pulumi-aws-kotlin/com.pulumi.aws.ec2.kotlin/VpnConnectionArgs

VpnConnectionArgs

data class VpnConnectionArgs(val customerGatewayId: Output<String>? = null, val enableAcceleration: Output<Boolean>? = null, val localIpv4NetworkCidr: Output<String>? = null, val localIpv6NetworkCidr: Output<String>? = null, val outsideIpAddressType: Output<String>? = null, val remoteIpv4NetworkCidr: Output<String>? = null, val remoteIpv6NetworkCidr: Output<String>? = null, val staticRoutesOnly: Output<Boolean>? = null, val tags: Output<Map<String, String>>? = null, val transitGatewayId: Output<String>? = null, val transportTransitGatewayAttachmentId: Output<String>? = null, val tunnel1DpdTimeoutAction: Output<String>? = null, val tunnel1DpdTimeoutSeconds: Output<Int>? = null, val tunnel1EnableTunnelLifecycleControl: Output<Boolean>? = null, val tunnel1IkeVersions: Output<List<String>>? = null, val tunnel1InsideCidr: Output<String>? = null, val tunnel1InsideIpv6Cidr: Output<String>? = null, val tunnel1LogOptions: Output<VpnConnectionTunnel1LogOptionsArgs>? = null, val tunnel1Phase1DhGroupNumbers: Output<List<Int>>? = null, val tunnel1Phase1EncryptionAlgorithms: Output<List<String>>? = null, val tunnel1Phase1IntegrityAlgorithms: Output<List<String>>? = null, val tunnel1Phase1LifetimeSeconds: Output<Int>? = null, val tunnel1Phase2DhGroupNumbers: Output<List<Int>>? = null, val tunnel1Phase2EncryptionAlgorithms: Output<List<String>>? = null, val tunnel1Phase2IntegrityAlgorithms: Output<List<String>>? = null, val tunnel1Phase2LifetimeSeconds: Output<Int>? = null, val tunnel1PresharedKey: Output<String>? = null, val tunnel1RekeyFuzzPercentage: Output<Int>? = null, val tunnel1RekeyMarginTimeSeconds: Output<Int>? = null, val tunnel1ReplayWindowSize: Output<Int>? = null, val tunnel1StartupAction: Output<String>? = null, val tunnel2DpdTimeoutAction: Output<String>? = null, val tunnel2DpdTimeoutSeconds: Output<Int>? = null, val tunnel2EnableTunnelLifecycleControl: Output<Boolean>? = null, val tunnel2IkeVersions: Output<List<String>>? = null, val tunnel2InsideCidr: Output<String>? = null, val tunnel2InsideIpv6Cidr: Output<String>? = null, val tunnel2LogOptions: Output<VpnConnectionTunnel2LogOptionsArgs>? = null, val tunnel2Phase1DhGroupNumbers: Output<List<Int>>? = null, val tunnel2Phase1EncryptionAlgorithms: Output<List<String>>? = null, val tunnel2Phase1IntegrityAlgorithms: Output<List<String>>? = null, val tunnel2Phase1LifetimeSeconds: Output<Int>? = null, val tunnel2Phase2DhGroupNumbers: Output<List<Int>>? = null, val tunnel2Phase2EncryptionAlgorithms: Output<List<String>>? = null, val tunnel2Phase2IntegrityAlgorithms: Output<List<String>>? = null, val tunnel2Phase2LifetimeSeconds: Output<Int>? = null, val tunnel2PresharedKey: Output<String>? = null, val tunnel2RekeyFuzzPercentage: Output<Int>? = null, val tunnel2RekeyMarginTimeSeconds: Output<Int>? = null, val tunnel2ReplayWindowSize: Output<Int>? = null, val tunnel2StartupAction: Output<String>? = null, val tunnelInsideIpVersion: Output<String>? = null, val type: Output<String>? = null, val vpnGatewayId: Output<String>? = null) : ConvertibleToJava<VpnConnectionArgs>

Manages a Site-to-Site VPN connection. A Site-to-Site VPN connection is an Internet Protocol security (IPsec) VPN connection between a VPC and an on-premises network. Any new Site-to-Site VPN connection that you create is an AWS VPN connection.

Note: The CIDR blocks in the arguments tunnel1_inside_cidr and tunnel2_inside_cidr must have a prefix of /30 and be a part of a specific range. Read more about this in the AWS documentation.

