Alibaba Cloud

v3.28.0 published on Tuesday, Aug 16, 2022 by Pulumi

GatewayVpnAttachment

Provides a VPN Gateway Vpn Attachment resource.

For information about VPN Gateway Vpn Attachment and how to use it, see What is Vpn Attachment.

NOTE: Available in v1.181.0+.

Example Usage

using Pulumi;
using AliCloud = Pulumi.AliCloud;

class MyStack : Stack
{
    public MyStack()
    {
        var defaultCustomerGateway = new AliCloud.Vpn.CustomerGateway("defaultCustomerGateway", new AliCloud.Vpn.CustomerGatewayArgs
        {
            IpAddress = "42.104.22.210",
            Asn = "45014",
            Description = "testAccVpnConnectionDesc",
        });
        var defaultGatewayVpnAttachment = new AliCloud.Vpn.GatewayVpnAttachment("defaultGatewayVpnAttachment", new AliCloud.Vpn.GatewayVpnAttachmentArgs
        {
            CustomerGatewayId = defaultCustomerGateway.Id,
            NetworkType = "public",
            LocalSubnet = "0.0.0.0/0",
            RemoteSubnet = "0.0.0.0/0",
            EffectImmediately = false,
            IkeConfig = new AliCloud.Vpn.Inputs.GatewayVpnAttachmentIkeConfigArgs
            {
                IkeAuthAlg = "md5",
                IkeEncAlg = "des",
                IkeVersion = "ikev2",
                IkeMode = "main",
                IkeLifetime = 86400,
                Psk = "tf-testvpn2",
                IkePfs = "group1",
                RemoteId = "testbob2",
                LocalId = "testalice2",
            },
            IpsecConfig = new AliCloud.Vpn.Inputs.GatewayVpnAttachmentIpsecConfigArgs
            {
                IpsecPfs = "group5",
                IpsecEncAlg = "des",
                IpsecAuthAlg = "md5",
                IpsecLifetime = 86400,
            },
            BgpConfig = new AliCloud.Vpn.Inputs.GatewayVpnAttachmentBgpConfigArgs
            {
                Enable = true,
                LocalAsn = 45014,
                TunnelCidr = "169.254.11.0/30",
                LocalBgpIp = "169.254.11.1",
            },
            HealthCheckConfig = new AliCloud.Vpn.Inputs.GatewayVpnAttachmentHealthCheckConfigArgs
            {
                Enable = true,
                Sip = "192.168.1.1",
                Dip = "10.0.0.1",
                Interval = 10,
                Retry = 10,
                Policy = "revoke_route",
            },
            EnableDpd = true,
            EnableNatTraversal = true,
            VpnAttachmentName = @var.Name,
        });
    }

}
package main

import (
	"github.com/pulumi/pulumi-alicloud/sdk/v3/go/alicloud/vpn"
	"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)

func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		defaultCustomerGateway, err := vpn.NewCustomerGateway(ctx, "defaultCustomerGateway", &vpn.CustomerGatewayArgs{
			IpAddress:   pulumi.String("42.104.22.210"),
			Asn:         pulumi.String("45014"),
			Description: pulumi.String("testAccVpnConnectionDesc"),
		})
		if err != nil {
			return err
		}
		_, err = vpn.NewGatewayVpnAttachment(ctx, "defaultGatewayVpnAttachment", &vpn.GatewayVpnAttachmentArgs{
			CustomerGatewayId: defaultCustomerGateway.ID(),
			NetworkType:       pulumi.String("public"),
			LocalSubnet:       pulumi.String("0.0.0.0/0"),
			RemoteSubnet:      pulumi.String("0.0.0.0/0"),
			EffectImmediately: pulumi.Bool(false),
			IkeConfig: &vpn.GatewayVpnAttachmentIkeConfigArgs{
				IkeAuthAlg:  pulumi.String("md5"),
				IkeEncAlg:   pulumi.String("des"),
				IkeVersion:  pulumi.String("ikev2"),
				IkeMode:     pulumi.String("main"),
				IkeLifetime: pulumi.Int(86400),
				Psk:         pulumi.String("tf-testvpn2"),
				IkePfs:      pulumi.String("group1"),
				RemoteId:    pulumi.String("testbob2"),
				LocalId:     pulumi.String("testalice2"),
			},
			IpsecConfig: &vpn.GatewayVpnAttachmentIpsecConfigArgs{
				IpsecPfs:      pulumi.String("group5"),
				IpsecEncAlg:   pulumi.String("des"),
				IpsecAuthAlg:  pulumi.String("md5"),
				IpsecLifetime: pulumi.Int(86400),
			},
			BgpConfig: &vpn.GatewayVpnAttachmentBgpConfigArgs{
				Enable:     pulumi.Bool(true),
				LocalAsn:   pulumi.Int(45014),
				TunnelCidr: pulumi.String("169.254.11.0/30"),
				LocalBgpIp: pulumi.String("169.254.11.1"),
			},
			HealthCheckConfig: &vpn.GatewayVpnAttachmentHealthCheckConfigArgs{
				Enable:   pulumi.Bool(true),
				Sip:      pulumi.String("192.168.1.1"),
				Dip:      pulumi.String("10.0.0.1"),
				Interval: pulumi.Int(10),
				Retry:    pulumi.Int(10),
				Policy:   pulumi.String("revoke_route"),
			},
			EnableDpd:          pulumi.Bool(true),
			EnableNatTraversal: pulumi.Bool(true),
			VpnAttachmentName:  pulumi.Any(_var.Name),
		})
		if err != nil {
			return err
		}
		return nil
	})
}
package generated_program;

import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.alicloud.vpn.CustomerGateway;
import com.pulumi.alicloud.vpn.CustomerGatewayArgs;
import com.pulumi.alicloud.vpn.GatewayVpnAttachment;
import com.pulumi.alicloud.vpn.GatewayVpnAttachmentArgs;
import com.pulumi.alicloud.vpn.inputs.GatewayVpnAttachmentIkeConfigArgs;
import com.pulumi.alicloud.vpn.inputs.GatewayVpnAttachmentIpsecConfigArgs;
import com.pulumi.alicloud.vpn.inputs.GatewayVpnAttachmentBgpConfigArgs;
import com.pulumi.alicloud.vpn.inputs.GatewayVpnAttachmentHealthCheckConfigArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;

