Skip to content

Resource: awsEc2ClientVpnNetworkAssociation

Provides network associations for AWS Client VPN endpoints. For more information on usage, please see the AWS Client VPN Administrator's Guide.

\~> NOTE on Client VPN endpoint target network security groups: Terraform provides both a standalone Client VPN endpoint network association resource with a (deprecated) securityGroups argument and a Client VPN endpoint resource with a securityGroupIds argument. Do not specify security groups in both resources. Doing so will cause a conflict and will overwrite the target network security group association.

Example Usage

Using default security group

/*Provider bindings are generated by running cdktf get.
See https://cdk.tf/provider-generation for more details.*/
import * as aws from "./.gen/providers/aws";
new aws.ec2ClientVpnNetworkAssociation.Ec2ClientVpnNetworkAssociation(
  this,
  "example",
  {
    clientVpnEndpointId: "${aws_ec2_client_vpn_endpoint.example.id}",
    subnetId: "${aws_subnet.example.id}",
  }
);

Using custom security groups

/*Provider bindings are generated by running cdktf get.
See https://cdk.tf/provider-generation for more details.*/
import * as aws from "./.gen/providers/aws";
new aws.ec2ClientVpnNetworkAssociation.Ec2ClientVpnNetworkAssociation(
  this,
  "example",
  {
    clientVpnEndpointId: "${aws_ec2_client_vpn_endpoint.example.id}",
    securityGroups: [
      "${aws_security_group.example1.id}",
      "${aws_security_group.example2.id}",
    ],
    subnetId: "${aws_subnet.example.id}",
  }
);

Argument Reference

The following arguments are supported:

  • clientVpnEndpointId - (Required) The ID of the Client VPN endpoint.
  • subnetId - (Required) The ID of the subnet to associate with the Client VPN endpoint.
  • securityGroups - (Optional, Deprecated use the securityGroupIds argument of the awsEc2ClientVpnEndpoint resource instead) A list of up to five custom security groups to apply to the target network. If not specified, the VPC's default security group is assigned.

Attributes Reference

In addition to all arguments above, the following attributes are exported:

  • id - The unique ID of the target network association.
  • associationId - The unique ID of the target network association.
  • status - Deprecated The current state of the target network association.
  • vpcId - The ID of the VPC in which the target subnet is located.

Timeouts

Configuration options:

  • create - (Default 30M)
  • delete - (Default 30M)

Import

AWS Client VPN network associations can be imported using the endpoint ID and the association ID. Values are separated by a ,.

$ terraform import aws_ec2_client_vpn_network_association.example cvpn-endpoint-0ac3a1abbccddd666,vpn-assoc-0b8db902465d069ad