Class: AWSCDK::EC2::ClientVpnEndpointProps

Inherits:
ClientVpnEndpointOptions
  • Object
show all
Defined in:
ec2/client_vpn_endpoint_props.rb

Overview

Properties for a client VPN endpoint.

Instance Attribute Summary collapse

Class Method Summary collapse

Instance Method Summary collapse

Constructor Details

#initialize(cidr:, server_certificate_arn:, authorize_all_users_to_vpc_cidr: nil, client_certificate_arn: nil, client_connection_handler: nil, client_login_banner: nil, client_route_enforcement_options: nil, description: nil, disconnect_on_session_timeout: nil, dns_servers: nil, logging: nil, log_group: nil, log_stream: nil, port: nil, security_groups: nil, self_service_portal: nil, session_timeout: nil, split_tunnel: nil, transport_protocol: nil, user_based_authentication: nil, vpc_subnets: nil, vpc:) ⇒ ClientVpnEndpointProps

Returns a new instance of ClientVpnEndpointProps.

Parameters:

  • cidr (String)

    The IPv4 address range, in CIDR notation, from which to assign client IP addresses.

  • server_certificate_arn (String)

    The ARN of the server certificate.

  • authorize_all_users_to_vpc_cidr (Boolean, nil) (defaults to: nil)

    Whether to authorize all users to the VPC CIDR.

  • client_certificate_arn (String, nil) (defaults to: nil)

    The ARN of the client certificate for mutual authentication.

  • client_connection_handler (AWSCDK::EC2::IClientVpnConnectionHandler, nil) (defaults to: nil)

    The AWS Lambda function used for connection authorization.

  • client_login_banner (String, nil) (defaults to: nil)

    Customizable text that will be displayed in a banner on AWS provided clients when a VPN session is established.

  • client_route_enforcement_options (AWSCDK::EC2::ClientRouteEnforcementOptions, nil) (defaults to: nil)

    Options for Client Route Enforcement.

  • description (String, nil) (defaults to: nil)

    A brief description of the Client VPN endpoint.

  • disconnect_on_session_timeout (Boolean, nil) (defaults to: nil)

    Indicates whether the client VPN session is disconnected after the maximum sessionTimeout is reached.

  • dns_servers (Array<String>, nil) (defaults to: nil)

    Information about the DNS servers to be used for DNS resolution.

  • logging (Boolean, nil) (defaults to: nil)

    Whether to enable connections logging.

  • log_group (AWSCDK::Interfaces::AWSLogs::ILogGroupRef, nil) (defaults to: nil)

    A CloudWatch Logs log group for connection logging.

  • log_stream (AWSCDK::Interfaces::AWSLogs::ILogStreamRef, nil) (defaults to: nil)

    A CloudWatch Logs log stream for connection logging.

  • port (AWSCDK::EC2::VpnPort, nil) (defaults to: nil)

    The port number to assign to the Client VPN endpoint for TCP and UDP traffic.

  • security_groups (Array<AWSCDK::EC2::ISecurityGroup>, nil) (defaults to: nil)

    The security groups to apply to the target network.

  • self_service_portal (Boolean, nil) (defaults to: nil)

    Specify whether to enable the self-service portal for the Client VPN endpoint.

  • session_timeout (AWSCDK::EC2::ClientVpnSessionTimeout, nil) (defaults to: nil)

    The maximum VPN session duration time.

  • split_tunnel (Boolean, nil) (defaults to: nil)

    Indicates whether split-tunnel is enabled on the AWS Client VPN endpoint.

  • transport_protocol (AWSCDK::EC2::TransportProtocol, nil) (defaults to: nil)

    The transport protocol to be used by the VPN session.

  • user_based_authentication (AWSCDK::EC2::ClientVpnUserBasedAuthentication, nil) (defaults to: nil)

    The type of user-based authentication to use.

  • vpc_subnets (AWSCDK::EC2::SubnetSelection, nil) (defaults to: nil)

    Subnets to associate to the client VPN endpoint.

  • vpc (AWSCDK::EC2::IVPC)

    The VPC to connect to.



