alicloud.vpn.GatewayVpnAttachment
Explore with Pulumi AI
Provides a VPN Gateway Vpn Attachment resource.
For information about VPN Gateway Vpn Attachment and how to use it, see What is Vpn Attachment.
NOTE: Available in v1.181.0+.
Example Usage
Basic Usage
using System.Collections.Generic;
using System.Linq;
using Pulumi;
using AliCloud = Pulumi.AliCloud;
return await Deployment.RunAsync(() =>
{
var defaultCustomerGateway = new AliCloud.Vpn.CustomerGateway("defaultCustomerGateway", new()
{
IpAddress = "42.104.22.210",
Asn = "45014",
Description = "testAccVpnConnectionDesc",
});
var defaultGatewayVpnAttachment = new AliCloud.Vpn.GatewayVpnAttachment("defaultGatewayVpnAttachment", new()
{
CustomerGatewayId = defaultCustomerGateway.Id,
NetworkType = "public",
LocalSubnet = "0.0.0.0/0",
RemoteSubnet = "0.0.0.0/0",
EffectImmediately = false,
IkeConfig = new AliCloud.Vpn.Inputs.GatewayVpnAttachmentIkeConfigArgs
{
IkeAuthAlg = "md5",
IkeEncAlg = "des",
IkeVersion = "ikev2",
IkeMode = "main",
IkeLifetime = 86400,
Psk = "tf-testvpn2",
IkePfs = "group1",
RemoteId = "testbob2",
LocalId = "testalice2",
},
IpsecConfig = new AliCloud.Vpn.Inputs.GatewayVpnAttachmentIpsecConfigArgs
{
IpsecPfs = "group5",
IpsecEncAlg = "des",
IpsecAuthAlg = "md5",
IpsecLifetime = 86400,
},
BgpConfig = new AliCloud.Vpn.Inputs.GatewayVpnAttachmentBgpConfigArgs
{
Enable = true,
LocalAsn = 45014,
TunnelCidr = "169.254.11.0/30",
LocalBgpIp = "169.254.11.1",
},
HealthCheckConfig = new AliCloud.Vpn.Inputs.GatewayVpnAttachmentHealthCheckConfigArgs
{
Enable = true,
Sip = "192.168.1.1",
Dip = "10.0.0.1",
Interval = 10,
Retry = 10,
Policy = "revoke_route",
},
EnableDpd = true,
EnableNatTraversal = true,
VpnAttachmentName = @var.Name,
});
var vpnAttachments = AliCloud.Vpn.GetGatewayVpnAttachments.Invoke(new()
{
Ids = new[]
{
alicloud_vpn_gateway_vpn_attachment.Vpn_attachment1.Id,
},
});
return new Dictionary<string, object?>
{
["localId"] = vpnAttachments.Apply(getGatewayVpnAttachmentsResult => getGatewayVpnAttachmentsResult.Attachments[0]?.IkeConfigs[0]?.LocalId),
["internetIp"] = vpnAttachments.Apply(getGatewayVpnAttachmentsResult => getGatewayVpnAttachmentsResult.Attachments[0]?.InternetIp),
};
});
Coming soon!
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.alicloud.vpn.CustomerGateway;
import com.pulumi.alicloud.vpn.CustomerGatewayArgs;
import com.pulumi.alicloud.vpn.GatewayVpnAttachment;
import com.pulumi.alicloud.vpn.GatewayVpnAttachmentArgs;
import com.pulumi.alicloud.vpn.inputs.GatewayVpnAttachmentIkeConfigArgs;
import com.pulumi.alicloud.vpn.inputs.GatewayVpnAttachmentIpsecConfigArgs;
import com.pulumi.alicloud.vpn.inputs.GatewayVpnAttachmentBgpConfigArgs;
import com.pulumi.alicloud.vpn.inputs.GatewayVpnAttachmentHealthCheckConfigArgs;
import com.pulumi.alicloud.vpn.VpnFunctions;
import com.pulumi.alicloud.vpn.inputs.GetGatewayVpnAttachmentsArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
var defaultCustomerGateway = new CustomerGateway("defaultCustomerGateway", CustomerGatewayArgs.builder()
.ipAddress("42.104.22.210")
.asn("45014")
.description("testAccVpnConnectionDesc")
.build());
var defaultGatewayVpnAttachment = new GatewayVpnAttachment("defaultGatewayVpnAttachment", GatewayVpnAttachmentArgs.builder()
.customerGatewayId(defaultCustomerGateway.id())
.networkType("public")
.localSubnet("0.0.0.0/0")
.remoteSubnet("0.0.0.0/0")
.effectImmediately(false)
.ikeConfig(GatewayVpnAttachmentIkeConfigArgs.builder()
.ikeAuthAlg("md5")
.ikeEncAlg("des")
.ikeVersion("ikev2")
.ikeMode("main")
.ikeLifetime(86400)
.psk("tf-testvpn2")
.ikePfs("group1")
.remoteId("testbob2")
.localId("testalice2")
.build())
.ipsecConfig(GatewayVpnAttachmentIpsecConfigArgs.builder()
.ipsecPfs("group5")
.ipsecEncAlg("des")
.ipsecAuthAlg("md5")
.ipsecLifetime(86400)
.build())
.bgpConfig(GatewayVpnAttachmentBgpConfigArgs.builder()
.enable(true)
.localAsn(45014)
.tunnelCidr("169.254.11.0/30")
.localBgpIp("169.254.11.1")
.build())
.healthCheckConfig(GatewayVpnAttachmentHealthCheckConfigArgs.builder()
.enable(true)
.sip("192.168.1.1")
.dip("10.0.0.1")
.interval(10)
.retry(10)
.policy("revoke_route")
.build())
.enableDpd(true)
.enableNatTraversal(true)
.vpnAttachmentName(var_.name())
.build());
final var vpnAttachments = VpnFunctions.getGatewayVpnAttachments(GetGatewayVpnAttachmentsArgs.builder()
.ids(alicloud_vpn_gateway_vpn_attachment.vpn_attachment1().id())
.build());
ctx.export("localId", vpnAttachments.applyValue(getGatewayVpnAttachmentsResult -> getGatewayVpnAttachmentsResult.attachments()[0].ikeConfigs()[0].localId()));
ctx.export("internetIp", vpnAttachments.applyValue(getGatewayVpnAttachmentsResult -> getGatewayVpnAttachmentsResult.attachments()[0].internetIp()));
}
}
import pulumi
import pulumi_alicloud as alicloud
default_customer_gateway = alicloud.vpn.CustomerGateway("defaultCustomerGateway",
