2018/12/18 - Amazon Elastic Compute Cloud - 19 new api methods
Changes Client VPN, is a client-based VPN service. With Client VPN, you can securely access resources in AWS as well as access resources in on-premises from any location using OpenVPN based devices. With Client VPN, you can set network based firewall rules that can restrict access to networks based on Active Directory groups.
Uploads a client certificate revocation list to the specified Client VPN endpoint. Uploading a client certificate revocation list overwrites the existing client certificate revocation list.
Uploading a client certificate revocation list resets existing client connections.
See also: AWS API Documentation
Request Syntax
client.import_client_vpn_client_certificate_revocation_list(
ClientVpnEndpointId='string',
CertificateRevocationList='string',
DryRun=True|False
)
string
[REQUIRED]
The ID of the Client VPN endpoint to which the client certificate revocation list applies.
string
[REQUIRED]
The client certificate revocation list file. For more information, see Generate a Client Certificate Revocation List in the AWS Client VPN Admin Guide .
boolean
Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation . Otherwise, it is UnauthorizedOperation .
dict
Response Syntax
{
'Return': True|False
}
Response Structure
(dict) --
Return (boolean) --
Returns true if the request succeeds; otherwise, it returns an error.
Applies a security group to the association between the target network and the Client VPN endpoint. This action replaces the existing security groups with the specified security groups.
See also: AWS API Documentation
Request Syntax
client.apply_security_groups_to_client_vpn_target_network(
ClientVpnEndpointId='string',
VpcId='string',
SecurityGroupIds=[
'string',
],
DryRun=True|False
)
string
[REQUIRED]
The ID of the Client VPN endpoint.
string
[REQUIRED]
The ID of the VPC in which the associated target network is located.
list
[REQUIRED]
The IDs of the security groups to apply to the associated target network. Up to 5 security groups can be applied to an associated target network.
(string) --
boolean
Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation . Otherwise, it is UnauthorizedOperation .
dict
Response Syntax
{
'SecurityGroupIds': [
'string',
]
}
Response Structure
(dict) --
SecurityGroupIds (list) --
The IDs of the applied security groups.
(string) --
Adds an ingress authorization rule to a Client VPN endpoint. Ingress authorization rules act as firewall rules that grant access to networks. You must configure ingress authorization rules to enable clients to access resources in AWS or on-premises networks.
See also: AWS API Documentation
Request Syntax
client.authorize_client_vpn_ingress(
ClientVpnEndpointId='string',
TargetNetworkCidr='string',
AccessGroupId='string',
AuthorizeAllGroups=True|False,
Description='string',
DryRun=True|False
)
string
[REQUIRED]
The ID of the Client VPN endpoint.
string
[REQUIRED]
The IPv4 address range, in CIDR notation, of the network for which access is being authorized.
string
The ID of the Active Directory group to grant access.
boolean
Indicates whether to grant access to all clients. Use true to grant all clients who successfully establish a VPN connection access to the network.
string
A brief description of the authorization rule.
boolean
Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation . Otherwise, it is UnauthorizedOperation .
dict
Response Syntax
{
'Status': {
'Code': 'authorizing'|'active'|'failed'|'revoking',
'Message': 'string'
}
}
Response Structure
(dict) --
Status (dict) --
The current state of the authorization rule.
Code (string) --
The state of the authorization rule.
Message (string) --
A message about the status of the authorization rule, if applicable.
Downloads the contents of the client configuration file for the specified Client VPN endpoint. The client configuration file includes the Client VPN endpoint and certificate information clients need to establish a connection with the Client VPN endpoint.
See also: AWS API Documentation
Request Syntax
client.export_client_vpn_client_configuration(
ClientVpnEndpointId='string',
DryRun=True|False
)
string
[REQUIRED]
The ID of the Client VPN endpoint.
boolean
Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation . Otherwise, it is UnauthorizedOperation .
dict
Response Syntax
{
'ClientConfiguration': 'string'
}
Response Structure
(dict) --
ClientConfiguration (string) --
the contents of the client configuration file.
Deletes the specified Client VPN endpoint. You must disassociate all target networks before you can delete a Client VPN endpoint.
See also: AWS API Documentation
Request Syntax
client.delete_client_vpn_endpoint(
ClientVpnEndpointId='string',
DryRun=True|False
)
string
[REQUIRED]
The ID of the Client VPN to be deleted.
boolean
Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation . Otherwise, it is UnauthorizedOperation .
dict
Response Syntax
{
'Status': {
'Code': 'pending-associate'|'available'|'deleting'|'deleted',
'Message': 'string'
}
}
Response Structure
(dict) --
Status (dict) --
The current state of the Client VPN endpoint.
