1. Packages
  2. AWS
  3. API Docs
  4. verifiedaccess
  5. Endpoint
AWS v6.78.0 published on Thursday, Apr 24, 2025 by Pulumi

aws.verifiedaccess.Endpoint

Explore with Pulumi AI

Resource for managing an AWS EC2 (Elastic Compute Cloud) Verified Access Endpoint.

Example Usage

ALB Example

import * as pulumi from "@pulumi/pulumi";
import * as aws from "@pulumi/aws";

const example = new aws.verifiedaccess.Endpoint("example", {
    applicationDomain: "example.com",
    attachmentType: "vpc",
    description: "example",
    domainCertificateArn: exampleAwsAcmCertificate.arn,
    endpointDomainPrefix: "example",
    endpointType: "load-balancer",
    loadBalancerOptions: {
        loadBalancerArn: exampleAwsLb.arn,
        port: 443,
        protocol: "https",
        subnetIds: .map(subnet => (subnet.id)),
    },
    securityGroupIds: [exampleAwsSecurityGroup.id],
    verifiedAccessGroupId: exampleAwsVerifiedaccessGroup.id,
});
Copy
import pulumi
import pulumi_aws as aws

example = aws.verifiedaccess.Endpoint("example",
    application_domain="example.com",
    attachment_type="vpc",
    description="example",
    domain_certificate_arn=example_aws_acm_certificate["arn"],
    endpoint_domain_prefix="example",
    endpoint_type="load-balancer",
    load_balancer_options={
        "load_balancer_arn": example_aws_lb["arn"],
        "port": 443,
        "protocol": "https",
        "subnet_ids": [subnet["id"] for subnet in public],
    },
    security_group_ids=[example_aws_security_group["id"]],
    verified_access_group_id=example_aws_verifiedaccess_group["id"])
Copy
Coming soon!
using System.Collections.Generic;
using System.Linq;
using Pulumi;
using Aws = Pulumi.Aws;

return await Deployment.RunAsync(() => 
{
    var example = new Aws.VerifiedAccess.Endpoint("example", new()
    {
        ApplicationDomain = "example.com",
        AttachmentType = "vpc",
        Description = "example",
        DomainCertificateArn = exampleAwsAcmCertificate.Arn,
        EndpointDomainPrefix = "example",
        EndpointType = "load-balancer",
        LoadBalancerOptions = new Aws.VerifiedAccess.Inputs.EndpointLoadBalancerOptionsArgs
        {
            LoadBalancerArn = exampleAwsLb.Arn,
            Port = 443,
            Protocol = "https",
            SubnetIds = .Select(subnet => 
            {
                return subnet.Id;
            }).ToList(),
        },
        SecurityGroupIds = new[]
        {
            exampleAwsSecurityGroup.Id,
        },
        VerifiedAccessGroupId = exampleAwsVerifiedaccessGroup.Id,
    });

});
Copy
Coming soon!
Coming soon!

Network Interface Example

import * as pulumi from "@pulumi/pulumi";
import * as aws from "@pulumi/aws";

const example = new aws.verifiedaccess.Endpoint("example", {
    applicationDomain: "example.com",
    attachmentType: "vpc",
    description: "example",
    domainCertificateArn: exampleAwsAcmCertificate.arn,
    endpointDomainPrefix: "example",
    endpointType: "network-interface",
    networkInterfaceOptions: {
        networkInterfaceId: exampleAwsNetworkInterface.id,
        port: 443,
        protocol: "https",
    },
    securityGroupIds: [exampleAwsSecurityGroup.id],
    verifiedAccessGroupId: exampleAwsVerifiedaccessGroup.id,
});
Copy
import pulumi
import pulumi_aws as aws

example = aws.verifiedaccess.Endpoint("example",
    application_domain="example.com",
    attachment_type="vpc",
    description="example",
    domain_certificate_arn=example_aws_acm_certificate["arn"],
    endpoint_domain_prefix="example",
    endpoint_type="network-interface",
    network_interface_options={
        "network_interface_id": example_aws_network_interface["id"],
        "port": 443,
        "protocol": "https",
    },
    security_group_ids=[example_aws_security_group["id"]],
    verified_access_group_id=example_aws_verifiedaccess_group["id"])
Copy
package main

import (
	"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/verifiedaccess"
	"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)

func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		_, err := verifiedaccess.NewEndpoint(ctx, "example", &verifiedaccess.EndpointArgs{
			ApplicationDomain:    pulumi.String("example.com"),
			AttachmentType:       pulumi.String("vpc"),
			Description:          pulumi.String("example"),
			DomainCertificateArn: pulumi.Any(exampleAwsAcmCertificate.Arn),
			EndpointDomainPrefix: pulumi.String("example"),
			EndpointType:         pulumi.String("network-interface"),
			NetworkInterfaceOptions: &verifiedaccess.EndpointNetworkInterfaceOptionsArgs{
				NetworkInterfaceId: pulumi.Any(exampleAwsNetworkInterface.Id),
				Port:               pulumi.Int(443),
				Protocol:           pulumi.String("https"),
			},
			SecurityGroupIds: pulumi.StringArray{
				exampleAwsSecurityGroup.Id,
			},
			VerifiedAccessGroupId: pulumi.Any(exampleAwsVerifiedaccessGroup.Id),
		})
		if err != nil {
			return err
		}
		return nil
	})
}
Copy
using System.Collections.Generic;
using System.Linq;
using Pulumi;
using Aws = Pulumi.Aws;

return await Deployment.RunAsync(() => 
{
    var example = new Aws.VerifiedAccess.Endpoint("example", new()
    {
        ApplicationDomain = "example.com",
        AttachmentType = "vpc",
        Description = "example",
        DomainCertificateArn = exampleAwsAcmCertificate.Arn,
        EndpointDomainPrefix = "example",
        EndpointType = "network-interface",
        NetworkInterfaceOptions = new Aws.VerifiedAccess.Inputs.EndpointNetworkInterfaceOptionsArgs
        {
            NetworkInterfaceId = exampleAwsNetworkInterface.Id,
            Port = 443,
            Protocol = "https",
        },
        SecurityGroupIds = new[]
        {
            exampleAwsSecurityGroup.Id,
        },
        VerifiedAccessGroupId = exampleAwsVerifiedaccessGroup.Id,
    });

});
Copy
package generated_program;

import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.aws.verifiedaccess.Endpoint;
import com.pulumi.aws.verifiedaccess.EndpointArgs;
import com.pulumi.aws.verifiedaccess.inputs.EndpointNetworkInterfaceOptionsArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;

public class App {
    public static void main(String[] args) {
        Pulumi.run(App::stack);
    }

    public static void stack(Context ctx) {
        var example = new Endpoint("example", EndpointArgs.builder()
            .applicationDomain("example.com")
            .attachmentType("vpc")
            .description("example")
            .domainCertificateArn(exampleAwsAcmCertificate.arn())
            .endpointDomainPrefix("example")
            .endpointType("network-interface")
            .networkInterfaceOptions(EndpointNetworkInterfaceOptionsArgs.builder()
                .networkInterfaceId(exampleAwsNetworkInterface.id())
                .port(443)
                .protocol("https")
                .build())
            .securityGroupIds(exampleAwsSecurityGroup.id())
            .verifiedAccessGroupId(exampleAwsVerifiedaccessGroup.id())
            .build());