ip_address="42.104.22.210",
asn="45014",
description="testAccVpnConnectionDesc")
default_gateway_vpn_attachment = alicloud.vpn.GatewayVpnAttachment("defaultGatewayVpnAttachment",
customer_gateway_id=default_customer_gateway.id,
network_type="public",
local_subnet="0.0.0.0/0",
remote_subnet="0.0.0.0/0",
effect_immediately=False,
ike_config=alicloud.vpn.GatewayVpnAttachmentIkeConfigArgs(
ike_auth_alg="md5",
ike_enc_alg="des",
ike_version="ikev2",
ike_mode="main",
ike_lifetime=86400,
psk="tf-testvpn2",
ike_pfs="group1",
remote_id="testbob2",
local_id="testalice2",
),
ipsec_config=alicloud.vpn.GatewayVpnAttachmentIpsecConfigArgs(
ipsec_pfs="group5",
ipsec_enc_alg="des",
ipsec_auth_alg="md5",
ipsec_lifetime=86400,
),
bgp_config=alicloud.vpn.GatewayVpnAttachmentBgpConfigArgs(
enable=True,
local_asn=45014,
tunnel_cidr="169.254.11.0/30",
local_bgp_ip="169.254.11.1",
),
health_check_config=alicloud.vpn.GatewayVpnAttachmentHealthCheckConfigArgs(
enable=True,
sip="192.168.1.1",
dip="10.0.0.1",
interval=10,
retry=10,
policy="revoke_route",
),
enable_dpd=True,
enable_nat_traversal=True,
vpn_attachment_name=var["name"])
vpn_attachments = alicloud.vpn.get_gateway_vpn_attachments(ids=[alicloud_vpn_gateway_vpn_attachment["vpn_attachment1"]["id"]])
pulumi.export("localId", vpn_attachments.attachments[0].ike_configs[0].local_id)
pulumi.export("internetIp", vpn_attachments.attachments[0].internet_ip)
import * as pulumi from "@pulumi/pulumi";
import * as alicloud from "@pulumi/alicloud";
const defaultCustomerGateway = new alicloud.vpn.CustomerGateway("defaultCustomerGateway", {
ipAddress: "42.104.22.210",
asn: "45014",
description: "testAccVpnConnectionDesc",
});
const defaultGatewayVpnAttachment = new alicloud.vpn.GatewayVpnAttachment("defaultGatewayVpnAttachment", {
customerGatewayId: defaultCustomerGateway.id,
networkType: "public",
localSubnet: "0.0.0.0/0",
remoteSubnet: "0.0.0.0/0",
effectImmediately: false,
ikeConfig: {
ikeAuthAlg: "md5",
ikeEncAlg: "des",
ikeVersion: "ikev2",
ikeMode: "main",
ikeLifetime: 86400,
psk: "tf-testvpn2",
ikePfs: "group1",
remoteId: "testbob2",
localId: "testalice2",
},
ipsecConfig: {
ipsecPfs: "group5",
ipsecEncAlg: "des",
ipsecAuthAlg: "md5",
ipsecLifetime: 86400,
},
bgpConfig: {
enable: true,
localAsn: 45014,
tunnelCidr: "169.254.11.0/30",
localBgpIp: "169.254.11.1",
},
healthCheckConfig: {
enable: true,
sip: "192.168.1.1",
dip: "10.0.0.1",
interval: 10,
retry: 10,
policy: "revoke_route",
},
enableDpd: true,
enableNatTraversal: true,
vpnAttachmentName: _var.name,
});
const vpnAttachments = alicloud.vpn.getGatewayVpnAttachments({
ids: [alicloud_vpn_gateway_vpn_attachment.vpn_attachment1.id],
});
export const localId = vpnAttachments.then(vpnAttachments => vpnAttachments.attachments?.[0]?.ikeConfigs?.[0]?.localId);
export const internetIp = vpnAttachments.then(vpnAttachments => vpnAttachments.attachments?.[0]?.internetIp);
resources:
defaultCustomerGateway:
type: alicloud:vpn:CustomerGateway
properties:
ipAddress: 42.104.22.210
asn: '45014'
description: testAccVpnConnectionDesc
defaultGatewayVpnAttachment:
type: alicloud:vpn:GatewayVpnAttachment
properties:
customerGatewayId: ${defaultCustomerGateway.id}
networkType: public
localSubnet: 0.0.0.0/0
remoteSubnet: 0.0.0.0/0
effectImmediately: false
ikeConfig:
ikeAuthAlg: md5
ikeEncAlg: des
ikeVersion: ikev2
ikeMode: main
ikeLifetime: 86400
psk: tf-testvpn2
ikePfs: group1
remoteId: testbob2
localId: testalice2
ipsecConfig:
ipsecPfs: group5
ipsecEncAlg: des
ipsecAuthAlg: md5
ipsecLifetime: 86400
bgpConfig:
enable: true
localAsn: 45014
tunnelCidr: 169.254.11.0/30
localBgpIp: 169.254.11.1
healthCheckConfig:
enable: true
sip: 192.168.1.1
dip: 10.0.0.1
interval: 10
retry: 10
policy: revoke_route
enableDpd: true
enableNatTraversal: true
vpnAttachmentName: ${var.name}
variables:
vpnAttachments:
fn::invoke:
Function: alicloud:vpn:getGatewayVpnAttachments
Arguments:
ids:
- ${alicloud_vpn_gateway_vpn_attachment.vpn_attachment1.id}
outputs:
localId: ${vpnAttachments.attachments[0].ikeConfigs[0].localId}
internetIp: ${vpnAttachments.attachments[0].internetIp}
Create GatewayVpnAttachment Resource
new GatewayVpnAttachment(name: string, args: GatewayVpnAttachmentArgs, opts?: CustomResourceOptions);
@overload
def GatewayVpnAttachment(resource_name: str,
opts: Optional[ResourceOptions] = None,
bgp_config: Optional[GatewayVpnAttachmentBgpConfigArgs] = None,
customer_gateway_id: Optional[str] = None,
effect_immediately: Optional[bool] = None,
enable_dpd: Optional[bool] = None,
enable_nat_traversal: Optional[bool] = None,
health_check_config: Optional[GatewayVpnAttachmentHealthCheckConfigArgs] = None,
ike_config: Optional[GatewayVpnAttachmentIkeConfigArgs] = None,
ipsec_config: Optional[GatewayVpnAttachmentIpsecConfigArgs] = None,
local_subnet: Optional[str] = None,
network_type: Optional[str] = None,
remote_subnet: Optional[str] = None,
