Features | Pricing | Documentation | Contact | Blog

Custom::ProxylityUdpGatewayListener

Manages a dedicated listener with an assigned port on an Proxylity ingress domain, the properties of the listener, and the destinations associated with it.

Syntax

To declare this entity in your AWS CloudFormation template, use the following syntax:

JSON

{
  "Type" : "Custom::ProxylityUdpGatewayListener",
  "Properties" : {
    "ServiceToken" : String,
    "ApiKey" : String,
    "Protocols" : [ String, ... ],
    "Peers" : [ Peer, ... ],
    "Destinations" : [ Destination, ... ],
    "ClientRestrictions" : [ ClientRestriction, ... ]
    }
}

YAML

Type: Custom::ProxylityUdpGatewayListener
Properties:
  ServiceToken: String
  ApiKey: String
  Protocols: [ String, ... ]
  Peers: [ Peer, ... ]
  Destinations: [ Destination, ... ]
  ClientRestrictions: [ ClientRestriction, ... ]

Properties

ServiceToken

The ARN of the Proxylity custom resource handler in the deployment region found in the customer configuration provided by Proxylity. See AWS::Cloudformation::CustomResource.

ApiKey

The ApiKey provided to you by Proxylity.

Protocols

The IP protocols the listener supports. Supported values are 'udp' for standard UDP listeners and 'wg' for WireGuard listeners.

Required: Yes

Type: List of String

Update requires: No interruption

Peers

Specifies the WireGuard peer configurations. This property is only valid for WireGuard listeners (when Protocols contains 'wg'). Each peer defines cryptographic keys and network access controls for authenticated WireGuard clients.

Required: No (only valid for WireGuard listeners)

Type: List of Peer

Update requires: No interruption

Destinations

Specifies the AWS resources that will be used to handle packets arriving at the Listener.

Required: No

Type: List of Destination

Update requires: No interruption

ClientRestrictions

Specifies the IP addresses (in CIDR format) and domains (CPF DNS lookup) for which traffic will be accepted. Not including the ClientRestrictions property causes all traffic to be blocked. It's highly recommended to include only trusted networks of IPs as allowed senders for your listeners.

Required: No

Type: List of ClientRestriction

Update requires: No interruption

Return Values

Ref

When you pass the logical ID of this resource to the intrinsic Ref function, Ref returns the Id.

Fn::GetAtt

The Fn::GetAtt intrinsic function returns a value for a specified attribute of this type. The following are the available attributes and sample return values.

For more information about using the Fn::GetAtt intrinsic function, see Fn::GetAtt.

Id

The logical ID assigned when the resource is created.

Port

The port assigned to the listener. Send traffic to this port on one of the assigned IP addresses.

Domain

The ingress subdomain on which the assigned port is located, currently of the form ingres-. The fully qualified domain can be formed by appending "proxylity.com" to the ingress domain, to do DNS lookups for example.

WireGuardPublicKey

The base64-encoded WireGuard public key for this listener. This attribute is only available for WireGuard listeners (when Protocols contains 'wg'). Use this key in client configurations to establish encrypted connections.