29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
# File 'ec2/client_vpn_endpoint_props.rb', line 29

def initialize(cidr:, server_certificate_arn:, authorize_all_users_to_vpc_cidr: nil, client_certificate_arn: nil, client_connection_handler: nil, client_login_banner: nil, client_route_enforcement_options: nil, description: nil, disconnect_on_session_timeout: nil, dns_servers: nil, logging: nil, log_group: nil, log_stream: nil, port: nil, security_groups: nil, self_service_portal: nil, session_timeout: nil, split_tunnel: nil, transport_protocol: nil, user_based_authentication: nil, vpc_subnets: nil, vpc:)
  @cidr = cidr
  Jsii::Type.check_type(@cidr, JSON.parse(Base64.strict_decode64("eyJwcmltaXRpdmUiOiJzdHJpbmcifQ==")), "cidr")
  @server_certificate_arn = server_certificate_arn
  Jsii::Type.check_type(@server_certificate_arn, JSON.parse(Base64.strict_decode64("eyJwcmltaXRpdmUiOiJzdHJpbmcifQ==")), "serverCertificateArn")
  @authorize_all_users_to_vpc_cidr = authorize_all_users_to_vpc_cidr
  Jsii::Type.check_type(@authorize_all_users_to_vpc_cidr, JSON.parse(Base64.strict_decode64("eyJwcmltaXRpdmUiOiJib29sZWFuIn0=")), "authorizeAllUsersToVpcCidr") unless @authorize_all_users_to_vpc_cidr.nil?
  @client_certificate_arn = client_certificate_arn
  Jsii::Type.check_type(@client_certificate_arn, JSON.parse(Base64.strict_decode64("eyJwcmltaXRpdmUiOiJzdHJpbmcifQ==")), "clientCertificateArn") unless @client_certificate_arn.nil?
  @client_connection_handler = client_connection_handler
  Jsii::Type.check_type(@client_connection_handler, JSON.parse(Base64.strict_decode64("eyJmcW4iOiJhd3MtY2RrLWxpYi5hd3NfZWMyLklDbGllbnRWcG5Db25uZWN0aW9uSGFuZGxlciJ9")), "clientConnectionHandler") unless @client_connection_handler.nil?
  @client_login_banner = 
  Jsii::Type.check_type(@client_login_banner, JSON.parse(Base64.strict_decode64("eyJwcmltaXRpdmUiOiJzdHJpbmcifQ==")), "clientLoginBanner") unless @client_login_banner.nil?
  @client_route_enforcement_options = client_route_enforcement_options.is_a?(Hash) ? ::AWSCDK::EC2::ClientRouteEnforcementOptions.new(**client_route_enforcement_options.transform_keys(&:to_sym)) : client_route_enforcement_options
  Jsii::Type.check_type(@client_route_enforcement_options, JSON.parse(Base64.strict_decode64("eyJmcW4iOiJhd3MtY2RrLWxpYi5hd3NfZWMyLkNsaWVudFJvdXRlRW5mb3JjZW1lbnRPcHRpb25zIn0=")), "clientRouteEnforcementOptions") unless @client_route_enforcement_options.nil?
  @description = description
  Jsii::Type.check_type(@description, JSON.parse(Base64.strict_decode64("eyJwcmltaXRpdmUiOiJzdHJpbmcifQ==")), "description") unless @description.nil?
  @disconnect_on_session_timeout = disconnect_on_session_timeout
  Jsii::Type.check_type(@disconnect_on_session_timeout, JSON.parse(Base64.strict_decode64("eyJwcmltaXRpdmUiOiJib29sZWFuIn0=")), "disconnectOnSessionTimeout") unless @disconnect_on_session_timeout.nil?
  @dns_servers = dns_servers