vpn_attachment_name: Optional[str] = None)
@overload
def GatewayVpnAttachment(resource_name: str,
args: GatewayVpnAttachmentArgs,
opts: Optional[ResourceOptions] = None)
func NewGatewayVpnAttachment(ctx *Context, name string, args GatewayVpnAttachmentArgs, opts ...ResourceOption) (*GatewayVpnAttachment, error)
public GatewayVpnAttachment(string name, GatewayVpnAttachmentArgs args, CustomResourceOptions? opts = null)
public GatewayVpnAttachment(String name, GatewayVpnAttachmentArgs args)
public GatewayVpnAttachment(String name, GatewayVpnAttachmentArgs args, CustomResourceOptions options)
type: alicloud:vpn:GatewayVpnAttachment
properties: # The arguments to resource properties.
options: # Bag of options to control resource's behavior.
- name string
- The unique name of the resource.
- args GatewayVpnAttachmentArgs
- The arguments to resource properties.
- opts CustomResourceOptions
- Bag of options to control resource's behavior.
- resource_name str
- The unique name of the resource.
- args GatewayVpnAttachmentArgs
- The arguments to resource properties.
- opts ResourceOptions
- Bag of options to control resource's behavior.
- ctx Context
- Context object for the current deployment.
- name string
- The unique name of the resource.
- args GatewayVpnAttachmentArgs
- The arguments to resource properties.
- opts ResourceOption
- Bag of options to control resource's behavior.
- name string
- The unique name of the resource.
- args GatewayVpnAttachmentArgs
- The arguments to resource properties.
- opts CustomResourceOptions
- Bag of options to control resource's behavior.
- name String
- The unique name of the resource.
- args GatewayVpnAttachmentArgs
- The arguments to resource properties.
- options CustomResourceOptions
- Bag of options to control resource's behavior.
GatewayVpnAttachment Resource Properties
To learn more about resource properties and how to use them, see Inputs and Outputs in the Architecture and Concepts docs.
Inputs
The GatewayVpnAttachment resource accepts the following input properties:
- Customer
Gateway stringId The ID of the customer gateway. From version 1.196.0,
customer_gateway_id
can be modified.- Local
Subnet string The CIDR block of the virtual private cloud (VPC).
- Remote
Subnet string The CIDR block of the on-premises data center.
- Bgp
Config Pulumi.Ali Cloud. Vpn. Inputs. Gateway Vpn Attachment Bgp Config Args Bgp configuration information. See the following
Block bgp_config
.- Effect
Immediately bool Indicates whether IPsec-VPN negotiations are initiated immediately. Valid values.
- Enable
Dpd bool Whether to enable the DPD (peer survival detection) function.
- Enable
Nat boolTraversal Allow NAT penetration.
- Health
Check Pulumi.Config Ali Cloud. Vpn. Inputs. Gateway Vpn Attachment Health Check Config Args Health check configuration information. See the following
Block health_check_config
.- Ike
Config Pulumi.Ali Cloud. Vpn. Inputs. Gateway Vpn Attachment Ike Config Args Configuration negotiated in the second stage. See the following
Block ike_config
.- Ipsec
Config Pulumi.Ali Cloud. Vpn. Inputs. Gateway Vpn Attachment Ipsec Config Args Configuration negotiated in the second stage. See the following
Block ipsec_config
.- Network
Type string The network type of the IPsec connection. Valid values:
public
,private
.- Vpn
Attachment stringName The name of the vpn attachment.
- Customer
Gateway stringId The ID of the customer gateway. From version 1.196.0,
customer_gateway_id
can be modified.- Local
Subnet string The CIDR block of the virtual private cloud (VPC).
- Remote
Subnet string The CIDR block of the on-premises data center.
- Bgp
Config GatewayVpn Attachment Bgp Config Args Bgp configuration information. See the following
Block bgp_config
.- Effect
Immediately bool Indicates whether IPsec-VPN negotiations are initiated immediately. Valid values.
- Enable
Dpd bool Whether to enable the DPD (peer survival detection) function.
- Enable
Nat boolTraversal Allow NAT penetration.
- Health
Check GatewayConfig Vpn Attachment Health Check Config Args Health check configuration information. See the following
Block health_check_config
.- Ike
Config GatewayVpn Attachment Ike Config Args Configuration negotiated in the second stage. See the following
Block ike_config
.- Ipsec
Config GatewayVpn Attachment Ipsec Config Args Configuration negotiated in the second stage. See the following
Block ipsec_config
.- Network
Type string The network type of the IPsec connection. Valid values:
public
,private
.- Vpn
Attachment stringName The name of the vpn attachment.
- customer
Gateway StringId The ID of the customer gateway. From version 1.196.0,
customer_gateway_id
can be modified.- local
Subnet String The CIDR block of the virtual private cloud (VPC).
- remote
Subnet String The CIDR block of the on-premises data center.
