Class: AWSCDK::EC2::ClientVpnEndpointProps
- Inherits:
-
ClientVpnEndpointOptions
- Object
- ClientVpnEndpointOptions
- AWSCDK::EC2::ClientVpnEndpointProps
- Defined in:
- ec2/client_vpn_endpoint_props.rb
Overview
Properties for a client VPN endpoint.
Instance Attribute Summary collapse
-
#authorize_all_users_to_vpc_cidr ⇒ Boolean?
readonly
Whether to authorize all users to the VPC CIDR.
-
#cidr ⇒ String
readonly
The IPv4 address range, in CIDR notation, from which to assign client IP addresses.
-
#client_certificate_arn ⇒ String?
readonly
The ARN of the client certificate for mutual authentication.
-
#client_connection_handler ⇒ AWSCDK::EC2::IClientVpnConnectionHandler?
readonly
The AWS Lambda function used for connection authorization.
-
#client_login_banner ⇒ String?
readonly
Customizable text that will be displayed in a banner on AWS provided clients when a VPN session is established.
-
#client_route_enforcement_options ⇒ AWSCDK::EC2::ClientRouteEnforcementOptions?
readonly
Options for Client Route Enforcement.
-
#description ⇒ String?
readonly
A brief description of the Client VPN endpoint.
-
#disconnect_on_session_timeout ⇒ Boolean?
readonly
Indicates whether the client VPN session is disconnected after the maximum
sessionTimeoutis reached. -
#dns_servers ⇒ Array<String>?
readonly
Information about the DNS servers to be used for DNS resolution.
-
#log_group ⇒ AWSCDK::Interfaces::AWSLogs::ILogGroupRef?
readonly
A CloudWatch Logs log group for connection logging.
-
#log_stream ⇒ AWSCDK::Interfaces::AWSLogs::ILogStreamRef?
readonly
A CloudWatch Logs log stream for connection logging.
-
#logging ⇒ Boolean?
readonly
Whether to enable connections logging.
-
#port ⇒ AWSCDK::EC2::VpnPort?
readonly
The port number to assign to the Client VPN endpoint for TCP and UDP traffic.
-
#security_groups ⇒ Array<AWSCDK::EC2::ISecurityGroup>?
readonly
The security groups to apply to the target network.
-
#self_service_portal ⇒ Boolean?
readonly
Specify whether to enable the self-service portal for the Client VPN endpoint.
-
#server_certificate_arn ⇒ String
readonly
The ARN of the server certificate.
-
#session_timeout ⇒ AWSCDK::EC2::ClientVpnSessionTimeout?
readonly
The maximum VPN session duration time.
-
#split_tunnel ⇒ Boolean?
readonly
Indicates whether split-tunnel is enabled on the AWS Client VPN endpoint.
-
#transport_protocol ⇒ AWSCDK::EC2::TransportProtocol?
readonly
The transport protocol to be used by the VPN session.
-
#user_based_authentication ⇒ AWSCDK::EC2::ClientVpnUserBasedAuthentication?
readonly
The type of user-based authentication to use.
-
#vpc ⇒ AWSCDK::EC2::IVPC
readonly
The VPC to connect to.
-
#vpc_subnets ⇒ AWSCDK::EC2::SubnetSelection?
readonly
Subnets to associate to the client VPN endpoint.
Class Method Summary collapse
Instance Method Summary collapse
-
#initialize(cidr:, server_certificate_arn:, authorize_all_users_to_vpc_cidr: nil, client_certificate_arn: nil, client_connection_handler: nil, client_login_banner: nil, client_route_enforcement_options: nil, description: nil, disconnect_on_session_timeout: nil, dns_servers: nil, logging: nil, log_group: nil, log_stream: nil, port: nil, security_groups: nil, self_service_portal: nil, session_timeout: nil, split_tunnel: nil, transport_protocol: nil, user_based_authentication: nil, vpc_subnets: nil, vpc:) ⇒ ClientVpnEndpointProps
constructor
A new instance of ClientVpnEndpointProps.
- #to_jsii ⇒ Object
Constructor Details
#initialize(cidr:, server_certificate_arn:, authorize_all_users_to_vpc_cidr: nil, client_certificate_arn: nil, client_connection_handler: nil, client_login_banner: nil, client_route_enforcement_options: nil, description: nil, disconnect_on_session_timeout: nil, dns_servers: nil, logging: nil, log_group: nil, log_stream: nil, port: nil, security_groups: nil, self_service_portal: nil, session_timeout: nil, split_tunnel: nil, transport_protocol: nil, user_based_authentication: nil, vpc_subnets: nil, vpc:) ⇒ ClientVpnEndpointProps
Returns a new instance of ClientVpnEndpointProps.
