VerifiedAccessEndpoint

Learn how to create, update, and manage AWS EC2 VerifiedAccessEndpoints using Alchemy Cloud Control.

The VerifiedAccessEndpoint resource allows you to manage AWS EC2 Verified Access Endpoints for secure access to your AWS resources.

Minimal Example

Create a basic Verified Access Endpoint with required properties and a common optional property.

import AWS from "alchemy/aws/control";

const verifiedAccessEndpoint = await AWS.EC2.VerifiedAccessEndpoint("myVerifiedAccessEndpoint", {
  AttachmentType: "load-balancer",
  VerifiedAccessGroupId: "vag-0123456789abcdef0",
  SecurityGroupIds: ["sg-0123456789abcdef0"],
  ApplicationDomain: "app.example.com"
});

Advanced Configuration

Configure a Verified Access Endpoint with additional options such as load balancer settings and optional policy document.

const advancedVerifiedAccessEndpoint = await AWS.EC2.VerifiedAccessEndpoint("advancedVerifiedAccessEndpoint", {
  AttachmentType: "network-interface",
  VerifiedAccessGroupId: "vag-0123456789abcdef0",
  SecurityGroupIds: ["sg-0123456789abcdef0"],
  LoadBalancerOptions: {
    TargetGroupArn: "arn:aws:elasticloadbalancing:us-west-2:123456789012:targetgroup/my-target-group/abcdef123456",
    ListenerArn: "arn:aws:elasticloadbalancing:us-west-2:123456789012:listener/app/my-load-balancer/abcdef123456"
  },
  PolicyDocument: JSON.stringify({
    Version: "2012-10-17",
    Statement: [
      {
        Effect: "Allow",
        Action: "ec2:DescribeInstances",
        Resource: "*"
      }
    ]
  })
});

Custom Network Interface Configuration

Set up a Verified Access Endpoint with specific network interface options.

const networkInterfaceVerifiedAccessEndpoint = await AWS.EC2.VerifiedAccessEndpoint("networkInterfaceVerifiedAccessEndpoint", {
  AttachmentType: "network-interface",
  VerifiedAccessGroupId: "vag-0123456789abcdef0",
  SecurityGroupIds: ["sg-0123456789abcdef0"],
  NetworkInterfaceOptions: {
    AssociatePublicIpAddress: true,
    PrivateIpAddress: "10.0.1.100"
  },
  CidrOptions: {
    CidrBlock: "10.0.0.0/24"
  }
});

Database Endpoint Configuration

Create a Verified Access Endpoint specifically for an RDS instance.

const rdsVerifiedAccessEndpoint = await AWS.EC2.VerifiedAccessEndpoint("rdsVerifiedAccessEndpoint", {
  AttachmentType: "database",
  VerifiedAccessGroupId: "vag-0123456789abcdef0",
  RdsOptions: {
    DbInstanceIdentifier: "my-db-instance",
    SecurityGroupIds: ["sg-0123456789abcdef0"],
    DbClusterIdentifier: "my-db-cluster"
  },
  PolicyEnabled: true
});