Example Usage

EC2 Transit Gateway

import * as pulumi from "@pulumi/pulumi";
import * as aws from "@pulumi/aws";
const example = new aws.ec2transitgateway.TransitGateway("example", {});
const exampleCustomerGateway = new aws.ec2.CustomerGateway("example", {
    bgpAsn: "65000",
    ipAddress: "172.0.0.1",
    type: "ipsec.1",
});
const exampleVpnConnection = new aws.ec2.VpnConnection("example", {
    customerGatewayId: exampleCustomerGateway.id,
    transitGatewayId: example.id,
    type: exampleCustomerGateway.type,
});
Content copied to clipboard
import pulumi
import pulumi_aws as aws
example = aws.ec2transitgateway.TransitGateway("example")
example_customer_gateway = aws.ec2.CustomerGateway("example",
    bgp_asn="65000",
    ip_address="172.0.0.1",
    type="ipsec.1")
example_vpn_connection = aws.ec2.VpnConnection("example",
    customer_gateway_id=example_customer_gateway.id,
    transit_gateway_id=example.id,
    type=example_customer_gateway.type)
Content copied to clipboard
using System.Collections.Generic;
using System.Linq;
using Pulumi;
using Aws = Pulumi.Aws;
return await Deployment.RunAsync(() =>
{
    var example = new Aws.Ec2TransitGateway.TransitGateway("example");
    var exampleCustomerGateway = new Aws.Ec2.CustomerGateway("example", new()
    {
        BgpAsn = "65000",
        IpAddress = "172.0.0.1",
        Type = "ipsec.1",
    });
    var exampleVpnConnection = new Aws.Ec2.VpnConnection("example", new()
    {
        CustomerGatewayId = exampleCustomerGateway.Id,
        TransitGatewayId = example.Id,
        Type = exampleCustomerGateway.Type,
    });
});
Content copied to clipboard
package main
import (
	"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/ec2"
	"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/ec2transitgateway"
	"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		example, err := ec2transitgateway.NewTransitGateway(ctx, "example", nil)
		if err != nil {
			return err
		}
		exampleCustomerGateway, err := ec2.NewCustomerGateway(ctx, "example", &ec2.CustomerGatewayArgs{
			BgpAsn:    pulumi.String("65000"),
			IpAddress: pulumi.String("172.0.0.1"),
			Type:      pulumi.String("ipsec.1"),
		})
		if err != nil {
			return err
		}
		_, err = ec2.NewVpnConnection(ctx, "example", &ec2.VpnConnectionArgs{
			CustomerGatewayId: exampleCustomerGateway.ID(),
			TransitGatewayId:  example.ID(),
			Type:              exampleCustomerGateway.Type,
		})
		if err != nil {
			return err
		}
		return nil
	})
}
Content copied to clipboard
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.aws.ec2transitgateway.TransitGateway;
import com.pulumi.aws.ec2.CustomerGateway;
import com.pulumi.aws.ec2.CustomerGatewayArgs;
import com.pulumi.aws.ec2.VpnConnection;
import com.pulumi.aws.ec2.VpnConnectionArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
    public static void main(String[] args) {
        Pulumi.run(App::stack);
    }
    public static void stack(Context ctx) {
        var example = new TransitGateway("example");
        var exampleCustomerGateway = new CustomerGateway("exampleCustomerGateway", CustomerGatewayArgs.builder()
            .bgpAsn(65000)
            .ipAddress("172.0.0.1")
            .type("ipsec.1")
            .build());
        var exampleVpnConnection = new VpnConnection("exampleVpnConnection", VpnConnectionArgs.builder()
            .customerGatewayId(exampleCustomerGateway.id())
            .transitGatewayId(example.id())
            .type(exampleCustomerGateway.type())
            .build());
    }
}
Content copied to clipboard
resources:
  example:
    type: aws:ec2transitgateway:TransitGateway
  exampleCustomerGateway:
    type: aws:ec2:CustomerGateway
    name: example
    properties:
      bgpAsn: 65000
      ipAddress: 172.0.0.1
      type: ipsec.1
  exampleVpnConnection:
    type: aws:ec2:VpnConnection
    name: example
    properties:
      customerGatewayId: ${exampleCustomerGateway.id}
      transitGatewayId: ${example.id}
      type: ${exampleCustomerGateway.type}
Content copied to clipboard

