Alibaba Cloud v3.43.1, Sep 11 23

Alibaba Cloud v3.43.1 published on Monday, Sep 11, 2023 by Pulumi

alicloud.vpn.Connection

Explore with Pulumi AI

Alibaba Cloud v3.43.1 published on Monday, Sep 11, 2023 by Pulumi

pulumi/pulumi-alicloud

Import

VPN connection can be imported using the id, e.g.

 $ pulumi import alicloud:vpn/connection:Connection example vco-abc123456

Example Usage

Basic Usage

using System.Collections.Generic;
using System.Linq;
using Pulumi;
using AliCloud = Pulumi.AliCloud;

return await Deployment.RunAsync(() => 
{
    var fooZones = AliCloud.GetZones.Invoke(new()
    {
        AvailableResourceCreation = "VSwitch",
    });

    var fooNetwork = new AliCloud.Vpc.Network("fooNetwork", new()
    {
        VpcName = "terraform-example",
        CidrBlock = "172.16.0.0/12",
    });

    var fooSwitch = new AliCloud.Vpc.Switch("fooSwitch", new()
    {
        VswitchName = "terraform-example",
        CidrBlock = "172.16.0.0/21",
        VpcId = fooNetwork.Id,
        ZoneId = fooZones.Apply(getZonesResult => getZonesResult.Zones[0]?.Id),
    });

    var fooGateway = new AliCloud.Vpn.Gateway("fooGateway", new()
    {
        VpcId = fooNetwork.Id,
        Bandwidth = 10,
        EnableSsl = true,
        InstanceChargeType = "PrePaid",
        Description = "test_create_description",
        VswitchId = fooSwitch.Id,
    });

    var fooCustomerGateway = new AliCloud.Vpn.CustomerGateway("fooCustomerGateway", new()
    {
        IpAddress = "42.104.22.210",
        Description = "terraform-example",
    });

    var fooConnection = new AliCloud.Vpn.Connection("fooConnection", new()
    {
        VpnGatewayId = fooGateway.Id,
        CustomerGatewayId = fooCustomerGateway.Id,
        LocalSubnets = new[]
        {
            "172.16.0.0/24",
            "172.16.1.0/24",
        },
        RemoteSubnets = new[]
        {
            "10.0.0.0/24",
            "10.0.1.0/24",
        },
        EffectImmediately = true,
        IkeConfig = new AliCloud.Vpn.Inputs.ConnectionIkeConfigArgs
        {
            IkeAuthAlg = "md5",
            IkeEncAlg = "des",
            IkeVersion = "ikev2",
            IkeMode = "main",
            IkeLifetime = 86400,
            Psk = "tf-testvpn2",
            IkePfs = "group1",
            IkeRemoteId = "testbob2",
            IkeLocalId = "testalice2",
        },
        IpsecConfig = new AliCloud.Vpn.Inputs.ConnectionIpsecConfigArgs
        {
            IpsecPfs = "group5",
            IpsecEncAlg = "des",
            IpsecAuthAlg = "md5",
            IpsecLifetime = 8640,
        },
    });

});

package main

import (
	"github.com/pulumi/pulumi-alicloud/sdk/v3/go/alicloud"
	"github.com/pulumi/pulumi-alicloud/sdk/v3/go/alicloud/vpc"
	"github.com/pulumi/pulumi-alicloud/sdk/v3/go/alicloud/vpn"
	"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)

func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		fooZones, err := alicloud.GetZones(ctx, &alicloud.GetZonesArgs{
			AvailableResourceCreation: pulumi.StringRef("VSwitch"),
		}, nil)
		if err != nil {
			return err
		}
		fooNetwork, err := vpc.NewNetwork(ctx, "fooNetwork", &vpc.NetworkArgs{
			VpcName:   pulumi.String("terraform-example"),
			CidrBlock: pulumi.String("172.16.0.0/12"),
		})
		if err != nil {
			return err
		}
		fooSwitch, err := vpc.NewSwitch(ctx, "fooSwitch", &vpc.SwitchArgs{
			VswitchName: pulumi.String("terraform-example"),
			CidrBlock:   pulumi.String("172.16.0.0/21"),
			VpcId:       fooNetwork.ID(),
			ZoneId:      *pulumi.String(fooZones.Zones[0].Id),
		})
		if err != nil {
			return err
		}
		fooGateway, err := vpn.NewGateway(ctx, "fooGateway", &vpn.GatewayArgs{
			VpcId:              fooNetwork.ID(),
			Bandwidth:          pulumi.Int(10),
			EnableSsl:          pulumi.Bool(true),
			InstanceChargeType: pulumi.String("PrePaid"),
			Description:        pulumi.String("test_create_description"),
			VswitchId:          fooSwitch.ID(),
		})
		if err != nil {
			return err
		}
		fooCustomerGateway, err := vpn.NewCustomerGateway(ctx, "fooCustomerGateway", &vpn.CustomerGatewayArgs{
			IpAddress:   pulumi.String("42.104.22.210"),
			Description: pulumi.String("terraform-example"),
		})
		if err != nil {
			return err
		}
		_, err = vpn.NewConnection(ctx, "fooConnection", &vpn.ConnectionArgs{
			VpnGatewayId:      fooGateway.ID(),
			CustomerGatewayId: fooCustomerGateway.ID(),
			LocalSubnets: pulumi.StringArray{
				pulumi.String("172.16.0.0/24"),
				pulumi.String("172.16.1.0/24"),
			},
			RemoteSubnets: pulumi.StringArray{
				pulumi.String("10.0.0.0/24"),
				pulumi.String("10.0.1.0/24"),
			},
			EffectImmediately: pulumi.Bool(true),
			IkeConfig: &vpn.ConnectionIkeConfigArgs{
				IkeAuthAlg:  pulumi.String("md5"),
				IkeEncAlg:   pulumi.String("des"),
				IkeVersion:  pulumi.String("ikev2"),
				IkeMode:     pulumi.String("main"),
				IkeLifetime: pulumi.Int(86400),
				Psk:         pulumi.String("tf-testvpn2"),
				IkePfs:      pulumi.String("group1"),
				IkeRemoteId: pulumi.String("testbob2"),
				IkeLocalId:  pulumi.String("testalice2"),
			},
			IpsecConfig: &vpn.ConnectionIpsecConfigArgs{
				IpsecPfs:      pulumi.String("group5"),
				IpsecEncAlg:   pulumi.String("des"),
				IpsecAuthAlg:  pulumi.String("md5"),
				IpsecLifetime: pulumi.Int(8640),
			},
		})
		if err != nil {
			return err
		}
		return nil
	})
}

