ec2: Support for ClientVpnEndpoint resources #4206
Description
Today, there exists a VpnConnection Construct, but support for a ClientVpnEndpoint does not appear to exist.
The VpnConnection, "Specifies a VPN connection between a virtual private gateway and a VPN customer gateway or a transit gateway and a VPN customer gateway."
This feature is different from a ClientVpnEndpoint which requires less configuration on the customer side (for example, no coordination with IT departments to arrange VPN hardware/software internally)
ClientVpnEndpoint appears to have been added to CloudFormation in/around June 14th 2019
There are 4 resources that are related to this in CloudFormation
- AWS::EC2::ClientVpnAuthorizationRule - https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ec2-clientvpnauthorizationrule.html
- AWS::EC2::ClientVpnEndpoint - https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ec2-clientvpnendpoint.html
- AWS::EC2::ClientVpnRoute - https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ec2-clientvpnroute.html
- AWS::EC2::ClientVpnTargetNetworkAssociation - https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ec2-clientvpntargetnetworkassociation.html
Ideally support for all of these are added. Perhaps different issues should be created for each?
Use Case
In our environment we make use of the ClientVpnEndpoint resource in CloudFormation because we do not have the ability to use other AWS VPN solutions. Additionally, we manage access to this VPN using certificates in ACM.
Proposed Solution
Propose that constructs be added to the EC2 package to support ClientVpn related constructs. Should the Constructs have a 1-to-1 relationship to the CloudFormation resources? or should the Construct present a more abstracted view of the resources?
I would be fine with a 1-to-1 relationship.
Other
- 👋 I may be able to implement this feature request
-
⚠️ This feature might incur a breaking change
This is a 🚀 Feature Request