    }
}
Copy
resources:
  example:
    type: aws:verifiedaccess:Endpoint
    properties:
      applicationDomain: example.com
      attachmentType: vpc
      description: example
      domainCertificateArn: ${exampleAwsAcmCertificate.arn}
      endpointDomainPrefix: example
      endpointType: network-interface
      networkInterfaceOptions:
        networkInterfaceId: ${exampleAwsNetworkInterface.id}
        port: 443
        protocol: https
      securityGroupIds:
        - ${exampleAwsSecurityGroup.id}
      verifiedAccessGroupId: ${exampleAwsVerifiedaccessGroup.id}
Copy

Cidr Example

import * as pulumi from "@pulumi/pulumi";
import * as aws from "@pulumi/aws";

const example = new aws.verifiedaccess.Endpoint("example", {
    attachmentType: "vpc",
    description: "example",
    endpointType: "cidr",
    cidrOptions: {
        cidr: test[0].cidrBlock,
        portRanges: [{
            fromPort: 443,
            toPort: 443,
        }],
        protocol: "tcp",
        subnetIds: .map(subnet => (subnet.id)),
    },
    securityGroupIds: [testAwsSecurityGroup.id],
    verifiedAccessGroupId: testAwsVerifiedaccessGroup.id,
});
Copy
import pulumi
import pulumi_aws as aws

example = aws.verifiedaccess.Endpoint("example",
    attachment_type="vpc",
    description="example",
    endpoint_type="cidr",
    cidr_options={
        "cidr": test[0]["cidrBlock"],
        "port_ranges": [{
            "from_port": 443,
            "to_port": 443,
        }],
        "protocol": "tcp",
        "subnet_ids": [subnet["id"] for subnet in test],
    },
    security_group_ids=[test_aws_security_group["id"]],
    verified_access_group_id=test_aws_verifiedaccess_group["id"])
Copy
Coming soon!
using System.Collections.Generic;
using System.Linq;
using Pulumi;
using Aws = Pulumi.Aws;

return await Deployment.RunAsync(() => 
{
    var example = new Aws.VerifiedAccess.Endpoint("example", new()
    {
        AttachmentType = "vpc",
        Description = "example",
        EndpointType = "cidr",
        CidrOptions = new Aws.VerifiedAccess.Inputs.EndpointCidrOptionsArgs
        {
            Cidr = test[0].CidrBlock,
            PortRanges = new[]
            {
                new Aws.VerifiedAccess.Inputs.EndpointCidrOptionsPortRangeArgs
                {
                    FromPort = 443,
                    ToPort = 443,
                },
            },
            Protocol = "tcp",
            SubnetIds = .Select(subnet => 
            {
                return subnet.Id;
            }).ToList(),
        },
        SecurityGroupIds = new[]
        {
            testAwsSecurityGroup.Id,
        },
        VerifiedAccessGroupId = testAwsVerifiedaccessGroup.Id,
    });

});
Copy
Coming soon!
Coming soon!

Create Endpoint Resource

Resources are created with functions called constructors. To learn more about declaring and configuring resources, see Resources.

Constructor syntax

new Endpoint(name: string, args: EndpointArgs, opts?: CustomResourceOptions);
@overload
def Endpoint(resource_name: str,
             args: EndpointArgs,
             opts: Optional[ResourceOptions] = None)

@overload
def Endpoint(resource_name: str,
             opts: Optional[ResourceOptions] = None,
             endpoint_type: Optional[str] = None,
             attachment_type: Optional[str] = None,
             verified_access_group_id: Optional[str] = None,
             description: Optional[str] = None,
             domain_certificate_arn: Optional[str] = None,
             endpoint_domain_prefix: Optional[str] = None,
             application_domain: Optional[str] = None,
             load_balancer_options: Optional[EndpointLoadBalancerOptionsArgs] = None,
             network_interface_options: Optional[EndpointNetworkInterfaceOptionsArgs] = None,
             policy_document: Optional[str] = None,
             rds_options: Optional[EndpointRdsOptionsArgs] = None,
             security_group_ids: Optional[Sequence[str]] = None,
             sse_specification: Optional[EndpointSseSpecificationArgs] = None,
             tags: Optional[Mapping[str, str]] = None,
             cidr_options: Optional[EndpointCidrOptionsArgs] = None)
func NewEndpoint(ctx *Context, name string, args EndpointArgs, opts ...ResourceOption) (*Endpoint, error)
public Endpoint(string name, EndpointArgs args, CustomResourceOptions? opts = null)
public Endpoint(String name, EndpointArgs args)
public Endpoint(String name, EndpointArgs args, CustomResourceOptions options)
type: aws:verifiedaccess:Endpoint
properties: # The arguments to resource properties.
options: # Bag of options to control resource's behavior.

Parameters

name This property is required. string
The unique name of the resource.
args This property is required. EndpointArgs
The arguments to resource properties.
opts CustomResourceOptions
Bag of options to control resource's behavior.
resource_name This property is required. str
The unique name of the resource.
args This property is required. EndpointArgs
The arguments to resource properties.
opts ResourceOptions
Bag of options to control resource's behavior.
ctx Context
Context object for the current deployment.
name This property is required. string
The unique name of the resource.
args This property is required. EndpointArgs
The arguments to resource properties.
opts ResourceOption
Bag of options to control resource's behavior.
name This property is required. string
The unique name of the resource.
args This property is required. EndpointArgs
The arguments to resource properties.
opts CustomResourceOptions
Bag of options to control resource's behavior.
name This property is required. String
The unique name of the resource.
args This property is required. EndpointArgs
The arguments to resource properties.
options CustomResourceOptions
Bag of options to control resource's behavior.

Constructor example

The following reference example uses placeholder values for all input properties.

