aviatrix logo
Aviatrix v0.0.10, Jan 21 23

aviatrix.AviatrixGateway

Import

gateway can be imported using the gw_name, e.g.

 $ pulumi import aviatrix:index/aviatrixGateway:AviatrixGateway test gw_name

Create AviatrixGateway Resource

new AviatrixGateway(name: string, args: AviatrixGatewayArgs, opts?: CustomResourceOptions);
@overload
def AviatrixGateway(resource_name: str,
                    opts: Optional[ResourceOptions] = None,
                    account_name: Optional[str] = None,
                    additional_cidrs: Optional[str] = None,
                    additional_cidrs_designated_gateway: Optional[str] = None,
                    allocate_new_eip: Optional[bool] = None,
                    availability_domain: Optional[str] = None,
                    azure_eip_name_resource_group: Optional[str] = None,
                    cloud_type: Optional[int] = None,
                    customer_managed_keys: Optional[str] = None,
                    duo_api_hostname: Optional[str] = None,
                    duo_integration_key: Optional[str] = None,
                    duo_push_mode: Optional[str] = None,
                    duo_secret_key: Optional[str] = None,
                    eip: Optional[str] = None,
                    elb_name: Optional[str] = None,
                    enable_designated_gateway: Optional[bool] = None,
                    enable_elb: Optional[bool] = None,
                    enable_encrypt_volume: Optional[bool] = None,
                    enable_jumbo_frame: Optional[bool] = None,
                    enable_ldap: Optional[bool] = None,
                    enable_monitor_gateway_subnets: Optional[bool] = None,
                    enable_public_subnet_filtering: Optional[bool] = None,
                    enable_spot_instance: Optional[bool] = None,
                    enable_vpc_dns_server: Optional[bool] = None,
                    enable_vpn_nat: Optional[bool] = None,
                    fault_domain: Optional[str] = None,
                    fqdn_lan_cidr: Optional[str] = None,
                    fqdn_lan_vpc_id: Optional[str] = None,
                    gw_name: Optional[str] = None,
                    gw_size: Optional[str] = None,
                    idle_timeout: Optional[int] = None,
                    image_version: Optional[str] = None,
                    insane_mode: Optional[bool] = None,
                    insane_mode_az: Optional[str] = None,
                    ldap_base_dn: Optional[str] = None,
                    ldap_bind_dn: Optional[str] = None,
                    ldap_password: Optional[str] = None,
                    ldap_server: Optional[str] = None,
                    ldap_username_attribute: Optional[str] = None,
                    max_vpn_conn: Optional[str] = None,
                    monitor_exclude_lists: Optional[Sequence[str]] = None,
                    name_servers: Optional[str] = None,
                    okta_token: Optional[str] = None,
                    okta_url: Optional[str] = None,
                    okta_username_suffix: Optional[str] = None,
                    otp_mode: Optional[str] = None,
                    peering_ha_availability_domain: Optional[str] = None,
                    peering_ha_azure_eip_name_resource_group: Optional[str] = None,
                    peering_ha_eip: Optional[str] = None,
                    peering_ha_fault_domain: Optional[str] = None,
                    peering_ha_gw_size: Optional[str] = None,
                    peering_ha_image_version: Optional[str] = None,
                    peering_ha_insane_mode_az: Optional[str] = None,
                    peering_ha_software_version: Optional[str] = None,
                    peering_ha_subnet: Optional[str] = None,
                    peering_ha_zone: Optional[str] = None,
                    public_subnet_filtering_guard_duty_enforced: Optional[bool] = None,
                    public_subnet_filtering_ha_route_tables: Optional[Sequence[str]] = None,
                    public_subnet_filtering_route_tables: Optional[Sequence[str]] = None,
                    renegotiation_interval: Optional[int] = None,
                    rx_queue_size: Optional[str] = None,
                    saml_enabled: Optional[bool] = None,
                    search_domains: Optional[str] = None,
                    single_az_ha: Optional[bool] = None,
                    single_ip_snat: Optional[bool] = None,
                    software_version: Optional[str] = None,
                    split_tunnel: Optional[bool] = None,
                    spot_price: Optional[str] = None,
                    subnet: Optional[str] = None,
                    tag_lists: Optional[Sequence[str]] = None,
                    tags: Optional[Mapping[str, str]] = None,
                    tunnel_detection_time: Optional[int] = None,
                    vpc_id: Optional[str] = None,
                    vpc_reg: Optional[str] = None,
                    vpn_access: Optional[bool] = None,
                    vpn_cidr: Optional[str] = None,
                    vpn_protocol: Optional[str] = None,
                    zone: Optional[str] = None)
@overload
def AviatrixGateway(resource_name: str,
                    args: AviatrixGatewayArgs,
                    opts: Optional[ResourceOptions] = None)
func NewAviatrixGateway(ctx *Context, name string, args AviatrixGatewayArgs, opts ...ResourceOption) (*AviatrixGateway, error)
public AviatrixGateway(string name, AviatrixGatewayArgs args, CustomResourceOptions? opts = null)
public AviatrixGateway(String name, AviatrixGatewayArgs args)
public AviatrixGateway(String name, AviatrixGatewayArgs args, CustomResourceOptions options)
type: aviatrix:AviatrixGateway
properties: # The arguments to resource properties.
options: # Bag of options to control resource's behavior.

name string
The unique name of the resource.
args AviatrixGatewayArgs
The arguments to resource properties.
opts CustomResourceOptions
Bag of options to control resource's behavior.
resource_name str
The unique name of the resource.
args AviatrixGatewayArgs
The arguments to resource properties.
opts ResourceOptions
Bag of options to control resource's behavior.
ctx Context
Context object for the current deployment.
name string
The unique name of the resource.
args AviatrixGatewayArgs
The arguments to resource properties.
opts ResourceOption
Bag of options to control resource's behavior.
name string
The unique name of the resource.
args AviatrixGatewayArgs
The arguments to resource properties.
opts CustomResourceOptions
Bag of options to control resource's behavior.
name String
The unique name of the resource.
args AviatrixGatewayArgs
The arguments to resource properties.
options CustomResourceOptions
Bag of options to control resource's behavior.

AviatrixGateway Resource Properties

To learn more about resource properties and how to use them, see Inputs and Outputs in the Architecture and Concepts docs.

Inputs

The AviatrixGateway resource accepts the following input properties:

AccountName string

Account name. This account will be used to launch Aviatrix gateway.

CloudType int

Cloud service provider to use to launch the gateway. Requires an integer value. Currently supports AWS(1), GCP(4), Azure(8), OCI(16), AzureGov(32), AWSGov(256), AWSChina(1024), AzureChina(2048), Alibaba Cloud (8192), AWS Top Secret (16384) and AWS Secret (32768).

GwName string

Name of the Aviatrix gateway to be created.

GwSize string

Size of the gateway instance. Example: AWS/AWSGov/AWSChina: "t2.large", GCP: "n1-standard-1", Azure/AzureGov/AzureChina: "Standard_B1s", OCI: "VM.Standard2.2".

Subnet string

A VPC network address range selected from one of the available network ranges. Example: "172.31.0.0/20". NOTE: If using insane_mode, please see notes here.

VpcId string

VPC ID/VNet name of cloud provider. Example: AWS/AWSGov/AWSChina: "vpc-abcd1234", GCP: "vpc-gcp-test~-~project-id", Azure/AzureGov/AzureChina: "vnet_name:rg_name:resource_guid", OCI: "ocid1.vcn.oc1.iad.aaaaaaaaba3pv6wkcr4jqae5f44n2b2m2yt2j6rx32uzr4h25vqstifsfdsq".

VpcReg string

VPC region the gateway will be created in. Example: AWS: "us-east-1", GCP: "us-west2-a", Azure: "East US 2", OCI: "us-ashburn-1", AzureGov: "USGov Arizona", AWSGov: "us-gov-west-1", AWSChina: "cn-north-1", AzureChina: "China North", AWS Top Secret: "us-iso-east-1", AWS Secret: "us-isob-east-1".

AdditionalCidrs string

A list of destination CIDR ranges that will also go through the VPN tunnel when Split Tunnel Mode is enabled.

AdditionalCidrsDesignatedGateway string

A list of CIDR ranges separated by comma to configure when "Designated Gateway" feature is enabled. Example: "10.8.0.0/16,10.9.0.0/16,10.10.0.0/16".

AllocateNewEip bool

If set to false, use an available address in Elastic IP pool for this gateway. Otherwise, allocate a new Elastic IP and use it for this gateway. Available in Controller 2.7+. Valid values: true, false. Default: true.

AvailabilityDomain string

Availability domain. Required and valid only for OCI. Available as of provider version R2.19.3.

AzureEipNameResourceGroup string

Name of public IP Address resource and its resource group in Azure to be assigned to the gateway instance. Example: "IP_Name:Resource_Group_Name". Required when allocate_new_eip is false and cloud_type is Azure, AzureGov or AzureChina. Available as of provider version 2.20+.

CustomerManagedKeys string

Customer-managed key ID.

DuoApiHostname string

API hostname for DUO auth mode. Required: Yes if otp_mode is "2".

DuoIntegrationKey string

Integration key for DUO auth mode. Required if otp_mode is "2".

DuoPushMode string

Push mode for DUO auth. Required if otp_mode is "2". Valid values: "auto", "selective" and "token".

DuoSecretKey string

Secret key for DUO auth mode. Required if otp_mode is "2".

Eip string

Specified EIP to use for gateway creation. Required when allocate_new_eip is false. Available in Controller version 3.5+. Only available for AWS, GCP, Azure, OCI, AzureGov, AWSGov, AWSChina, AzureChina, AWS Top Secret and AWS Secret.

ElbName string

A name for the ELB that is created. If it is not specified, a name is generated automatically.

EnableDesignatedGateway bool

Enable Designated Gateway feature for Gateway. Only supported for AWS, AWSGov, AWSChina, AWS Top Secret and AWS Secret gateways. Valid values: true, false. Default value: false. Please view documentation here for more information on this feature.

EnableElb bool

Specify whether to enable ELB or not. Not supported for OCI gateways. Valid values: true, false.

EnableEncryptVolume bool

Enable EBS volume encryption for the gateway. Only supported for AWS, AWSGov, AWSChina, AWS Top Secret and AWS Secret gateways. Valid values: true, false. Default value: false.

EnableJumboFrame bool

Enable jumbo frames for this gateway. Default value is true.

EnableLdap bool

Enable/disable LDAP. Valid values: true, false. Default value: false.

EnableMonitorGatewaySubnets bool

If set to true, the Monitor Gateway Subnets feature is enabled. Default value is false. Available in provider version R2.17.1+.

EnablePublicSubnetFiltering bool

Create a Public Subnet Filtering gateway.

EnableSpotInstance bool

Enable spot instance. NOT supported for production deployment.

EnableVpcDnsServer bool

Enable VPC DNS Server for gateway. Currently only supported for AWS, Azure, AzureGov, AWSGov, AWSChina, AzureChina, Alibaba Cloud, AWS Top Secret and AWS Secret gateways. Valid values: true, false. Default value: false.

EnableVpnNat bool

Enable/disable VPN NAT. Only supported for VPN gateway. Valid values: true, false. Default value: true.

FaultDomain string

Fault domain. Required and valid only for OCI. Available as of provider version R2.19.3.

FqdnLanCidr string

If fqdn_lan_cidr is set, the FQDN gateway will be created with an additional LAN interface using the provided CIDR. This attribute is required when enabling FQDN gateway FireNet in Azure or GCP. Available in provider version R2.17.1+.

FqdnLanVpcId string

FQDN LAN VPC ID. This attribute is required when enabling FQDN gateway FireNet in GCP. Available as of provider version R2.18.1+.

IdleTimeout int

It sets the value (seconds) of the idle timeout. This idle timeout feature is enable only if this attribute is set, otherwise it is disabled. The entered value must be an integer number greater than 300. Available in provider version R2.17.1+.

ImageVersion string

The image version of the gateway. Use aviatrix.getAviatrixGatewayImage data source to programmatically retrieve this value for the desired software_version. If set, we will attempt to update the gateway to the specified version if current version is different. If left blank, the gateway upgrades can be managed with the aviatrix.AviatrixControllerConfig resource. Type: String. Example: "hvm-cloudx-aws-022021". Available as of provider version R2.20.0.

InsaneMode bool

Enable Insane Mode for Gateway. Insane Mode gateway size must be at least c5 series (AWS) or Standard_D3_v2 (Azure/AzureGov). If enabled, a valid /26 CIDR segment of the VPC must be specified to create a new subnet. Only supported for AWS, AWSGov, Azure, AzureGov, AWS China, Azure China, AWS Top Secret or AWS Secret. Valid values: true, false.

InsaneModeAz string

Region + Availability Zone of subnet being created for Insane Mode gateway. Required for AWS, AWSGov, AWS China, AWS Top Secret or AWS Secret if insane_mode is set. Example: AWS: "us-west-1a".

LdapBaseDn string

LDAP base DN. Required if enable_ldap is true.

LdapBindDn string

LDAP bind DN. Required if enable_ldap is true.

LdapPassword string

LDAP password. Required if enable_ldap is true.

LdapServer string

LDAP server address. Required if enable_ldap is true.

LdapUsernameAttribute string

LDAP user attribute. Required if enable_ldap is true.

MaxVpnConn string

Maximum number of active VPN users allowed to be connected to this gateway. Required if vpn_access is true. Make sure the number is smaller than the VPN CIDR block. Example: 100. NOTE: Please see notes here in regards to any deltas found in your state with the addition of this argument in R1.14.

MonitorExcludeLists List<string>

Set of monitored instance ids. Only valid when 'enable_monitor_gateway_subnets' = true. Available in provider version R2.17.1+.

NameServers string

A list of DNS servers used to resolve domain names by a connected VPN user when Split Tunnel Mode is enabled.

OktaToken string

Token for Okta auth mode. Required if otp_mode is "3".

OktaUrl string

URL for Okta auth mode. Required if otp_mode is "3".

OktaUsernameSuffix string

Username suffix for Okta auth mode. Example: "aviatrix.com".

OtpMode string

Two step authentication mode. Valid values: "2" for DUO, "3" for Okta.

PeeringHaAvailabilityDomain string

Peering HA gateway availability domain. Required and valid only for OCI. Available as of provider version R2.19.3.

PeeringHaAzureEipNameResourceGroup string

Name of public IP address resource and its resource group in Azure to be assigned to the HA peering instance. Example: "IP_Name:Resource_Group_Name". Required if peering_ha_eip is set and cloud_type is Azure, AzureGov or AzureChina. Available as of provider version 2.20+.

PeeringHaEip string

Public IP address to be assigned to the HA peering instance. Only available for AWS, GCP, Azure, OCI, AzureGov, AWSGov, AWSChina, AzureChina, AWS Top Secret and AWS Secret.

PeeringHaFaultDomain string

Peering HA gateway fault domain. Required and valid only for OCI. Available as of provider version R2.19.3.

PeeringHaGwSize string

Size of the Peering HA Gateway to be created. Required if enabling Peering HA. NOTE: Please see notes here in regards to any deltas found in your state with the addition of this argument in R1.8.

PeeringHaImageVersion string

The image version of the HA gateway. Use aviatrix.getAviatrixGatewayImage data source to programmatically retrieve this value for the desired ha_software_version. If set, we will attempt to update the HA gateway to the specified version if current version is different. If left blank, the gateway upgrades can be managed with the aviatrix.AviatrixControllerConfig resource. Type: String. Example: "hvm-cloudx-aws-022021". Available as of provider version R2.20.0.

PeeringHaInsaneModeAz string

Region + Availability Zone of subnet being created for Insane Mode-enabled Peering HA Gateway. Required for AWS only if insane_mode is set and peering_ha_subnet is set. Example: AWS: "us-west-1a".

PeeringHaSoftwareVersion string

The software version of the HA gateway. If set, we will attempt to update the HA gateway to the specified version if current version is different. If left blank, the HA gateway upgrade can be managed with the aviatrix.AviatrixControllerConfig resource. Type: String. Example: "6.5.821". Available as of provider version R2.20.0.

PeeringHaSubnet string

Public subnet CIDR to create Peering HA Gateway in. Required if enabling Peering HA for AWS/AWSGov/AWS Top Secret/AWS Secret/Azure/AzureGov/Alibaba Cloud. Optional if enabling Peering HA for GCP. Example: AWS: "10.0.0.0/16".

PeeringHaZone string

Zone to create Peering HA Gateway in. Required if enabling Peering HA for GCP. Example: GCP: "us-west1-c". Optional for Azure. Valid values for Azure gateways are in the form "az-n". Example: "az-2". Available for Azure as of provider version R2.17+.

PublicSubnetFilteringGuardDutyEnforced bool

Whether to enforce Guard Duty IP blocking. Only valid when enable_public_subnet_filtering attribute is true. Valid values: true or false. Default value: true. Available as of provider version R2.18+.

PublicSubnetFilteringHaRouteTables List<string>

Route tables whose associated public subnets are protected for the HA PSF gateway. Required when enable_public_subnet_filtering and peering_ha_subnet are set. Available as of provider version R2.18+.

PublicSubnetFilteringRouteTables List<string>

Route tables whose associated public subnets are protected. Only valid when enable_public_subnet_filtering attribute is true. Available as of provider version R2.18+.

RenegotiationInterval int

It sets the value (seconds) of the renegotiation interval. This renegotiation interval feature is enable only if this attribute is set, otherwise it is disabled. The entered value must be an integer number greater than 300. Available in provider version R2.17.1+.

RxQueueSize string

Gateway ethernet interface RX queue size. Once set, can't be deleted or disabled. Available for AWS as of provider version R2.22+.

SamlEnabled bool

Enable/disable SAML. This field is available in Controller version 3.3 or later release. Valid values: true, false. Default value: false.

SearchDomains string

A list of domain names that will use the NameServer when a specific name is not in the destination when Split Tunnel Mode is enabled.

SingleAzHa bool

If enabled, Controller monitors the health of the gateway and restarts the gateway if it becomes unreachable. Valid values: true, false. Default value: false.

SingleIpSnat bool

Enable Source NAT in "single ip" mode for this gateway. Valid values: true, false. Default value: false. NOTE: If using SNAT for FQDN use-case, please see notes here.

SoftwareVersion string

The software version of the gateway. If set, we will attempt to update the gateway to the specified version if current version is different. If left blank, the gateway upgrade can be managed with the aviatrix.AviatrixControllerConfig resource. Type: String. Example: "6.5.821". Available as of provider version R2.20.0.

SplitTunnel bool

Enable/disable Split Tunnel Mode. Valid values: true, false. Default value: true. Please see here for more information on split tunnel.

SpotPrice string

Price for spot instance. NOT supported for production deployment.

TagLists List<string>

(Optional) Tag list of the gateway instance. Only available for AWS, AWSGov, AWSChina, Azure, AzureGov and AzureChina gateways. Example: ["key1:value1", "key2:value2"].

  • storage_name (Optional) Specify a storage account. Required if cloud_type is 2048 (AzureChina). Removed in Provider version 2.21.0+.

Deprecated:

Use tags instead.

Tags Dictionary<string, string>

Map of tags to assign to the gateway. Only available for AWS, AWSGov, AWSChina, Azure, AzureGov, AzureChina, AWS Top Secret and AWS Secret gateways. Allowed characters vary by cloud type but always include: letters, spaces, and numbers. AWS, AWSGov, AWSChina, AWS Top Secret and AWS Secret allow the use of any character. Azure, AzureGov and AzureChina allows the following special characters: + - = . _ : @. Example: {"key1" = "value1", "key2" = "value2"}.

TunnelDetectionTime int

The IPSec tunnel down detection time for the Gateway.

VpnAccess bool

Enable user access through VPN to this gateway. Valid values: true, false.

VpnCidr string

VPN CIDR block for the gateway. Required if vpn_access is true. Example: "192.168.43.0/24".

VpnProtocol string

Transport mode for VPN connection. All cloud_types support TCP with ELB, and UDP without ELB. AWS(1) additionally supports UDP with ELB. Valid values: "TCP", "UDP". If not specified, "TCP" will be used.

Zone string

Availability Zone. Only available for Azure and Public Subnet Filtering gateway. Available for Azure as of provider version R2.17+.

AccountName string

Account name. This account will be used to launch Aviatrix gateway.

CloudType int

Cloud service provider to use to launch the gateway. Requires an integer value. Currently supports AWS(1), GCP(4), Azure(8), OCI(16), AzureGov(32), AWSGov(256), AWSChina(1024), AzureChina(2048), Alibaba Cloud (8192), AWS Top Secret (16384) and AWS Secret (32768).

GwName string

Name of the Aviatrix gateway to be created.

GwSize string

Size of the gateway instance. Example: AWS/AWSGov/AWSChina: "t2.large", GCP: "n1-standard-1", Azure/AzureGov/AzureChina: "Standard_B1s", OCI: "VM.Standard2.2".

Subnet string

A VPC network address range selected from one of the available network ranges. Example: "172.31.0.0/20". NOTE: If using insane_mode, please see notes here.

VpcId string

VPC ID/VNet name of cloud provider. Example: AWS/AWSGov/AWSChina: "vpc-abcd1234", GCP: "vpc-gcp-test~-~project-id", Azure/AzureGov/AzureChina: "vnet_name:rg_name:resource_guid", OCI: "ocid1.vcn.oc1.iad.aaaaaaaaba3pv6wkcr4jqae5f44n2b2m2yt2j6rx32uzr4h25vqstifsfdsq".

VpcReg string

VPC region the gateway will be created in. Example: AWS: "us-east-1", GCP: "us-west2-a", Azure: "East US 2", OCI: "us-ashburn-1", AzureGov: "USGov Arizona", AWSGov: "us-gov-west-1", AWSChina: "cn-north-1", AzureChina: "China North", AWS Top Secret: "us-iso-east-1", AWS Secret: "us-isob-east-1".

AdditionalCidrs string

A list of destination CIDR ranges that will also go through the VPN tunnel when Split Tunnel Mode is enabled.

AdditionalCidrsDesignatedGateway string

A list of CIDR ranges separated by comma to configure when "Designated Gateway" feature is enabled. Example: "10.8.0.0/16,10.9.0.0/16,10.10.0.0/16".

AllocateNewEip bool

If set to false, use an available address in Elastic IP pool for this gateway. Otherwise, allocate a new Elastic IP and use it for this gateway. Available in Controller 2.7+. Valid values: true, false. Default: true.

AvailabilityDomain string

Availability domain. Required and valid only for OCI. Available as of provider version R2.19.3.

AzureEipNameResourceGroup string

Name of public IP Address resource and its resource group in Azure to be assigned to the gateway instance. Example: "IP_Name:Resource_Group_Name". Required when allocate_new_eip is false and cloud_type is Azure, AzureGov or AzureChina. Available as of provider version 2.20+.

CustomerManagedKeys string

Customer-managed key ID.

DuoApiHostname string

API hostname for DUO auth mode. Required: Yes if otp_mode is "2".

DuoIntegrationKey string

Integration key for DUO auth mode. Required if otp_mode is "2".

DuoPushMode string

Push mode for DUO auth. Required if otp_mode is "2". Valid values: "auto", "selective" and "token".

DuoSecretKey string

Secret key for DUO auth mode. Required if otp_mode is "2".

Eip string

Specified EIP to use for gateway creation. Required when allocate_new_eip is false. Available in Controller version 3.5+. Only available for AWS, GCP, Azure, OCI, AzureGov, AWSGov, AWSChina, AzureChina, AWS Top Secret and AWS Secret.

ElbName string

A name for the ELB that is created. If it is not specified, a name is generated automatically.

