UNPKG

@cdklabs/aws-data-solutions-framework

Version:

L3 CDK Constructs used to build data solutions with AWS

awslabs.github.io/data-solutions-framework-on-aws/

awslabs/data-solutions-framework-on-aws

70 lines (69 loc) 2.43 kB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
import { ClientVpnSessionTimeout, ISecurityGroup, TransportProtocol, VpnPort } from 'aws-cdk-lib/aws-ec2'; import { ILogGroup } from 'aws-cdk-lib/aws-logs'; /** * The properties for the ClientVPnEndpoint in DataVpc construct */ export interface DataVpcClientVpnEndpointProps { /** * The ARN of the server certificate. */ readonly serverCertificateArn: string; /** * An XML document generated by an identity provider (IdP) that supports SAML 2.0. * The document includes the issuer's name, expiration information, and keys that can be * used to validate the SAML authentication response (assertions) that are received from the IdP. * You must generate the metadata document using the identity management software that is used * as your organization's IdP. */ readonly samlMetadataDocument: string; /** * Whether to authorize all users to the VPC CIDR. * @default true */ readonly authorizeAllUsersToVpcCidr?: boolean; /** * Information about the DNS servers to be used for DNS resolution. * @default DNS server in VPC, e.g. 10.0.0.2 */ readonly dnsServers?: string[]; /** * A CloudWatch Logs log group for connection logging. * @default new LogGroup is created */ readonly logGroup?: ILogGroup; /** * A CloudWatch Logs log group for connection logging. * @default true */ readonly logging?: boolean; /** * The port number to assign to the Client VPN endpoint for TCP and UDP traffic. * @default true */ readonly port?: VpnPort; /** * The security groups to apply to the target network. * @default new Securoty Group is created, allowing the incoming connections on port 443 */ readonly securityGroups?: ISecurityGroup[]; /** * Specify whether to enable the self-service portal for the Client VPN endpoint. * @default true */ readonly selfServicePortal?: boolean; /** * Indicates whether split-tunnel is enabled on the AWS Client VPN endpoint. * @default true */ readonly splitTunnel?: boolean; /** * The maximum VPN session duration time. * @default 480 minutes */ readonly sessionTimeout?: ClientVpnSessionTimeout; /** * The transport protocol to be used by the VPN session. * @default TCP */ readonly transportProtocol?: TransportProtocol; }