var exampleendpointResourceResourceFromVerifiedaccessendpoint = new Aws.VerifiedAccess.Endpoint("exampleendpointResourceResourceFromVerifiedaccessendpoint", new()
{
    EndpointType = "string",
    AttachmentType = "string",
    VerifiedAccessGroupId = "string",
    Description = "string",
    DomainCertificateArn = "string",
    EndpointDomainPrefix = "string",
    ApplicationDomain = "string",
    LoadBalancerOptions = new Aws.VerifiedAccess.Inputs.EndpointLoadBalancerOptionsArgs
    {
        LoadBalancerArn = "string",
        Port = 0,
        PortRanges = new[]
        {
            new Aws.VerifiedAccess.Inputs.EndpointLoadBalancerOptionsPortRangeArgs
            {
                FromPort = 0,
                ToPort = 0,
            },
        },
        Protocol = "string",
        SubnetIds = new[]
        {
            "string",
        },
    },
    NetworkInterfaceOptions = new Aws.VerifiedAccess.Inputs.EndpointNetworkInterfaceOptionsArgs
    {
        NetworkInterfaceId = "string",
        Port = 0,
        PortRanges = new[]
        {
            new Aws.VerifiedAccess.Inputs.EndpointNetworkInterfaceOptionsPortRangeArgs
            {
                FromPort = 0,
                ToPort = 0,
            },
        },
        Protocol = "string",
    },
    PolicyDocument = "string",
    RdsOptions = new Aws.VerifiedAccess.Inputs.EndpointRdsOptionsArgs
    {
        Port = 0,
        Protocol = "string",
        RdsDbClusterArn = "string",
        RdsDbInstanceArn = "string",
        RdsDbProxyArn = "string",
        RdsEndpoint = "string",
        SubnetIds = new[]
        {
            "string",
        },
    },
    SecurityGroupIds = new[]
    {
        "string",
    },
    SseSpecification = new Aws.VerifiedAccess.Inputs.EndpointSseSpecificationArgs
    {
        CustomerManagedKeyEnabled = false,
        KmsKeyArn = "string",
    },
    Tags = 
    {
        { "string", "string" },
    },
    CidrOptions = new Aws.VerifiedAccess.Inputs.EndpointCidrOptionsArgs
    {
        Cidr = "string",
        PortRanges = new[]
        {
            new Aws.VerifiedAccess.Inputs.EndpointCidrOptionsPortRangeArgs
            {
                FromPort = 0,
                ToPort = 0,
            },
        },
        Protocol = "string",
        SubnetIds = new[]
        {
            "string",
        },
    },
});
Copy
example, err := verifiedaccess.NewEndpoint(ctx, "exampleendpointResourceResourceFromVerifiedaccessendpoint", &verifiedaccess.EndpointArgs{
	EndpointType:          pulumi.String("string"),
	AttachmentType:        pulumi.String("string"),
	VerifiedAccessGroupId: pulumi.String("string"),
	Description:           pulumi.String("string"),
	DomainCertificateArn:  pulumi.String("string"),
	EndpointDomainPrefix:  pulumi.String("string"),
	ApplicationDomain:     pulumi.String("string"),
	LoadBalancerOptions: &verifiedaccess.EndpointLoadBalancerOptionsArgs{
		LoadBalancerArn: pulumi.String("string"),
		Port:            pulumi.Int(0),
		PortRanges: verifiedaccess.EndpointLoadBalancerOptionsPortRangeArray{
			&verifiedaccess.EndpointLoadBalancerOptionsPortRangeArgs{
				FromPort: pulumi.Int(0),
				ToPort:   pulumi.Int(0),
			},
		},
		Protocol: pulumi.String("string"),
		SubnetIds: pulumi.StringArray{
			pulumi.String("string"),
		},
	},
	NetworkInterfaceOptions: &verifiedaccess.EndpointNetworkInterfaceOptionsArgs{
		NetworkInterfaceId: pulumi.String("string"),
		Port:               pulumi.Int(0),
		PortRanges: verifiedaccess.EndpointNetworkInterfaceOptionsPortRangeArray{
			&verifiedaccess.EndpointNetworkInterfaceOptionsPortRangeArgs{
				FromPort: pulumi.Int(0),
				ToPort:   pulumi.Int(0),
			},
		},
		Protocol: pulumi.String("string"),
	},
	PolicyDocument: pulumi.String("string"),
	RdsOptions: &verifiedaccess.EndpointRdsOptionsArgs{
		Port:             pulumi.Int(0),
		Protocol:         pulumi.String("string"),
		RdsDbClusterArn:  pulumi.String("string"),
		RdsDbInstanceArn: pulumi.String("string"),
		RdsDbProxyArn:    pulumi.String("string"),
		RdsEndpoint:      pulumi.String("string"),
		SubnetIds: pulumi.StringArray{
			pulumi.String("string"),
		},
	},
	SecurityGroupIds: pulumi.StringArray{
		pulumi.String("string"),
	},
	SseSpecification: &verifiedaccess.EndpointSseSpecificationArgs{
		CustomerManagedKeyEnabled: pulumi.Bool(false),
		KmsKeyArn:                 pulumi.String("string"),
	},
	Tags: pulumi.StringMap{
		"string": pulumi.String("string"),
	},
	CidrOptions: &verifiedaccess.EndpointCidrOptionsArgs{
		Cidr: pulumi.String("string"),
		PortRanges: verifiedaccess.EndpointCidrOptionsPortRangeArray{
			&verifiedaccess.EndpointCidrOptionsPortRangeArgs{
				FromPort: pulumi.Int(0),
				ToPort:   pulumi.Int(0),
			},
		},
		Protocol: pulumi.String("string"),
		SubnetIds: pulumi.StringArray{
			pulumi.String("string"),
		},
	},
})
Copy
var exampleendpointResourceResourceFromVerifiedaccessendpoint = new com.pulumi.aws.verifiedaccess.Endpoint("exampleendpointResourceResourceFromVerifiedaccessendpoint", com.pulumi.aws.verifiedaccess.EndpointArgs.builder()
    .endpointType("string")
    .attachmentType("string")
    .verifiedAccessGroupId("string")
    .description("string")
    .domainCertificateArn("string")
    .endpointDomainPrefix("string")
    .applicationDomain("string")
    .loadBalancerOptions(EndpointLoadBalancerOptionsArgs.builder()
        .loadBalancerArn("string")
        .port(0)
        .portRanges(EndpointLoadBalancerOptionsPortRangeArgs.builder()
            .fromPort(0)
            .toPort(0)
            .build())
        .protocol("string")
        .subnetIds("string")
        .build())
    .networkInterfaceOptions(EndpointNetworkInterfaceOptionsArgs.builder()
        .networkInterfaceId("string")
        .port(0)
        .portRanges(EndpointNetworkInterfaceOptionsPortRangeArgs.builder()
            .fromPort(0)
            .toPort(0)
            .build())
        .protocol("string")
        .build())
    .policyDocument("string")
    .rdsOptions(EndpointRdsOptionsArgs.builder()
        .port(0)
        .protocol("string")
        .rdsDbClusterArn("string")
        .rdsDbInstanceArn("string")
        .rdsDbProxyArn("string")
        .rdsEndpoint("string")
        .subnetIds("string")
        .build())
    .securityGroupIds("string")
    .sseSpecification(EndpointSseSpecificationArgs.builder()
        .customerManagedKeyEnabled(false)
        .kmsKeyArn("string")
        .build())
    .tags(Map.of("string", "string"))
    .cidrOptions(EndpointCidrOptionsArgs.builder()
        .cidr("string")
        .portRanges(EndpointCidrOptionsPortRangeArgs.builder()
            .fromPort(0)
            .toPort(0)
            .build())
        .protocol("string")
        .subnetIds("string")
        .build())
    .build());
Copy
exampleendpoint_resource_resource_from_verifiedaccessendpoint = aws.verifiedaccess.Endpoint("exampleendpointResourceResourceFromVerifiedaccessendpoint",
    endpoint_type="string",
    attachment_type="string",
    verified_access_group_id="string",
    description="string",
    domain_certificate_arn="string",
    endpoint_domain_prefix="string",
    application_domain="string",
    load_balancer_options={
        "load_balancer_arn": "string",
        "port": 0,
        "port_ranges": [{
            "from_port": 0,
            "to_port": 0,
        }],
        "protocol": "string",
        "subnet_ids": ["string"],
    },
    network_interface_options={
        "network_interface_id": "string",
        "port": 0,
        "port_ranges": [{
            "from_port": 0,
            "to_port": 0,
        }],
        "protocol": "string",
    },
    policy_document="string",
    rds_options={
        "port": 0,
        "protocol": "string",
        "rds_db_cluster_arn": "string",
        "rds_db_instance_arn": "string",
        "rds_db_proxy_arn": "string",
        "rds_endpoint": "string",
        "subnet_ids": ["string"],
    },
    security_group_ids=["string"],
    sse_specification={
        "customer_managed_key_enabled": False,
        "kms_key_arn": "string",
    },
    tags={
        "string": "string",
    },
    cidr_options={
        "cidr": "string",
        "port_ranges": [{
            "from_port": 0,
            "to_port": 0,
        }],
        "protocol": "string",
        "subnet_ids": ["string"],
    })
Copy
const exampleendpointResourceResourceFromVerifiedaccessendpoint = new aws.verifiedaccess.Endpoint("exampleendpointResourceResourceFromVerifiedaccessendpoint", {
    endpointType: "string",
    attachmentType: "string",
    verifiedAccessGroupId: "string",
    description: "string",
    domainCertificateArn: "string",
    endpointDomainPrefix: "string",
    applicationDomain: "string",
    loadBalancerOptions: {
        loadBalancerArn: "string",
        port: 0,
        portRanges: [{
            fromPort: 0,
            toPort: 0,
        }],
        protocol: "string",
        subnetIds: ["string"],
    },
    networkInterfaceOptions: {
        networkInterfaceId: "string",
        port: 0,
        portRanges: [{
            fromPort: 0,
            toPort: 0,
        }],
        protocol: "string",
    },
    policyDocument: "string",
    rdsOptions: {
        port: 0,
        protocol: "string",
        rdsDbClusterArn: "string",
        rdsDbInstanceArn: "string",
        rdsDbProxyArn: "string",
        rdsEndpoint: "string",
        subnetIds: ["string"],
    },
    securityGroupIds: ["string"],
    sseSpecification: {
        customerManagedKeyEnabled: false,
        kmsKeyArn: "string",
    },
    tags: {
        string: "string",
    },
    cidrOptions: {
        cidr: "string",
        portRanges: [{
            fromPort: 0,
            toPort: 0,
        }],
        protocol: "string",
        subnetIds: ["string"],
    },
});
Copy
type: aws:verifiedaccess:Endpoint
properties:
    applicationDomain: string
    attachmentType: string
    cidrOptions:
        cidr: string
        portRanges:
            - fromPort: 0
              toPort: 0
        protocol: string
        subnetIds:
            - string
    description: string
    domainCertificateArn: string
    endpointDomainPrefix: string
    endpointType: string
    loadBalancerOptions:
        loadBalancerArn: string
        port: 0
        portRanges:
            - fromPort: 0
              toPort: 0
        protocol: string
        subnetIds:
            - string
    networkInterfaceOptions:
        networkInterfaceId: string
        port: 0
        portRanges:
            - fromPort: 0
              toPort: 0
        protocol: string
    policyDocument: string
    rdsOptions:
        port: 0
        protocol: string
        rdsDbClusterArn: string
        rdsDbInstanceArn: string
        rdsDbProxyArn: string
        rdsEndpoint: string
        subnetIds:
            - string
    securityGroupIds:
        - string
    sseSpecification:
        customerManagedKeyEnabled: false
        kmsKeyArn: string
    tags:
        string: string
    verifiedAccessGroupId: string
Copy

