verified_access_endpoints
Creates, updates, deletes or gets a verified_access_endpoint
resource or lists verified_access_endpoints
in a region
Overview
Name | verified_access_endpoints |
Type | Resource |
Description | The AWS::EC2::VerifiedAccessEndpoint resource creates an AWS EC2 Verified Access Endpoint. |
Id | aws.ec2.verified_access_endpoints |
Fields
Name | Datatype | Description |
---|---|---|
verified_access_endpoint_id | string | The ID of the AWS Verified Access endpoint. |
verified_access_group_id | string | The ID of the AWS Verified Access group. |
verified_access_instance_id | string | The ID of the AWS Verified Access instance. |
status | string | The endpoint status. |
security_group_ids | array | The IDs of the security groups for the endpoint. |
network_interface_options | object | The options for network-interface type endpoint. |
load_balancer_options | object | The load balancer details if creating the AWS Verified Access endpoint as load-balancer type. |
endpoint_type | string | The type of AWS Verified Access endpoint. Incoming application requests will be sent to an IP address, load balancer or a network interface depending on the endpoint type specified.The type of AWS Verified Access endpoint. Incoming application requests will be sent to an IP address, load balancer or a network interface depending on the endpoint type specified. |
endpoint_domain | string | A DNS name that is generated for the endpoint. |
endpoint_domain_prefix | string | A custom identifier that gets prepended to a DNS name that is generated for the endpoint. |
device_validation_domain | string | Returned if endpoint has a device trust provider attached. |
domain_certificate_arn | string | The ARN of a public TLS/SSL certificate imported into or created with ACM. |
attachment_type | string | The type of attachment used to provide connectivity between the AWS Verified Access endpoint and the application. |
application_domain | string | The DNS name for users to reach your application. |
creation_time | string | The creation time. |
last_updated_time | string | The last updated time. |
description | string | A description for the AWS Verified Access endpoint. |
policy_document | string | The AWS Verified Access policy document. |
policy_enabled | boolean | The status of the Verified Access policy. |
tags | array | An array of key-value pairs to apply to this resource. |
sse_specification | object | The configuration options for customer provided KMS encryption. |
region | string | AWS region. |
Methods
Name | Accessible by | Required Params |
---|---|---|
create_resource | INSERT | ApplicationDomain, AttachmentType, DomainCertificateArn, EndpointType, VerifiedAccessGroupId, EndpointDomainPrefix, region |
delete_resource | DELETE | data__Identifier, region |
update_resource | UPDATE | data__Identifier, data__PatchDocument, region |
list_resources | SELECT | region |
get_resource | SELECT | data__Identifier, region |
SELECT
examples
Gets all verified_access_endpoints
in a region.
SELECT
region,
verified_access_endpoint_id,
verified_access_group_id,
verified_access_instance_id,
status,
security_group_ids,
network_interface_options,
load_balancer_options,
endpoint_type,
endpoint_domain,
endpoint_domain_prefix,
device_validation_domain,
domain_certificate_arn,
attachment_type,
application_domain,
creation_time,
last_updated_time,
description,
policy_document,
policy_enabled,
tags,
sse_specification
FROM aws.ec2.verified_access_endpoints
WHERE region = 'us-east-1';
Gets all properties from an individual verified_access_endpoint
.
SELECT
region,
verified_access_endpoint_id,
verified_access_group_id,
verified_access_instance_id,
status,
security_group_ids,
network_interface_options,
load_balancer_options,
endpoint_type,
endpoint_domain,
endpoint_domain_prefix,
device_validation_domain,
domain_certificate_arn,
attachment_type,
application_domain,
creation_time,
last_updated_time,
description,
policy_document,
policy_enabled,
tags,
sse_specification
FROM aws.ec2.verified_access_endpoints
WHERE region = 'us-east-1' AND data__Identifier = '<VerifiedAccessEndpointId>';
INSERT
example
Use the following StackQL query and manifest file to create a new verified_access_endpoint
resource, using stack-deploy
.