- bgp
Config GatewayVpn Attachment Bgp Config Args Bgp configuration information. See the following
Block bgp_config
.- effect
Immediately Boolean Indicates whether IPsec-VPN negotiations are initiated immediately. Valid values.
- enable
Dpd Boolean Whether to enable the DPD (peer survival detection) function.
- enable
Nat BooleanTraversal Allow NAT penetration.
- health
Check GatewayConfig Vpn Attachment Health Check Config Args Health check configuration information. See the following
Block health_check_config
.- ike
Config GatewayVpn Attachment Ike Config Args Configuration negotiated in the second stage. See the following
Block ike_config
.- ipsec
Config GatewayVpn Attachment Ipsec Config Args Configuration negotiated in the second stage. See the following
Block ipsec_config
.- network
Type String The network type of the IPsec connection. Valid values:
public
,private
.- vpn
Attachment StringName The name of the vpn attachment.
- customer
Gateway stringId The ID of the customer gateway. From version 1.196.0,
customer_gateway_id
can be modified.- local
Subnet string The CIDR block of the virtual private cloud (VPC).
- remote
Subnet string The CIDR block of the on-premises data center.
- bgp
Config GatewayVpn Attachment Bgp Config Args Bgp configuration information. See the following
Block bgp_config
.- effect
Immediately boolean Indicates whether IPsec-VPN negotiations are initiated immediately. Valid values.
- enable
Dpd boolean Whether to enable the DPD (peer survival detection) function.
- enable
Nat booleanTraversal Allow NAT penetration.
- health
Check GatewayConfig Vpn Attachment Health Check Config Args Health check configuration information. See the following
Block health_check_config
.- ike
Config GatewayVpn Attachment Ike Config Args Configuration negotiated in the second stage. See the following
Block ike_config
.- ipsec
Config GatewayVpn Attachment Ipsec Config Args Configuration negotiated in the second stage. See the following
Block ipsec_config
.- network
Type string The network type of the IPsec connection. Valid values:
public
,private
.- vpn
Attachment stringName The name of the vpn attachment.
- customer_
gateway_ strid The ID of the customer gateway. From version 1.196.0,
customer_gateway_id
can be modified.- local_
subnet str The CIDR block of the virtual private cloud (VPC).
- remote_
subnet str The CIDR block of the on-premises data center.
- bgp_
config GatewayVpn Attachment Bgp Config Args Bgp configuration information. See the following
Block bgp_config
.- effect_
immediately bool Indicates whether IPsec-VPN negotiations are initiated immediately. Valid values.
- enable_
dpd bool Whether to enable the DPD (peer survival detection) function.
- enable_
nat_ booltraversal Allow NAT penetration.
- health_
check_ Gatewayconfig Vpn Attachment Health Check Config Args Health check configuration information. See the following
Block health_check_config
.- ike_
config GatewayVpn Attachment Ike Config Args Configuration negotiated in the second stage. See the following
Block ike_config
.- ipsec_
config GatewayVpn Attachment Ipsec Config Args Configuration negotiated in the second stage. See the following
Block ipsec_config
.- network_
type str The network type of the IPsec connection. Valid values:
public
,private
.- vpn_
attachment_ strname The name of the vpn attachment.
- customer
Gateway StringId The ID of the customer gateway. From version 1.196.0,
customer_gateway_id
can be modified.- local
Subnet String The CIDR block of the virtual private cloud (VPC).
- remote
Subnet String The CIDR block of the on-premises data center.
- bgp
Config Property Map Bgp configuration information. See the following
Block bgp_config
.- effect
Immediately Boolean Indicates whether IPsec-VPN negotiations are initiated immediately. Valid values.
- enable
Dpd Boolean Whether to enable the DPD (peer survival detection) function.
- enable
Nat BooleanTraversal Allow NAT penetration.
- health
Check Property MapConfig Health check configuration information. See the following
Block health_check_config
.- ike
Config Property Map Configuration negotiated in the second stage. See the following
Block ike_config
.- ipsec
Config Property Map Configuration negotiated in the second stage. See the following
Block ipsec_config
.- network
Type String The network type of the IPsec connection. Valid values:
public
,private
.- vpn
Attachment StringName The name of the vpn attachment.
Outputs
All input properties are implicitly available as output properties. Additionally, the GatewayVpnAttachment resource produces the following output properties:
- Id string
The provider-assigned unique ID for this managed resource.
- Internet
Ip string The VPN gateway IP.
- Status string
The status of the resource.
- Id string
The provider-assigned unique ID for this managed resource.
- Internet
Ip string The VPN gateway IP.
- Status string
The status of the resource.
- id String
The provider-assigned unique ID for this managed resource.
- internet
Ip String The VPN gateway IP.
- status String
The status of the resource.
- id string
The provider-assigned unique ID for this managed resource.
- internet
Ip string The VPN gateway IP.
- status string
The status of the resource.
- id str
The provider-assigned unique ID for this managed resource.
- internet_
ip str The VPN gateway IP.
- status str
The status of the resource.
- id String
The provider-assigned unique ID for this managed resource.
- internet
Ip String The VPN gateway IP.
- status String
The status of the resource.
Look up Existing GatewayVpnAttachment Resource
Get an existing GatewayVpnAttachment resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.