package generated_program;

import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.alicloud.AlicloudFunctions;
import com.pulumi.alicloud.inputs.GetZonesArgs;
import com.pulumi.alicloud.vpc.Network;
import com.pulumi.alicloud.vpc.NetworkArgs;
import com.pulumi.alicloud.vpc.Switch;
import com.pulumi.alicloud.vpc.SwitchArgs;
import com.pulumi.alicloud.vpn.Gateway;
import com.pulumi.alicloud.vpn.GatewayArgs;
import com.pulumi.alicloud.vpn.CustomerGateway;
import com.pulumi.alicloud.vpn.CustomerGatewayArgs;
import com.pulumi.alicloud.vpn.Connection;
import com.pulumi.alicloud.vpn.ConnectionArgs;
import com.pulumi.alicloud.vpn.inputs.ConnectionIkeConfigArgs;
import com.pulumi.alicloud.vpn.inputs.ConnectionIpsecConfigArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;

public class App {
    public static void main(String[] args) {
        Pulumi.run(App::stack);
    }

    public static void stack(Context ctx) {
        final var fooZones = AlicloudFunctions.getZones(GetZonesArgs.builder()
            .availableResourceCreation("VSwitch")
            .build());

        var fooNetwork = new Network("fooNetwork", NetworkArgs.builder()        
            .vpcName("terraform-example")
            .cidrBlock("172.16.0.0/12")
            .build());

        var fooSwitch = new Switch("fooSwitch", SwitchArgs.builder()        
            .vswitchName("terraform-example")
            .cidrBlock("172.16.0.0/21")
            .vpcId(fooNetwork.id())
            .zoneId(fooZones.applyValue(getZonesResult -> getZonesResult.zones()[0].id()))
            .build());

        var fooGateway = new Gateway("fooGateway", GatewayArgs.builder()        
            .vpcId(fooNetwork.id())
            .bandwidth("10")
            .enableSsl(true)
            .instanceChargeType("PrePaid")
            .description("test_create_description")
            .vswitchId(fooSwitch.id())
            .build());

        var fooCustomerGateway = new CustomerGateway("fooCustomerGateway", CustomerGatewayArgs.builder()        
            .ipAddress("42.104.22.210")
            .description("terraform-example")
            .build());

        var fooConnection = new Connection("fooConnection", ConnectionArgs.builder()        
            .vpnGatewayId(fooGateway.id())
            .customerGatewayId(fooCustomerGateway.id())
            .localSubnets(            
                "172.16.0.0/24",
                "172.16.1.0/24")
            .remoteSubnets(            
                "10.0.0.0/24",
                "10.0.1.0/24")
            .effectImmediately(true)
            .ikeConfig(ConnectionIkeConfigArgs.builder()
                .ikeAuthAlg("md5")
                .ikeEncAlg("des")
                .ikeVersion("ikev2")
                .ikeMode("main")
                .ikeLifetime(86400)
                .psk("tf-testvpn2")
                .ikePfs("group1")
                .ikeRemoteId("testbob2")
                .ikeLocalId("testalice2")
                .build())
            .ipsecConfig(ConnectionIpsecConfigArgs.builder()
                .ipsecPfs("group5")
                .ipsecEncAlg("des")
                .ipsecAuthAlg("md5")
                .ipsecLifetime(8640)
                .build())
            .build());

    }
}

import pulumi
import pulumi_alicloud as alicloud

foo_zones = alicloud.get_zones(available_resource_creation="VSwitch")
foo_network = alicloud.vpc.Network("fooNetwork",
    vpc_name="terraform-example",
    cidr_block="172.16.0.0/12")
foo_switch = alicloud.vpc.Switch("fooSwitch",
    vswitch_name="terraform-example",
    cidr_block="172.16.0.0/21",
    vpc_id=foo_network.id,
    zone_id=foo_zones.zones[0].id)
foo_gateway = alicloud.vpn.Gateway("fooGateway",
    vpc_id=foo_network.id,
    bandwidth=10,
    enable_ssl=True,
    instance_charge_type="PrePaid",
    description="test_create_description",
    vswitch_id=foo_switch.id)
foo_customer_gateway = alicloud.vpn.CustomerGateway("fooCustomerGateway",
    ip_address="42.104.22.210",
    description="terraform-example")
foo_connection = alicloud.vpn.Connection("fooConnection",
    vpn_gateway_id=foo_gateway.id,
    customer_gateway_id=foo_customer_gateway.id,
    local_subnets=[
        "172.16.0.0/24",
        "172.16.1.0/24",
    ],
    remote_subnets=[
        "10.0.0.0/24",
        "10.0.1.0/24",
    ],
    effect_immediately=True,
    ike_config=alicloud.vpn.ConnectionIkeConfigArgs(
        ike_auth_alg="md5",
        ike_enc_alg="des",
        ike_version="ikev2",
        ike_mode="main",
        ike_lifetime=86400,
        psk="tf-testvpn2",
        ike_pfs="group1",
        ike_remote_id="testbob2",
        ike_local_id="testalice2",
    ),
    ipsec_config=alicloud.vpn.ConnectionIpsecConfigArgs(
        ipsec_pfs="group5",
        ipsec_enc_alg="des",
        ipsec_auth_alg="md5",
        ipsec_lifetime=8640,
    ))

import * as pulumi from "@pulumi/pulumi";
import * as alicloud from "@pulumi/alicloud";

