aws_ec2_client_vpn_endpoint

account_id

Type: STRING

associated_target_networks

Type: UNORDERED_LIST_STRUCT
Provider name: AssociatedTargetNetworks
Description: Information about the associated target networks. A target network is a subnet in a VPC.

  • network_id
    Type: STRING
    Provider name: NetworkId
    Description: The ID of the subnet.
  • network_type
    Type: STRING
    Provider name: NetworkType
    Description: The target network type.

authentication_options

Type: UNORDERED_LIST_STRUCT
Provider name: AuthenticationOptions
Description: Information about the authentication method used by the Client VPN endpoint.

  • active_directory
    Type: STRUCT
    Provider name: ActiveDirectory
    Description: Information about the Active Directory, if applicable.
    • directory_id
      Type: STRING
      Provider name: DirectoryId
      Description: The ID of the Active Directory used for authentication.
  • federated_authentication
    Type: STRUCT
    Provider name: FederatedAuthentication
    Description: Information about the IAM SAML identity provider, if applicable.
    • saml_provider_arn
      Type: STRING
      Provider name: SamlProviderArn
      Description: The Amazon Resource Name (ARN) of the IAM SAML identity provider.
    • self_service_saml_provider_arn
      Type: STRING
      Provider name: SelfServiceSamlProviderArn
      Description: The Amazon Resource Name (ARN) of the IAM SAML identity provider for the self-service portal.
  • mutual_authentication
    Type: STRUCT
    Provider name: MutualAuthentication
    Description: Information about the authentication certificates, if applicable.
    • client_root_certificate_chain
      Type: STRING
      Provider name: ClientRootCertificateChain
      Description: The ARN of the client certificate.
  • type
    Type: STRING
    Provider name: Type
    Description: The authentication type used.

client_cidr_block

Type: STRING
Provider name: ClientCidrBlock
Description: The IPv4 address range, in CIDR notation, from which client IP addresses are assigned.

client_connect_options

Type: STRUCT
Provider name: ClientConnectOptions
Description: The options for managing connection authorization for new client connections.

  • enabled
    Type: BOOLEAN
    Provider name: Enabled
    Description: Indicates whether client connect options are enabled.
  • lambda_function_arn
    Type: STRING
    Provider name: LambdaFunctionArn
    Description: The Amazon Resource Name (ARN) of the Lambda function used for connection authorization.
  • status
    Type: STRUCT
    Provider name: Status
    Description: The status of any updates to the client connect options.
    • code
      Type: STRING
      Provider name: Code
      Description: The status code.
    • message
      Type: STRING
      Provider name: Message
      Description: The status message.

client_login_banner_options

Type: STRUCT
Provider name: ClientLoginBannerOptions
Description: Options for enabling a customizable text banner that will be displayed on Amazon Web Services provided clients when a VPN session is established.

  • banner_text
    Type: STRING
    Provider name: BannerText
    Description: Customizable text that will be displayed in a banner on Amazon Web Services provided clients when a VPN session is established. UTF-8 encoded characters only. Maximum of 1400 characters.
  • enabled
    Type: BOOLEAN
    Provider name: Enabled
    Description: Current state of text banner feature. Valid values: true | false

client_vpn_endpoint_arn

Type: STRING

client_vpn_endpoint_id

Type: STRING
Provider name: ClientVpnEndpointId
Description: The ID of the Client VPN endpoint.

connection_log_options

Type: STRUCT
Provider name: ConnectionLogOptions
Description: Information about the client connection logging options for the Client VPN endpoint.

  • cloudwatch_log_group
    Type: STRING
    Provider name: CloudwatchLogGroup
    Description: The name of the Amazon CloudWatch Logs log group to which connection logging data is published.
  • cloudwatch_log_stream
    Type: STRING
    Provider name: CloudwatchLogStream
    Description: The name of the Amazon CloudWatch Logs log stream to which connection logging data is published.
  • enabled
    Type: BOOLEAN
    Provider name: Enabled
    Description: Indicates whether client connection logging is enabled for the Client VPN endpoint.

creation_time

Type: STRING
Provider name: CreationTime
Description: The date and time the Client VPN endpoint was created.

deletion_time

Type: STRING
Provider name: DeletionTime
Description: The date and time the Client VPN endpoint was deleted, if applicable.

description

Type: STRING
Provider name: Description
Description: A brief description of the endpoint.

dns_name

Type: STRING
Provider name: DnsName
Description: The DNS name to be used by clients when connecting to the Client VPN endpoint.

dns_servers

Type: UNORDERED_LIST_STRING
Provider name: DnsServers
Description: Information about the DNS servers to be used for DNS resolution.

security_group_ids

Type: UNORDERED_LIST_STRING
Provider name: SecurityGroupIds
Description: The IDs of the security groups for the target network.

self_service_portal_url

Type: STRING
Provider name: SelfServicePortalUrl
Description: The URL of the self-service portal.

server_certificate_arn

Type: STRING
Provider name: ServerCertificateArn
Description: The ARN of the server certificate.

session_timeout_hours

Type: INT32
Provider name: SessionTimeoutHours
Description: The maximum VPN session duration time in hours. Valid values: 8 | 10 | 12 | 24 Default value: 24

split_tunnel

Type: BOOLEAN
Provider name: SplitTunnel
Description: Indicates whether split-tunnel is enabled in the Client VPN endpoint. For information about split-tunnel VPN endpoints, see Split-Tunnel Client VPN endpoint in the Client VPN Administrator Guide.

status

Type: STRUCT
Provider name: Status
Description: The current state of the Client VPN endpoint.

  • code
    Type: STRING
    Provider name: Code
    Description: The state of the Client VPN endpoint. Possible states include:
    • pending-associate - The Client VPN endpoint has been created but no target networks have been associated. The Client VPN endpoint cannot accept connections.
    • available - The Client VPN endpoint has been created and a target network has been associated. The Client VPN endpoint can accept connections.
    • deleting - The Client VPN endpoint is being deleted. The Client VPN endpoint cannot accept connections.
    • deleted - The Client VPN endpoint has been deleted. The Client VPN endpoint cannot accept connections.
  • message
    Type: STRING
    Provider name: Message
    Description: A message about the status of the Client VPN endpoint.

tags

Type: UNORDERED_LIST_STRING

transport_protocol

Type: STRING
Provider name: TransportProtocol
Description: The transport protocol used by the Client VPN endpoint.

vpc_id

Type: STRING
Provider name: VpcId
Description: The ID of the VPC.

vpn_port

Type: INT32
Provider name: VpnPort
Description: The port number for the Client VPN endpoint.

vpn_protocol

Type: STRING
Provider name: VpnProtocol
Description: The protocol used by the VPN session.