:doc:`EC2 <../../ec2>` / Client / modify_client_vpn_endpoint

**************************
modify_client_vpn_endpoint
**************************



.. py:method:: EC2.Client.modify_client_vpn_endpoint(**kwargs)

  

  Modifies the specified Client VPN endpoint. Modifying the DNS server resets existing client connections.

  

  See also: `AWS API Documentation <https://docs.aws.amazon.com/goto/WebAPI/ec2-2016-11-15/ModifyClientVpnEndpoint>`_  


  **Request Syntax**
  ::

    response = client.modify_client_vpn_endpoint(
        ClientVpnEndpointId='string',
        ServerCertificateArn='string',
        ConnectionLogOptions={
            'Enabled': True|False,
            'CloudwatchLogGroup': 'string',
            'CloudwatchLogStream': 'string'
        },
        DnsServers={
            'CustomDnsServers': [
                'string',
            ],
            'Enabled': True|False
        },
        VpnPort=123,
        Description='string',
        SplitTunnel=True|False,
        DryRun=True|False,
        SecurityGroupIds=[
            'string',
        ],
        VpcId='string',
        SelfServicePortal='enabled'|'disabled',
        ClientConnectOptions={
            'Enabled': True|False,
            'LambdaFunctionArn': 'string'
        },
        SessionTimeoutHours=123,
        ClientLoginBannerOptions={
            'Enabled': True|False,
            'BannerText': 'string'
        },
        ClientRouteEnforcementOptions={
            'Enforced': True|False
        },
        DisconnectOnSessionTimeout=True|False
    )
    
  :type ClientVpnEndpointId: string
  :param ClientVpnEndpointId: **[REQUIRED]** 

    The ID of the Client VPN endpoint to modify.

    

  
  :type ServerCertificateArn: string
  :param ServerCertificateArn: 

    The ARN of the server certificate to be used. The server certificate must be provisioned in Certificate Manager (ACM).

    

  
  :type ConnectionLogOptions: dict
  :param ConnectionLogOptions: 

    Information about the client connection logging options.

     

    If you enable client connection logging, data about client connections is sent to a Cloudwatch Logs log stream. The following information is logged:

     

    
    * Client connection requests
     
    * Client connection results (successful and unsuccessful)
     
    * Reasons for unsuccessful client connection requests
     
    * Client connection termination time
    

    

  
    - **Enabled** *(boolean) --* 

      Indicates whether connection logging is enabled.

      

    
    - **CloudwatchLogGroup** *(string) --* 

      The name of the CloudWatch Logs log group. Required if connection logging is enabled.

      

    
    - **CloudwatchLogStream** *(string) --* 

      The name of the CloudWatch Logs log stream to which the connection data is published.

      

    
  
  :type DnsServers: dict
  :param DnsServers: 

    Information about the DNS servers to be used by Client VPN connections. A Client VPN endpoint can have up to two DNS servers.

    

  
    - **CustomDnsServers** *(list) --* 

      The IPv4 address range, in CIDR notation, of the DNS servers to be used. You can specify up to two DNS servers. Ensure that the DNS servers can be reached by the clients. The specified values overwrite the existing values.

      

    
      - *(string) --* 

      
  
    - **Enabled** *(boolean) --* 

      Indicates whether DNS servers should be used. Specify ``False`` to delete the existing DNS servers.

      

    
  
  :type VpnPort: integer
  :param VpnPort: 

    The port number to assign to the Client VPN endpoint for TCP and UDP traffic.

     

    Valid Values: ``443`` | ``1194``

     

    Default Value: ``443``

    

  
  :type Description: string
  :param Description: 

    A brief description of the Client VPN endpoint.

    

  
  :type SplitTunnel: boolean
  :param SplitTunnel: 

    Indicates whether the VPN is split-tunnel.

     

    For information about split-tunnel VPN endpoints, see `Split-tunnel Client VPN endpoint <https://docs.aws.amazon.com/vpn/latest/clientvpn-admin/split-tunnel-vpn.html>`__ in the *Client VPN Administrator Guide*.

    

  
  :type DryRun: boolean
  :param DryRun: 

    Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is ``DryRunOperation``. Otherwise, it is ``UnauthorizedOperation``.

    

  
  :type SecurityGroupIds: list
  :param SecurityGroupIds: 

    The IDs of one or more security groups to apply to the target network.

    

  
    - *(string) --* 

    

  :type VpcId: string
  :param VpcId: 

    The ID of the VPC to associate with the Client VPN endpoint.

    

  
  :type SelfServicePortal: string
  :param SelfServicePortal: 

    Specify whether to enable the self-service portal for the Client VPN endpoint.

    

  
  :type ClientConnectOptions: dict
  :param ClientConnectOptions: 

    The options for managing connection authorization for new client connections.

    

  
    - **Enabled** *(boolean) --* 

      Indicates whether client connect options are enabled. The default is ``false`` (not enabled).

      

    
    - **LambdaFunctionArn** *(string) --* 

      The Amazon Resource Name (ARN) of the Lambda function used for connection authorization.

      

    
  
  :type SessionTimeoutHours: integer
  :param SessionTimeoutHours: 

    The maximum VPN session duration time in hours.

     

    Valid values: ``8 | 10 | 12 | 24``

     

    Default value: ``24``

    

  
  :type ClientLoginBannerOptions: dict
  :param ClientLoginBannerOptions: 

    Options for enabling a customizable text banner that will be displayed on Amazon Web Services provided clients when a VPN session is established.

    

  
    - **Enabled** *(boolean) --* 

      Enable or disable a customizable text banner that will be displayed on Amazon Web Services provided clients when a VPN session is established.

       

      Valid values: ``true | false``

       

      Default value: ``false``

      

    
    - **BannerText** *(string) --* 

      Customizable text that will be displayed in a banner on Amazon Web Services provided clients when a VPN session is established. UTF-8 encoded characters only. Maximum of 1400 characters.

      

    
  
  :type ClientRouteEnforcementOptions: dict
  :param ClientRouteEnforcementOptions: 

    Client route enforcement is a feature of the Client VPN service that helps enforce administrator defined routes on devices connected through the VPN. T his feature helps improve your security posture by ensuring that network traffic originating from a connected client is not inadvertently sent outside the VPN tunnel.

     

    Client route enforcement works by monitoring the route table of a connected device for routing policy changes to the VPN connection. If the feature detects any VPN routing policy modifications, it will automatically force an update to the route table, reverting it back to the expected route configurations.

    

  
    - **Enforced** *(boolean) --* 

      Enable or disable Client Route Enforcement. The state can either be ``true`` (enabled) or ``false`` (disabled). The default is ``false``.

       

      Valid values: ``true | false``

       

      Default value: ``false``

      

    
  
  :type DisconnectOnSessionTimeout: boolean
  :param DisconnectOnSessionTimeout: 

    Indicates whether the client VPN session is disconnected after the maximum timeout specified in ``sessionTimeoutHours`` is reached. If ``true``, users are prompted to reconnect client VPN. If ``false``, client VPN attempts to reconnect automatically. The default value is ``true``.

    

  
  
  :rtype: dict
  :returns: 
    
    **Response Syntax**

    
    ::

      {
          'Return': True|False
      }
      
    **Response Structure**

    

    - *(dict) --* 
      

      - **Return** *(boolean) --* 

        Returns ``true`` if the request succeeds; otherwise, it returns an error.

        
  