Code (string) --
The state of the Client VPN endpoint. Possible states include:
pending-associate - The Client VPN endpoint has been created but no target networks have been associated. The Client VPN endpoint cannot accept connections.
available - The Client VPN endpoint has been created and a target network has been associated. The Client VPN endpoint can accept connections.
deleting - The Client VPN endpoint is being deleted. The Client VPN endpoint cannot accept connections.
deleted - The Client VPN endpoint has been deleted. The Client VPN endpoint cannot accept connections.
Message (string) --
A message about the status of the Client VPN endpoint.
Disassociates a target network from the specified Client VPN endpoint. When you disassociate the last target network from a Client VPN, the following happens:
The route that was automatically added for the VPC is deleted
All active client connections are terminated
New client connections are disallowed
The Client VPN endpoint's status changes to pending-associate
See also: AWS API Documentation
Request Syntax
client.disassociate_client_vpn_target_network(
ClientVpnEndpointId='string',
AssociationId='string',
DryRun=True|False
)
string
[REQUIRED]
The ID of the Client VPN endpoint from which to disassociate the target network.
string
[REQUIRED]
The ID of the target network association.
boolean
Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation . Otherwise, it is UnauthorizedOperation .
dict
Response Syntax
{
'AssociationId': 'string',
'Status': {
'Code': 'associating'|'associated'|'association-failed'|'disassociating'|'disassociated',
'Message': 'string'
}
}
Response Structure
(dict) --
AssociationId (string) --
The ID of the target network association.
Status (dict) --
The current state of the target network association.
Code (string) --
The state of the target network association.
Message (string) --
A message about the status of the target network association, if applicable.
Describes active client connections and connections that have been terminated within the last 60 minutes for the specified Client VPN endpoint.
See also: AWS API Documentation
Request Syntax
client.describe_client_vpn_connections(
ClientVpnEndpointId='string',
Filters=[
{
'Name': 'string',
'Values': [
'string',
]
},
],
NextToken='string',
MaxResults=123,
DryRun=True|False
)
string
[REQUIRED]
The ID of the Client VPN endpoint.
list
One or more filters. Filter names and values are case-sensitive.
(dict) --
A filter name and value pair that is used to return a more specific list of results from a describe operation. Filters can be used to match a set of resources by specific criteria, such as tags, attributes, or IDs. The filters supported by a describe operation are documented with the describe operation. For example:
DescribeAvailabilityZones
DescribeImages
DescribeInstances
DescribeKeyPairs
DescribeSecurityGroups
DescribeSnapshots
DescribeSubnets
DescribeTags
DescribeVolumes
DescribeVpcs
Name (string) --
The name of the filter. Filter names are case-sensitive.
Values (list) --
One or more filter values. Filter values are case-sensitive.
(string) --
string
The token to retrieve the next page of results.
integer
The maximum number of results to return for the request in a single page. The remaining results can be seen by sending another request with the nextToken value.
boolean
Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation . Otherwise, it is UnauthorizedOperation .
dict
Response Syntax
{
'Connections': [
{
'ClientVpnEndpointId': 'string',
'Timestamp': 'string',
'ConnectionId': 'string',
'Username': 'string',
'ConnectionEstablishedTime': 'string',
'IngressBytes': 'string',
'EgressBytes': 'string',
'IngressPackets': 'string',
'EgressPackets': 'string',
'ClientIp': 'string',
'CommonName': 'string',
'Status': {
'Code': 'active'|'failed-to-terminate'|'terminating'|'terminated',
'Message': 'string'
},
'ConnectionEndTime': 'string'
},
],
'NextToken': 'string'
}
Response Structure
(dict) --
Connections (list) --
Information about the active and terminated client connections.
(dict) --
Describes a client connection.
ClientVpnEndpointId (string) --
The ID of the Client VPN endpoint to which the client is connected.
Timestamp (string) --
The current date and time.
ConnectionId (string) --
The ID of the client connection.
Username (string) --
The username of the client who established the client connection. This information is only provided if Active Directory client authentication is used.
ConnectionEstablishedTime (string) --
The date and time the client connection was established.
IngressBytes (string) --
The number of bytes sent by the client.
EgressBytes (string) --
The number of bytes received by the client.
IngressPackets (string) --
The number of packets sent by the client.
EgressPackets (string) --
The number of packets received by the client.
ClientIp (string) --
The IP address of the client.
CommonName (string) --
The common name associated with the client. This is either the name of the client certificate, or the Active Directory user name.
