vpn_connections

Creates, updates, deletes or gets a vpn_connection resource or lists vpn_connections in a region

Overview

Name	`vpn_connections`
Type	Resource
Description	Specifies a VPN connection between a virtual private gateway and a VPN customer gateway or a transit gateway and a VPN customer gateway. To specify a VPN connection between a transit gateway and customer gateway, use the ``TransitGatewayId`` and ``CustomerGatewayId`` properties. To specify a VPN connection between a virtual private gateway and customer gateway, use the ``VpnGatewayId`` and ``CustomerGatewayId`` properties. For more information, see [](https://docs.aws.amazon.com/vpn/latest/s2svpn/VPC_VPN.html) in the User Guide.
Id	`awscc.ec2.vpn_connections`

Fields

get (all properties)
list (identifiers only)

Name	Datatype	Description
`remote_ipv6_network_cidr`	`string`	The IPv6 CIDR on the AWS side of the VPN connection.<br />Default: ``::/0``
`remote_ipv4_network_cidr`	`string`	The IPv4 CIDR on the AWS side of the VPN connection.<br />Default: ``0.0.0.0/0``
▶`vpn_tunnel_options_specifications`	`array`	The tunnel options for the VPN connection.
`customer_gateway_id`	`string`	The ID of the customer gateway at your end of the VPN connection.
`outside_ip_address_type`	`string`	The type of IP address assigned to the outside interface of the customer gateway device.<br />Valid values: ``PrivateIpv4`` \| ``PublicIpv4`` \| ``Ipv6``<br />Default: ``PublicIpv4``
`static_routes_only`	`boolean`	Indicates whether the VPN connection uses static routes only. Static routes must be used for devices that don't support BGP.<br />If you are creating a VPN connection for a device that does not support Border Gateway Protocol (BGP), you must specify ``true``.
`enable_acceleration`	`boolean`	Indicate whether to enable acceleration for the VPN connection.<br />Default: ``false``
`transit_gateway_id`	`string`	The ID of the transit gateway associated with the VPN connection.<br />You must specify either ``TransitGatewayId`` or ``VpnGatewayId``, but not both.
`type`	`string`	The type of VPN connection.
`local_ipv4_network_cidr`	`string`	The IPv4 CIDR on the customer gateway (on-premises) side of the VPN connection.<br />Default: ``0.0.0.0/0``
`vpn_gateway_id`	`string`	The ID of the virtual private gateway at the AWS side of the VPN connection.<br />You must specify either ``TransitGatewayId`` or ``VpnGatewayId``, but not both.
`pre_shared_key_storage`	`string`	Describes the storage location for an instance store-backed AMI.
`transport_transit_gateway_attachment_id`	`string`	The transit gateway attachment ID to use for the VPN tunnel.<br />Required if ``OutsideIpAddressType`` is set to ``PrivateIpv4``.
`local_ipv6_network_cidr`	`string`	The IPv6 CIDR on the customer gateway (on-premises) side of the VPN connection.<br />Default: ``::/0``
`vpn_connection_id`	`string`
`tunnel_inside_ip_version`	`string`	Indicate whether the VPN tunnels process IPv4 or IPv6 traffic.<br />Default: ``ipv4``
▶`tags`	`array`	Any tags assigned to the VPN connection.
`region`	`string`	AWS region.

Name	Datatype	Description
`vpn_connection_id`	`string`
`region`	`string`	AWS region.

For more information, see AWS::EC2::VPNConnection.

Methods

Name	Resource	Accessible by	Required Params
`create_resource`	`vpn_connections`	`INSERT`	`Type, CustomerGatewayId, region`
`delete_resource`	`vpn_connections`	`DELETE`	`Identifier, region`
`update_resource`	`vpn_connections`	`UPDATE`	`Identifier, PatchDocument, region`
`list_resources`	`vpn_connections_list_only`	`SELECT`	`region`
`get_resource`	`vpn_connections`	`SELECT`	`Identifier, region`

`SELECT` examples

get (all properties)
list (identifiers only)

Gets all properties from an individual vpn_connection.

SELECT
  region,
  remote_ipv6_network_cidr,
  remote_ipv4_network_cidr,
  vpn_tunnel_options_specifications,
  customer_gateway_id,
  outside_ip_address_type,
  static_routes_only,
  enable_acceleration,
  transit_gateway_id,
  type,
  local_ipv4_network_cidr,
  vpn_gateway_id,
  pre_shared_key_storage,
  transport_transit_gateway_attachment_id,
  local_ipv6_network_cidr,
  vpn_connection_id,
  tunnel_inside_ip_version,
  tags
FROM awscc.ec2.vpn_connections
WHERE
  region = 'us-east-1' AND
  Identifier = '{{ vpn_connection_id }}';

Lists all vpn_connections in a region.

SELECT
  region,
  vpn_connection_id
FROM awscc.ec2.vpn_connections_list_only
WHERE
  region = 'us-east-1';

`INSERT` example

Use the following StackQL query and manifest file to create a new vpn_connection resource, using stack-deploy.

