vpn_connections
Creates, updates, deletes or gets a vpn_connection resource or lists vpn_connections in a region
Overview
Fields
- get (all properties)
- list (identifiers only)
| Name | Datatype | Description |
|---|---|---|
remote_ipv6_network_cidr | string | The IPv6 CIDR on the AWS side of the VPN connection.Default:::/0 |
remote_ipv4_network_cidr | string | The IPv4 CIDR on the AWS side of the VPN connection.Default:0.0.0.0/0 |
vpn_tunnel_options_specifications | array | The tunnel options for the VPN connection. |
customer_gateway_id | string | The ID of the customer gateway at your end of the VPN connection. |
outside_ip_address_type | string | The type of IP address assigned to the outside interface of the customer gateway device.Valid values:PrivateIpv4 | PublicIpv4 | Ipv6Default: PublicIpv4 |
static_routes_only | boolean | Indicates whether the VPN connection uses static routes only. Static routes must be used for devices that don't support BGP.If you are creating a VPN connection for a device that does not support Border Gateway Protocol (BGP), you must specifytrue. |
enable_acceleration | boolean | Indicate whether to enable acceleration for the VPN connection.Default:false |
transit_gateway_id | string | The ID of the transit gateway associated with the VPN connection.You must specify eitherTransitGatewayId or VpnGatewayId, but not both. |
type | string | The type of VPN connection. |
local_ipv4_network_cidr | string | The IPv4 CIDR on the customer gateway (on-premises) side of the VPN connection.Default:0.0.0.0/0 |
vpn_gateway_id | string | The ID of the virtual private gateway at the AWS side of the VPN connection.You must specify eitherTransitGatewayId or VpnGatewayId, but not both. |
pre_shared_key_storage | string | Describes the storage location for an instance store-backed AMI. |
transport_transit_gateway_attachment_id | string | The transit gateway attachment ID to use for the VPN tunnel.Required ifOutsideIpAddressType is set to PrivateIpv4. |
local_ipv6_network_cidr | string | The IPv6 CIDR on the customer gateway (on-premises) side of the VPN connection.Default:::/0 |
vpn_connection_id | string | |
tunnel_inside_ip_version | string | Indicate whether the VPN tunnels process IPv4 or IPv6 traffic.Default:ipv4 |
tags | array | Any tags assigned to the VPN connection. |
region | string | AWS region. |
| Name | Datatype | Description |
|---|---|---|
vpn_connection_id | string | |
region | string | AWS region. |
For more information, see AWS::EC2::VPNConnection.
Methods
| Name | Resource | Accessible by | Required Params |
|---|---|---|---|
create_resource | vpn_connections | INSERT | Type, CustomerGatewayId, region |
delete_resource | vpn_connections | DELETE | Identifier, region |
update_resource | vpn_connections | UPDATE | Identifier, PatchDocument, region |
list_resources | vpn_connections_list_only | SELECT | region |
get_resource | vpn_connections | SELECT | Identifier, region |
SELECT examples
- get (all properties)
- list (identifiers only)
Gets all properties from an individual vpn_connection.
SELECT
region,
remote_ipv6_network_cidr,
remote_ipv4_network_cidr,
vpn_tunnel_options_specifications,
customer_gateway_id,
outside_ip_address_type,
static_routes_only,
enable_acceleration,
transit_gateway_id,
type,
local_ipv4_network_cidr,
vpn_gateway_id,
pre_shared_key_storage,
transport_transit_gateway_attachment_id,
local_ipv6_network_cidr,
vpn_connection_id,
tunnel_inside_ip_version,
tags
FROM awscc.ec2.vpn_connections
WHERE
region = '{{ region }}' AND
Identifier = '{{ vpn_connection_id }}';
Lists all vpn_connections in a region.
SELECT
region,
vpn_connection_id
FROM awscc.ec2.vpn_connections_list_only
WHERE
region = '{{ region }}';
INSERT example
Use the following StackQL query and manifest file to create a new vpn_connection resource, using stack-deploy.