public class App {
    public static void main(String[] args) {
        Pulumi.run(App::stack);
    }

    public static void stack(Context ctx) {
        var defaultCustomerGateway = new CustomerGateway("defaultCustomerGateway", CustomerGatewayArgs.builder()        
            .ipAddress("42.104.22.210")
            .asn("45014")
            .description("testAccVpnConnectionDesc")
            .build());

        var defaultGatewayVpnAttachment = new GatewayVpnAttachment("defaultGatewayVpnAttachment", GatewayVpnAttachmentArgs.builder()        
            .customerGatewayId(defaultCustomerGateway.id())
            .networkType("public")
            .localSubnet("0.0.0.0/0")
            .remoteSubnet("0.0.0.0/0")
            .effectImmediately(false)
            .ikeConfig(GatewayVpnAttachmentIkeConfigArgs.builder()
                .ikeAuthAlg("md5")
                .ikeEncAlg("des")
                .ikeVersion("ikev2")
                .ikeMode("main")
                .ikeLifetime(86400)
                .psk("tf-testvpn2")
                .ikePfs("group1")
                .remoteId("testbob2")
                .localId("testalice2")
                .build())
            .ipsecConfig(GatewayVpnAttachmentIpsecConfigArgs.builder()
                .ipsecPfs("group5")
                .ipsecEncAlg("des")
                .ipsecAuthAlg("md5")
                .ipsecLifetime(86400)
                .build())
            .bgpConfig(GatewayVpnAttachmentBgpConfigArgs.builder()
                .enable(true)
                .localAsn(45014)
                .tunnelCidr("169.254.11.0/30")
                .localBgpIp("169.254.11.1")
                .build())
            .healthCheckConfig(GatewayVpnAttachmentHealthCheckConfigArgs.builder()
                .enable(true)
                .sip("192.168.1.1")
                .dip("10.0.0.1")
                .interval(10)
                .retry(10)
                .policy("revoke_route")
                .build())
            .enableDpd(true)
            .enableNatTraversal(true)
            .vpnAttachmentName(var_.name())
            .build());

    }
}
import pulumi
import pulumi_alicloud as alicloud

default_customer_gateway = alicloud.vpn.CustomerGateway("defaultCustomerGateway",
    ip_address="42.104.22.210",
    asn="45014",
    description="testAccVpnConnectionDesc")
default_gateway_vpn_attachment = alicloud.vpn.GatewayVpnAttachment("defaultGatewayVpnAttachment",
    customer_gateway_id=default_customer_gateway.id,
    network_type="public",
    local_subnet="0.0.0.0/0",
    remote_subnet="0.0.0.0/0",
    effect_immediately=False,
    ike_config=alicloud.vpn.GatewayVpnAttachmentIkeConfigArgs(
        ike_auth_alg="md5",
        ike_enc_alg="des",
        ike_version="ikev2",
        ike_mode="main",
        ike_lifetime=86400,
        psk="tf-testvpn2",
        ike_pfs="group1",
        remote_id="testbob2",
        local_id="testalice2",
    ),
    ipsec_config=alicloud.vpn.GatewayVpnAttachmentIpsecConfigArgs(
        ipsec_pfs="group5",
        ipsec_enc_alg="des",
        ipsec_auth_alg="md5",
        ipsec_lifetime=86400,
    ),
    bgp_config=alicloud.vpn.GatewayVpnAttachmentBgpConfigArgs(
        enable=True,
        local_asn=45014,
        tunnel_cidr="169.254.11.0/30",
        local_bgp_ip="169.254.11.1",
    ),
    health_check_config=alicloud.vpn.GatewayVpnAttachmentHealthCheckConfigArgs(
        enable=True,
        sip="192.168.1.1",
        dip="10.0.0.1",
        interval=10,
        retry=10,
        policy="revoke_route",
    ),
    enable_dpd=True,
    enable_nat_traversal=True,
    vpn_attachment_name=var["name"])
import * as pulumi from "@pulumi/pulumi";
import * as alicloud from "@pulumi/alicloud";

const defaultCustomerGateway = new alicloud.vpn.CustomerGateway("defaultCustomerGateway", {
    ipAddress: "42.104.22.210",
    asn: "45014",
    description: "testAccVpnConnectionDesc",
});
const defaultGatewayVpnAttachment = new alicloud.vpn.GatewayVpnAttachment("defaultGatewayVpnAttachment", {
    customerGatewayId: defaultCustomerGateway.id,
    networkType: "public",
    localSubnet: "0.0.0.0/0",
    remoteSubnet: "0.0.0.0/0",
    effectImmediately: false,
    ikeConfig: {
        ikeAuthAlg: "md5",
        ikeEncAlg: "des",
        ikeVersion: "ikev2",
        ikeMode: "main",
        ikeLifetime: 86400,
        psk: "tf-testvpn2",
        ikePfs: "group1",
        remoteId: "testbob2",
        localId: "testalice2",
    },
    ipsecConfig: {
        ipsecPfs: "group5",
        ipsecEncAlg: "des",
        ipsecAuthAlg: "md5",
        ipsecLifetime: 86400,
    },
    bgpConfig: {
        enable: true,
        localAsn: 45014,
        tunnelCidr: "169.254.11.0/30",
        localBgpIp: "169.254.11.1",
    },
    healthCheckConfig: {
        enable: true,
        sip: "192.168.1.1",
        dip: "10.0.0.1",
        interval: 10,
        retry: 10,
        policy: "revoke_route",
    },
    enableDpd: true,
    enableNatTraversal: true,
    vpnAttachmentName: _var.name,
});
resources:
  defaultCustomerGateway:
    type: alicloud:vpn:CustomerGateway
    properties:
      ipAddress: 42.104.22.210
      asn: 45014
      description: testAccVpnConnectionDesc
  defaultGatewayVpnAttachment:
    type: alicloud:vpn:GatewayVpnAttachment
    properties:
      customerGatewayId: ${defaultCustomerGateway.id}
      networkType: public
      localSubnet: 0.0.0.0/0
      remoteSubnet: 0.0.0.0/0
      effectImmediately: false
      ikeConfig:
        ikeAuthAlg: md5
        ikeEncAlg: des
        ikeVersion: ikev2
        ikeMode: main
        ikeLifetime: 86400
        psk: tf-testvpn2
        ikePfs: group1
        remoteId: testbob2
        localId: testalice2
      ipsecConfig:
        ipsecPfs: group5
        ipsecEncAlg: des
        ipsecAuthAlg: md5
        ipsecLifetime: 86400
      bgpConfig:
        enable: true
        localAsn: 45014
        tunnelCidr: 169.254.11.0/30
        localBgpIp: 169.254.11.1
      healthCheckConfig:
        enable: true
        sip: 192.168.1.1
        dip: 10.0.0.1
        interval: 10
        retry: 10
        policy: revoke_route
      enableDpd: true
      enableNatTraversal: true
      vpnAttachmentName: ${var.name}