Virtual Private Gateway

import * as pulumi from "@pulumi/pulumi";
import * as aws from "@pulumi/aws";
const vpc = new aws.ec2.Vpc("vpc", {cidrBlock: "10.0.0.0/16"});
const vpnGateway = new aws.ec2.VpnGateway("vpn_gateway", {vpcId: vpc.id});
const customerGateway = new aws.ec2.CustomerGateway("customer_gateway", {
    bgpAsn: "65000",
    ipAddress: "172.0.0.1",
    type: "ipsec.1",
});
const main = new aws.ec2.VpnConnection("main", {
    vpnGatewayId: vpnGateway.id,
    customerGatewayId: customerGateway.id,
    type: "ipsec.1",
    staticRoutesOnly: true,
});
Content copied to clipboard
import pulumi
import pulumi_aws as aws
vpc = aws.ec2.Vpc("vpc", cidr_block="10.0.0.0/16")
vpn_gateway = aws.ec2.VpnGateway("vpn_gateway", vpc_id=vpc.id)
customer_gateway = aws.ec2.CustomerGateway("customer_gateway",
    bgp_asn="65000",
    ip_address="172.0.0.1",
    type="ipsec.1")
main = aws.ec2.VpnConnection("main",
    vpn_gateway_id=vpn_gateway.id,
    customer_gateway_id=customer_gateway.id,
    type="ipsec.1",
    static_routes_only=True)
Content copied to clipboard
using System.Collections.Generic;
using System.Linq;
using Pulumi;
using Aws = Pulumi.Aws;
return await Deployment.RunAsync(() =>
{
    var vpc = new Aws.Ec2.Vpc("vpc", new()
    {
        CidrBlock = "10.0.0.0/16",
    });
    var vpnGateway = new Aws.Ec2.VpnGateway("vpn_gateway", new()
    {
        VpcId = vpc.Id,
    });
    var customerGateway = new Aws.Ec2.CustomerGateway("customer_gateway", new()
    {
        BgpAsn = "65000",
        IpAddress = "172.0.0.1",
        Type = "ipsec.1",
    });
    var main = new Aws.Ec2.VpnConnection("main", new()
    {
        VpnGatewayId = vpnGateway.Id,
        CustomerGatewayId = customerGateway.Id,
        Type = "ipsec.1",
        StaticRoutesOnly = true,
    });
});
Content copied to clipboard
package main
import (
	"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/ec2"
	"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		vpc, err := ec2.NewVpc(ctx, "vpc", &ec2.VpcArgs{
			CidrBlock: pulumi.String("10.0.0.0/16"),
		})
		if err != nil {
			return err
		}
		vpnGateway, err := ec2.NewVpnGateway(ctx, "vpn_gateway", &ec2.VpnGatewayArgs{
			VpcId: vpc.ID(),
		})
		if err != nil {
			return err
		}
		customerGateway, err := ec2.NewCustomerGateway(ctx, "customer_gateway", &ec2.CustomerGatewayArgs{
			BgpAsn:    pulumi.String("65000"),
			IpAddress: pulumi.String("172.0.0.1"),
			Type:      pulumi.String("ipsec.1"),
		})
		if err != nil {
			return err
		}
		_, err = ec2.NewVpnConnection(ctx, "main", &ec2.VpnConnectionArgs{
			VpnGatewayId:      vpnGateway.ID(),
			CustomerGatewayId: customerGateway.ID(),
			Type:              pulumi.String("ipsec.1"),
			StaticRoutesOnly:  pulumi.Bool(true),
		})
		if err != nil {
			return err
		}
		return nil
	})
}
Content copied to clipboard
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.aws.ec2.Vpc;
import com.pulumi.aws.ec2.VpcArgs;
import com.pulumi.aws.ec2.VpnGateway;
import com.pulumi.aws.ec2.VpnGatewayArgs;
import com.pulumi.aws.ec2.CustomerGateway;
import com.pulumi.aws.ec2.CustomerGatewayArgs;
import com.pulumi.aws.ec2.VpnConnection;
import com.pulumi.aws.ec2.VpnConnectionArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
    public static void main(String[] args) {
        Pulumi.run(App::stack);
    }
    public static void stack(Context ctx) {
        var vpc = new Vpc("vpc", VpcArgs.builder()
            .cidrBlock("10.0.0.0/16")
            .build());
        var vpnGateway = new VpnGateway("vpnGateway", VpnGatewayArgs.builder()
            .vpcId(vpc.id())
            .build());
        var customerGateway = new CustomerGateway("customerGateway", CustomerGatewayArgs.builder()
            .bgpAsn(65000)
            .ipAddress("172.0.0.1")
            .type("ipsec.1")
            .build());
        var main = new VpnConnection("main", VpnConnectionArgs.builder()
            .vpnGatewayId(vpnGateway.id())
            .customerGatewayId(customerGateway.id())
            .type("ipsec.1")
            .staticRoutesOnly(true)
            .build());
    }
}
Content copied to clipboard
resources:
  vpc:
    type: aws:ec2:Vpc
    properties:
      cidrBlock: 10.0.0.0/16
  vpnGateway:
    type: aws:ec2:VpnGateway
    name: vpn_gateway
    properties:
      vpcId: ${vpc.id}
  customerGateway:
    type: aws:ec2:CustomerGateway
    name: customer_gateway
    properties:
      bgpAsn: 65000
      ipAddress: 172.0.0.1
      type: ipsec.1
  main:
    type: aws:ec2:VpnConnection
    properties:
      vpnGatewayId: ${vpnGateway.id}
      customerGatewayId: ${customerGateway.id}
      type: ipsec.1
      staticRoutesOnly: true
Content copied to clipboard