Endpoint Resource Properties

To learn more about resource properties and how to use them, see Inputs and Outputs in the Architecture and Concepts docs.

Inputs

In Python, inputs that are objects can be passed either as argument classes or as dictionary literals.

The Endpoint resource accepts the following input properties:

AttachmentType
This property is required.
Changes to this property will trigger replacement.
string
The type of attachment. Currently, only vpc is supported.
EndpointType
This property is required.
Changes to this property will trigger replacement.
string
The type of Verified Access endpoint to create. Currently load-balancer or network-interface are supported.
VerifiedAccessGroupId This property is required. string

The ID of the Verified Access group to associate the endpoint with.

The following arguments are optional:

ApplicationDomain Changes to this property will trigger replacement. string
The DNS name for users to reach your application. This parameter is required if the endpoint type is load-balancer or network-interface.
CidrOptions EndpointCidrOptions
The CIDR block details. This parameter is required if the endpoint type is cidr.
Description string
A description for the Verified Access endpoint.
DomainCertificateArn Changes to this property will trigger replacement. string
The ARN of the public TLS/SSL certificate in AWS Certificate Manager to associate with the endpoint. The CN in the certificate must match the DNS name your end users will use to reach your application. This parameter is required if the endpoint type is load-balancer or network-interface.
EndpointDomainPrefix Changes to this property will trigger replacement. string
A custom identifier that is prepended to the DNS name that is generated for the endpoint.
LoadBalancerOptions EndpointLoadBalancerOptions
The load balancer details. This parameter is required if the endpoint type is load-balancer.
NetworkInterfaceOptions EndpointNetworkInterfaceOptions
The network interface details. This parameter is required if the endpoint type is network-interface.
PolicyDocument string
The policy document that is associated with this resource.
RdsOptions EndpointRdsOptions
SecurityGroupIds Changes to this property will trigger replacement. List<string>
List of the the security groups IDs to associate with the Verified Access endpoint.
SseSpecification EndpointSseSpecification
The options in use for server side encryption.
Tags Dictionary<string, string>
Key-value tags for the Verified Access Endpoint. If configured with a provider default_tags configuration block present, tags with matching keys will overwrite those defined at the provider-level.
AttachmentType
This property is required.
Changes to this property will trigger replacement.
string
The type of attachment. Currently, only vpc is supported.
EndpointType
This property is required.
Changes to this property will trigger replacement.
string
The type of Verified Access endpoint to create. Currently load-balancer or network-interface are supported.
VerifiedAccessGroupId This property is required. string

The ID of the Verified Access group to associate the endpoint with.

The following arguments are optional:

ApplicationDomain Changes to this property will trigger replacement. string
The DNS name for users to reach your application. This parameter is required if the endpoint type is load-balancer or network-interface.
CidrOptions EndpointCidrOptionsArgs
The CIDR block details. This parameter is required if the endpoint type is cidr.
Description string
A description for the Verified Access endpoint.
DomainCertificateArn Changes to this property will trigger replacement. string
The ARN of the public TLS/SSL certificate in AWS Certificate Manager to associate with the endpoint. The CN in the certificate must match the DNS name your end users will use to reach your application. This parameter is required if the endpoint type is load-balancer or network-interface.
EndpointDomainPrefix Changes to this property will trigger replacement. string
A custom identifier that is prepended to the DNS name that is generated for the endpoint.
LoadBalancerOptions EndpointLoadBalancerOptionsArgs
The load balancer details. This parameter is required if the endpoint type is load-balancer.
NetworkInterfaceOptions EndpointNetworkInterfaceOptionsArgs
The network interface details. This parameter is required if the endpoint type is network-interface.
PolicyDocument string
The policy document that is associated with this resource.
RdsOptions EndpointRdsOptionsArgs
SecurityGroupIds Changes to this property will trigger replacement. []string
List of the the security groups IDs to associate with the Verified Access endpoint.
SseSpecification EndpointSseSpecificationArgs
The options in use for server side encryption.
Tags map[string]string
Key-value tags for the Verified Access Endpoint. If configured with a provider default_tags configuration block present, tags with matching keys will overwrite those defined at the provider-level.
attachmentType
This property is required.
Changes to this property will trigger replacement.
String
The type of attachment. Currently, only vpc is supported.
endpointType
This property is required.
Changes to this property will trigger replacement.
String
The type of Verified Access endpoint to create. Currently load-balancer or network-interface are supported.
verifiedAccessGroupId This property is required. String

The ID of the Verified Access group to associate the endpoint with.