EnableDesignatedGateway bool

Enable Designated Gateway feature for Gateway. Only supported for AWS, AWSGov, AWSChina, AWS Top Secret and AWS Secret gateways. Valid values: true, false. Default value: false. Please view documentation here for more information on this feature.

EnableElb bool

Specify whether to enable ELB or not. Not supported for OCI gateways. Valid values: true, false.

EnableEncryptVolume bool

Enable EBS volume encryption for the gateway. Only supported for AWS, AWSGov, AWSChina, AWS Top Secret and AWS Secret gateways. Valid values: true, false. Default value: false.

EnableJumboFrame bool

Enable jumbo frames for this gateway. Default value is true.

EnableLdap bool

Enable/disable LDAP. Valid values: true, false. Default value: false.

EnableMonitorGatewaySubnets bool

If set to true, the Monitor Gateway Subnets feature is enabled. Default value is false. Available in provider version R2.17.1+.

EnablePublicSubnetFiltering bool

Create a Public Subnet Filtering gateway.

EnableSpotInstance bool

Enable spot instance. NOT supported for production deployment.

EnableVpcDnsServer bool

Enable VPC DNS Server for gateway. Currently only supported for AWS, Azure, AzureGov, AWSGov, AWSChina, AzureChina, Alibaba Cloud, AWS Top Secret and AWS Secret gateways. Valid values: true, false. Default value: false.

EnableVpnNat bool

Enable/disable VPN NAT. Only supported for VPN gateway. Valid values: true, false. Default value: true.

FaultDomain string

Fault domain. Required and valid only for OCI. Available as of provider version R2.19.3.

FqdnLanCidr string

If fqdn_lan_cidr is set, the FQDN gateway will be created with an additional LAN interface using the provided CIDR. This attribute is required when enabling FQDN gateway FireNet in Azure or GCP. Available in provider version R2.17.1+.

FqdnLanVpcId string

FQDN LAN VPC ID. This attribute is required when enabling FQDN gateway FireNet in GCP. Available as of provider version R2.18.1+.

IdleTimeout int

It sets the value (seconds) of the idle timeout. This idle timeout feature is enable only if this attribute is set, otherwise it is disabled. The entered value must be an integer number greater than 300. Available in provider version R2.17.1+.

ImageVersion string

The image version of the gateway. Use aviatrix.getAviatrixGatewayImage data source to programmatically retrieve this value for the desired software_version. If set, we will attempt to update the gateway to the specified version if current version is different. If left blank, the gateway upgrades can be managed with the aviatrix.AviatrixControllerConfig resource. Type: String. Example: "hvm-cloudx-aws-022021". Available as of provider version R2.20.0.

InsaneMode bool

Enable Insane Mode for Gateway. Insane Mode gateway size must be at least c5 series (AWS) or Standard_D3_v2 (Azure/AzureGov). If enabled, a valid /26 CIDR segment of the VPC must be specified to create a new subnet. Only supported for AWS, AWSGov, Azure, AzureGov, AWS China, Azure China, AWS Top Secret or AWS Secret. Valid values: true, false.

InsaneModeAz string

Region + Availability Zone of subnet being created for Insane Mode gateway. Required for AWS, AWSGov, AWS China, AWS Top Secret or AWS Secret if insane_mode is set. Example: AWS: "us-west-1a".

LdapBaseDn string

LDAP base DN. Required if enable_ldap is true.

LdapBindDn string

LDAP bind DN. Required if enable_ldap is true.

LdapPassword string

LDAP password. Required if enable_ldap is true.

LdapServer string

LDAP server address. Required if enable_ldap is true.

LdapUsernameAttribute string

LDAP user attribute. Required if enable_ldap is true.

MaxVpnConn string

Maximum number of active VPN users allowed to be connected to this gateway. Required if vpn_access is true. Make sure the number is smaller than the VPN CIDR block. Example: 100. NOTE: Please see notes here in regards to any deltas found in your state with the addition of this argument in R1.14.

MonitorExcludeLists []string

Set of monitored instance ids. Only valid when 'enable_monitor_gateway_subnets' = true. Available in provider version R2.17.1+.

NameServers string

A list of DNS servers used to resolve domain names by a connected VPN user when Split Tunnel Mode is enabled.

OktaToken string

Token for Okta auth mode. Required if otp_mode is "3".

OktaUrl string

URL for Okta auth mode. Required if otp_mode is "3".

OktaUsernameSuffix string

Username suffix for Okta auth mode. Example: "aviatrix.com".

OtpMode string

Two step authentication mode. Valid values: "2" for DUO, "3" for Okta.

PeeringHaAvailabilityDomain string

Peering HA gateway availability domain. Required and valid only for OCI. Available as of provider version R2.19.3.

PeeringHaAzureEipNameResourceGroup string

Name of public IP address resource and its resource group in Azure to be assigned to the HA peering instance. Example: "IP_Name:Resource_Group_Name". Required if peering_ha_eip is set and cloud_type is Azure, AzureGov or AzureChina. Available as of provider version 2.20+.

PeeringHaEip string

Public IP address to be assigned to the HA peering instance. Only available for AWS, GCP, Azure, OCI, AzureGov, AWSGov, AWSChina, AzureChina, AWS Top Secret and AWS Secret.

PeeringHaFaultDomain string

Peering HA gateway fault domain. Required and valid only for OCI. Available as of provider version R2.19.3.

PeeringHaGwSize string

Size of the Peering HA Gateway to be created. Required if enabling Peering HA. NOTE: Please see notes here in regards to any deltas found in your state with the addition of this argument in R1.8.

PeeringHaImageVersion string

The image version of the HA gateway. Use aviatrix.getAviatrixGatewayImage data source to programmatically retrieve this value for the desired ha_software_version. If set, we will attempt to update the HA gateway to the specified version if current version is different. If left blank, the gateway upgrades can be managed with the aviatrix.AviatrixControllerConfig resource. Type: String. Example: "hvm-cloudx-aws-022021". Available as of provider version R2.20.0.

PeeringHaInsaneModeAz string

Region + Availability Zone of subnet being created for Insane Mode-enabled Peering HA Gateway. Required for AWS only if insane_mode is set and peering_ha_subnet is set. Example: AWS: "us-west-1a".

PeeringHaSoftwareVersion string

The software version of the HA gateway. If set, we will attempt to update the HA gateway to the specified version if current version is different. If left blank, the HA gateway upgrade can be managed with the aviatrix.AviatrixControllerConfig resource. Type: String. Example: "6.5.821". Available as of provider version R2.20.0.

PeeringHaSubnet string

Public subnet CIDR to create Peering HA Gateway in. Required if enabling Peering HA for AWS/AWSGov/AWS Top Secret/AWS Secret/Azure/AzureGov/Alibaba Cloud. Optional if enabling Peering HA for GCP. Example: AWS: "10.0.0.0/16".

PeeringHaZone string

Zone to create Peering HA Gateway in. Required if enabling Peering HA for GCP. Example: GCP: "us-west1-c". Optional for Azure. Valid values for Azure gateways are in the form "az-n". Example: "az-2". Available for Azure as of provider version R2.17+.

PublicSubnetFilteringGuardDutyEnforced bool

Whether to enforce Guard Duty IP blocking. Only valid when enable_public_subnet_filtering attribute is true. Valid values: true or false. Default value: true. Available as of provider version R2.18+.

PublicSubnetFilteringHaRouteTables []string

Route tables whose associated public subnets are protected for the HA PSF gateway. Required when enable_public_subnet_filtering and peering_ha_subnet are set. Available as of provider version R2.18+.

PublicSubnetFilteringRouteTables []string

Route tables whose associated public subnets are protected. Only valid when enable_public_subnet_filtering attribute is true. Available as of provider version R2.18+.

RenegotiationInterval int

It sets the value (seconds) of the renegotiation interval. This renegotiation interval feature is enable only if this attribute is set, otherwise it is disabled. The entered value must be an integer number greater than 300. Available in provider version R2.17.1+.

RxQueueSize string

Gateway ethernet interface RX queue size. Once set, can't be deleted or disabled. Available for AWS as of provider version R2.22+.

SamlEnabled bool

Enable/disable SAML. This field is available in Controller version 3.3 or later release. Valid values: true, false. Default value: false.

SearchDomains string

A list of domain names that will use the NameServer when a specific name is not in the destination when Split Tunnel Mode is enabled.

SingleAzHa bool

If enabled, Controller monitors the health of the gateway and restarts the gateway if it becomes unreachable. Valid values: true, false. Default value: false.

SingleIpSnat bool

Enable Source NAT in "single ip" mode for this gateway. Valid values: true, false. Default value: false. NOTE: If using SNAT for FQDN use-case, please see notes here.

SoftwareVersion string

The software version of the gateway. If set, we will attempt to update the gateway to the specified version if current version is different. If left blank, the gateway upgrade can be managed with the aviatrix.AviatrixControllerConfig resource. Type: String. Example: "6.5.821". Available as of provider version R2.20.0.

SplitTunnel bool

Enable/disable Split Tunnel Mode. Valid values: true, false. Default value: true. Please see here for more information on split tunnel.

SpotPrice string

Price for spot instance. NOT supported for production deployment.

TagLists []string

(Optional) Tag list of the gateway instance. Only available for AWS, AWSGov, AWSChina, Azure, AzureGov and AzureChina gateways. Example: ["key1:value1", "key2:value2"].

  • storage_name (Optional) Specify a storage account. Required if cloud_type is 2048 (AzureChina). Removed in Provider version 2.21.0+.

Deprecated:

Use tags instead.

Tags map[string]string

Map of tags to assign to the gateway. Only available for AWS, AWSGov, AWSChina, Azure, AzureGov, AzureChina, AWS Top Secret and AWS Secret gateways. Allowed characters vary by cloud type but always include: letters, spaces, and numbers. AWS, AWSGov, AWSChina, AWS Top Secret and AWS Secret allow the use of any character. Azure, AzureGov and AzureChina allows the following special characters: + - = . _ : @. Example: {"key1" = "value1", "key2" = "value2"}.

TunnelDetectionTime int

The IPSec tunnel down detection time for the Gateway.

VpnAccess bool

Enable user access through VPN to this gateway. Valid values: true, false.

VpnCidr string

VPN CIDR block for the gateway. Required if vpn_access is true. Example: "192.168.43.0/24".

VpnProtocol string

Transport mode for VPN connection. All cloud_types support TCP with ELB, and UDP without ELB. AWS(1) additionally supports UDP with ELB. Valid values: "TCP", "UDP". If not specified, "TCP" will be used.

Zone string

Availability Zone. Only available for Azure and Public Subnet Filtering gateway. Available for Azure as of provider version R2.17+.

accountName String

Account name. This account will be used to launch Aviatrix gateway.

cloudType Integer

Cloud service provider to use to launch the gateway. Requires an integer value. Currently supports AWS(1), GCP(4), Azure(8), OCI(16), AzureGov(32), AWSGov(256), AWSChina(1024), AzureChina(2048), Alibaba Cloud (8192), AWS Top Secret (16384) and AWS Secret (32768).

gwName String

Name of the Aviatrix gateway to be created.

gwSize String

Size of the gateway instance. Example: AWS/AWSGov/AWSChina: "t2.large", GCP: "n1-standard-1", Azure/AzureGov/AzureChina: "Standard_B1s", OCI: "VM.Standard2.2".

subnet String

A VPC network address range selected from one of the available network ranges. Example: "172.31.0.0/20". NOTE: If using insane_mode, please see notes here.

vpcId String

VPC ID/VNet name of cloud provider. Example: AWS/AWSGov/AWSChina: "vpc-abcd1234", GCP: "vpc-gcp-test~-~project-id", Azure/AzureGov/AzureChina: "vnet_name:rg_name:resource_guid", OCI: "ocid1.vcn.oc1.iad.aaaaaaaaba3pv6wkcr4jqae5f44n2b2m2yt2j6rx32uzr4h25vqstifsfdsq".

vpcReg String

VPC region the gateway will be created in. Example: AWS: "us-east-1", GCP: "us-west2-a", Azure: "East US 2", OCI: "us-ashburn-1", AzureGov: "USGov Arizona", AWSGov: "us-gov-west-1", AWSChina: "cn-north-1", AzureChina: "China North", AWS Top Secret: "us-iso-east-1", AWS Secret: "us-isob-east-1".

additionalCidrs String

A list of destination CIDR ranges that will also go through the VPN tunnel when Split Tunnel Mode is enabled.

additionalCidrsDesignatedGateway String

A list of CIDR ranges separated by comma to configure when "Designated Gateway" feature is enabled. Example: "10.8.0.0/16,10.9.0.0/16,10.10.0.0/16".

allocateNewEip Boolean

If set to false, use an available address in Elastic IP pool for this gateway. Otherwise, allocate a new Elastic IP and use it for this gateway. Available in Controller 2.7+. Valid values: true, false. Default: true.

availabilityDomain String

Availability domain. Required and valid only for OCI. Available as of provider version R2.19.3.

azureEipNameResourceGroup String

Name of public IP Address resource and its resource group in Azure to be assigned to the gateway instance. Example: "IP_Name:Resource_Group_Name". Required when allocate_new_eip is false and cloud_type is Azure, AzureGov or AzureChina. Available as of provider version 2.20+.

customerManagedKeys String

Customer-managed key ID.

duoApiHostname String

API hostname for DUO auth mode. Required: Yes if otp_mode is "2".

duoIntegrationKey String

Integration key for DUO auth mode. Required if otp_mode is "2".

duoPushMode String

Push mode for DUO auth. Required if otp_mode is "2". Valid values: "auto", "selective" and "token".

duoSecretKey String

Secret key for DUO auth mode. Required if otp_mode is "2".

eip String

Specified EIP to use for gateway creation. Required when allocate_new_eip is false. Available in Controller version 3.5+. Only available for AWS, GCP, Azure, OCI, AzureGov, AWSGov, AWSChina, AzureChina, AWS Top Secret and AWS Secret.

elbName String

A name for the ELB that is created. If it is not specified, a name is generated automatically.

enableDesignatedGateway Boolean

Enable Designated Gateway feature for Gateway. Only supported for AWS, AWSGov, AWSChina, AWS Top Secret and AWS Secret gateways. Valid values: true, false. Default value: false. Please view documentation here for more information on this feature.

enableElb Boolean

Specify whether to enable ELB or not. Not supported for OCI gateways. Valid values: true, false.

enableEncryptVolume Boolean

Enable EBS volume encryption for the gateway. Only supported for AWS, AWSGov, AWSChina, AWS Top Secret and AWS Secret gateways. Valid values: true, false. Default value: false.

enableJumboFrame Boolean

Enable jumbo frames for this gateway. Default value is true.

enableLdap Boolean

Enable/disable LDAP. Valid values: true, false. Default value: false.

enableMonitorGatewaySubnets Boolean

If set to true, the Monitor Gateway Subnets feature is enabled. Default value is false. Available in provider version R2.17.1+.

enablePublicSubnetFiltering Boolean

Create a Public Subnet Filtering gateway.

enableSpotInstance Boolean

Enable spot instance. NOT supported for production deployment.

enableVpcDnsServer Boolean

Enable VPC DNS Server for gateway. Currently only supported for AWS, Azure, AzureGov, AWSGov, AWSChina, AzureChina, Alibaba Cloud, AWS Top Secret and AWS Secret gateways. Valid values: true, false. Default value: false.

enableVpnNat Boolean

Enable/disable VPN NAT. Only supported for VPN gateway. Valid values: true, false. Default value: true.

faultDomain String

Fault domain. Required and valid only for OCI. Available as of provider version R2.19.3.

fqdnLanCidr String

If fqdn_lan_cidr is set, the FQDN gateway will be created with an additional LAN interface using the provided CIDR. This attribute is required when enabling FQDN gateway FireNet in Azure or GCP. Available in provider version R2.17.1+.

fqdnLanVpcId String

FQDN LAN VPC ID. This attribute is required when enabling FQDN gateway FireNet in GCP. Available as of provider version R2.18.1+.

idleTimeout Integer

It sets the value (seconds) of the idle timeout. This idle timeout feature is enable only if this attribute is set, otherwise it is disabled. The entered value must be an integer number greater than 300. Available in provider version R2.17.1+.

imageVersion String

The image version of the gateway. Use aviatrix.getAviatrixGatewayImage data source to programmatically retrieve this value for the desired software_version. If set, we will attempt to update the gateway to the specified version if current version is different. If left blank, the gateway upgrades can be managed with the aviatrix.AviatrixControllerConfig resource. Type: String. Example: "hvm-cloudx-aws-022021". Available as of provider version R2.20.0.

insaneMode Boolean

Enable Insane Mode for Gateway. Insane Mode gateway size must be at least c5 series (AWS) or Standard_D3_v2 (Azure/AzureGov). If enabled, a valid /26 CIDR segment of the VPC must be specified to create a new subnet. Only supported for AWS, AWSGov, Azure, AzureGov, AWS China, Azure China, AWS Top Secret or AWS Secret. Valid values: true, false.

insaneModeAz String

Region + Availability Zone of subnet being created for Insane Mode gateway. Required for AWS, AWSGov, AWS China, AWS Top Secret or AWS Secret if insane_mode is set. Example: AWS: "us-west-1a".

ldapBaseDn String

LDAP base DN. Required if enable_ldap is true.

ldapBindDn String

LDAP bind DN. Required if enable_ldap is true.

ldapPassword String

LDAP password. Required if enable_ldap is true.

ldapServer String

LDAP server address. Required if enable_ldap is true.

ldapUsernameAttribute String

LDAP user attribute. Required if enable_ldap is true.

maxVpnConn String

Maximum number of active VPN users allowed to be connected to this gateway. Required if vpn_access is true. Make sure the number is smaller than the VPN CIDR block. Example: 100. NOTE: Please see notes here in regards to any deltas found in your state with the addition of this argument in R1.14.

monitorExcludeLists List<String>

Set of monitored instance ids. Only valid when 'enable_monitor_gateway_subnets' = true. Available in provider version R2.17.1+.

nameServers String

A list of DNS servers used to resolve domain names by a connected VPN user when Split Tunnel Mode is enabled.

oktaToken String

Token for Okta auth mode. Required if otp_mode is "3".

oktaUrl String

URL for Okta auth mode. Required if otp_mode is "3".

oktaUsernameSuffix String

Username suffix for Okta auth mode. Example: "aviatrix.com".

otpMode String

Two step authentication mode. Valid values: "2" for DUO, "3" for Okta.

peeringHaAvailabilityDomain String

Peering HA gateway availability domain. Required and valid only for OCI. Available as of provider version R2.19.3.

peeringHaAzureEipNameResourceGroup String

Name of public IP address resource and its resource group in Azure to be assigned to the HA peering instance. Example: "IP_Name:Resource_Group_Name". Required if peering_ha_eip is set and cloud_type is Azure, AzureGov or AzureChina. Available as of provider version 2.20+.

peeringHaEip String

Public IP address to be assigned to the HA peering instance. Only available for AWS, GCP, Azure, OCI, AzureGov, AWSGov, AWSChina, AzureChina, AWS Top Secret and AWS Secret.

peeringHaFaultDomain String

Peering HA gateway fault domain. Required and valid only for OCI. Available as of provider version R2.19.3.

peeringHaGwSize String

Size of the Peering HA Gateway to be created. Required if enabling Peering HA. NOTE: Please see notes here in regards to any deltas found in your state with the addition of this argument in R1.8.

peeringHaImageVersion String

The image version of the HA gateway. Use aviatrix.getAviatrixGatewayImage data source to programmatically retrieve this value for the desired ha_software_version. If set, we will attempt to update the HA gateway to the specified version if current version is different. If left blank, the gateway upgrades can be managed with the aviatrix.AviatrixControllerConfig resource. Type: String. Example: "hvm-cloudx-aws-022021". Available as of provider version R2.20.0.

peeringHaInsaneModeAz String

Region + Availability Zone of subnet being created for Insane Mode-enabled Peering HA Gateway. Required for AWS only if insane_mode is set and peering_ha_subnet is set. Example: AWS: "us-west-1a".

peeringHaSoftwareVersion String

The software version of the HA gateway. If set, we will attempt to update the HA gateway to the specified version if current version is different. If left blank, the HA gateway upgrade can be managed with the aviatrix.AviatrixControllerConfig resource. Type: String. Example: "6.5.821". Available as of provider version R2.20.0.

peeringHaSubnet String

Public subnet CIDR to create Peering HA Gateway in. Required if enabling Peering HA for AWS/AWSGov/AWS Top Secret/AWS Secret/Azure/AzureGov/Alibaba Cloud. Optional if enabling Peering HA for GCP. Example: AWS: "10.0.0.0/16".

peeringHaZone String

Zone to create Peering HA Gateway in. Required if enabling Peering HA for GCP. Example: GCP: "us-west1-c". Optional for Azure. Valid values for Azure gateways are in the form "az-n". Example: "az-2". Available for Azure as of provider version R2.17+.

publicSubnetFilteringGuardDutyEnforced Boolean

Whether to enforce Guard Duty IP blocking. Only valid when enable_public_subnet_filtering attribute is true. Valid values: true or false. Default value: true. Available as of provider version R2.18+.

publicSubnetFilteringHaRouteTables List<String>

Route tables whose associated public subnets are protected for the HA PSF gateway. Required when enable_public_subnet_filtering and peering_ha_subnet are set. Available as of provider version R2.18+.

publicSubnetFilteringRouteTables List<String>

Route tables whose associated public subnets are protected. Only valid when enable_public_subnet_filtering attribute is true. Available as of provider version R2.18+.

renegotiationInterval Integer

It sets the value (seconds) of the renegotiation interval. This renegotiation interval feature is enable only if this attribute is set, otherwise it is disabled. The entered value must be an integer number greater than 300. Available in provider version R2.17.1+.

rxQueueSize String

Gateway ethernet interface RX queue size. Once set, can't be deleted or disabled. Available for AWS as of provider version R2.22+.

samlEnabled Boolean

Enable/disable SAML. This field is available in Controller version 3.3 or later release. Valid values: true, false. Default value: false.

searchDomains String

A list of domain names that will use the NameServer when a specific name is not in the destination when Split Tunnel Mode is enabled.

singleAzHa Boolean

If enabled, Controller monitors the health of the gateway and restarts the gateway if it becomes unreachable. Valid values: true, false. Default value: false.

singleIpSnat Boolean

Enable Source NAT in "single ip" mode for this gateway. Valid values: true, false. Default value: false. NOTE: If using SNAT for FQDN use-case, please see notes here.

softwareVersion String

The software version of the gateway. If set, we will attempt to update the gateway to the specified version if current version is different. If left blank, the gateway upgrade can be managed with the aviatrix.AviatrixControllerConfig resource. Type: String. Example: "6.5.821". Available as of provider version R2.20.0.

splitTunnel Boolean

Enable/disable Split Tunnel Mode. Valid values: true, false. Default value: true. Please see here for more information on split tunnel.

spotPrice String

Price for spot instance. NOT supported for production deployment.

tagLists List<String>

(Optional) Tag list of the gateway instance. Only available for AWS, AWSGov, AWSChina, Azure, AzureGov and AzureChina gateways. Example: ["key1:value1", "key2:value2"].

  • storage_name (Optional) Specify a storage account. Required if cloud_type is 2048 (AzureChina). Removed in Provider version 2.21.0+.

