Skip to main content

verified_access_endpoint

Gets an individual verified_access_endpoint resource

Overview

Nameverified_access_endpoint
TypeResource
Descriptionverified_access_endpoint
Idawscc.ec2.verified_access_endpoint

Fields

NameDatatypeDescription
verified_access_endpoint_idstringThe ID of the AWS Verified Access endpoint.
verified_access_group_idstringThe ID of the AWS Verified Access group.
verified_access_instance_idstringThe ID of the AWS Verified Access instance.
statusstringThe endpoint status.
security_group_idsarrayThe IDs of the security groups for the endpoint.
network_interface_optionsobjectThe options for network-interface type endpoint.
load_balancer_optionsobjectThe load balancer details if creating the AWS Verified Access endpoint as load-balancer type.
endpoint_typestringThe type of AWS Verified Access endpoint. Incoming application requests will be sent to an IP address, load balancer or a network interface depending on the endpoint type specified.The type of AWS Verified Access endpoint. Incoming application requests will be sent to an IP address, load balancer or a network interface depending on the endpoint type specified.
endpoint_domainstringA DNS name that is generated for the endpoint.
endpoint_domain_prefixstringA custom identifier that gets prepended to a DNS name that is generated for the endpoint.
device_validation_domainstringReturned if endpoint has a device trust provider attached.
domain_certificate_arnstringThe ARN of a public TLS/SSL certificate imported into or created with ACM.
attachment_typestringThe type of attachment used to provide connectivity between the AWS Verified Access endpoint and the application.
application_domainstringThe DNS name for users to reach your application.
creation_timestringThe creation time.
last_updated_timestringThe last updated time.
descriptionstringA description for the AWS Verified Access endpoint.
policy_documentstringThe AWS Verified Access policy document.
policy_enabledbooleanThe status of the Verified Access policy.
tagsarrayAn array of key-value pairs to apply to this resource.
sse_specificationobjectThe configuration options for customer provided KMS encryption.
regionstringAWS region.

Methods

Currently only SELECT is supported for this resource resource.

Example

SELECT
region,
verified_access_endpoint_id,
verified_access_group_id,
verified_access_instance_id,
status,
security_group_ids,
network_interface_options,
load_balancer_options,
endpoint_type,
endpoint_domain,
endpoint_domain_prefix,
device_validation_domain,
domain_certificate_arn,
attachment_type,
application_domain,
creation_time,
last_updated_time,
description,
policy_document,
policy_enabled,
tags,
sse_specification
FROM awscc.ec2.verified_access_endpoint
WHERE data__Identifier = '<VerifiedAccessEndpointId>';

Permissions

To operate on the verified_access_endpoint resource, the following permissions are required:

Read

ec2:DescribeVerifiedAccessEndpoints,
ec2:GetVerifiedAccessEndpointPolicy,
ec2:DescribeTags,
acm:CreateCertificateRelation,
acm:DeleteCertificateRelation,
acm:DescribeCertificate,
acm:GetCertificateWithPK,
ec2:CreateTags,
ec2:CreateVerifiedAccessEndpoint,
ec2:DeleteTags,
ec2:DeleteVerifiedAccessEndpoint,
ec2:DescribeAccountAttributes,
ec2:DescribeNetworkInterfaces,
ec2:DescribeSecurityGroups,
ec2:DescribeSubnets,
ec2:ModifyVerifiedAccessEndpoint,
ec2:ModifyVerifiedAccessEndpointPolicy,
elasticloadbalancing:DescribeListenerCertificates,
elasticloadbalancing:DescribeListeners,
elasticloadbalancing:DescribeLoadBalancers,
iam:CreateServiceLinkedRole,
iam:ListRoles,
sso:CreateManagedApplicationInstance,
sso:DeleteManagedApplicationInstance,
sso:GetManagedApplicationInstance,
sso:GetPeregrineStatus,
sso:GetSharedSsoConfiguration,
kms:DescribeKey,
kms:RetireGrant,
kms:CreateGrant,
kms:GenerateDataKey,
kms:Decrypt

Update

ec2:ModifyVerifiedAccessEndpoint,
ec2:ModifyVerifiedAccessEndpointPolicy,
ec2:DescribeVerifiedAccessEndpoints,
ec2:GetVerifiedAccessEndpointPolicy,
ec2:DescribeTags,
ec2:DeleteTags,
ec2:CreateTags,
acm:GetCertificateWithPK,
acm:DescribeCertificate,
acm:CreateCertificateRelation,
acm:DeleteCertificateRelation,
sso:GetManagedApplicationInstance,
sso:GetPeregrineStatus,
sso:GetSharedSsoConfiguration,
sso:CreateManagedApplicationInstance,
sso:DeleteManagedApplicationInstance,
ec2:DescribeSubnets,
ec2:DescribeSecurityGroups,
ec2:DescribeNetworkInterfaces,
ec2:DescribeAccountAttributes,
elasticloadbalancing:DescribeLoadBalancers,
elasticloadbalancing:DescribeListeners,
elasticloadbalancing:DescribeListenerCertificates,
ec2:CreateVerifiedAccessEndpoint,
ec2:DeleteVerifiedAccessEndpoint,
iam:CreateServiceLinkedRole,
iam:ListRoles,
kms:DescribeKey,
kms:RetireGrant,
kms:CreateGrant,
kms:GenerateDataKey,
kms:Decrypt

Delete

ec2:DescribeVerifiedAccessEndpoints,
ec2:DescribeTags,
ec2:DeleteVerifiedAccessEndpoint,
ec2:DeleteTags,
sso:DeleteManagedApplicationInstance,
acm:DeleteCertificateRelation,
acm:DescribeCertificate,
acm:CreateCertificateRelation,
acm:GetCertificateWithPK,
ec2:CreateTags,
ec2:CreateVerifiedAccessEndpoint,
ec2:DescribeAccountAttributes,
ec2:DescribeNetworkInterfaces,
ec2:DescribeSecurityGroups,
ec2:DescribeSubnets,
ec2:GetVerifiedAccessEndpointPolicy,
ec2:ModifyVerifiedAccessEndpoint,
ec2:ModifyVerifiedAccessEndpointPolicy,
elasticloadbalancing:DescribeListenerCertificates,
elasticloadbalancing:DescribeListeners,
elasticloadbalancing:DescribeLoadBalancers,
iam:CreateServiceLinkedRole,
iam:ListRoles,
sso:CreateManagedApplicationInstance,
sso:GetManagedApplicationInstance,
sso:GetPeregrineStatus,
sso:GetSharedSsoConfiguration,
kms:DescribeKey,
kms:RetireGrant,
kms:CreateGrant,
kms:GenerateDataKey,
kms:Decrypt