout", :split_tunnel => "splitTunnel", :transport_protocol => "transportProtocol", :user_based_authentication => "userBasedAuthentication", :vpc_subnets => "vpcSubnets", } end |
Instance Method Details
#to_jsii ⇒ Object
232 233 234 235 236 237 238 239 240 241 242 243 244 245 246 247 248 249 250 251 252 253 254 255 256 257 258 |
# File 'ec2/client_vpn_endpoint_options.rb', line 232 def to_jsii result = {} result.merge!({ "cidr" => @cidr, "serverCertificateArn" => @server_certificate_arn, "authorizeAllUsersToVpcCidr" => @authorize_all_users_to_vpc_cidr, "clientCertificateArn" => @client_certificate_arn, "clientConnectionHandler" => @client_connection_handler, "clientLoginBanner" => @client_login_banner, "clientRouteEnforcementOptions" => @client_route_enforcement_options, "description" => @description, "disconnectOnSessionTimeout" => @disconnect_on_session_timeout, "dnsServers" => @dns_servers, "logging" => @logging, "logGroup" => @log_group, "logStream" => @log_stream, "port" => @port, "securityGroups" => @security_groups, "selfServicePortal" => @self_service_portal, "sessionTimeout" => @session_timeout, "splitTunnel" => @split_tunnel, "transportProtocol" => @transport_protocol, "userBasedAuthentication" => @user_based_authentication, "vpcSubnets" => @vpc_subnets, }) result.compact end |