Deprecated:

Use tags instead.

tags Map<String,String>

Map of tags to assign to the gateway. Only available for AWS, AWSGov, AWSChina, Azure, AzureGov, AzureChina, AWS Top Secret and AWS Secret gateways. Allowed characters vary by cloud type but always include: letters, spaces, and numbers. AWS, AWSGov, AWSChina, AWS Top Secret and AWS Secret allow the use of any character. Azure, AzureGov and AzureChina allows the following special characters: + - = . _ : @. Example: {"key1" = "value1", "key2" = "value2"}.

tunnelDetectionTime Integer

The IPSec tunnel down detection time for the Gateway.

vpnAccess Boolean

Enable user access through VPN to this gateway. Valid values: true, false.

vpnCidr String

VPN CIDR block for the gateway. Required if vpn_access is true. Example: "192.168.43.0/24".

vpnProtocol String

Transport mode for VPN connection. All cloud_types support TCP with ELB, and UDP without ELB. AWS(1) additionally supports UDP with ELB. Valid values: "TCP", "UDP". If not specified, "TCP" will be used.

zone String

Availability Zone. Only available for Azure and Public Subnet Filtering gateway. Available for Azure as of provider version R2.17+.

accountName string

Account name. This account will be used to launch Aviatrix gateway.

cloudType number

Cloud service provider to use to launch the gateway. Requires an integer value. Currently supports AWS(1), GCP(4), Azure(8), OCI(16), AzureGov(32), AWSGov(256), AWSChina(1024), AzureChina(2048), Alibaba Cloud (8192), AWS Top Secret (16384) and AWS Secret (32768).

gwName string

Name of the Aviatrix gateway to be created.

gwSize string

Size of the gateway instance. Example: AWS/AWSGov/AWSChina: "t2.large", GCP: "n1-standard-1", Azure/AzureGov/AzureChina: "Standard_B1s", OCI: "VM.Standard2.2".

subnet string

A VPC network address range selected from one of the available network ranges. Example: "172.31.0.0/20". NOTE: If using insane_mode, please see notes here.

vpcId string

VPC ID/VNet name of cloud provider. Example: AWS/AWSGov/AWSChina: "vpc-abcd1234", GCP: "vpc-gcp-test~-~project-id", Azure/AzureGov/AzureChina: "vnet_name:rg_name:resource_guid", OCI: "ocid1.vcn.oc1.iad.aaaaaaaaba3pv6wkcr4jqae5f44n2b2m2yt2j6rx32uzr4h25vqstifsfdsq".

vpcReg string

VPC region the gateway will be created in. Example: AWS: "us-east-1", GCP: "us-west2-a", Azure: "East US 2", OCI: "us-ashburn-1", AzureGov: "USGov Arizona", AWSGov: "us-gov-west-1", AWSChina: "cn-north-1", AzureChina: "China North", AWS Top Secret: "us-iso-east-1", AWS Secret: "us-isob-east-1".

additionalCidrs string

A list of destination CIDR ranges that will also go through the VPN tunnel when Split Tunnel Mode is enabled.

additionalCidrsDesignatedGateway string

A list of CIDR ranges separated by comma to configure when "Designated Gateway" feature is enabled. Example: "10.8.0.0/16,10.9.0.0/16,10.10.0.0/16".

allocateNewEip boolean

If set to false, use an available address in Elastic IP pool for this gateway. Otherwise, allocate a new Elastic IP and use it for this gateway. Available in Controller 2.7+. Valid values: true, false. Default: true.

availabilityDomain string

Availability domain. Required and valid only for OCI. Available as of provider version R2.19.3.

azureEipNameResourceGroup string

Name of public IP Address resource and its resource group in Azure to be assigned to the gateway instance. Example: "IP_Name:Resource_Group_Name". Required when allocate_new_eip is false and cloud_type is Azure, AzureGov or AzureChina. Available as of provider version 2.20+.

customerManagedKeys string

Customer-managed key ID.

duoApiHostname string

API hostname for DUO auth mode. Required: Yes if otp_mode is "2".

duoIntegrationKey string

Integration key for DUO auth mode. Required if otp_mode is "2".

duoPushMode string

Push mode for DUO auth. Required if otp_mode is "2". Valid values: "auto", "selective" and "token".

duoSecretKey string

Secret key for DUO auth mode. Required if otp_mode is "2".

eip string

Specified EIP to use for gateway creation. Required when allocate_new_eip is false. Available in Controller version 3.5+. Only available for AWS, GCP, Azure, OCI, AzureGov, AWSGov, AWSChina, AzureChina, AWS Top Secret and AWS Secret.

elbName string

A name for the ELB that is created. If it is not specified, a name is generated automatically.

enableDesignatedGateway boolean

Enable Designated Gateway feature for Gateway. Only supported for AWS, AWSGov, AWSChina, AWS Top Secret and AWS Secret gateways. Valid values: true, false. Default value: false. Please view documentation here for more information on this feature.

enableElb boolean

Specify whether to enable ELB or not. Not supported for OCI gateways. Valid values: true, false.

enableEncryptVolume boolean

Enable EBS volume encryption for the gateway. Only supported for AWS, AWSGov, AWSChina, AWS Top Secret and AWS Secret gateways. Valid values: true, false. Default value: false.

enableJumboFrame boolean

Enable jumbo frames for this gateway. Default value is true.

enableLdap boolean

Enable/disable LDAP. Valid values: true, false. Default value: false.

enableMonitorGatewaySubnets boolean

If set to true, the Monitor Gateway Subnets feature is enabled. Default value is false. Available in provider version R2.17.1+.

enablePublicSubnetFiltering boolean

Create a Public Subnet Filtering gateway.

enableSpotInstance boolean

Enable spot instance. NOT supported for production deployment.

enableVpcDnsServer boolean

Enable VPC DNS Server for gateway. Currently only supported for AWS, Azure, AzureGov, AWSGov, AWSChina, AzureChina, Alibaba Cloud, AWS Top Secret and AWS Secret gateways. Valid values: true, false. Default value: false.

enableVpnNat boolean

Enable/disable VPN NAT. Only supported for VPN gateway. Valid values: true, false. Default value: true.

faultDomain string

Fault domain. Required and valid only for OCI. Available as of provider version R2.19.3.

fqdnLanCidr string

If fqdn_lan_cidr is set, the FQDN gateway will be created with an additional LAN interface using the provided CIDR. This attribute is required when enabling FQDN gateway FireNet in Azure or GCP. Available in provider version R2.17.1+.

fqdnLanVpcId string

FQDN LAN VPC ID. This attribute is required when enabling FQDN gateway FireNet in GCP. Available as of provider version R2.18.1+.

idleTimeout number

It sets the value (seconds) of the idle timeout. This idle timeout feature is enable only if this attribute is set, otherwise it is disabled. The entered value must be an integer number greater than 300. Available in provider version R2.17.1+.

imageVersion string

The image version of the gateway. Use aviatrix.getAviatrixGatewayImage data source to programmatically retrieve this value for the desired software_version. If set, we will attempt to update the gateway to the specified version if current version is different. If left blank, the gateway upgrades can be managed with the aviatrix.AviatrixControllerConfig resource. Type: String. Example: "hvm-cloudx-aws-022021". Available as of provider version R2.20.0.

insaneMode boolean

Enable Insane Mode for Gateway. Insane Mode gateway size must be at least c5 series (AWS) or Standard_D3_v2 (Azure/AzureGov). If enabled, a valid /26 CIDR segment of the VPC must be specified to create a new subnet. Only supported for AWS, AWSGov, Azure, AzureGov, AWS China, Azure China, AWS Top Secret or AWS Secret. Valid values: true, false.

insaneModeAz string

Region + Availability Zone of subnet being created for Insane Mode gateway. Required for AWS, AWSGov, AWS China, AWS Top Secret or AWS Secret if insane_mode is set. Example: AWS: "us-west-1a".

ldapBaseDn string

LDAP base DN. Required if enable_ldap is true.

ldapBindDn string

LDAP bind DN. Required if enable_ldap is true.

ldapPassword string

LDAP password. Required if enable_ldap is true.

ldapServer string

LDAP server address. Required if enable_ldap is true.

ldapUsernameAttribute string

LDAP user attribute. Required if enable_ldap is true.

maxVpnConn string

Maximum number of active VPN users allowed to be connected to this gateway. Required if vpn_access is true. Make sure the number is smaller than the VPN CIDR block. Example: 100. NOTE: Please see notes here in regards to any deltas found in your state with the addition of this argument in R1.14.

monitorExcludeLists string[]

Set of monitored instance ids. Only valid when 'enable_monitor_gateway_subnets' = true. Available in provider version R2.17.1+.

nameServers string

A list of DNS servers used to resolve domain names by a connected VPN user when Split Tunnel Mode is enabled.

oktaToken string

Token for Okta auth mode. Required if otp_mode is "3".

oktaUrl string

URL for Okta auth mode. Required if otp_mode is "3".

oktaUsernameSuffix string

Username suffix for Okta auth mode. Example: "aviatrix.com".

otpMode string

Two step authentication mode. Valid values: "2" for DUO, "3" for Okta.

peeringHaAvailabilityDomain string

Peering HA gateway availability domain. Required and valid only for OCI. Available as of provider version R2.19.3.

peeringHaAzureEipNameResourceGroup string

Name of public IP address resource and its resource group in Azure to be assigned to the HA peering instance. Example: "IP_Name:Resource_Group_Name". Required if peering_ha_eip is set and cloud_type is Azure, AzureGov or AzureChina. Available as of provider version 2.20+.

peeringHaEip string

Public IP address to be assigned to the HA peering instance. Only available for AWS, GCP, Azure, OCI, AzureGov, AWSGov, AWSChina, AzureChina, AWS Top Secret and AWS Secret.

peeringHaFaultDomain string

Peering HA gateway fault domain. Required and valid only for OCI. Available as of provider version R2.19.3.

peeringHaGwSize string

Size of the Peering HA Gateway to be created. Required if enabling Peering HA. NOTE: Please see notes here in regards to any deltas found in your state with the addition of this argument in R1.8.

peeringHaImageVersion string

The image version of the HA gateway. Use aviatrix.getAviatrixGatewayImage data source to programmatically retrieve this value for the desired ha_software_version. If set, we will attempt to update the HA gateway to the specified version if current version is different. If left blank, the gateway upgrades can be managed with the aviatrix.AviatrixControllerConfig resource. Type: String. Example: "hvm-cloudx-aws-022021". Available as of provider version R2.20.0.

peeringHaInsaneModeAz string

Region + Availability Zone of subnet being created for Insane Mode-enabled Peering HA Gateway. Required for AWS only if insane_mode is set and peering_ha_subnet is set. Example: AWS: "us-west-1a".

peeringHaSoftwareVersion string

The software version of the HA gateway. If set, we will attempt to update the HA gateway to the specified version if current version is different. If left blank, the HA gateway upgrade can be managed with the aviatrix.AviatrixControllerConfig resource. Type: String. Example: "6.5.821". Available as of provider version R2.20.0.

peeringHaSubnet string

Public subnet CIDR to create Peering HA Gateway in. Required if enabling Peering HA for AWS/AWSGov/AWS Top Secret/AWS Secret/Azure/AzureGov/Alibaba Cloud. Optional if enabling Peering HA for GCP. Example: AWS: "10.0.0.0/16".

peeringHaZone string

Zone to create Peering HA Gateway in. Required if enabling Peering HA for GCP. Example: GCP: "us-west1-c". Optional for Azure. Valid values for Azure gateways are in the form "az-n". Example: "az-2". Available for Azure as of provider version R2.17+.

publicSubnetFilteringGuardDutyEnforced boolean

Whether to enforce Guard Duty IP blocking. Only valid when enable_public_subnet_filtering attribute is true. Valid values: true or false. Default value: true. Available as of provider version R2.18+.

publicSubnetFilteringHaRouteTables string[]

Route tables whose associated public subnets are protected for the HA PSF gateway. Required when enable_public_subnet_filtering and peering_ha_subnet are set. Available as of provider version R2.18+.

publicSubnetFilteringRouteTables string[]

Route tables whose associated public subnets are protected. Only valid when enable_public_subnet_filtering attribute is true. Available as of provider version R2.18+.

renegotiationInterval number

It sets the value (seconds) of the renegotiation interval. This renegotiation interval feature is enable only if this attribute is set, otherwise it is disabled. The entered value must be an integer number greater than 300. Available in provider version R2.17.1+.

rxQueueSize string

Gateway ethernet interface RX queue size. Once set, can't be deleted or disabled. Available for AWS as of provider version R2.22+.

samlEnabled boolean

Enable/disable SAML. This field is available in Controller version 3.3 or later release. Valid values: true, false. Default value: false.

searchDomains string

A list of domain names that will use the NameServer when a specific name is not in the destination when Split Tunnel Mode is enabled.

singleAzHa boolean

If enabled, Controller monitors the health of the gateway and restarts the gateway if it becomes unreachable. Valid values: true, false. Default value: false.

singleIpSnat boolean

Enable Source NAT in "single ip" mode for this gateway. Valid values: true, false. Default value: false. NOTE: If using SNAT for FQDN use-case, please see notes here.

softwareVersion string

The software version of the gateway. If set, we will attempt to update the gateway to the specified version if current version is different. If left blank, the gateway upgrade can be managed with the aviatrix.AviatrixControllerConfig resource. Type: String. Example: "6.5.821". Available as of provider version R2.20.0.

splitTunnel boolean

Enable/disable Split Tunnel Mode. Valid values: true, false. Default value: true. Please see here for more information on split tunnel.

spotPrice string

Price for spot instance. NOT supported for production deployment.

tagLists string[]

(Optional) Tag list of the gateway instance. Only available for AWS, AWSGov, AWSChina, Azure, AzureGov and AzureChina gateways. Example: ["key1:value1", "key2:value2"].

  • storage_name (Optional) Specify a storage account. Required if cloud_type is 2048 (AzureChina). Removed in Provider version 2.21.0+.

Deprecated:

Use tags instead.

tags {[key: string]: string}

Map of tags to assign to the gateway. Only available for AWS, AWSGov, AWSChina, Azure, AzureGov, AzureChina, AWS Top Secret and AWS Secret gateways. Allowed characters vary by cloud type but always include: letters, spaces, and numbers. AWS, AWSGov, AWSChina, AWS Top Secret and AWS Secret allow the use of any character. Azure, AzureGov and AzureChina allows the following special characters: + - = . _ : @. Example: {"key1" = "value1", "key2" = "value2"}.

tunnelDetectionTime number

The IPSec tunnel down detection time for the Gateway.

vpnAccess boolean

Enable user access through VPN to this gateway. Valid values: true, false.

vpnCidr string

VPN CIDR block for the gateway. Required if vpn_access is true. Example: "192.168.43.0/24".

vpnProtocol string

Transport mode for VPN connection. All cloud_types support TCP with ELB, and UDP without ELB. AWS(1) additionally supports UDP with ELB. Valid values: "TCP", "UDP". If not specified, "TCP" will be used.

zone string

Availability Zone. Only available for Azure and Public Subnet Filtering gateway. Available for Azure as of provider version R2.17+.

account_name str

Account name. This account will be used to launch Aviatrix gateway.

cloud_type int

Cloud service provider to use to launch the gateway. Requires an integer value. Currently supports AWS(1), GCP(4), Azure(8), OCI(16), AzureGov(32), AWSGov(256), AWSChina(1024), AzureChina(2048), Alibaba Cloud (8192), AWS Top Secret (16384) and AWS Secret (32768).

gw_name str

Name of the Aviatrix gateway to be created.

gw_size str

Size of the gateway instance. Example: AWS/AWSGov/AWSChina: "t2.large", GCP: "n1-standard-1", Azure/AzureGov/AzureChina: "Standard_B1s", OCI: "VM.Standard2.2".

subnet str

A VPC network address range selected from one of the available network ranges. Example: "172.31.0.0/20". NOTE: If using insane_mode, please see notes here.

vpc_id str

VPC ID/VNet name of cloud provider. Example: AWS/AWSGov/AWSChina: "vpc-abcd1234", GCP: "vpc-gcp-test~-~project-id", Azure/AzureGov/AzureChina: "vnet_name:rg_name:resource_guid", OCI: "ocid1.vcn.oc1.iad.aaaaaaaaba3pv6wkcr4jqae5f44n2b2m2yt2j6rx32uzr4h25vqstifsfdsq".

vpc_reg str

VPC region the gateway will be created in. Example: AWS: "us-east-1", GCP: "us-west2-a", Azure: "East US 2", OCI: "us-ashburn-1", AzureGov: "USGov Arizona", AWSGov: "us-gov-west-1", AWSChina: "cn-north-1", AzureChina: "China North", AWS Top Secret: "us-iso-east-1", AWS Secret: "us-isob-east-1".

additional_cidrs str

A list of destination CIDR ranges that will also go through the VPN tunnel when Split Tunnel Mode is enabled.

additional_cidrs_designated_gateway str

A list of CIDR ranges separated by comma to configure when "Designated Gateway" feature is enabled. Example: "10.8.0.0/16,10.9.0.0/16,10.10.0.0/16".

allocate_new_eip bool

If set to false, use an available address in Elastic IP pool for this gateway. Otherwise, allocate a new Elastic IP and use it for this gateway. Available in Controller 2.7+. Valid values: true, false. Default: true.

availability_domain str

Availability domain. Required and valid only for OCI. Available as of provider version R2.19.3.

azure_eip_name_resource_group str

Name of public IP Address resource and its resource group in Azure to be assigned to the gateway instance. Example: "IP_Name:Resource_Group_Name". Required when allocate_new_eip is false and cloud_type is Azure, AzureGov or AzureChina. Available as of provider version 2.20+.

customer_managed_keys str

Customer-managed key ID.

duo_api_hostname str

API hostname for DUO auth mode. Required: Yes if otp_mode is "2".

duo_integration_key str

Integration key for DUO auth mode. Required if otp_mode is "2".

duo_push_mode str

Push mode for DUO auth. Required if otp_mode is "2". Valid values: "auto", "selective" and "token".

duo_secret_key str

Secret key for DUO auth mode. Required if otp_mode is "2".

eip str

Specified EIP to use for gateway creation. Required when allocate_new_eip is false. Available in Controller version 3.5+. Only available for AWS, GCP, Azure, OCI, AzureGov, AWSGov, AWSChina, AzureChina, AWS Top Secret and AWS Secret.

elb_name str

A name for the ELB that is created. If it is not specified, a name is generated automatically.

enable_designated_gateway bool

Enable Designated Gateway feature for Gateway. Only supported for AWS, AWSGov, AWSChina, AWS Top Secret and AWS Secret gateways. Valid values: true, false. Default value: false. Please view documentation here for more information on this feature.

enable_elb bool

Specify whether to enable ELB or not. Not supported for OCI gateways. Valid values: true, false.

enable_encrypt_volume bool

Enable EBS volume encryption for the gateway. Only supported for AWS, AWSGov, AWSChina, AWS Top Secret and AWS Secret gateways. Valid values: true, false. Default value: false.

enable_jumbo_frame bool

Enable jumbo frames for this gateway. Default value is true.

enable_ldap bool

Enable/disable LDAP. Valid values: true, false. Default value: false.

enable_monitor_gateway_subnets bool

If set to true, the Monitor Gateway Subnets feature is enabled. Default value is false. Available in provider version R2.17.1+.

enable_public_subnet_filtering bool

Create a Public Subnet Filtering gateway.

enable_spot_instance bool

Enable spot instance. NOT supported for production deployment.

enable_vpc_dns_server bool

Enable VPC DNS Server for gateway. Currently only supported for AWS, Azure, AzureGov, AWSGov, AWSChina, AzureChina, Alibaba Cloud, AWS Top Secret and AWS Secret gateways. Valid values: true, false. Default value: false.

enable_vpn_nat bool

Enable/disable VPN NAT. Only supported for VPN gateway. Valid values: true, false. Default value: true.

fault_domain str

Fault domain. Required and valid only for OCI. Available as of provider version R2.19.3.

fqdn_lan_cidr str

If fqdn_lan_cidr is set, the FQDN gateway will be created with an additional LAN interface using the provided CIDR. This attribute is required when enabling FQDN gateway FireNet in Azure or GCP. Available in provider version R2.17.1+.

fqdn_lan_vpc_id str

FQDN LAN VPC ID. This attribute is required when enabling FQDN gateway FireNet in GCP. Available as of provider version R2.18.1+.

idle_timeout int

It sets the value (seconds) of the idle timeout. This idle timeout feature is enable only if this attribute is set, otherwise it is disabled. The entered value must be an integer number greater than 300. Available in provider version R2.17.1+.

image_version str

The image version of the gateway. Use aviatrix.getAviatrixGatewayImage data source to programmatically retrieve this value for the desired software_version. If set, we will attempt to update the gateway to the specified version if current version is different. If left blank, the gateway upgrades can be managed with the aviatrix.AviatrixControllerConfig resource. Type: String. Example: "hvm-cloudx-aws-022021". Available as of provider version R2.20.0.

insane_mode bool

Enable Insane Mode for Gateway. Insane Mode gateway size must be at least c5 series (AWS) or Standard_D3_v2 (Azure/AzureGov). If enabled, a valid /26 CIDR segment of the VPC must be specified to create a new subnet. Only supported for AWS, AWSGov, Azure, AzureGov, AWS China, Azure China, AWS Top Secret or AWS Secret. Valid values: true, false.

insane_mode_az str

Region + Availability Zone of subnet being created for Insane Mode gateway. Required for AWS, AWSGov, AWS China, AWS Top Secret or AWS Secret if insane_mode is set. Example: AWS: "us-west-1a".

ldap_base_dn str

LDAP base DN. Required if enable_ldap is true.

ldap_bind_dn str

LDAP bind DN. Required if enable_ldap is true.

ldap_password str

LDAP password. Required if enable_ldap is true.

ldap_server str

LDAP server address. Required if enable_ldap is true.

ldap_username_attribute str

LDAP user attribute. Required if enable_ldap is true.

max_vpn_conn str

Maximum number of active VPN users allowed to be connected to this gateway. Required if vpn_access is true. Make sure the number is smaller than the VPN CIDR block. Example: 100. NOTE: Please see notes here in regards to any deltas found in your state with the addition of this argument in R1.14.

monitor_exclude_lists Sequence[str]

Set of monitored instance ids. Only valid when 'enable_monitor_gateway_subnets' = true. Available in provider version R2.17.1+.

name_servers str

A list of DNS servers used to resolve domain names by a connected VPN user when Split Tunnel Mode is enabled.

okta_token str

Token for Okta auth mode. Required if otp_mode is "3".

okta_url str

URL for Okta auth mode. Required if otp_mode is "3".

okta_username_suffix str

Username suffix for Okta auth mode. Example: "aviatrix.com".

otp_mode str

Two step authentication mode. Valid values: "2" for DUO, "3" for Okta.

peering_ha_availability_domain str

Peering HA gateway availability domain. Required and valid only for OCI. Available as of provider version R2.19.3.

peering_ha_azure_eip_name_resource_group str

Name of public IP address resource and its resource group in Azure to be assigned to the HA peering instance. Example: "IP_Name:Resource_Group_Name". Required if peering_ha_eip is set and cloud_type is Azure, AzureGov or AzureChina. Available as of provider version 2.20+.

peering_ha_eip str

Public IP address to be assigned to the HA peering instance. Only available for AWS, GCP, Azure, OCI, AzureGov, AWSGov, AWSChina, AzureChina, AWS Top Secret and AWS Secret.

peering_ha_fault_domain str

Peering HA gateway fault domain. Required and valid only for OCI. Available as of provider version R2.19.3.

peering_ha_gw_size str

Size of the Peering HA Gateway to be created. Required if enabling Peering HA. NOTE: Please see notes here in regards to any deltas found in your state with the addition of this argument in R1.8.

peering_ha_image_version str

The image version of the HA gateway. Use aviatrix.getAviatrixGatewayImage data source to programmatically retrieve this value for the desired ha_software_version. If set, we will attempt to update the HA gateway to the specified version if current version is different. If left blank, the gateway upgrades can be managed with the aviatrix.AviatrixControllerConfig resource. Type: String. Example: "hvm-cloudx-aws-022021". Available as of provider version R2.20.0.