Create a GatewayVpnAttachment Resource

new GatewayVpnAttachment(name: string, args: GatewayVpnAttachmentArgs, opts?: CustomResourceOptions);
@overload
def GatewayVpnAttachment(resource_name: str,
                         opts: Optional[ResourceOptions] = None,
                         bgp_config: Optional[GatewayVpnAttachmentBgpConfigArgs] = None,
                         customer_gateway_id: Optional[str] = None,
                         effect_immediately: Optional[bool] = None,
                         enable_dpd: Optional[bool] = None,
                         enable_nat_traversal: Optional[bool] = None,
                         health_check_config: Optional[GatewayVpnAttachmentHealthCheckConfigArgs] = None,
                         ike_config: Optional[GatewayVpnAttachmentIkeConfigArgs] = None,
                         ipsec_config: Optional[GatewayVpnAttachmentIpsecConfigArgs] = None,
                         local_subnet: Optional[str] = None,
                         network_type: Optional[str] = None,
                         remote_subnet: Optional[str] = None,
                         vpn_attachment_name: Optional[str] = None)
@overload
def GatewayVpnAttachment(resource_name: str,
                         args: GatewayVpnAttachmentArgs,
                         opts: Optional[ResourceOptions] = None)
func NewGatewayVpnAttachment(ctx *Context, name string, args GatewayVpnAttachmentArgs, opts ...ResourceOption) (*GatewayVpnAttachment, error)
public GatewayVpnAttachment(string name, GatewayVpnAttachmentArgs args, CustomResourceOptions? opts = null)
public GatewayVpnAttachment(String name, GatewayVpnAttachmentArgs args)
public GatewayVpnAttachment(String name, GatewayVpnAttachmentArgs args, CustomResourceOptions options)
type: alicloud:vpn:GatewayVpnAttachment
properties: # The arguments to resource properties.
options: # Bag of options to control resource's behavior.

name string
The unique name of the resource.
args GatewayVpnAttachmentArgs
The arguments to resource properties.
opts CustomResourceOptions
Bag of options to control resource's behavior.
resource_name str
The unique name of the resource.
args GatewayVpnAttachmentArgs
The arguments to resource properties.
opts ResourceOptions
Bag of options to control resource's behavior.
ctx Context
Context object for the current deployment.
name string
The unique name of the resource.
args GatewayVpnAttachmentArgs
The arguments to resource properties.
opts ResourceOption
Bag of options to control resource's behavior.
name string
The unique name of the resource.
args GatewayVpnAttachmentArgs
The arguments to resource properties.
opts CustomResourceOptions
Bag of options to control resource's behavior.
name String
The unique name of the resource.
args GatewayVpnAttachmentArgs
The arguments to resource properties.
options CustomResourceOptions
Bag of options to control resource's behavior.

GatewayVpnAttachment Resource Properties

To learn more about resource properties and how to use them, see Inputs and Outputs in the Architecture and Concepts docs.

Inputs

The GatewayVpnAttachment resource accepts the following input properties:

CustomerGatewayId string

The ID of the customer gateway.

LocalSubnet string

The CIDR block of the virtual private cloud (VPC).

RemoteSubnet string

The CIDR block of the on-premises data center.

BgpConfig Pulumi.AliCloud.Vpn.Inputs.GatewayVpnAttachmentBgpConfigArgs

Bgp configuration information. See the following Block bgp_config.

EffectImmediately bool

Indicates whether IPsec-VPN negotiations are initiated immediately. Valid values.

EnableDpd bool

Whether to enable the DPD (peer survival detection) function.

EnableNatTraversal bool

Allow NAT penetration.

HealthCheckConfig Pulumi.AliCloud.Vpn.Inputs.GatewayVpnAttachmentHealthCheckConfigArgs

Health check configuration information. See the following Block health_check_config.

IkeConfig Pulumi.AliCloud.Vpn.Inputs.GatewayVpnAttachmentIkeConfigArgs

Configuration negotiated in the second stage. See the following Block ike_config.

IpsecConfig Pulumi.AliCloud.Vpn.Inputs.GatewayVpnAttachmentIpsecConfigArgs

Configuration negotiated in the second stage. See the following Block ipsec_config.

NetworkType string

The network type of the IPsec connection. Valid values: public, private.

VpnAttachmentName string

The name of the vpn attachment.

CustomerGatewayId string

The ID of the customer gateway.

LocalSubnet string

The CIDR block of the virtual private cloud (VPC).

RemoteSubnet string

The CIDR block of the on-premises data center.

BgpConfig GatewayVpnAttachmentBgpConfigArgs

Bgp configuration information. See the following Block bgp_config.