- Required Properties
- All Properties
- Manifest
/*+ create */
INSERT INTO aws.ec2.verified_access_endpoints (
VerifiedAccessGroupId,
EndpointType,
EndpointDomainPrefix,
DomainCertificateArn,
AttachmentType,
ApplicationDomain,
region
)
SELECT
'{{ VerifiedAccessGroupId }}',
'{{ EndpointType }}',
'{{ EndpointDomainPrefix }}',
'{{ DomainCertificateArn }}',
'{{ AttachmentType }}',
'{{ ApplicationDomain }}',
'{{ region }}';
/*+ create */
INSERT INTO aws.ec2.verified_access_endpoints (
VerifiedAccessGroupId,
SecurityGroupIds,
NetworkInterfaceOptions,
LoadBalancerOptions,
EndpointType,
EndpointDomainPrefix,
DomainCertificateArn,
AttachmentType,
ApplicationDomain,
Description,
PolicyDocument,
PolicyEnabled,
Tags,
SseSpecification,
region
)
SELECT
'{{ VerifiedAccessGroupId }}',
'{{ SecurityGroupIds }}',
'{{ NetworkInterfaceOptions }}',
'{{ LoadBalancerOptions }}',
'{{ EndpointType }}',
'{{ EndpointDomainPrefix }}',
'{{ DomainCertificateArn }}',
'{{ AttachmentType }}',
'{{ ApplicationDomain }}',
'{{ Description }}',
'{{ PolicyDocument }}',
'{{ PolicyEnabled }}',
'{{ Tags }}',
'{{ SseSpecification }}',
'{{ region }}';
version: 1
name: stack name
description: stack description
providers:
- aws
globals:
- name: region
value: '{{ vars.AWS_REGION }}'
resources:
- name: verified_access_endpoint
props:
- name: VerifiedAccessGroupId
value: '{{ VerifiedAccessGroupId }}'
- name: SecurityGroupIds
value:
- '{{ SecurityGroupIds[0] }}'
- name: NetworkInterfaceOptions
value:
NetworkInterfaceId: '{{ NetworkInterfaceId }}'
Port: '{{ Port }}'
Protocol: '{{ Protocol }}'
- name: LoadBalancerOptions
value:
LoadBalancerArn: '{{ LoadBalancerArn }}'
Port: '{{ Port }}'
Protocol: '{{ Protocol }}'
SubnetIds:
- '{{ SubnetIds[0] }}'
- name: EndpointType
value: '{{ EndpointType }}'
- name: EndpointDomainPrefix
value: '{{ EndpointDomainPrefix }}'
- name: DomainCertificateArn
value: '{{ DomainCertificateArn }}'
- name: AttachmentType
value: '{{ AttachmentType }}'
- name: ApplicationDomain
value: '{{ ApplicationDomain }}'
- name: Description
value: '{{ Description }}'
- name: PolicyDocument
value: '{{ PolicyDocument }}'
- name: PolicyEnabled
value: '{{ PolicyEnabled }}'
- name: Tags
value:
- Key: '{{ Key }}'
Value: '{{ Value }}'
- name: SseSpecification
value:
KmsKeyArn: '{{ KmsKeyArn }}'
CustomerManagedKeyEnabled: '{{ CustomerManagedKeyEnabled }}'
DELETE
example
/*+ delete */
DELETE FROM aws.ec2.verified_access_endpoints
WHERE data__Identifier = '<VerifiedAccessEndpointId>'
AND region = 'us-east-1';
Permissions
To operate on the verified_access_endpoints
resource, the following permissions are required:
Create
ec2:CreateVerifiedAccessEndpoint,
ec2:DescribeVerifiedAccessEndpoints,
ec2:CreateTags,
ec2:DescribeTags,
iam:CreateServiceLinkedRole,
iam:ListRoles,
acm:GetCertificateWithPK,
acm:DescribeCertificate,
acm:CreateCertificateRelation,
sso:GetManagedApplicationInstance,
sso:GetPeregrineStatus,
sso:GetSharedSsoConfiguration,
sso:CreateManagedApplicationInstance,
ec2:DescribeSubnets,
ec2:DescribeSecurityGroups,
ec2:DescribeNetworkInterfaces,
ec2:DescribeAccountAttributes,
elasticloadbalancing:DescribeLoadBalancers,
elasticloadbalancing:DescribeListeners,
elasticloadbalancing:DescribeListenerCertificates,
acm:DeleteCertificateRelation,
ec2:DeleteTags,
ec2:DeleteVerifiedAccessEndpoint,
ec2:GetVerifiedAccessEndpointPolicy,
ec2:ModifyVerifiedAccessEndpoint,
ec2:ModifyVerifiedAccessEndpointPolicy,
sso:DeleteManagedApplicationInstance,
kms:DescribeKey,
kms:RetireGrant,
kms:CreateGrant,
kms:GenerateDataKey,
kms:Decrypt
Read
ec2:DescribeVerifiedAccessEndpoints,
ec2:GetVerifiedAccessEndpointPolicy,