Required Properties
All Properties
Manifest

/*+ create */
INSERT INTO awscc.ec2.vpn_connections (
  CustomerGatewayId,
  Type,
  region
)
SELECT
  '{{ customer_gateway_id }}',
  '{{ type }}',
  '{{ region }}';

/*+ create */
INSERT INTO awscc.ec2.vpn_connections (
  RemoteIpv6NetworkCidr,
  RemoteIpv4NetworkCidr,
  VpnTunnelOptionsSpecifications,
  CustomerGatewayId,
  OutsideIpAddressType,
  StaticRoutesOnly,
  EnableAcceleration,
  TransitGatewayId,
  Type,
  LocalIpv4NetworkCidr,
  VpnGatewayId,
  PreSharedKeyStorage,
  TransportTransitGatewayAttachmentId,
  LocalIpv6NetworkCidr,
  TunnelInsideIpVersion,
  Tags,
  region
)
SELECT
  '{{ remote_ipv6_network_cidr }}',
  '{{ remote_ipv4_network_cidr }}',
  '{{ vpn_tunnel_options_specifications }}',
  '{{ customer_gateway_id }}',
  '{{ outside_ip_address_type }}',
  '{{ static_routes_only }}',
  '{{ enable_acceleration }}',
  '{{ transit_gateway_id }}',
  '{{ type }}',
  '{{ local_ipv4_network_cidr }}',
  '{{ vpn_gateway_id }}',
  '{{ pre_shared_key_storage }}',
  '{{ transport_transit_gateway_attachment_id }}',
  '{{ local_ipv6_network_cidr }}',
  '{{ tunnel_inside_ip_version }}',
  '{{ tags }}',
  '{{ region }}';

version: 1
name: stack name
description: stack description
providers:
  - aws
globals:
  - name: region
    value: '{{ vars.AWS_REGION }}'
resources:
  - name: vpn_connection
    props:
      - name: remote_ipv6_network_cidr
        value: '{{ remote_ipv6_network_cidr }}'
      - name: remote_ipv4_network_cidr
        value: '{{ remote_ipv4_network_cidr }}'
      - name: vpn_tunnel_options_specifications
        value:
          - phase2_encryption_algorithms:
              - value: '{{ value }}'
            phase2_dh_group_numbers:
              - value: '{{ value }}'
            tunnel_inside_ipv6_cidr: '{{ tunnel_inside_ipv6_cidr }}'
            startup_action: '{{ startup_action }}'
            tunnel_inside_cidr: '{{ tunnel_inside_cidr }}'
            i_ke_versions:
              - value: '{{ value }}'
            log_options:
              cloudwatch_log_options:
                log_enabled: '{{ log_enabled }}'
                log_output_format: '{{ log_output_format }}'
                log_group_arn: '{{ log_group_arn }}'
            phase1_dh_group_numbers:
              - value: '{{ value }}'
            replay_window_size: '{{ replay_window_size }}'
            enable_tunnel_lifecycle_control: '{{ enable_tunnel_lifecycle_control }}'
            rekey_margin_time_seconds: '{{ rekey_margin_time_seconds }}'
            d_pd_timeout_action: '{{ d_pd_timeout_action }}'
            phase2_lifetime_seconds: '{{ phase2_lifetime_seconds }}'
            phase2_integrity_algorithms:
              - value: '{{ value }}'
            phase1_integrity_algorithms:
              - value: '{{ value }}'
            pre_shared_key: '{{ pre_shared_key }}'
            phase1_lifetime_seconds: '{{ phase1_lifetime_seconds }}'
            rekey_fuzz_percentage: '{{ rekey_fuzz_percentage }}'
            phase1_encryption_algorithms:
              - value: '{{ value }}'
            d_pd_timeout_seconds: '{{ d_pd_timeout_seconds }}'
      - name: customer_gateway_id
        value: '{{ customer_gateway_id }}'
      - name: outside_ip_address_type
        value: '{{ outside_ip_address_type }}'
      - name: static_routes_only
        value: '{{ static_routes_only }}'
      - name: enable_acceleration
        value: '{{ enable_acceleration }}'
      - name: transit_gateway_id
        value: '{{ transit_gateway_id }}'
      - name: type
        value: '{{ type }}'
      - name: local_ipv4_network_cidr
        value: '{{ local_ipv4_network_cidr }}'
      - name: vpn_gateway_id
        value: '{{ vpn_gateway_id }}'
      - name: pre_shared_key_storage
        value: '{{ pre_shared_key_storage }}'
      - name: transport_transit_gateway_attachment_id
        value: '{{ transport_transit_gateway_attachment_id }}'
      - name: local_ipv6_network_cidr
        value: '{{ local_ipv6_network_cidr }}'
      - name: tunnel_inside_ip_version
        value: '{{ tunnel_inside_ip_version }}'
      - name: tags
        value:
          - key: '{{ key }}'
            value: '{{ value }}'

`UPDATE` example

Use the following StackQL query and manifest file to update a vpn_connection resource, using stack-deploy.

/*+ update */
UPDATE awscc.ec2.vpn_connections
SET PatchDocument = string('{{ {
    "Tags": tags
} | generate_patch_document }}')
WHERE
  region = '{{ region }}' AND
  Identifier = '{{ vpn_connection_id }}';

`DELETE` example

/*+ delete */
DELETE FROM awscc.ec2.vpn_connections
WHERE
  Identifier = '{{ vpn_connection_id }}' AND
  region = 'us-east-1';

Permissions

To operate on the vpn_connections resource, the following permissions are required:

Read
Create
Update
List
Delete

ec2:DescribeVpnConnections

ec2:DescribeVpnConnections,
ec2:CreateVpnConnection,
ec2:CreateTags

ec2:DescribeVpnConnections,
ec2:CreateTags,
ec2:DeleteTags

ec2:DescribeVpnConnections

ec2:DescribeVpnConnections,
ec2:DeleteVpnConnection

Overview​

Fields​

Methods​

SELECT examples​

INSERT example​

UPDATE example​

DELETE example​

Permissions​