EffectImmediately bool

Indicates whether IPsec-VPN negotiations are initiated immediately. Valid values.

EnableDpd bool

Whether to enable the DPD (peer survival detection) function.

EnableNatTraversal bool

Allow NAT penetration.

HealthCheckConfig GatewayVpnAttachmentHealthCheckConfigArgs

Health check configuration information. See the following Block health_check_config.

IkeConfig GatewayVpnAttachmentIkeConfigArgs

Configuration negotiated in the second stage. See the following Block ike_config.

IpsecConfig GatewayVpnAttachmentIpsecConfigArgs

Configuration negotiated in the second stage. See the following Block ipsec_config.

NetworkType string

The network type of the IPsec connection. Valid values: public, private.

VpnAttachmentName string

The name of the vpn attachment.

customerGatewayId String

The ID of the customer gateway.

localSubnet String

The CIDR block of the virtual private cloud (VPC).

remoteSubnet String

The CIDR block of the on-premises data center.

bgpConfig GatewayVpnAttachmentBgpConfigArgs

Bgp configuration information. See the following Block bgp_config.

effectImmediately Boolean

Indicates whether IPsec-VPN negotiations are initiated immediately. Valid values.

enableDpd Boolean

Whether to enable the DPD (peer survival detection) function.

enableNatTraversal Boolean

Allow NAT penetration.

healthCheckConfig GatewayVpnAttachmentHealthCheckConfigArgs

Health check configuration information. See the following Block health_check_config.

ikeConfig GatewayVpnAttachmentIkeConfigArgs

Configuration negotiated in the second stage. See the following Block ike_config.

ipsecConfig GatewayVpnAttachmentIpsecConfigArgs

Configuration negotiated in the second stage. See the following Block ipsec_config.

networkType String

The network type of the IPsec connection. Valid values: public, private.

vpnAttachmentName String

The name of the vpn attachment.

customerGatewayId string

The ID of the customer gateway.

localSubnet string

The CIDR block of the virtual private cloud (VPC).

remoteSubnet string

The CIDR block of the on-premises data center.

bgpConfig GatewayVpnAttachmentBgpConfigArgs

Bgp configuration information. See the following Block bgp_config.

effectImmediately boolean

Indicates whether IPsec-VPN negotiations are initiated immediately. Valid values.

enableDpd boolean

Whether to enable the DPD (peer survival detection) function.

enableNatTraversal boolean

Allow NAT penetration.

healthCheckConfig GatewayVpnAttachmentHealthCheckConfigArgs

Health check configuration information. See the following Block health_check_config.

ikeConfig GatewayVpnAttachmentIkeConfigArgs

Configuration negotiated in the second stage. See the following Block ike_config.

ipsecConfig GatewayVpnAttachmentIpsecConfigArgs

Configuration negotiated in the second stage. See the following Block ipsec_config.

networkType string

The network type of the IPsec connection. Valid values: public, private.

vpnAttachmentName string

The name of the vpn attachment.

customer_gateway_id str

The ID of the customer gateway.

local_subnet str

The CIDR block of the virtual private cloud (VPC).

remote_subnet str

The CIDR block of the on-premises data center.

bgp_config GatewayVpnAttachmentBgpConfigArgs

Bgp configuration information. See the following Block bgp_config.

effect_immediately bool

Indicates whether IPsec-VPN negotiations are initiated immediately. Valid values.

enable_dpd bool

Whether to enable the DPD (peer survival detection) function.

enable_nat_traversal bool

Allow NAT penetration.

health_check_config GatewayVpnAttachmentHealthCheckConfigArgs

Health check configuration information. See the following Block health_check_config.

ike_config GatewayVpnAttachmentIkeConfigArgs

Configuration negotiated in the second stage. See the following Block ike_config.

ipsec_config GatewayVpnAttachmentIpsecConfigArgs

Configuration negotiated in the second stage. See the following Block ipsec_config.

network_type str

The network type of the IPsec connection. Valid values: public, private.

vpn_attachment_name str

The name of the vpn attachment.

customerGatewayId String

The ID of the customer gateway.

localSubnet String

The CIDR block of the virtual private cloud (VPC).

remoteSubnet String

The CIDR block of the on-premises data center.

bgpConfig Property Map

Bgp configuration information. See the following Block bgp_config.

effectImmediately Boolean

Indicates whether IPsec-VPN negotiations are initiated immediately. Valid values.

enableDpd Boolean

Whether to enable the DPD (peer survival detection) function.

enableNatTraversal Boolean

Allow NAT penetration.

healthCheckConfig Property Map

Health check configuration information. See the following Block health_check_config.

ikeConfig Property Map

Configuration negotiated in the second stage. See the following Block ike_config.

ipsecConfig Property Map

Configuration negotiated in the second stage. See the following Block ipsec_config.

networkType String

The network type of the IPsec connection. Valid values: public, private.

vpnAttachmentName String

The name of the vpn attachment.

Outputs

All input properties are implicitly available as output properties. Additionally, the GatewayVpnAttachment resource produces the following output properties:

Id string

The provider-assigned unique ID for this managed resource.

Status string

The status of the resource.

Id string

The provider-assigned unique ID for this managed resource.

Status string

The status of the resource.

id String

The provider-assigned unique ID for this managed resource.

status String

The status of the resource.

id string

The provider-assigned unique ID for this managed resource.

status string

The status of the resource.

id str

The provider-assigned unique ID for this managed resource.

status str

The status of the resource.

id String

The provider-assigned unique ID for this managed resource.

status String

The status of the resource.