ec2:DescribeTags,
acm:CreateCertificateRelation,
acm:DeleteCertificateRelation,
acm:DescribeCertificate,
acm:GetCertificateWithPK,
ec2:CreateTags,
ec2:CreateVerifiedAccessEndpoint,
ec2:DeleteTags,
ec2:DeleteVerifiedAccessEndpoint,
ec2:DescribeAccountAttributes,
ec2:DescribeNetworkInterfaces,
ec2:DescribeSecurityGroups,
ec2:DescribeSubnets,
ec2:ModifyVerifiedAccessEndpoint,
ec2:ModifyVerifiedAccessEndpointPolicy,
elasticloadbalancing:DescribeListenerCertificates,
elasticloadbalancing:DescribeListeners,
elasticloadbalancing:DescribeLoadBalancers,
iam:CreateServiceLinkedRole,
iam:ListRoles,
sso:CreateManagedApplicationInstance,
sso:DeleteManagedApplicationInstance,
sso:GetManagedApplicationInstance,
sso:GetPeregrineStatus,
sso:GetSharedSsoConfiguration,
kms:DescribeKey,
kms:RetireGrant,
kms:CreateGrant,
kms:GenerateDataKey,
kms:Decrypt
Update
ec2:ModifyVerifiedAccessEndpoint,
ec2:ModifyVerifiedAccessEndpointPolicy,
ec2:DescribeVerifiedAccessEndpoints,
ec2:GetVerifiedAccessEndpointPolicy,
ec2:DescribeTags,
ec2:DeleteTags,
ec2:CreateTags,
acm:GetCertificateWithPK,
acm:DescribeCertificate,
acm:CreateCertificateRelation,
acm:DeleteCertificateRelation,
sso:GetManagedApplicationInstance,
sso:GetPeregrineStatus,
sso:GetSharedSsoConfiguration,
sso:CreateManagedApplicationInstance,
sso:DeleteManagedApplicationInstance,
ec2:DescribeSubnets,
ec2:DescribeSecurityGroups,
ec2:DescribeNetworkInterfaces,
ec2:DescribeAccountAttributes,
elasticloadbalancing:DescribeLoadBalancers,
elasticloadbalancing:DescribeListeners,
elasticloadbalancing:DescribeListenerCertificates,
ec2:CreateVerifiedAccessEndpoint,
ec2:DeleteVerifiedAccessEndpoint,
iam:CreateServiceLinkedRole,
iam:ListRoles,
kms:DescribeKey,
kms:RetireGrant,
kms:CreateGrant,
kms:GenerateDataKey,
kms:Decrypt
Delete
ec2:DescribeVerifiedAccessEndpoints,
ec2:DescribeTags,
ec2:DeleteVerifiedAccessEndpoint,
ec2:DeleteTags,
sso:DeleteManagedApplicationInstance,
acm:DeleteCertificateRelation,
acm:DescribeCertificate,
acm:CreateCertificateRelation,
acm:GetCertificateWithPK,
ec2:CreateTags,
ec2:CreateVerifiedAccessEndpoint,
ec2:DescribeAccountAttributes,
ec2:DescribeNetworkInterfaces,
ec2:DescribeSecurityGroups,
ec2:DescribeSubnets,
ec2:GetVerifiedAccessEndpointPolicy,
ec2:ModifyVerifiedAccessEndpoint,
ec2:ModifyVerifiedAccessEndpointPolicy,
elasticloadbalancing:DescribeListenerCertificates,
elasticloadbalancing:DescribeListeners,
elasticloadbalancing:DescribeLoadBalancers,
iam:CreateServiceLinkedRole,
iam:ListRoles,
sso:CreateManagedApplicationInstance,
sso:GetManagedApplicationInstance,
sso:GetPeregrineStatus,
sso:GetSharedSsoConfiguration,
kms:DescribeKey,
kms:RetireGrant,
kms:CreateGrant,
kms:GenerateDataKey,
kms:Decrypt
List
ec2:DescribeVerifiedAccessEndpoints,
ec2:DescribeTags,
acm:CreateCertificateRelation,
acm:DeleteCertificateRelation,
acm:DescribeCertificate,
acm:GetCertificateWithPK,
ec2:CreateTags,
ec2:CreateVerifiedAccessEndpoint,
ec2:DeleteTags,
ec2:DeleteVerifiedAccessEndpoint,
ec2:DescribeAccountAttributes,
ec2:DescribeNetworkInterfaces,
ec2:DescribeSecurityGroups,
ec2:DescribeSubnets,
ec2:GetVerifiedAccessEndpointPolicy,
ec2:ModifyVerifiedAccessEndpoint,
ec2:ModifyVerifiedAccessEndpointPolicy,
elasticloadbalancing:DescribeListenerCertificates,
elasticloadbalancing:DescribeListeners,
elasticloadbalancing:DescribeLoadBalancers,
iam:CreateServiceLinkedRole,
iam:ListRoles,
sso:CreateManagedApplicationInstance,
sso:DeleteManagedApplicationInstance,
sso:GetManagedApplicationInstance,
sso:GetPeregrineStatus,
sso:GetSharedSsoConfiguration,
kms:DescribeKey,
kms:RetireGrant,
kms:CreateGrant,
kms:GenerateDataKey,
kms:Decrypt