Status (dict) --
The current state of the client connection.
Code (string) --
The state of the client connection.
Message (string) --
A message about the status of the client connection, if applicable.
ConnectionEndTime (string) --
The date and time the client connection was terminated.
NextToken (string) --
The token to use to retrieve the next page of results. This value is null when there are no more results to return.
Terminates active Client VPN endpoint connections. This action can be used to terminate a specific client connection, or up to five connections established by a specific user.
See also: AWS API Documentation
Request Syntax
client.terminate_client_vpn_connections(
ClientVpnEndpointId='string',
ConnectionId='string',
Username='string',
DryRun=True|False
)
string
[REQUIRED]
The ID of the Client VPN endpoint to which the client is connected.
string
The ID of the client connection to be terminated.
string
The name of the user who initiated the connection. Use this option to terminate all active connections for the specified user. This option can only be used if the user has established up to five connections.
boolean
Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation . Otherwise, it is UnauthorizedOperation .
dict
Response Syntax
{
'ClientVpnEndpointId': 'string',
'Username': 'string',
'ConnectionStatuses': [
{
'ConnectionId': 'string',
'PreviousStatus': {
'Code': 'active'|'failed-to-terminate'|'terminating'|'terminated',
'Message': 'string'
},
'CurrentStatus': {
'Code': 'active'|'failed-to-terminate'|'terminating'|'terminated',
'Message': 'string'
}
},
]
}
Response Structure
(dict) --
ClientVpnEndpointId (string) --
The ID of the Client VPN endpoint.
Username (string) --
The user who established the terminated client connections.
ConnectionStatuses (list) --
The current state of the client connections.
(dict) --
Information about a terminated Client VPN endpoint client connection.
ConnectionId (string) --
The ID of the client connection.
PreviousStatus (dict) --
The state of the client connection.
Code (string) --
The state of the client connection.
Message (string) --
A message about the status of the client connection, if applicable.
CurrentStatus (dict) --
A message about the status of the client connection, if applicable.
Code (string) --
The state of the client connection.
Message (string) --
A message about the status of the client connection, if applicable.
Downloads the client certificate revocation list for the specified Client VPN endpoint.
See also: AWS API Documentation
Request Syntax
client.export_client_vpn_client_certificate_revocation_list(
ClientVpnEndpointId='string',
DryRun=True|False
)
string
[REQUIRED]
The ID of the Client VPN endpoint.
boolean
Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation . Otherwise, it is UnauthorizedOperation .
dict
Response Syntax
{
'CertificateRevocationList': 'string',
'Status': {
'Code': 'pending'|'active',
'Message': 'string'
}
}
Response Structure
(dict) --
CertificateRevocationList (string) --
Information about the client certificate revocation list.
Status (dict) --
The current state of the client certificate revocation list.
Code (string) --
The state of the client certificate revocation list.
Message (string) --
A message about the status of the client certificate revocation list, if applicable.
Creates a Client VPN endpoint. A Client VPN endpoint is the resource you create and configure to enable and manage client VPN sessions. It is the destination endpoint at which all client VPN sessions are terminated.
See also: AWS API Documentation
Request Syntax
client.create_client_vpn_endpoint(
ClientCidrBlock='string',
ServerCertificateArn='string',
AuthenticationOptions=[
{
'Type': 'certificate-authentication'|'directory-service-authentication',
'ActiveDirectory': {
'DirectoryId': 'string'
},
'MutualAuthentication': {
'ClientRootCertificateChainArn': 'string'
}
},
],
ConnectionLogOptions={
'Enabled': True|False,
'CloudwatchLogGroup': 'string',
'CloudwatchLogStream': 'string'
},
DnsServers=[
'string',
],
TransportProtocol='tcp'|'udp',
Description='string',
DryRun=True|False,
ClientToken='string'
)
string
[REQUIRED]
The IPv4 address range, in CIDR notation, from which to assign client IP addresses. The address range cannot overlap with the local CIDR of the VPC in which the associated subnet is located, or the routes that you add manually. The address range cannot be changed after the Client VPN endpoint has been created. The CIDR block should be /22 or greater.
string
[REQUIRED]
The ARN of the server certificate. For more information, see the AWS Certificate Manager User Guide .
list
[REQUIRED]
Information about the authentication method to be used to authenticate clients.
(dict) --
Describes the authentication method to be used by a Client VPN endpoint. Client VPN supports Active Directory and mutual authentication. For more information, see Athentication in the AWS Client VPN Admin Guide .
Type (string) --
The type of client authentication to be used. Specify certificate-authentication to use certificate-based authentication, or directory-service-authentication to use Active Directory authentication.