29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 |
# File 'ec2/client_vpn_endpoint_props.rb', line 29 def initialize(cidr:, server_certificate_arn:, authorize_all_users_to_vpc_cidr: nil, client_certificate_arn: nil, client_connection_handler: nil, client_login_banner: nil, client_route_enforcement_options: nil, description: nil, disconnect_on_session_timeout: nil, dns_servers: nil, logging: nil, log_group: nil, log_stream: nil, port: nil, security_groups: nil, self_service_portal: nil, session_timeout: nil, split_tunnel: nil, transport_protocol: nil, user_based_authentication: nil, vpc_subnets: nil, vpc:) @cidr = cidr Jsii::Type.check_type(@cidr, JSON.parse(Base64.strict_decode64("eyJwcmltaXRpdmUiOiJzdHJpbmcifQ==")), "cidr") @server_certificate_arn = server_certificate_arn Jsii::Type.check_type(@server_certificate_arn, JSON.parse(Base64.strict_decode64("eyJwcmltaXRpdmUiOiJzdHJpbmcifQ==")), "serverCertificateArn") @authorize_all_users_to_vpc_cidr = Jsii::Type.check_type(@authorize_all_users_to_vpc_cidr, JSON.parse(Base64.strict_decode64("eyJwcmltaXRpdmUiOiJib29sZWFuIn0=")), "authorizeAllUsersToVpcCidr") unless @authorize_all_users_to_vpc_cidr.nil? @client_certificate_arn = client_certificate_arn Jsii::Type.check_type(@client_certificate_arn, JSON.parse(Base64.strict_decode64("eyJwcmltaXRpdmUiOiJzdHJpbmcifQ==")), "clientCertificateArn") unless @client_certificate_arn.nil? @client_connection_handler = client_connection_handler Jsii::Type.check_type(@client_connection_handler, JSON.parse(Base64.strict_decode64("eyJmcW4iOiJhd3MtY2RrLWxpYi5hd3NfZWMyLklDbGllbnRWcG5Db25uZWN0aW9uSGFuZGxlciJ9")), "clientConnectionHandler") unless @client_connection_handler.nil? @client_login_banner = Jsii::Type.check_type(@client_login_banner, JSON.parse(Base64.strict_decode64("eyJwcmltaXRpdmUiOiJzdHJpbmcifQ==")), "clientLoginBanner") unless @client_login_banner.nil? @client_route_enforcement_options = .is_a?(Hash) ? ::AWSCDK::EC2::ClientRouteEnforcementOptions.new(**.transform_keys(&:to_sym)) : Jsii::Type.check_type(@client_route_enforcement_options, JSON.parse(Base64.strict_decode64("eyJmcW4iOiJhd3MtY2RrLWxpYi5hd3NfZWMyLkNsaWVudFJvdXRlRW5mb3JjZW1lbnRPcHRpb25zIn0=")), "clientRouteEnforcementOptions") unless @client_route_enforcement_options.nil? @description = description Jsii::Type.check_type(@description, JSON.parse(Base64.strict_decode64("eyJwcmltaXRpdmUiOiJzdHJpbmcifQ==")), "description") unless @description.nil? @disconnect_on_session_timeout = disconnect_on_session_timeout Jsii::Type.check_type(@disconnect_on_session_timeout, JSON.parse(Base64.strict_decode64("eyJwcmltaXRpdmUiOiJib29sZWFuIn0=")), "disconnectOnSessionTimeout") unless @disconnect_on_session_timeout.nil? @dns_servers = dns_servers Jsii::Type.check_type(@dns_servers, JSON.parse(Base64.strict_decode64("eyJjb2xsZWN0aW9uIjp7ImVsZW1lbnR0eXBlIjp7InByaW1pdGl2ZSI6InN0cmluZyJ9LCJraW5kIjoiYXJyYXkifX0=")), "dnsServers") unless @dns_servers.nil? @logging = logging Jsii::Type.check_type(@logging, JSON.parse(Base64.strict_decode64("eyJwcmltaXRpdmUiOiJib29sZWFuIn0=")), "logging") unless @logging.nil? @log_group = log_group