verified_access_endpoints
Creates, updates, deletes or gets a verified_access_endpoint resource or lists verified_access_endpoints in a region
Overview
| Name | verified_access_endpoints |
| Type | Resource |
| Description | The AWS::EC2::VerifiedAccessEndpoint resource creates an AWS EC2 Verified Access Endpoint. |
| Id | awscc.ec2.verified_access_endpoints |
Fields
- get (all properties)
- list (identifiers only)
| Name | Datatype | Description |
|---|---|---|
verified_access_endpoint_id | string | The ID of the AWS Verified Access endpoint. |
verified_access_group_id | string | The ID of the AWS Verified Access group. |
verified_access_instance_id | string | The ID of the AWS Verified Access instance. |
status | string | The endpoint status. |
security_group_ids | array | The IDs of the security groups for the endpoint. |
network_interface_options | object | The options for network-interface type endpoint. |
load_balancer_options | object | The load balancer details if creating the AWS Verified Access endpoint as load-balancer type. |
rds_options | object | The options for rds type endpoint. |
cidr_options | object | The options for cidr type endpoint. |
endpoint_type | string | The type of AWS Verified Access endpoint. Incoming application requests will be sent to an IP address, load balancer or a network interface depending on the endpoint type specified.The type of AWS Verified Access endpoint. Incoming application requests will be sent to an IP address, load balancer or a network interface depending on the endpoint type specified. |
endpoint_domain | string | A DNS name that is generated for the endpoint. |
endpoint_domain_prefix | string | A custom identifier that gets prepended to a DNS name that is generated for the endpoint. |
device_validation_domain | string | Returned if endpoint has a device trust provider attached. |
domain_certificate_arn | string | The ARN of a public TLS/SSL certificate imported into or created with ACM. |
attachment_type | string | The type of attachment used to provide connectivity between the AWS Verified Access endpoint and the application. |
application_domain | string | The DNS name for users to reach your application. |
creation_time | string | The creation time. |
last_updated_time | string | The last updated time. |
description | string | A description for the AWS Verified Access endpoint. |
policy_document | string | The AWS Verified Access policy document. |
policy_enabled | boolean | The status of the Verified Access policy. |
tags | array | An array of key-value pairs to apply to this resource. |
sse_specification | object | The configuration options for customer provided KMS encryption. |
region | string | AWS region. |
| Name | Datatype | Description |
|---|---|---|
verified_access_endpoint_id | string | The ID of the AWS Verified Access endpoint. |
region | string | AWS region. |
For more information, see AWS::EC2::VerifiedAccessEndpoint.
Methods
| Name | Resource | Accessible by | Required Params |
|---|---|---|---|
create_resource | verified_access_endpoints | INSERT | AttachmentType, EndpointType, VerifiedAccessGroupId, region |
delete_resource | verified_access_endpoints | DELETE | Identifier, region |
update_resource | verified_access_endpoints | UPDATE | Identifier, PatchDocument, region |
list_resources | verified_access_endpoints_list_only | SELECT | region |
get_resource | verified_access_endpoints | SELECT | Identifier, region |
SELECT examples
- get (all properties)
- list (identifiers only)
Gets all properties from an individual verified_access_endpoint.
SELECT
region,
verified_access_endpoint_id,
verified_access_group_id,
verified_access_instance_id,
status,
security_group_ids,
network_interface_options,
load_balancer_options,
rds_options,
cidr_options,
endpoint_type,
endpoint_domain,
endpoint_domain_prefix,
device_validation_domain,
domain_certificate_arn,
attachment_type,
application_domain,
creation_time,
last_updated_time,
description,
policy_document,
policy_enabled,
tags,
sse_specification
FROM awscc.ec2.verified_access_endpoints
WHERE
region = 'us-east-1' AND
Identifier = '{{ verified_access_endpoint_id }}';
Lists all verified_access_endpoints in a region.
SELECT
region,
verified_access_endpoint_id
FROM awscc.ec2.verified_access_endpoints_list_only
WHERE
region = 'us-east-1';
INSERT example
Use the following StackQL query and manifest file to create a new verified_access_endpoint resource, using stack-deploy.