peering_ha_insane_mode_az str

Region + Availability Zone of subnet being created for Insane Mode-enabled Peering HA Gateway. Required for AWS only if insane_mode is set and peering_ha_subnet is set. Example: AWS: "us-west-1a".

peering_ha_software_version str

The software version of the HA gateway. If set, we will attempt to update the HA gateway to the specified version if current version is different. If left blank, the HA gateway upgrade can be managed with the aviatrix.AviatrixControllerConfig resource. Type: String. Example: "6.5.821". Available as of provider version R2.20.0.

peering_ha_subnet str

Public subnet CIDR to create Peering HA Gateway in. Required if enabling Peering HA for AWS/AWSGov/AWS Top Secret/AWS Secret/Azure/AzureGov/Alibaba Cloud. Optional if enabling Peering HA for GCP. Example: AWS: "10.0.0.0/16".

peering_ha_zone str

Zone to create Peering HA Gateway in. Required if enabling Peering HA for GCP. Example: GCP: "us-west1-c". Optional for Azure. Valid values for Azure gateways are in the form "az-n". Example: "az-2". Available for Azure as of provider version R2.17+.

public_subnet_filtering_guard_duty_enforced bool

Whether to enforce Guard Duty IP blocking. Only valid when enable_public_subnet_filtering attribute is true. Valid values: true or false. Default value: true. Available as of provider version R2.18+.

public_subnet_filtering_ha_route_tables Sequence[str]

Route tables whose associated public subnets are protected for the HA PSF gateway. Required when enable_public_subnet_filtering and peering_ha_subnet are set. Available as of provider version R2.18+.

public_subnet_filtering_route_tables Sequence[str]

Route tables whose associated public subnets are protected. Only valid when enable_public_subnet_filtering attribute is true. Available as of provider version R2.18+.

renegotiation_interval int

It sets the value (seconds) of the renegotiation interval. This renegotiation interval feature is enable only if this attribute is set, otherwise it is disabled. The entered value must be an integer number greater than 300. Available in provider version R2.17.1+.

rx_queue_size str

Gateway ethernet interface RX queue size. Once set, can't be deleted or disabled. Available for AWS as of provider version R2.22+.

saml_enabled bool

Enable/disable SAML. This field is available in Controller version 3.3 or later release. Valid values: true, false. Default value: false.

search_domains str

A list of domain names that will use the NameServer when a specific name is not in the destination when Split Tunnel Mode is enabled.

single_az_ha bool

If enabled, Controller monitors the health of the gateway and restarts the gateway if it becomes unreachable. Valid values: true, false. Default value: false.

single_ip_snat bool

Enable Source NAT in "single ip" mode for this gateway. Valid values: true, false. Default value: false. NOTE: If using SNAT for FQDN use-case, please see notes here.

software_version str

The software version of the gateway. If set, we will attempt to update the gateway to the specified version if current version is different. If left blank, the gateway upgrade can be managed with the aviatrix.AviatrixControllerConfig resource. Type: String. Example: "6.5.821". Available as of provider version R2.20.0.

split_tunnel bool

Enable/disable Split Tunnel Mode. Valid values: true, false. Default value: true. Please see here for more information on split tunnel.

spot_price str

Price for spot instance. NOT supported for production deployment.

tag_lists Sequence[str]

(Optional) Tag list of the gateway instance. Only available for AWS, AWSGov, AWSChina, Azure, AzureGov and AzureChina gateways. Example: ["key1:value1", "key2:value2"].

  • storage_name (Optional) Specify a storage account. Required if cloud_type is 2048 (AzureChina). Removed in Provider version 2.21.0+.

Deprecated:

Use tags instead.

tags Mapping[str, str]

Map of tags to assign to the gateway. Only available for AWS, AWSGov, AWSChina, Azure, AzureGov, AzureChina, AWS Top Secret and AWS Secret gateways. Allowed characters vary by cloud type but always include: letters, spaces, and numbers. AWS, AWSGov, AWSChina, AWS Top Secret and AWS Secret allow the use of any character. Azure, AzureGov and AzureChina allows the following special characters: + - = . _ : @. Example: {"key1" = "value1", "key2" = "value2"}.

tunnel_detection_time int

The IPSec tunnel down detection time for the Gateway.

vpn_access bool

Enable user access through VPN to this gateway. Valid values: true, false.

vpn_cidr str

VPN CIDR block for the gateway. Required if vpn_access is true. Example: "192.168.43.0/24".

vpn_protocol str

Transport mode for VPN connection. All cloud_types support TCP with ELB, and UDP without ELB. AWS(1) additionally supports UDP with ELB. Valid values: "TCP", "UDP". If not specified, "TCP" will be used.

zone str

Availability Zone. Only available for Azure and Public Subnet Filtering gateway. Available for Azure as of provider version R2.17+.

accountName String

Account name. This account will be used to launch Aviatrix gateway.

cloudType Number

Cloud service provider to use to launch the gateway. Requires an integer value. Currently supports AWS(1), GCP(4), Azure(8), OCI(16), AzureGov(32), AWSGov(256), AWSChina(1024), AzureChina(2048), Alibaba Cloud (8192), AWS Top Secret (16384) and AWS Secret (32768).

gwName String

Name of the Aviatrix gateway to be created.

gwSize String

Size of the gateway instance. Example: AWS/AWSGov/AWSChina: "t2.large", GCP: "n1-standard-1", Azure/AzureGov/AzureChina: "Standard_B1s", OCI: "VM.Standard2.2".

subnet String

A VPC network address range selected from one of the available network ranges. Example: "172.31.0.0/20". NOTE: If using insane_mode, please see notes here.

vpcId String

VPC ID/VNet name of cloud provider. Example: AWS/AWSGov/AWSChina: "vpc-abcd1234", GCP: "vpc-gcp-test~-~project-id", Azure/AzureGov/AzureChina: "vnet_name:rg_name:resource_guid", OCI: "ocid1.vcn.oc1.iad.aaaaaaaaba3pv6wkcr4jqae5f44n2b2m2yt2j6rx32uzr4h25vqstifsfdsq".

vpcReg String

VPC region the gateway will be created in. Example: AWS: "us-east-1", GCP: "us-west2-a", Azure: "East US 2", OCI: "us-ashburn-1", AzureGov: "USGov Arizona", AWSGov: "us-gov-west-1", AWSChina: "cn-north-1", AzureChina: "China North", AWS Top Secret: "us-iso-east-1", AWS Secret: "us-isob-east-1".

additionalCidrs String

A list of destination CIDR ranges that will also go through the VPN tunnel when Split Tunnel Mode is enabled.

additionalCidrsDesignatedGateway String

A list of CIDR ranges separated by comma to configure when "Designated Gateway" feature is enabled. Example: "10.8.0.0/16,10.9.0.0/16,10.10.0.0/16".

allocateNewEip Boolean

If set to false, use an available address in Elastic IP pool for this gateway. Otherwise, allocate a new Elastic IP and use it for this gateway. Available in Controller 2.7+. Valid values: true, false. Default: true.

availabilityDomain String

Availability domain. Required and valid only for OCI. Available as of provider version R2.19.3.

azureEipNameResourceGroup String

Name of public IP Address resource and its resource group in Azure to be assigned to the gateway instance. Example: "IP_Name:Resource_Group_Name". Required when allocate_new_eip is false and cloud_type is Azure, AzureGov or AzureChina. Available as of provider version 2.20+.

customerManagedKeys String

Customer-managed key ID.

duoApiHostname String

API hostname for DUO auth mode. Required: Yes if otp_mode is "2".

duoIntegrationKey String

Integration key for DUO auth mode. Required if otp_mode is "2".

duoPushMode String

Push mode for DUO auth. Required if otp_mode is "2". Valid values: "auto", "selective" and "token".

duoSecretKey String

Secret key for DUO auth mode. Required if otp_mode is "2".

eip String

Specified EIP to use for gateway creation. Required when allocate_new_eip is false. Available in Controller version 3.5+. Only available for AWS, GCP, Azure, OCI, AzureGov, AWSGov, AWSChina, AzureChina, AWS Top Secret and AWS Secret.

elbName String

A name for the ELB that is created. If it is not specified, a name is generated automatically.

enableDesignatedGateway Boolean

Enable Designated Gateway feature for Gateway. Only supported for AWS, AWSGov, AWSChina, AWS Top Secret and AWS Secret gateways. Valid values: true, false. Default value: false. Please view documentation here for more information on this feature.

enableElb Boolean

Specify whether to enable ELB or not. Not supported for OCI gateways. Valid values: true, false.

enableEncryptVolume Boolean

Enable EBS volume encryption for the gateway. Only supported for AWS, AWSGov, AWSChina, AWS Top Secret and AWS Secret gateways. Valid values: true, false. Default value: false.

enableJumboFrame Boolean

Enable jumbo frames for this gateway. Default value is true.

enableLdap Boolean

Enable/disable LDAP. Valid values: true, false. Default value: false.

enableMonitorGatewaySubnets Boolean

If set to true, the Monitor Gateway Subnets feature is enabled. Default value is false. Available in provider version R2.17.1+.

enablePublicSubnetFiltering Boolean

Create a Public Subnet Filtering gateway.

enableSpotInstance Boolean

Enable spot instance. NOT supported for production deployment.

enableVpcDnsServer Boolean

Enable VPC DNS Server for gateway. Currently only supported for AWS, Azure, AzureGov, AWSGov, AWSChina, AzureChina, Alibaba Cloud, AWS Top Secret and AWS Secret gateways. Valid values: true, false. Default value: false.

enableVpnNat Boolean

Enable/disable VPN NAT. Only supported for VPN gateway. Valid values: true, false. Default value: true.

faultDomain String

Fault domain. Required and valid only for OCI. Available as of provider version R2.19.3.

fqdnLanCidr String

If fqdn_lan_cidr is set, the FQDN gateway will be created with an additional LAN interface using the provided CIDR. This attribute is required when enabling FQDN gateway FireNet in Azure or GCP. Available in provider version R2.17.1+.

fqdnLanVpcId String

FQDN LAN VPC ID. This attribute is required when enabling FQDN gateway FireNet in GCP. Available as of provider version R2.18.1+.

idleTimeout Number

It sets the value (seconds) of the idle timeout. This idle timeout feature is enable only if this attribute is set, otherwise it is disabled. The entered value must be an integer number greater than 300. Available in provider version R2.17.1+.

imageVersion String

The image version of the gateway. Use aviatrix.getAviatrixGatewayImage data source to programmatically retrieve this value for the desired software_version. If set, we will attempt to update the gateway to the specified version if current version is different. If left blank, the gateway upgrades can be managed with the aviatrix.AviatrixControllerConfig resource. Type: String. Example: "hvm-cloudx-aws-022021". Available as of provider version R2.20.0.

insaneMode Boolean

Enable Insane Mode for Gateway. Insane Mode gateway size must be at least c5 series (AWS) or Standard_D3_v2 (Azure/AzureGov). If enabled, a valid /26 CIDR segment of the VPC must be specified to create a new subnet. Only supported for AWS, AWSGov, Azure, AzureGov, AWS China, Azure China, AWS Top Secret or AWS Secret. Valid values: true, false.

insaneModeAz String

Region + Availability Zone of subnet being created for Insane Mode gateway. Required for AWS, AWSGov, AWS China, AWS Top Secret or AWS Secret if insane_mode is set. Example: AWS: "us-west-1a".

ldapBaseDn String

LDAP base DN. Required if enable_ldap is true.

ldapBindDn String

LDAP bind DN. Required if enable_ldap is true.

ldapPassword String

LDAP password. Required if enable_ldap is true.

ldapServer String

LDAP server address. Required if enable_ldap is true.

ldapUsernameAttribute String

LDAP user attribute. Required if enable_ldap is true.

maxVpnConn String

Maximum number of active VPN users allowed to be connected to this gateway. Required if vpn_access is true. Make sure the number is smaller than the VPN CIDR block. Example: 100. NOTE: Please see notes here in regards to any deltas found in your state with the addition of this argument in R1.14.

monitorExcludeLists List<String>

Set of monitored instance ids. Only valid when 'enable_monitor_gateway_subnets' = true. Available in provider version R2.17.1+.

nameServers String

A list of DNS servers used to resolve domain names by a connected VPN user when Split Tunnel Mode is enabled.

oktaToken String

Token for Okta auth mode. Required if otp_mode is "3".

oktaUrl String

URL for Okta auth mode. Required if otp_mode is "3".

oktaUsernameSuffix String

Username suffix for Okta auth mode. Example: "aviatrix.com".

otpMode String

Two step authentication mode. Valid values: "2" for DUO, "3" for Okta.

peeringHaAvailabilityDomain String

Peering HA gateway availability domain. Required and valid only for OCI. Available as of provider version R2.19.3.

peeringHaAzureEipNameResourceGroup String

Name of public IP address resource and its resource group in Azure to be assigned to the HA peering instance. Example: "IP_Name:Resource_Group_Name". Required if peering_ha_eip is set and cloud_type is Azure, AzureGov or AzureChina. Available as of provider version 2.20+.

peeringHaEip String

Public IP address to be assigned to the HA peering instance. Only available for AWS, GCP, Azure, OCI, AzureGov, AWSGov, AWSChina, AzureChina, AWS Top Secret and AWS Secret.

peeringHaFaultDomain String

Peering HA gateway fault domain. Required and valid only for OCI. Available as of provider version R2.19.3.

peeringHaGwSize String

Size of the Peering HA Gateway to be created. Required if enabling Peering HA. NOTE: Please see notes here in regards to any deltas found in your state with the addition of this argument in R1.8.

peeringHaImageVersion String

The image version of the HA gateway. Use aviatrix.getAviatrixGatewayImage data source to programmatically retrieve this value for the desired ha_software_version. If set, we will attempt to update the HA gateway to the specified version if current version is different. If left blank, the gateway upgrades can be managed with the aviatrix.AviatrixControllerConfig resource. Type: String. Example: "hvm-cloudx-aws-022021". Available as of provider version R2.20.0.

peeringHaInsaneModeAz String

Region + Availability Zone of subnet being created for Insane Mode-enabled Peering HA Gateway. Required for AWS only if insane_mode is set and peering_ha_subnet is set. Example: AWS: "us-west-1a".

peeringHaSoftwareVersion String

The software version of the HA gateway. If set, we will attempt to update the HA gateway to the specified version if current version is different. If left blank, the HA gateway upgrade can be managed with the aviatrix.AviatrixControllerConfig resource. Type: String. Example: "6.5.821". Available as of provider version R2.20.0.

peeringHaSubnet String

Public subnet CIDR to create Peering HA Gateway in. Required if enabling Peering HA for AWS/AWSGov/AWS Top Secret/AWS Secret/Azure/AzureGov/Alibaba Cloud. Optional if enabling Peering HA for GCP. Example: AWS: "10.0.0.0/16".

peeringHaZone String

Zone to create Peering HA Gateway in. Required if enabling Peering HA for GCP. Example: GCP: "us-west1-c". Optional for Azure. Valid values for Azure gateways are in the form "az-n". Example: "az-2". Available for Azure as of provider version R2.17+.

publicSubnetFilteringGuardDutyEnforced Boolean

Whether to enforce Guard Duty IP blocking. Only valid when enable_public_subnet_filtering attribute is true. Valid values: true or false. Default value: true. Available as of provider version R2.18+.

publicSubnetFilteringHaRouteTables List<String>

Route tables whose associated public subnets are protected for the HA PSF gateway. Required when enable_public_subnet_filtering and peering_ha_subnet are set. Available as of provider version R2.18+.

publicSubnetFilteringRouteTables List<String>

Route tables whose associated public subnets are protected. Only valid when enable_public_subnet_filtering attribute is true. Available as of provider version R2.18+.

renegotiationInterval Number

It sets the value (seconds) of the renegotiation interval. This renegotiation interval feature is enable only if this attribute is set, otherwise it is disabled. The entered value must be an integer number greater than 300. Available in provider version R2.17.1+.

rxQueueSize String

Gateway ethernet interface RX queue size. Once set, can't be deleted or disabled. Available for AWS as of provider version R2.22+.

samlEnabled Boolean

Enable/disable SAML. This field is available in Controller version 3.3 or later release. Valid values: true, false. Default value: false.

searchDomains String

A list of domain names that will use the NameServer when a specific name is not in the destination when Split Tunnel Mode is enabled.

singleAzHa Boolean

If enabled, Controller monitors the health of the gateway and restarts the gateway if it becomes unreachable. Valid values: true, false. Default value: false.

singleIpSnat Boolean

Enable Source NAT in "single ip" mode for this gateway. Valid values: true, false. Default value: false. NOTE: If using SNAT for FQDN use-case, please see notes here.

softwareVersion String

The software version of the gateway. If set, we will attempt to update the gateway to the specified version if current version is different. If left blank, the gateway upgrade can be managed with the aviatrix.AviatrixControllerConfig resource. Type: String. Example: "6.5.821". Available as of provider version R2.20.0.

splitTunnel Boolean

Enable/disable Split Tunnel Mode. Valid values: true, false. Default value: true. Please see here for more information on split tunnel.

spotPrice String

Price for spot instance. NOT supported for production deployment.

tagLists List<String>

(Optional) Tag list of the gateway instance. Only available for AWS, AWSGov, AWSChina, Azure, AzureGov and AzureChina gateways. Example: ["key1:value1", "key2:value2"].

  • storage_name (Optional) Specify a storage account. Required if cloud_type is 2048 (AzureChina). Removed in Provider version 2.21.0+.

Deprecated:

Use tags instead.

tags Map<String>

Map of tags to assign to the gateway. Only available for AWS, AWSGov, AWSChina, Azure, AzureGov, AzureChina, AWS Top Secret and AWS Secret gateways. Allowed characters vary by cloud type but always include: letters, spaces, and numbers. AWS, AWSGov, AWSChina, AWS Top Secret and AWS Secret allow the use of any character. Azure, AzureGov and AzureChina allows the following special characters: + - = . _ : @. Example: {"key1" = "value1", "key2" = "value2"}.

tunnelDetectionTime Number

The IPSec tunnel down detection time for the Gateway.

vpnAccess Boolean

Enable user access through VPN to this gateway. Valid values: true, false.

vpnCidr String

VPN CIDR block for the gateway. Required if vpn_access is true. Example: "192.168.43.0/24".

vpnProtocol String

Transport mode for VPN connection. All cloud_types support TCP with ELB, and UDP without ELB. AWS(1) additionally supports UDP with ELB. Valid values: "TCP", "UDP". If not specified, "TCP" will be used.

zone String

Availability Zone. Only available for Azure and Public Subnet Filtering gateway. Available for Azure as of provider version R2.17+.

Outputs

All input properties are implicitly available as output properties. Additionally, the AviatrixGateway resource produces the following output properties:

CloudInstanceId string

Cloud instance ID of the gateway.

ElbDnsName string

ELB DNS name.

FqdnLanInterface string

The lan interface id of the of FQDN gateway with additional LAN interface. This attribute will be exported when enabling FQDN gateway firenet in Azure. Available in provider version R2.17.1+.

Id string

The provider-assigned unique ID for this managed resource.

PeeringHaCloudInstanceId string

Cloud instance ID of the HA gateway.

PeeringHaGwName string

Aviatrix gateway unique name of HA gateway.

PeeringHaPrivateIp string

Private IP address of HA gateway.

PeeringHaSecurityGroupId string

HA security group used for the gateway.

PrivateIp string

Private IP address of the gateway created.

PublicDnsServer string

DNS server used by the gateway. Default is "8.8.8.8", can be overridden with the VPC's setting.

SecurityGroupId string

Security group used for the gateway.

CloudInstanceId string

Cloud instance ID of the gateway.

ElbDnsName string

ELB DNS name.

FqdnLanInterface string

The lan interface id of the of FQDN gateway with additional LAN interface. This attribute will be exported when enabling FQDN gateway firenet in Azure. Available in provider version R2.17.1+.

Id string

The provider-assigned unique ID for this managed resource.

PeeringHaCloudInstanceId string

Cloud instance ID of the HA gateway.

PeeringHaGwName string

Aviatrix gateway unique name of HA gateway.

PeeringHaPrivateIp string

Private IP address of HA gateway.

PeeringHaSecurityGroupId string

HA security group used for the gateway.

PrivateIp string

Private IP address of the gateway created.

PublicDnsServer string

DNS server used by the gateway. Default is "8.8.8.8", can be overridden with the VPC's setting.

SecurityGroupId string

Security group used for the gateway.

cloudInstanceId String

Cloud instance ID of the gateway.

elbDnsName String

ELB DNS name.

fqdnLanInterface String

The lan interface id of the of FQDN gateway with additional LAN interface. This attribute will be exported when enabling FQDN gateway firenet in Azure. Available in provider version R2.17.1+.

id String

The provider-assigned unique ID for this managed resource.

peeringHaCloudInstanceId String

Cloud instance ID of the HA gateway.

peeringHaGwName String

Aviatrix gateway unique name of HA gateway.

peeringHaPrivateIp String

Private IP address of HA gateway.

peeringHaSecurityGroupId String

HA security group used for the gateway.

privateIp String

Private IP address of the gateway created.

publicDnsServer String

DNS server used by the gateway. Default is "8.8.8.8", can be overridden with the VPC's setting.

securityGroupId String

Security group used for the gateway.

cloudInstanceId string

Cloud instance ID of the gateway.

elbDnsName string

ELB DNS name.

fqdnLanInterface string

The lan interface id of the of FQDN gateway with additional LAN interface. This attribute will be exported when enabling FQDN gateway firenet in Azure. Available in provider version R2.17.1+.

id string

The provider-assigned unique ID for this managed resource.

peeringHaCloudInstanceId string

Cloud instance ID of the HA gateway.

peeringHaGwName string

Aviatrix gateway unique name of HA gateway.

peeringHaPrivateIp string

Private IP address of HA gateway.

peeringHaSecurityGroupId string

HA security group used for the gateway.

privateIp string

Private IP address of the gateway created.

publicDnsServer string

DNS server used by the gateway. Default is "8.8.8.8", can be overridden with the VPC's setting.

securityGroupId string

Security group used for the gateway.

cloud_instance_id str

Cloud instance ID of the gateway.

elb_dns_name str

ELB DNS name.

fqdn_lan_interface str

The lan interface id of the of FQDN gateway with additional LAN interface. This attribute will be exported when enabling FQDN gateway firenet in Azure. Available in provider version R2.17.1+.

id str

The provider-assigned unique ID for this managed resource.

peering_ha_cloud_instance_id str

Cloud instance ID of the HA gateway.

peering_ha_gw_name str

Aviatrix gateway unique name of HA gateway.

peering_ha_private_ip str

Private IP address of HA gateway.

peering_ha_security_group_id str

HA security group used for the gateway.

private_ip str

Private IP address of the gateway created.

public_dns_server str

DNS server used by the gateway. Default is "8.8.8.8", can be overridden with the VPC's setting.

security_group_id str

Security group used for the gateway.

cloudInstanceId String

Cloud instance ID of the gateway.

elbDnsName String

ELB DNS name.

fqdnLanInterface String

The lan interface id of the of FQDN gateway with additional LAN interface. This attribute will be exported when enabling FQDN gateway firenet in Azure. Available in provider version R2.17.1+.

id String

The provider-assigned unique ID for this managed resource.

peeringHaCloudInstanceId String

Cloud instance ID of the HA gateway.

peeringHaGwName String

Aviatrix gateway unique name of HA gateway.

peeringHaPrivateIp String

Private IP address of HA gateway.

peeringHaSecurityGroupId String

HA security group used for the gateway.

privateIp String

Private IP address of the gateway created.

publicDnsServer String

DNS server used by the gateway. Default is "8.8.8.8", can be overridden with the VPC's setting.

securityGroupId String

Security group used for the gateway.

