vpn_connections
Creates, updates, deletes or gets a vpn_connection resource or lists vpn_connections in a region
Overview
| Name | vpn_connections |
| Type | Resource |
| Description | Specifies a VPN connection between a virtual private gateway and a VPN customer gateway or a transit gateway and a VPN customer gateway. To specify a VPN connection between a transit gateway and customer gateway, use the TransitGatewayId and CustomerGatewayId properties.To specify a VPN connection between a virtual private gateway and customer gateway, use the VpnGatewayId and CustomerGatewayId properties.For more information, see [](https://docs.aws.amazon.com/vpn/latest/s2svpn/VPC_VPN.html) in the *User Guide*. |
| Id | aws.ec2.vpn_connections |
Fields
| Name | Datatype | Description |
|---|---|---|
remote_ipv6_network_cidr | string | The IPv6 CIDR on the AWS side of the VPN connection. Default: ::/0 |
remote_ipv4_network_cidr | string | The IPv4 CIDR on the AWS side of the VPN connection. Default: 0.0.0.0/0 |
vpn_tunnel_options_specifications | array | The tunnel options for the VPN connection. |
customer_gateway_id | string | The ID of the customer gateway at your end of the VPN connection. |
outside_ip_address_type | string | The type of IPv4 address assigned to the outside interface of the customer gateway device. Valid values: PrivateIpv4 | PublicIpv4 Default: PublicIpv4 |
static_routes_only | boolean | Indicates whether the VPN connection uses static routes only. Static routes must be used for devices that don't support BGP. If you are creating a VPN connection for a device that does not support Border Gateway Protocol (BGP), you must specify true. |
enable_acceleration | boolean | Indicate whether to enable acceleration for the VPN connection. Default: false |
transit_gateway_id | string | The ID of the transit gateway associated with the VPN connection. You must specify either TransitGatewayId or VpnGatewayId, but not both. |
type | string | The type of VPN connection. |
local_ipv4_network_cidr | string | The IPv4 CIDR on the customer gateway (on-premises) side of the VPN connection. Default: 0.0.0.0/0 |
vpn_gateway_id | string | The ID of the virtual private gateway at the AWS side of the VPN connection. You must specify either TransitGatewayId or VpnGatewayId, but not both. |
transport_transit_gateway_attachment_id | string | The transit gateway attachment ID to use for the VPN tunnel. Required if OutsideIpAddressType is set to PrivateIpv4. |
local_ipv6_network_cidr | string | The IPv6 CIDR on the customer gateway (on-premises) side of the VPN connection. Default: ::/0 |
vpn_connection_id | string | |
tunnel_inside_ip_version | string | Indicate whether the VPN tunnels process IPv4 or IPv6 traffic. Default: ipv4 |
tags | array | Any tags assigned to the VPN connection. |
region | string | AWS region. |
For more information, see AWS::EC2::VPNConnection.
Methods
| Name | Accessible by | Required Params |
|---|---|---|
create_resource | INSERT | Type, CustomerGatewayId, region |
delete_resource | DELETE | data__Identifier, region |
update_resource | UPDATE | data__Identifier, data__PatchDocument, region |
list_resources | SELECT | region |
get_resource | SELECT | data__Identifier, region |
SELECT examples
Gets all vpn_connections in a region.
SELECT
region,
remote_ipv6_network_cidr,
remote_ipv4_network_cidr,
vpn_tunnel_options_specifications,
customer_gateway_id,
outside_ip_address_type,
static_routes_only,
enable_acceleration,
transit_gateway_id,
type,
local_ipv4_network_cidr,
vpn_gateway_id,
transport_transit_gateway_attachment_id,
local_ipv6_network_cidr,
vpn_connection_id,
tunnel_inside_ip_version,
tags
FROM aws.ec2.vpn_connections
WHERE region = 'us-east-1';
Gets all properties from an individual vpn_connection.
SELECT
region,
remote_ipv6_network_cidr,
remote_ipv4_network_cidr,
vpn_tunnel_options_specifications,
customer_gateway_id,
outside_ip_address_type,
static_routes_only,
enable_acceleration,
transit_gateway_id,
type,
local_ipv4_network_cidr,
vpn_gateway_id,
transport_transit_gateway_attachment_id,
local_ipv6_network_cidr,
vpn_connection_id,
tunnel_inside_ip_version,
tags
FROM aws.ec2.vpn_connections
WHERE region = 'us-east-1' AND data__Identifier = '<VpnConnectionId>';
INSERT example
Use the following StackQL query and manifest file to create a new vpn_connection resource, using stack-deploy.
