Amazon Elastic Compute Cloud

2018/12/18 - Amazon Elastic Compute Cloud - 19 new api methods

Changes  Update ec2 client to latest version

TerminateClientVpnConnections (new) Link ¶

Terminates active Client VPN endpoint connections. This action can be used to terminate a specific client connection, or up to five connections established by a specific user.

See also: AWS API Documentation

Request Syntax

client.terminate_client_vpn_connections(
    ClientVpnEndpointId='string',
    ConnectionId='string',
    Username='string',
    DryRun=True|False
)
type ClientVpnEndpointId:

string

param ClientVpnEndpointId:

[REQUIRED]

The ID of the Client VPN endpoint to which the client is connected.

type ConnectionId:

string

param ConnectionId:

The ID of the client connection to be terminated.

type Username:

string

param Username:

The name of the user who initiated the connection. Use this option to terminate all active connections for the specified user. This option can only be used if the user has established up to five connections.

type DryRun:

boolean

param DryRun:

Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.

rtype:

dict

returns:

Response Syntax

{
    'ClientVpnEndpointId': 'string',
    'Username': 'string',
    'ConnectionStatuses': [
        {
            'ConnectionId': 'string',
            'PreviousStatus': {
                'Code': 'active'|'failed-to-terminate'|'terminating'|'terminated',
                'Message': 'string'
            },
            'CurrentStatus': {
                'Code': 'active'|'failed-to-terminate'|'terminating'|'terminated',
                'Message': 'string'
            }
        },
    ]
}

Response Structure

  • (dict) --

    • ClientVpnEndpointId (string) --

      The ID of the Client VPN endpoint.

    • Username (string) --

      The user who established the terminated client connections.

    • ConnectionStatuses (list) --

      The current state of the client connections.

      • (dict) --

        Information about a terminated Client VPN endpoint client connection.

        • ConnectionId (string) --

          The ID of the client connection.

        • PreviousStatus (dict) --

          The state of the client connection.

          • Code (string) --

            The state of the client connection.

          • Message (string) --

            A message about the status of the client connection, if applicable.

        • CurrentStatus (dict) --

          A message about the status of the client connection, if applicable.

          • Code (string) --

            The state of the client connection.

          • Message (string) --

            A message about the status of the client connection, if applicable.

DescribeClientVpnEndpoints (new) Link ¶

Describes one or more Client VPN endpoints in the account.

See also: AWS API Documentation

Request Syntax

client.describe_client_vpn_endpoints(
    ClientVpnEndpointIds=[
        'string',
    ],
    MaxResults=123,
    NextToken='string',
    Filters=[
        {
            'Name': 'string',
            'Values': [
                'string',
            ]
        },
    ],
    DryRun=True|False
)
type ClientVpnEndpointIds:

list

param ClientVpnEndpointIds:

The ID of the Client VPN endpoint.

  • (string) --

type MaxResults:

integer

param MaxResults:

The maximum number of results to return for the request in a single page. The remaining results can be seen by sending another request with the nextToken value.

type NextToken:

string

param NextToken:

The token to retrieve the next page of results.

type Filters:

list

param Filters:

One or more filters. Filter names and values are case-sensitive.

  • (dict) --

    A filter name and value pair that is used to return a more specific list of results from a describe operation. Filters can be used to match a set of resources by specific criteria, such as tags, attributes, or IDs. The filters supported by a describe operation are documented with the describe operation. For example:

    • DescribeAvailabilityZones

    • DescribeImages

    • DescribeInstances

    • DescribeKeyPairs

    • DescribeSecurityGroups

    • DescribeSnapshots

    • DescribeSubnets

    • DescribeTags

    • DescribeVolumes

    • DescribeVpcs

    • Name (string) --

      The name of the filter. Filter names are case-sensitive.

    • Values (list) --

      One or more filter values. Filter values are case-sensitive.

      • (string) --

type DryRun:

boolean

param DryRun:

Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.

rtype:

dict

returns:

Response Syntax

{
    'ClientVpnEndpoints': [
        {
            'ClientVpnEndpointId': 'string',
            'Description': 'string',
            'Status': {
                'Code': 'pending-associate'|'available'|'deleting'|'deleted',
                'Message': 'string'
            },
            'CreationTime': 'string',
            'DeletionTime': 'string',
            'DnsName': 'string',
            'ClientCidrBlock': 'string',
            'SplitTunnel': True|False,
            'VpnProtocol': 'openvpn',
            'TransportProtocol': 'tcp'|'udp',
            'AssociatedTargetNetworks': [
                {
                    'NetworkId': 'string',
                    'NetworkType': 'vpc'
                },
            ],
            'ServerCertificateArn': 'string',
            'AuthenticationOptions': [
                {
                    'Type': 'certificate-authentication'|'directory-service-authentication',
                    'ActiveDirectory': {
                        'DirectoryId': 'string'
                    },
                    'MutualAuthentication': {
                        'ClientRootCertificateChain': 'string'
                    }
                },
            ],
            'ConnectionLogOptions': {
                'Enabled': True|False,
                'CloudwatchLogGroup': 'string',
                'CloudwatchLogStream': 'string'
            }
        },
    ],
    'NextToken': 'string'
}

Response Structure

  • (dict) --

    • ClientVpnEndpoints (list) --

      Information about the Client VPN endpoints.

      • (dict) --

        Describes a Client VPN endpoint.

        • ClientVpnEndpointId (string) --

          The ID of the Client VPN endpoint.

