agent-claw: automated task changes

cdk/node_modules/aws-cdk-lib/aws-ec2/lib/client-vpn-endpoint.d.ts

@@ -0,0 +1,262 @@
+import type { Construct, IDependable } from 'constructs';
+import type { ClientVpnAuthorizationRuleOptions } from './client-vpn-authorization-rule';
+import { ClientVpnAuthorizationRule } from './client-vpn-authorization-rule';
+import type { IClientVpnConnectionHandler, IClientVpnEndpoint, TransportProtocol, VpnPort } from './client-vpn-endpoint-types';
+import type { ClientVpnRouteOptions } from './client-vpn-route';
+import { ClientVpnRoute } from './client-vpn-route';
+import { Connections } from './connections';
+import type { ClientVpnEndpointReference } from './ec2.generated';
+import type { ISecurityGroup } from './security-group';
+import type { IVpc, SubnetSelection } from './vpc';
+import type { ISAMLProviderRef } from '../../aws-iam';
+import * as logs from '../../aws-logs';
+import { Resource } from '../../core';
+import type { ILogStreamRef } from '../../interfaces/generated/aws-logs-interfaces.generated';
+/**
+ * Options for Client Route Enforcement
+ */
+export interface ClientRouteEnforcementOptions {
+    /**
+     * Enable or disable Client Route Enforcement.
+     * The state can either be true (enabled) or false (disabled).
+     */
+    readonly enforced: boolean;
+}
+/**
+ * Options for a client VPN endpoint
+ */
+export interface ClientVpnEndpointOptions {
+    /**
+     * The IPv4 address range, in CIDR notation, from which to assign client IP
+     * addresses. The address range cannot overlap with the local CIDR of the VPC
+     * in which the associated subnet is located, or the routes that you add manually.
+     *
+     * Changing the address range will replace the Client VPN endpoint.
+     *
+     * The CIDR block should be /22 or greater.
+     */
+    readonly cidr: string;
+    /**
+     * The ARN of the client certificate for mutual authentication.
+     *
+     * The certificate must be signed by a certificate authority (CA) and it must
+     * be provisioned in AWS Certificate Manager (ACM).
+     *
+     * @default - use user-based authentication
+     */
+    readonly clientCertificateArn?: string;
+    /**
+     * The type of user-based authentication to use.
+     *
+     * @see https://docs.aws.amazon.com/vpn/latest/clientvpn-admin/client-authentication.html
+     *
+     * @default - use mutual authentication
+     */
+    readonly userBasedAuthentication?: ClientVpnUserBasedAuthentication;
+    /**
+     * Whether to enable connections logging
+     *
+     * @default true
+     */
+    readonly logging?: boolean;
+    /**
+     * A CloudWatch Logs log group for connection logging
+     *
+     * @default - a new group is created
+     */
+    readonly logGroup?: logs.ILogGroupRef;
+    /**
+     * A CloudWatch Logs log stream for connection logging
+     *
+     * @default - a new stream is created
+     */
+    readonly logStream?: ILogStreamRef;
+    /**
+     * The AWS Lambda function used for connection authorization
+     *
+     * The name of the Lambda function must begin with the `AWSClientVPN-` prefix
+     *
+     * @default - no connection handler
+     */
+    readonly clientConnectionHandler?: IClientVpnConnectionHandler;
+    /**
+     * A brief description of the Client VPN endpoint.
+     *
+     * @default - no description
+     */
+    readonly description?: string;
+    /**
+     * The security groups to apply to the target network.
+     *
+     * @default - a new security group is created
+     */
+    readonly securityGroups?: ISecurityGroup[];
+    /**
+     * Specify whether to enable the self-service portal for the Client VPN endpoint.
+     *
+     * @default true
+     */
+    readonly selfServicePortal?: boolean;
+    /**
+     * The ARN of the server certificate
+     */
+    readonly serverCertificateArn: string;
+    /**
+     * Indicates whether split-tunnel is enabled on the AWS Client VPN endpoint.
+     *
+     * @see https://docs.aws.amazon.com/vpn/latest/clientvpn-admin/split-tunnel-vpn.html
+     *
+     * @default false
+     */
+    readonly splitTunnel?: boolean;
+    /**
+     * The transport protocol to be used by the VPN session.
+     *
+     * @default TransportProtocol.UDP
+     */
+    readonly transportProtocol?: TransportProtocol;
+    /**
+     * The port number to assign to the Client VPN endpoint for TCP and UDP
+     * traffic.
+     *
+     * @default VpnPort.HTTPS
+     */
+    readonly port?: VpnPort;
+    /**
+     * Information about the DNS servers to be used for DNS resolution.
+     *
+     * A Client VPN endpoint can have up to two DNS servers.
+     *
+     * @default - use the DNS address configured on the device
+     */
+    readonly dnsServers?: string[];
+    /**
+     * Subnets to associate to the client VPN endpoint.