const fooZones = alicloud.getZones({
    availableResourceCreation: "VSwitch",
});
const fooNetwork = new alicloud.vpc.Network("fooNetwork", {
    vpcName: "terraform-example",
    cidrBlock: "172.16.0.0/12",
});
const fooSwitch = new alicloud.vpc.Switch("fooSwitch", {
    vswitchName: "terraform-example",
    cidrBlock: "172.16.0.0/21",
    vpcId: fooNetwork.id,
    zoneId: fooZones.then(fooZones => fooZones.zones?.[0]?.id),
});
const fooGateway = new alicloud.vpn.Gateway("fooGateway", {
    vpcId: fooNetwork.id,
    bandwidth: 10,
    enableSsl: true,
    instanceChargeType: "PrePaid",
    description: "test_create_description",
    vswitchId: fooSwitch.id,
});
const fooCustomerGateway = new alicloud.vpn.CustomerGateway("fooCustomerGateway", {
    ipAddress: "42.104.22.210",
    description: "terraform-example",
});
const fooConnection = new alicloud.vpn.Connection("fooConnection", {
    vpnGatewayId: fooGateway.id,
    customerGatewayId: fooCustomerGateway.id,
    localSubnets: [
        "172.16.0.0/24",
        "172.16.1.0/24",
    ],
    remoteSubnets: [
        "10.0.0.0/24",
        "10.0.1.0/24",
    ],
    effectImmediately: true,
    ikeConfig: {
        ikeAuthAlg: "md5",
        ikeEncAlg: "des",
        ikeVersion: "ikev2",
        ikeMode: "main",
        ikeLifetime: 86400,
        psk: "tf-testvpn2",
        ikePfs: "group1",
        ikeRemoteId: "testbob2",
        ikeLocalId: "testalice2",
    },
    ipsecConfig: {
        ipsecPfs: "group5",
        ipsecEncAlg: "des",
        ipsecAuthAlg: "md5",
        ipsecLifetime: 8640,
    },
});

resources:
  fooNetwork:
    type: alicloud:vpc:Network
    properties:
      vpcName: terraform-example
      cidrBlock: 172.16.0.0/12
  fooSwitch:
    type: alicloud:vpc:Switch
    properties:
      vswitchName: terraform-example
      cidrBlock: 172.16.0.0/21
      vpcId: ${fooNetwork.id}
      zoneId: ${fooZones.zones[0].id}
  fooGateway:
    type: alicloud:vpn:Gateway
    properties:
      vpcId: ${fooNetwork.id}
      bandwidth: '10'
      enableSsl: true
      instanceChargeType: PrePaid
      description: test_create_description
      vswitchId: ${fooSwitch.id}
  fooCustomerGateway:
    type: alicloud:vpn:CustomerGateway
    properties:
      ipAddress: 42.104.22.210
      description: terraform-example
  fooConnection:
    type: alicloud:vpn:Connection
    properties:
      vpnGatewayId: ${fooGateway.id}
      customerGatewayId: ${fooCustomerGateway.id}
      localSubnets:
        - 172.16.0.0/24
        - 172.16.1.0/24
      remoteSubnets:
        - 10.0.0.0/24
        - 10.0.1.0/24
      effectImmediately: true
      ikeConfig:
        ikeAuthAlg: md5
        ikeEncAlg: des
        ikeVersion: ikev2
        ikeMode: main
        ikeLifetime: 86400
        psk: tf-testvpn2
        ikePfs: group1
        ikeRemoteId: testbob2
        ikeLocalId: testalice2
      ipsecConfig:
        ipsecPfs: group5
        ipsecEncAlg: des
        ipsecAuthAlg: md5
        ipsecLifetime: 8640
variables:
  fooZones:
    fn::invoke:
      Function: alicloud:getZones
      Arguments:
        availableResourceCreation: VSwitch

Create Connection Resource

new Connection(name: string, args: ConnectionArgs, opts?: CustomResourceOptions);

@overload
def Connection(resource_name: str,
               opts: Optional[ResourceOptions] = None,
               bgp_config: Optional[ConnectionBgpConfigArgs] = None,
               customer_gateway_id: Optional[str] = None,
               effect_immediately: Optional[bool] = None,
               enable_dpd: Optional[bool] = None,
               enable_nat_traversal: Optional[bool] = None,
               health_check_config: Optional[ConnectionHealthCheckConfigArgs] = None,
               ike_config: Optional[ConnectionIkeConfigArgs] = None,
               ipsec_config: Optional[ConnectionIpsecConfigArgs] = None,
               local_subnets: Optional[Sequence[str]] = None,
               name: Optional[str] = None,
               remote_subnets: Optional[Sequence[str]] = None,
               vpn_gateway_id: Optional[str] = None)
@overload
def Connection(resource_name: str,
               args: ConnectionArgs,
               opts: Optional[ResourceOptions] = None)

func NewConnection(ctx *Context, name string, args ConnectionArgs, opts ...ResourceOption) (*Connection, error)

public Connection(string name, ConnectionArgs args, CustomResourceOptions? opts = null)

public Connection(String name, ConnectionArgs args)
public Connection(String name, ConnectionArgs args, CustomResourceOptions options)

type: alicloud:vpn:Connection
properties: # The arguments to resource properties.
options: # Bag of options to control resource's behavior.

name string: The unique name of the resource.
args ConnectionArgs: The arguments to resource properties.
opts CustomResourceOptions: Bag of options to control resource's behavior.

resource_name str: The unique name of the resource.
args ConnectionArgs: The arguments to resource properties.
opts ResourceOptions: Bag of options to control resource's behavior.

ctx Context: Context object for the current deployment.
name string: The unique name of the resource.
args ConnectionArgs: The arguments to resource properties.
opts ResourceOption: Bag of options to control resource's behavior.

name string: The unique name of the resource.
args ConnectionArgs: The arguments to resource properties.
opts CustomResourceOptions: Bag of options to control resource's behavior.

name String: The unique name of the resource.
args ConnectionArgs: The arguments to resource properties.
options CustomResourceOptions: Bag of options to control resource's behavior.

Connection Resource Properties

To learn more about resource properties and how to use them, see Inputs and Outputs in the Architecture and Concepts docs.