        • Description (string) --

          A brief description of the endpoint.

        • Status (dict) --

          The current state of the Client VPN endpoint.

          • Code (string) --

            The state of the Client VPN endpoint. Possible states include:

            • pending-associate - The Client VPN endpoint has been created but no target networks have been associated. The Client VPN endpoint cannot accept connections.

            • available - The Client VPN endpoint has been created and a target network has been associated. The Client VPN endpoint can accept connections.

            • deleting - The Client VPN endpoint is being deleted. The Client VPN endpoint cannot accept connections.

            • deleted - The Client VPN endpoint has been deleted. The Client VPN endpoint cannot accept connections.

          • Message (string) --

            A message about the status of the Client VPN endpoint.

        • CreationTime (string) --

          The date and time the Client VPN endpoint was created.

        • DeletionTime (string) --

          The date and time the Client VPN endpoint was deleted, if applicable. Information about deleted Client VPN endpoints is retained for 24 hours, unless a new Client VPN is created with the same name.

        • DnsName (string) --

          The DNS name to be used by clients when establishing a connection.

        • ClientCidrBlock (string) --

          The IPv4 address range, in CIDR notation, from which client IP addresses are assigned.

        • SplitTunnel (boolean) --

          Indicates whether VPN split tunneling is supported.

        • VpnProtocol (string) --

          The protocol used by the VPN session.

        • TransportProtocol (string) --

          The transport protocol used by the Client VPN endpoint.

        • AssociatedTargetNetworks (list) --

          Information about the associated target networks. A target network is a subnet in a VPC.

          • (dict) --

            Describes a target network that is associated with a Client VPN endpoint. A target network is a subnet in a VPC.

            • NetworkId (string) --

              The ID of the subnet.

            • NetworkType (string) --

              The target network type.

        • ServerCertificateArn (string) --

          The ARN of the server certificate.

        • AuthenticationOptions (list) --

          Information about the authentication method used by the Client VPN endpoint.

          • (dict) --

            Describes the authentication methods used by a Client VPN endpoint. Client VPN supports Active Directory and mutual authentication. For more information, see Authentication in the AWS Client VPN Admin Guide.

            • Type (string) --

              The authentication type used.

            • ActiveDirectory (dict) --

              Information about the Active Directory, if applicable.

              • DirectoryId (string) --

                The ID of the Active Directory used for authentication.

            • MutualAuthentication (dict) --

              Information about the authentication certificates, if applicable.

              • ClientRootCertificateChain (string) --

                The ARN of the client certificate.

        • ConnectionLogOptions (dict) --

          Information about the client connection logging options for the Client VPN endpoint.

          • Enabled (boolean) --

            Indicates whether client connection logging is enabled for the Client VPN endpoint.

          • CloudwatchLogGroup (string) --

            The name of the Amazon CloudWatch Logs log group to which connection logging data is published.

          • CloudwatchLogStream (string) --

            The name of the Amazon CloudWatch Logs log stream to which connection logging data is published.

    • NextToken (string) --

      The token to use to retrieve the next page of results. This value is null when there are no more results to return.

CreateClientVpnRoute (new) Link ¶

Adds a route to a network to a Client VPN endpoint. Each Client VPN endpoint has a route table that describes the available destination network routes. Each route in the route table specifies the path for traffic to specific resources or networks.

See also: AWS API Documentation

Request Syntax

client.create_client_vpn_route(
    ClientVpnEndpointId='string',
    DestinationCidrBlock='string',
    TargetVpcSubnetId='string',
    Description='string',
    DryRun=True|False
)
type ClientVpnEndpointId:

string

param ClientVpnEndpointId:

[REQUIRED]

The ID of the Client VPN endpoint to which to add the route.

type DestinationCidrBlock:

string

param DestinationCidrBlock:

[REQUIRED]

The IPv4 address range, in CIDR notation, of the route destination. For example:

  • To add a route for Internet access, enter 0.0.0.0/0

  • To add a route for a peered VPC, enter the peered VPC's IPv4 CIDR range

  • To add a route for an on-premises network, enter the AWS Site-to-Site VPN connection's IPv4 CIDR range

Route address ranges cannot overlap with the CIDR range specified for client allocation.

type TargetVpcSubnetId:

string

param TargetVpcSubnetId:

[REQUIRED]

The ID of the subnet through which you want to route traffic. The specified subnet must be an existing target network of the Client VPN endpoint.

type Description:

string

param Description:

A brief description of the route.

type DryRun:

boolean

param DryRun:

Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.

rtype:

dict

returns:

Response Syntax

{
    'Status': {
        'Code': 'creating'|'active'|'failed'|'deleting',
        'Message': 'string'
    }
}

Response Structure

  • (dict) --

    • Status (dict) --

      The current state of the route.

      • Code (string) --

        The state of the Client VPN endpoint route.

      • Message (string) --

        A message about the status of the Client VPN endpoint route, if applicable.

DescribeClientVpnTargetNetworks (new) Link ¶

Describes the target networks associated with the specified Client VPN endpoint.

See also: AWS API Documentation

Request Syntax

client.describe_client_vpn_target_networks(
    ClientVpnEndpointId='string',
    AssociationIds=[
        'string',
    ],
    MaxResults=123,
    NextToken='string',
    Filters=[
        {
            'Name': 'string',
            'Values': [
                'string',
            ]
        },
    ],
    DryRun=True|False
)
type ClientVpnEndpointId:

string

param ClientVpnEndpointId:

[REQUIRED]

The ID of the Client VPN endpoint.

type AssociationIds:

list

param AssociationIds:

The IDs of the target network associations.