Look up Existing AviatrixGateway Resource

Get an existing AviatrixGateway resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.

public static get(name: string, id: Input<ID>, state?: AviatrixGatewayState, opts?: CustomResourceOptions): AviatrixGateway
@staticmethod
def get(resource_name: str,
        id: str,
        opts: Optional[ResourceOptions] = None,
        account_name: Optional[str] = None,
        additional_cidrs: Optional[str] = None,
        additional_cidrs_designated_gateway: Optional[str] = None,
        allocate_new_eip: Optional[bool] = None,
        availability_domain: Optional[str] = None,
        azure_eip_name_resource_group: Optional[str] = None,
        cloud_instance_id: Optional[str] = None,
        cloud_type: Optional[int] = None,
        customer_managed_keys: Optional[str] = None,
        duo_api_hostname: Optional[str] = None,
        duo_integration_key: Optional[str] = None,
        duo_push_mode: Optional[str] = None,
        duo_secret_key: Optional[str] = None,
        eip: Optional[str] = None,
        elb_dns_name: Optional[str] = None,
        elb_name: Optional[str] = None,
        enable_designated_gateway: Optional[bool] = None,
        enable_elb: Optional[bool] = None,
        enable_encrypt_volume: Optional[bool] = None,
        enable_jumbo_frame: Optional[bool] = None,
        enable_ldap: Optional[bool] = None,
        enable_monitor_gateway_subnets: Optional[bool] = None,
        enable_public_subnet_filtering: Optional[bool] = None,
        enable_spot_instance: Optional[bool] = None,
        enable_vpc_dns_server: Optional[bool] = None,
        enable_vpn_nat: Optional[bool] = None,
        fault_domain: Optional[str] = None,
        fqdn_lan_cidr: Optional[str] = None,
        fqdn_lan_interface: Optional[str] = None,
        fqdn_lan_vpc_id: Optional[str] = None,
        gw_name: Optional[str] = None,
        gw_size: Optional[str] = None,
        idle_timeout: Optional[int] = None,
        image_version: Optional[str] = None,
        insane_mode: Optional[bool] = None,
        insane_mode_az: Optional[str] = None,
        ldap_base_dn: Optional[str] = None,
        ldap_bind_dn: Optional[str] = None,
        ldap_password: Optional[str] = None,
        ldap_server: Optional[str] = None,
        ldap_username_attribute: Optional[str] = None,
        max_vpn_conn: Optional[str] = None,
        monitor_exclude_lists: Optional[Sequence[str]] = None,
        name_servers: Optional[str] = None,
        okta_token: Optional[str] = None,
        okta_url: Optional[str] = None,
        okta_username_suffix: Optional[str] = None,
        otp_mode: Optional[str] = None,
        peering_ha_availability_domain: Optional[str] = None,
        peering_ha_azure_eip_name_resource_group: Optional[str] = None,
        peering_ha_cloud_instance_id: Optional[str] = None,
        peering_ha_eip: Optional[str] = None,
        peering_ha_fault_domain: Optional[str] = None,
        peering_ha_gw_name: Optional[str] = None,
        peering_ha_gw_size: Optional[str] = None,
        peering_ha_image_version: Optional[str] = None,
        peering_ha_insane_mode_az: Optional[str] = None,
        peering_ha_private_ip: Optional[str] = None,
        peering_ha_security_group_id: Optional[str] = None,
        peering_ha_software_version: Optional[str] = None,
        peering_ha_subnet: Optional[str] = None,
        peering_ha_zone: Optional[str] = None,
        private_ip: Optional[str] = None,
        public_dns_server: Optional[str] = None,
        public_subnet_filtering_guard_duty_enforced: Optional[bool] = None,
        public_subnet_filtering_ha_route_tables: Optional[Sequence[str]] = None,
        public_subnet_filtering_route_tables: Optional[Sequence[str]] = None,
        renegotiation_interval: Optional[int] = None,
        rx_queue_size: Optional[str] = None,
        saml_enabled: Optional[bool] = None,
        search_domains: Optional[str] = None,
        security_group_id: Optional[str] = None,
        single_az_ha: Optional[bool] = None,
        single_ip_snat: Optional[bool] = None,
        software_version: Optional[str] = None,
        split_tunnel: Optional[bool] = None,
        spot_price: Optional[str] = None,
        subnet: Optional[str] = None,
        tag_lists: Optional[Sequence[str]] = None,
        tags: Optional[Mapping[str, str]] = None,
        tunnel_detection_time: Optional[int] = None,
        vpc_id: Optional[str] = None,
        vpc_reg: Optional[str] = None,
        vpn_access: Optional[bool] = None,
        vpn_cidr: Optional[str] = None,
        vpn_protocol: Optional[str] = None,
        zone: Optional[str] = None) -> AviatrixGateway
func GetAviatrixGateway(ctx *Context, name string, id IDInput, state *AviatrixGatewayState, opts ...ResourceOption) (*AviatrixGateway, error)
public static AviatrixGateway Get(string name, Input<string> id, AviatrixGatewayState? state, CustomResourceOptions? opts = null)
public static AviatrixGateway get(String name, Output<String> id, AviatrixGatewayState state, CustomResourceOptions options)
Resource lookup is not supported in YAML
name
The unique name of the resulting resource.
id
The unique provider ID of the resource to lookup.
state
Any extra arguments used during the lookup.
opts
A bag of options that control this resource's behavior.
resource_name
The unique name of the resulting resource.
id
The unique provider ID of the resource to lookup.
name
The unique name of the resulting resource.
id
The unique provider ID of the resource to lookup.
state
Any extra arguments used during the lookup.
opts
A bag of options that control this resource's behavior.
name
The unique name of the resulting resource.
id
The unique provider ID of the resource to lookup.
state
Any extra arguments used during the lookup.
opts
A bag of options that control this resource's behavior.
name
The unique name of the resulting resource.
id
The unique provider ID of the resource to lookup.
state
Any extra arguments used during the lookup.
opts
A bag of options that control this resource's behavior.
The following state arguments are supported:
AccountName string

Account name. This account will be used to launch Aviatrix gateway.

AdditionalCidrs string

A list of destination CIDR ranges that will also go through the VPN tunnel when Split Tunnel Mode is enabled.

AdditionalCidrsDesignatedGateway string

A list of CIDR ranges separated by comma to configure when "Designated Gateway" feature is enabled. Example: "10.8.0.0/16,10.9.0.0/16,10.10.0.0/16".

AllocateNewEip bool

If set to false, use an available address in Elastic IP pool for this gateway. Otherwise, allocate a new Elastic IP and use it for this gateway. Available in Controller 2.7+. Valid values: true, false. Default: true.

AvailabilityDomain string

Availability domain. Required and valid only for OCI. Available as of provider version R2.19.3.

AzureEipNameResourceGroup string

Name of public IP Address resource and its resource group in Azure to be assigned to the gateway instance. Example: "IP_Name:Resource_Group_Name". Required when allocate_new_eip is false and cloud_type is Azure, AzureGov or AzureChina. Available as of provider version 2.20+.

CloudInstanceId string

Cloud instance ID of the gateway.

CloudType int

Cloud service provider to use to launch the gateway. Requires an integer value. Currently supports AWS(1), GCP(4), Azure(8), OCI(16), AzureGov(32), AWSGov(256), AWSChina(1024), AzureChina(2048), Alibaba Cloud (8192), AWS Top Secret (16384) and AWS Secret (32768).

CustomerManagedKeys string

Customer-managed key ID.

DuoApiHostname string

API hostname for DUO auth mode. Required: Yes if otp_mode is "2".

DuoIntegrationKey string

Integration key for DUO auth mode. Required if otp_mode is "2".

DuoPushMode string

Push mode for DUO auth. Required if otp_mode is "2". Valid values: "auto", "selective" and "token".

DuoSecretKey string

Secret key for DUO auth mode. Required if otp_mode is "2".

Eip string

Specified EIP to use for gateway creation. Required when allocate_new_eip is false. Available in Controller version 3.5+. Only available for AWS, GCP, Azure, OCI, AzureGov, AWSGov, AWSChina, AzureChina, AWS Top Secret and AWS Secret.

ElbDnsName string

ELB DNS name.

ElbName string

A name for the ELB that is created. If it is not specified, a name is generated automatically.

EnableDesignatedGateway bool

Enable Designated Gateway feature for Gateway. Only supported for AWS, AWSGov, AWSChina, AWS Top Secret and AWS Secret gateways. Valid values: true, false. Default value: false. Please view documentation here for more information on this feature.

EnableElb bool

Specify whether to enable ELB or not. Not supported for OCI gateways. Valid values: true, false.

EnableEncryptVolume bool

Enable EBS volume encryption for the gateway. Only supported for AWS, AWSGov, AWSChina, AWS Top Secret and AWS Secret gateways. Valid values: true, false. Default value: false.

EnableJumboFrame bool

Enable jumbo frames for this gateway. Default value is true.

EnableLdap bool

Enable/disable LDAP. Valid values: true, false. Default value: false.

EnableMonitorGatewaySubnets bool

If set to true, the Monitor Gateway Subnets feature is enabled. Default value is false. Available in provider version R2.17.1+.

EnablePublicSubnetFiltering bool

Create a Public Subnet Filtering gateway.

EnableSpotInstance bool

Enable spot instance. NOT supported for production deployment.

EnableVpcDnsServer bool

Enable VPC DNS Server for gateway. Currently only supported for AWS, Azure, AzureGov, AWSGov, AWSChina, AzureChina, Alibaba Cloud, AWS Top Secret and AWS Secret gateways. Valid values: true, false. Default value: false.

EnableVpnNat bool

Enable/disable VPN NAT. Only supported for VPN gateway. Valid values: true, false. Default value: true.

FaultDomain string

Fault domain. Required and valid only for OCI. Available as of provider version R2.19.3.

FqdnLanCidr string

If fqdn_lan_cidr is set, the FQDN gateway will be created with an additional LAN interface using the provided CIDR. This attribute is required when enabling FQDN gateway FireNet in Azure or GCP. Available in provider version R2.17.1+.

FqdnLanInterface string

The lan interface id of the of FQDN gateway with additional LAN interface. This attribute will be exported when enabling FQDN gateway firenet in Azure. Available in provider version R2.17.1+.

FqdnLanVpcId string

FQDN LAN VPC ID. This attribute is required when enabling FQDN gateway FireNet in GCP. Available as of provider version R2.18.1+.

GwName string

Name of the Aviatrix gateway to be created.

GwSize string

Size of the gateway instance. Example: AWS/AWSGov/AWSChina: "t2.large", GCP: "n1-standard-1", Azure/AzureGov/AzureChina: "Standard_B1s", OCI: "VM.Standard2.2".

IdleTimeout int

It sets the value (seconds) of the idle timeout. This idle timeout feature is enable only if this attribute is set, otherwise it is disabled. The entered value must be an integer number greater than 300. Available in provider version R2.17.1+.

ImageVersion string

The image version of the gateway. Use aviatrix.getAviatrixGatewayImage data source to programmatically retrieve this value for the desired software_version. If set, we will attempt to update the gateway to the specified version if current version is different. If left blank, the gateway upgrades can be managed with the aviatrix.AviatrixControllerConfig resource. Type: String. Example: "hvm-cloudx-aws-022021". Available as of provider version R2.20.0.

InsaneMode bool

Enable Insane Mode for Gateway. Insane Mode gateway size must be at least c5 series (AWS) or Standard_D3_v2 (Azure/AzureGov). If enabled, a valid /26 CIDR segment of the VPC must be specified to create a new subnet. Only supported for AWS, AWSGov, Azure, AzureGov, AWS China, Azure China, AWS Top Secret or AWS Secret. Valid values: true, false.

InsaneModeAz string

Region + Availability Zone of subnet being created for Insane Mode gateway. Required for AWS, AWSGov, AWS China, AWS Top Secret or AWS Secret if insane_mode is set. Example: AWS: "us-west-1a".

LdapBaseDn string

LDAP base DN. Required if enable_ldap is true.

LdapBindDn string

LDAP bind DN. Required if enable_ldap is true.

LdapPassword string

LDAP password. Required if enable_ldap is true.

LdapServer string

LDAP server address. Required if enable_ldap is true.

LdapUsernameAttribute string

LDAP user attribute. Required if enable_ldap is true.

MaxVpnConn string

Maximum number of active VPN users allowed to be connected to this gateway. Required if vpn_access is true. Make sure the number is smaller than the VPN CIDR block. Example: 100. NOTE: Please see notes here in regards to any deltas found in your state with the addition of this argument in R1.14.

MonitorExcludeLists List<string>

Set of monitored instance ids. Only valid when 'enable_monitor_gateway_subnets' = true. Available in provider version R2.17.1+.

NameServers string

A list of DNS servers used to resolve domain names by a connected VPN user when Split Tunnel Mode is enabled.

OktaToken string

Token for Okta auth mode. Required if otp_mode is "3".

OktaUrl string

URL for Okta auth mode. Required if otp_mode is "3".

OktaUsernameSuffix string

Username suffix for Okta auth mode. Example: "aviatrix.com".

OtpMode string

Two step authentication mode. Valid values: "2" for DUO, "3" for Okta.

PeeringHaAvailabilityDomain string

Peering HA gateway availability domain. Required and valid only for OCI. Available as of provider version R2.19.3.

PeeringHaAzureEipNameResourceGroup string

Name of public IP address resource and its resource group in Azure to be assigned to the HA peering instance. Example: "IP_Name:Resource_Group_Name". Required if peering_ha_eip is set and cloud_type is Azure, AzureGov or AzureChina. Available as of provider version 2.20+.

PeeringHaCloudInstanceId string

Cloud instance ID of the HA gateway.

PeeringHaEip string

Public IP address to be assigned to the HA peering instance. Only available for AWS, GCP, Azure, OCI, AzureGov, AWSGov, AWSChina, AzureChina, AWS Top Secret and AWS Secret.

PeeringHaFaultDomain string

Peering HA gateway fault domain. Required and valid only for OCI. Available as of provider version R2.19.3.

PeeringHaGwName string

Aviatrix gateway unique name of HA gateway.

PeeringHaGwSize string

Size of the Peering HA Gateway to be created. Required if enabling Peering HA. NOTE: Please see notes here in regards to any deltas found in your state with the addition of this argument in R1.8.

PeeringHaImageVersion string

The image version of the HA gateway. Use aviatrix.getAviatrixGatewayImage data source to programmatically retrieve this value for the desired ha_software_version. If set, we will attempt to update the HA gateway to the specified version if current version is different. If left blank, the gateway upgrades can be managed with the aviatrix.AviatrixControllerConfig resource. Type: String. Example: "hvm-cloudx-aws-022021". Available as of provider version R2.20.0.

PeeringHaInsaneModeAz string

Region + Availability Zone of subnet being created for Insane Mode-enabled Peering HA Gateway. Required for AWS only if insane_mode is set and peering_ha_subnet is set. Example: AWS: "us-west-1a".

PeeringHaPrivateIp string

Private IP address of HA gateway.

PeeringHaSecurityGroupId string

HA security group used for the gateway.

PeeringHaSoftwareVersion string

The software version of the HA gateway. If set, we will attempt to update the HA gateway to the specified version if current version is different. If left blank, the HA gateway upgrade can be managed with the aviatrix.AviatrixControllerConfig resource. Type: String. Example: "6.5.821". Available as of provider version R2.20.0.

PeeringHaSubnet string

Public subnet CIDR to create Peering HA Gateway in. Required if enabling Peering HA for AWS/AWSGov/AWS Top Secret/AWS Secret/Azure/AzureGov/Alibaba Cloud. Optional if enabling Peering HA for GCP. Example: AWS: "10.0.0.0/16".

PeeringHaZone string

Zone to create Peering HA Gateway in. Required if enabling Peering HA for GCP. Example: GCP: "us-west1-c". Optional for Azure. Valid values for Azure gateways are in the form "az-n". Example: "az-2". Available for Azure as of provider version R2.17+.

PrivateIp string

Private IP address of the gateway created.

PublicDnsServer string

DNS server used by the gateway. Default is "8.8.8.8", can be overridden with the VPC's setting.

PublicSubnetFilteringGuardDutyEnforced bool

Whether to enforce Guard Duty IP blocking. Only valid when enable_public_subnet_filtering attribute is true. Valid values: true or false. Default value: true. Available as of provider version R2.18+.

PublicSubnetFilteringHaRouteTables List<string>

Route tables whose associated public subnets are protected for the HA PSF gateway. Required when enable_public_subnet_filtering and peering_ha_subnet are set. Available as of provider version R2.18+.

PublicSubnetFilteringRouteTables List<string>

Route tables whose associated public subnets are protected. Only valid when enable_public_subnet_filtering attribute is true. Available as of provider version R2.18+.

RenegotiationInterval int

It sets the value (seconds) of the renegotiation interval. This renegotiation interval feature is enable only if this attribute is set, otherwise it is disabled. The entered value must be an integer number greater than 300. Available in provider version R2.17.1+.

RxQueueSize string

Gateway ethernet interface RX queue size. Once set, can't be deleted or disabled. Available for AWS as of provider version R2.22+.

SamlEnabled bool

Enable/disable SAML. This field is available in Controller version 3.3 or later release. Valid values: true, false. Default value: false.

SearchDomains string

A list of domain names that will use the NameServer when a specific name is not in the destination when Split Tunnel Mode is enabled.

SecurityGroupId string

Security group used for the gateway.

SingleAzHa bool

If enabled, Controller monitors the health of the gateway and restarts the gateway if it becomes unreachable. Valid values: true, false. Default value: false.

SingleIpSnat bool

Enable Source NAT in "single ip" mode for this gateway. Valid values: true, false. Default value: false. NOTE: If using SNAT for FQDN use-case, please see notes here.

SoftwareVersion string

The software version of the gateway. If set, we will attempt to update the gateway to the specified version if current version is different. If left blank, the gateway upgrade can be managed with the aviatrix.AviatrixControllerConfig resource. Type: String. Example: "6.5.821". Available as of provider version R2.20.0.

SplitTunnel bool

Enable/disable Split Tunnel Mode. Valid values: true, false. Default value: true. Please see here for more information on split tunnel.

SpotPrice string

Price for spot instance. NOT supported for production deployment.

Subnet string

A VPC network address range selected from one of the available network ranges. Example: "172.31.0.0/20". NOTE: If using insane_mode, please see notes here.

TagLists List<string>

(Optional) Tag list of the gateway instance. Only available for AWS, AWSGov, AWSChina, Azure, AzureGov and AzureChina gateways. Example: ["key1:value1", "key2:value2"].

  • storage_name (Optional) Specify a storage account. Required if cloud_type is 2048 (AzureChina). Removed in Provider version 2.21.0+.

Deprecated:

Use tags instead.

Tags Dictionary<string, string>

Map of tags to assign to the gateway. Only available for AWS, AWSGov, AWSChina, Azure, AzureGov, AzureChina, AWS Top Secret and AWS Secret gateways. Allowed characters vary by cloud type but always include: letters, spaces, and numbers. AWS, AWSGov, AWSChina, AWS Top Secret and AWS Secret allow the use of any character. Azure, AzureGov and AzureChina allows the following special characters: + - = . _ : @. Example: {"key1" = "value1", "key2" = "value2"}.

TunnelDetectionTime int

The IPSec tunnel down detection time for the Gateway.

VpcId string

VPC ID/VNet name of cloud provider. Example: AWS/AWSGov/AWSChina: "vpc-abcd1234", GCP: "vpc-gcp-test~-~project-id", Azure/AzureGov/AzureChina: "vnet_name:rg_name:resource_guid", OCI: "ocid1.vcn.oc1.iad.aaaaaaaaba3pv6wkcr4jqae5f44n2b2m2yt2j6rx32uzr4h25vqstifsfdsq".

VpcReg string

VPC region the gateway will be created in. Example: AWS: "us-east-1", GCP: "us-west2-a", Azure: "East US 2", OCI: "us-ashburn-1", AzureGov: "USGov Arizona", AWSGov: "us-gov-west-1", AWSChina: "cn-north-1", AzureChina: "China North", AWS Top Secret: "us-iso-east-1", AWS Secret: "us-isob-east-1".

VpnAccess bool

Enable user access through VPN to this gateway. Valid values: true, false.

VpnCidr string

VPN CIDR block for the gateway. Required if vpn_access is true. Example: "192.168.43.0/24".

VpnProtocol string

Transport mode for VPN connection. All cloud_types support TCP with ELB, and UDP without ELB. AWS(1) additionally supports UDP with ELB. Valid values: "TCP", "UDP". If not specified, "TCP" will be used.

Zone string

Availability Zone. Only available for Azure and Public Subnet Filtering gateway. Available for Azure as of provider version R2.17+.

AccountName string

Account name. This account will be used to launch Aviatrix gateway.

AdditionalCidrs string

A list of destination CIDR ranges that will also go through the VPN tunnel when Split Tunnel Mode is enabled.

AdditionalCidrsDesignatedGateway string

A list of CIDR ranges separated by comma to configure when "Designated Gateway" feature is enabled. Example: "10.8.0.0/16,10.9.0.0/16,10.10.0.0/16".

AllocateNewEip bool

If set to false, use an available address in Elastic IP pool for this gateway. Otherwise, allocate a new Elastic IP and use it for this gateway. Available in Controller 2.7+. Valid values: true, false. Default: true.

AvailabilityDomain string

Availability domain. Required and valid only for OCI. Available as of provider version R2.19.3.

AzureEipNameResourceGroup string

Name of public IP Address resource and its resource group in Azure to be assigned to the gateway instance. Example: "IP_Name:Resource_Group_Name". Required when allocate_new_eip is false and cloud_type is Azure, AzureGov or AzureChina. Available as of provider version 2.20+.

CloudInstanceId string

Cloud instance ID of the gateway.

CloudType int

Cloud service provider to use to launch the gateway. Requires an integer value. Currently supports AWS(1), GCP(4), Azure(8), OCI(16), AzureGov(32), AWSGov(256), AWSChina(1024), AzureChina(2048), Alibaba Cloud (8192), AWS Top Secret (16384) and AWS Secret (32768).

CustomerManagedKeys string

Customer-managed key ID.

DuoApiHostname string

API hostname for DUO auth mode. Required: Yes if otp_mode is "2".

DuoIntegrationKey string

Integration key for DUO auth mode. Required if otp_mode is "2".

DuoPushMode string

Push mode for DUO auth. Required if otp_mode is "2". Valid values: "auto", "selective" and "token".

DuoSecretKey string

Secret key for DUO auth mode. Required if otp_mode is "2".

Eip string

Specified EIP to use for gateway creation. Required when allocate_new_eip is false. Available in Controller version 3.5+. Only available for AWS, GCP, Azure, OCI, AzureGov, AWSGov, AWSChina, AzureChina, AWS Top Secret and AWS Secret.

ElbDnsName string

ELB DNS name.

ElbName string

A name for the ELB that is created. If it is not specified, a name is generated automatically.

EnableDesignatedGateway bool

Enable Designated Gateway feature for Gateway. Only supported for AWS, AWSGov, AWSChina, AWS Top Secret and AWS Secret gateways. Valid values: true, false. Default value: false. Please view documentation here for more information on this feature.

EnableElb bool

Specify whether to enable ELB or not. Not supported for OCI gateways. Valid values: true, false.