AWS Site to Site Private VPN

import * as pulumi from "@pulumi/pulumi";
import * as aws from "@pulumi/aws";
const exampleGateway = new aws.directconnect.Gateway("example", {
    name: "example_ipsec_vpn_example",
    amazonSideAsn: "64512",
});
const exampleTransitGateway = new aws.ec2transitgateway.TransitGateway("example", {
    amazonSideAsn: 64513,
    description: "example_ipsec_vpn_example",
    transitGatewayCidrBlocks: ["10&#46;0&#46;0&#46;0/24"],
});
const exampleCustomerGateway = new aws.ec2.CustomerGateway("example", {
    bgpAsn: "64514",
    ipAddress: "10.0.0.1",
    type: "ipsec.1",
    tags: {
        Name: "example_ipsec_vpn_example",
    },
});
const exampleGatewayAssociation = new aws.directconnect.GatewayAssociation("example", {
    dxGatewayId: exampleGateway.id,
    associatedGatewayId: exampleTransitGateway.id,
    allowedPrefixes: ["10&#46;0&#46;0&#46;0/8"],
});
const example = aws.ec2transitgateway.getDirectConnectGatewayAttachmentOutput({
    transitGatewayId: exampleTransitGateway.id,
    dxGatewayId: exampleGateway.id,
});
const exampleVpnConnection = new aws.ec2.VpnConnection("example", {
    customerGatewayId: exampleCustomerGateway.id,
    outsideIpAddressType: "PrivateIpv4",
    transitGatewayId: exampleTransitGateway.id,
    transportTransitGatewayAttachmentId: example.apply(example => example.id),
    type: "ipsec.1",
    tags: {
        Name: "example_ipsec_vpn_example",
    },
});
Content copied to clipboard
import pulumi
import pulumi_aws as aws
example_gateway = aws.directconnect.Gateway("example",
    name="example_ipsec_vpn_example",
    amazon_side_asn="64512")
example_transit_gateway = aws.ec2transitgateway.TransitGateway("example",
    amazon_side_asn=64513,
    description="example_ipsec_vpn_example",
    transit_gateway_cidr_blocks=["10&#46;0&#46;0&#46;0/24"])
example_customer_gateway = aws.ec2.CustomerGateway("example",
    bgp_asn="64514",
    ip_address="10.0.0.1",
    type="ipsec.1",
    tags={
        "Name": "example_ipsec_vpn_example",
    })
example_gateway_association = aws.directconnect.GatewayAssociation("example",
    dx_gateway_id=example_gateway.id,
    associated_gateway_id=example_transit_gateway.id,
    allowed_prefixes=["10&#46;0&#46;0&#46;0/8"])
example = aws.ec2transitgateway.get_direct_connect_gateway_attachment_output(transit_gateway_id=example_transit_gateway.id,
    dx_gateway_id=example_gateway.id)
example_vpn_connection = aws.ec2.VpnConnection("example",
    customer_gateway_id=example_customer_gateway.id,
    outside_ip_address_type="PrivateIpv4",
    transit_gateway_id=example_transit_gateway.id,
    transport_transit_gateway_attachment_id=example.id,
    type="ipsec.1",
    tags={
        "Name": "example_ipsec_vpn_example",
    })
Content copied to clipboard
using System.Collections.Generic;
using System.Linq;
using Pulumi;
using Aws = Pulumi.Aws;
return await Deployment.RunAsync(() =>
{
    var exampleGateway = new Aws.DirectConnect.Gateway("example", new()
    {
        Name = "example_ipsec_vpn_example",
        AmazonSideAsn = "64512",
    });
    var exampleTransitGateway = new Aws.Ec2TransitGateway.TransitGateway("example", new()
    {
        AmazonSideAsn = 64513,
        Description = "example_ipsec_vpn_example",
        TransitGatewayCidrBlocks = new[]
        {
            "10.0.0.0/24",
        },
    });
    var exampleCustomerGateway = new Aws.Ec2.CustomerGateway("example", new()
    {
        BgpAsn = "64514",
        IpAddress = "10.0.0.1",
        Type = "ipsec.1",
        Tags =
        {
            { "Name", "example_ipsec_vpn_example" },
        },
    });
    var exampleGatewayAssociation = new Aws.DirectConnect.GatewayAssociation("example", new()
    {
        DxGatewayId = exampleGateway.Id,
        AssociatedGatewayId = exampleTransitGateway.Id,
        AllowedPrefixes = new[]
        {
            "10.0.0.0/8",
        },
    });
    var example = Aws.Ec2TransitGateway.GetDirectConnectGatewayAttachment.Invoke(new()
    {
        TransitGatewayId = exampleTransitGateway.Id,
        DxGatewayId = exampleGateway.Id,
    });
    var exampleVpnConnection = new Aws.Ec2.VpnConnection("example", new()
    {
        CustomerGatewayId = exampleCustomerGateway.Id,
        OutsideIpAddressType = "PrivateIpv4",
        TransitGatewayId = exampleTransitGateway.Id,
        TransportTransitGatewayAttachmentId = example.Apply(getDirectConnectGatewayAttachmentResult => getDirectConnectGatewayAttachmentResult.Id),
        Type = "ipsec.1",
        Tags =
        {
            { "Name", "example_ipsec_vpn_example" },
        },
    });
});
Content copied to clipboard
package main
import (
	"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/directconnect"
	"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/ec2"
	"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/ec2transitgateway"
	"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		exampleGateway, err := directconnect.NewGateway(ctx, "example", &directconnect.GatewayArgs{
			Name:          pulumi.String("example_ipsec_vpn_example"),
			AmazonSideAsn: pulumi.String("64512"),
		})
		if err != nil {
			return err
		}
		exampleTransitGateway, err := ec2transitgateway.NewTransitGateway(ctx, "example", &ec2transitgateway.TransitGatewayArgs{
			AmazonSideAsn: pulumi.Int(64513),
			Description:   pulumi.String("example_ipsec_vpn_example"),
			TransitGatewayCidrBlocks: pulumi.StringArray{
				pulumi.String("10.0.0.0/24"),
			},
		})
		if err != nil {
			return err
		}
		exampleCustomerGateway, err := ec2.NewCustomerGateway(ctx, "example", &ec2.CustomerGatewayArgs{
			BgpAsn:    pulumi.String("64514"),
			IpAddress: pulumi.String("10.0.0.1"),
			Type:      pulumi.String("ipsec.1"),