ActiveDirectory (dict) --
Information about the Active Directory to be used, if applicable. You must provide this information if Type is directory-service-authentication .
DirectoryId (string) --
The ID of the Active Directory to be used for authentication.
MutualAuthentication (dict) --
Information about the authentication certificates to be used, if applicable. You must provide this information if Type is certificate-authentication .
ClientRootCertificateChainArn (string) --
The ARN of the client certificate. The certificate must be signed by a certificate authority (CA) and it must be provisioned in AWS Certificate Manager (ACM).
dict
[REQUIRED]
Information about the client connection logging options.
If you enable client connection logging, data about client connections is sent to a Cloudwatch Logs log stream. The following information is logged:
Client connection requests
Client connection results (successful and unsuccessful)
Reasons for unsuccessful client connection requests
Client connection termination time
Enabled (boolean) --
Indicates whether connection logging is enabled.
CloudwatchLogGroup (string) --
The name of the CloudWatch Logs log group.
CloudwatchLogStream (string) --
The name of the CloudWatch Logs log stream to which the connection data is published.
list
Information about the DNS servers to be used for DNS resolution. A Client VPN endpoint can have up to two DNS servers. If no DNS server is specified, the DNS address of the VPC that is to be associated with Client VPN endpoint is used as the DNS server.
(string) --
string
The transport protocol to be used by the VPN session.
Default value: udp
string
A brief description of the Client VPN endpoint.
boolean
Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation . Otherwise, it is UnauthorizedOperation .
string
Unique, case-sensitive identifier you provide to ensure the idempotency of the request. For more information, see How to Ensure Idempotency .
This field is autopopulated if not provided.
dict
Response Syntax
{
'ClientVpnEndpointId': 'string',
'Status': {
'Code': 'pending-associate'|'available'|'deleting'|'deleted',
'Message': 'string'
},
'DnsName': 'string'
}
Response Structure
(dict) --
ClientVpnEndpointId (string) --
The ID of the Client VPN endpoint.
Status (dict) --
The current state of the Client VPN endpoint.
Code (string) --
The state of the Client VPN endpoint. Possible states include:
pending-associate - The Client VPN endpoint has been created but no target networks have been associated. The Client VPN endpoint cannot accept connections.
available - The Client VPN endpoint has been created and a target network has been associated. The Client VPN endpoint can accept connections.
deleting - The Client VPN endpoint is being deleted. The Client VPN endpoint cannot accept connections.
deleted - The Client VPN endpoint has been deleted. The Client VPN endpoint cannot accept connections.
Message (string) --
A message about the status of the Client VPN endpoint.
DnsName (string) --
The DNS name to be used by clients when establishing their VPN session.
Describes the target networks associated with the specified Client VPN endpoint.
See also: AWS API Documentation
Request Syntax
client.describe_client_vpn_target_networks(
ClientVpnEndpointId='string',
AssociationIds=[
'string',
],
MaxResults=123,
NextToken='string',
Filters=[
{
'Name': 'string',
'Values': [
'string',
]
},
],
DryRun=True|False
)
string
[REQUIRED]
The ID of the Client VPN endpoint.
list
The IDs of the target network associations.
(string) --
integer
The maximum number of results to return for the request in a single page. The remaining results can be seen by sending another request with the nextToken value.
string
The token to retrieve the next page of results.
list
One or more filters. Filter names and values are case-sensitive.
(dict) --
A filter name and value pair that is used to return a more specific list of results from a describe operation. Filters can be used to match a set of resources by specific criteria, such as tags, attributes, or IDs. The filters supported by a describe operation are documented with the describe operation. For example:
DescribeAvailabilityZones
DescribeImages
DescribeInstances
DescribeKeyPairs
DescribeSecurityGroups
DescribeSnapshots
DescribeSubnets
DescribeTags
DescribeVolumes
DescribeVpcs
Name (string) --
The name of the filter. Filter names are case-sensitive.
Values (list) --
One or more filter values. Filter values are case-sensitive.
(string) --
boolean
Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation . Otherwise, it is UnauthorizedOperation .
dict
Response Syntax
{
'ClientVpnTargetNetworks': [
{
'AssociationId': 'string',
'VpcId': 'string',
'TargetNetworkId': 'string',
'ClientVpnEndpointId': 'string',
'Status': {
'Code': 'associating'|'associated'|'association-failed'|'disassociating'|'disassociated',
'Message': 'string'
},
'SecurityGroups': [
'string',
]
},
],
'NextToken': 'string'
}
Response Structure
(dict) --
ClientVpnTargetNetworks (list) --
Information about the associated target networks.