Look up an Existing GatewayVpnAttachment Resource

Get an existing GatewayVpnAttachment resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.

public static get(name: string, id: Input<ID>, state?: GatewayVpnAttachmentState, opts?: CustomResourceOptions): GatewayVpnAttachment
@staticmethod
def get(resource_name: str,
        id: str,
        opts: Optional[ResourceOptions] = None,
        bgp_config: Optional[GatewayVpnAttachmentBgpConfigArgs] = None,
        customer_gateway_id: Optional[str] = None,
        effect_immediately: Optional[bool] = None,
        enable_dpd: Optional[bool] = None,
        enable_nat_traversal: Optional[bool] = None,
        health_check_config: Optional[GatewayVpnAttachmentHealthCheckConfigArgs] = None,
        ike_config: Optional[GatewayVpnAttachmentIkeConfigArgs] = None,
        ipsec_config: Optional[GatewayVpnAttachmentIpsecConfigArgs] = None,
        local_subnet: Optional[str] = None,
        network_type: Optional[str] = None,
        remote_subnet: Optional[str] = None,
        status: Optional[str] = None,
        vpn_attachment_name: Optional[str] = None) -> GatewayVpnAttachment
func GetGatewayVpnAttachment(ctx *Context, name string, id IDInput, state *GatewayVpnAttachmentState, opts ...ResourceOption) (*GatewayVpnAttachment, error)
public static GatewayVpnAttachment Get(string name, Input<string> id, GatewayVpnAttachmentState? state, CustomResourceOptions? opts = null)
public static GatewayVpnAttachment get(String name, Output<String> id, GatewayVpnAttachmentState state, CustomResourceOptions options)
Resource lookup is not supported in YAML
name
The unique name of the resulting resource.
id
The unique provider ID of the resource to lookup.
state
Any extra arguments used during the lookup.
opts
A bag of options that control this resource's behavior.
resource_name
The unique name of the resulting resource.
id
The unique provider ID of the resource to lookup.
name
The unique name of the resulting resource.
id
The unique provider ID of the resource to lookup.
state
Any extra arguments used during the lookup.
opts
A bag of options that control this resource's behavior.
name
The unique name of the resulting resource.
id
The unique provider ID of the resource to lookup.
state
Any extra arguments used during the lookup.
opts
A bag of options that control this resource's behavior.
name
The unique name of the resulting resource.
id
The unique provider ID of the resource to lookup.
state
Any extra arguments used during the lookup.
opts
A bag of options that control this resource's behavior.
The following state arguments are supported:
BgpConfig Pulumi.AliCloud.Vpn.Inputs.GatewayVpnAttachmentBgpConfigArgs

Bgp configuration information. See the following Block bgp_config.

CustomerGatewayId string

The ID of the customer gateway.

EffectImmediately bool

Indicates whether IPsec-VPN negotiations are initiated immediately. Valid values.

EnableDpd bool

Whether to enable the DPD (peer survival detection) function.

EnableNatTraversal bool

Allow NAT penetration.

HealthCheckConfig Pulumi.AliCloud.Vpn.Inputs.GatewayVpnAttachmentHealthCheckConfigArgs

Health check configuration information. See the following Block health_check_config.

IkeConfig Pulumi.AliCloud.Vpn.Inputs.GatewayVpnAttachmentIkeConfigArgs

Configuration negotiated in the second stage. See the following Block ike_config.

IpsecConfig Pulumi.AliCloud.Vpn.Inputs.GatewayVpnAttachmentIpsecConfigArgs

Configuration negotiated in the second stage. See the following Block ipsec_config.

LocalSubnet string

The CIDR block of the virtual private cloud (VPC).

NetworkType string

The network type of the IPsec connection. Valid values: public, private.

RemoteSubnet string

The CIDR block of the on-premises data center.

Status string

The status of the resource.

VpnAttachmentName string

The name of the vpn attachment.

BgpConfig GatewayVpnAttachmentBgpConfigArgs

Bgp configuration information. See the following Block bgp_config.

CustomerGatewayId string

The ID of the customer gateway.

EffectImmediately bool

Indicates whether IPsec-VPN negotiations are initiated immediately. Valid values.

EnableDpd bool

Whether to enable the DPD (peer survival detection) function.

EnableNatTraversal bool

Allow NAT penetration.

HealthCheckConfig GatewayVpnAttachmentHealthCheckConfigArgs

Health check configuration information. See the following Block health_check_config.

IkeConfig GatewayVpnAttachmentIkeConfigArgs

Configuration negotiated in the second stage. See the following Block ike_config.

IpsecConfig GatewayVpnAttachmentIpsecConfigArgs

Configuration negotiated in the second stage. See the following Block ipsec_config.

LocalSubnet string

The CIDR block of the virtual private cloud (VPC).

NetworkType string

The network type of the IPsec connection. Valid values: public, private.

RemoteSubnet string

The CIDR block of the on-premises data center.

Status string

The status of the resource.

VpnAttachmentName string

The name of the vpn attachment.

bgpConfig GatewayVpnAttachmentBgpConfigArgs

Bgp configuration information. See the following Block bgp_config.

customerGatewayId String

The ID of the customer gateway.

effectImmediately Boolean

Indicates whether IPsec-VPN negotiations are initiated immediately. Valid values.

enableDpd Boolean

Whether to enable the DPD (peer survival detection) function.

enableNatTraversal Boolean

Allow NAT penetration.

healthCheckConfig GatewayVpnAttachmentHealthCheckConfigArgs

Health check configuration information. See the following Block health_check_config.

ikeConfig GatewayVpnAttachmentIkeConfigArgs

Configuration negotiated in the second stage. See the following Block ike_config.

ipsecConfig GatewayVpnAttachmentIpsecConfigArgs

Configuration negotiated in the second stage. See the following Block ipsec_config.

localSubnet String

The CIDR block of the virtual private cloud (VPC).

networkType String

The network type of the IPsec connection. Valid values: public, private.

remoteSubnet String

The CIDR block of the on-premises data center.

status String

The status of the resource.

vpnAttachmentName String

The name of the vpn attachment.

bgpConfig GatewayVpnAttachmentBgpConfigArgs

Bgp configuration information. See the following Block bgp_config.

customerGatewayId string

The ID of the customer gateway.

effectImmediately boolean

Indicates whether IPsec-VPN negotiations are initiated immediately. Valid values.

enableDpd boolean

Whether to enable the DPD (peer survival detection) function.