Jsii::Type.check_type(@log_group, JSON.parse(Base64.strict_decode64("eyJmcW4iOiJhd3MtY2RrLWxpYi5pbnRlcmZhY2VzLmF3c19sb2dzLklMb2dHcm91cFJlZiJ9")), "logGroup") unless @log_group.nil? @log_stream = log_stream Jsii::Type.check_type(@log_stream, JSON.parse(Base64.strict_decode64("eyJmcW4iOiJhd3MtY2RrLWxpYi5pbnRlcmZhY2VzLmF3c19sb2dzLklMb2dTdHJlYW1SZWYifQ==")), "logStream") unless @log_stream.nil? @port = port Jsii::Type.check_type(@port, JSON.parse(Base64.strict_decode64("eyJmcW4iOiJhd3MtY2RrLWxpYi5hd3NfZWMyLlZwblBvcnQifQ==")), "port") unless @port.nil? @security_groups = security_groups Jsii::Type.check_type(@security_groups, JSON.parse(Base64.strict_decode64("eyJjb2xsZWN0aW9uIjp7ImVsZW1lbnR0eXBlIjp7ImZxbiI6ImF3cy1jZGstbGliLmF3c19lYzIuSVNlY3VyaXR5R3JvdXAifSwia2luZCI6ImFycmF5In19")), "securityGroups") unless @security_groups.nil? @self_service_portal = self_service_portal Jsii::Type.check_type(@self_service_portal, JSON.parse(Base64.strict_decode64("eyJwcmltaXRpdmUiOiJib29sZWFuIn0=")), "selfServicePortal") unless @self_service_portal.nil? @session_timeout = session_timeout Jsii::Type.check_type(@session_timeout, JSON.parse(Base64.strict_decode64("eyJmcW4iOiJhd3MtY2RrLWxpYi5hd3NfZWMyLkNsaWVudFZwblNlc3Npb25UaW1lb3V0In0=")), "sessionTimeout") unless @session_timeout.nil? @split_tunnel = split_tunnel Jsii::Type.check_type(@split_tunnel, JSON.parse(Base64.strict_decode64("eyJwcmltaXRpdmUiOiJib29sZWFuIn0=")), "splitTunnel") unless @split_tunnel.nil? @transport_protocol = transport_protocol Jsii::Type.check_type(@transport_protocol, JSON.parse(Base64.strict_decode64("eyJmcW4iOiJhd3MtY2RrLWxpYi5hd3NfZWMyLlRyYW5zcG9ydFByb3RvY29sIn0=")), "transportProtocol") unless @transport_protocol.nil? @user_based_authentication = user_based_authentication Jsii::Type.check_type(@user_based_authentication, JSON.parse(Base64.strict_decode64("eyJmcW4iOiJhd3MtY2RrLWxpYi5hd3NfZWMyLkNsaWVudFZwblVzZXJCYXNlZEF1dGhlbnRpY2F0aW9uIn0=")), "userBasedAuthentication") unless @user_based_authentication.nil? @vpc_subnets = vpc_subnets.is_a?(Hash) ? ::AWSCDK::EC2::SubnetSelection.new(**vpc_subnets.transform_keys(&:to_sym)) : vpc_subnets Jsii::Type.check_type(@vpc_subnets, JSON.parse(Base64.strict_decode64("eyJmcW4iOiJhd3MtY2RrLWxpYi5hd3NfZWMyLlN1Ym5ldFNlbGVjdGlvbiJ9")), "vpcSubnets") unless @vpc_subnets.nil? @vpc = vpc Jsii::Type.check_type(@vpc, JSON.parse(Base64.strict_decode64("eyJmcW4iOiJhd3MtY2RrLWxpYi5hd3NfZWMyLklWcGMifQ==")), "vpc") end |
Instance Attribute Details
#authorize_all_users_to_vpc_cidr ⇒ Boolean? (readonly)
Default: true
Whether to authorize all users to the VPC CIDR.
This automatically creates an authorization rule. Set this to false and
use add_authorization_rule() to create your own rules instead.
98 99 100 |
# File 'ec2/client_vpn_endpoint_props.rb', line 98 def @authorize_all_users_to_vpc_cidr end |
#cidr ⇒ String (readonly)
The IPv4 address range, in CIDR notation, from which to assign client IP addresses.
The address range cannot overlap with the local CIDR of the VPC in which the associated subnet is located, or the routes that you add manually.
Changing the address range will replace the Client VPN endpoint.
The CIDR block should be /22 or greater.