(dict) --
Describes a target network associated with a Client VPN endpoint.
AssociationId (string) --
The ID of the association.
VpcId (string) --
The ID of the VPC in which the target network (subnet) is located.
TargetNetworkId (string) --
The ID of the subnet specified as the target network.
ClientVpnEndpointId (string) --
The ID of the Client VPN endpoint with which the target network is associated.
Status (dict) --
The current state of the target network association.
Code (string) --
The state of the target network association.
Message (string) --
A message about the status of the target network association, if applicable.
SecurityGroups (list) --
The IDs of the security groups applied to the target network association.
(string) --
NextToken (string) --
The token to use to retrieve the next page of results. This value is null when there are no more results to return.
Describes the authorization rules for a specified Client VPN endpoint.
See also: AWS API Documentation
Request Syntax
client.describe_client_vpn_authorization_rules(
ClientVpnEndpointId='string',
DryRun=True|False,
NextToken='string',
Filters=[
{
'Name': 'string',
'Values': [
'string',
]
},
],
MaxResults=123
)
string
[REQUIRED]
The ID of the Client VPN endpoint.
boolean
Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation . Otherwise, it is UnauthorizedOperation .
string
The token to retrieve the next page of results.
list
One or more filters. Filter names and values are case-sensitive.
(dict) --
A filter name and value pair that is used to return a more specific list of results from a describe operation. Filters can be used to match a set of resources by specific criteria, such as tags, attributes, or IDs. The filters supported by a describe operation are documented with the describe operation. For example:
DescribeAvailabilityZones
DescribeImages
DescribeInstances
DescribeKeyPairs
DescribeSecurityGroups
DescribeSnapshots
DescribeSubnets
DescribeTags
DescribeVolumes
DescribeVpcs
Name (string) --
The name of the filter. Filter names are case-sensitive.
Values (list) --
One or more filter values. Filter values are case-sensitive.
(string) --
integer
The maximum number of results to return for the request in a single page. The remaining results can be seen by sending another request with the nextToken value.
dict
Response Syntax
{
'AuthorizationRules': [
{
'ClientVpnEndpointId': 'string',
'Description': 'string',
'GroupId': 'string',
'AccessAll': True|False,
'DestinationCidr': 'string',
'Status': {
'Code': 'authorizing'|'active'|'failed'|'revoking',
'Message': 'string'
}
},
],
'NextToken': 'string'
}
Response Structure
(dict) --
AuthorizationRules (list) --
Information about the authorization rules.
(dict) --
Information about an authorization rule.
ClientVpnEndpointId (string) --
The ID of the Client VPN endpoint with which the authorization rule is associated.
Description (string) --
A brief description of the authorization rule.
GroupId (string) --
The ID of the Active Directory group to which the authorization rule grants access.
AccessAll (boolean) --
Indicates whether the authorization rule grants access to all clients.
DestinationCidr (string) --
The IPv4 address range, in CIDR notation, of the network to which the authorization rule applies.
Status (dict) --
The current state of the authorization rule.
Code (string) --
The state of the authorization rule.
Message (string) --
A message about the status of the authorization rule, if applicable.
NextToken (string) --
The token to use to retrieve the next page of results. This value is null when there are no more results to return.
Describes one or more Client VPN endpoints in the account.
See also: AWS API Documentation
Request Syntax
client.describe_client_vpn_endpoints(
ClientVpnEndpointIds=[
'string',
],
MaxResults=123,
NextToken='string',
Filters=[
{
'Name': 'string',
'Values': [
'string',
]
},
],
DryRun=True|False
)
list
The ID of the Client VPN endpoint.
(string) --
integer
The maximum number of results to return for the request in a single page. The remaining results can be seen by sending another request with the nextToken value.
string
The token to retrieve the next page of results.
list
One or more filters. Filter names and values are case-sensitive.
(dict) --
A filter name and value pair that is used to return a more specific list of results from a describe operation. Filters can be used to match a set of resources by specific criteria, such as tags, attributes, or IDs. The filters supported by a describe operation are documented with the describe operation. For example:
DescribeAvailabilityZones
DescribeImages
DescribeInstances
DescribeKeyPairs
DescribeSecurityGroups
DescribeSnapshots
DescribeSubnets
DescribeTags
DescribeVolumes
DescribeVpcs
Name (string) --
The name of the filter. Filter names are case-sensitive.
Values (list) --
One or more filter values. Filter values are case-sensitive.