			Tags: pulumi.StringMap{
				"Name": pulumi.String("example_ipsec_vpn_example"),
			},
		})
		if err != nil {
			return err
		}
		_, err = directconnect.NewGatewayAssociation(ctx, "example", &directconnect.GatewayAssociationArgs{
			DxGatewayId:         exampleGateway.ID(),
			AssociatedGatewayId: exampleTransitGateway.ID(),
			AllowedPrefixes: pulumi.StringArray{
				pulumi.String("10.0.0.0/8"),
			},
		})
		if err != nil {
			return err
		}
		example := ec2transitgateway.GetDirectConnectGatewayAttachmentOutput(ctx, ec2transitgateway.GetDirectConnectGatewayAttachmentOutputArgs{
			TransitGatewayId: exampleTransitGateway.ID(),
			DxGatewayId:      exampleGateway.ID(),
		}, nil)
		_, err = ec2.NewVpnConnection(ctx, "example", &ec2.VpnConnectionArgs{
			CustomerGatewayId:    exampleCustomerGateway.ID(),
			OutsideIpAddressType: pulumi.String("PrivateIpv4"),
			TransitGatewayId:     exampleTransitGateway.ID(),
			TransportTransitGatewayAttachmentId: example.ApplyT(func(example ec2transitgateway.GetDirectConnectGatewayAttachmentResult) (*string, error) {
				return &example.Id, nil
			}).(pulumi.StringPtrOutput),
			Type: pulumi.String("ipsec.1"),
			Tags: pulumi.StringMap{
				"Name": pulumi.String("example_ipsec_vpn_example"),
			},
		})
		if err != nil {
			return err
		}
		return nil
	})
}
Content copied to clipboard
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.aws.directconnect.Gateway;
import com.pulumi.aws.directconnect.GatewayArgs;
import com.pulumi.aws.ec2transitgateway.TransitGateway;
import com.pulumi.aws.ec2transitgateway.TransitGatewayArgs;
import com.pulumi.aws.ec2.CustomerGateway;
import com.pulumi.aws.ec2.CustomerGatewayArgs;
import com.pulumi.aws.directconnect.GatewayAssociation;
import com.pulumi.aws.directconnect.GatewayAssociationArgs;
import com.pulumi.aws.ec2transitgateway.Ec2transitgatewayFunctions;
import com.pulumi.aws.ec2transitgateway.inputs.GetDirectConnectGatewayAttachmentArgs;
import com.pulumi.aws.ec2.VpnConnection;
import com.pulumi.aws.ec2.VpnConnectionArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
    public static void main(String[] args) {
        Pulumi.run(App::stack);
    }
    public static void stack(Context ctx) {
        var exampleGateway = new Gateway("exampleGateway", GatewayArgs.builder()
            .name("example_ipsec_vpn_example")
            .amazonSideAsn("64512")
            .build());
        var exampleTransitGateway = new TransitGateway("exampleTransitGateway", TransitGatewayArgs.builder()
            .amazonSideAsn("64513")
            .description("example_ipsec_vpn_example")
            .transitGatewayCidrBlocks("10.0.0.0/24")
            .build());
        var exampleCustomerGateway = new CustomerGateway("exampleCustomerGateway", CustomerGatewayArgs.builder()
            .bgpAsn(64514)
            .ipAddress("10.0.0.1")
            .type("ipsec.1")
            .tags(Map.of("Name", "example_ipsec_vpn_example"))
            .build());
        var exampleGatewayAssociation = new GatewayAssociation("exampleGatewayAssociation", GatewayAssociationArgs.builder()
            .dxGatewayId(exampleGateway.id())
            .associatedGatewayId(exampleTransitGateway.id())
            .allowedPrefixes("10.0.0.0/8")
            .build());
        final var example = Ec2transitgatewayFunctions.getDirectConnectGatewayAttachment(GetDirectConnectGatewayAttachmentArgs.builder()
            .transitGatewayId(exampleTransitGateway.id())
            .dxGatewayId(exampleGateway.id())
            .build());
        var exampleVpnConnection = new VpnConnection("exampleVpnConnection", VpnConnectionArgs.builder()
            .customerGatewayId(exampleCustomerGateway.id())
            .outsideIpAddressType("PrivateIpv4")
            .transitGatewayId(exampleTransitGateway.id())
            .transportTransitGatewayAttachmentId(example.applyValue(getDirectConnectGatewayAttachmentResult -> getDirectConnectGatewayAttachmentResult).applyValue(example -> example.applyValue(getDirectConnectGatewayAttachmentResult -> getDirectConnectGatewayAttachmentResult.id())))
            .type("ipsec.1")
            .tags(Map.of("Name", "example_ipsec_vpn_example"))
            .build());
    }
}
Content copied to clipboard
resources:
  exampleGateway:
    type: aws:directconnect:Gateway
    name: example
    properties:
      name: example_ipsec_vpn_example
      amazonSideAsn: '64512'
  exampleTransitGateway:
    type: aws:ec2transitgateway:TransitGateway
    name: example
    properties:
      amazonSideAsn: '64513'
      description: example_ipsec_vpn_example
      transitGatewayCidrBlocks:
        - 10.0.0.0/24
  exampleCustomerGateway:
    type: aws:ec2:CustomerGateway
    name: example
    properties:
      bgpAsn: 64514
      ipAddress: 10.0.0.1
      type: ipsec.1
      tags:
        Name: example_ipsec_vpn_example
  exampleGatewayAssociation:
    type: aws:directconnect:GatewayAssociation
    name: example
    properties:
      dxGatewayId: ${exampleGateway.id}
      associatedGatewayId: ${exampleTransitGateway.id}
      allowedPrefixes:
        - 10.0.0.0/8
  exampleVpnConnection:
    type: aws:ec2:VpnConnection
    name: example
    properties:
      customerGatewayId: ${exampleCustomerGateway.id}
      outsideIpAddressType: PrivateIpv4
      transitGatewayId: ${exampleTransitGateway.id}
      transportTransitGatewayAttachmentId: ${example.id}
      type: ipsec.1
      tags:
        Name: example_ipsec_vpn_example
variables:
  example:
    fn::invoke:
      Function: aws:ec2transitgateway:getDirectConnectGatewayAttachment
      Arguments:
        transitGatewayId: ${exampleTransitGateway.id}
        dxGatewayId: ${exampleGateway.id}
Content copied to clipboard