Inputs

The Connection resource accepts the following input properties:

CustomerGatewayId string: The ID of the customer gateway.
LocalSubnets List<string>: The CIDR block of the VPC to be connected with the local data center. This parameter is used for phase-two negotiation.
RemoteSubnets List<string>: The CIDR block of the local data center. This parameter is used for phase-two negotiation.
VpnGatewayId string: The ID of the VPN gateway.
BgpConfig Pulumi.AliCloud.Vpn.Inputs.ConnectionBgpConfig: The configurations of the BGP routing protocol. See the following Block bgp_config.
EffectImmediately bool: Whether to delete a successfully negotiated IPsec tunnel and initiate a negotiation again. Valid value:true,false.
EnableDpd bool: Specifies whether to enable the dead peer detection (DPD) feature. Valid values: true(default), false.
EnableNatTraversal bool: Specifies whether to enable NAT traversal. Valid values: true(default), false.
HealthCheckConfig Pulumi.AliCloud.Vpn.Inputs.ConnectionHealthCheckConfig: The health check configurations. See the following Block health_check_config.
IkeConfig Pulumi.AliCloud.Vpn.Inputs.ConnectionIkeConfig: The configurations of phase-one negotiation. See the following Block ike_config.
IpsecConfig Pulumi.AliCloud.Vpn.Inputs.ConnectionIpsecConfig: The configurations of phase-two negotiation. See the following Block ipsec_config.
Name string: The name of the IPsec connection.

CustomerGatewayId string: The ID of the customer gateway.
LocalSubnets []string: The CIDR block of the VPC to be connected with the local data center. This parameter is used for phase-two negotiation.
RemoteSubnets []string: The CIDR block of the local data center. This parameter is used for phase-two negotiation.
VpnGatewayId string: The ID of the VPN gateway.
BgpConfig ConnectionBgpConfigArgs: The configurations of the BGP routing protocol. See the following Block bgp_config.
EffectImmediately bool: Whether to delete a successfully negotiated IPsec tunnel and initiate a negotiation again. Valid value:true,false.
EnableDpd bool: Specifies whether to enable the dead peer detection (DPD) feature. Valid values: true(default), false.
EnableNatTraversal bool: Specifies whether to enable NAT traversal. Valid values: true(default), false.
HealthCheckConfig ConnectionHealthCheckConfigArgs: The health check configurations. See the following Block health_check_config.
IkeConfig ConnectionIkeConfigArgs: The configurations of phase-one negotiation. See the following Block ike_config.
IpsecConfig ConnectionIpsecConfigArgs: The configurations of phase-two negotiation. See the following Block ipsec_config.
Name string: The name of the IPsec connection.

customerGatewayId String: The ID of the customer gateway.
localSubnets List<String>: The CIDR block of the VPC to be connected with the local data center. This parameter is used for phase-two negotiation.
remoteSubnets List<String>: The CIDR block of the local data center. This parameter is used for phase-two negotiation.
vpnGatewayId String: The ID of the VPN gateway.
bgpConfig ConnectionBgpConfig: The configurations of the BGP routing protocol. See the following Block bgp_config.
effectImmediately Boolean: Whether to delete a successfully negotiated IPsec tunnel and initiate a negotiation again. Valid value:true,false.
enableDpd Boolean: Specifies whether to enable the dead peer detection (DPD) feature. Valid values: true(default), false.
enableNatTraversal Boolean: Specifies whether to enable NAT traversal. Valid values: true(default), false.
healthCheckConfig ConnectionHealthCheckConfig: The health check configurations. See the following Block health_check_config.
ikeConfig ConnectionIkeConfig: The configurations of phase-one negotiation. See the following Block ike_config.
ipsecConfig ConnectionIpsecConfig: The configurations of phase-two negotiation. See the following Block ipsec_config.
name String: The name of the IPsec connection.

customerGatewayId string: The ID of the customer gateway.
localSubnets string[]: The CIDR block of the VPC to be connected with the local data center. This parameter is used for phase-two negotiation.
remoteSubnets string[]: The CIDR block of the local data center. This parameter is used for phase-two negotiation.
vpnGatewayId string: The ID of the VPN gateway.
bgpConfig ConnectionBgpConfig: The configurations of the BGP routing protocol. See the following Block bgp_config.
effectImmediately boolean: Whether to delete a successfully negotiated IPsec tunnel and initiate a negotiation again. Valid value:true,false.
enableDpd boolean: Specifies whether to enable the dead peer detection (DPD) feature. Valid values: true(default), false.
enableNatTraversal boolean: Specifies whether to enable NAT traversal. Valid values: true(default), false.
healthCheckConfig ConnectionHealthCheckConfig: The health check configurations. See the following Block health_check_config.
ikeConfig ConnectionIkeConfig: The configurations of phase-one negotiation. See the following Block ike_config.
ipsecConfig ConnectionIpsecConfig: The configurations of phase-two negotiation. See the following Block ipsec_config.
name string: The name of the IPsec connection.

customer_gateway_id str: The ID of the customer gateway.
local_subnets Sequence[str]: The CIDR block of the VPC to be connected with the local data center. This parameter is used for phase-two negotiation.
remote_subnets Sequence[str]: The CIDR block of the local data center. This parameter is used for phase-two negotiation.
vpn_gateway_id str: The ID of the VPN gateway.
bgp_config ConnectionBgpConfigArgs: The configurations of the BGP routing protocol. See the following Block bgp_config.
effect_immediately bool: Whether to delete a successfully negotiated IPsec tunnel and initiate a negotiation again. Valid value:true,false.
enable_dpd bool: Specifies whether to enable the dead peer detection (DPD) feature. Valid values: true(default), false.
enable_nat_traversal bool: Specifies whether to enable NAT traversal. Valid values: true(default), false.
health_check_config ConnectionHealthCheckConfigArgs: The health check configurations. See the following Block health_check_config.
ike_config ConnectionIkeConfigArgs: The configurations of phase-one negotiation. See the following Block ike_config.
ipsec_config ConnectionIpsecConfigArgs: The configurations of phase-two negotiation. See the following Block ipsec_config.
name str: The name of the IPsec connection.

customerGatewayId String: The ID of the customer gateway.
localSubnets List<String>: The CIDR block of the VPC to be connected with the local data center. This parameter is used for phase-two negotiation.
remoteSubnets List<String>: The CIDR block of the local data center. This parameter is used for phase-two negotiation.
vpnGatewayId String: The ID of the VPN gateway.
bgpConfig Property Map: The configurations of the BGP routing protocol. See the following Block bgp_config.
effectImmediately Boolean: Whether to delete a successfully negotiated IPsec tunnel and initiate a negotiation again. Valid value:true,false.
enableDpd Boolean: Specifies whether to enable the dead peer detection (DPD) feature. Valid values: true(default), false.
enableNatTraversal Boolean: Specifies whether to enable NAT traversal. Valid values: true(default), false.
healthCheckConfig Property Map: The health check configurations. See the following Block health_check_config.
ikeConfig Property Map: The configurations of phase-one negotiation. See the following Block ike_config.
ipsecConfig Property Map: The configurations of phase-two negotiation. See the following Block ipsec_config.
name String: The name of the IPsec connection.

