Skip to content

Resource: awsEc2ClientVpnRoute

Provides additional routes for AWS Client VPN endpoints. For more information on usage, please see the AWS Client VPN Administrator's Guide.

Example Usage

/*Provider bindings are generated by running cdktf get.
See https://cdk.tf/provider-generation for more details.*/
import * as aws from "./.gen/providers/aws";
const awsEc2ClientVpnEndpointExample =
  new aws.ec2ClientVpnEndpoint.Ec2ClientVpnEndpoint(this, "example", {
    authenticationOptions: [
      {
        rootCertificateChainArn: "${aws_acm_certificate.example.arn}",
        type: "certificate-authentication",
      },
    ],
    clientCidrBlock: "10.0.0.0/16",
    connectionLogOptions: {
      enabled: false,
    },
    description: "Example Client VPN endpoint",
    serverCertificateArn: "${aws_acm_certificate.example.arn}",
  });
const awsEc2ClientVpnNetworkAssociationExample =
  new aws.ec2ClientVpnNetworkAssociation.Ec2ClientVpnNetworkAssociation(
    this,
    "example_1",
    {
      clientVpnEndpointId: awsEc2ClientVpnEndpointExample.id,
      subnetId: "${aws_subnet.example.id}",
    }
  );
/*This allows the Terraform resource name to match the original name. You can remove the call if you don't need them to match.*/
awsEc2ClientVpnNetworkAssociationExample.overrideLogicalId("example");
const awsEc2ClientVpnRouteExample = new aws.ec2ClientVpnRoute.Ec2ClientVpnRoute(
  this,
  "example_2",
  {
    clientVpnEndpointId: awsEc2ClientVpnEndpointExample.id,
    destinationCidrBlock: "0.0.0.0/0",
    targetVpcSubnetId: awsEc2ClientVpnNetworkAssociationExample.subnetId,
  }
);
/*This allows the Terraform resource name to match the original name. You can remove the call if you don't need them to match.*/
awsEc2ClientVpnRouteExample.overrideLogicalId("example");

Argument Reference

The following arguments are supported:

  • clientVpnEndpointId - (Required) The ID of the Client VPN endpoint.
  • destinationCidrBlock - (Required) The IPv4 address range, in CIDR notation, of the route destination.
  • description - (Optional) A brief description of the route.
  • targetVpcSubnetId - (Required) The ID of the Subnet to route the traffic through. It must already be attached to the Client VPN.

Attributes Reference

In addition to all arguments above, the following attributes are exported:

  • id - The ID of the Client VPN endpoint.
  • origin - Indicates how the Client VPN route was added. Will be addRoute for routes created by this resource.
  • type - The type of the route.

Timeouts

Configuration options:

  • create - (Default 1M)
  • delete - (Default 1M)

Import

AWS Client VPN routes can be imported using the endpoint ID, target subnet ID, and destination CIDR block. All values are separated by a ,.

$ terraform import aws_ec2_client_vpn_route.example cvpn-endpoint-1234567890abcdef,subnet-9876543210fedcba,10.1.0.0/24