public static get(name: string, id: Input<ID>, state?: GatewayVpnAttachmentState, opts?: CustomResourceOptions): GatewayVpnAttachment
@staticmethod
def get(resource_name: str,
id: str,
opts: Optional[ResourceOptions] = None,
bgp_config: Optional[GatewayVpnAttachmentBgpConfigArgs] = None,
customer_gateway_id: Optional[str] = None,
effect_immediately: Optional[bool] = None,
enable_dpd: Optional[bool] = None,
enable_nat_traversal: Optional[bool] = None,
health_check_config: Optional[GatewayVpnAttachmentHealthCheckConfigArgs] = None,
ike_config: Optional[GatewayVpnAttachmentIkeConfigArgs] = None,
internet_ip: Optional[str] = None,
ipsec_config: Optional[GatewayVpnAttachmentIpsecConfigArgs] = None,
local_subnet: Optional[str] = None,
network_type: Optional[str] = None,
remote_subnet: Optional[str] = None,
status: Optional[str] = None,
vpn_attachment_name: Optional[str] = None) -> GatewayVpnAttachment
func GetGatewayVpnAttachment(ctx *Context, name string, id IDInput, state *GatewayVpnAttachmentState, opts ...ResourceOption) (*GatewayVpnAttachment, error)
public static GatewayVpnAttachment Get(string name, Input<string> id, GatewayVpnAttachmentState? state, CustomResourceOptions? opts = null)
public static GatewayVpnAttachment get(String name, Output<String> id, GatewayVpnAttachmentState state, CustomResourceOptions options)
Resource lookup is not supported in YAML
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- resource_name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- Bgp
Config Pulumi.Ali Cloud. Vpn. Inputs. Gateway Vpn Attachment Bgp Config Args Bgp configuration information. See the following
Block bgp_config
.- Customer
Gateway stringId The ID of the customer gateway. From version 1.196.0,
customer_gateway_id
can be modified.- Effect
Immediately bool Indicates whether IPsec-VPN negotiations are initiated immediately. Valid values.
- Enable
Dpd bool Whether to enable the DPD (peer survival detection) function.
- Enable
Nat boolTraversal Allow NAT penetration.
- Health
Check Pulumi.Config Ali Cloud. Vpn. Inputs. Gateway Vpn Attachment Health Check Config Args Health check configuration information. See the following
Block health_check_config
.- Ike
Config Pulumi.Ali Cloud. Vpn. Inputs. Gateway Vpn Attachment Ike Config Args Configuration negotiated in the second stage. See the following
Block ike_config
.- Internet
Ip string The VPN gateway IP.
- Ipsec
Config Pulumi.Ali Cloud. Vpn. Inputs. Gateway Vpn Attachment Ipsec Config Args Configuration negotiated in the second stage. See the following
Block ipsec_config
.- Local
Subnet string The CIDR block of the virtual private cloud (VPC).
- Network
Type string The network type of the IPsec connection. Valid values:
public
,private
.- Remote
Subnet string The CIDR block of the on-premises data center.
- Status string
The status of the resource.
- Vpn
Attachment stringName The name of the vpn attachment.
- Bgp
Config GatewayVpn Attachment Bgp Config Args Bgp configuration information. See the following
Block bgp_config
.- Customer
Gateway stringId The ID of the customer gateway. From version 1.196.0,
customer_gateway_id
can be modified.- Effect
Immediately bool Indicates whether IPsec-VPN negotiations are initiated immediately. Valid values.
- Enable
Dpd bool Whether to enable the DPD (peer survival detection) function.
- Enable
Nat boolTraversal Allow NAT penetration.
- Health
Check GatewayConfig Vpn Attachment Health Check Config Args Health check configuration information. See the following
Block health_check_config
.- Ike
Config GatewayVpn Attachment Ike Config Args Configuration negotiated in the second stage. See the following
Block ike_config
.- Internet
Ip string The VPN gateway IP.
- Ipsec
Config GatewayVpn Attachment Ipsec Config Args Configuration negotiated in the second stage. See the following
Block ipsec_config
.- Local
Subnet string The CIDR block of the virtual private cloud (VPC).
- Network
Type string The network type of the IPsec connection. Valid values:
public
,private
.- Remote
Subnet string The CIDR block of the on-premises data center.
- Status string
The status of the resource.
- Vpn
Attachment stringName The name of the vpn attachment.
- bgp
Config GatewayVpn Attachment Bgp Config Args Bgp configuration information. See the following
Block bgp_config
.- customer
Gateway StringId The ID of the customer gateway. From version 1.196.0,
customer_gateway_id
can be modified.- effect
Immediately Boolean Indicates whether IPsec-VPN negotiations are initiated immediately. Valid values.
- enable
Dpd Boolean Whether to enable the DPD (peer survival detection) function.
- enable
Nat BooleanTraversal Allow NAT penetration.
- health
Check GatewayConfig Vpn Attachment Health Check Config Args Health check configuration information. See the following
Block health_check_config
.- ike
Config GatewayVpn Attachment Ike Config Args Configuration negotiated in the second stage. See the following
Block ike_config
.- internet
Ip String The VPN gateway IP.
- ipsec
Config GatewayVpn Attachment Ipsec Config Args Configuration negotiated in the second stage. See the following
Block ipsec_config
.- local
Subnet String The CIDR block of the virtual private cloud (VPC).
- network
Type String The network type of the IPsec connection. Valid values:
public
,private
.- remote
Subnet String The CIDR block of the on-premises data center.
- status String
The status of the resource.
- vpn
Attachment StringName The name of the vpn attachment.
- bgp
Config GatewayVpn Attachment Bgp Config Args Bgp configuration information. See the following
Block bgp_config
.- customer
Gateway stringId The ID of the customer gateway. From version 1.196.0,
customer_gateway_id
can be modified.- effect
Immediately boolean Indicates whether IPsec-VPN negotiations are initiated immediately. Valid values.
- enable
Dpd boolean Whether to enable the DPD (peer survival detection) function.
- enable
Nat booleanTraversal Allow NAT penetration.
- health
Check GatewayConfig Vpn Attachment Health Check Config Args Health check configuration information. See the following
Block health_check_config
.- ike
Config GatewayVpn Attachment Ike Config Args Configuration negotiated in the second stage. See the following
Block ike_config
.- internet
Ip string The VPN gateway IP.
- ipsec
Config GatewayVpn Attachment Ipsec Config Args Configuration negotiated in the second stage. See the following
Block ipsec_config
.- local
Subnet string The CIDR block of the virtual private cloud (VPC).
- network
Type string The network type of the IPsec connection. Valid values:
public
,private
.- remote
Subnet string The CIDR block of the on-premises data center.
- status string
The status of the resource.
- vpn
Attachment stringName The name of the vpn attachment.