Outputs

All input properties are implicitly available as output properties. Additionally, the Connection resource produces the following output properties:

Id string: The provider-assigned unique ID for this managed resource.
Status string: The status of VPN connection.

Id string: The provider-assigned unique ID for this managed resource.
Status string: The status of VPN connection.

id String: The provider-assigned unique ID for this managed resource.
status String: The status of VPN connection.

id string: The provider-assigned unique ID for this managed resource.
status string: The status of VPN connection.

id str: The provider-assigned unique ID for this managed resource.
status str: The status of VPN connection.

id String: The provider-assigned unique ID for this managed resource.
status String: The status of VPN connection.

Look up Existing Connection Resource

Get an existing Connection resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.

public static get(name: string, id: Input<ID>, state?: ConnectionState, opts?: CustomResourceOptions): Connection

@staticmethod
def get(resource_name: str,
        id: str,
        opts: Optional[ResourceOptions] = None,
        bgp_config: Optional[ConnectionBgpConfigArgs] = None,
        customer_gateway_id: Optional[str] = None,
        effect_immediately: Optional[bool] = None,
        enable_dpd: Optional[bool] = None,
        enable_nat_traversal: Optional[bool] = None,
        health_check_config: Optional[ConnectionHealthCheckConfigArgs] = None,
        ike_config: Optional[ConnectionIkeConfigArgs] = None,
        ipsec_config: Optional[ConnectionIpsecConfigArgs] = None,
        local_subnets: Optional[Sequence[str]] = None,
        name: Optional[str] = None,
        remote_subnets: Optional[Sequence[str]] = None,
        status: Optional[str] = None,
        vpn_gateway_id: Optional[str] = None) -> Connection

func GetConnection(ctx *Context, name string, id IDInput, state *ConnectionState, opts ...ResourceOption) (*Connection, error)

public static Connection Get(string name, Input<string> id, ConnectionState? state, CustomResourceOptions? opts = null)

public static Connection get(String name, Output<String> id, ConnectionState state, CustomResourceOptions options)

Resource lookup is not supported in YAML

name: The unique name of the resulting resource.
id: The unique provider ID of the resource to lookup.
state: Any extra arguments used during the lookup.
opts: A bag of options that control this resource's behavior.

resource_name: The unique name of the resulting resource.
id: The unique provider ID of the resource to lookup.

name: The unique name of the resulting resource.
id: The unique provider ID of the resource to lookup.
state: Any extra arguments used during the lookup.
opts: A bag of options that control this resource's behavior.

name: The unique name of the resulting resource.
id: The unique provider ID of the resource to lookup.
state: Any extra arguments used during the lookup.
opts: A bag of options that control this resource's behavior.

name: The unique name of the resulting resource.
id: The unique provider ID of the resource to lookup.
state: Any extra arguments used during the lookup.
opts: A bag of options that control this resource's behavior.

The following state arguments are supported:

BgpConfig Pulumi.AliCloud.Vpn.Inputs.ConnectionBgpConfig: The configurations of the BGP routing protocol. See the following Block bgp_config.
CustomerGatewayId string: The ID of the customer gateway.
EffectImmediately bool: Whether to delete a successfully negotiated IPsec tunnel and initiate a negotiation again. Valid value:true,false.
EnableDpd bool: Specifies whether to enable the dead peer detection (DPD) feature. Valid values: true(default), false.
EnableNatTraversal bool: Specifies whether to enable NAT traversal. Valid values: true(default), false.
HealthCheckConfig Pulumi.AliCloud.Vpn.Inputs.ConnectionHealthCheckConfig: The health check configurations. See the following Block health_check_config.
IkeConfig Pulumi.AliCloud.Vpn.Inputs.ConnectionIkeConfig: The configurations of phase-one negotiation. See the following Block ike_config.
IpsecConfig Pulumi.AliCloud.Vpn.Inputs.ConnectionIpsecConfig: The configurations of phase-two negotiation. See the following Block ipsec_config.
LocalSubnets List<string>: The CIDR block of the VPC to be connected with the local data center. This parameter is used for phase-two negotiation.
Name string: The name of the IPsec connection.
RemoteSubnets List<string>: The CIDR block of the local data center. This parameter is used for phase-two negotiation.
Status string: The status of VPN connection.
VpnGatewayId string: The ID of the VPN gateway.

BgpConfig ConnectionBgpConfigArgs: The configurations of the BGP routing protocol. See the following Block bgp_config.
CustomerGatewayId string: The ID of the customer gateway.
EffectImmediately bool: Whether to delete a successfully negotiated IPsec tunnel and initiate a negotiation again. Valid value:true,false.
EnableDpd bool: Specifies whether to enable the dead peer detection (DPD) feature. Valid values: true(default), false.
EnableNatTraversal bool: Specifies whether to enable NAT traversal. Valid values: true(default), false.
HealthCheckConfig ConnectionHealthCheckConfigArgs: The health check configurations. See the following Block health_check_config.
IkeConfig ConnectionIkeConfigArgs: The configurations of phase-one negotiation. See the following Block ike_config.
IpsecConfig ConnectionIpsecConfigArgs: The configurations of phase-two negotiation. See the following Block ipsec_config.
LocalSubnets []string: The CIDR block of the VPC to be connected with the local data center. This parameter is used for phase-two negotiation.
Name string: The name of the IPsec connection.
RemoteSubnets []string: The CIDR block of the local data center. This parameter is used for phase-two negotiation.
Status string: The status of VPN connection.
VpnGatewayId string: The ID of the VPN gateway.