The following arguments are optional:

applicationDomain Changes to this property will trigger replacement. String
The DNS name for users to reach your application. This parameter is required if the endpoint type is load-balancer or network-interface.
cidrOptions EndpointCidrOptions
The CIDR block details. This parameter is required if the endpoint type is cidr.
description String
A description for the Verified Access endpoint.
domainCertificateArn Changes to this property will trigger replacement. String
The ARN of the public TLS/SSL certificate in AWS Certificate Manager to associate with the endpoint. The CN in the certificate must match the DNS name your end users will use to reach your application. This parameter is required if the endpoint type is load-balancer or network-interface.
endpointDomainPrefix Changes to this property will trigger replacement. String
A custom identifier that is prepended to the DNS name that is generated for the endpoint.
loadBalancerOptions EndpointLoadBalancerOptions
The load balancer details. This parameter is required if the endpoint type is load-balancer.
networkInterfaceOptions EndpointNetworkInterfaceOptions
The network interface details. This parameter is required if the endpoint type is network-interface.
policyDocument String
The policy document that is associated with this resource.
rdsOptions EndpointRdsOptions
securityGroupIds Changes to this property will trigger replacement. List<String>
List of the the security groups IDs to associate with the Verified Access endpoint.
sseSpecification EndpointSseSpecification
The options in use for server side encryption.
tags Map<String,String>
Key-value tags for the Verified Access Endpoint. If configured with a provider default_tags configuration block present, tags with matching keys will overwrite those defined at the provider-level.
attachmentType
This property is required.
Changes to this property will trigger replacement.
string
The type of attachment. Currently, only vpc is supported.
endpointType
This property is required.
Changes to this property will trigger replacement.
string
The type of Verified Access endpoint to create. Currently load-balancer or network-interface are supported.
verifiedAccessGroupId This property is required. string

The ID of the Verified Access group to associate the endpoint with.

The following arguments are optional:

applicationDomain Changes to this property will trigger replacement. string
The DNS name for users to reach your application. This parameter is required if the endpoint type is load-balancer or network-interface.
cidrOptions EndpointCidrOptions
The CIDR block details. This parameter is required if the endpoint type is cidr.
description string
A description for the Verified Access endpoint.
domainCertificateArn Changes to this property will trigger replacement. string
The ARN of the public TLS/SSL certificate in AWS Certificate Manager to associate with the endpoint. The CN in the certificate must match the DNS name your end users will use to reach your application. This parameter is required if the endpoint type is load-balancer or network-interface.
endpointDomainPrefix Changes to this property will trigger replacement. string
A custom identifier that is prepended to the DNS name that is generated for the endpoint.
loadBalancerOptions EndpointLoadBalancerOptions
The load balancer details. This parameter is required if the endpoint type is load-balancer.
networkInterfaceOptions EndpointNetworkInterfaceOptions
The network interface details. This parameter is required if the endpoint type is network-interface.
policyDocument string
The policy document that is associated with this resource.
rdsOptions EndpointRdsOptions
securityGroupIds Changes to this property will trigger replacement. string[]
List of the the security groups IDs to associate with the Verified Access endpoint.
sseSpecification EndpointSseSpecification
The options in use for server side encryption.
tags {[key: string]: string}
Key-value tags for the Verified Access Endpoint. If configured with a provider default_tags configuration block present, tags with matching keys will overwrite those defined at the provider-level.
attachment_type
This property is required.
Changes to this property will trigger replacement.
str
The type of attachment. Currently, only vpc is supported.
endpoint_type
This property is required.
Changes to this property will trigger replacement.
str
The type of Verified Access endpoint to create. Currently load-balancer or network-interface are supported.
verified_access_group_id This property is required. str

The ID of the Verified Access group to associate the endpoint with.

The following arguments are optional:

application_domain Changes to this property will trigger replacement. str
The DNS name for users to reach your application. This parameter is required if the endpoint type is load-balancer or network-interface.
cidr_options EndpointCidrOptionsArgs
The CIDR block details. This parameter is required if the endpoint type is cidr.
description str
A description for the Verified Access endpoint.
domain_certificate_arn Changes to this property will trigger replacement. str
The ARN of the public TLS/SSL certificate in AWS Certificate Manager to associate with the endpoint. The CN in the certificate must match the DNS name your end users will use to reach your application. This parameter is required if the endpoint type is load-balancer or network-interface.
endpoint_domain_prefix Changes to this property will trigger replacement. str
A custom identifier that is prepended to the DNS name that is generated for the endpoint.
load_balancer_options EndpointLoadBalancerOptionsArgs
The load balancer details. This parameter is required if the endpoint type is load-balancer.
network_interface_options EndpointNetworkInterfaceOptionsArgs
The network interface details. This parameter is required if the endpoint type is network-interface.
policy_document str
The policy document that is associated with this resource.
rds_options EndpointRdsOptionsArgs
security_group_ids Changes to this property will trigger replacement. Sequence[str]
List of the the security groups IDs to associate with the Verified Access endpoint.
sse_specification EndpointSseSpecificationArgs
The options in use for server side encryption.
tags Mapping[str, str]
Key-value tags for the Verified Access Endpoint. If configured with a provider default_tags configuration block present, tags with matching keys will overwrite those defined at the provider-level.
attachmentType
This property is required.
Changes to this property will trigger replacement.
String
The type of attachment. Currently, only vpc is supported.
endpointType
This property is required.
Changes to this property will trigger replacement.
String
The type of Verified Access endpoint to create. Currently load-balancer or network-interface are supported.
verifiedAccessGroupId This property is required. String

The ID of the Verified Access group to associate the endpoint with.

The following arguments are optional:

applicationDomain Changes to this property will trigger replacement. String
The DNS name for users to reach your application. This parameter is required if the endpoint type is load-balancer or network-interface.
cidrOptions Property Map
The CIDR block details. This parameter is required if the endpoint type is cidr.
description String
A description for the Verified Access endpoint.
domainCertificateArn Changes to this property will trigger replacement. String
The ARN of the public TLS/SSL certificate in AWS Certificate Manager to associate with the endpoint. The CN in the certificate must match the DNS name your end users will use to reach your application. This parameter is required if the endpoint type is load-balancer or network-interface.
endpointDomainPrefix Changes to this property will trigger replacement. String
A custom identifier that is prepended to the DNS name that is generated for the endpoint.
loadBalancerOptions Property Map
The load balancer details. This parameter is required if the endpoint type is load-balancer.
networkInterfaceOptions Property Map
The network interface details. This parameter is required if the endpoint type is network-interface.
policyDocument String
The policy document that is associated with this resource.
rdsOptions Property Map
securityGroupIds Changes to this property will trigger replacement. List<String>
List of the the security groups IDs to associate with the Verified Access endpoint.
sseSpecification Property Map
The options in use for server side encryption.
tags Map<String>
Key-value tags for the Verified Access Endpoint. If configured with a provider default_tags configuration block present, tags with matching keys will overwrite those defined at the provider-level.

Outputs

All input properties are implicitly available as output properties. Additionally, the Endpoint resource produces the following output properties:

DeviceValidationDomain string
Returned if endpoint has a device trust provider attached.
EndpointDomain string
A DNS name that is generated for the endpoint.
Id string
The provider-assigned unique ID for this managed resource.
TagsAll Dictionary<string, string>

Deprecated: Please use tags instead.

VerifiedAccessInstanceId string
DeviceValidationDomain string
Returned if endpoint has a device trust provider attached.
EndpointDomain string
A DNS name that is generated for the endpoint.
Id string
The provider-assigned unique ID for this managed resource.
TagsAll map[string]string

Deprecated: Please use tags instead.