EnableEncryptVolume bool

Enable EBS volume encryption for the gateway. Only supported for AWS, AWSGov, AWSChina, AWS Top Secret and AWS Secret gateways. Valid values: true, false. Default value: false.

EnableJumboFrame bool

Enable jumbo frames for this gateway. Default value is true.

EnableLdap bool

Enable/disable LDAP. Valid values: true, false. Default value: false.

EnableMonitorGatewaySubnets bool

If set to true, the Monitor Gateway Subnets feature is enabled. Default value is false. Available in provider version R2.17.1+.

EnablePublicSubnetFiltering bool

Create a Public Subnet Filtering gateway.

EnableSpotInstance bool

Enable spot instance. NOT supported for production deployment.

EnableVpcDnsServer bool

Enable VPC DNS Server for gateway. Currently only supported for AWS, Azure, AzureGov, AWSGov, AWSChina, AzureChina, Alibaba Cloud, AWS Top Secret and AWS Secret gateways. Valid values: true, false. Default value: false.

EnableVpnNat bool

Enable/disable VPN NAT. Only supported for VPN gateway. Valid values: true, false. Default value: true.

FaultDomain string

Fault domain. Required and valid only for OCI. Available as of provider version R2.19.3.

FqdnLanCidr string

If fqdn_lan_cidr is set, the FQDN gateway will be created with an additional LAN interface using the provided CIDR. This attribute is required when enabling FQDN gateway FireNet in Azure or GCP. Available in provider version R2.17.1+.

FqdnLanInterface string

The lan interface id of the of FQDN gateway with additional LAN interface. This attribute will be exported when enabling FQDN gateway firenet in Azure. Available in provider version R2.17.1+.

FqdnLanVpcId string

FQDN LAN VPC ID. This attribute is required when enabling FQDN gateway FireNet in GCP. Available as of provider version R2.18.1+.

GwName string

Name of the Aviatrix gateway to be created.

GwSize string

Size of the gateway instance. Example: AWS/AWSGov/AWSChina: "t2.large", GCP: "n1-standard-1", Azure/AzureGov/AzureChina: "Standard_B1s", OCI: "VM.Standard2.2".

IdleTimeout int

It sets the value (seconds) of the idle timeout. This idle timeout feature is enable only if this attribute is set, otherwise it is disabled. The entered value must be an integer number greater than 300. Available in provider version R2.17.1+.

ImageVersion string

The image version of the gateway. Use aviatrix.getAviatrixGatewayImage data source to programmatically retrieve this value for the desired software_version. If set, we will attempt to update the gateway to the specified version if current version is different. If left blank, the gateway upgrades can be managed with the aviatrix.AviatrixControllerConfig resource. Type: String. Example: "hvm-cloudx-aws-022021". Available as of provider version R2.20.0.

InsaneMode bool

Enable Insane Mode for Gateway. Insane Mode gateway size must be at least c5 series (AWS) or Standard_D3_v2 (Azure/AzureGov). If enabled, a valid /26 CIDR segment of the VPC must be specified to create a new subnet. Only supported for AWS, AWSGov, Azure, AzureGov, AWS China, Azure China, AWS Top Secret or AWS Secret. Valid values: true, false.

InsaneModeAz string

Region + Availability Zone of subnet being created for Insane Mode gateway. Required for AWS, AWSGov, AWS China, AWS Top Secret or AWS Secret if insane_mode is set. Example: AWS: "us-west-1a".

LdapBaseDn string

LDAP base DN. Required if enable_ldap is true.

LdapBindDn string

LDAP bind DN. Required if enable_ldap is true.

LdapPassword string

LDAP password. Required if enable_ldap is true.

LdapServer string

LDAP server address. Required if enable_ldap is true.

LdapUsernameAttribute string

LDAP user attribute. Required if enable_ldap is true.

MaxVpnConn string

Maximum number of active VPN users allowed to be connected to this gateway. Required if vpn_access is true. Make sure the number is smaller than the VPN CIDR block. Example: 100. NOTE: Please see notes here in regards to any deltas found in your state with the addition of this argument in R1.14.

MonitorExcludeLists []string

Set of monitored instance ids. Only valid when 'enable_monitor_gateway_subnets' = true. Available in provider version R2.17.1+.

NameServers string

A list of DNS servers used to resolve domain names by a connected VPN user when Split Tunnel Mode is enabled.

OktaToken string

Token for Okta auth mode. Required if otp_mode is "3".

OktaUrl string

URL for Okta auth mode. Required if otp_mode is "3".

OktaUsernameSuffix string

Username suffix for Okta auth mode. Example: "aviatrix.com".

OtpMode string

Two step authentication mode. Valid values: "2" for DUO, "3" for Okta.

PeeringHaAvailabilityDomain string

Peering HA gateway availability domain. Required and valid only for OCI. Available as of provider version R2.19.3.

PeeringHaAzureEipNameResourceGroup string

Name of public IP address resource and its resource group in Azure to be assigned to the HA peering instance. Example: "IP_Name:Resource_Group_Name". Required if peering_ha_eip is set and cloud_type is Azure, AzureGov or AzureChina. Available as of provider version 2.20+.

PeeringHaCloudInstanceId string

Cloud instance ID of the HA gateway.

PeeringHaEip string

Public IP address to be assigned to the HA peering instance. Only available for AWS, GCP, Azure, OCI, AzureGov, AWSGov, AWSChina, AzureChina, AWS Top Secret and AWS Secret.

PeeringHaFaultDomain string

Peering HA gateway fault domain. Required and valid only for OCI. Available as of provider version R2.19.3.

PeeringHaGwName string

Aviatrix gateway unique name of HA gateway.

PeeringHaGwSize string

Size of the Peering HA Gateway to be created. Required if enabling Peering HA. NOTE: Please see notes here in regards to any deltas found in your state with the addition of this argument in R1.8.

PeeringHaImageVersion string

The image version of the HA gateway. Use aviatrix.getAviatrixGatewayImage data source to programmatically retrieve this value for the desired ha_software_version. If set, we will attempt to update the HA gateway to the specified version if current version is different. If left blank, the gateway upgrades can be managed with the aviatrix.AviatrixControllerConfig resource. Type: String. Example: "hvm-cloudx-aws-022021". Available as of provider version R2.20.0.

PeeringHaInsaneModeAz string

Region + Availability Zone of subnet being created for Insane Mode-enabled Peering HA Gateway. Required for AWS only if insane_mode is set and peering_ha_subnet is set. Example: AWS: "us-west-1a".

PeeringHaPrivateIp string

Private IP address of HA gateway.

PeeringHaSecurityGroupId string

HA security group used for the gateway.

PeeringHaSoftwareVersion string

The software version of the HA gateway. If set, we will attempt to update the HA gateway to the specified version if current version is different. If left blank, the HA gateway upgrade can be managed with the aviatrix.AviatrixControllerConfig resource. Type: String. Example: "6.5.821". Available as of provider version R2.20.0.

PeeringHaSubnet string

Public subnet CIDR to create Peering HA Gateway in. Required if enabling Peering HA for AWS/AWSGov/AWS Top Secret/AWS Secret/Azure/AzureGov/Alibaba Cloud. Optional if enabling Peering HA for GCP. Example: AWS: "10.0.0.0/16".

PeeringHaZone string

Zone to create Peering HA Gateway in. Required if enabling Peering HA for GCP. Example: GCP: "us-west1-c". Optional for Azure. Valid values for Azure gateways are in the form "az-n". Example: "az-2". Available for Azure as of provider version R2.17+.

PrivateIp string

Private IP address of the gateway created.

PublicDnsServer string

DNS server used by the gateway. Default is "8.8.8.8", can be overridden with the VPC's setting.

PublicSubnetFilteringGuardDutyEnforced bool

Whether to enforce Guard Duty IP blocking. Only valid when enable_public_subnet_filtering attribute is true. Valid values: true or false. Default value: true. Available as of provider version R2.18+.

PublicSubnetFilteringHaRouteTables []string

Route tables whose associated public subnets are protected for the HA PSF gateway. Required when enable_public_subnet_filtering and peering_ha_subnet are set. Available as of provider version R2.18+.

PublicSubnetFilteringRouteTables []string

Route tables whose associated public subnets are protected. Only valid when enable_public_subnet_filtering attribute is true. Available as of provider version R2.18+.

RenegotiationInterval int

It sets the value (seconds) of the renegotiation interval. This renegotiation interval feature is enable only if this attribute is set, otherwise it is disabled. The entered value must be an integer number greater than 300. Available in provider version R2.17.1+.

RxQueueSize string

Gateway ethernet interface RX queue size. Once set, can't be deleted or disabled. Available for AWS as of provider version R2.22+.

SamlEnabled bool

Enable/disable SAML. This field is available in Controller version 3.3 or later release. Valid values: true, false. Default value: false.

SearchDomains string

A list of domain names that will use the NameServer when a specific name is not in the destination when Split Tunnel Mode is enabled.

SecurityGroupId string

Security group used for the gateway.

SingleAzHa bool

If enabled, Controller monitors the health of the gateway and restarts the gateway if it becomes unreachable. Valid values: true, false. Default value: false.

SingleIpSnat bool

Enable Source NAT in "single ip" mode for this gateway. Valid values: true, false. Default value: false. NOTE: If using SNAT for FQDN use-case, please see notes here.

SoftwareVersion string

The software version of the gateway. If set, we will attempt to update the gateway to the specified version if current version is different. If left blank, the gateway upgrade can be managed with the aviatrix.AviatrixControllerConfig resource. Type: String. Example: "6.5.821". Available as of provider version R2.20.0.

SplitTunnel bool

Enable/disable Split Tunnel Mode. Valid values: true, false. Default value: true. Please see here for more information on split tunnel.

SpotPrice string

Price for spot instance. NOT supported for production deployment.

Subnet string

A VPC network address range selected from one of the available network ranges. Example: "172.31.0.0/20". NOTE: If using insane_mode, please see notes here.

TagLists []string

(Optional) Tag list of the gateway instance. Only available for AWS, AWSGov, AWSChina, Azure, AzureGov and AzureChina gateways. Example: ["key1:value1", "key2:value2"].

  • storage_name (Optional) Specify a storage account. Required if cloud_type is 2048 (AzureChina). Removed in Provider version 2.21.0+.

Deprecated:

Use tags instead.

Tags map[string]string

Map of tags to assign to the gateway. Only available for AWS, AWSGov, AWSChina, Azure, AzureGov, AzureChina, AWS Top Secret and AWS Secret gateways. Allowed characters vary by cloud type but always include: letters, spaces, and numbers. AWS, AWSGov, AWSChina, AWS Top Secret and AWS Secret allow the use of any character. Azure, AzureGov and AzureChina allows the following special characters: + - = . _ : @. Example: {"key1" = "value1", "key2" = "value2"}.

TunnelDetectionTime int

The IPSec tunnel down detection time for the Gateway.

VpcId string

VPC ID/VNet name of cloud provider. Example: AWS/AWSGov/AWSChina: "vpc-abcd1234", GCP: "vpc-gcp-test~-~project-id", Azure/AzureGov/AzureChina: "vnet_name:rg_name:resource_guid", OCI: "ocid1.vcn.oc1.iad.aaaaaaaaba3pv6wkcr4jqae5f44n2b2m2yt2j6rx32uzr4h25vqstifsfdsq".

VpcReg string

VPC region the gateway will be created in. Example: AWS: "us-east-1", GCP: "us-west2-a", Azure: "East US 2", OCI: "us-ashburn-1", AzureGov: "USGov Arizona", AWSGov: "us-gov-west-1", AWSChina: "cn-north-1", AzureChina: "China North", AWS Top Secret: "us-iso-east-1", AWS Secret: "us-isob-east-1".

VpnAccess bool

Enable user access through VPN to this gateway. Valid values: true, false.

VpnCidr string

VPN CIDR block for the gateway. Required if vpn_access is true. Example: "192.168.43.0/24".

VpnProtocol string

Transport mode for VPN connection. All cloud_types support TCP with ELB, and UDP without ELB. AWS(1) additionally supports UDP with ELB. Valid values: "TCP", "UDP". If not specified, "TCP" will be used.

Zone string

Availability Zone. Only available for Azure and Public Subnet Filtering gateway. Available for Azure as of provider version R2.17+.

accountName String

Account name. This account will be used to launch Aviatrix gateway.

additionalCidrs String

A list of destination CIDR ranges that will also go through the VPN tunnel when Split Tunnel Mode is enabled.

additionalCidrsDesignatedGateway String

A list of CIDR ranges separated by comma to configure when "Designated Gateway" feature is enabled. Example: "10.8.0.0/16,10.9.0.0/16,10.10.0.0/16".

allocateNewEip Boolean

If set to false, use an available address in Elastic IP pool for this gateway. Otherwise, allocate a new Elastic IP and use it for this gateway. Available in Controller 2.7+. Valid values: true, false. Default: true.

availabilityDomain String

Availability domain. Required and valid only for OCI. Available as of provider version R2.19.3.

azureEipNameResourceGroup String

Name of public IP Address resource and its resource group in Azure to be assigned to the gateway instance. Example: "IP_Name:Resource_Group_Name". Required when allocate_new_eip is false and cloud_type is Azure, AzureGov or AzureChina. Available as of provider version 2.20+.

cloudInstanceId String

Cloud instance ID of the gateway.

cloudType Integer

Cloud service provider to use to launch the gateway. Requires an integer value. Currently supports AWS(1), GCP(4), Azure(8), OCI(16), AzureGov(32), AWSGov(256), AWSChina(1024), AzureChina(2048), Alibaba Cloud (8192), AWS Top Secret (16384) and AWS Secret (32768).

customerManagedKeys String

Customer-managed key ID.

duoApiHostname String

API hostname for DUO auth mode. Required: Yes if otp_mode is "2".

duoIntegrationKey String

Integration key for DUO auth mode. Required if otp_mode is "2".

duoPushMode String

Push mode for DUO auth. Required if otp_mode is "2". Valid values: "auto", "selective" and "token".

duoSecretKey String

Secret key for DUO auth mode. Required if otp_mode is "2".

eip String

Specified EIP to use for gateway creation. Required when allocate_new_eip is false. Available in Controller version 3.5+. Only available for AWS, GCP, Azure, OCI, AzureGov, AWSGov, AWSChina, AzureChina, AWS Top Secret and AWS Secret.

elbDnsName String

ELB DNS name.

elbName String

A name for the ELB that is created. If it is not specified, a name is generated automatically.

enableDesignatedGateway Boolean

Enable Designated Gateway feature for Gateway. Only supported for AWS, AWSGov, AWSChina, AWS Top Secret and AWS Secret gateways. Valid values: true, false. Default value: false. Please view documentation here for more information on this feature.

enableElb Boolean

Specify whether to enable ELB or not. Not supported for OCI gateways. Valid values: true, false.

enableEncryptVolume Boolean

Enable EBS volume encryption for the gateway. Only supported for AWS, AWSGov, AWSChina, AWS Top Secret and AWS Secret gateways. Valid values: true, false. Default value: false.

enableJumboFrame Boolean

Enable jumbo frames for this gateway. Default value is true.

enableLdap Boolean

Enable/disable LDAP. Valid values: true, false. Default value: false.

enableMonitorGatewaySubnets Boolean

If set to true, the Monitor Gateway Subnets feature is enabled. Default value is false. Available in provider version R2.17.1+.

enablePublicSubnetFiltering Boolean

Create a Public Subnet Filtering gateway.

enableSpotInstance Boolean

Enable spot instance. NOT supported for production deployment.

enableVpcDnsServer Boolean

Enable VPC DNS Server for gateway. Currently only supported for AWS, Azure, AzureGov, AWSGov, AWSChina, AzureChina, Alibaba Cloud, AWS Top Secret and AWS Secret gateways. Valid values: true, false. Default value: false.

enableVpnNat Boolean

Enable/disable VPN NAT. Only supported for VPN gateway. Valid values: true, false. Default value: true.

faultDomain String

Fault domain. Required and valid only for OCI. Available as of provider version R2.19.3.

fqdnLanCidr String

If fqdn_lan_cidr is set, the FQDN gateway will be created with an additional LAN interface using the provided CIDR. This attribute is required when enabling FQDN gateway FireNet in Azure or GCP. Available in provider version R2.17.1+.

fqdnLanInterface String

The lan interface id of the of FQDN gateway with additional LAN interface. This attribute will be exported when enabling FQDN gateway firenet in Azure. Available in provider version R2.17.1+.

fqdnLanVpcId String

FQDN LAN VPC ID. This attribute is required when enabling FQDN gateway FireNet in GCP. Available as of provider version R2.18.1+.

gwName String

Name of the Aviatrix gateway to be created.

gwSize String

Size of the gateway instance. Example: AWS/AWSGov/AWSChina: "t2.large", GCP: "n1-standard-1", Azure/AzureGov/AzureChina: "Standard_B1s", OCI: "VM.Standard2.2".

idleTimeout Integer

It sets the value (seconds) of the idle timeout. This idle timeout feature is enable only if this attribute is set, otherwise it is disabled. The entered value must be an integer number greater than 300. Available in provider version R2.17.1+.

imageVersion String

The image version of the gateway. Use aviatrix.getAviatrixGatewayImage data source to programmatically retrieve this value for the desired software_version. If set, we will attempt to update the gateway to the specified version if current version is different. If left blank, the gateway upgrades can be managed with the aviatrix.AviatrixControllerConfig resource. Type: String. Example: "hvm-cloudx-aws-022021". Available as of provider version R2.20.0.

insaneMode Boolean

Enable Insane Mode for Gateway. Insane Mode gateway size must be at least c5 series (AWS) or Standard_D3_v2 (Azure/AzureGov). If enabled, a valid /26 CIDR segment of the VPC must be specified to create a new subnet. Only supported for AWS, AWSGov, Azure, AzureGov, AWS China, Azure China, AWS Top Secret or AWS Secret. Valid values: true, false.

insaneModeAz String

Region + Availability Zone of subnet being created for Insane Mode gateway. Required for AWS, AWSGov, AWS China, AWS Top Secret or AWS Secret if insane_mode is set. Example: AWS: "us-west-1a".

ldapBaseDn String

LDAP base DN. Required if enable_ldap is true.

ldapBindDn String

LDAP bind DN. Required if enable_ldap is true.

ldapPassword String

LDAP password. Required if enable_ldap is true.

ldapServer String

LDAP server address. Required if enable_ldap is true.

ldapUsernameAttribute String

LDAP user attribute. Required if enable_ldap is true.

maxVpnConn String

Maximum number of active VPN users allowed to be connected to this gateway. Required if vpn_access is true. Make sure the number is smaller than the VPN CIDR block. Example: 100. NOTE: Please see notes here in regards to any deltas found in your state with the addition of this argument in R1.14.

monitorExcludeLists List<String>

Set of monitored instance ids. Only valid when 'enable_monitor_gateway_subnets' = true. Available in provider version R2.17.1+.

nameServers String

A list of DNS servers used to resolve domain names by a connected VPN user when Split Tunnel Mode is enabled.

oktaToken String

Token for Okta auth mode. Required if otp_mode is "3".

oktaUrl String

URL for Okta auth mode. Required if otp_mode is "3".

oktaUsernameSuffix String

Username suffix for Okta auth mode. Example: "aviatrix.com".

otpMode String

Two step authentication mode. Valid values: "2" for DUO, "3" for Okta.

peeringHaAvailabilityDomain String

Peering HA gateway availability domain. Required and valid only for OCI. Available as of provider version R2.19.3.

peeringHaAzureEipNameResourceGroup String

Name of public IP address resource and its resource group in Azure to be assigned to the HA peering instance. Example: "IP_Name:Resource_Group_Name". Required if peering_ha_eip is set and cloud_type is Azure, AzureGov or AzureChina. Available as of provider version 2.20+.

peeringHaCloudInstanceId String

Cloud instance ID of the HA gateway.

peeringHaEip String

Public IP address to be assigned to the HA peering instance. Only available for AWS, GCP, Azure, OCI, AzureGov, AWSGov, AWSChina, AzureChina, AWS Top Secret and AWS Secret.

peeringHaFaultDomain String

Peering HA gateway fault domain. Required and valid only for OCI. Available as of provider version R2.19.3.

peeringHaGwName String

Aviatrix gateway unique name of HA gateway.

peeringHaGwSize String

Size of the Peering HA Gateway to be created. Required if enabling Peering HA. NOTE: Please see notes here in regards to any deltas found in your state with the addition of this argument in R1.8.

peeringHaImageVersion String

The image version of the HA gateway. Use aviatrix.getAviatrixGatewayImage data source to programmatically retrieve this value for the desired ha_software_version. If set, we will attempt to update the HA gateway to the specified version if current version is different. If left blank, the gateway upgrades can be managed with the aviatrix.AviatrixControllerConfig resource. Type: String. Example: "hvm-cloudx-aws-022021". Available as of provider version R2.20.0.

peeringHaInsaneModeAz String

Region + Availability Zone of subnet being created for Insane Mode-enabled Peering HA Gateway. Required for AWS only if insane_mode is set and peering_ha_subnet is set. Example: AWS: "us-west-1a".

peeringHaPrivateIp String

Private IP address of HA gateway.

peeringHaSecurityGroupId String

HA security group used for the gateway.

peeringHaSoftwareVersion String

The software version of the HA gateway. If set, we will attempt to update the HA gateway to the specified version if current version is different. If left blank, the HA gateway upgrade can be managed with the aviatrix.AviatrixControllerConfig resource. Type: String. Example: "6.5.821". Available as of provider version R2.20.0.

peeringHaSubnet String

Public subnet CIDR to create Peering HA Gateway in. Required if enabling Peering HA for AWS/AWSGov/AWS Top Secret/AWS Secret/Azure/AzureGov/Alibaba Cloud. Optional if enabling Peering HA for GCP. Example: AWS: "10.0.0.0/16".

peeringHaZone String

Zone to create Peering HA Gateway in. Required if enabling Peering HA for GCP. Example: GCP: "us-west1-c". Optional for Azure. Valid values for Azure gateways are in the form "az-n". Example: "az-2". Available for Azure as of provider version R2.17+.

privateIp String

Private IP address of the gateway created.

publicDnsServer String

DNS server used by the gateway. Default is "8.8.8.8", can be overridden with the VPC's setting.

publicSubnetFilteringGuardDutyEnforced Boolean

Whether to enforce Guard Duty IP blocking. Only valid when enable_public_subnet_filtering attribute is true. Valid values: true or false. Default value: true. Available as of provider version R2.18+.

publicSubnetFilteringHaRouteTables List<String>

Route tables whose associated public subnets are protected for the HA PSF gateway. Required when enable_public_subnet_filtering and peering_ha_subnet are set. Available as of provider version R2.18+.

publicSubnetFilteringRouteTables List<String>

Route tables whose associated public subnets are protected. Only valid when enable_public_subnet_filtering attribute is true. Available as of provider version R2.18+.

renegotiationInterval Integer

It sets the value (seconds) of the renegotiation interval. This renegotiation interval feature is enable only if this attribute is set, otherwise it is disabled. The entered value must be an integer number greater than 300. Available in provider version R2.17.1+.

rxQueueSize String

Gateway ethernet interface RX queue size. Once set, can't be deleted or disabled. Available for AWS as of provider version R2.22+.

samlEnabled Boolean

Enable/disable SAML. This field is available in Controller version 3.3 or later release. Valid values: true, false. Default value: false.

searchDomains String

A list of domain names that will use the NameServer when a specific name is not in the destination when Split Tunnel Mode is enabled.

securityGroupId String

Security group used for the gateway.

singleAzHa Boolean

If enabled, Controller monitors the health of the gateway and restarts the gateway if it becomes unreachable. Valid values: true, false. Default value: false.

singleIpSnat Boolean

Enable Source NAT in "single ip" mode for this gateway. Valid values: true, false. Default value: false. NOTE: If using SNAT for FQDN use-case, please see notes here.

softwareVersion String

The software version of the gateway. If set, we will attempt to update the gateway to the specified version if current version is different. If left blank, the gateway upgrade can be managed with the aviatrix.AviatrixControllerConfig resource. Type: String. Example: "6.5.821". Available as of provider version R2.20.0.

splitTunnel Boolean

Enable/disable Split Tunnel Mode. Valid values: true, false. Default value: true. Please see here for more information on split tunnel.

spotPrice String

Price for spot instance. NOT supported for production deployment.

subnet String

A VPC network address range selected from one of the available network ranges. Example: "172.31.0.0/20". NOTE: If using insane_mode, please see notes here.

tagLists List<String>

(Optional) Tag list of the gateway instance. Only available for AWS, AWSGov, AWSChina, Azure, AzureGov and AzureChina gateways. Example: ["key1:value1", "key2:value2"].