enableNatTraversal boolean

Allow NAT penetration.

healthCheckConfig GatewayVpnAttachmentHealthCheckConfigArgs

Health check configuration information. See the following Block health_check_config.

ikeConfig GatewayVpnAttachmentIkeConfigArgs

Configuration negotiated in the second stage. See the following Block ike_config.

ipsecConfig GatewayVpnAttachmentIpsecConfigArgs

Configuration negotiated in the second stage. See the following Block ipsec_config.

localSubnet string

The CIDR block of the virtual private cloud (VPC).

networkType string

The network type of the IPsec connection. Valid values: public, private.

remoteSubnet string

The CIDR block of the on-premises data center.

status string

The status of the resource.

vpnAttachmentName string

The name of the vpn attachment.

bgp_config GatewayVpnAttachmentBgpConfigArgs

Bgp configuration information. See the following Block bgp_config.

customer_gateway_id str

The ID of the customer gateway.

effect_immediately bool

Indicates whether IPsec-VPN negotiations are initiated immediately. Valid values.

enable_dpd bool

Whether to enable the DPD (peer survival detection) function.

enable_nat_traversal bool

Allow NAT penetration.

health_check_config GatewayVpnAttachmentHealthCheckConfigArgs

Health check configuration information. See the following Block health_check_config.

ike_config GatewayVpnAttachmentIkeConfigArgs

Configuration negotiated in the second stage. See the following Block ike_config.

ipsec_config GatewayVpnAttachmentIpsecConfigArgs

Configuration negotiated in the second stage. See the following Block ipsec_config.

local_subnet str

The CIDR block of the virtual private cloud (VPC).

network_type str

The network type of the IPsec connection. Valid values: public, private.

remote_subnet str

The CIDR block of the on-premises data center.

status str

The status of the resource.

vpn_attachment_name str

The name of the vpn attachment.

bgpConfig Property Map

Bgp configuration information. See the following Block bgp_config.

customerGatewayId String

The ID of the customer gateway.

effectImmediately Boolean

Indicates whether IPsec-VPN negotiations are initiated immediately. Valid values.

enableDpd Boolean

Whether to enable the DPD (peer survival detection) function.

enableNatTraversal Boolean

Allow NAT penetration.

healthCheckConfig Property Map

Health check configuration information. See the following Block health_check_config.

ikeConfig Property Map

Configuration negotiated in the second stage. See the following Block ike_config.

ipsecConfig Property Map

Configuration negotiated in the second stage. See the following Block ipsec_config.

localSubnet String

The CIDR block of the virtual private cloud (VPC).

networkType String

The network type of the IPsec connection. Valid values: public, private.

remoteSubnet String

The CIDR block of the on-premises data center.

status String

The status of the resource.

vpnAttachmentName String

The name of the vpn attachment.

Supporting Types

GatewayVpnAttachmentBgpConfig

Enable bool

Whether to enable BGP.

LocalAsn int

The ASN on the Alibaba Cloud side.

LocalBgpIp string

The BGP IP address on the Alibaba Cloud side.

TunnelCidr string

The CIDR block of the IPsec tunnel. The CIDR block belongs to 169.254.0.0/16. The mask of the CIDR block is 30 bits in length.

Enable bool

Whether to enable BGP.

LocalAsn int

The ASN on the Alibaba Cloud side.

LocalBgpIp string

The BGP IP address on the Alibaba Cloud side.

TunnelCidr string

The CIDR block of the IPsec tunnel. The CIDR block belongs to 169.254.0.0/16. The mask of the CIDR block is 30 bits in length.

enable Boolean

Whether to enable BGP.

localAsn Integer

The ASN on the Alibaba Cloud side.

localBgpIp String

The BGP IP address on the Alibaba Cloud side.

tunnelCidr String

The CIDR block of the IPsec tunnel. The CIDR block belongs to 169.254.0.0/16. The mask of the CIDR block is 30 bits in length.

enable boolean

Whether to enable BGP.

localAsn number

The ASN on the Alibaba Cloud side.

localBgpIp string

The BGP IP address on the Alibaba Cloud side.

tunnelCidr string

The CIDR block of the IPsec tunnel. The CIDR block belongs to 169.254.0.0/16. The mask of the CIDR block is 30 bits in length.

enable bool

Whether to enable BGP.

local_asn int

The ASN on the Alibaba Cloud side.

local_bgp_ip str

The BGP IP address on the Alibaba Cloud side.

tunnel_cidr str

The CIDR block of the IPsec tunnel. The CIDR block belongs to 169.254.0.0/16. The mask of the CIDR block is 30 bits in length.

enable Boolean

Whether to enable BGP.

localAsn Number

The ASN on the Alibaba Cloud side.

localBgpIp String

The BGP IP address on the Alibaba Cloud side.

tunnelCidr String

The CIDR block of the IPsec tunnel. The CIDR block belongs to 169.254.0.0/16. The mask of the CIDR block is 30 bits in length.

GatewayVpnAttachmentHealthCheckConfig

Dip string

The destination IP address that is used for health checks.

Enable bool

Whether to enable BGP.

Interval int

The interval between two consecutive health checks. Unit: seconds.

Policy string

Whether to revoke the published route when the health check fails. Valid values: revoke_route or reserve_route.

Retry int

The maximum number of health check retries.

Sip string

The source IP address that is used for health checks.

Dip string

The destination IP address that is used for health checks.

Enable bool

Whether to enable BGP.

Interval int

The interval between two consecutive health checks. Unit: seconds.

Policy string

Whether to revoke the published route when the health check fails. Valid values: revoke_route or reserve_route.

Retry int

The maximum number of health check retries.