bgpConfig ConnectionBgpConfig: The configurations of the BGP routing protocol. See the following Block bgp_config.
customerGatewayId String: The ID of the customer gateway.
effectImmediately Boolean: Whether to delete a successfully negotiated IPsec tunnel and initiate a negotiation again. Valid value:true,false.
enableDpd Boolean: Specifies whether to enable the dead peer detection (DPD) feature. Valid values: true(default), false.
enableNatTraversal Boolean: Specifies whether to enable NAT traversal. Valid values: true(default), false.
healthCheckConfig ConnectionHealthCheckConfig: The health check configurations. See the following Block health_check_config.
ikeConfig ConnectionIkeConfig: The configurations of phase-one negotiation. See the following Block ike_config.
ipsecConfig ConnectionIpsecConfig: The configurations of phase-two negotiation. See the following Block ipsec_config.
localSubnets List<String>: The CIDR block of the VPC to be connected with the local data center. This parameter is used for phase-two negotiation.
name String: The name of the IPsec connection.
remoteSubnets List<String>: The CIDR block of the local data center. This parameter is used for phase-two negotiation.
status String: The status of VPN connection.
vpnGatewayId String: The ID of the VPN gateway.

bgpConfig ConnectionBgpConfig: The configurations of the BGP routing protocol. See the following Block bgp_config.
customerGatewayId string: The ID of the customer gateway.
effectImmediately boolean: Whether to delete a successfully negotiated IPsec tunnel and initiate a negotiation again. Valid value:true,false.
enableDpd boolean: Specifies whether to enable the dead peer detection (DPD) feature. Valid values: true(default), false.
enableNatTraversal boolean: Specifies whether to enable NAT traversal. Valid values: true(default), false.
healthCheckConfig ConnectionHealthCheckConfig: The health check configurations. See the following Block health_check_config.
ikeConfig ConnectionIkeConfig: The configurations of phase-one negotiation. See the following Block ike_config.
ipsecConfig ConnectionIpsecConfig: The configurations of phase-two negotiation. See the following Block ipsec_config.
localSubnets string[]: The CIDR block of the VPC to be connected with the local data center. This parameter is used for phase-two negotiation.
name string: The name of the IPsec connection.
remoteSubnets string[]: The CIDR block of the local data center. This parameter is used for phase-two negotiation.
status string: The status of VPN connection.
vpnGatewayId string: The ID of the VPN gateway.

bgp_config ConnectionBgpConfigArgs: The configurations of the BGP routing protocol. See the following Block bgp_config.
customer_gateway_id str: The ID of the customer gateway.
effect_immediately bool: Whether to delete a successfully negotiated IPsec tunnel and initiate a negotiation again. Valid value:true,false.
enable_dpd bool: Specifies whether to enable the dead peer detection (DPD) feature. Valid values: true(default), false.
enable_nat_traversal bool: Specifies whether to enable NAT traversal. Valid values: true(default), false.
health_check_config ConnectionHealthCheckConfigArgs: The health check configurations. See the following Block health_check_config.
ike_config ConnectionIkeConfigArgs: The configurations of phase-one negotiation. See the following Block ike_config.
ipsec_config ConnectionIpsecConfigArgs: The configurations of phase-two negotiation. See the following Block ipsec_config.
local_subnets Sequence[str]: The CIDR block of the VPC to be connected with the local data center. This parameter is used for phase-two negotiation.
name str: The name of the IPsec connection.
remote_subnets Sequence[str]: The CIDR block of the local data center. This parameter is used for phase-two negotiation.
status str: The status of VPN connection.
vpn_gateway_id str: The ID of the VPN gateway.

bgpConfig Property Map: The configurations of the BGP routing protocol. See the following Block bgp_config.
customerGatewayId String: The ID of the customer gateway.
effectImmediately Boolean: Whether to delete a successfully negotiated IPsec tunnel and initiate a negotiation again. Valid value:true,false.
enableDpd Boolean: Specifies whether to enable the dead peer detection (DPD) feature. Valid values: true(default), false.
enableNatTraversal Boolean: Specifies whether to enable NAT traversal. Valid values: true(default), false.
healthCheckConfig Property Map: The health check configurations. See the following Block health_check_config.
ikeConfig Property Map: The configurations of phase-one negotiation. See the following Block ike_config.
ipsecConfig Property Map: The configurations of phase-two negotiation. See the following Block ipsec_config.
localSubnets List<String>: The CIDR block of the VPC to be connected with the local data center. This parameter is used for phase-two negotiation.
name String: The name of the IPsec connection.
remoteSubnets List<String>: The CIDR block of the local data center. This parameter is used for phase-two negotiation.
status String: The status of VPN connection.
vpnGatewayId String: The ID of the VPN gateway.

Supporting Types

ConnectionBgpConfig, ConnectionBgpConfigArgs

Enable bool: Whether to enable Health Check.
LocalAsn string: The ASN on the Alibaba Cloud side.
LocalBgpIp string: The BGP IP address on the Alibaba Cloud side.
TunnelCidr string: The CIDR block of the IPsec tunnel. The CIDR block belongs to 169.254.0.0/16. The mask of the CIDR block is 30 bits in length.

Enable bool: Whether to enable Health Check.
LocalAsn string: The ASN on the Alibaba Cloud side.
LocalBgpIp string: The BGP IP address on the Alibaba Cloud side.
TunnelCidr string: The CIDR block of the IPsec tunnel. The CIDR block belongs to 169.254.0.0/16. The mask of the CIDR block is 30 bits in length.

enable Boolean: Whether to enable Health Check.
localAsn String: The ASN on the Alibaba Cloud side.
localBgpIp String: The BGP IP address on the Alibaba Cloud side.
tunnelCidr String: The CIDR block of the IPsec tunnel. The CIDR block belongs to 169.254.0.0/16. The mask of the CIDR block is 30 bits in length.

enable boolean: Whether to enable Health Check.
localAsn string: The ASN on the Alibaba Cloud side.
localBgpIp string: The BGP IP address on the Alibaba Cloud side.
tunnelCidr string: The CIDR block of the IPsec tunnel. The CIDR block belongs to 169.254.0.0/16. The mask of the CIDR block is 30 bits in length.

enable bool: Whether to enable Health Check.
local_asn str: The ASN on the Alibaba Cloud side.
local_bgp_ip str: The BGP IP address on the Alibaba Cloud side.
tunnel_cidr str: The CIDR block of the IPsec tunnel. The CIDR block belongs to 169.254.0.0/16. The mask of the CIDR block is 30 bits in length.

enable Boolean: Whether to enable Health Check.
localAsn String: The ASN on the Alibaba Cloud side.
localBgpIp String: The BGP IP address on the Alibaba Cloud side.
tunnelCidr String: The CIDR block of the IPsec tunnel. The CIDR block belongs to 169.254.0.0/16. The mask of the CIDR block is 30 bits in length.