  • storage_name (Optional) Specify a storage account. Required if cloud_type is 2048 (AzureChina). Removed in Provider version 2.21.0+.

Deprecated:

Use tags instead.

tags Map<String,String>

Map of tags to assign to the gateway. Only available for AWS, AWSGov, AWSChina, Azure, AzureGov, AzureChina, AWS Top Secret and AWS Secret gateways. Allowed characters vary by cloud type but always include: letters, spaces, and numbers. AWS, AWSGov, AWSChina, AWS Top Secret and AWS Secret allow the use of any character. Azure, AzureGov and AzureChina allows the following special characters: + - = . _ : @. Example: {"key1" = "value1", "key2" = "value2"}.

tunnelDetectionTime Integer

The IPSec tunnel down detection time for the Gateway.

vpcId String

VPC ID/VNet name of cloud provider. Example: AWS/AWSGov/AWSChina: "vpc-abcd1234", GCP: "vpc-gcp-test~-~project-id", Azure/AzureGov/AzureChina: "vnet_name:rg_name:resource_guid", OCI: "ocid1.vcn.oc1.iad.aaaaaaaaba3pv6wkcr4jqae5f44n2b2m2yt2j6rx32uzr4h25vqstifsfdsq".

vpcReg String

VPC region the gateway will be created in. Example: AWS: "us-east-1", GCP: "us-west2-a", Azure: "East US 2", OCI: "us-ashburn-1", AzureGov: "USGov Arizona", AWSGov: "us-gov-west-1", AWSChina: "cn-north-1", AzureChina: "China North", AWS Top Secret: "us-iso-east-1", AWS Secret: "us-isob-east-1".

vpnAccess Boolean

Enable user access through VPN to this gateway. Valid values: true, false.

vpnCidr String

VPN CIDR block for the gateway. Required if vpn_access is true. Example: "192.168.43.0/24".

vpnProtocol String

Transport mode for VPN connection. All cloud_types support TCP with ELB, and UDP without ELB. AWS(1) additionally supports UDP with ELB. Valid values: "TCP", "UDP". If not specified, "TCP" will be used.

zone String

Availability Zone. Only available for Azure and Public Subnet Filtering gateway. Available for Azure as of provider version R2.17+.

accountName string

Account name. This account will be used to launch Aviatrix gateway.

additionalCidrs string

A list of destination CIDR ranges that will also go through the VPN tunnel when Split Tunnel Mode is enabled.

additionalCidrsDesignatedGateway string

A list of CIDR ranges separated by comma to configure when "Designated Gateway" feature is enabled. Example: "10.8.0.0/16,10.9.0.0/16,10.10.0.0/16".

allocateNewEip boolean

If set to false, use an available address in Elastic IP pool for this gateway. Otherwise, allocate a new Elastic IP and use it for this gateway. Available in Controller 2.7+. Valid values: true, false. Default: true.

availabilityDomain string

Availability domain. Required and valid only for OCI. Available as of provider version R2.19.3.

azureEipNameResourceGroup string

Name of public IP Address resource and its resource group in Azure to be assigned to the gateway instance. Example: "IP_Name:Resource_Group_Name". Required when allocate_new_eip is false and cloud_type is Azure, AzureGov or AzureChina. Available as of provider version 2.20+.

cloudInstanceId string

Cloud instance ID of the gateway.

cloudType number

Cloud service provider to use to launch the gateway. Requires an integer value. Currently supports AWS(1), GCP(4), Azure(8), OCI(16), AzureGov(32), AWSGov(256), AWSChina(1024), AzureChina(2048), Alibaba Cloud (8192), AWS Top Secret (16384) and AWS Secret (32768).

customerManagedKeys string

Customer-managed key ID.

duoApiHostname string

API hostname for DUO auth mode. Required: Yes if otp_mode is "2".

duoIntegrationKey string

Integration key for DUO auth mode. Required if otp_mode is "2".

duoPushMode string

Push mode for DUO auth. Required if otp_mode is "2". Valid values: "auto", "selective" and "token".

duoSecretKey string

Secret key for DUO auth mode. Required if otp_mode is "2".

eip string

Specified EIP to use for gateway creation. Required when allocate_new_eip is false. Available in Controller version 3.5+. Only available for AWS, GCP, Azure, OCI, AzureGov, AWSGov, AWSChina, AzureChina, AWS Top Secret and AWS Secret.

elbDnsName string

ELB DNS name.

elbName string

A name for the ELB that is created. If it is not specified, a name is generated automatically.

enableDesignatedGateway boolean

Enable Designated Gateway feature for Gateway. Only supported for AWS, AWSGov, AWSChina, AWS Top Secret and AWS Secret gateways. Valid values: true, false. Default value: false. Please view documentation here for more information on this feature.

enableElb boolean

Specify whether to enable ELB or not. Not supported for OCI gateways. Valid values: true, false.

enableEncryptVolume boolean

Enable EBS volume encryption for the gateway. Only supported for AWS, AWSGov, AWSChina, AWS Top Secret and AWS Secret gateways. Valid values: true, false. Default value: false.

enableJumboFrame boolean

Enable jumbo frames for this gateway. Default value is true.

enableLdap boolean

Enable/disable LDAP. Valid values: true, false. Default value: false.

enableMonitorGatewaySubnets boolean

If set to true, the Monitor Gateway Subnets feature is enabled. Default value is false. Available in provider version R2.17.1+.

enablePublicSubnetFiltering boolean

Create a Public Subnet Filtering gateway.

enableSpotInstance boolean

Enable spot instance. NOT supported for production deployment.

enableVpcDnsServer boolean

Enable VPC DNS Server for gateway. Currently only supported for AWS, Azure, AzureGov, AWSGov, AWSChina, AzureChina, Alibaba Cloud, AWS Top Secret and AWS Secret gateways. Valid values: true, false. Default value: false.

enableVpnNat boolean

Enable/disable VPN NAT. Only supported for VPN gateway. Valid values: true, false. Default value: true.

faultDomain string

Fault domain. Required and valid only for OCI. Available as of provider version R2.19.3.

fqdnLanCidr string

If fqdn_lan_cidr is set, the FQDN gateway will be created with an additional LAN interface using the provided CIDR. This attribute is required when enabling FQDN gateway FireNet in Azure or GCP. Available in provider version R2.17.1+.

fqdnLanInterface string

The lan interface id of the of FQDN gateway with additional LAN interface. This attribute will be exported when enabling FQDN gateway firenet in Azure. Available in provider version R2.17.1+.

fqdnLanVpcId string

FQDN LAN VPC ID. This attribute is required when enabling FQDN gateway FireNet in GCP. Available as of provider version R2.18.1+.

gwName string

Name of the Aviatrix gateway to be created.

gwSize string

Size of the gateway instance. Example: AWS/AWSGov/AWSChina: "t2.large", GCP: "n1-standard-1", Azure/AzureGov/AzureChina: "Standard_B1s", OCI: "VM.Standard2.2".

idleTimeout number

It sets the value (seconds) of the idle timeout. This idle timeout feature is enable only if this attribute is set, otherwise it is disabled. The entered value must be an integer number greater than 300. Available in provider version R2.17.1+.

imageVersion string

The image version of the gateway. Use aviatrix.getAviatrixGatewayImage data source to programmatically retrieve this value for the desired software_version. If set, we will attempt to update the gateway to the specified version if current version is different. If left blank, the gateway upgrades can be managed with the aviatrix.AviatrixControllerConfig resource. Type: String. Example: "hvm-cloudx-aws-022021". Available as of provider version R2.20.0.

insaneMode boolean

Enable Insane Mode for Gateway. Insane Mode gateway size must be at least c5 series (AWS) or Standard_D3_v2 (Azure/AzureGov). If enabled, a valid /26 CIDR segment of the VPC must be specified to create a new subnet. Only supported for AWS, AWSGov, Azure, AzureGov, AWS China, Azure China, AWS Top Secret or AWS Secret. Valid values: true, false.

insaneModeAz string

Region + Availability Zone of subnet being created for Insane Mode gateway. Required for AWS, AWSGov, AWS China, AWS Top Secret or AWS Secret if insane_mode is set. Example: AWS: "us-west-1a".

ldapBaseDn string

LDAP base DN. Required if enable_ldap is true.

ldapBindDn string

LDAP bind DN. Required if enable_ldap is true.

ldapPassword string

LDAP password. Required if enable_ldap is true.

ldapServer string

LDAP server address. Required if enable_ldap is true.

ldapUsernameAttribute string

LDAP user attribute. Required if enable_ldap is true.

maxVpnConn string

Maximum number of active VPN users allowed to be connected to this gateway. Required if vpn_access is true. Make sure the number is smaller than the VPN CIDR block. Example: 100. NOTE: Please see notes here in regards to any deltas found in your state with the addition of this argument in R1.14.

monitorExcludeLists string[]

Set of monitored instance ids. Only valid when 'enable_monitor_gateway_subnets' = true. Available in provider version R2.17.1+.

nameServers string

A list of DNS servers used to resolve domain names by a connected VPN user when Split Tunnel Mode is enabled.

oktaToken string

Token for Okta auth mode. Required if otp_mode is "3".

oktaUrl string

URL for Okta auth mode. Required if otp_mode is "3".

oktaUsernameSuffix string

Username suffix for Okta auth mode. Example: "aviatrix.com".

otpMode string

Two step authentication mode. Valid values: "2" for DUO, "3" for Okta.

peeringHaAvailabilityDomain string

Peering HA gateway availability domain. Required and valid only for OCI. Available as of provider version R2.19.3.

peeringHaAzureEipNameResourceGroup string

Name of public IP address resource and its resource group in Azure to be assigned to the HA peering instance. Example: "IP_Name:Resource_Group_Name". Required if peering_ha_eip is set and cloud_type is Azure, AzureGov or AzureChina. Available as of provider version 2.20+.

peeringHaCloudInstanceId string

Cloud instance ID of the HA gateway.

peeringHaEip string

Public IP address to be assigned to the HA peering instance. Only available for AWS, GCP, Azure, OCI, AzureGov, AWSGov, AWSChina, AzureChina, AWS Top Secret and AWS Secret.

peeringHaFaultDomain string

Peering HA gateway fault domain. Required and valid only for OCI. Available as of provider version R2.19.3.

peeringHaGwName string

Aviatrix gateway unique name of HA gateway.

peeringHaGwSize string

Size of the Peering HA Gateway to be created. Required if enabling Peering HA. NOTE: Please see notes here in regards to any deltas found in your state with the addition of this argument in R1.8.

peeringHaImageVersion string

The image version of the HA gateway. Use aviatrix.getAviatrixGatewayImage data source to programmatically retrieve this value for the desired ha_software_version. If set, we will attempt to update the HA gateway to the specified version if current version is different. If left blank, the gateway upgrades can be managed with the aviatrix.AviatrixControllerConfig resource. Type: String. Example: "hvm-cloudx-aws-022021". Available as of provider version R2.20.0.

peeringHaInsaneModeAz string

Region + Availability Zone of subnet being created for Insane Mode-enabled Peering HA Gateway. Required for AWS only if insane_mode is set and peering_ha_subnet is set. Example: AWS: "us-west-1a".

peeringHaPrivateIp string

Private IP address of HA gateway.

peeringHaSecurityGroupId string

HA security group used for the gateway.

peeringHaSoftwareVersion string

The software version of the HA gateway. If set, we will attempt to update the HA gateway to the specified version if current version is different. If left blank, the HA gateway upgrade can be managed with the aviatrix.AviatrixControllerConfig resource. Type: String. Example: "6.5.821". Available as of provider version R2.20.0.

peeringHaSubnet string

Public subnet CIDR to create Peering HA Gateway in. Required if enabling Peering HA for AWS/AWSGov/AWS Top Secret/AWS Secret/Azure/AzureGov/Alibaba Cloud. Optional if enabling Peering HA for GCP. Example: AWS: "10.0.0.0/16".

peeringHaZone string

Zone to create Peering HA Gateway in. Required if enabling Peering HA for GCP. Example: GCP: "us-west1-c". Optional for Azure. Valid values for Azure gateways are in the form "az-n". Example: "az-2". Available for Azure as of provider version R2.17+.

privateIp string

Private IP address of the gateway created.

publicDnsServer string

DNS server used by the gateway. Default is "8.8.8.8", can be overridden with the VPC's setting.

publicSubnetFilteringGuardDutyEnforced boolean

Whether to enforce Guard Duty IP blocking. Only valid when enable_public_subnet_filtering attribute is true. Valid values: true or false. Default value: true. Available as of provider version R2.18+.

publicSubnetFilteringHaRouteTables string[]

Route tables whose associated public subnets are protected for the HA PSF gateway. Required when enable_public_subnet_filtering and peering_ha_subnet are set. Available as of provider version R2.18+.

publicSubnetFilteringRouteTables string[]

Route tables whose associated public subnets are protected. Only valid when enable_public_subnet_filtering attribute is true. Available as of provider version R2.18+.

renegotiationInterval number

It sets the value (seconds) of the renegotiation interval. This renegotiation interval feature is enable only if this attribute is set, otherwise it is disabled. The entered value must be an integer number greater than 300. Available in provider version R2.17.1+.

rxQueueSize string

Gateway ethernet interface RX queue size. Once set, can't be deleted or disabled. Available for AWS as of provider version R2.22+.

samlEnabled boolean

Enable/disable SAML. This field is available in Controller version 3.3 or later release. Valid values: true, false. Default value: false.

searchDomains string

A list of domain names that will use the NameServer when a specific name is not in the destination when Split Tunnel Mode is enabled.

securityGroupId string

Security group used for the gateway.

singleAzHa boolean

If enabled, Controller monitors the health of the gateway and restarts the gateway if it becomes unreachable. Valid values: true, false. Default value: false.

singleIpSnat boolean

Enable Source NAT in "single ip" mode for this gateway. Valid values: true, false. Default value: false. NOTE: If using SNAT for FQDN use-case, please see notes here.

softwareVersion string

The software version of the gateway. If set, we will attempt to update the gateway to the specified version if current version is different. If left blank, the gateway upgrade can be managed with the aviatrix.AviatrixControllerConfig resource. Type: String. Example: "6.5.821". Available as of provider version R2.20.0.

splitTunnel boolean

Enable/disable Split Tunnel Mode. Valid values: true, false. Default value: true. Please see here for more information on split tunnel.

spotPrice string

Price for spot instance. NOT supported for production deployment.

subnet string

A VPC network address range selected from one of the available network ranges. Example: "172.31.0.0/20". NOTE: If using insane_mode, please see notes here.

tagLists string[]

(Optional) Tag list of the gateway instance. Only available for AWS, AWSGov, AWSChina, Azure, AzureGov and AzureChina gateways. Example: ["key1:value1", "key2:value2"].

  • storage_name (Optional) Specify a storage account. Required if cloud_type is 2048 (AzureChina). Removed in Provider version 2.21.0+.

Deprecated:

Use tags instead.

tags {[key: string]: string}

Map of tags to assign to the gateway. Only available for AWS, AWSGov, AWSChina, Azure, AzureGov, AzureChina, AWS Top Secret and AWS Secret gateways. Allowed characters vary by cloud type but always include: letters, spaces, and numbers. AWS, AWSGov, AWSChina, AWS Top Secret and AWS Secret allow the use of any character. Azure, AzureGov and AzureChina allows the following special characters: + - = . _ : @. Example: {"key1" = "value1", "key2" = "value2"}.

tunnelDetectionTime number

The IPSec tunnel down detection time for the Gateway.

vpcId string

VPC ID/VNet name of cloud provider. Example: AWS/AWSGov/AWSChina: "vpc-abcd1234", GCP: "vpc-gcp-test~-~project-id", Azure/AzureGov/AzureChina: "vnet_name:rg_name:resource_guid", OCI: "ocid1.vcn.oc1.iad.aaaaaaaaba3pv6wkcr4jqae5f44n2b2m2yt2j6rx32uzr4h25vqstifsfdsq".

vpcReg string

VPC region the gateway will be created in. Example: AWS: "us-east-1", GCP: "us-west2-a", Azure: "East US 2", OCI: "us-ashburn-1", AzureGov: "USGov Arizona", AWSGov: "us-gov-west-1", AWSChina: "cn-north-1", AzureChina: "China North", AWS Top Secret: "us-iso-east-1", AWS Secret: "us-isob-east-1".

vpnAccess boolean

Enable user access through VPN to this gateway. Valid values: true, false.

vpnCidr string

VPN CIDR block for the gateway. Required if vpn_access is true. Example: "192.168.43.0/24".

vpnProtocol string

Transport mode for VPN connection. All cloud_types support TCP with ELB, and UDP without ELB. AWS(1) additionally supports UDP with ELB. Valid values: "TCP", "UDP". If not specified, "TCP" will be used.

zone string

Availability Zone. Only available for Azure and Public Subnet Filtering gateway. Available for Azure as of provider version R2.17+.

account_name str

Account name. This account will be used to launch Aviatrix gateway.

additional_cidrs str

A list of destination CIDR ranges that will also go through the VPN tunnel when Split Tunnel Mode is enabled.

additional_cidrs_designated_gateway str

A list of CIDR ranges separated by comma to configure when "Designated Gateway" feature is enabled. Example: "10.8.0.0/16,10.9.0.0/16,10.10.0.0/16".

allocate_new_eip bool

If set to false, use an available address in Elastic IP pool for this gateway. Otherwise, allocate a new Elastic IP and use it for this gateway. Available in Controller 2.7+. Valid values: true, false. Default: true.

availability_domain str

Availability domain. Required and valid only for OCI. Available as of provider version R2.19.3.

azure_eip_name_resource_group str

Name of public IP Address resource and its resource group in Azure to be assigned to the gateway instance. Example: "IP_Name:Resource_Group_Name". Required when allocate_new_eip is false and cloud_type is Azure, AzureGov or AzureChina. Available as of provider version 2.20+.

cloud_instance_id str

Cloud instance ID of the gateway.

cloud_type int

Cloud service provider to use to launch the gateway. Requires an integer value. Currently supports AWS(1), GCP(4), Azure(8), OCI(16), AzureGov(32), AWSGov(256), AWSChina(1024), AzureChina(2048), Alibaba Cloud (8192), AWS Top Secret (16384) and AWS Secret (32768).

customer_managed_keys str

Customer-managed key ID.

duo_api_hostname str

API hostname for DUO auth mode. Required: Yes if otp_mode is "2".

duo_integration_key str

Integration key for DUO auth mode. Required if otp_mode is "2".

duo_push_mode str

Push mode for DUO auth. Required if otp_mode is "2". Valid values: "auto", "selective" and "token".

duo_secret_key str

Secret key for DUO auth mode. Required if otp_mode is "2".

eip str

Specified EIP to use for gateway creation. Required when allocate_new_eip is false. Available in Controller version 3.5+. Only available for AWS, GCP, Azure, OCI, AzureGov, AWSGov, AWSChina, AzureChina, AWS Top Secret and AWS Secret.

elb_dns_name str

ELB DNS name.

elb_name str

A name for the ELB that is created. If it is not specified, a name is generated automatically.

enable_designated_gateway bool

Enable Designated Gateway feature for Gateway. Only supported for AWS, AWSGov, AWSChina, AWS Top Secret and AWS Secret gateways. Valid values: true, false. Default value: false. Please view documentation here for more information on this feature.

enable_elb bool

Specify whether to enable ELB or not. Not supported for OCI gateways. Valid values: true, false.

enable_encrypt_volume bool

Enable EBS volume encryption for the gateway. Only supported for AWS, AWSGov, AWSChina, AWS Top Secret and AWS Secret gateways. Valid values: true, false. Default value: false.

enable_jumbo_frame bool

Enable jumbo frames for this gateway. Default value is true.

enable_ldap bool

Enable/disable LDAP. Valid values: true, false. Default value: false.

enable_monitor_gateway_subnets bool

If set to true, the Monitor Gateway Subnets feature is enabled. Default value is false. Available in provider version R2.17.1+.

enable_public_subnet_filtering bool

Create a Public Subnet Filtering gateway.

enable_spot_instance bool

Enable spot instance. NOT supported for production deployment.

enable_vpc_dns_server bool

Enable VPC DNS Server for gateway. Currently only supported for AWS, Azure, AzureGov, AWSGov, AWSChina, AzureChina, Alibaba Cloud, AWS Top Secret and AWS Secret gateways. Valid values: true, false. Default value: false.

enable_vpn_nat bool

Enable/disable VPN NAT. Only supported for VPN gateway. Valid values: true, false. Default value: true.

fault_domain str

Fault domain. Required and valid only for OCI. Available as of provider version R2.19.3.

fqdn_lan_cidr str

If fqdn_lan_cidr is set, the FQDN gateway will be created with an additional LAN interface using the provided CIDR. This attribute is required when enabling FQDN gateway FireNet in Azure or GCP. Available in provider version R2.17.1+.

fqdn_lan_interface str

The lan interface id of the of FQDN gateway with additional LAN interface. This attribute will be exported when enabling FQDN gateway firenet in Azure. Available in provider version R2.17.1+.

fqdn_lan_vpc_id str

FQDN LAN VPC ID. This attribute is required when enabling FQDN gateway FireNet in GCP. Available as of provider version R2.18.1+.

gw_name str

Name of the Aviatrix gateway to be created.

gw_size str

Size of the gateway instance. Example: AWS/AWSGov/AWSChina: "t2.large", GCP: "n1-standard-1", Azure/AzureGov/AzureChina: "Standard_B1s", OCI: "VM.Standard2.2".

idle_timeout int

It sets the value (seconds) of the idle timeout. This idle timeout feature is enable only if this attribute is set, otherwise it is disabled. The entered value must be an integer number greater than 300. Available in provider version R2.17.1+.

image_version str

The image version of the gateway. Use aviatrix.getAviatrixGatewayImage data source to programmatically retrieve this value for the desired software_version. If set, we will attempt to update the gateway to the specified version if current version is different. If left blank, the gateway upgrades can be managed with the aviatrix.AviatrixControllerConfig resource. Type: String. Example: "hvm-cloudx-aws-022021". Available as of provider version R2.20.0.

insane_mode bool

Enable Insane Mode for Gateway. Insane Mode gateway size must be at least c5 series (AWS) or Standard_D3_v2 (Azure/AzureGov). If enabled, a valid /26 CIDR segment of the VPC must be specified to create a new subnet. Only supported for AWS, AWSGov, Azure, AzureGov, AWS China, Azure China, AWS Top Secret or AWS Secret. Valid values: true, false.

insane_mode_az str

Region + Availability Zone of subnet being created for Insane Mode gateway. Required for AWS, AWSGov, AWS China, AWS Top Secret or AWS Secret if insane_mode is set. Example: AWS: "us-west-1a".