86 87 88 |
# File 'ec2/client_vpn_endpoint_props.rb', line 86 def cidr @cidr end |
#client_certificate_arn ⇒ String? (readonly)
Default: - use user-based authentication
The ARN of the client certificate for mutual authentication.
The certificate must be signed by a certificate authority (CA) and it must be provisioned in AWS Certificate Manager (ACM).
106 107 108 |
# File 'ec2/client_vpn_endpoint_props.rb', line 106 def client_certificate_arn @client_certificate_arn end |
#client_connection_handler ⇒ AWSCDK::EC2::IClientVpnConnectionHandler? (readonly)
Default: - no connection handler
The AWS Lambda function used for connection authorization.
The name of the Lambda function must begin with the AWSClientVPN- prefix
113 114 115 |
# File 'ec2/client_vpn_endpoint_props.rb', line 113 def client_connection_handler @client_connection_handler end |
#client_login_banner ⇒ String? (readonly)
Default: - no banner is presented to the client
Customizable text that will be displayed in a banner on AWS provided clients when a VPN session is established.
UTF-8 encoded characters only. Maximum of 1400 characters.
120 121 122 |
# File 'ec2/client_vpn_endpoint_props.rb', line 120 def @client_login_banner end |
#client_route_enforcement_options ⇒ AWSCDK::EC2::ClientRouteEnforcementOptions? (readonly)
Default: undefined - AWS Client VPN default setting is disable client route enforcement
Options for Client Route Enforcement.
Client Route Enforcement is a feature of Client VPN that helps enforce administrator defined routes on devices connected through the VPN. This feature helps improve your security posture by ensuring that network traffic originating from a connected client is not inadvertently sent outside the VPN tunnel.
129 130 131 |
# File 'ec2/client_vpn_endpoint_props.rb', line 129 def @client_route_enforcement_options end |
#description ⇒ String? (readonly)
Default: - no description
A brief description of the Client VPN endpoint.
134 135 136 |
# File 'ec2/client_vpn_endpoint_props.rb', line 134 def description @description end |
#disconnect_on_session_timeout ⇒ Boolean? (readonly)
Default: undefined - AWS Client VPN default is true
Indicates whether the client VPN session is disconnected after the maximum sessionTimeout is reached.
If true, users are prompted to reconnect client VPN.
If false, client VPN attempts to reconnect automatically.
143 144 145 |
# File 'ec2/client_vpn_endpoint_props.rb', line 143 def disconnect_on_session_timeout @disconnect_on_session_timeout end |
#dns_servers ⇒ Array<String>? (readonly)
Default: - use the DNS address configured on the device
Information about the DNS servers to be used for DNS resolution.
A Client VPN endpoint can have up to two DNS servers.
150 151 152 |
# File 'ec2/client_vpn_endpoint_props.rb', line 150 def dns_servers @dns_servers end |
#log_group ⇒ AWSCDK::Interfaces::AWSLogs::ILogGroupRef? (readonly)
Default: - a new group is created
A CloudWatch Logs log group for connection logging.
160 161 162 |
# File 'ec2/client_vpn_endpoint_props.rb', line 160 def log_group @log_group end |
#log_stream ⇒ AWSCDK::Interfaces::AWSLogs::ILogStreamRef? (readonly)
Default: - a new stream is created
A CloudWatch Logs log stream for connection logging.
165 166 167 |
# File 'ec2/client_vpn_endpoint_props.rb', line 165 def log_stream @log_stream end |
#logging ⇒ Boolean? (readonly)
Default: true
Whether to enable connections logging.
155 156 157 |
# File 'ec2/client_vpn_endpoint_props.rb', line 155 def logging @logging end |
#port ⇒ AWSCDK::EC2::VpnPort? (readonly)
Default: VpnPort.HTTPS
The port number to assign to the Client VPN endpoint for TCP and UDP traffic.
170 171 172 |
# File 'ec2/client_vpn_endpoint_props.rb', line 170 def port @port end |
#security_groups ⇒ Array<AWSCDK::EC2::ISecurityGroup>? (readonly)
Default: - a new security group is created
The security groups to apply to the target network.
175 176 177 |
# File 'ec2/client_vpn_endpoint_props.rb', line 175 def security_groups @security_groups end |
#self_service_portal ⇒ Boolean? (readonly)
Default: true
Specify whether to enable the self-service portal for the Client VPN endpoint.
180 181 182 |
# File 'ec2/client_vpn_endpoint_props.rb', line 180 def self_service_portal @self_service_portal end |
#server_certificate_arn ⇒ String (readonly)
The ARN of the server certificate.