- Required Properties
- All Properties
- Manifest
/*+ create */
INSERT INTO awscc.ec2.verified_access_endpoints (
VerifiedAccessGroupId,
EndpointType,
AttachmentType,
region
)
SELECT
'{{ verified_access_group_id }}',
'{{ endpoint_type }}',
'{{ attachment_type }}',
'{{ region }}';
/*+ create */
INSERT INTO awscc.ec2.verified_access_endpoints (
VerifiedAccessGroupId,
SecurityGroupIds,
NetworkInterfaceOptions,
LoadBalancerOptions,
RdsOptions,
CidrOptions,
EndpointType,
EndpointDomainPrefix,
DomainCertificateArn,
AttachmentType,
ApplicationDomain,
Description,
PolicyDocument,
PolicyEnabled,
Tags,
SseSpecification,
region
)
SELECT
'{{ verified_access_group_id }}',
'{{ security_group_ids }}',
'{{ network_interface_options }}',
'{{ load_balancer_options }}',
'{{ rds_options }}',
'{{ cidr_options }}',
'{{ endpoint_type }}',
'{{ endpoint_domain_prefix }}',
'{{ domain_certificate_arn }}',
'{{ attachment_type }}',
'{{ application_domain }}',
'{{ description }}',
'{{ policy_document }}',
'{{ policy_enabled }}',
'{{ tags }}',
'{{ sse_specification }}',
'{{ region }}';
version: 1
name: stack name
description: stack description
providers:
- aws
globals:
- name: region
value: '{{ vars.AWS_REGION }}'
resources:
- name: verified_access_endpoint
props:
- name: verified_access_group_id
value: '{{ verified_access_group_id }}'
- name: security_group_ids
value:
- '{{ security_group_ids[0] }}'
- name: network_interface_options
value:
network_interface_id: '{{ network_interface_id }}'
port: '{{ port }}'
port_ranges:
- from_port: '{{ from_port }}'
to_port: '{{ to_port }}'
protocol: '{{ protocol }}'
- name: load_balancer_options
value:
load_balancer_arn: '{{ load_balancer_arn }}'
port: '{{ port }}'
port_ranges:
- null
protocol: '{{ protocol }}'
subnet_ids:
- '{{ subnet_ids[0] }}'
- name: rds_options
value:
protocol: '{{ protocol }}'
port: '{{ port }}'
rds_db_instance_arn: '{{ rds_db_instance_arn }}'
rds_db_cluster_arn: '{{ rds_db_cluster_arn }}'
rds_db_proxy_arn: '{{ rds_db_proxy_arn }}'
rds_endpoint: '{{ rds_endpoint }}'
subnet_ids:
- null
- name: cidr_options
value:
cidr: '{{ cidr }}'
port_ranges:
- null
protocol: '{{ protocol }}'
subnet_ids:
- null
- name: endpoint_type
value: '{{ endpoint_type }}'
- name: endpoint_domain_prefix
value: '{{ endpoint_domain_prefix }}'
- name: domain_certificate_arn
value: '{{ domain_certificate_arn }}'
- name: attachment_type
value: '{{ attachment_type }}'
- name: application_domain
value: '{{ application_domain }}'
- name: description
value: '{{ description }}'
- name: policy_document
value: '{{ policy_document }}'
- name: policy_enabled
value: '{{ policy_enabled }}'
- name: tags
value:
- key: '{{ key }}'
value: '{{ value }}'
- name: sse_specification
value:
kms_key_arn: '{{ kms_key_arn }}'
customer_managed_key_enabled: '{{ customer_managed_key_enabled }}'
UPDATE example
Use the following StackQL query and manifest file to update a verified_access_endpoint resource, using stack-deploy.
/*+ update */
UPDATE awscc.ec2.verified_access_endpoints
SET PatchDocument = string('{{ {
"VerifiedAccessGroupId": verified_access_group_id,
"Description": description,
"PolicyDocument": policy_document,
"PolicyEnabled": policy_enabled,
"Tags": tags,
"SseSpecification": sse_specification
} | generate_patch_document }}')
WHERE
region = '{{ region }}' AND
Identifier = '{{ verified_access_endpoint_id }}';
DELETE example
/*+ delete */
DELETE FROM awscc.ec2.verified_access_endpoints
WHERE
Identifier = '{{ verified_access_endpoint_id }}' AND
region = 'us-east-1';
Permissions
To operate on the verified_access_endpoints resource, the following permissions are required:
- Create
- Read
- Update
- Delete
- List
ec2:CreateVerifiedAccessEndpoint,
ec2:DescribeVerifiedAccessEndpoints,
ec2:DescribeSubnets,
ec2:DescribeSecurityGroups,
ec2:DescribeNetworkInterfaces,
ec2:DescribeAccountAttributes,
ec2:CreateTags,
ec2:DescribeTags,
ec2:DescribeVpcs,
ec2:GetVerifiedAccessEndpointPolicy,
elasticloadbalancing:DescribeLoadBalancers,
elasticloadbalancing:DescribeListeners,
elasticloadbalancing:DescribeListenerCertificates,
iam:CreateServiceLinkedRole,
acm:DescribeCertificate,
sso:PutApplicationAccessScope,
sso:GetSharedSsoConfiguration,
sso:CreateManagedApplicationInstance,
sso:DeleteManagedApplicationInstance,
kms:DescribeKey,
kms:GenerateDataKey,
kms:RetireGrant,
kms:CreateGrant,
kms:Decrypt,
rds:DescribeDbInstances,
rds:DescribeDbProxies,
rds:DescribeDbClusters,
ec2:DescribeAvailabilityZones,
ec2:DescribeVpcEndpointServiceConfigurations
ec2:DescribeVerifiedAccessEndpoints,
ec2:GetVerifiedAccessEndpointPolicy,
ec2:DescribeTags,
kms:DescribeKey,
kms:Decrypt,
kms:GenerateDataKey
ec2:ModifyVerifiedAccessEndpoint,
ec2:ModifyVerifiedAccessEndpointPolicy,
ec2:DescribeVerifiedAccessEndpoints,
ec2:GetVerifiedAccessEndpointPolicy,
ec2:DescribeSubnets,
ec2:DescribeSecurityGroups,
ec2:DescribeNetworkInterfaces,
ec2:DescribeVpcs,
ec2:DescribeTags,
ec2:DeleteTags,
ec2:CreateTags,
elasticloadbalancing:DescribeLoadBalancers,
elasticloadbalancing:DescribeListeners,
elasticloadbalancing:DescribeListenerCertificates,
kms:DescribeKey,
kms:GenerateDataKey,
kms:RetireGrant,
kms:CreateGrant,
kms:Decrypt,
rds:DescribeDbInstances,
rds:DescribeDbProxies,
rds:DescribeDbClusters
ec2:DescribeVerifiedAccessEndpoints,
ec2:DeleteVerifiedAccessEndpoint,
ec2:GetVerifiedAccessEndpointPolicy,
ec2:DescribeTags,
ec2:DeleteTags,
sso:DeleteManagedApplicationInstance,
kms:DescribeKey,
kms:RetireGrant,
kms:Decrypt,
kms:GenerateDataKey
ec2:DescribeVerifiedAccessEndpoints,
ec2:GetVerifiedAccessEndpointPolicy,
ec2:DescribeTags,
kms:DescribeKey,
kms:Decrypt,
kms:GenerateDataKey