ldap_base_dn str

LDAP base DN. Required if enable_ldap is true.

ldap_bind_dn str

LDAP bind DN. Required if enable_ldap is true.

ldap_password str

LDAP password. Required if enable_ldap is true.

ldap_server str

LDAP server address. Required if enable_ldap is true.

ldap_username_attribute str

LDAP user attribute. Required if enable_ldap is true.

max_vpn_conn str

Maximum number of active VPN users allowed to be connected to this gateway. Required if vpn_access is true. Make sure the number is smaller than the VPN CIDR block. Example: 100. NOTE: Please see notes here in regards to any deltas found in your state with the addition of this argument in R1.14.

monitor_exclude_lists Sequence[str]

Set of monitored instance ids. Only valid when 'enable_monitor_gateway_subnets' = true. Available in provider version R2.17.1+.

name_servers str

A list of DNS servers used to resolve domain names by a connected VPN user when Split Tunnel Mode is enabled.

okta_token str

Token for Okta auth mode. Required if otp_mode is "3".

okta_url str

URL for Okta auth mode. Required if otp_mode is "3".

okta_username_suffix str

Username suffix for Okta auth mode. Example: "aviatrix.com".

otp_mode str

Two step authentication mode. Valid values: "2" for DUO, "3" for Okta.

peering_ha_availability_domain str

Peering HA gateway availability domain. Required and valid only for OCI. Available as of provider version R2.19.3.

peering_ha_azure_eip_name_resource_group str

Name of public IP address resource and its resource group in Azure to be assigned to the HA peering instance. Example: "IP_Name:Resource_Group_Name". Required if peering_ha_eip is set and cloud_type is Azure, AzureGov or AzureChina. Available as of provider version 2.20+.

peering_ha_cloud_instance_id str

Cloud instance ID of the HA gateway.

peering_ha_eip str

Public IP address to be assigned to the HA peering instance. Only available for AWS, GCP, Azure, OCI, AzureGov, AWSGov, AWSChina, AzureChina, AWS Top Secret and AWS Secret.

peering_ha_fault_domain str

Peering HA gateway fault domain. Required and valid only for OCI. Available as of provider version R2.19.3.

peering_ha_gw_name str

Aviatrix gateway unique name of HA gateway.

peering_ha_gw_size str

Size of the Peering HA Gateway to be created. Required if enabling Peering HA. NOTE: Please see notes here in regards to any deltas found in your state with the addition of this argument in R1.8.

peering_ha_image_version str

The image version of the HA gateway. Use aviatrix.getAviatrixGatewayImage data source to programmatically retrieve this value for the desired ha_software_version. If set, we will attempt to update the HA gateway to the specified version if current version is different. If left blank, the gateway upgrades can be managed with the aviatrix.AviatrixControllerConfig resource. Type: String. Example: "hvm-cloudx-aws-022021". Available as of provider version R2.20.0.

peering_ha_insane_mode_az str

Region + Availability Zone of subnet being created for Insane Mode-enabled Peering HA Gateway. Required for AWS only if insane_mode is set and peering_ha_subnet is set. Example: AWS: "us-west-1a".

peering_ha_private_ip str

Private IP address of HA gateway.

peering_ha_security_group_id str

HA security group used for the gateway.

peering_ha_software_version str

The software version of the HA gateway. If set, we will attempt to update the HA gateway to the specified version if current version is different. If left blank, the HA gateway upgrade can be managed with the aviatrix.AviatrixControllerConfig resource. Type: String. Example: "6.5.821". Available as of provider version R2.20.0.

peering_ha_subnet str

Public subnet CIDR to create Peering HA Gateway in. Required if enabling Peering HA for AWS/AWSGov/AWS Top Secret/AWS Secret/Azure/AzureGov/Alibaba Cloud. Optional if enabling Peering HA for GCP. Example: AWS: "10.0.0.0/16".

peering_ha_zone str

Zone to create Peering HA Gateway in. Required if enabling Peering HA for GCP. Example: GCP: "us-west1-c". Optional for Azure. Valid values for Azure gateways are in the form "az-n". Example: "az-2". Available for Azure as of provider version R2.17+.

private_ip str

Private IP address of the gateway created.

public_dns_server str

DNS server used by the gateway. Default is "8.8.8.8", can be overridden with the VPC's setting.

public_subnet_filtering_guard_duty_enforced bool

Whether to enforce Guard Duty IP blocking. Only valid when enable_public_subnet_filtering attribute is true. Valid values: true or false. Default value: true. Available as of provider version R2.18+.

public_subnet_filtering_ha_route_tables Sequence[str]

Route tables whose associated public subnets are protected for the HA PSF gateway. Required when enable_public_subnet_filtering and peering_ha_subnet are set. Available as of provider version R2.18+.

public_subnet_filtering_route_tables Sequence[str]

Route tables whose associated public subnets are protected. Only valid when enable_public_subnet_filtering attribute is true. Available as of provider version R2.18+.

renegotiation_interval int

It sets the value (seconds) of the renegotiation interval. This renegotiation interval feature is enable only if this attribute is set, otherwise it is disabled. The entered value must be an integer number greater than 300. Available in provider version R2.17.1+.

rx_queue_size str

Gateway ethernet interface RX queue size. Once set, can't be deleted or disabled. Available for AWS as of provider version R2.22+.

saml_enabled bool

Enable/disable SAML. This field is available in Controller version 3.3 or later release. Valid values: true, false. Default value: false.

search_domains str

A list of domain names that will use the NameServer when a specific name is not in the destination when Split Tunnel Mode is enabled.

security_group_id str

Security group used for the gateway.

single_az_ha bool

If enabled, Controller monitors the health of the gateway and restarts the gateway if it becomes unreachable. Valid values: true, false. Default value: false.

single_ip_snat bool

Enable Source NAT in "single ip" mode for this gateway. Valid values: true, false. Default value: false. NOTE: If using SNAT for FQDN use-case, please see notes here.

software_version str

The software version of the gateway. If set, we will attempt to update the gateway to the specified version if current version is different. If left blank, the gateway upgrade can be managed with the aviatrix.AviatrixControllerConfig resource. Type: String. Example: "6.5.821". Available as of provider version R2.20.0.

split_tunnel bool

Enable/disable Split Tunnel Mode. Valid values: true, false. Default value: true. Please see here for more information on split tunnel.

spot_price str

Price for spot instance. NOT supported for production deployment.

subnet str

A VPC network address range selected from one of the available network ranges. Example: "172.31.0.0/20". NOTE: If using insane_mode, please see notes here.

tag_lists Sequence[str]

(Optional) Tag list of the gateway instance. Only available for AWS, AWSGov, AWSChina, Azure, AzureGov and AzureChina gateways. Example: ["key1:value1", "key2:value2"].

  • storage_name (Optional) Specify a storage account. Required if cloud_type is 2048 (AzureChina). Removed in Provider version 2.21.0+.

Deprecated:

Use tags instead.

tags Mapping[str, str]

Map of tags to assign to the gateway. Only available for AWS, AWSGov, AWSChina, Azure, AzureGov, AzureChina, AWS Top Secret and AWS Secret gateways. Allowed characters vary by cloud type but always include: letters, spaces, and numbers. AWS, AWSGov, AWSChina, AWS Top Secret and AWS Secret allow the use of any character. Azure, AzureGov and AzureChina allows the following special characters: + - = . _ : @. Example: {"key1" = "value1", "key2" = "value2"}.

tunnel_detection_time int

The IPSec tunnel down detection time for the Gateway.

vpc_id str

VPC ID/VNet name of cloud provider. Example: AWS/AWSGov/AWSChina: "vpc-abcd1234", GCP: "vpc-gcp-test~-~project-id", Azure/AzureGov/AzureChina: "vnet_name:rg_name:resource_guid", OCI: "ocid1.vcn.oc1.iad.aaaaaaaaba3pv6wkcr4jqae5f44n2b2m2yt2j6rx32uzr4h25vqstifsfdsq".

vpc_reg str

VPC region the gateway will be created in. Example: AWS: "us-east-1", GCP: "us-west2-a", Azure: "East US 2", OCI: "us-ashburn-1", AzureGov: "USGov Arizona", AWSGov: "us-gov-west-1", AWSChina: "cn-north-1", AzureChina: "China North", AWS Top Secret: "us-iso-east-1", AWS Secret: "us-isob-east-1".

vpn_access bool

Enable user access through VPN to this gateway. Valid values: true, false.

vpn_cidr str

VPN CIDR block for the gateway. Required if vpn_access is true. Example: "192.168.43.0/24".

vpn_protocol str

Transport mode for VPN connection. All cloud_types support TCP with ELB, and UDP without ELB. AWS(1) additionally supports UDP with ELB. Valid values: "TCP", "UDP". If not specified, "TCP" will be used.

zone str

Availability Zone. Only available for Azure and Public Subnet Filtering gateway. Available for Azure as of provider version R2.17+.

accountName String

Account name. This account will be used to launch Aviatrix gateway.

additionalCidrs String

A list of destination CIDR ranges that will also go through the VPN tunnel when Split Tunnel Mode is enabled.

additionalCidrsDesignatedGateway String

A list of CIDR ranges separated by comma to configure when "Designated Gateway" feature is enabled. Example: "10.8.0.0/16,10.9.0.0/16,10.10.0.0/16".

allocateNewEip Boolean

If set to false, use an available address in Elastic IP pool for this gateway. Otherwise, allocate a new Elastic IP and use it for this gateway. Available in Controller 2.7+. Valid values: true, false. Default: true.

availabilityDomain String

Availability domain. Required and valid only for OCI. Available as of provider version R2.19.3.

azureEipNameResourceGroup String

Name of public IP Address resource and its resource group in Azure to be assigned to the gateway instance. Example: "IP_Name:Resource_Group_Name". Required when allocate_new_eip is false and cloud_type is Azure, AzureGov or AzureChina. Available as of provider version 2.20+.

cloudInstanceId String

Cloud instance ID of the gateway.

cloudType Number

Cloud service provider to use to launch the gateway. Requires an integer value. Currently supports AWS(1), GCP(4), Azure(8), OCI(16), AzureGov(32), AWSGov(256), AWSChina(1024), AzureChina(2048), Alibaba Cloud (8192), AWS Top Secret (16384) and AWS Secret (32768).

customerManagedKeys String

Customer-managed key ID.

duoApiHostname String

API hostname for DUO auth mode. Required: Yes if otp_mode is "2".

duoIntegrationKey String

Integration key for DUO auth mode. Required if otp_mode is "2".

duoPushMode String

Push mode for DUO auth. Required if otp_mode is "2". Valid values: "auto", "selective" and "token".

duoSecretKey String

Secret key for DUO auth mode. Required if otp_mode is "2".

eip String

Specified EIP to use for gateway creation. Required when allocate_new_eip is false. Available in Controller version 3.5+. Only available for AWS, GCP, Azure, OCI, AzureGov, AWSGov, AWSChina, AzureChina, AWS Top Secret and AWS Secret.

elbDnsName String

ELB DNS name.

elbName String

A name for the ELB that is created. If it is not specified, a name is generated automatically.

enableDesignatedGateway Boolean

Enable Designated Gateway feature for Gateway. Only supported for AWS, AWSGov, AWSChina, AWS Top Secret and AWS Secret gateways. Valid values: true, false. Default value: false. Please view documentation here for more information on this feature.

enableElb Boolean

Specify whether to enable ELB or not. Not supported for OCI gateways. Valid values: true, false.

enableEncryptVolume Boolean

Enable EBS volume encryption for the gateway. Only supported for AWS, AWSGov, AWSChina, AWS Top Secret and AWS Secret gateways. Valid values: true, false. Default value: false.

enableJumboFrame Boolean

Enable jumbo frames for this gateway. Default value is true.

enableLdap Boolean

Enable/disable LDAP. Valid values: true, false. Default value: false.

enableMonitorGatewaySubnets Boolean

If set to true, the Monitor Gateway Subnets feature is enabled. Default value is false. Available in provider version R2.17.1+.

enablePublicSubnetFiltering Boolean

Create a Public Subnet Filtering gateway.

enableSpotInstance Boolean

Enable spot instance. NOT supported for production deployment.

enableVpcDnsServer Boolean

Enable VPC DNS Server for gateway. Currently only supported for AWS, Azure, AzureGov, AWSGov, AWSChina, AzureChina, Alibaba Cloud, AWS Top Secret and AWS Secret gateways. Valid values: true, false. Default value: false.

enableVpnNat Boolean

Enable/disable VPN NAT. Only supported for VPN gateway. Valid values: true, false. Default value: true.

faultDomain String

Fault domain. Required and valid only for OCI. Available as of provider version R2.19.3.

fqdnLanCidr String

If fqdn_lan_cidr is set, the FQDN gateway will be created with an additional LAN interface using the provided CIDR. This attribute is required when enabling FQDN gateway FireNet in Azure or GCP. Available in provider version R2.17.1+.

fqdnLanInterface String

The lan interface id of the of FQDN gateway with additional LAN interface. This attribute will be exported when enabling FQDN gateway firenet in Azure. Available in provider version R2.17.1+.

fqdnLanVpcId String

FQDN LAN VPC ID. This attribute is required when enabling FQDN gateway FireNet in GCP. Available as of provider version R2.18.1+.

gwName String

Name of the Aviatrix gateway to be created.

gwSize String

Size of the gateway instance. Example: AWS/AWSGov/AWSChina: "t2.large", GCP: "n1-standard-1", Azure/AzureGov/AzureChina: "Standard_B1s", OCI: "VM.Standard2.2".

idleTimeout Number

It sets the value (seconds) of the idle timeout. This idle timeout feature is enable only if this attribute is set, otherwise it is disabled. The entered value must be an integer number greater than 300. Available in provider version R2.17.1+.

imageVersion String

The image version of the gateway. Use aviatrix.getAviatrixGatewayImage data source to programmatically retrieve this value for the desired software_version. If set, we will attempt to update the gateway to the specified version if current version is different. If left blank, the gateway upgrades can be managed with the aviatrix.AviatrixControllerConfig resource. Type: String. Example: "hvm-cloudx-aws-022021". Available as of provider version R2.20.0.

insaneMode Boolean

Enable Insane Mode for Gateway. Insane Mode gateway size must be at least c5 series (AWS) or Standard_D3_v2 (Azure/AzureGov). If enabled, a valid /26 CIDR segment of the VPC must be specified to create a new subnet. Only supported for AWS, AWSGov, Azure, AzureGov, AWS China, Azure China, AWS Top Secret or AWS Secret. Valid values: true, false.

insaneModeAz String

Region + Availability Zone of subnet being created for Insane Mode gateway. Required for AWS, AWSGov, AWS China, AWS Top Secret or AWS Secret if insane_mode is set. Example: AWS: "us-west-1a".

ldapBaseDn String

LDAP base DN. Required if enable_ldap is true.

ldapBindDn String

LDAP bind DN. Required if enable_ldap is true.

ldapPassword String

LDAP password. Required if enable_ldap is true.

ldapServer String

LDAP server address. Required if enable_ldap is true.

ldapUsernameAttribute String

LDAP user attribute. Required if enable_ldap is true.

maxVpnConn String

Maximum number of active VPN users allowed to be connected to this gateway. Required if vpn_access is true. Make sure the number is smaller than the VPN CIDR block. Example: 100. NOTE: Please see notes here in regards to any deltas found in your state with the addition of this argument in R1.14.

monitorExcludeLists List<String>

Set of monitored instance ids. Only valid when 'enable_monitor_gateway_subnets' = true. Available in provider version R2.17.1+.

nameServers String

A list of DNS servers used to resolve domain names by a connected VPN user when Split Tunnel Mode is enabled.

oktaToken String

Token for Okta auth mode. Required if otp_mode is "3".

oktaUrl String

URL for Okta auth mode. Required if otp_mode is "3".

oktaUsernameSuffix String

Username suffix for Okta auth mode. Example: "aviatrix.com".

otpMode String

Two step authentication mode. Valid values: "2" for DUO, "3" for Okta.

peeringHaAvailabilityDomain String

Peering HA gateway availability domain. Required and valid only for OCI. Available as of provider version R2.19.3.

peeringHaAzureEipNameResourceGroup String

Name of public IP address resource and its resource group in Azure to be assigned to the HA peering instance. Example: "IP_Name:Resource_Group_Name". Required if peering_ha_eip is set and cloud_type is Azure, AzureGov or AzureChina. Available as of provider version 2.20+.

peeringHaCloudInstanceId String

Cloud instance ID of the HA gateway.

peeringHaEip String

Public IP address to be assigned to the HA peering instance. Only available for AWS, GCP, Azure, OCI, AzureGov, AWSGov, AWSChina, AzureChina, AWS Top Secret and AWS Secret.

peeringHaFaultDomain String

Peering HA gateway fault domain. Required and valid only for OCI. Available as of provider version R2.19.3.

peeringHaGwName String

Aviatrix gateway unique name of HA gateway.

peeringHaGwSize String

Size of the Peering HA Gateway to be created. Required if enabling Peering HA. NOTE: Please see notes here in regards to any deltas found in your state with the addition of this argument in R1.8.

peeringHaImageVersion String

The image version of the HA gateway. Use aviatrix.getAviatrixGatewayImage data source to programmatically retrieve this value for the desired ha_software_version. If set, we will attempt to update the HA gateway to the specified version if current version is different. If left blank, the gateway upgrades can be managed with the aviatrix.AviatrixControllerConfig resource. Type: String. Example: "hvm-cloudx-aws-022021". Available as of provider version R2.20.0.

peeringHaInsaneModeAz String

Region + Availability Zone of subnet being created for Insane Mode-enabled Peering HA Gateway. Required for AWS only if insane_mode is set and peering_ha_subnet is set. Example: AWS: "us-west-1a".

peeringHaPrivateIp String

Private IP address of HA gateway.

peeringHaSecurityGroupId String

HA security group used for the gateway.

peeringHaSoftwareVersion String

The software version of the HA gateway. If set, we will attempt to update the HA gateway to the specified version if current version is different. If left blank, the HA gateway upgrade can be managed with the aviatrix.AviatrixControllerConfig resource. Type: String. Example: "6.5.821". Available as of provider version R2.20.0.

peeringHaSubnet String

Public subnet CIDR to create Peering HA Gateway in. Required if enabling Peering HA for AWS/AWSGov/AWS Top Secret/AWS Secret/Azure/AzureGov/Alibaba Cloud. Optional if enabling Peering HA for GCP. Example: AWS: "10.0.0.0/16".

peeringHaZone String

Zone to create Peering HA Gateway in. Required if enabling Peering HA for GCP. Example: GCP: "us-west1-c". Optional for Azure. Valid values for Azure gateways are in the form "az-n". Example: "az-2". Available for Azure as of provider version R2.17+.

privateIp String

Private IP address of the gateway created.

publicDnsServer String

DNS server used by the gateway. Default is "8.8.8.8", can be overridden with the VPC's setting.

publicSubnetFilteringGuardDutyEnforced Boolean

Whether to enforce Guard Duty IP blocking. Only valid when enable_public_subnet_filtering attribute is true. Valid values: true or false. Default value: true. Available as of provider version R2.18+.

publicSubnetFilteringHaRouteTables List<String>

Route tables whose associated public subnets are protected for the HA PSF gateway. Required when enable_public_subnet_filtering and peering_ha_subnet are set. Available as of provider version R2.18+.

publicSubnetFilteringRouteTables List<String>

Route tables whose associated public subnets are protected. Only valid when enable_public_subnet_filtering attribute is true. Available as of provider version R2.18+.

renegotiationInterval Number

It sets the value (seconds) of the renegotiation interval. This renegotiation interval feature is enable only if this attribute is set, otherwise it is disabled. The entered value must be an integer number greater than 300. Available in provider version R2.17.1+.

rxQueueSize String

Gateway ethernet interface RX queue size. Once set, can't be deleted or disabled. Available for AWS as of provider version R2.22+.

samlEnabled Boolean

Enable/disable SAML. This field is available in Controller version 3.3 or later release. Valid values: true, false. Default value: false.

searchDomains String

A list of domain names that will use the NameServer when a specific name is not in the destination when Split Tunnel Mode is enabled.

securityGroupId String

Security group used for the gateway.

singleAzHa Boolean

If enabled, Controller monitors the health of the gateway and restarts the gateway if it becomes unreachable. Valid values: true, false. Default value: false.

singleIpSnat Boolean

Enable Source NAT in "single ip" mode for this gateway. Valid values: true, false. Default value: false. NOTE: If using SNAT for FQDN use-case, please see notes here.

softwareVersion String

The software version of the gateway. If set, we will attempt to update the gateway to the specified version if current version is different. If left blank, the gateway upgrade can be managed with the aviatrix.AviatrixControllerConfig resource. Type: String. Example: "6.5.821". Available as of provider version R2.20.0.

splitTunnel Boolean

Enable/disable Split Tunnel Mode. Valid values: true, false. Default value: true. Please see here for more information on split tunnel.

spotPrice String

Price for spot instance. NOT supported for production deployment.

subnet String

A VPC network address range selected from one of the available network ranges. Example: "172.31.0.0/20". NOTE: If using insane_mode, please see notes here.

tagLists List<String>

(Optional) Tag list of the gateway instance. Only available for AWS, AWSGov, AWSChina, Azure, AzureGov and AzureChina gateways. Example: ["key1:value1", "key2:value2"].

  • storage_name (Optional) Specify a storage account. Required if cloud_type is 2048 (AzureChina). Removed in Provider version 2.21.0+.

Deprecated:

Use tags instead.

tags Map<String>

Map of tags to assign to the gateway. Only available for AWS, AWSGov, AWSChina, Azure, AzureGov, AzureChina, AWS Top Secret and AWS Secret gateways. Allowed characters vary by cloud type but always include: letters, spaces, and numbers. AWS, AWSGov, AWSChina, AWS Top Secret and AWS Secret allow the use of any character. Azure, AzureGov and AzureChina allows the following special characters: + - = . _ : @. Example: {"key1" = "value1", "key2" = "value2"}.

tunnelDetectionTime Number

The IPSec tunnel down detection time for the Gateway.

vpcId String

VPC ID/VNet name of cloud provider. Example: AWS/AWSGov/AWSChina: "vpc-abcd1234", GCP: "vpc-gcp-test~-~project-id", Azure/AzureGov/AzureChina: "vnet_name:rg_name:resource_guid", OCI: "ocid1.vcn.oc1.iad.aaaaaaaaba3pv6wkcr4jqae5f44n2b2m2yt2j6rx32uzr4h25vqstifsfdsq".

vpcReg String

VPC region the gateway will be created in. Example: AWS: "us-east-1", GCP: "us-west2-a", Azure: "East US 2", OCI: "us-ashburn-1", AzureGov: "USGov Arizona", AWSGov: "us-gov-west-1", AWSChina: "cn-north-1", AzureChina: "China North", AWS Top Secret: "us-iso-east-1", AWS Secret: "us-isob-east-1".

vpnAccess Boolean

Enable user access through VPN to this gateway. Valid values: true, false.

vpnCidr String

VPN CIDR block for the gateway. Required if vpn_access is true. Example: "192.168.43.0/24".

vpnProtocol String

Transport mode for VPN connection. All cloud_types support TCP with ELB, and UDP without ELB. AWS(1) additionally supports UDP with ELB. Valid values: "TCP", "UDP". If not specified, "TCP" will be used.

zone String

Availability Zone. Only available for Azure and Public Subnet Filtering gateway. Available for Azure as of provider version R2.17+.

Package Details

Repository
aviatrix astipkovits/pulumi-aviatrix
License
Apache-2.0
Notes

This Pulumi package is based on the aviatrix Terraform Provider.