90 91 92 |
# File 'ec2/client_vpn_endpoint_props.rb', line 90 def server_certificate_arn @server_certificate_arn end |
#session_timeout ⇒ AWSCDK::EC2::ClientVpnSessionTimeout? (readonly)
Default: ClientVpnSessionTimeout.TWENTY_FOUR_HOURS
The maximum VPN session duration time.
185 186 187 |
# File 'ec2/client_vpn_endpoint_props.rb', line 185 def session_timeout @session_timeout end |
#split_tunnel ⇒ Boolean? (readonly)
Default: false
Indicates whether split-tunnel is enabled on the AWS Client VPN endpoint.
191 192 193 |
# File 'ec2/client_vpn_endpoint_props.rb', line 191 def split_tunnel @split_tunnel end |
#transport_protocol ⇒ AWSCDK::EC2::TransportProtocol? (readonly)
Default: TransportProtocol.UDP
The transport protocol to be used by the VPN session.
196 197 198 |
# File 'ec2/client_vpn_endpoint_props.rb', line 196 def transport_protocol @transport_protocol end |
#user_based_authentication ⇒ AWSCDK::EC2::ClientVpnUserBasedAuthentication? (readonly)
Default: - use mutual authentication
The type of user-based authentication to use.
202 203 204 |
# File 'ec2/client_vpn_endpoint_props.rb', line 202 def user_based_authentication @user_based_authentication end |
#vpc ⇒ AWSCDK::EC2::IVPC (readonly)
The VPC to connect to.
211 212 213 |
# File 'ec2/client_vpn_endpoint_props.rb', line 211 def vpc @vpc end |
#vpc_subnets ⇒ AWSCDK::EC2::SubnetSelection? (readonly)
Default: - the VPC default strategy
Subnets to associate to the client VPN endpoint.
207 208 209 |
# File 'ec2/client_vpn_endpoint_props.rb', line 207 def vpc_subnets @vpc_subnets end |
Class Method Details
.jsii_properties ⇒ Object
213 214 215 216 217 218 219 220 221 222 223 224 225 226 227 228 229 230 231 232 233 234 235 236 237 238 |
# File 'ec2/client_vpn_endpoint_props.rb', line 213 def self.jsii_properties { :cidr => "cidr", :server_certificate_arn => "serverCertificateArn", :authorize_all_users_to_vpc_cidr => "authorizeAllUsersToVpcCidr", :client_certificate_arn => "clientCertificateArn", :client_connection_handler => "clientConnectionHandler", :client_login_banner => "clientLoginBanner", :client_route_enforcement_options => "clientRouteEnforcementOptions", :description => "description", :disconnect_on_session_timeout => "disconnectOnSessionTimeout", :dns_servers => "dnsServers", :logging => "logging", :log_group => "logGroup", :log_stream => "logStream", :port => "port", :security_groups => "securityGroups", :self_service_portal => "selfServicePortal", :session_timeout => "sessionTimeout", :split_tunnel => "splitTunnel", :transport_protocol => "transportProtocol", :user_based_authentication => "userBasedAuthentication", :vpc_subnets => "vpcSubnets", :vpc => "vpc", } end |
Instance Method Details
#to_jsii ⇒ Object
240 241 242 243 244 245 246 247 248 249 250 251 252 253 254 255 256 257 258 259 260 261 262 263 264 265 266 267 268 |
# File 'ec2/client_vpn_endpoint_props.rb', line 240 def to_jsii result = {} result.merge!(super) result.merge!({ "cidr" => @cidr, "serverCertificateArn" => @server_certificate_arn, "authorizeAllUsersToVpcCidr" => @authorize_all_users_to_vpc_cidr, "clientCertificateArn" => @client_certificate_arn, "clientConnectionHandler" => @client_connection_handler, "clientLoginBanner" => @client_login_banner, "clientRouteEnforcementOptions" => @client_route_enforcement_options, "description" => @description, "disconnectOnSessionTimeout" => @disconnect_on_session_timeout, "dnsServers" => @dns_servers, "logging" => @logging, "logGroup" => @log_group, "logStream" => @log_stream, "port" => @port, "securityGroups" => @security_groups, "selfServicePortal" => @self_service_portal, "sessionTimeout" => @session_timeout, "splitTunnel" => @split_tunnel, "transportProtocol" => @transport_protocol, "userBasedAuthentication" => @user_based_authentication, "vpcSubnets" => @vpc_subnets, "vpc" => @vpc, }) result.compact end |