- bgp_
config GatewayVpn Attachment Bgp Config Args Bgp configuration information. See the following
Block bgp_config
.- customer_
gateway_ strid The ID of the customer gateway. From version 1.196.0,
customer_gateway_id
can be modified.- effect_
immediately bool Indicates whether IPsec-VPN negotiations are initiated immediately. Valid values.
- enable_
dpd bool Whether to enable the DPD (peer survival detection) function.
- enable_
nat_ booltraversal Allow NAT penetration.
- health_
check_ Gatewayconfig Vpn Attachment Health Check Config Args Health check configuration information. See the following
Block health_check_config
.- ike_
config GatewayVpn Attachment Ike Config Args Configuration negotiated in the second stage. See the following
Block ike_config
.- internet_
ip str The VPN gateway IP.
- ipsec_
config GatewayVpn Attachment Ipsec Config Args Configuration negotiated in the second stage. See the following
Block ipsec_config
.- local_
subnet str The CIDR block of the virtual private cloud (VPC).
- network_
type str The network type of the IPsec connection. Valid values:
public
,private
.- remote_
subnet str The CIDR block of the on-premises data center.
- status str
The status of the resource.
- vpn_
attachment_ strname The name of the vpn attachment.
- bgp
Config Property Map Bgp configuration information. See the following
Block bgp_config
.- customer
Gateway StringId The ID of the customer gateway. From version 1.196.0,
customer_gateway_id
can be modified.- effect
Immediately Boolean Indicates whether IPsec-VPN negotiations are initiated immediately. Valid values.
- enable
Dpd Boolean Whether to enable the DPD (peer survival detection) function.
- enable
Nat BooleanTraversal Allow NAT penetration.
- health
Check Property MapConfig Health check configuration information. See the following
Block health_check_config
.- ike
Config Property Map Configuration negotiated in the second stage. See the following
Block ike_config
.- internet
Ip String The VPN gateway IP.
- ipsec
Config Property Map Configuration negotiated in the second stage. See the following
Block ipsec_config
.- local
Subnet String The CIDR block of the virtual private cloud (VPC).
- network
Type String The network type of the IPsec connection. Valid values:
public
,private
.- remote
Subnet String The CIDR block of the on-premises data center.
- status String
The status of the resource.
- vpn
Attachment StringName The name of the vpn attachment.
Supporting Types
GatewayVpnAttachmentBgpConfig
- Enable bool
Specifies whether to enable health checks.
- Local
Asn int The ASN on the Alibaba Cloud side.
- Local
Bgp stringIp The BGP IP address on the Alibaba Cloud side.
- Tunnel
Cidr string The CIDR block of the IPsec tunnel. The CIDR block belongs to 169.254.0.0/16. The mask of the CIDR block is 30 bits in length.
- Enable bool
Specifies whether to enable health checks.
- Local
Asn int The ASN on the Alibaba Cloud side.
- Local
Bgp stringIp The BGP IP address on the Alibaba Cloud side.
- Tunnel
Cidr string The CIDR block of the IPsec tunnel. The CIDR block belongs to 169.254.0.0/16. The mask of the CIDR block is 30 bits in length.
- enable Boolean
Specifies whether to enable health checks.
- local
Asn Integer The ASN on the Alibaba Cloud side.
- local
Bgp StringIp The BGP IP address on the Alibaba Cloud side.
- tunnel
Cidr String The CIDR block of the IPsec tunnel. The CIDR block belongs to 169.254.0.0/16. The mask of the CIDR block is 30 bits in length.
- enable boolean
Specifies whether to enable health checks.
- local
Asn number The ASN on the Alibaba Cloud side.
- local
Bgp stringIp The BGP IP address on the Alibaba Cloud side.
- tunnel
Cidr string The CIDR block of the IPsec tunnel. The CIDR block belongs to 169.254.0.0/16. The mask of the CIDR block is 30 bits in length.
- enable bool
Specifies whether to enable health checks.
- local_
asn int The ASN on the Alibaba Cloud side.
- local_
bgp_ strip The BGP IP address on the Alibaba Cloud side.
- tunnel_
cidr str The CIDR block of the IPsec tunnel. The CIDR block belongs to 169.254.0.0/16. The mask of the CIDR block is 30 bits in length.
- enable Boolean
Specifies whether to enable health checks.
- local
Asn Number The ASN on the Alibaba Cloud side.
- local
Bgp StringIp The BGP IP address on the Alibaba Cloud side.
- tunnel
Cidr String The CIDR block of the IPsec tunnel. The CIDR block belongs to 169.254.0.0/16. The mask of the CIDR block is 30 bits in length.
GatewayVpnAttachmentHealthCheckConfig
- Dip string
The destination IP address that is used for health checks.
- Enable bool
Specifies whether to enable health checks.
- Interval int
The interval between two consecutive health checks. Unit: seconds.
- Policy string
Whether to revoke the published route when the health check fails. Valid values:
revoke_route
orreserve_route
.- Retry int
The maximum number of health check retries.
- Sip string
The source IP address that is used for health checks.
- Dip string
The destination IP address that is used for health checks.
- Enable bool
Specifies whether to enable health checks.
- Interval int
The interval between two consecutive health checks. Unit: seconds.
- Policy string
Whether to revoke the published route when the health check fails. Valid values:
revoke_route
orreserve_route
.- Retry int
The maximum number of health check retries.
- Sip string
The source IP address that is used for health checks.
- dip String
The destination IP address that is used for health checks.
- enable Boolean
Specifies whether to enable health checks.
- interval Integer
The interval between two consecutive health checks. Unit: seconds.
- policy String
Whether to revoke the published route when the health check fails. Valid values:
revoke_route
orreserve_route
.- retry Integer
The maximum number of health check retries.
- sip String
The source IP address that is used for health checks.
- dip string
The destination IP address that is used for health checks.
- enable boolean
Specifies whether to enable health checks.
- interval number
The interval between two consecutive health checks. Unit: seconds.
- policy string
Whether to revoke the published route when the health check fails. Valid values:
revoke_route
orreserve_route
.- retry number
The maximum number of health check retries.
- sip string
The source IP address that is used for health checks.