Import

Using pulumi import, import VPN Connections using the VPN connection id. For example:

$ pulumi import aws:ec2/vpnConnection:VpnConnection testvpnconnection vpn-40f41529
Content copied to clipboard

Constructors

Link copied to clipboard
fun VpnConnectionArgs(customerGatewayId: Output<String>? = null, enableAcceleration: Output<Boolean>? = null, localIpv4NetworkCidr: Output<String>? = null, localIpv6NetworkCidr: Output<String>? = null, outsideIpAddressType: Output<String>? = null, remoteIpv4NetworkCidr: Output<String>? = null, remoteIpv6NetworkCidr: Output<String>? = null, staticRoutesOnly: Output<Boolean>? = null, tags: Output<Map<String, String>>? = null, transitGatewayId: Output<String>? = null, transportTransitGatewayAttachmentId: Output<String>? = null, tunnel1DpdTimeoutAction: Output<String>? = null, tunnel1DpdTimeoutSeconds: Output<Int>? = null, tunnel1EnableTunnelLifecycleControl: Output<Boolean>? = null, tunnel1IkeVersions: Output<List<String>>? = null, tunnel1InsideCidr: Output<String>? = null, tunnel1InsideIpv6Cidr: Output<String>? = null, tunnel1LogOptions: Output<VpnConnectionTunnel1LogOptionsArgs>? = null, tunnel1Phase1DhGroupNumbers: Output<List<Int>>? = null, tunnel1Phase1EncryptionAlgorithms: Output<List<String>>? = null, tunnel1Phase1IntegrityAlgorithms: Output<List<String>>? = null, tunnel1Phase1LifetimeSeconds: Output<Int>? = null, tunnel1Phase2DhGroupNumbers: Output<List<Int>>? = null, tunnel1Phase2EncryptionAlgorithms: Output<List<String>>? = null, tunnel1Phase2IntegrityAlgorithms: Output<List<String>>? = null, tunnel1Phase2LifetimeSeconds: Output<Int>? = null, tunnel1PresharedKey: Output<String>? = null, tunnel1RekeyFuzzPercentage: Output<Int>? = null, tunnel1RekeyMarginTimeSeconds: Output<Int>? = null, tunnel1ReplayWindowSize: Output<Int>? = null, tunnel1StartupAction: Output<String>? = null, tunnel2DpdTimeoutAction: Output<String>? = null, tunnel2DpdTimeoutSeconds: Output<Int>? = null, tunnel2EnableTunnelLifecycleControl: Output<Boolean>? = null, tunnel2IkeVersions: Output<List<String>>? = null, tunnel2InsideCidr: Output<String>? = null, tunnel2InsideIpv6Cidr: Output<String>? = null, tunnel2LogOptions: Output<VpnConnectionTunnel2LogOptionsArgs>? = null, tunnel2Phase1DhGroupNumbers: Output<List<Int>>? = null, tunnel2Phase1EncryptionAlgorithms: Output<List<String>>? = null, tunnel2Phase1IntegrityAlgorithms: Output<List<String>>? = null, tunnel2Phase1LifetimeSeconds: Output<Int>? = null, tunnel2Phase2DhGroupNumbers: Output<List<Int>>? = null, tunnel2Phase2EncryptionAlgorithms: Output<List<String>>? = null, tunnel2Phase2IntegrityAlgorithms: Output<List<String>>? = null, tunnel2Phase2LifetimeSeconds: Output<Int>? = null, tunnel2PresharedKey: Output<String>? = null, tunnel2RekeyFuzzPercentage: Output<Int>? = null, tunnel2RekeyMarginTimeSeconds: Output<Int>? = null, tunnel2ReplayWindowSize: Output<Int>? = null, tunnel2StartupAction: Output<String>? = null, tunnelInsideIpVersion: Output<String>? = null, type: Output<String>? = null, vpnGatewayId: Output<String>? = null)

Functions

Link copied to clipboard
open override fun toJava(): VpnConnectionArgs

Properties

Link copied to clipboard
val customerGatewayId: Output<String>? = null

The ID of the customer gateway.

Link copied to clipboard
val enableAcceleration: Output<Boolean>? = null

Indicate whether to enable acceleration for the VPN connection. Supports only EC2 Transit Gateway.

Link copied to clipboard
val localIpv4NetworkCidr: Output<String>? = null

The IPv4 CIDR on the customer gateway (on-premises) side of the VPN connection.

Link copied to clipboard
val localIpv6NetworkCidr: Output<String>? = null

The IPv6 CIDR on the customer gateway (on-premises) side of the VPN connection.

Link copied to clipboard
val outsideIpAddressType: Output<String>? = null

Indicates if a Public S2S VPN or Private S2S VPN over AWS Direct Connect. Valid values are PublicIpv4 | PrivateIpv4

Link copied to clipboard
val remoteIpv4NetworkCidr: Output<String>? = null

The IPv4 CIDR on the AWS side of the VPN connection.

Link copied to clipboard
val remoteIpv6NetworkCidr: Output<String>? = null

The IPv6 CIDR on the AWS side of the VPN connection.

Link copied to clipboard
val staticRoutesOnly: Output<Boolean>? = null

Whether the VPN connection uses static routes exclusively. Static routes must be used for devices that don't support BGP.

Link copied to clipboard
val tags: Output<Map<String, String>>? = null

Tags to apply to the connection. If configured with a provider default_tags configuration block present, tags with matching keys will overwrite those defined at the provider-level.

Link copied to clipboard
val transitGatewayId: Output<String>? = null

The ID of the EC2 Transit Gateway.

Link copied to clipboard
val transportTransitGatewayAttachmentId: Output<String>? = null

. The attachment ID of the Transit Gateway attachment to Direct Connect Gateway. The ID is obtained through a data source only.

Link copied to clipboard
val tunnel1DpdTimeoutAction: Output<String>? = null

The action to take after DPD timeout occurs for the first VPN tunnel. Specify restart to restart the IKE initiation. Specify clear to end the IKE session. Valid values are clear | none | restart.