  • (string) --

type MaxResults:

integer

param MaxResults:

The maximum number of results to return for the request in a single page. The remaining results can be seen by sending another request with the nextToken value.

type NextToken:

string

param NextToken:

The token to retrieve the next page of results.

type Filters:

list

param Filters:

One or more filters. Filter names and values are case-sensitive.

  • (dict) --

    A filter name and value pair that is used to return a more specific list of results from a describe operation. Filters can be used to match a set of resources by specific criteria, such as tags, attributes, or IDs. The filters supported by a describe operation are documented with the describe operation. For example:

    • DescribeAvailabilityZones

    • DescribeImages

    • DescribeInstances

    • DescribeKeyPairs

    • DescribeSecurityGroups

    • DescribeSnapshots

    • DescribeSubnets

    • DescribeTags

    • DescribeVolumes

    • DescribeVpcs

    • Name (string) --

      The name of the filter. Filter names are case-sensitive.

    • Values (list) --

      One or more filter values. Filter values are case-sensitive.

      • (string) --

type DryRun:

boolean

param DryRun:

Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.

rtype:

dict

returns:

Response Syntax

{
    'ClientVpnTargetNetworks': [
        {
            'AssociationId': 'string',
            'VpcId': 'string',
            'TargetNetworkId': 'string',
            'ClientVpnEndpointId': 'string',
            'Status': {
                'Code': 'associating'|'associated'|'association-failed'|'disassociating'|'disassociated',
                'Message': 'string'
            },
            'SecurityGroups': [
                'string',
            ]
        },
    ],
    'NextToken': 'string'
}

Response Structure

  • (dict) --

    • ClientVpnTargetNetworks (list) --

      Information about the associated target networks.

      • (dict) --

        Describes a target network associated with a Client VPN endpoint.

        • AssociationId (string) --

          The ID of the association.

        • VpcId (string) --

          The ID of the VPC in which the target network (subnet) is located.

        • TargetNetworkId (string) --

          The ID of the subnet specified as the target network.

        • ClientVpnEndpointId (string) --

          The ID of the Client VPN endpoint with which the target network is associated.

        • Status (dict) --

          The current state of the target network association.

          • Code (string) --

            The state of the target network association.

          • Message (string) --

            A message about the status of the target network association, if applicable.

        • SecurityGroups (list) --

          The IDs of the security groups applied to the target network association.

          • (string) --

    • NextToken (string) --

      The token to use to retrieve the next page of results. This value is null when there are no more results to return.

ImportClientVpnClientCertificateRevocationList (new) Link ¶

Uploads a client certificate revocation list to the specified Client VPN endpoint. Uploading a client certificate revocation list overwrites the existing client certificate revocation list.

Uploading a client certificate revocation list resets existing client connections.

See also: AWS API Documentation

Request Syntax

client.import_client_vpn_client_certificate_revocation_list(
    ClientVpnEndpointId='string',
    CertificateRevocationList='string',
    DryRun=True|False
)
type ClientVpnEndpointId:

string

param ClientVpnEndpointId:

[REQUIRED]

The ID of the Client VPN endpoint to which the client certificate revocation list applies.

type CertificateRevocationList:

string

param CertificateRevocationList:

[REQUIRED]

The client certificate revocation list file. For more information, see Generate a Client Certificate Revocation List in the AWS Client VPN Admin Guide.

type DryRun:

boolean

param DryRun:

Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.

rtype:

dict

returns:

Response Syntax

{
    'Return': True|False
}

Response Structure

  • (dict) --

    • Return (boolean) --

      Returns true if the request succeeds; otherwise, it returns an error.

ExportClientVpnClientCertificateRevocationList (new) Link ¶

Downloads the client certificate revocation list for the specified Client VPN endpoint.

See also: AWS API Documentation

Request Syntax

client.export_client_vpn_client_certificate_revocation_list(
    ClientVpnEndpointId='string',
    DryRun=True|False
)
type ClientVpnEndpointId:

string

param ClientVpnEndpointId:

[REQUIRED]

The ID of the Client VPN endpoint.

type DryRun:

boolean

param DryRun:

Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.

rtype:

dict

returns:

Response Syntax

{
    'CertificateRevocationList': 'string',
    'Status': {
        'Code': 'pending'|'active',
        'Message': 'string'
    }
}

Response Structure

  • (dict) --

    • CertificateRevocationList (string) --

      Information about the client certificate revocation list.

    • Status (dict) --

      The current state of the client certificate revocation list.

      • Code (string) --

        The state of the client certificate revocation list.

      • Message (string) --

        A message about the status of the client certificate revocation list, if applicable.

RevokeClientVpnIngress (new) Link ¶

Removes an ingress authorization rule from a Client VPN endpoint.