- Required Properties
- All Properties
- Manifest
/*+ create */
INSERT INTO awscc.ec2.vpn_connections (
CustomerGatewayId,
Type,
region
)
SELECT
'{{ customer_gateway_id }}',
'{{ type }}',
'{{ region }}'
RETURNING
ErrorCode,
EventTime,
Identifier,
Operation,
OperationStatus,
RequestToken,
ResourceModel,
RetryAfter,
StatusMessage,
TypeName
;
/*+ create */
INSERT INTO awscc.ec2.vpn_connections (
RemoteIpv6NetworkCidr,
RemoteIpv4NetworkCidr,
VpnTunnelOptionsSpecifications,
CustomerGatewayId,
OutsideIpAddressType,
StaticRoutesOnly,
EnableAcceleration,
TransitGatewayId,
Type,
LocalIpv4NetworkCidr,
VpnGatewayId,
PreSharedKeyStorage,
TransportTransitGatewayAttachmentId,
LocalIpv6NetworkCidr,
TunnelInsideIpVersion,
Tags,
region
)
SELECT
'{{ remote_ipv6_network_cidr }}',
'{{ remote_ipv4_network_cidr }}',
'{{ vpn_tunnel_options_specifications }}',
'{{ customer_gateway_id }}',
'{{ outside_ip_address_type }}',
'{{ static_routes_only }}',
'{{ enable_acceleration }}',
'{{ transit_gateway_id }}',
'{{ type }}',
'{{ local_ipv4_network_cidr }}',
'{{ vpn_gateway_id }}',
'{{ pre_shared_key_storage }}',
'{{ transport_transit_gateway_attachment_id }}',
'{{ local_ipv6_network_cidr }}',
'{{ tunnel_inside_ip_version }}',
'{{ tags }}',
'{{ region }}'
RETURNING
ErrorCode,
EventTime,
Identifier,
Operation,
OperationStatus,
RequestToken,
ResourceModel,
RetryAfter,
StatusMessage,
TypeName
;
version: 1
name: stack name
description: stack description
providers:
- aws
globals:
- name: region
value: '{{ vars.AWS_REGION }}'
resources:
- name: vpn_connection
props:
- name: remote_ipv6_network_cidr
value: '{{ remote_ipv6_network_cidr }}'
- name: remote_ipv4_network_cidr
value: '{{ remote_ipv4_network_cidr }}'
- name: vpn_tunnel_options_specifications
value:
- phase2_encryption_algorithms:
- value: '{{ value }}'
phase2_dh_group_numbers:
- value: '{{ value }}'
tunnel_inside_ipv6_cidr: '{{ tunnel_inside_ipv6_cidr }}'
startup_action: '{{ startup_action }}'
tunnel_inside_cidr: '{{ tunnel_inside_cidr }}'
i_ke_versions:
- value: '{{ value }}'
log_options:
cloudwatch_log_options:
log_enabled: '{{ log_enabled }}'
log_output_format: '{{ log_output_format }}'
log_group_arn: '{{ log_group_arn }}'
phase1_dh_group_numbers:
- value: '{{ value }}'
replay_window_size: '{{ replay_window_size }}'
enable_tunnel_lifecycle_control: '{{ enable_tunnel_lifecycle_control }}'
rekey_margin_time_seconds: '{{ rekey_margin_time_seconds }}'
d_pd_timeout_action: '{{ d_pd_timeout_action }}'
phase2_lifetime_seconds: '{{ phase2_lifetime_seconds }}'
phase2_integrity_algorithms:
- value: '{{ value }}'
phase1_integrity_algorithms:
- value: '{{ value }}'
pre_shared_key: '{{ pre_shared_key }}'
phase1_lifetime_seconds: '{{ phase1_lifetime_seconds }}'
rekey_fuzz_percentage: '{{ rekey_fuzz_percentage }}'
phase1_encryption_algorithms:
- value: '{{ value }}'
d_pd_timeout_seconds: '{{ d_pd_timeout_seconds }}'
- name: customer_gateway_id
value: '{{ customer_gateway_id }}'
- name: outside_ip_address_type
value: '{{ outside_ip_address_type }}'
- name: static_routes_only
value: '{{ static_routes_only }}'
- name: enable_acceleration
value: '{{ enable_acceleration }}'
- name: transit_gateway_id
value: '{{ transit_gateway_id }}'
- name: type
value: '{{ type }}'
- name: local_ipv4_network_cidr
value: '{{ local_ipv4_network_cidr }}'
- name: vpn_gateway_id
value: '{{ vpn_gateway_id }}'
- name: pre_shared_key_storage
value: '{{ pre_shared_key_storage }}'
- name: transport_transit_gateway_attachment_id
value: '{{ transport_transit_gateway_attachment_id }}'
- name: local_ipv6_network_cidr
value: '{{ local_ipv6_network_cidr }}'
- name: tunnel_inside_ip_version
value: '{{ tunnel_inside_ip_version }}'
- name: tags
value:
- key: '{{ key }}'
value: '{{ value }}'
UPDATE example
Use the following StackQL query and manifest file to update a vpn_connection resource, using stack-deploy.
/*+ update */
UPDATE awscc.ec2.vpn_connections
SET PatchDocument = string('{{ {
"Tags": tags
} | generate_patch_document }}')
WHERE
region = '{{ region }}' AND
Identifier = '{{ vpn_connection_id }}'
RETURNING
ErrorCode,
EventTime,
Identifier,
Operation,
OperationStatus,
RequestToken,
ResourceModel,
RetryAfter,
StatusMessage,
TypeName
;
DELETE example
/*+ delete */
DELETE FROM awscc.ec2.vpn_connections
WHERE
Identifier = '{{ vpn_connection_id }}' AND
region = '{{ region }}'
RETURNING
ErrorCode,
EventTime,
Identifier,
Operation,
OperationStatus,
RequestToken,
ResourceModel,
RetryAfter,
StatusMessage,
TypeName
;
Additional Parameters
Mutable resources in the Cloud Control provider support additional optional parameters which can be supplied with INSERT, UPDATE, or DELETE operations. These include:
| Parameter | Description |
|---|---|
ClientToken | A unique identifier to ensure the idempotency of the resource request.This allows the provider to accurately distinguish between retries and new requests.A client token is valid for 36 hours once used. After that, a resource request with the same client token is treated as a new request. If you do not specify a client token, one is generated for inclusion in the request. |
RoleArn | The ARN of the IAM role used to perform this resource operation.The role specified must have the permissions required for this operation.If you do not specify a role, a temporary session is created using your AWS user credentials. |
TypeVersionId | For private resource types, the type version to use in this resource operation.If you do not specify a resource version, the default version is used. |
Permissions
To operate on the vpn_connections resource, the following permissions are required:
- Read
- Create
- Update
- List
- Delete
ec2:DescribeVpnConnections
ec2:DescribeVpnConnections,
ec2:CreateVpnConnection,
ec2:CreateTags
ec2:DescribeVpnConnections,
ec2:CreateTags,
ec2:DeleteTags
ec2:DescribeVpnConnections
ec2:DescribeVpnConnections,
ec2:DeleteVpnConnection