Link copied to clipboard
val tunnel1DpdTimeoutSeconds: Output<Int>? = null

The number of seconds after which a DPD timeout occurs for the first VPN tunnel. Valid value is equal or higher than 30.

Link copied to clipboard
val tunnel1EnableTunnelLifecycleControl: Output<Boolean>? = null

Turn on or off tunnel endpoint lifecycle control feature for the first VPN tunnel. Valid values are true | false.

Link copied to clipboard
val tunnel1IkeVersions: Output<List<String>>? = null

The IKE versions that are permitted for the first VPN tunnel. Valid values are ikev1 | ikev2.

Link copied to clipboard
val tunnel1InsideCidr: Output<String>? = null

The CIDR block of the inside IP addresses for the first VPN tunnel. Valid value is a size /30 CIDR block from the 169.254.0.0/16 range.

Link copied to clipboard
val tunnel1InsideIpv6Cidr: Output<String>? = null

The range of inside IPv6 addresses for the first VPN tunnel. Supports only EC2 Transit Gateway. Valid value is a size /126 CIDR block from the local fd00::/8 range.

Link copied to clipboard
val tunnel1LogOptions: Output<VpnConnectionTunnel1LogOptionsArgs>? = null

Options for logging VPN tunnel activity. See Log Options below for more details.

Link copied to clipboard
val tunnel1Phase1DhGroupNumbers: Output<List<Int>>? = null

List of one or more Diffie-Hellman group numbers that are permitted for the first VPN tunnel for phase 1 IKE negotiations. Valid values are 2 | 14 | 15 | 16 | 17 | 18 | 19 | 20 | 21 | 22 | 23 | 24.

Link copied to clipboard
val tunnel1Phase1EncryptionAlgorithms: Output<List<String>>? = null

List of one or more encryption algorithms that are permitted for the first VPN tunnel for phase 1 IKE negotiations. Valid values are AES128 | AES256 | AES128-GCM-16 | AES256-GCM-16.

Link copied to clipboard
val tunnel1Phase1IntegrityAlgorithms: Output<List<String>>? = null

One or more integrity algorithms that are permitted for the first VPN tunnel for phase 1 IKE negotiations. Valid values are SHA1 | SHA2-256 | SHA2-384 | SHA2-512.

Link copied to clipboard
val tunnel1Phase1LifetimeSeconds: Output<Int>? = null

The lifetime for phase 1 of the IKE negotiation for the first VPN tunnel, in seconds. Valid value is between 900 and 28800.

Link copied to clipboard
val tunnel1Phase2DhGroupNumbers: Output<List<Int>>? = null

List of one or more Diffie-Hellman group numbers that are permitted for the first VPN tunnel for phase 2 IKE negotiations. Valid values are 2 | 5 | 14 | 15 | 16 | 17 | 18 | 19 | 20 | 21 | 22 | 23 | 24.

Link copied to clipboard
val tunnel1Phase2EncryptionAlgorithms: Output<List<String>>? = null

List of one or more encryption algorithms that are permitted for the first VPN tunnel for phase 2 IKE negotiations. Valid values are AES128 | AES256 | AES128-GCM-16 | AES256-GCM-16.

Link copied to clipboard
val tunnel1Phase2IntegrityAlgorithms: Output<List<String>>? = null

List of one or more integrity algorithms that are permitted for the first VPN tunnel for phase 2 IKE negotiations. Valid values are SHA1 | SHA2-256 | SHA2-384 | SHA2-512.

Link copied to clipboard
val tunnel1Phase2LifetimeSeconds: Output<Int>? = null

The lifetime for phase 2 of the IKE negotiation for the first VPN tunnel, in seconds. Valid value is between 900 and 3600.

Link copied to clipboard
val tunnel1PresharedKey: Output<String>? = null

The preshared key of the first VPN tunnel. The preshared key must be between 8 and 64 characters in length and cannot start with zero(0). Allowed characters are alphanumeric characters, periods(.) and underscores(_).

Link copied to clipboard
val tunnel1RekeyFuzzPercentage: Output<Int>? = null

The percentage of the rekey window for the first VPN tunnel (determined by tunnel1_rekey_margin_time_seconds) during which the rekey time is randomly selected. Valid value is between 0 and 100.

Link copied to clipboard
val tunnel1RekeyMarginTimeSeconds: Output<Int>? = null

The margin time, in seconds, before the phase 2 lifetime expires, during which the AWS side of the first VPN connection performs an IKE rekey. The exact time of the rekey is randomly selected based on the value for tunnel1_rekey_fuzz_percentage. Valid value is between 60 and half of tunnel1_phase2_lifetime_seconds.

Link copied to clipboard
val tunnel1ReplayWindowSize: Output<Int>? = null

The number of packets in an IKE replay window for the first VPN tunnel. Valid value is between 64 and 2048.

Link copied to clipboard
val tunnel1StartupAction: Output<String>? = null

The action to take when the establishing the tunnel for the first VPN connection. By default, your customer gateway device must initiate the IKE negotiation and bring up the tunnel. Specify start for AWS to initiate the IKE negotiation. Valid values are add | start.

Link copied to clipboard
val tunnel2DpdTimeoutAction: Output<String>? = null

The action to take after DPD timeout occurs for the second VPN tunnel. Specify restart to restart the IKE initiation. Specify clear to end the IKE session. Valid values are clear | none | restart.