ConnectionHealthCheckConfig, ConnectionHealthCheckConfigArgs

Dip string: The destination IP address.
Enable bool: Whether to enable Health Check.
Interval int: The interval between two consecutive health checks. Unit: seconds.
Retry int: The maximum number of health check retries.
Sip string: The source IP address.

Dip string: The destination IP address.
Enable bool: Whether to enable Health Check.
Interval int: The interval between two consecutive health checks. Unit: seconds.
Retry int: The maximum number of health check retries.
Sip string: The source IP address.

dip String: The destination IP address.
enable Boolean: Whether to enable Health Check.
interval Integer: The interval between two consecutive health checks. Unit: seconds.
retry Integer: The maximum number of health check retries.
sip String: The source IP address.

dip string: The destination IP address.
enable boolean: Whether to enable Health Check.
interval number: The interval between two consecutive health checks. Unit: seconds.
retry number: The maximum number of health check retries.
sip string: The source IP address.

dip str: The destination IP address.
enable bool: Whether to enable Health Check.
interval int: The interval between two consecutive health checks. Unit: seconds.
retry int: The maximum number of health check retries.
sip str: The source IP address.

dip String: The destination IP address.
enable Boolean: Whether to enable Health Check.
interval Number: The interval between two consecutive health checks. Unit: seconds.
retry Number: The maximum number of health check retries.
sip String: The source IP address.

ConnectionIkeConfig, ConnectionIkeConfigArgs

IkeAuthAlg string: The authentication algorithm of phase-one negotiation. Valid value: md5 | sha1 . Default value: md5
IkeEncAlg string: The encryption algorithm of phase-one negotiation. Valid value: aes | aes192 | aes256 | des | 3des. Default Valid value: aes
IkeLifetime int: The SA lifecycle as the result of phase-one negotiation. The valid value of n is [0, 86400], the unit is second and the default value is 86400.
IkeLocalId string: The identification of the VPN gateway.
IkeMode string: The negotiation mode of IKE V1. Valid value: main (main mode) | aggressive (aggressive mode). Default value: main
IkePfs string: The Diffie-Hellman key exchange algorithm used by phase-one negotiation. Valid value: group1 | group2 | group5 | group14 | group24. Default value: group2
IkeRemoteId string: The identification of the customer gateway.
IkeVersion string: The version of the IKE protocol. Valid value: ikev1 | ikev2. Default value: ikev1
Psk string: Used for authentication between the IPsec VPN gateway and the customer gateway.

IkeAuthAlg string: The authentication algorithm of phase-one negotiation. Valid value: md5 | sha1 . Default value: md5
IkeEncAlg string: The encryption algorithm of phase-one negotiation. Valid value: aes | aes192 | aes256 | des | 3des. Default Valid value: aes
IkeLifetime int: The SA lifecycle as the result of phase-one negotiation. The valid value of n is [0, 86400], the unit is second and the default value is 86400.
IkeLocalId string: The identification of the VPN gateway.
IkeMode string: The negotiation mode of IKE V1. Valid value: main (main mode) | aggressive (aggressive mode). Default value: main
IkePfs string: The Diffie-Hellman key exchange algorithm used by phase-one negotiation. Valid value: group1 | group2 | group5 | group14 | group24. Default value: group2
IkeRemoteId string: The identification of the customer gateway.
IkeVersion string: The version of the IKE protocol. Valid value: ikev1 | ikev2. Default value: ikev1
Psk string: Used for authentication between the IPsec VPN gateway and the customer gateway.

ikeAuthAlg String: The authentication algorithm of phase-one negotiation. Valid value: md5 | sha1 . Default value: md5
ikeEncAlg String: The encryption algorithm of phase-one negotiation. Valid value: aes | aes192 | aes256 | des | 3des. Default Valid value: aes
ikeLifetime Integer: The SA lifecycle as the result of phase-one negotiation. The valid value of n is [0, 86400], the unit is second and the default value is 86400.
ikeLocalId String: The identification of the VPN gateway.
ikeMode String: The negotiation mode of IKE V1. Valid value: main (main mode) | aggressive (aggressive mode). Default value: main
ikePfs String: The Diffie-Hellman key exchange algorithm used by phase-one negotiation. Valid value: group1 | group2 | group5 | group14 | group24. Default value: group2
ikeRemoteId String: The identification of the customer gateway.
ikeVersion String: The version of the IKE protocol. Valid value: ikev1 | ikev2. Default value: ikev1
psk String: Used for authentication between the IPsec VPN gateway and the customer gateway.

ikeAuthAlg string: The authentication algorithm of phase-one negotiation. Valid value: md5 | sha1 . Default value: md5
ikeEncAlg string: The encryption algorithm of phase-one negotiation. Valid value: aes | aes192 | aes256 | des | 3des. Default Valid value: aes
ikeLifetime number: The SA lifecycle as the result of phase-one negotiation. The valid value of n is [0, 86400], the unit is second and the default value is 86400.
ikeLocalId string: The identification of the VPN gateway.
ikeMode string: The negotiation mode of IKE V1. Valid value: main (main mode) | aggressive (aggressive mode). Default value: main
ikePfs string: The Diffie-Hellman key exchange algorithm used by phase-one negotiation. Valid value: group1 | group2 | group5 | group14 | group24. Default value: group2
ikeRemoteId string: The identification of the customer gateway.
ikeVersion string: The version of the IKE protocol. Valid value: ikev1 | ikev2. Default value: ikev1
psk string: Used for authentication between the IPsec VPN gateway and the customer gateway.

ike_auth_alg str: The authentication algorithm of phase-one negotiation. Valid value: md5 | sha1 . Default value: md5
ike_enc_alg str: The encryption algorithm of phase-one negotiation. Valid value: aes | aes192 | aes256 | des | 3des. Default Valid value: aes
ike_lifetime int: The SA lifecycle as the result of phase-one negotiation. The valid value of n is [0, 86400], the unit is second and the default value is 86400.
ike_local_id str: The identification of the VPN gateway.
ike_mode str: The negotiation mode of IKE V1. Valid value: main (main mode) | aggressive (aggressive mode). Default value: main
ike_pfs str: The Diffie-Hellman key exchange algorithm used by phase-one negotiation. Valid value: group1 | group2 | group5 | group14 | group24. Default value: group2
ike_remote_id str: The identification of the customer gateway.
ike_version str: The version of the IKE protocol. Valid value: ikev1 | ikev2. Default value: ikev1
psk str: Used for authentication between the IPsec VPN gateway and the customer gateway.