- dip str
The destination IP address that is used for health checks.
- enable bool
Specifies whether to enable health checks.
- interval int
The interval between two consecutive health checks. Unit: seconds.
- policy str
Whether to revoke the published route when the health check fails. Valid values:
revoke_route
orreserve_route
.- retry int
The maximum number of health check retries.
- sip str
The source IP address that is used for health checks.
- dip String
The destination IP address that is used for health checks.
- enable Boolean
Specifies whether to enable health checks.
- interval Number
The interval between two consecutive health checks. Unit: seconds.
- policy String
Whether to revoke the published route when the health check fails. Valid values:
revoke_route
orreserve_route
.- retry Number
The maximum number of health check retries.
- sip String
The source IP address that is used for health checks.
GatewayVpnAttachmentIkeConfig
- Ike
Auth stringAlg IKE authentication algorithm supports sha1 and MD5.
- Ike
Enc stringAlg The encryption algorithm of phase-one negotiation. Valid value: aes | aes192 | aes256 | des | 3des. Default Valid value: aes.
- Ike
Lifetime int The SA lifecycle as the result of phase-one negotiation. The valid value of n is [0, 86400], the unit is second and the default value is 86400.
- Ike
Mode string The negotiation mode of IKE V1. Valid value: main (main mode) | aggressive (aggressive mode). Default value:
main
.- Ike
Pfs string The Diffie-Hellman key exchange algorithm used by phase-one negotiation. Valid value: group1 | group2 | group5 | group14 | group24. Default value: group2
- Ike
Version string The version of the IKE protocol. Valid value:
ikev1
,ikev2
. Default value:ikev1
.- Local
Id string The local ID, which supports the FQDN and IP formats. The current VPN gateway IP address is selected by default.
- Psk string
Used for authentication between the IPsec VPN gateway and the customer gateway.
- Remote
Id string The peer ID, which supports FQDN and IP formats. By default, the IP address of the currently selected user gateway.
- Ike
Auth stringAlg IKE authentication algorithm supports sha1 and MD5.
- Ike
Enc stringAlg The encryption algorithm of phase-one negotiation. Valid value: aes | aes192 | aes256 | des | 3des. Default Valid value: aes.
- Ike
Lifetime int The SA lifecycle as the result of phase-one negotiation. The valid value of n is [0, 86400], the unit is second and the default value is 86400.
- Ike
Mode string The negotiation mode of IKE V1. Valid value: main (main mode) | aggressive (aggressive mode). Default value:
main
.- Ike
Pfs string The Diffie-Hellman key exchange algorithm used by phase-one negotiation. Valid value: group1 | group2 | group5 | group14 | group24. Default value: group2
- Ike
Version string The version of the IKE protocol. Valid value:
ikev1
,ikev2
. Default value:ikev1
.- Local
Id string The local ID, which supports the FQDN and IP formats. The current VPN gateway IP address is selected by default.
- Psk string
Used for authentication between the IPsec VPN gateway and the customer gateway.
- Remote
Id string The peer ID, which supports FQDN and IP formats. By default, the IP address of the currently selected user gateway.
- ike
Auth StringAlg IKE authentication algorithm supports sha1 and MD5.
- ike
Enc StringAlg The encryption algorithm of phase-one negotiation. Valid value: aes | aes192 | aes256 | des | 3des. Default Valid value: aes.
- ike
Lifetime Integer The SA lifecycle as the result of phase-one negotiation. The valid value of n is [0, 86400], the unit is second and the default value is 86400.
- ike
Mode String The negotiation mode of IKE V1. Valid value: main (main mode) | aggressive (aggressive mode). Default value:
main
.- ike
Pfs String The Diffie-Hellman key exchange algorithm used by phase-one negotiation. Valid value: group1 | group2 | group5 | group14 | group24. Default value: group2
- ike
Version String The version of the IKE protocol. Valid value:
ikev1
,ikev2
. Default value:ikev1
.- local
Id String The local ID, which supports the FQDN and IP formats. The current VPN gateway IP address is selected by default.
- psk String
Used for authentication between the IPsec VPN gateway and the customer gateway.
- remote
Id String The peer ID, which supports FQDN and IP formats. By default, the IP address of the currently selected user gateway.
- ike
Auth stringAlg IKE authentication algorithm supports sha1 and MD5.
- ike
Enc stringAlg The encryption algorithm of phase-one negotiation. Valid value: aes | aes192 | aes256 | des | 3des. Default Valid value: aes.
- ike
Lifetime number The SA lifecycle as the result of phase-one negotiation. The valid value of n is [0, 86400], the unit is second and the default value is 86400.
- ike
Mode string The negotiation mode of IKE V1. Valid value: main (main mode) | aggressive (aggressive mode). Default value:
main
.- ike
Pfs string The Diffie-Hellman key exchange algorithm used by phase-one negotiation. Valid value: group1 | group2 | group5 | group14 | group24. Default value: group2
- ike
Version string The version of the IKE protocol. Valid value:
ikev1
,ikev2
. Default value:ikev1
.- local
Id string The local ID, which supports the FQDN and IP formats. The current VPN gateway IP address is selected by default.
- psk string
Used for authentication between the IPsec VPN gateway and the customer gateway.
- remote
Id string The peer ID, which supports FQDN and IP formats. By default, the IP address of the currently selected user gateway.
- ike_
auth_ stralg IKE authentication algorithm supports sha1 and MD5.
- ike_
enc_ stralg The encryption algorithm of phase-one negotiation. Valid value: aes | aes192 | aes256 | des | 3des. Default Valid value: aes.
- ike_
lifetime int The SA lifecycle as the result of phase-one negotiation. The valid value of n is [0, 86400], the unit is second and the default value is 86400.
- ike_
mode str The negotiation mode of IKE V1. Valid value: main (main mode) | aggressive (aggressive mode). Default value:
main
.- ike_
pfs str The Diffie-Hellman key exchange algorithm used by phase-one negotiation. Valid value: group1 | group2 | group5 | group14 | group24. Default value: group2
- ike_
version str The version of the IKE protocol. Valid value:
ikev1
,ikev2
. Default value:ikev1
.- local_
id str The local ID, which supports the FQDN and IP formats. The current VPN gateway IP address is selected by default.