(string) --
boolean
Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation . Otherwise, it is UnauthorizedOperation .
dict
Response Syntax
{
'ClientVpnEndpoints': [
{
'ClientVpnEndpointId': 'string',
'Description': 'string',
'Status': {
'Code': 'pending-associate'|'available'|'deleting'|'deleted',
'Message': 'string'
},
'CreationTime': 'string',
'DeletionTime': 'string',
'DnsName': 'string',
'ClientCidrBlock': 'string',
'SplitTunnel': True|False,
'VpnProtocol': 'openvpn',
'TransportProtocol': 'tcp'|'udp',
'AssociatedTargetNetworks': [
{
'NetworkId': 'string',
'NetworkType': 'vpc'
},
],
'ServerCertificateArn': 'string',
'AuthenticationOptions': [
{
'Type': 'certificate-authentication'|'directory-service-authentication',
'ActiveDirectory': {
'DirectoryId': 'string'
},
'MutualAuthentication': {
'ClientRootCertificateChain': 'string'
}
},
],
'ConnectionLogOptions': {
'Enabled': True|False,
'CloudwatchLogGroup': 'string',
'CloudwatchLogStream': 'string'
}
},
],
'NextToken': 'string'
}
Response Structure
(dict) --
ClientVpnEndpoints (list) --
Information about the Client VPN endpoints.
(dict) --
Describes a Client VPN endpoint.
ClientVpnEndpointId (string) --
The ID of the Client VPN endpoint.
Description (string) --
A brief description of the endpoint.
Status (dict) --
The current state of the Client VPN endpoint.
Code (string) --
The state of the Client VPN endpoint. Possible states include:
pending-associate - The Client VPN endpoint has been created but no target networks have been associated. The Client VPN endpoint cannot accept connections.
available - The Client VPN endpoint has been created and a target network has been associated. The Client VPN endpoint can accept connections.
deleting - The Client VPN endpoint is being deleted. The Client VPN endpoint cannot accept connections.
deleted - The Client VPN endpoint has been deleted. The Client VPN endpoint cannot accept connections.
Message (string) --
A message about the status of the Client VPN endpoint.
CreationTime (string) --
The date and time the Client VPN endpoint was created.
DeletionTime (string) --
The date and time the Client VPN endpoint was deleted, if applicable. Information about deleted Client VPN endpoints is retained for 24 hours, unless a new Client VPN is created with the same name.
DnsName (string) --
The DNS name to be used by clients when establishing a connection.
ClientCidrBlock (string) --
The IPv4 address range, in CIDR notation, from which client IP addresses are assigned.
SplitTunnel (boolean) --
Indicates whether VPN split tunneling is supported.
VpnProtocol (string) --
The protocol used by the VPN session.
TransportProtocol (string) --
The transport protocol used by the Client VPN endpoint.
AssociatedTargetNetworks (list) --
Information about the associated target networks. A target network is a subnet in a VPC.
(dict) --
Describes a target network that is associated with a Client VPN endpoint. A target network is a subnet in a VPC.
NetworkId (string) --
The ID of the subnet.
NetworkType (string) --
The target network type.
ServerCertificateArn (string) --
The ARN of the server certificate.
AuthenticationOptions (list) --
Information about the authentication method used by the Client VPN endpoint.
(dict) --
Describes the authentication methods used by a Client VPN endpoint. Client VPN supports Active Directory and mutual authentication. For more information, see Authentication in the AWS Client VPN Admin Guide .
Type (string) --
The authentication type used.
ActiveDirectory (dict) --
Information about the Active Directory, if applicable.
DirectoryId (string) --
The ID of the Active Directory used for authentication.
MutualAuthentication (dict) --
Information about the authentication certificates, if applicable.
ClientRootCertificateChain (string) --
The ARN of the client certificate.
ConnectionLogOptions (dict) --
Information about the client connection logging options for the Client VPN endpoint.
Enabled (boolean) --
Indicates whether client connection logging is enabled for the Client VPN endpoint.
CloudwatchLogGroup (string) --
The name of the Amazon CloudWatch Logs log group to which connection logging data is published.
CloudwatchLogStream (string) --
The name of the Amazon CloudWatch Logs log stream to which connection logging data is published.
NextToken (string) --
The token to use to retrieve the next page of results. This value is null when there are no more results to return.
Modifies the specified Client VPN endpoint. You can only modify an endpoint's server certificate information, client connection logging information, DNS server, and description. Modifying the DNS server resets existing client connections.
