AWS::EC2::ClientVpnTargetNetworkAssociation - Amazon CloudFormation
Services or capabilities described in Amazon Web Services documentation might vary by Region. To see the differences applicable to the China Regions, see Getting Started with Amazon Web Services in China (PDF).


Specifies a target network to associate with a Client VPN endpoint. A target network is a subnet in a VPC. You can associate multiple subnets from the same VPC with a Client VPN endpoint. You can associate only one subnet in each Availability Zone. We recommend that you associate at least two subnets to provide Availability Zone redundancy.


To declare this entity in your Amazon CloudFormation template, use the following syntax:


{ "Type" : "AWS::EC2::ClientVpnTargetNetworkAssociation", "Properties" : { "ClientVpnEndpointId" : String, "SubnetId" : String } }


Type: AWS::EC2::ClientVpnTargetNetworkAssociation Properties: ClientVpnEndpointId: String SubnetId: String



The ID of the Client VPN endpoint.

Required: Yes

Type: String

Update requires: Replacement


The ID of the subnet to associate with the Client VPN endpoint.

Required: Yes

Type: String

Update requires: Replacement

Return values


When you pass the logical ID of this resource to the intrinsic Ref function, Ref returns the association ID. For example: cvpn-assoc-1234567890abcdef0.

For more information about using the Ref function, see Ref.


Associate a target subnet with a client VPN endpoint

The following example associates a target network with a client VPN endpoint.


myNetworkAssociation: Type: "AWS::EC2::ClientVpnTargetNetworkAssociation" Properties: ClientVpnEndpointId: Ref: myClientVpnEndpoint SubnetId: Ref: mySubnet


"myNetworkAssociation": { "Type": "AWS::EC2::ClientVpnTargetNetworkAssociation", "Properties": { "ClientVpnEndpointId": { "Ref": "myClientVpnEndpoint" }, "SubnetId": { "Ref": "mySubnet" } } }

See also