VerifiedAccessInstanceId string
deviceValidationDomain String
Returned if endpoint has a device trust provider attached.
endpointDomain String
A DNS name that is generated for the endpoint.
id String
The provider-assigned unique ID for this managed resource.
tagsAll Map<String,String>

Deprecated: Please use tags instead.

verifiedAccessInstanceId String
deviceValidationDomain string
Returned if endpoint has a device trust provider attached.
endpointDomain string
A DNS name that is generated for the endpoint.
id string
The provider-assigned unique ID for this managed resource.
tagsAll {[key: string]: string}

Deprecated: Please use tags instead.

verifiedAccessInstanceId string
device_validation_domain str
Returned if endpoint has a device trust provider attached.
endpoint_domain str
A DNS name that is generated for the endpoint.
id str
The provider-assigned unique ID for this managed resource.
tags_all Mapping[str, str]

Deprecated: Please use tags instead.

verified_access_instance_id str
deviceValidationDomain String
Returned if endpoint has a device trust provider attached.
endpointDomain String
A DNS name that is generated for the endpoint.
id String
The provider-assigned unique ID for this managed resource.
tagsAll Map<String>

Deprecated: Please use tags instead.

verifiedAccessInstanceId String

Look up Existing Endpoint Resource

Get an existing Endpoint resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.

public static get(name: string, id: Input<ID>, state?: EndpointState, opts?: CustomResourceOptions): Endpoint
@staticmethod
def get(resource_name: str,
        id: str,
        opts: Optional[ResourceOptions] = None,
        application_domain: Optional[str] = None,
        attachment_type: Optional[str] = None,
        cidr_options: Optional[EndpointCidrOptionsArgs] = None,
        description: Optional[str] = None,
        device_validation_domain: Optional[str] = None,
        domain_certificate_arn: Optional[str] = None,
        endpoint_domain: Optional[str] = None,
        endpoint_domain_prefix: Optional[str] = None,
        endpoint_type: Optional[str] = None,
        load_balancer_options: Optional[EndpointLoadBalancerOptionsArgs] = None,
        network_interface_options: Optional[EndpointNetworkInterfaceOptionsArgs] = None,
        policy_document: Optional[str] = None,
        rds_options: Optional[EndpointRdsOptionsArgs] = None,
        security_group_ids: Optional[Sequence[str]] = None,
        sse_specification: Optional[EndpointSseSpecificationArgs] = None,
        tags: Optional[Mapping[str, str]] = None,
        tags_all: Optional[Mapping[str, str]] = None,
        verified_access_group_id: Optional[str] = None,
        verified_access_instance_id: Optional[str] = None) -> Endpoint
func GetEndpoint(ctx *Context, name string, id IDInput, state *EndpointState, opts ...ResourceOption) (*Endpoint, error)
public static Endpoint Get(string name, Input<string> id, EndpointState? state, CustomResourceOptions? opts = null)
public static Endpoint get(String name, Output<String> id, EndpointState state, CustomResourceOptions options)
resources:  _:    type: aws:verifiedaccess:Endpoint    get:      id: ${id}
name This property is required.
The unique name of the resulting resource.
id This property is required.
The unique provider ID of the resource to lookup.
state
Any extra arguments used during the lookup.
opts
A bag of options that control this resource's behavior.
resource_name This property is required.
The unique name of the resulting resource.
id This property is required.
The unique provider ID of the resource to lookup.
name This property is required.
The unique name of the resulting resource.
id This property is required.
The unique provider ID of the resource to lookup.
state
Any extra arguments used during the lookup.
opts
A bag of options that control this resource's behavior.
name This property is required.
The unique name of the resulting resource.
id This property is required.
The unique provider ID of the resource to lookup.
state
Any extra arguments used during the lookup.
opts
A bag of options that control this resource's behavior.
name This property is required.
The unique name of the resulting resource.
id This property is required.
The unique provider ID of the resource to lookup.
state
Any extra arguments used during the lookup.
opts
A bag of options that control this resource's behavior.
The following state arguments are supported:
ApplicationDomain Changes to this property will trigger replacement. string
The DNS name for users to reach your application. This parameter is required if the endpoint type is load-balancer or network-interface.
AttachmentType Changes to this property will trigger replacement. string
The type of attachment. Currently, only vpc is supported.
CidrOptions EndpointCidrOptions
The CIDR block details. This parameter is required if the endpoint type is cidr.
Description string
A description for the Verified Access endpoint.
DeviceValidationDomain string
Returned if endpoint has a device trust provider attached.
DomainCertificateArn Changes to this property will trigger replacement. string
The ARN of the public TLS/SSL certificate in AWS Certificate Manager to associate with the endpoint. The CN in the certificate must match the DNS name your end users will use to reach your application. This parameter is required if the endpoint type is load-balancer or network-interface.
EndpointDomain string
A DNS name that is generated for the endpoint.
EndpointDomainPrefix Changes to this property will trigger replacement. string
A custom identifier that is prepended to the DNS name that is generated for the endpoint.
EndpointType Changes to this property will trigger replacement. string
The type of Verified Access endpoint to create. Currently load-balancer or network-interface are supported.
LoadBalancerOptions EndpointLoadBalancerOptions
The load balancer details. This parameter is required if the endpoint type is load-balancer.
NetworkInterfaceOptions EndpointNetworkInterfaceOptions
The network interface details. This parameter is required if the endpoint type is network-interface.
PolicyDocument string
The policy document that is associated with this resource.
RdsOptions EndpointRdsOptions
SecurityGroupIds Changes to this property will trigger replacement. List<string>
List of the the security groups IDs to associate with the Verified Access endpoint.
SseSpecification EndpointSseSpecification
The options in use for server side encryption.
Tags Dictionary<string, string>
Key-value tags for the Verified Access Endpoint. If configured with a provider default_tags configuration block present, tags with matching keys will overwrite those defined at the provider-level.
TagsAll Dictionary<string, string>

Deprecated: Please use tags instead.

VerifiedAccessGroupId string

The ID of the Verified Access group to associate the endpoint with.

The following arguments are optional:

VerifiedAccessInstanceId string
ApplicationDomain Changes to this property will trigger replacement. string
The DNS name for users to reach your application. This parameter is required if the endpoint type is load-balancer or network-interface.
AttachmentType Changes to this property will trigger replacement. string
The type of attachment. Currently, only vpc is supported.
CidrOptions EndpointCidrOptionsArgs
The CIDR block details. This parameter is required if the endpoint type is cidr.
Description string
A description for the Verified Access endpoint.
DeviceValidationDomain string
Returned if endpoint has a device trust provider attached.
DomainCertificateArn Changes to this property will trigger replacement. string
The ARN of the public TLS/SSL certificate in AWS Certificate Manager to associate with the endpoint. The CN in the certificate must match the DNS name your end users will use to reach your application. This parameter is required if the endpoint type is load-balancer or network-interface.
EndpointDomain string
A DNS name that is generated for the endpoint.
EndpointDomainPrefix Changes to this property will trigger replacement. string
A custom identifier that is prepended to the DNS name that is generated for the endpoint.
EndpointType Changes to this property will trigger replacement. string
The type of Verified Access endpoint to create. Currently load-balancer or network-interface are supported.
LoadBalancerOptions EndpointLoadBalancerOptionsArgs
The load balancer details. This parameter is required if the endpoint type is load-balancer.
NetworkInterfaceOptions EndpointNetworkInterfaceOptionsArgs
The network interface details. This parameter is required if the endpoint type is network-interface.
PolicyDocument string
The policy document that is associated with this resource.
RdsOptions EndpointRdsOptionsArgs
SecurityGroupIds Changes to this property will trigger replacement. []string
List of the the security groups IDs to associate with the Verified Access endpoint.
SseSpecification EndpointSseSpecificationArgs
The options in use for server side encryption.
Tags map[string]string
Key-value tags for the Verified Access Endpoint. If configured with a provider default_tags configuration block present, tags with matching keys will overwrite those defined at the provider-level.
TagsAll map[string]string

Deprecated: Please use tags instead.

VerifiedAccessGroupId string

The ID of the Verified Access group to associate the endpoint with.