Sip string

The source IP address that is used for health checks.

dip String

The destination IP address that is used for health checks.

enable Boolean

Whether to enable BGP.

interval Integer

The interval between two consecutive health checks. Unit: seconds.

policy String

Whether to revoke the published route when the health check fails. Valid values: revoke_route or reserve_route.

retry Integer

The maximum number of health check retries.

sip String

The source IP address that is used for health checks.

dip string

The destination IP address that is used for health checks.

enable boolean

Whether to enable BGP.

interval number

The interval between two consecutive health checks. Unit: seconds.

policy string

Whether to revoke the published route when the health check fails. Valid values: revoke_route or reserve_route.

retry number

The maximum number of health check retries.

sip string

The source IP address that is used for health checks.

dip str

The destination IP address that is used for health checks.

enable bool

Whether to enable BGP.

interval int

The interval between two consecutive health checks. Unit: seconds.

policy str

Whether to revoke the published route when the health check fails. Valid values: revoke_route or reserve_route.

retry int

The maximum number of health check retries.

sip str

The source IP address that is used for health checks.

dip String

The destination IP address that is used for health checks.

enable Boolean

Whether to enable BGP.

interval Number

The interval between two consecutive health checks. Unit: seconds.

policy String

Whether to revoke the published route when the health check fails. Valid values: revoke_route or reserve_route.

retry Number

The maximum number of health check retries.

sip String

The source IP address that is used for health checks.

GatewayVpnAttachmentIkeConfig

IkeAuthAlg string

IKE authentication algorithm supports sha1 and MD5.

IkeEncAlg string

The encryption algorithm of phase-one negotiation. Valid value: aes | aes192 | aes256 | des | 3des. Default Valid value: aes.

IkeLifetime int

The SA lifecycle as the result of phase-one negotiation. The valid value of n is [0, 86400], the unit is second and the default value is 86400.

IkeMode string

The negotiation mode of IKE V1. Valid value: main (main mode) | aggressive (aggressive mode). Default value: main.

IkePfs string

The Diffie-Hellman key exchange algorithm used by phase-one negotiation. Valid value: group1 | group2 | group5 | group14 | group24. Default value: group2

IkeVersion string

The version of the IKE protocol. Valid value: ikev1, ikev2. Default value: ikev1.

LocalId string

The local ID, which supports the FQDN and IP formats. The current VPN gateway IP address is selected by default.

Psk string

Used for authentication between the IPsec VPN gateway and the customer gateway.

RemoteId string

The peer ID, which supports FQDN and IP formats. By default, the IP address of the currently selected user gateway.

IkeAuthAlg string

IKE authentication algorithm supports sha1 and MD5.

IkeEncAlg string

The encryption algorithm of phase-one negotiation. Valid value: aes | aes192 | aes256 | des | 3des. Default Valid value: aes.

IkeLifetime int

The SA lifecycle as the result of phase-one negotiation. The valid value of n is [0, 86400], the unit is second and the default value is 86400.

IkeMode string

The negotiation mode of IKE V1. Valid value: main (main mode) | aggressive (aggressive mode). Default value: main.

IkePfs string

The Diffie-Hellman key exchange algorithm used by phase-one negotiation. Valid value: group1 | group2 | group5 | group14 | group24. Default value: group2

IkeVersion string

The version of the IKE protocol. Valid value: ikev1, ikev2. Default value: ikev1.

LocalId string

The local ID, which supports the FQDN and IP formats. The current VPN gateway IP address is selected by default.

Psk string

Used for authentication between the IPsec VPN gateway and the customer gateway.

RemoteId string

The peer ID, which supports FQDN and IP formats. By default, the IP address of the currently selected user gateway.

ikeAuthAlg String

IKE authentication algorithm supports sha1 and MD5.

ikeEncAlg String

The encryption algorithm of phase-one negotiation. Valid value: aes | aes192 | aes256 | des | 3des. Default Valid value: aes.

ikeLifetime Integer

The SA lifecycle as the result of phase-one negotiation. The valid value of n is [0, 86400], the unit is second and the default value is 86400.

ikeMode String

The negotiation mode of IKE V1. Valid value: main (main mode) | aggressive (aggressive mode). Default value: main.

ikePfs String

The Diffie-Hellman key exchange algorithm used by phase-one negotiation. Valid value: group1 | group2 | group5 | group14 | group24. Default value: group2

ikeVersion String

The version of the IKE protocol. Valid value: ikev1, ikev2. Default value: ikev1.

localId String

The local ID, which supports the FQDN and IP formats. The current VPN gateway IP address is selected by default.

psk String

Used for authentication between the IPsec VPN gateway and the customer gateway.

remoteId String

The peer ID, which supports FQDN and IP formats. By default, the IP address of the currently selected user gateway.

ikeAuthAlg string

IKE authentication algorithm supports sha1 and MD5.

ikeEncAlg string

The encryption algorithm of phase-one negotiation. Valid value: aes | aes192 | aes256 | des | 3des. Default Valid value: aes.

ikeLifetime number

The SA lifecycle as the result of phase-one negotiation. The valid value of n is [0, 86400], the unit is second and the default value is 86400.

ikeMode string

The negotiation mode of IKE V1. Valid value: main (main mode) | aggressive (aggressive mode). Default value: main.

ikePfs string

The Diffie-Hellman key exchange algorithm used by phase-one negotiation. Valid value: group1 | group2 | group5 | group14 | group24. Default value: group2

ikeVersion string

The version of the IKE protocol. Valid value: ikev1, ikev2. Default value: ikev1.

localId string

The local ID, which supports the FQDN and IP formats. The current VPN gateway IP address is selected by default.

psk string

Used for authentication between the IPsec VPN gateway and the customer gateway.

remoteId string

The peer ID, which supports FQDN and IP formats. By default, the IP address of the currently selected user gateway.

ike_auth_alg str

IKE authentication algorithm supports sha1 and MD5.

ike_enc_alg str

The encryption algorithm of phase-one negotiation. Valid value: aes | aes192 | aes256 | des | 3des. Default Valid value: aes.

ike_lifetime int

The SA lifecycle as the result of phase-one negotiation. The valid value of n is [0, 86400], the unit is second and the default value is 86400.

ike_mode str

The negotiation mode of IKE V1. Valid value: main (main mode) | aggressive (aggressive mode). Default value: main.