+     *
+     * @default - the VPC default strategy
+     */
+    readonly vpcSubnets?: SubnetSelection;
+    /**
+     * Whether to authorize all users to the VPC CIDR
+     *
+     * This automatically creates an authorization rule. Set this to `false` and
+     * use `addAuthorizationRule()` to create your own rules instead.
+     *
+     * @default true
+     */
+    readonly authorizeAllUsersToVpcCidr?: boolean;
+    /**
+     * The maximum VPN session duration time.
+     *
+     * @default ClientVpnSessionTimeout.TWENTY_FOUR_HOURS
+     */
+    readonly sessionTimeout?: ClientVpnSessionTimeout;
+    /**
+     * Indicates whether the client VPN session is disconnected after the maximum `sessionTimeout` is reached.
+     *
+     * If `true`, users are prompted to reconnect client VPN.
+     * If `false`, client VPN attempts to reconnect automatically.
+     *
+     * @default undefined - AWS Client VPN default is true
+     * @see https://docs.aws.amazon.com/vpn/latest/clientvpn-admin/cvpn-working-max-duration.html
+     */
+    readonly disconnectOnSessionTimeout?: boolean;
+    /**
+     * Customizable text that will be displayed in a banner on AWS provided clients
+     * when a VPN session is established.
+     *
+     * UTF-8 encoded characters only. Maximum of 1400 characters.
+     *
+     * @default - no banner is presented to the client
+     */
+    readonly clientLoginBanner?: string;
+    /**
+     * Options for Client Route Enforcement.
+     *
+     * Client Route Enforcement is a feature of Client VPN that helps enforce administrator defined routes on devices connected through the VPN.
+     * This feature helps improve your security posture by ensuring that network traffic originating from a connected client is not inadvertently sent outside the VPN tunnel.
+     *
+     * @see https://docs.aws.amazon.com/vpn/latest/clientvpn-admin/cvpn-working-cre.html
+     *
+     * @default undefined - AWS Client VPN default setting is disable client route enforcement
+     */
+    readonly clientRouteEnforcementOptions?: ClientRouteEnforcementOptions;
+}
+/**
+ * Maximum VPN session duration time
+ */
+export declare enum ClientVpnSessionTimeout {
+    /** 8 hours */
+    EIGHT_HOURS = 8,
+    /** 10 hours */
+    TEN_HOURS = 10,
+    /** 12 hours */
+    TWELVE_HOURS = 12,
+    /** 24 hours */
+    TWENTY_FOUR_HOURS = 24
+}
+/**
+ * User-based authentication for a client VPN endpoint
+ */
+export declare abstract class ClientVpnUserBasedAuthentication {
+    /**
+     * Active Directory authentication
+     */
+    static activeDirectory(directoryId: string): ClientVpnUserBasedAuthentication;
+    /** Federated authentication */
+    static federated(samlProvider: ISAMLProviderRef, selfServiceSamlProvider?: ISAMLProviderRef): ClientVpnUserBasedAuthentication;
+    /** Renders the user based authentication */
+    abstract render(): any;
+}
+/**
+ * Properties for a client VPN endpoint
+ */
+export interface ClientVpnEndpointProps extends ClientVpnEndpointOptions {
+    /**
+     * The VPC to connect to.
+     */
+    readonly vpc: IVpc;
+}
+/**
+ * Attributes when importing an existing client VPN endpoint
+ */
+export interface ClientVpnEndpointAttributes {
+    /**
+     * The endpoint ID
+     */
+    readonly endpointId: string;
+    /**
+     * The security groups associated with the endpoint
+     */
+    readonly securityGroups: ISecurityGroup[];
+}
+/**
+ * A client VPN connection
+ */
+export declare class ClientVpnEndpoint extends Resource implements IClientVpnEndpoint {
+    /**
+     * Uniquely identifies this class.
+     */
+    static readonly PROPERTY_INJECTION_ID: string;
+    /**
+     * Import an existing client VPN endpoint
+     */
+    static fromEndpointAttributes(scope: Construct, id: string, attrs: ClientVpnEndpointAttributes): IClientVpnEndpoint;
+    readonly endpointId: string;
+    /**
+     * Allows specify security group connections for the endpoint.
+     */
+    readonly connections: Connections;
+    readonly targetNetworksAssociated: IDependable;
+    private readonly _targetNetworksAssociated;
+    constructor(scope: Construct, id: string, props: ClientVpnEndpointProps);
+    get clientVpnEndpointRef(): ClientVpnEndpointReference;
+    /**
+     * Adds an authorization rule to this endpoint
+     */
+    addAuthorizationRule(id: string, props: ClientVpnAuthorizationRuleOptions): ClientVpnAuthorizationRule;
+    /**
+     * Adds a route to this endpoint
+     */
+    addRoute(id: string, props: ClientVpnRouteOptions): ClientVpnRoute;
+}