See also: AWS API Documentation
Request Syntax
client.modify_client_vpn_endpoint(
ClientVpnEndpointId='string',
ServerCertificateArn='string',
ConnectionLogOptions={
'Enabled': True|False,
'CloudwatchLogGroup': 'string',
'CloudwatchLogStream': 'string'
},
DnsServers={
'CustomDnsServers': [
'string',
],
'Enabled': True|False
},
Description='string',
DryRun=True|False
)
string
[REQUIRED]
The ID of the Client VPN endpoint to modify.
string
The ARN of the server certificate to be used. The server certificate must be provisioned in AWS Certificate Manager (ACM).
dict
Information about the client connection logging options.
If you enable client connection logging, data about client connections is sent to a Cloudwatch Logs log stream. The following information is logged:
Client connection requests
Client connection results (successful and unsuccessful)
Reasons for unsuccessful client connection requests
Client connection termination time
Enabled (boolean) --
Indicates whether connection logging is enabled.
CloudwatchLogGroup (string) --
The name of the CloudWatch Logs log group.
CloudwatchLogStream (string) --
The name of the CloudWatch Logs log stream to which the connection data is published.
dict
Information about the DNS servers to be used by Client VPN connections. A Client VPN endpoint can have up to two DNS servers.
CustomDnsServers (list) --
The IPv4 address range, in CIDR notation, of the DNS servers to be used. You can specify up to two DNS servers. Ensure that the DNS servers can be reached by the clients. The specified values overwrite the existing values.
(string) --
Enabled (boolean) --
Indicates whether DNS servers should be used. Specify False to delete the existing DNS servers.
string
A brief description of the Client VPN endpoint.
boolean
Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation . Otherwise, it is UnauthorizedOperation .
dict
Response Syntax
{
'Return': True|False
}
Response Structure
(dict) --
Return (boolean) --
Returns true if the request succeeds; otherwise, it returns an error.
Removes an ingress authorization rule from a Client VPN endpoint.
See also: AWS API Documentation
Request Syntax
client.revoke_client_vpn_ingress(
ClientVpnEndpointId='string',
TargetNetworkCidr='string',
AccessGroupId='string',
RevokeAllGroups=True|False,
DryRun=True|False
)
string
[REQUIRED]
The ID of the Client VPN endpoint with which the authorization rule is associated.
string
[REQUIRED]
The IPv4 address range, in CIDR notation, of the network for which access is being removed.
string
The ID of the Active Directory group for which to revoke access.
boolean
Indicates whether access should be revoked for all clients.
boolean
Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation . Otherwise, it is UnauthorizedOperation .
dict
Response Syntax
{
'Status': {
'Code': 'authorizing'|'active'|'failed'|'revoking',
'Message': 'string'
}
}
Response Structure
(dict) --
Status (dict) --
The current state of the authorization rule.
Code (string) --
The state of the authorization rule.
Message (string) --
A message about the status of the authorization rule, if applicable.
Describes the routes for the specified Client VPN endpoint.
See also: AWS API Documentation
Request Syntax
client.describe_client_vpn_routes(
ClientVpnEndpointId='string',
Filters=[
{
'Name': 'string',
'Values': [
'string',
]
},
],
MaxResults=123,
NextToken='string',
DryRun=True|False
)
string
[REQUIRED]
The ID of the Client VPN endpoint.
list
One or more filters. Filter names and values are case-sensitive.
(dict) --
A filter name and value pair that is used to return a more specific list of results from a describe operation. Filters can be used to match a set of resources by specific criteria, such as tags, attributes, or IDs. The filters supported by a describe operation are documented with the describe operation. For example:
DescribeAvailabilityZones
DescribeImages
DescribeInstances
DescribeKeyPairs
DescribeSecurityGroups
DescribeSnapshots
DescribeSubnets
DescribeTags
DescribeVolumes
DescribeVpcs
Name (string) --
The name of the filter. Filter names are case-sensitive.
Values (list) --
One or more filter values. Filter values are case-sensitive.
(string) --
integer
The maximum number of results to return for the request in a single page. The remaining results can be seen by sending another request with the nextToken value.
string
The token to retrieve the next page of results.
boolean
Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation . Otherwise, it is UnauthorizedOperation .
dict
Response Syntax
{
'Routes': [
{
'ClientVpnEndpointId': 'string',
'DestinationCidr': 'string',
'TargetSubnet': 'string',
'Type': 'string',
'Origin': 'string',
'Status': {
'Code': 'creating'|'active'|'failed'|'deleting',
'Message': 'string'
},
'Description': 'string'
},
],
'NextToken': 'string'
}
Response Structure
(dict) --
Routes (list) --
Information about the Client VPN endpoint routes.
(dict) --
Information about a Client VPN endpoint route.