  Jsii::Type.check_type(@dns_servers, JSON.parse(Base64.strict_decode64("eyJjb2xsZWN0aW9uIjp7ImVsZW1lbnR0eXBlIjp7InByaW1pdGl2ZSI6InN0cmluZyJ9LCJraW5kIjoiYXJyYXkifX0=")), "dnsServers") unless @dns_servers.nil?
  @logging = logging
  Jsii::Type.check_type(@logging, JSON.parse(Base64.strict_decode64("eyJwcmltaXRpdmUiOiJib29sZWFuIn0=")), "logging") unless @logging.nil?
  @log_group = log_group
  Jsii::Type.check_type(@log_group, JSON.parse(Base64.strict_decode64("eyJmcW4iOiJhd3MtY2RrLWxpYi5pbnRlcmZhY2VzLmF3c19sb2dzLklMb2dHcm91cFJlZiJ9")), "logGroup") unless @log_group.nil?
  @log_stream = log_stream
  Jsii::Type.check_type(@log_stream, JSON.parse(Base64.strict_decode64("eyJmcW4iOiJhd3MtY2RrLWxpYi5pbnRlcmZhY2VzLmF3c19sb2dzLklMb2dTdHJlYW1SZWYifQ==")), "logStream") unless @log_stream.nil?
  @port = port
  Jsii::Type.check_type(@port, JSON.parse(Base64.strict_decode64("eyJmcW4iOiJhd3MtY2RrLWxpYi5hd3NfZWMyLlZwblBvcnQifQ==")), "port") unless @port.nil?
  @security_groups = security_groups
  Jsii::Type.check_type(@security_groups, JSON.parse(Base64.strict_decode64("eyJjb2xsZWN0aW9uIjp7ImVsZW1lbnR0eXBlIjp7ImZxbiI6ImF3cy1jZGstbGliLmF3c19lYzIuSVNlY3VyaXR5R3JvdXAifSwia2luZCI6ImFycmF5In19")), "securityGroups") unless @security_groups.nil?
  @self_service_portal = self_service_portal
  Jsii::Type.check_type(@self_service_portal, JSON.parse(Base64.strict_decode64("eyJwcmltaXRpdmUiOiJib29sZWFuIn0=")), "selfServicePortal") unless @self_service_portal.nil?
  @session_timeout = session_timeout
  Jsii::Type.check_type(@session_timeout, JSON.parse(Base64.strict_decode64("eyJmcW4iOiJhd3MtY2RrLWxpYi5hd3NfZWMyLkNsaWVudFZwblNlc3Npb25UaW1lb3V0In0=")), "sessionTimeout") unless @session_timeout.nil?
  @split_tunnel = split_tunnel
  Jsii::Type.check_type(@split_tunnel, JSON.parse(Base64.strict_decode64("eyJwcmltaXRpdmUiOiJib29sZWFuIn0=")), "splitTunnel") unless @split_tunnel.nil?
  @transport_protocol = transport_protocol
  Jsii::Type.check_type(@transport_protocol, JSON.parse(Base64.strict_decode64("eyJmcW4iOiJhd3MtY2RrLWxpYi5hd3NfZWMyLlRyYW5zcG9ydFByb3RvY29sIn0=")), "transportProtocol") unless @transport_protocol.nil?
  @user_based_authentication = user_based_authentication
  Jsii::Type.check_type(@user_based_authentication, JSON.parse(Base64.strict_decode64("eyJmcW4iOiJhd3MtY2RrLWxpYi5hd3NfZWMyLkNsaWVudFZwblVzZXJCYXNlZEF1dGhlbnRpY2F0aW9uIn0=")), "userBasedAuthentication") unless @user_based_authentication.nil?
  @vpc_subnets = vpc_subnets.is_a?(Hash) ? ::AWSCDK::EC2::SubnetSelection.new(**vpc_subnets.transform_keys(&:to_sym)) : vpc_subnets
  Jsii::Type.check_type(@vpc_subnets, JSON.parse(Base64.strict_decode64("eyJmcW4iOiJhd3MtY2RrLWxpYi5hd3NfZWMyLlN1Ym5ldFNlbGVjdGlvbiJ9")), "vpcSubnets") unless @vpc_subnets.nil?
  @vpc = vpc
  Jsii::Type.check_type(@vpc, JSON.parse(Base64.strict_decode64("eyJmcW4iOiJhd3MtY2RrLWxpYi5hd3NfZWMyLklWcGMifQ==")), "vpc")
end

