Package software.amazon.awscdk.services.ec2

Interface ClientVpnEndpointOptions

All Superinterfaces:
software.amazon.jsii.JsiiSerializable
All Known Subinterfaces:
ClientVpnEndpointProps
All Known Implementing Classes:
ClientVpnEndpointOptions.Jsii$Proxy, ClientVpnEndpointProps.Jsii$Proxy
@Generated(value="jsii-pacmak/1.98.0 (build 00b106d)", date="2024-05-08T21:35:06.087Z") @Stability(Stable) public interface ClientVpnEndpointOptions extends software.amazon.jsii.JsiiSerializable
Options for a client VPN endpoint.

Example: 

 ClientVpnEndpoint endpoint = vpc.addClientVpnEndpoint("Endpoint", ClientVpnEndpointOptions.builder()
         .cidr("10.100.0.0/16")
         .serverCertificateArn("arn:aws:acm:us-east-1:123456789012:certificate/server-certificate-id")
         .userBasedAuthentication(ClientVpnUserBasedAuthentication.federated(samlProvider))
         .authorizeAllUsersToVpcCidr(false)
         .build());
 endpoint.addAuthorizationRule("Rule", ClientVpnAuthorizationRuleOptions.builder()
         .cidr("10.0.10.0/32")
         .groupId("group-id")
         .build());

  • Method Details

    • getCidr

      @Stability(Stable) @NotNull String getCidr()
      The IPv4 address range, in CIDR notation, from which to assign client IP addresses.

      The address range cannot overlap with the local CIDR of the VPC in which the associated subnet is located, or the routes that you add manually.

      Changing the address range will replace the Client VPN endpoint.

      The CIDR block should be /22 or greater.

    • getServerCertificateArn

      @Stability(Stable) @NotNull String getServerCertificateArn()
      The ARN of the server certificate.

    • getAuthorizeAllUsersToVpcCidr

      @Stability(Stable) @Nullable default Boolean getAuthorizeAllUsersToVpcCidr()
      Whether to authorize all users to the VPC CIDR.

      This automatically creates an authorization rule. Set this to false and use addAuthorizationRule() to create your own rules instead.

      Default: true

    • getClientCertificateArn

      @Stability(Stable) @Nullable default String getClientCertificateArn()
      The ARN of the client certificate for mutual authentication.

      The certificate must be signed by a certificate authority (CA) and it must be provisioned in AWS Certificate Manager (ACM).

      Default: - use user-based authentication

    • getClientConnectionHandler

      @Stability(Stable) @Nullable default IClientVpnConnectionHandler getClientConnectionHandler()
      The AWS Lambda function used for connection authorization.

      The name of the Lambda function must begin with the AWSClientVPN- prefix

      Default: - no connection handler

    • getClientLoginBanner

      @Stability(Stable) @Nullable default String getClientLoginBanner()
      Customizable text that will be displayed in a banner on AWS provided clients when a VPN session is established.

      UTF-8 encoded characters only. Maximum of 1400 characters.

      Default: - no banner is presented to the client

    • getDescription

      @Stability(Stable) @Nullable default String getDescription()
      A brief description of the Client VPN endpoint.

      Default: - no description

    • getDnsServers

      @Stability(Stable) @Nullable default List<String> getDnsServers()
      Information about the DNS servers to be used for DNS resolution.

      A Client VPN endpoint can have up to two DNS servers.

      Default: - use the DNS address configured on the device

    • getLogging

      @Stability(Stable) @Nullable default Boolean getLogging()
      Whether to enable connections logging.

      Default: true

    • getLogGroup

      @Stability(Stable) @Nullable default ILogGroup getLogGroup()
      A CloudWatch Logs log group for connection logging.

      Default: - a new group is created

    • getLogStream

      @Stability(Stable) @Nullable default ILogStream getLogStream()
      A CloudWatch Logs log stream for connection logging.

      Default: - a new stream is created

    • getPort

      @Stability(Stable) @Nullable default VpnPort getPort()
      The port number to assign to the Client VPN endpoint for TCP and UDP traffic.

      Default: VpnPort.HTTPS

    • getSecurityGroups

      @Stability(Stable) @Nullable default List<ISecurityGroup> getSecurityGroups()
      The security groups to apply to the target network.

      Default: - a new security group is created

    • getSelfServicePortal

      @Stability(Stable) @Nullable default Boolean getSelfServicePortal()
      Specify whether to enable the self-service portal for the Client VPN endpoint.

      Default: true

    • getSessionTimeout

      @Stability(Stable) @Nullable default ClientVpnSessionTimeout getSessionTimeout()
      The maximum VPN session duration time.

      Default: ClientVpnSessionTimeout.TWENTY_FOUR_HOURS

    • getSplitTunnel

      @Stability(Stable) @Nullable default Boolean getSplitTunnel()
      Indicates whether split-tunnel is enabled on the AWS Client VPN endpoint.

      Default: false

      See Also:

    • getTransportProtocol

      @Stability(Stable) @Nullable default TransportProtocol getTransportProtocol()
      The transport protocol to be used by the VPN session.

      Default: TransportProtocol.UDP

    • getUserBasedAuthentication

      @Stability(Stable) @Nullable default ClientVpnUserBasedAuthentication getUserBasedAuthentication()
      The type of user-based authentication to use.

      Default: - use mutual authentication

      See Also:

    • getVpcSubnets

      @Stability(Stable) @Nullable default SubnetSelection getVpcSubnets()
      Subnets to associate to the client VPN endpoint.

      Default: - the VPC default strategy

    • builder

      @Stability(Stable) static ClientVpnEndpointOptions.Builder builder()
      Returns:
      a ClientVpnEndpointOptions.Builder of ClientVpnEndpointOptions