Skip to main content

verified_access_endpoints

Creates, updates, deletes or gets a verified_access_endpoint resource or lists verified_access_endpoints in a region

Overview

Nameverified_access_endpoints
TypeResource
DescriptionThe AWS::EC2::VerifiedAccessEndpoint resource creates an AWS EC2 Verified Access Endpoint.
Idawscc.ec2.verified_access_endpoints

Fields

NameDatatypeDescription
verified_access_endpoint_idstringThe ID of the AWS Verified Access endpoint.
verified_access_group_idstringThe ID of the AWS Verified Access group.
verified_access_instance_idstringThe ID of the AWS Verified Access instance.
statusstringThe endpoint status.
security_group_idsarrayThe IDs of the security groups for the endpoint.
network_interface_optionsobjectThe options for network-interface type endpoint.
load_balancer_optionsobjectThe load balancer details if creating the AWS Verified Access endpoint as load-balancer type.
rds_optionsobjectThe options for rds type endpoint.
cidr_optionsobjectThe options for cidr type endpoint.
endpoint_typestringThe type of AWS Verified Access endpoint. Incoming application requests will be sent to an IP address, load balancer or a network interface depending on the endpoint type specified.The type of AWS Verified Access endpoint. Incoming application requests will be sent to an IP address, load balancer or a network interface depending on the endpoint type specified.
endpoint_domainstringA DNS name that is generated for the endpoint.
endpoint_domain_prefixstringA custom identifier that gets prepended to a DNS name that is generated for the endpoint.
device_validation_domainstringReturned if endpoint has a device trust provider attached.
domain_certificate_arnstringThe ARN of a public TLS/SSL certificate imported into or created with ACM.
attachment_typestringThe type of attachment used to provide connectivity between the AWS Verified Access endpoint and the application.
application_domainstringThe DNS name for users to reach your application.
creation_timestringThe creation time.
last_updated_timestringThe last updated time.
descriptionstringA description for the AWS Verified Access endpoint.
policy_documentstringThe AWS Verified Access policy document.
policy_enabledbooleanThe status of the Verified Access policy.
tagsarrayAn array of key-value pairs to apply to this resource.
sse_specificationobjectThe configuration options for customer provided KMS encryption.
regionstringAWS region.

For more information, see AWS::EC2::VerifiedAccessEndpoint.

Methods

NameResourceAccessible byRequired Params
create_resourceverified_access_endpointsINSERTAttachmentType, EndpointType, VerifiedAccessGroupId, region
delete_resourceverified_access_endpointsDELETEIdentifier, region
update_resourceverified_access_endpointsUPDATEIdentifier, PatchDocument, region
list_resourcesverified_access_endpoints_list_onlySELECTregion
get_resourceverified_access_endpointsSELECTIdentifier, region

SELECT examples

Gets all properties from an individual verified_access_endpoint.

SELECT
  region,
  verified_access_endpoint_id,
  verified_access_group_id,
  verified_access_instance_id,
  status,
  security_group_ids,
  network_interface_options,
  load_balancer_options,
  rds_options,
  cidr_options,
  endpoint_type,
  endpoint_domain,
  endpoint_domain_prefix,
  device_validation_domain,
  domain_certificate_arn,
  attachment_type,
  application_domain,
  creation_time,
  last_updated_time,
  description,
  policy_document,
  policy_enabled,
  tags,
  sse_specification
FROM awscc.ec2.verified_access_endpoints
WHERE
  region = '{{ region }}' AND
  Identifier = '{{ verified_access_endpoint_id }}';

INSERT example

Use the following StackQL query and manifest file to create a new verified_access_endpoint resource, using stack-deploy.

/*+ create */
INSERT INTO awscc.ec2.verified_access_endpoints (
  VerifiedAccessGroupId,
  EndpointType,
  AttachmentType,
  region
)
SELECT
  '{{ verified_access_group_id }}',
  '{{ endpoint_type }}',
  '{{ attachment_type }}',
  '{{ region }}'
RETURNING
  ErrorCode,
  EventTime,
  Identifier,
  Operation,
  OperationStatus,
  RequestToken,
  ResourceModel,
  RetryAfter,
  StatusMessage,
  TypeName
;

UPDATE example

Use the following StackQL query and manifest file to update a verified_access_endpoint resource, using stack-deploy.

/*+ update */
UPDATE awscc.ec2.verified_access_endpoints
SET PatchDocument = string('{{ {
    "VerifiedAccessGroupId": verified_access_group_id,
    "Description": description,
    "PolicyDocument": policy_document,
    "PolicyEnabled": policy_enabled,
    "Tags": tags,
    "SseSpecification": sse_specification
} | generate_patch_document }}')
WHERE
  region = '{{ region }}' AND
  Identifier = '{{ verified_access_endpoint_id }}'
RETURNING
  ErrorCode,
  EventTime,
  Identifier,
  Operation,
  OperationStatus,
  RequestToken,
  ResourceModel,
  RetryAfter,
  StatusMessage,
  TypeName
;

DELETE example

/*+ delete */
DELETE FROM awscc.ec2.verified_access_endpoints
WHERE
  Identifier = '{{ verified_access_endpoint_id }}' AND
  region = '{{ region }}'
RETURNING
  ErrorCode,
  EventTime,
  Identifier,
  Operation,
  OperationStatus,
  RequestToken,
  ResourceModel,
  RetryAfter,
  StatusMessage,
  TypeName
;

Additional Parameters

Mutable resources in the Cloud Control provider support additional optional parameters which can be supplied with INSERT, UPDATE, or DELETE operations. These include:

ParameterDescription
ClientToken
A unique identifier to ensure the idempotency of the resource request.This allows the provider to accurately distinguish between retries and new requests.
A client token is valid for 36 hours once used.
After that, a resource request with the same client token is treated as a new request.
If you do not specify a client token, one is generated for inclusion in the request.
RoleArn
The ARN of the IAM role used to perform this resource operation.The role specified must have the permissions required for this operation.
If you do not specify a role, a temporary session is created using your AWS user credentials.
TypeVersionId
For private resource types, the type version to use in this resource operation.If you do not specify a resource version, the default version is used.

Permissions

To operate on the verified_access_endpoints resource, the following permissions are required:

ec2:CreateVerifiedAccessEndpoint,
ec2:DescribeVerifiedAccessEndpoints,
ec2:DescribeSubnets,
ec2:DescribeSecurityGroups,
ec2:DescribeNetworkInterfaces,
ec2:DescribeAccountAttributes,
ec2:CreateTags,
ec2:DescribeTags,
ec2:DescribeVpcs,
ec2:GetVerifiedAccessEndpointPolicy,
elasticloadbalancing:DescribeLoadBalancers,
elasticloadbalancing:DescribeListeners,
elasticloadbalancing:DescribeListenerCertificates,
iam:CreateServiceLinkedRole,
acm:DescribeCertificate,
sso:PutApplicationAccessScope,
sso:GetSharedSsoConfiguration,
sso:CreateManagedApplicationInstance,
sso:DeleteManagedApplicationInstance,
kms:DescribeKey,
kms:GenerateDataKey,
kms:RetireGrant,
kms:CreateGrant,
kms:Decrypt,
rds:DescribeDbInstances,
rds:DescribeDbProxies,
rds:DescribeDbClusters,
ec2:DescribeAvailabilityZones,
ec2:DescribeVpcEndpointServiceConfigurations