See also: AWS API Documentation

Request Syntax

client.revoke_client_vpn_ingress(
    ClientVpnEndpointId='string',
    TargetNetworkCidr='string',
    AccessGroupId='string',
    RevokeAllGroups=True|False,
    DryRun=True|False
)
type ClientVpnEndpointId:

string

param ClientVpnEndpointId:

[REQUIRED]

The ID of the Client VPN endpoint with which the authorization rule is associated.

type TargetNetworkCidr:

string

param TargetNetworkCidr:

[REQUIRED]

The IPv4 address range, in CIDR notation, of the network for which access is being removed.

type AccessGroupId:

string

param AccessGroupId:

The ID of the Active Directory group for which to revoke access.

type RevokeAllGroups:

boolean

param RevokeAllGroups:

Indicates whether access should be revoked for all clients.

type DryRun:

boolean

param DryRun:

Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.

rtype:

dict

returns:

Response Syntax

{
    'Status': {
        'Code': 'authorizing'|'active'|'failed'|'revoking',
        'Message': 'string'
    }
}

Response Structure

  • (dict) --

    • Status (dict) --

      The current state of the authorization rule.

      • Code (string) --

        The state of the authorization rule.

      • Message (string) --

        A message about the status of the authorization rule, if applicable.

DescribeClientVpnAuthorizationRules (new) Link ¶

Describes the authorization rules for a specified Client VPN endpoint.

See also: AWS API Documentation

Request Syntax

client.describe_client_vpn_authorization_rules(
    ClientVpnEndpointId='string',
    DryRun=True|False,
    NextToken='string',
    Filters=[
        {
            'Name': 'string',
            'Values': [
                'string',
            ]
        },
    ],
    MaxResults=123
)
type ClientVpnEndpointId:

string

param ClientVpnEndpointId:

[REQUIRED]

The ID of the Client VPN endpoint.

type DryRun:

boolean

param DryRun:

Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.

type NextToken:

string

param NextToken:

The token to retrieve the next page of results.

type Filters:

list

param Filters:

One or more filters. Filter names and values are case-sensitive.

  • (dict) --

    A filter name and value pair that is used to return a more specific list of results from a describe operation. Filters can be used to match a set of resources by specific criteria, such as tags, attributes, or IDs. The filters supported by a describe operation are documented with the describe operation. For example:

    • DescribeAvailabilityZones

    • DescribeImages

    • DescribeInstances

    • DescribeKeyPairs

    • DescribeSecurityGroups

    • DescribeSnapshots

    • DescribeSubnets

    • DescribeTags

    • DescribeVolumes

    • DescribeVpcs

    • Name (string) --

      The name of the filter. Filter names are case-sensitive.

    • Values (list) --

      One or more filter values. Filter values are case-sensitive.

      • (string) --

type MaxResults:

integer

param MaxResults:

The maximum number of results to return for the request in a single page. The remaining results can be seen by sending another request with the nextToken value.

rtype:

dict

returns:

Response Syntax

{
    'AuthorizationRules': [
        {
            'ClientVpnEndpointId': 'string',
            'Description': 'string',
            'GroupId': 'string',
            'AccessAll': True|False,
            'DestinationCidr': 'string',
            'Status': {
                'Code': 'authorizing'|'active'|'failed'|'revoking',
                'Message': 'string'
            }
        },
    ],
    'NextToken': 'string'
}

Response Structure

  • (dict) --

    • AuthorizationRules (list) --

      Information about the authorization rules.

      • (dict) --

        Information about an authorization rule.

        • ClientVpnEndpointId (string) --

          The ID of the Client VPN endpoint with which the authorization rule is associated.

        • Description (string) --

          A brief description of the authorization rule.

        • GroupId (string) --

          The ID of the Active Directory group to which the authorization rule grants access.

        • AccessAll (boolean) --

          Indicates whether the authorization rule grants access to all clients.

        • DestinationCidr (string) --

          The IPv4 address range, in CIDR notation, of the network to which the authorization rule applies.

        • Status (dict) --

          The current state of the authorization rule.

          • Code (string) --

            The state of the authorization rule.

          • Message (string) --

            A message about the status of the authorization rule, if applicable.

    • NextToken (string) --

      The token to use to retrieve the next page of results. This value is null when there are no more results to return.

AuthorizeClientVpnIngress (new) Link ¶

Adds an ingress authorization rule to a Client VPN endpoint. Ingress authorization rules act as firewall rules that grant access to networks. You must configure ingress authorization rules to enable clients to access resources in AWS or on-premises networks.

See also: AWS API Documentation

Request Syntax

client.authorize_client_vpn_ingress(
    ClientVpnEndpointId='string',
    TargetNetworkCidr='string',
    AccessGroupId='string',
    AuthorizeAllGroups=True|False,
    Description='string',
    DryRun=True|False
)
type ClientVpnEndpointId:

string

param ClientVpnEndpointId:

[REQUIRED]

The ID of the Client VPN endpoint.

type TargetNetworkCidr:

string

param TargetNetworkCidr:

[REQUIRED]

The IPv4 address range, in CIDR notation, of the network for which access is being authorized.

type AccessGroupId:

string

param AccessGroupId:

The ID of the Active Directory group to grant access.

type AuthorizeAllGroups:

boolean

param AuthorizeAllGroups:

Indicates whether to grant access to all clients. Use true to grant all clients who successfully establish a VPN connection access to the network.

type Description:

string

param Description:

A brief description of the authorization rule.

type DryRun:

boolean

param DryRun:

Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.

rtype:

dict

returns:

Response Syntax

{
    'Status': {
        'Code': 'authorizing'|'active'|'failed'|'revoking',
        'Message': 'string'
    }
}

Response Structure

  • (dict) --

    • Status (dict) --

      The current state of the authorization rule.

      • Code (string) --

        The state of the authorization rule.

      • Message (string) --

        A message about the status of the authorization rule, if applicable.

DeleteClientVpnEndpoint (new) Link ¶

Deletes the specified Client VPN endpoint. You must disassociate all target networks before you can delete a Client VPN endpoint.