- Required Properties
- All Properties
- Manifest
/*+ create */
INSERT INTO aws.ec2.vpn_connections (
CustomerGatewayId,
Type,
region
)
SELECT
'{{ CustomerGatewayId }}',
'{{ Type }}',
'{{ region }}';
/*+ create */
INSERT INTO aws.ec2.vpn_connections (
RemoteIpv6NetworkCidr,
RemoteIpv4NetworkCidr,
VpnTunnelOptionsSpecifications,
CustomerGatewayId,
OutsideIpAddressType,
StaticRoutesOnly,
EnableAcceleration,
TransitGatewayId,
Type,
LocalIpv4NetworkCidr,
VpnGatewayId,
TransportTransitGatewayAttachmentId,
LocalIpv6NetworkCidr,
TunnelInsideIpVersion,
Tags,
region
)
SELECT
'{{ RemoteIpv6NetworkCidr }}',
'{{ RemoteIpv4NetworkCidr }}',
'{{ VpnTunnelOptionsSpecifications }}',
'{{ CustomerGatewayId }}',
'{{ OutsideIpAddressType }}',
'{{ StaticRoutesOnly }}',
'{{ EnableAcceleration }}',
'{{ TransitGatewayId }}',
'{{ Type }}',
'{{ LocalIpv4NetworkCidr }}',
'{{ VpnGatewayId }}',
'{{ TransportTransitGatewayAttachmentId }}',
'{{ LocalIpv6NetworkCidr }}',
'{{ TunnelInsideIpVersion }}',
'{{ Tags }}',
'{{ region }}';
version: 1
name: stack name
description: stack description
providers:
- aws
globals:
- name: region
value: '{{ vars.AWS_REGION }}'
resources:
- name: vpn_connection
props:
- name: RemoteIpv6NetworkCidr
value: '{{ RemoteIpv6NetworkCidr }}'
- name: RemoteIpv4NetworkCidr
value: '{{ RemoteIpv4NetworkCidr }}'
- name: VpnTunnelOptionsSpecifications
value:
- Phase2EncryptionAlgorithms:
- Value: '{{ Value }}'
Phase2DHGroupNumbers:
- Value: '{{ Value }}'
TunnelInsideIpv6Cidr: '{{ TunnelInsideIpv6Cidr }}'
StartupAction: '{{ StartupAction }}'
TunnelInsideCidr: '{{ TunnelInsideCidr }}'
IKEVersions:
- Value: '{{ Value }}'
LogOptions:
CloudwatchLogOptions:
LogEnabled: '{{ LogEnabled }}'
LogOutputFormat: '{{ LogOutputFormat }}'
LogGroupArn: '{{ LogGroupArn }}'
Phase1DHGroupNumbers:
- Value: '{{ Value }}'
ReplayWindowSize: '{{ ReplayWindowSize }}'
EnableTunnelLifecycleControl: '{{ EnableTunnelLifecycleControl }}'
RekeyMarginTimeSeconds: '{{ RekeyMarginTimeSeconds }}'
DPDTimeoutAction: '{{ DPDTimeoutAction }}'
Phase2LifetimeSeconds: '{{ Phase2LifetimeSeconds }}'
Phase2IntegrityAlgorithms:
- Value: '{{ Value }}'
Phase1IntegrityAlgorithms:
- Value: '{{ Value }}'
PreSharedKey: '{{ PreSharedKey }}'
Phase1LifetimeSeconds: '{{ Phase1LifetimeSeconds }}'
RekeyFuzzPercentage: '{{ RekeyFuzzPercentage }}'
Phase1EncryptionAlgorithms:
- Value: '{{ Value }}'
DPDTimeoutSeconds: '{{ DPDTimeoutSeconds }}'
- name: CustomerGatewayId
value: '{{ CustomerGatewayId }}'
- name: OutsideIpAddressType
value: '{{ OutsideIpAddressType }}'
- name: StaticRoutesOnly
value: '{{ StaticRoutesOnly }}'
- name: EnableAcceleration
value: '{{ EnableAcceleration }}'
- name: TransitGatewayId
value: '{{ TransitGatewayId }}'
- name: Type
value: '{{ Type }}'
- name: LocalIpv4NetworkCidr
value: '{{ LocalIpv4NetworkCidr }}'
- name: VpnGatewayId
value: '{{ VpnGatewayId }}'
- name: TransportTransitGatewayAttachmentId
value: '{{ TransportTransitGatewayAttachmentId }}'
- name: LocalIpv6NetworkCidr
value: '{{ LocalIpv6NetworkCidr }}'
- name: TunnelInsideIpVersion
value: '{{ TunnelInsideIpVersion }}'
- name: Tags
value:
- Key: '{{ Key }}'
Value: '{{ Value }}'
DELETE example
/*+ delete */
DELETE FROM aws.ec2.vpn_connections
WHERE data__Identifier = '<VpnConnectionId>'
AND region = 'us-east-1';
Permissions
To operate on the vpn_connections resource, the following permissions are required:
Read
ec2:DescribeVpnConnections
Create
ec2:DescribeVpnConnections,
ec2:CreateVpnConnection,
ec2:CreateTags
Update
ec2:DescribeVpnConnections,
ec2:CreateTags,
ec2:DeleteTags
List
ec2:DescribeVpnConnections
Delete
ec2:DescribeVpnConnections,
ec2:DeleteVpnConnection