Skip to main content

verified_access_endpoints

Creates, updates, deletes or gets a verified_access_endpoint resource or lists verified_access_endpoints in a region

Overview

Nameverified_access_endpoints
TypeResource
DescriptionThe AWS::EC2::VerifiedAccessEndpoint resource creates an AWS EC2 Verified Access Endpoint.
Idawscc.ec2.verified_access_endpoints

Fields

NameDatatypeDescription
verified_access_endpoint_idstringThe ID of the AWS Verified Access endpoint.
verified_access_group_idstringThe ID of the AWS Verified Access group.
verified_access_instance_idstringThe ID of the AWS Verified Access instance.
statusstringThe endpoint status.
security_group_idsarrayThe IDs of the security groups for the endpoint.
network_interface_optionsobjectThe options for network-interface type endpoint.
load_balancer_optionsobjectThe load balancer details if creating the AWS Verified Access endpoint as load-balancer type.
rds_optionsobjectThe options for rds type endpoint.
cidr_optionsobjectThe options for cidr type endpoint.
endpoint_typestringThe type of AWS Verified Access endpoint. Incoming application requests will be sent to an IP address, load balancer or a network interface depending on the endpoint type specified.The type of AWS Verified Access endpoint. Incoming application requests will be sent to an IP address, load balancer or a network interface depending on the endpoint type specified.
endpoint_domainstringA DNS name that is generated for the endpoint.
endpoint_domain_prefixstringA custom identifier that gets prepended to a DNS name that is generated for the endpoint.
device_validation_domainstringReturned if endpoint has a device trust provider attached.
domain_certificate_arnstringThe ARN of a public TLS/SSL certificate imported into or created with ACM.
attachment_typestringThe type of attachment used to provide connectivity between the AWS Verified Access endpoint and the application.
application_domainstringThe DNS name for users to reach your application.
creation_timestringThe creation time.
last_updated_timestringThe last updated time.
descriptionstringA description for the AWS Verified Access endpoint.
policy_documentstringThe AWS Verified Access policy document.
policy_enabledbooleanThe status of the Verified Access policy.
tagsarrayAn array of key-value pairs to apply to this resource.
sse_specificationobjectThe configuration options for customer provided KMS encryption.
regionstringAWS region.

For more information, see AWS::EC2::VerifiedAccessEndpoint.

Methods

NameAccessible byRequired Params
create_resourceINSERTAttachmentType, EndpointType, VerifiedAccessGroupId, region
delete_resourceDELETEdata__Identifier, region
update_resourceUPDATEdata__Identifier, data__PatchDocument, region
list_resourcesSELECTregion
get_resourceSELECTdata__Identifier, region

SELECT examples

Gets all properties from an individual verified_access_endpoint.

SELECT
region,
verified_access_endpoint_id,
verified_access_group_id,
verified_access_instance_id,
status,
security_group_ids,
network_interface_options,
load_balancer_options,
rds_options,
cidr_options,
endpoint_type,
endpoint_domain,
endpoint_domain_prefix,
device_validation_domain,
domain_certificate_arn,
attachment_type,
application_domain,
creation_time,
last_updated_time,
description,
policy_document,
policy_enabled,
tags,
sse_specification
FROM awscc.ec2.verified_access_endpoints
WHERE region = 'us-east-1' AND data__Identifier = '<VerifiedAccessEndpointId>';

INSERT example

Use the following StackQL query and manifest file to create a new verified_access_endpoint resource, using stack-deploy.

/*+ create */
INSERT INTO awscc.ec2.verified_access_endpoints (
 VerifiedAccessGroupId,
 EndpointType,
 AttachmentType,
 region
)
SELECT 
'{{ VerifiedAccessGroupId }}',
 '{{ EndpointType }}',
 '{{ AttachmentType }}',
'{{ region }}';

DELETE example

/*+ delete */
DELETE FROM awscc.ec2.verified_access_endpoints
WHERE data__Identifier = '<VerifiedAccessEndpointId>'
AND region = 'us-east-1';

Permissions

To operate on the verified_access_endpoints resource, the following permissions are required:

Create

ec2:CreateVerifiedAccessEndpoint,
ec2:DescribeVerifiedAccessEndpoints,
ec2:DescribeSubnets,
ec2:DescribeSecurityGroups,
ec2:DescribeNetworkInterfaces,
ec2:DescribeAccountAttributes,
ec2:CreateTags,
ec2:DescribeTags,
ec2:DescribeVpcs,
ec2:GetVerifiedAccessEndpointPolicy,
elasticloadbalancing:DescribeLoadBalancers,
elasticloadbalancing:DescribeListeners,
elasticloadbalancing:DescribeListenerCertificates,
iam:CreateServiceLinkedRole,
acm:DescribeCertificate,
sso:PutApplicationAccessScope,
sso:GetSharedSsoConfiguration,
sso:CreateManagedApplicationInstance,
sso:DeleteManagedApplicationInstance,
kms:DescribeKey,
kms:GenerateDataKey,
kms:RetireGrant,
kms:CreateGrant,
kms:Decrypt,
rds:DescribeDbInstances,
rds:DescribeDbProxies,
rds:DescribeDbClusters,
ec2:DescribeAvailabilityZones,
ec2:DescribeVpcEndpointServiceConfigurations

Read

ec2:DescribeVerifiedAccessEndpoints,
ec2:GetVerifiedAccessEndpointPolicy,
ec2:DescribeTags,
kms:DescribeKey,
kms:Decrypt,
kms:GenerateDataKey

Update

ec2:ModifyVerifiedAccessEndpoint,
ec2:ModifyVerifiedAccessEndpointPolicy,
ec2:DescribeVerifiedAccessEndpoints,
ec2:GetVerifiedAccessEndpointPolicy,
ec2:DescribeSubnets,
ec2:DescribeSecurityGroups,
ec2:DescribeNetworkInterfaces,
ec2:DescribeVpcs,
ec2:DescribeTags,
ec2:DeleteTags,
ec2:CreateTags,
elasticloadbalancing:DescribeLoadBalancers,
elasticloadbalancing:DescribeListeners,
elasticloadbalancing:DescribeListenerCertificates,
kms:DescribeKey,
kms:GenerateDataKey,
kms:RetireGrant,
kms:CreateGrant,
kms:Decrypt,
rds:DescribeDbInstances,
rds:DescribeDbProxies,
rds:DescribeDbClusters

Delete

ec2:DescribeVerifiedAccessEndpoints,
ec2:DeleteVerifiedAccessEndpoint,
ec2:GetVerifiedAccessEndpointPolicy,
ec2:DescribeTags,
ec2:DeleteTags,
sso:DeleteManagedApplicationInstance,
kms:DescribeKey,
kms:RetireGrant,
kms:Decrypt,
kms:GenerateDataKey

List

ec2:DescribeVerifiedAccessEndpoints,
ec2:GetVerifiedAccessEndpointPolicy,
ec2:DescribeTags,
kms:DescribeKey,
kms:Decrypt,
kms:GenerateDataKey