See also: AWS API Documentation

Request Syntax

client.delete_client_vpn_endpoint(
    ClientVpnEndpointId='string',
    DryRun=True|False
)
type ClientVpnEndpointId:

string

param ClientVpnEndpointId:

[REQUIRED]

The ID of the Client VPN to be deleted.

type DryRun:

boolean

param DryRun:

Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.

rtype:

dict

returns:

Response Syntax

{
    'Status': {
        'Code': 'pending-associate'|'available'|'deleting'|'deleted',
        'Message': 'string'
    }
}

Response Structure

  • (dict) --

    • Status (dict) --

      The current state of the Client VPN endpoint.

      • Code (string) --

        The state of the Client VPN endpoint. Possible states include:

        • pending-associate - The Client VPN endpoint has been created but no target networks have been associated. The Client VPN endpoint cannot accept connections.

        • available - The Client VPN endpoint has been created and a target network has been associated. The Client VPN endpoint can accept connections.

        • deleting - The Client VPN endpoint is being deleted. The Client VPN endpoint cannot accept connections.

        • deleted - The Client VPN endpoint has been deleted. The Client VPN endpoint cannot accept connections.

      • Message (string) --

        A message about the status of the Client VPN endpoint.

CreateClientVpnEndpoint (new) Link ¶

Creates a Client VPN endpoint. A Client VPN endpoint is the resource you create and configure to enable and manage client VPN sessions. It is the destination endpoint at which all client VPN sessions are terminated.

See also: AWS API Documentation

Request Syntax

client.create_client_vpn_endpoint(
    ClientCidrBlock='string',
    ServerCertificateArn='string',
    AuthenticationOptions=[
        {
            'Type': 'certificate-authentication'|'directory-service-authentication',
            'ActiveDirectory': {
                'DirectoryId': 'string'
            },
            'MutualAuthentication': {
                'ClientRootCertificateChainArn': 'string'
            }
        },
    ],
    ConnectionLogOptions={
        'Enabled': True|False,
        'CloudwatchLogGroup': 'string',
        'CloudwatchLogStream': 'string'
    },
    DnsServers=[
        'string',
    ],
    TransportProtocol='tcp'|'udp',
    Description='string',
    DryRun=True|False,
    ClientToken='string'
)
type ClientCidrBlock:

string

param ClientCidrBlock:

[REQUIRED]

The IPv4 address range, in CIDR notation, from which to assign client IP addresses. The address range cannot overlap with the local CIDR of the VPC in which the associated subnet is located, or the routes that you add manually. The address range cannot be changed after the Client VPN endpoint has been created. The CIDR block should be /22 or greater.

type ServerCertificateArn:

string

param ServerCertificateArn:

[REQUIRED]

The ARN of the server certificate. For more information, see the AWS Certificate Manager User Guide .

type AuthenticationOptions:

list

param AuthenticationOptions:

[REQUIRED]

Information about the authentication method to be used to authenticate clients.

  • (dict) --

    Describes the authentication method to be used by a Client VPN endpoint. Client VPN supports Active Directory and mutual authentication. For more information, see Athentication in the AWS Client VPN Admin Guide.

    • Type (string) --

      The type of client authentication to be used. Specify certificate-authentication to use certificate-based authentication, or directory-service-authentication to use Active Directory authentication.

    • ActiveDirectory (dict) --

      Information about the Active Directory to be used, if applicable. You must provide this information if Type is directory-service-authentication.

      • DirectoryId (string) --

        The ID of the Active Directory to be used for authentication.

    • MutualAuthentication (dict) --

      Information about the authentication certificates to be used, if applicable. You must provide this information if Type is certificate-authentication.

      • ClientRootCertificateChainArn (string) --

        The ARN of the client certificate. The certificate must be signed by a certificate authority (CA) and it must be provisioned in AWS Certificate Manager (ACM).

type ConnectionLogOptions:

dict

param ConnectionLogOptions:

[REQUIRED]

Information about the client connection logging options.

If you enable client connection logging, data about client connections is sent to a Cloudwatch Logs log stream. The following information is logged:

  • Client connection requests

  • Client connection results (successful and unsuccessful)

  • Reasons for unsuccessful client connection requests

  • Client connection termination time

  • Enabled (boolean) --

    Indicates whether connection logging is enabled.

  • CloudwatchLogGroup (string) --

    The name of the CloudWatch Logs log group.

  • CloudwatchLogStream (string) --

    The name of the CloudWatch Logs log stream to which the connection data is published.

type DnsServers:

list

param DnsServers:

Information about the DNS servers to be used for DNS resolution. A Client VPN endpoint can have up to two DNS servers. If no DNS server is specified, the DNS address of the VPC that is to be associated with Client VPN endpoint is used as the DNS server.

  • (string) --

type TransportProtocol:

string

param TransportProtocol:

The transport protocol to be used by the VPN session.

Default value: udp

type Description:

string

param Description:

A brief description of the Client VPN endpoint.

type DryRun:

boolean

param DryRun:

Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.

type ClientToken:

string

param ClientToken:

Unique, case-sensitive identifier you provide to ensure the idempotency of the request. For more information, see How to Ensure Idempotency.

This field is autopopulated if not provided.

rtype:

dict

returns:

Response Syntax

{
    'ClientVpnEndpointId': 'string',
    'Status': {
        'Code': 'pending-associate'|'available'|'deleting'|'deleted',
        'Message': 'string'
    },
    'DnsName': 'string'
}

Response Structure

  • (dict) --

    • ClientVpnEndpointId (string) --

      The ID of the Client VPN endpoint.