ikeAuthAlg String: The authentication algorithm of phase-one negotiation. Valid value: md5 | sha1 . Default value: md5
ikeEncAlg String: The encryption algorithm of phase-one negotiation. Valid value: aes | aes192 | aes256 | des | 3des. Default Valid value: aes
ikeLifetime Number: The SA lifecycle as the result of phase-one negotiation. The valid value of n is [0, 86400], the unit is second and the default value is 86400.
ikeLocalId String: The identification of the VPN gateway.
ikeMode String: The negotiation mode of IKE V1. Valid value: main (main mode) | aggressive (aggressive mode). Default value: main
ikePfs String: The Diffie-Hellman key exchange algorithm used by phase-one negotiation. Valid value: group1 | group2 | group5 | group14 | group24. Default value: group2
ikeRemoteId String: The identification of the customer gateway.
ikeVersion String: The version of the IKE protocol. Valid value: ikev1 | ikev2. Default value: ikev1
psk String: Used for authentication between the IPsec VPN gateway and the customer gateway.

ConnectionIpsecConfig, ConnectionIpsecConfigArgs

IpsecAuthAlg string: The authentication algorithm of phase-two negotiation. Valid value: md5 | sha1 | sha256 | sha384 | sha512 |. Default value: sha1
IpsecEncAlg string: The encryption algorithm of phase-two negotiation. Valid value: aes | aes192 | aes256 | des | 3des. Default value: aes
IpsecLifetime int: The SA lifecycle as the result of phase-two negotiation. The valid value is [0, 86400], the unit is second and the default value is 86400.
IpsecPfs string: The Diffie-Hellman key exchange algorithm used by phase-two negotiation. Valid value: group1 | group2 | group5 | group14 | group24| disabled. Default value: group2

IpsecAuthAlg string: The authentication algorithm of phase-two negotiation. Valid value: md5 | sha1 | sha256 | sha384 | sha512 |. Default value: sha1
IpsecEncAlg string: The encryption algorithm of phase-two negotiation. Valid value: aes | aes192 | aes256 | des | 3des. Default value: aes
IpsecLifetime int: The SA lifecycle as the result of phase-two negotiation. The valid value is [0, 86400], the unit is second and the default value is 86400.
IpsecPfs string: The Diffie-Hellman key exchange algorithm used by phase-two negotiation. Valid value: group1 | group2 | group5 | group14 | group24| disabled. Default value: group2

ipsecAuthAlg String: The authentication algorithm of phase-two negotiation. Valid value: md5 | sha1 | sha256 | sha384 | sha512 |. Default value: sha1
ipsecEncAlg String: The encryption algorithm of phase-two negotiation. Valid value: aes | aes192 | aes256 | des | 3des. Default value: aes
ipsecLifetime Integer: The SA lifecycle as the result of phase-two negotiation. The valid value is [0, 86400], the unit is second and the default value is 86400.
ipsecPfs String: The Diffie-Hellman key exchange algorithm used by phase-two negotiation. Valid value: group1 | group2 | group5 | group14 | group24| disabled. Default value: group2

ipsecAuthAlg string: The authentication algorithm of phase-two negotiation. Valid value: md5 | sha1 | sha256 | sha384 | sha512 |. Default value: sha1
ipsecEncAlg string: The encryption algorithm of phase-two negotiation. Valid value: aes | aes192 | aes256 | des | 3des. Default value: aes
ipsecLifetime number: The SA lifecycle as the result of phase-two negotiation. The valid value is [0, 86400], the unit is second and the default value is 86400.
ipsecPfs string: The Diffie-Hellman key exchange algorithm used by phase-two negotiation. Valid value: group1 | group2 | group5 | group14 | group24| disabled. Default value: group2

ipsec_auth_alg str: The authentication algorithm of phase-two negotiation. Valid value: md5 | sha1 | sha256 | sha384 | sha512 |. Default value: sha1
ipsec_enc_alg str: The encryption algorithm of phase-two negotiation. Valid value: aes | aes192 | aes256 | des | 3des. Default value: aes
ipsec_lifetime int: The SA lifecycle as the result of phase-two negotiation. The valid value is [0, 86400], the unit is second and the default value is 86400.
ipsec_pfs str: The Diffie-Hellman key exchange algorithm used by phase-two negotiation. Valid value: group1 | group2 | group5 | group14 | group24| disabled. Default value: group2

ipsecAuthAlg String: The authentication algorithm of phase-two negotiation. Valid value: md5 | sha1 | sha256 | sha384 | sha512 |. Default value: sha1
ipsecEncAlg String: The encryption algorithm of phase-two negotiation. Valid value: aes | aes192 | aes256 | des | 3des. Default value: aes
ipsecLifetime Number: The SA lifecycle as the result of phase-two negotiation. The valid value is [0, 86400], the unit is second and the default value is 86400.
ipsecPfs String: The Diffie-Hellman key exchange algorithm used by phase-two negotiation. Valid value: group1 | group2 | group5 | group14 | group24| disabled. Default value: group2

Package Details

Repository: Alibaba Cloud pulumi/pulumi-alicloud
License: Apache-2.0
Notes: This Pulumi package is based on the alicloud Terraform Provider.

Alibaba Cloud v3.43.1 published on Monday, Sep 11, 2023 by Pulumi

pulumi/pulumi-alicloud

alicloud.vpn.Connection

On this page

On this page

Import

Example Usage

Create Connection Resource

Connection Resource Properties

Inputs

Outputs

Look up Existing Connection Resource

Supporting Types

ConnectionBgpConfig, ConnectionBgpConfigArgs

ConnectionHealthCheckConfig, ConnectionHealthCheckConfigArgs

ConnectionIkeConfig, ConnectionIkeConfigArgs

ConnectionIpsecConfig, ConnectionIpsecConfigArgs

Package Details

On this page

On this page