ike_pfs str

The Diffie-Hellman key exchange algorithm used by phase-one negotiation. Valid value: group1 | group2 | group5 | group14 | group24. Default value: group2

ike_version str

The version of the IKE protocol. Valid value: ikev1, ikev2. Default value: ikev1.

local_id str

The local ID, which supports the FQDN and IP formats. The current VPN gateway IP address is selected by default.

psk str

Used for authentication between the IPsec VPN gateway and the customer gateway.

remote_id str

The peer ID, which supports FQDN and IP formats. By default, the IP address of the currently selected user gateway.

ikeAuthAlg String

IKE authentication algorithm supports sha1 and MD5.

ikeEncAlg String

The encryption algorithm of phase-one negotiation. Valid value: aes | aes192 | aes256 | des | 3des. Default Valid value: aes.

ikeLifetime Number

The SA lifecycle as the result of phase-one negotiation. The valid value of n is [0, 86400], the unit is second and the default value is 86400.

ikeMode String

The negotiation mode of IKE V1. Valid value: main (main mode) | aggressive (aggressive mode). Default value: main.

ikePfs String

The Diffie-Hellman key exchange algorithm used by phase-one negotiation. Valid value: group1 | group2 | group5 | group14 | group24. Default value: group2

ikeVersion String

The version of the IKE protocol. Valid value: ikev1, ikev2. Default value: ikev1.

localId String

The local ID, which supports the FQDN and IP formats. The current VPN gateway IP address is selected by default.

psk String

Used for authentication between the IPsec VPN gateway and the customer gateway.

remoteId String

The peer ID, which supports FQDN and IP formats. By default, the IP address of the currently selected user gateway.

GatewayVpnAttachmentIpsecConfig

IpsecAuthAlg string

The authentication algorithm of phase-two negotiation. Valid value: md5 | sha1 | sha256 | sha384 | sha512 |. Default value: sha1

IpsecEncAlg string

The encryption algorithm of phase-two negotiation. Valid value: aes | aes192 | aes256 | des | 3des. Default value: aes

IpsecLifetime int

The SA lifecycle as the result of phase-two negotiation. The valid value is [0, 86400], the unit is second and the default value is 86400.

IpsecPfs string

The Diffie-Hellman key exchange algorithm used by phase-two negotiation. Valid value: group1 | group2 | group5 | group14 | group24| disabled. Default value: group2

IpsecAuthAlg string

The authentication algorithm of phase-two negotiation. Valid value: md5 | sha1 | sha256 | sha384 | sha512 |. Default value: sha1

IpsecEncAlg string

The encryption algorithm of phase-two negotiation. Valid value: aes | aes192 | aes256 | des | 3des. Default value: aes

IpsecLifetime int

The SA lifecycle as the result of phase-two negotiation. The valid value is [0, 86400], the unit is second and the default value is 86400.

IpsecPfs string

The Diffie-Hellman key exchange algorithm used by phase-two negotiation. Valid value: group1 | group2 | group5 | group14 | group24| disabled. Default value: group2

ipsecAuthAlg String

The authentication algorithm of phase-two negotiation. Valid value: md5 | sha1 | sha256 | sha384 | sha512 |. Default value: sha1

ipsecEncAlg String

The encryption algorithm of phase-two negotiation. Valid value: aes | aes192 | aes256 | des | 3des. Default value: aes

ipsecLifetime Integer

The SA lifecycle as the result of phase-two negotiation. The valid value is [0, 86400], the unit is second and the default value is 86400.

ipsecPfs String

The Diffie-Hellman key exchange algorithm used by phase-two negotiation. Valid value: group1 | group2 | group5 | group14 | group24| disabled. Default value: group2

ipsecAuthAlg string

The authentication algorithm of phase-two negotiation. Valid value: md5 | sha1 | sha256 | sha384 | sha512 |. Default value: sha1

ipsecEncAlg string

The encryption algorithm of phase-two negotiation. Valid value: aes | aes192 | aes256 | des | 3des. Default value: aes

ipsecLifetime number

The SA lifecycle as the result of phase-two negotiation. The valid value is [0, 86400], the unit is second and the default value is 86400.

ipsecPfs string

The Diffie-Hellman key exchange algorithm used by phase-two negotiation. Valid value: group1 | group2 | group5 | group14 | group24| disabled. Default value: group2

ipsec_auth_alg str

The authentication algorithm of phase-two negotiation. Valid value: md5 | sha1 | sha256 | sha384 | sha512 |. Default value: sha1

ipsec_enc_alg str

The encryption algorithm of phase-two negotiation. Valid value: aes | aes192 | aes256 | des | 3des. Default value: aes

ipsec_lifetime int

The SA lifecycle as the result of phase-two negotiation. The valid value is [0, 86400], the unit is second and the default value is 86400.

ipsec_pfs str

The Diffie-Hellman key exchange algorithm used by phase-two negotiation. Valid value: group1 | group2 | group5 | group14 | group24| disabled. Default value: group2

ipsecAuthAlg String

The authentication algorithm of phase-two negotiation. Valid value: md5 | sha1 | sha256 | sha384 | sha512 |. Default value: sha1

ipsecEncAlg String

The encryption algorithm of phase-two negotiation. Valid value: aes | aes192 | aes256 | des | 3des. Default value: aes

ipsecLifetime Number

The SA lifecycle as the result of phase-two negotiation. The valid value is [0, 86400], the unit is second and the default value is 86400.

ipsecPfs String

The Diffie-Hellman key exchange algorithm used by phase-two negotiation. Valid value: group1 | group2 | group5 | group14 | group24| disabled. Default value: group2

Import

VPN Gateway Vpn Attachment can be imported using the id, e.g.

 $ pulumi import alicloud:vpn/gatewayVpnAttachment:GatewayVpnAttachment example <id>

Package Details

Repository
https://github.com/pulumi/pulumi-alicloud
License
Apache-2.0
Notes

This Pulumi package is based on the alicloud Terraform Provider.