    • Status (dict) --

      The current state of the Client VPN endpoint.

      • Code (string) --

        The state of the Client VPN endpoint. Possible states include:

        • pending-associate - The Client VPN endpoint has been created but no target networks have been associated. The Client VPN endpoint cannot accept connections.

        • available - The Client VPN endpoint has been created and a target network has been associated. The Client VPN endpoint can accept connections.

        • deleting - The Client VPN endpoint is being deleted. The Client VPN endpoint cannot accept connections.

        • deleted - The Client VPN endpoint has been deleted. The Client VPN endpoint cannot accept connections.

      • Message (string) --

        A message about the status of the Client VPN endpoint.

    • DnsName (string) --

      The DNS name to be used by clients when establishing their VPN session.

AssociateClientVpnTargetNetwork (new) Link ¶

Associates a target network with a Client VPN endpoint. A target network is a subnet in a VPC. You can associate multiple subnets from the same VPC with a Client VPN endpoint. You can associate only one subnet in each Availability Zone. We recommend that you associate at least two subnets to provide Availability Zone redundancy.

See also: AWS API Documentation

Request Syntax

client.associate_client_vpn_target_network(
    ClientVpnEndpointId='string',
    SubnetId='string',
    DryRun=True|False
)
type ClientVpnEndpointId:

string

param ClientVpnEndpointId:

[REQUIRED]

The ID of the Client VPN endpoint.

type SubnetId:

string

param SubnetId:

[REQUIRED]

The ID of the subnet to associate with the Client VPN endpoint.

type DryRun:

boolean

param DryRun:

Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.

rtype:

dict

returns:

Response Syntax

{
    'AssociationId': 'string',
    'Status': {
        'Code': 'associating'|'associated'|'association-failed'|'disassociating'|'disassociated',
        'Message': 'string'
    }
}

Response Structure

  • (dict) --

    • AssociationId (string) --

      The unique ID of the target network association.

    • Status (dict) --

      The current state of the target network association.

      • Code (string) --

        The state of the target network association.

      • Message (string) --

        A message about the status of the target network association, if applicable.

DescribeClientVpnRoutes (new) Link ¶

Describes the routes for the specified Client VPN endpoint.

See also: AWS API Documentation

Request Syntax

client.describe_client_vpn_routes(
    ClientVpnEndpointId='string',
    Filters=[
        {
            'Name': 'string',
            'Values': [
                'string',
            ]
        },
    ],
    MaxResults=123,
    NextToken='string',
    DryRun=True|False
)
type ClientVpnEndpointId:

string

param ClientVpnEndpointId:

[REQUIRED]

The ID of the Client VPN endpoint.

type Filters:

list

param Filters:

One or more filters. Filter names and values are case-sensitive.

  • (dict) --

    A filter name and value pair that is used to return a more specific list of results from a describe operation. Filters can be used to match a set of resources by specific criteria, such as tags, attributes, or IDs. The filters supported by a describe operation are documented with the describe operation. For example:

    • DescribeAvailabilityZones

    • DescribeImages

    • DescribeInstances

    • DescribeKeyPairs

    • DescribeSecurityGroups

    • DescribeSnapshots

    • DescribeSubnets

    • DescribeTags

    • DescribeVolumes

    • DescribeVpcs

    • Name (string) --

      The name of the filter. Filter names are case-sensitive.

    • Values (list) --

      One or more filter values. Filter values are case-sensitive.

      • (string) --

type MaxResults:

integer

param MaxResults:

The maximum number of results to return for the request in a single page. The remaining results can be seen by sending another request with the nextToken value.

type NextToken:

string

param NextToken:

The token to retrieve the next page of results.

type DryRun:

boolean

param DryRun:

Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.

rtype:

dict

returns:

Response Syntax

{
    'Routes': [
        {
            'ClientVpnEndpointId': 'string',
            'DestinationCidr': 'string',
            'TargetSubnet': 'string',
            'Type': 'string',
            'Origin': 'string',
            'Status': {
                'Code': 'creating'|'active'|'failed'|'deleting',
                'Message': 'string'
            },
            'Description': 'string'
        },
    ],
    'NextToken': 'string'
}

Response Structure

  • (dict) --

    • Routes (list) --

      Information about the Client VPN endpoint routes.

      • (dict) --

        Information about a Client VPN endpoint route.

        • ClientVpnEndpointId (string) --

          The ID of the Client VPN endpoint with which the route is associated.

        • DestinationCidr (string) --

          The IPv4 address range, in CIDR notation, of the route destination.

        • TargetSubnet (string) --

          The ID of the subnet through which traffic is routed.

        • Type (string) --

          The route type.

        • Origin (string) --

          Indicates how the route was associated with the Client VPN endpoint. associate indicates that the route was automatically added when the target network was associated with the Client VPN endpoint. add-route indicates that the route was manually added using the CreateClientVpnRoute action.

        • Status (dict) --

          The current state of the route.

          • Code (string) --

            The state of the Client VPN endpoint route.

          • Message (string) --

            A message about the status of the Client VPN endpoint route, if applicable.

        • Description (string) --

          A brief description of the route.

    • NextToken (string) --

      The token to use to retrieve the next page of results. This value is null when there are no more results to return.