- psk str
Used for authentication between the IPsec VPN gateway and the customer gateway.
- remote_
id str The peer ID, which supports FQDN and IP formats. By default, the IP address of the currently selected user gateway.
- ike
Auth StringAlg IKE authentication algorithm supports sha1 and MD5.
- ike
Enc StringAlg The encryption algorithm of phase-one negotiation. Valid value: aes | aes192 | aes256 | des | 3des. Default Valid value: aes.
- ike
Lifetime Number The SA lifecycle as the result of phase-one negotiation. The valid value of n is [0, 86400], the unit is second and the default value is 86400.
- ike
Mode String The negotiation mode of IKE V1. Valid value: main (main mode) | aggressive (aggressive mode). Default value:
main
.- ike
Pfs String The Diffie-Hellman key exchange algorithm used by phase-one negotiation. Valid value: group1 | group2 | group5 | group14 | group24. Default value: group2
- ike
Version String The version of the IKE protocol. Valid value:
ikev1
,ikev2
. Default value:ikev1
.- local
Id String The local ID, which supports the FQDN and IP formats. The current VPN gateway IP address is selected by default.
- psk String
Used for authentication between the IPsec VPN gateway and the customer gateway.
- remote
Id String The peer ID, which supports FQDN and IP formats. By default, the IP address of the currently selected user gateway.
GatewayVpnAttachmentIpsecConfig
- Ipsec
Auth stringAlg The authentication algorithm of phase-two negotiation. Valid value: md5 | sha1 | sha256 | sha384 | sha512 |. Default value: sha1
- Ipsec
Enc stringAlg The encryption algorithm of phase-two negotiation. Valid value: aes | aes192 | aes256 | des | 3des. Default value: aes
- Ipsec
Lifetime int The SA lifecycle as the result of phase-two negotiation. The valid value is [0, 86400], the unit is second and the default value is 86400.
- Ipsec
Pfs string The Diffie-Hellman key exchange algorithm used by phase-two negotiation. Valid value: group1 | group2 | group5 | group14 | group24| disabled. Default value: group2
- Ipsec
Auth stringAlg The authentication algorithm of phase-two negotiation. Valid value: md5 | sha1 | sha256 | sha384 | sha512 |. Default value: sha1
- Ipsec
Enc stringAlg The encryption algorithm of phase-two negotiation. Valid value: aes | aes192 | aes256 | des | 3des. Default value: aes
- Ipsec
Lifetime int The SA lifecycle as the result of phase-two negotiation. The valid value is [0, 86400], the unit is second and the default value is 86400.
- Ipsec
Pfs string The Diffie-Hellman key exchange algorithm used by phase-two negotiation. Valid value: group1 | group2 | group5 | group14 | group24| disabled. Default value: group2
- ipsec
Auth StringAlg The authentication algorithm of phase-two negotiation. Valid value: md5 | sha1 | sha256 | sha384 | sha512 |. Default value: sha1
- ipsec
Enc StringAlg The encryption algorithm of phase-two negotiation. Valid value: aes | aes192 | aes256 | des | 3des. Default value: aes
- ipsec
Lifetime Integer The SA lifecycle as the result of phase-two negotiation. The valid value is [0, 86400], the unit is second and the default value is 86400.
- ipsec
Pfs String The Diffie-Hellman key exchange algorithm used by phase-two negotiation. Valid value: group1 | group2 | group5 | group14 | group24| disabled. Default value: group2
- ipsec
Auth stringAlg The authentication algorithm of phase-two negotiation. Valid value: md5 | sha1 | sha256 | sha384 | sha512 |. Default value: sha1
- ipsec
Enc stringAlg The encryption algorithm of phase-two negotiation. Valid value: aes | aes192 | aes256 | des | 3des. Default value: aes
- ipsec
Lifetime number The SA lifecycle as the result of phase-two negotiation. The valid value is [0, 86400], the unit is second and the default value is 86400.
- ipsec
Pfs string The Diffie-Hellman key exchange algorithm used by phase-two negotiation. Valid value: group1 | group2 | group5 | group14 | group24| disabled. Default value: group2
- ipsec_
auth_ stralg The authentication algorithm of phase-two negotiation. Valid value: md5 | sha1 | sha256 | sha384 | sha512 |. Default value: sha1
- ipsec_
enc_ stralg The encryption algorithm of phase-two negotiation. Valid value: aes | aes192 | aes256 | des | 3des. Default value: aes
- ipsec_
lifetime int The SA lifecycle as the result of phase-two negotiation. The valid value is [0, 86400], the unit is second and the default value is 86400.
- ipsec_
pfs str The Diffie-Hellman key exchange algorithm used by phase-two negotiation. Valid value: group1 | group2 | group5 | group14 | group24| disabled. Default value: group2
- ipsec
Auth StringAlg The authentication algorithm of phase-two negotiation. Valid value: md5 | sha1 | sha256 | sha384 | sha512 |. Default value: sha1
- ipsec
Enc StringAlg The encryption algorithm of phase-two negotiation. Valid value: aes | aes192 | aes256 | des | 3des. Default value: aes
- ipsec
Lifetime Number The SA lifecycle as the result of phase-two negotiation. The valid value is [0, 86400], the unit is second and the default value is 86400.
- ipsec
Pfs String The Diffie-Hellman key exchange algorithm used by phase-two negotiation. Valid value: group1 | group2 | group5 | group14 | group24| disabled. Default value: group2
Import
VPN Gateway Vpn Attachment can be imported using the id, e.g.
$ pulumi import alicloud:vpn/gatewayVpnAttachment:GatewayVpnAttachment example <id>
Package Details
- Repository
- Alibaba Cloud pulumi/pulumi-alicloud
- License
- Apache-2.0
- Notes
This Pulumi package is based on the
alicloud
Terraform Provider.