Link copied to clipboard
val tunnel2DpdTimeoutSeconds: Output<Int>? = null

The number of seconds after which a DPD timeout occurs for the second VPN tunnel. Valid value is equal or higher than 30.

Link copied to clipboard
val tunnel2EnableTunnelLifecycleControl: Output<Boolean>? = null

Turn on or off tunnel endpoint lifecycle control feature for the second VPN tunnel. Valid values are true | false.

Link copied to clipboard
val tunnel2IkeVersions: Output<List<String>>? = null

The IKE versions that are permitted for the second VPN tunnel. Valid values are ikev1 | ikev2.

Link copied to clipboard
val tunnel2InsideCidr: Output<String>? = null

The CIDR block of the inside IP addresses for the second VPN tunnel. Valid value is a size /30 CIDR block from the 169.254.0.0/16 range.

Link copied to clipboard
val tunnel2InsideIpv6Cidr: Output<String>? = null

The range of inside IPv6 addresses for the second VPN tunnel. Supports only EC2 Transit Gateway. Valid value is a size /126 CIDR block from the local fd00::/8 range.

Link copied to clipboard
val tunnel2LogOptions: Output<VpnConnectionTunnel2LogOptionsArgs>? = null

Options for logging VPN tunnel activity. See Log Options below for more details.

Link copied to clipboard
val tunnel2Phase1DhGroupNumbers: Output<List<Int>>? = null

List of one or more Diffie-Hellman group numbers that are permitted for the second VPN tunnel for phase 1 IKE negotiations. Valid values are 2 | 14 | 15 | 16 | 17 | 18 | 19 | 20 | 21 | 22 | 23 | 24.

Link copied to clipboard
val tunnel2Phase1EncryptionAlgorithms: Output<List<String>>? = null

List of one or more encryption algorithms that are permitted for the second VPN tunnel for phase 1 IKE negotiations. Valid values are AES128 | AES256 | AES128-GCM-16 | AES256-GCM-16.

Link copied to clipboard
val tunnel2Phase1IntegrityAlgorithms: Output<List<String>>? = null

One or more integrity algorithms that are permitted for the second VPN tunnel for phase 1 IKE negotiations. Valid values are SHA1 | SHA2-256 | SHA2-384 | SHA2-512.

Link copied to clipboard
val tunnel2Phase1LifetimeSeconds: Output<Int>? = null

The lifetime for phase 1 of the IKE negotiation for the second VPN tunnel, in seconds. Valid value is between 900 and 28800.

Link copied to clipboard
val tunnel2Phase2DhGroupNumbers: Output<List<Int>>? = null

List of one or more Diffie-Hellman group numbers that are permitted for the second VPN tunnel for phase 2 IKE negotiations. Valid values are 2 | 5 | 14 | 15 | 16 | 17 | 18 | 19 | 20 | 21 | 22 | 23 | 24.

Link copied to clipboard
val tunnel2Phase2EncryptionAlgorithms: Output<List<String>>? = null

List of one or more encryption algorithms that are permitted for the second VPN tunnel for phase 2 IKE negotiations. Valid values are AES128 | AES256 | AES128-GCM-16 | AES256-GCM-16.

Link copied to clipboard
val tunnel2Phase2IntegrityAlgorithms: Output<List<String>>? = null

List of one or more integrity algorithms that are permitted for the second VPN tunnel for phase 2 IKE negotiations. Valid values are SHA1 | SHA2-256 | SHA2-384 | SHA2-512.

Link copied to clipboard
val tunnel2Phase2LifetimeSeconds: Output<Int>? = null

The lifetime for phase 2 of the IKE negotiation for the second VPN tunnel, in seconds. Valid value is between 900 and 3600.

Link copied to clipboard
val tunnel2PresharedKey: Output<String>? = null

The preshared key of the second VPN tunnel. The preshared key must be between 8 and 64 characters in length and cannot start with zero(0). Allowed characters are alphanumeric characters, periods(.) and underscores(_).

Link copied to clipboard
val tunnel2RekeyFuzzPercentage: Output<Int>? = null

The percentage of the rekey window for the second VPN tunnel (determined by tunnel2_rekey_margin_time_seconds) during which the rekey time is randomly selected. Valid value is between 0 and 100.

Link copied to clipboard
val tunnel2RekeyMarginTimeSeconds: Output<Int>? = null

The margin time, in seconds, before the phase 2 lifetime expires, during which the AWS side of the second VPN connection performs an IKE rekey. The exact time of the rekey is randomly selected based on the value for tunnel2_rekey_fuzz_percentage. Valid value is between 60 and half of tunnel2_phase2_lifetime_seconds.

Link copied to clipboard
val tunnel2ReplayWindowSize: Output<Int>? = null

The number of packets in an IKE replay window for the second VPN tunnel. Valid value is between 64 and 2048.

Link copied to clipboard
val tunnel2StartupAction: Output<String>? = null

The action to take when the establishing the tunnel for the second VPN connection. By default, your customer gateway device must initiate the IKE negotiation and bring up the tunnel. Specify start for AWS to initiate the IKE negotiation. Valid values are add | start.

Link copied to clipboard
val tunnelInsideIpVersion: Output<String>? = null

Indicate whether the VPN tunnels process IPv4 or IPv6 traffic. Valid values are ipv4 | ipv6. ipv6 Supports only EC2 Transit Gateway.

Link copied to clipboard
val type: Output<String>? = null

The type of VPN connection. The only type AWS supports at this time is "ipsec.1".

Link copied to clipboard
val vpnGatewayId: Output<String>? = null

The ID of the Virtual Private Gateway.