DescribeClientVpnConnections (new) Link ¶

Describes active client connections and connections that have been terminated within the last 60 minutes for the specified Client VPN endpoint.

See also: AWS API Documentation

Request Syntax

client.describe_client_vpn_connections(
    ClientVpnEndpointId='string',
    Filters=[
        {
            'Name': 'string',
            'Values': [
                'string',
            ]
        },
    ],
    NextToken='string',
    MaxResults=123,
    DryRun=True|False
)
type ClientVpnEndpointId:

string

param ClientVpnEndpointId:

[REQUIRED]

The ID of the Client VPN endpoint.

type Filters:

list

param Filters:

One or more filters. Filter names and values are case-sensitive.

  • (dict) --

    A filter name and value pair that is used to return a more specific list of results from a describe operation. Filters can be used to match a set of resources by specific criteria, such as tags, attributes, or IDs. The filters supported by a describe operation are documented with the describe operation. For example:

    • DescribeAvailabilityZones

    • DescribeImages

    • DescribeInstances

    • DescribeKeyPairs

    • DescribeSecurityGroups

    • DescribeSnapshots

    • DescribeSubnets

    • DescribeTags

    • DescribeVolumes

    • DescribeVpcs

    • Name (string) --

      The name of the filter. Filter names are case-sensitive.

    • Values (list) --

      One or more filter values. Filter values are case-sensitive.

      • (string) --

type NextToken:

string

param NextToken:

The token to retrieve the next page of results.

type MaxResults:

integer

param MaxResults:

The maximum number of results to return for the request in a single page. The remaining results can be seen by sending another request with the nextToken value.

type DryRun:

boolean

param DryRun:

Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.

rtype:

dict

returns:

Response Syntax

{
    'Connections': [
        {
            'ClientVpnEndpointId': 'string',
            'Timestamp': 'string',
            'ConnectionId': 'string',
            'Username': 'string',
            'ConnectionEstablishedTime': 'string',
            'IngressBytes': 'string',
            'EgressBytes': 'string',
            'IngressPackets': 'string',
            'EgressPackets': 'string',
            'ClientIp': 'string',
            'CommonName': 'string',
            'Status': {
                'Code': 'active'|'failed-to-terminate'|'terminating'|'terminated',
                'Message': 'string'
            },
            'ConnectionEndTime': 'string'
        },
    ],
    'NextToken': 'string'
}

Response Structure

  • (dict) --

    • Connections (list) --

      Information about the active and terminated client connections.

      • (dict) --

        Describes a client connection.

        • ClientVpnEndpointId (string) --

          The ID of the Client VPN endpoint to which the client is connected.

        • Timestamp (string) --

          The current date and time.

        • ConnectionId (string) --

          The ID of the client connection.

        • Username (string) --

          The username of the client who established the client connection. This information is only provided if Active Directory client authentication is used.

        • ConnectionEstablishedTime (string) --

          The date and time the client connection was established.

        • IngressBytes (string) --

          The number of bytes sent by the client.

        • EgressBytes (string) --

          The number of bytes received by the client.

        • IngressPackets (string) --

          The number of packets sent by the client.

        • EgressPackets (string) --

          The number of packets received by the client.

        • ClientIp (string) --

          The IP address of the client.

        • CommonName (string) --

          The common name associated with the client. This is either the name of the client certificate, or the Active Directory user name.

        • Status (dict) --

          The current state of the client connection.

          • Code (string) --

            The state of the client connection.

          • Message (string) --

            A message about the status of the client connection, if applicable.

        • ConnectionEndTime (string) --

          The date and time the client connection was terminated.

    • NextToken (string) --

      The token to use to retrieve the next page of results. This value is null when there are no more results to return.

DeleteClientVpnRoute (new) Link ¶

Deletes a route from a Client VPN endpoint. You can only delete routes that you manually added using the CreateClientVpnRoute action. You cannot delete routes that were automatically added when associating a subnet. To remove routes that have been automatically added, disassociate the target subnet from the Client VPN endpoint.

See also: AWS API Documentation

Request Syntax

client.delete_client_vpn_route(
    ClientVpnEndpointId='string',
    TargetVpcSubnetId='string',
    DestinationCidrBlock='string',
    DryRun=True|False
)
type ClientVpnEndpointId:

string

param ClientVpnEndpointId:

[REQUIRED]

The ID of the Client VPN endpoint from which the route is to be deleted.

type TargetVpcSubnetId:

string

param TargetVpcSubnetId:

The ID of the target subnet used by the route.

type DestinationCidrBlock:

string

param DestinationCidrBlock:

[REQUIRED]

The IPv4 address range, in CIDR notation, of the route to be deleted.

type DryRun:

boolean

param DryRun:

Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.

rtype:

dict

returns:

Response Syntax

{
    'Status': {
        'Code': 'creating'|'active'|'failed'|'deleting',
        'Message': 'string'
    }
}

Response Structure

  • (dict) --

    • Status (dict) --

      The current state of the route.

      • Code (string) --

        The state of the Client VPN endpoint route.

      • Message (string) --

        A message about the status of the Client VPN endpoint route, if applicable.

ModifyClientVpnEndpoint (new) Link ¶

Modifies the specified Client VPN endpoint. You can only modify an endpoint's server certificate information, client connection logging information, DNS server, and description. Modifying the DNS server resets existing client connections.