The following arguments are optional:

VerifiedAccessInstanceId string
applicationDomain Changes to this property will trigger replacement. String
The DNS name for users to reach your application. This parameter is required if the endpoint type is load-balancer or network-interface.
attachmentType Changes to this property will trigger replacement. String
The type of attachment. Currently, only vpc is supported.
cidrOptions EndpointCidrOptions
The CIDR block details. This parameter is required if the endpoint type is cidr.
description String
A description for the Verified Access endpoint.
deviceValidationDomain String
Returned if endpoint has a device trust provider attached.
domainCertificateArn Changes to this property will trigger replacement. String
The ARN of the public TLS/SSL certificate in AWS Certificate Manager to associate with the endpoint. The CN in the certificate must match the DNS name your end users will use to reach your application. This parameter is required if the endpoint type is load-balancer or network-interface.
endpointDomain String
A DNS name that is generated for the endpoint.
endpointDomainPrefix Changes to this property will trigger replacement. String
A custom identifier that is prepended to the DNS name that is generated for the endpoint.
endpointType Changes to this property will trigger replacement. String
The type of Verified Access endpoint to create. Currently load-balancer or network-interface are supported.
loadBalancerOptions EndpointLoadBalancerOptions
The load balancer details. This parameter is required if the endpoint type is load-balancer.
networkInterfaceOptions EndpointNetworkInterfaceOptions
The network interface details. This parameter is required if the endpoint type is network-interface.
policyDocument String
The policy document that is associated with this resource.
rdsOptions EndpointRdsOptions
securityGroupIds Changes to this property will trigger replacement. List<String>
List of the the security groups IDs to associate with the Verified Access endpoint.
sseSpecification EndpointSseSpecification
The options in use for server side encryption.
tags Map<String,String>
Key-value tags for the Verified Access Endpoint. If configured with a provider default_tags configuration block present, tags with matching keys will overwrite those defined at the provider-level.
tagsAll Map<String,String>

Deprecated: Please use tags instead.

verifiedAccessGroupId String

The ID of the Verified Access group to associate the endpoint with.

The following arguments are optional:

verifiedAccessInstanceId String
applicationDomain Changes to this property will trigger replacement. string
The DNS name for users to reach your application. This parameter is required if the endpoint type is load-balancer or network-interface.
attachmentType Changes to this property will trigger replacement. string
The type of attachment. Currently, only vpc is supported.
cidrOptions EndpointCidrOptions
The CIDR block details. This parameter is required if the endpoint type is cidr.
description string
A description for the Verified Access endpoint.
deviceValidationDomain string
Returned if endpoint has a device trust provider attached.
domainCertificateArn Changes to this property will trigger replacement. string
The ARN of the public TLS/SSL certificate in AWS Certificate Manager to associate with the endpoint. The CN in the certificate must match the DNS name your end users will use to reach your application. This parameter is required if the endpoint type is load-balancer or network-interface.
endpointDomain string
A DNS name that is generated for the endpoint.
endpointDomainPrefix Changes to this property will trigger replacement. string
A custom identifier that is prepended to the DNS name that is generated for the endpoint.
endpointType Changes to this property will trigger replacement. string
The type of Verified Access endpoint to create. Currently load-balancer or network-interface are supported.
loadBalancerOptions EndpointLoadBalancerOptions
The load balancer details. This parameter is required if the endpoint type is load-balancer.
networkInterfaceOptions EndpointNetworkInterfaceOptions
The network interface details. This parameter is required if the endpoint type is network-interface.
policyDocument string
The policy document that is associated with this resource.
rdsOptions EndpointRdsOptions
securityGroupIds Changes to this property will trigger replacement. string[]
List of the the security groups IDs to associate with the Verified Access endpoint.
sseSpecification EndpointSseSpecification
The options in use for server side encryption.
tags {[key: string]: string}
Key-value tags for the Verified Access Endpoint. If configured with a provider default_tags configuration block present, tags with matching keys will overwrite those defined at the provider-level.
tagsAll {[key: string]: string}

Deprecated: Please use tags instead.

verifiedAccessGroupId string

The ID of the Verified Access group to associate the endpoint with.

The following arguments are optional:

verifiedAccessInstanceId string
application_domain Changes to this property will trigger replacement. str
The DNS name for users to reach your application. This parameter is required if the endpoint type is load-balancer or network-interface.
attachment_type Changes to this property will trigger replacement. str
The type of attachment. Currently, only vpc is supported.
cidr_options EndpointCidrOptionsArgs
The CIDR block details. This parameter is required if the endpoint type is cidr.
description str
A description for the Verified Access endpoint.
device_validation_domain str
Returned if endpoint has a device trust provider attached.
domain_certificate_arn Changes to this property will trigger replacement. str
The ARN of the public TLS/SSL certificate in AWS Certificate Manager to associate with the endpoint. The CN in the certificate must match the DNS name your end users will use to reach your application. This parameter is required if the endpoint type is load-balancer or network-interface.
endpoint_domain str
A DNS name that is generated for the endpoint.
endpoint_domain_prefix Changes to this property will trigger replacement. str
A custom identifier that is prepended to the DNS name that is generated for the endpoint.
endpoint_type Changes to this property will trigger replacement. str
The type of Verified Access endpoint to create. Currently load-balancer or network-interface are supported.
load_balancer_options EndpointLoadBalancerOptionsArgs
The load balancer details. This parameter is required if the endpoint type is load-balancer.
network_interface_options EndpointNetworkInterfaceOptionsArgs
The network interface details. This parameter is required if the endpoint type is network-interface.
policy_document str
The policy document that is associated with this resource.
rds_options EndpointRdsOptionsArgs
security_group_ids Changes to this property will trigger replacement. Sequence[str]
List of the the security groups IDs to associate with the Verified Access endpoint.
sse_specification EndpointSseSpecificationArgs
The options in use for server side encryption.
tags Mapping[str, str]
Key-value tags for the Verified Access Endpoint. If configured with a provider default_tags configuration block present, tags with matching keys will overwrite those defined at the provider-level.
tags_all Mapping[str, str]

Deprecated: Please use tags instead.

verified_access_group_id str

The ID of the Verified Access group to associate the endpoint with.

The following arguments are optional:

verified_access_instance_id str
applicationDomain Changes to this property will trigger replacement. String
The DNS name for users to reach your application. This parameter is required if the endpoint type is load-balancer or network-interface.
attachmentType Changes to this property will trigger replacement. String
The type of attachment. Currently, only vpc is supported.
cidrOptions Property Map
The CIDR block details. This parameter is required if the endpoint type is cidr.
description String
A description for the Verified Access endpoint.
deviceValidationDomain String
Returned if endpoint has a device trust provider attached.
domainCertificateArn Changes to this property will trigger replacement. String
The ARN of the public TLS/SSL certificate in AWS Certificate Manager to associate with the endpoint. The CN in the certificate must match the DNS name your end users will use to reach your application. This parameter is required if the endpoint type is load-balancer or network-interface.
endpointDomain String
A DNS name that is generated for the endpoint.
endpointDomainPrefix Changes to this property will trigger replacement. String
A custom identifier that is prepended to the DNS name that is generated for the endpoint.
endpointType Changes to this property will trigger replacement. String
The type of Verified Access endpoint to create. Currently load-balancer or network-interface are supported.
loadBalancerOptions Property Map
The load balancer details. This parameter is required if the endpoint type is load-balancer.
networkInterfaceOptions Property Map
The network interface details. This parameter is required if the endpoint type is network-interface.
policyDocument String
The policy document that is associated with this resource.
rdsOptions Property Map
securityGroupIds Changes to this property will trigger replacement. List<String>
List of the the security groups IDs to associate with the Verified Access endpoint.
sseSpecification Property Map
The options in use for server side encryption.
tags Map<String>
Key-value tags for the Verified Access Endpoint. If configured with a provider default_tags configuration block present, tags with matching keys will overwrite those defined at the provider-level.
tagsAll Map<String>

Deprecated: Please use tags instead.

verifiedAccessGroupId String

The ID of the Verified Access group to associate the endpoint with.