Instance Attribute Details

#authorize_all_users_to_vpc_cidrBoolean? (readonly)

Note:

Default: true

Whether to authorize all users to the VPC CIDR.

This automatically creates an authorization rule. Set this to false and use add_authorization_rule() to create your own rules instead.

Returns:

  • (Boolean, nil)


98
99
100
# File 'ec2/client_vpn_endpoint_props.rb', line 98

def authorize_all_users_to_vpc_cidr
  @authorize_all_users_to_vpc_cidr
end

#cidrString (readonly)

The IPv4 address range, in CIDR notation, from which to assign client IP addresses.

The address range cannot overlap with the local CIDR of the VPC in which the associated subnet is located, or the routes that you add manually.

Changing the address range will replace the Client VPN endpoint.

The CIDR block should be /22 or greater.

Returns:

  • (String)


86
87
88
# File 'ec2/client_vpn_endpoint_props.rb', line 86

def cidr
  @cidr
end

#client_certificate_arnString? (readonly)

Note:

Default: - use user-based authentication

The ARN of the client certificate for mutual authentication.

The certificate must be signed by a certificate authority (CA) and it must be provisioned in AWS Certificate Manager (ACM).

Returns:

  • (String, nil)


106
107
108
# File 'ec2/client_vpn_endpoint_props.rb', line 106

def client_certificate_arn
  @client_certificate_arn
end

#client_connection_handlerAWSCDK::EC2::IClientVpnConnectionHandler? (readonly)

Note:

Default: - no connection handler

The AWS Lambda function used for connection authorization.

The name of the Lambda function must begin with the AWSClientVPN- prefix



113
114
115
# File 'ec2/client_vpn_endpoint_props.rb', line 113

def client_connection_handler
  @client_connection_handler
end

#client_login_bannerString? (readonly)

Note:

Default: - no banner is presented to the client

Customizable text that will be displayed in a banner on AWS provided clients when a VPN session is established.

UTF-8 encoded characters only. Maximum of 1400 characters.

Returns:

  • (String, nil)


120
121
122
# File 'ec2/client_vpn_endpoint_props.rb', line 120

def 
  @client_login_banner
end

#client_route_enforcement_optionsAWSCDK::EC2::ClientRouteEnforcementOptions? (readonly)

Note:

Default: undefined - AWS Client VPN default setting is disable client route enforcement

Options for Client Route Enforcement.

Client Route Enforcement is a feature of Client VPN that helps enforce administrator defined routes on devices connected through the VPN. This feature helps improve your security posture by ensuring that network traffic originating from a connected client is not inadvertently sent outside the VPN tunnel.



129
130
131
# File 'ec2/client_vpn_endpoint_props.rb', line 129

def client_route_enforcement_options
  @client_route_enforcement_options
end

#descriptionString? (readonly)

Note:

Default: - no description

A brief description of the Client VPN endpoint.

Returns:

  • (String, nil)


134
135
136
# File 'ec2/client_vpn_endpoint_props.rb', line 134

def description
  @description
end

#disconnect_on_session_timeoutBoolean? (readonly)

Note:

Default: undefined - AWS Client VPN default is true

Indicates whether the client VPN session is disconnected after the maximum sessionTimeout is reached.

If true, users are prompted to reconnect client VPN. If false, client VPN attempts to reconnect automatically.



143
144
145
# File 'ec2/client_vpn_endpoint_props.rb', line 143

def disconnect_on_session_timeout
  @disconnect_on_session_timeout
end

#dns_serversArray<String>? (readonly)

Note:

Default: - use the DNS address configured on the device

Information about the DNS servers to be used for DNS resolution.

A Client VPN endpoint can have up to two DNS servers.

Returns:

  • (Array<String>, nil)


150
151
152
# File 'ec2/client_vpn_endpoint_props.rb', line 150

def dns_servers
  @dns_servers
end

#log_groupAWSCDK::Interfaces::AWSLogs::ILogGroupRef? (readonly)

Note:

Default: - a new group is created

A CloudWatch Logs log group for connection logging.



160
161
162
# File 'ec2/client_vpn_endpoint_props.rb', line 160

def log_group
  @log_group
end

#log_streamAWSCDK::Interfaces::AWSLogs::ILogStreamRef? (readonly)

Note:

Default: - a new stream is created

A CloudWatch Logs log stream for connection logging.



165
166
167
# File 'ec2/client_vpn_endpoint_props.rb', line 165

def log_stream
  @log_stream
end

#loggingBoolean? (readonly)

Note:

Default: true

Whether to enable connections logging.

Returns:

  • (Boolean, nil)


155
156
157
# File 'ec2/client_vpn_endpoint_props.rb', line 155

def logging
  @logging
end

#portAWSCDK::EC2::VpnPort? (readonly)

Note:

Default: VpnPort.HTTPS

The port number to assign to the Client VPN endpoint for TCP and UDP traffic.

Returns:



170
171
172
# File 'ec2/client_vpn_endpoint_props.rb', line 170

def port
  @port
end

#security_groupsArray<AWSCDK::EC2::ISecurityGroup>? (readonly)

Note:

Default: - a new security group is created

The security groups to apply to the target network.

Returns:



175
176
177
# File 'ec2/client_vpn_endpoint_props.rb', line 175

def security_groups
  @security_groups
end

#self_service_portalBoolean? (readonly)

Note:

Default: true

Specify whether to enable the self-service portal for the Client VPN endpoint.

Returns:

  • (Boolean, nil)


180
181
182
# File 'ec2/client_vpn_endpoint_props.rb', line 180

def self_service_portal
  @self_service_portal
end

#server_certificate_arnString (readonly)

The ARN of the server certificate.