See also: AWS API Documentation

Request Syntax

client.modify_client_vpn_endpoint(
    ClientVpnEndpointId='string',
    ServerCertificateArn='string',
    ConnectionLogOptions={
        'Enabled': True|False,
        'CloudwatchLogGroup': 'string',
        'CloudwatchLogStream': 'string'
    },
    DnsServers={
        'CustomDnsServers': [
            'string',
        ],
        'Enabled': True|False
    },
    Description='string',
    DryRun=True|False
)
type ClientVpnEndpointId:

string

param ClientVpnEndpointId:

[REQUIRED]

The ID of the Client VPN endpoint to modify.

type ServerCertificateArn:

string

param ServerCertificateArn:

The ARN of the server certificate to be used. The server certificate must be provisioned in AWS Certificate Manager (ACM).

type ConnectionLogOptions:

dict

param ConnectionLogOptions:

Information about the client connection logging options.

If you enable client connection logging, data about client connections is sent to a Cloudwatch Logs log stream. The following information is logged:

  • Client connection requests

  • Client connection results (successful and unsuccessful)

  • Reasons for unsuccessful client connection requests

  • Client connection termination time

  • Enabled (boolean) --

    Indicates whether connection logging is enabled.

  • CloudwatchLogGroup (string) --

    The name of the CloudWatch Logs log group.

  • CloudwatchLogStream (string) --

    The name of the CloudWatch Logs log stream to which the connection data is published.

type DnsServers:

dict

param DnsServers:

Information about the DNS servers to be used by Client VPN connections. A Client VPN endpoint can have up to two DNS servers.

  • CustomDnsServers (list) --

    The IPv4 address range, in CIDR notation, of the DNS servers to be used. You can specify up to two DNS servers. Ensure that the DNS servers can be reached by the clients. The specified values overwrite the existing values.

    • (string) --

  • Enabled (boolean) --

    Indicates whether DNS servers should be used. Specify False to delete the existing DNS servers.

type Description:

string

param Description:

A brief description of the Client VPN endpoint.

type DryRun:

boolean

param DryRun:

Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.

rtype:

dict

returns:

Response Syntax

{
    'Return': True|False
}

Response Structure

  • (dict) --

    • Return (boolean) --

      Returns true if the request succeeds; otherwise, it returns an error.

ExportClientVpnClientConfiguration (new) Link ¶

Downloads the contents of the client configuration file for the specified Client VPN endpoint. The client configuration file includes the Client VPN endpoint and certificate information clients need to establish a connection with the Client VPN endpoint.

See also: AWS API Documentation

Request Syntax

client.export_client_vpn_client_configuration(
    ClientVpnEndpointId='string',
    DryRun=True|False
)
type ClientVpnEndpointId:

string

param ClientVpnEndpointId:

[REQUIRED]

The ID of the Client VPN endpoint.

type DryRun:

boolean

param DryRun:

Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.

rtype:

dict

returns:

Response Syntax

{
    'ClientConfiguration': 'string'
}

Response Structure

  • (dict) --

    • ClientConfiguration (string) --

      the contents of the client configuration file.

DisassociateClientVpnTargetNetwork (new) Link ¶

Disassociates a target network from the specified Client VPN endpoint. When you disassociate the last target network from a Client VPN, the following happens:

  • The route that was automatically added for the VPC is deleted

  • All active client connections are terminated

  • New client connections are disallowed

  • The Client VPN endpoint's status changes to pending-associate

See also: AWS API Documentation

Request Syntax

client.disassociate_client_vpn_target_network(
    ClientVpnEndpointId='string',
    AssociationId='string',
    DryRun=True|False
)
type ClientVpnEndpointId:

string

param ClientVpnEndpointId:

[REQUIRED]

The ID of the Client VPN endpoint from which to disassociate the target network.

type AssociationId:

string

param AssociationId:

[REQUIRED]

The ID of the target network association.

type DryRun:

boolean

param DryRun:

Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.

rtype:

dict

returns:

Response Syntax

{
    'AssociationId': 'string',
    'Status': {
        'Code': 'associating'|'associated'|'association-failed'|'disassociating'|'disassociated',
        'Message': 'string'
    }
}

Response Structure

  • (dict) --

    • AssociationId (string) --

      The ID of the target network association.

    • Status (dict) --

      The current state of the target network association.

      • Code (string) --

        The state of the target network association.

      • Message (string) --

        A message about the status of the target network association, if applicable.

ApplySecurityGroupsToClientVpnTargetNetwork (new) Link ¶

Applies a security group to the association between the target network and the Client VPN endpoint. This action replaces the existing security groups with the specified security groups.

See also: AWS API Documentation

Request Syntax

client.apply_security_groups_to_client_vpn_target_network(
    ClientVpnEndpointId='string',
    VpcId='string',
    SecurityGroupIds=[
        'string',
    ],
    DryRun=True|False
)
type ClientVpnEndpointId:

string

param ClientVpnEndpointId:

[REQUIRED]

The ID of the Client VPN endpoint.

type VpcId:

string

param VpcId:

[REQUIRED]

The ID of the VPC in which the associated target network is located.

type SecurityGroupIds:

list

param SecurityGroupIds:

[REQUIRED]

The IDs of the security groups to apply to the associated target network. Up to 5 security groups can be applied to an associated target network.

  • (string) --

type DryRun:

boolean

param DryRun:

Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.

rtype:

dict

returns:

Response Syntax

{
    'SecurityGroupIds': [
        'string',
    ]
}

Response Structure

  • (dict) --

    • SecurityGroupIds (list) --

      The IDs of the applied security groups.

      • (string) --