The following arguments are optional:

verifiedAccessInstanceId String

Supporting Types

EndpointCidrOptions
, EndpointCidrOptionsArgs

Cidr
This property is required.
Changes to this property will trigger replacement.
string
PortRanges This property is required. List<EndpointCidrOptionsPortRange>
Protocol Changes to this property will trigger replacement. string
SubnetIds Changes to this property will trigger replacement. List<string>
Cidr
This property is required.
Changes to this property will trigger replacement.
string
PortRanges This property is required. []EndpointCidrOptionsPortRange
Protocol Changes to this property will trigger replacement. string
SubnetIds Changes to this property will trigger replacement. []string
cidr
This property is required.
Changes to this property will trigger replacement.
String
portRanges This property is required. List<EndpointCidrOptionsPortRange>
protocol Changes to this property will trigger replacement. String
subnetIds Changes to this property will trigger replacement. List<String>
cidr
This property is required.
Changes to this property will trigger replacement.
string
portRanges This property is required. EndpointCidrOptionsPortRange[]
protocol Changes to this property will trigger replacement. string
subnetIds Changes to this property will trigger replacement. string[]
cidr
This property is required.
Changes to this property will trigger replacement.
str
port_ranges This property is required. Sequence[EndpointCidrOptionsPortRange]
protocol Changes to this property will trigger replacement. str
subnet_ids Changes to this property will trigger replacement. Sequence[str]
cidr
This property is required.
Changes to this property will trigger replacement.
String
portRanges This property is required. List<Property Map>
protocol Changes to this property will trigger replacement. String
subnetIds Changes to this property will trigger replacement. List<String>

EndpointCidrOptionsPortRange
, EndpointCidrOptionsPortRangeArgs

FromPort This property is required. int
ToPort This property is required. int
FromPort This property is required. int
ToPort This property is required. int
fromPort This property is required. Integer
toPort This property is required. Integer
fromPort This property is required. number
toPort This property is required. number
from_port This property is required. int
to_port This property is required. int
fromPort This property is required. Number
toPort This property is required. Number

EndpointLoadBalancerOptions
, EndpointLoadBalancerOptionsArgs

LoadBalancerArn Changes to this property will trigger replacement. string
Port int
PortRanges List<EndpointLoadBalancerOptionsPortRange>
Protocol string
SubnetIds List<string>
LoadBalancerArn Changes to this property will trigger replacement. string
Port int
PortRanges []EndpointLoadBalancerOptionsPortRange
Protocol string
SubnetIds []string
loadBalancerArn Changes to this property will trigger replacement. String
port Integer
portRanges List<EndpointLoadBalancerOptionsPortRange>
protocol String
subnetIds List<String>
loadBalancerArn Changes to this property will trigger replacement. string
port number
portRanges EndpointLoadBalancerOptionsPortRange[]
protocol string
subnetIds string[]
load_balancer_arn Changes to this property will trigger replacement. str
port int
port_ranges Sequence[EndpointLoadBalancerOptionsPortRange]
protocol str
subnet_ids Sequence[str]
loadBalancerArn Changes to this property will trigger replacement. String
port Number
portRanges List<Property Map>
protocol String
subnetIds List<String>

EndpointLoadBalancerOptionsPortRange
, EndpointLoadBalancerOptionsPortRangeArgs

FromPort This property is required. int
ToPort This property is required. int
FromPort This property is required. int
ToPort This property is required. int
fromPort This property is required. Integer
toPort This property is required. Integer
fromPort This property is required. number
toPort This property is required. number
from_port This property is required. int
to_port This property is required. int
fromPort This property is required. Number
toPort This property is required. Number

EndpointNetworkInterfaceOptions
, EndpointNetworkInterfaceOptionsArgs

NetworkInterfaceId Changes to this property will trigger replacement. string
Port int
PortRanges List<EndpointNetworkInterfaceOptionsPortRange>
Protocol string
NetworkInterfaceId Changes to this property will trigger replacement. string
Port int
PortRanges []EndpointNetworkInterfaceOptionsPortRange
Protocol string
networkInterfaceId Changes to this property will trigger replacement. String
port Integer
portRanges List<EndpointNetworkInterfaceOptionsPortRange>
protocol String
networkInterfaceId Changes to this property will trigger replacement. string
port number
portRanges EndpointNetworkInterfaceOptionsPortRange[]
protocol string
network_interface_id Changes to this property will trigger replacement. str
port int
port_ranges Sequence[EndpointNetworkInterfaceOptionsPortRange]
protocol str
networkInterfaceId Changes to this property will trigger replacement. String
port Number
portRanges List<Property Map>
protocol String

EndpointNetworkInterfaceOptionsPortRange
, EndpointNetworkInterfaceOptionsPortRangeArgs

FromPort This property is required. int
ToPort This property is required. int
FromPort This property is required. int
ToPort This property is required. int
fromPort This property is required. Integer
toPort This property is required. Integer
fromPort This property is required. number
toPort This property is required. number
from_port This property is required. int
to_port This property is required. int
fromPort This property is required. Number
toPort This property is required. Number

EndpointRdsOptions
, EndpointRdsOptionsArgs

Port int
Protocol string
RdsDbClusterArn Changes to this property will trigger replacement. string
RdsDbInstanceArn Changes to this property will trigger replacement. string
RdsDbProxyArn Changes to this property will trigger replacement. string
RdsEndpoint string
SubnetIds Changes to this property will trigger replacement. List<string>
Port int
Protocol string
RdsDbClusterArn Changes to this property will trigger replacement. string
RdsDbInstanceArn Changes to this property will trigger replacement. string
RdsDbProxyArn Changes to this property will trigger replacement. string
RdsEndpoint string
SubnetIds Changes to this property will trigger replacement. []string
port Integer
protocol String
rdsDbClusterArn Changes to this property will trigger replacement. String
rdsDbInstanceArn Changes to this property will trigger replacement. String
rdsDbProxyArn Changes to this property will trigger replacement. String
rdsEndpoint String
subnetIds Changes to this property will trigger replacement. List<String>
port number
protocol string
rdsDbClusterArn Changes to this property will trigger replacement. string
rdsDbInstanceArn Changes to this property will trigger replacement. string
rdsDbProxyArn Changes to this property will trigger replacement. string
rdsEndpoint string
subnetIds Changes to this property will trigger replacement. string[]
port int
protocol str
rds_db_cluster_arn Changes to this property will trigger replacement. str
rds_db_instance_arn Changes to this property will trigger replacement. str
rds_db_proxy_arn Changes to this property will trigger replacement. str
rds_endpoint str
subnet_ids Changes to this property will trigger replacement. Sequence[str]
port Number
protocol String
rdsDbClusterArn Changes to this property will trigger replacement. String
rdsDbInstanceArn Changes to this property will trigger replacement. String
rdsDbProxyArn Changes to this property will trigger replacement. String
rdsEndpoint String
subnetIds Changes to this property will trigger replacement. List<String>

EndpointSseSpecification
, EndpointSseSpecificationArgs

Import

Using pulumi import, import Verified Access Instances using the id. For example:

$ pulumi import aws:verifiedaccess/endpoint:Endpoint example vae-8012925589
Copy

To learn more about importing existing cloud resources, see Importing resources.

Package Details

Repository
AWS Classic pulumi/pulumi-aws
License
Apache-2.0
Notes
This Pulumi package is based on the aws Terraform Provider.