Returns:

  • (String)


90
91
92
# File 'ec2/client_vpn_endpoint_props.rb', line 90

def server_certificate_arn
  @server_certificate_arn
end

#session_timeoutAWSCDK::EC2::ClientVpnSessionTimeout? (readonly)

Note:

Default: ClientVpnSessionTimeout.TWENTY_FOUR_HOURS

The maximum VPN session duration time.



185
186
187
# File 'ec2/client_vpn_endpoint_props.rb', line 185

def session_timeout
  @session_timeout
end

#split_tunnelBoolean? (readonly)

Note:

Default: false

Indicates whether split-tunnel is enabled on the AWS Client VPN endpoint.



191
192
193
# File 'ec2/client_vpn_endpoint_props.rb', line 191

def split_tunnel
  @split_tunnel
end

#transport_protocolAWSCDK::EC2::TransportProtocol? (readonly)

Note:

Default: TransportProtocol.UDP

The transport protocol to be used by the VPN session.



196
197
198
# File 'ec2/client_vpn_endpoint_props.rb', line 196

def transport_protocol
  @transport_protocol
end

#user_based_authenticationAWSCDK::EC2::ClientVpnUserBasedAuthentication? (readonly)

Note:

Default: - use mutual authentication

The type of user-based authentication to use.



202
203
204
# File 'ec2/client_vpn_endpoint_props.rb', line 202

def user_based_authentication
  @user_based_authentication
end

#vpcAWSCDK::EC2::IVPC (readonly)

The VPC to connect to.

Returns:



211
212
213
# File 'ec2/client_vpn_endpoint_props.rb', line 211

def vpc
  @vpc
end

#vpc_subnetsAWSCDK::EC2::SubnetSelection? (readonly)

Note:

Default: - the VPC default strategy

Subnets to associate to the client VPN endpoint.



207
208
209
# File 'ec2/client_vpn_endpoint_props.rb', line 207

def vpc_subnets
  @vpc_subnets
end

Class Method Details

.jsii_propertiesObject



213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
# File 'ec2/client_vpn_endpoint_props.rb', line 213

def self.jsii_properties
  {
    :cidr => "cidr",
    :server_certificate_arn => "serverCertificateArn",
    :authorize_all_users_to_vpc_cidr => "authorizeAllUsersToVpcCidr",
    :client_certificate_arn => "clientCertificateArn",
    :client_connection_handler => "clientConnectionHandler",
    :client_login_banner => "clientLoginBanner",
    :client_route_enforcement_options => "clientRouteEnforcementOptions",
    :description => "description",
    :disconnect_on_session_timeout => "disconnectOnSessionTimeout",
    :dns_servers => "dnsServers",
    :logging => "logging",
    :log_group => "logGroup",
    :log_stream => "logStream",
    :port => "port",
    :security_groups => "securityGroups",
    :self_service_portal => "selfServicePortal",
    :session_timeout => "sessionTimeout",
    :split_tunnel => "splitTunnel",
    :transport_protocol => "transportProtocol",
    :user_based_authentication => "userBasedAuthentication",
    :vpc_subnets => "vpcSubnets",
    :vpc => "vpc",
  }
end

Instance Method Details

#to_jsiiObject



240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
# File 'ec2/client_vpn_endpoint_props.rb', line 240

def to_jsii
  result = {}
  result.merge!(super)
  result.merge!({
    "cidr" => @cidr,
    "serverCertificateArn" => @server_certificate_arn,
    "authorizeAllUsersToVpcCidr" => @authorize_all_users_to_vpc_cidr,
    "clientCertificateArn" => @client_certificate_arn,
    "clientConnectionHandler" => @client_connection_handler,
    "clientLoginBanner" => @client_login_banner,
    "clientRouteEnforcementOptions" => @client_route_enforcement_options,
    "description" => @description,
    "disconnectOnSessionTimeout" => @disconnect_on_session_timeout,
    "dnsServers" => @dns_servers,
    "logging" => @logging,
    "logGroup" => @log_group,
    "logStream" => @log_stream,
    "port" => @port,
    "securityGroups" => @security_groups,
    "selfServicePortal" => @self_service_portal,
    "sessionTimeout" => @session_timeout,
    "splitTunnel" => @split_tunnel,
    "transportProtocol" => @transport_protocol,
    "userBasedAuthentication" => @user_based_authentication,
    "vpcSubnets" => @vpc_subnets,
    "vpc" => @vpc,
  })
  result.compact
end