ClientVpnEndpointId (string) --
The ID of the Client VPN endpoint with which the route is associated.
DestinationCidr (string) --
The IPv4 address range, in CIDR notation, of the route destination.
TargetSubnet (string) --
The ID of the subnet through which traffic is routed.
Type (string) --
The route type.
Origin (string) --
Indicates how the route was associated with the Client VPN endpoint. associate indicates that the route was automatically added when the target network was associated with the Client VPN endpoint. add-route indicates that the route was manually added using the CreateClientVpnRoute action.
Status (dict) --
The current state of the route.
Code (string) --
The state of the Client VPN endpoint route.
Message (string) --
A message about the status of the Client VPN endpoint route, if applicable.
Description (string) --
A brief description of the route.
NextToken (string) --
The token to use to retrieve the next page of results. This value is null when there are no more results to return.
Adds a route to a network to a Client VPN endpoint. Each Client VPN endpoint has a route table that describes the available destination network routes. Each route in the route table specifies the path for traffic to specific resources or networks.
See also: AWS API Documentation
Request Syntax
client.create_client_vpn_route(
ClientVpnEndpointId='string',
DestinationCidrBlock='string',
TargetVpcSubnetId='string',
Description='string',
DryRun=True|False
)
string
[REQUIRED]
The ID of the Client VPN endpoint to which to add the route.
string
[REQUIRED]
The IPv4 address range, in CIDR notation, of the route destination. For example:
To add a route for Internet access, enter 0.0.0.0/0
To add a route for a peered VPC, enter the peered VPC's IPv4 CIDR range
To add a route for an on-premises network, enter the AWS Site-to-Site VPN connection's IPv4 CIDR range
Route address ranges cannot overlap with the CIDR range specified for client allocation.
string
[REQUIRED]
The ID of the subnet through which you want to route traffic. The specified subnet must be an existing target network of the Client VPN endpoint.
string
A brief description of the route.
boolean
Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation . Otherwise, it is UnauthorizedOperation .
dict
Response Syntax
{
'Status': {
'Code': 'creating'|'active'|'failed'|'deleting',
'Message': 'string'
}
}
Response Structure
(dict) --
Status (dict) --
The current state of the route.
Code (string) --
The state of the Client VPN endpoint route.
Message (string) --
A message about the status of the Client VPN endpoint route, if applicable.
Associates a target network with a Client VPN endpoint. A target network is a subnet in a VPC. You can associate multiple subnets from the same VPC with a Client VPN endpoint. You can associate only one subnet in each Availability Zone. We recommend that you associate at least two subnets to provide Availability Zone redundancy.
See also: AWS API Documentation
Request Syntax
client.associate_client_vpn_target_network(
ClientVpnEndpointId='string',
SubnetId='string',
DryRun=True|False
)
string
[REQUIRED]
The ID of the Client VPN endpoint.
string
[REQUIRED]
The ID of the subnet to associate with the Client VPN endpoint.
boolean
Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation . Otherwise, it is UnauthorizedOperation .
dict
Response Syntax
{
'AssociationId': 'string',
'Status': {
'Code': 'associating'|'associated'|'association-failed'|'disassociating'|'disassociated',
'Message': 'string'
}
}
Response Structure
(dict) --
AssociationId (string) --
The unique ID of the target network association.
Status (dict) --
The current state of the target network association.
Code (string) --
The state of the target network association.
Message (string) --
A message about the status of the target network association, if applicable.
Deletes a route from a Client VPN endpoint. You can only delete routes that you manually added using the CreateClientVpnRoute action. You cannot delete routes that were automatically added when associating a subnet. To remove routes that have been automatically added, disassociate the target subnet from the Client VPN endpoint.
See also: AWS API Documentation
Request Syntax
client.delete_client_vpn_route(
ClientVpnEndpointId='string',
TargetVpcSubnetId='string',
DestinationCidrBlock='string',
DryRun=True|False
)
string
[REQUIRED]
The ID of the Client VPN endpoint from which the route is to be deleted.
string
The ID of the target subnet used by the route.
string
[REQUIRED]
The IPv4 address range, in CIDR notation, of the route to be deleted.
boolean
Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation . Otherwise, it is UnauthorizedOperation .
dict
Response Syntax
{
'Status': {
'Code': 'creating'|'active'|'failed'|'deleting',
'Message': 'string'
}
}
Response Structure
(dict) --
Status (dict) --
The current state of the route.
Code (string) --
The state of the Client VPN endpoint route.
Message (string) --
A message about the status of the Client VPN endpoint route, if applicable.